xref: /aosp_15_r20/external/tink/python/tink/signature/_signature_key_manager_test.py (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14"""Tests for tink.python.tink._signature_key_manager."""
15
16from absl.testing import absltest
17from absl.testing import parameterized
18
19from tink.proto import common_pb2
20from tink.proto import ecdsa_pb2
21from tink.proto import tink_pb2
22import tink
23from tink import core
24from tink import signature
25
26
27def setUpModule():
28  signature.register()
29
30
31class PublicKeySignKeyManagerTest(parameterized.TestCase):
32
33  def test_new_key_data_ecdsa(self):
34    template = None
35    with self.assertWarns(DeprecationWarning):
36      template = signature.signature_key_templates.create_ecdsa_key_template(
37          common_pb2.SHA256, common_pb2.NIST_P256, ecdsa_pb2.DER)
38    key_manager = core.Registry.key_manager(template.type_url)
39    key_data = key_manager.new_key_data(template)
40    self.assertEqual(key_data.type_url, template.type_url)
41    key = ecdsa_pb2.EcdsaPrivateKey()
42    key.ParseFromString(key_data.value)
43    public_key = key.public_key
44    self.assertEqual(key.version, 0)
45    self.assertEqual(public_key.version, 0)
46    self.assertEqual(public_key.params.hash_type, common_pb2.SHA256)
47    self.assertEqual(public_key.params.curve, common_pb2.NIST_P256)
48    self.assertEqual(public_key.params.encoding, ecdsa_pb2.DER)
49    self.assertLen(key.key_value, 32)
50
51  def test_new_public_keyset_handle_fails(self):
52    params = ecdsa_pb2.EcdsaParams(
53        hash_type=common_pb2.SHA256,
54        curve=common_pb2.NIST_P256,
55        encoding=ecdsa_pb2.DER)
56    key_format = ecdsa_pb2.EcdsaKeyFormat(params=params)
57    template = tink_pb2.KeyTemplate()
58    template.type_url = 'type.googleapis.com/google.crypto.tink.EcdsaPublicKey'
59    template.value = key_format.SerializeToString()
60    with self.assertRaises(core.TinkError):
61      tink.new_keyset_handle(template)
62
63  @parameterized.parameters([
64      signature.signature_key_templates.ECDSA_P256,
65      signature.signature_key_templates.ECDSA_P384_SHA384,
66      signature.signature_key_templates.ECDSA_P384_SHA512,
67      signature.signature_key_templates.ECDSA_P521,
68      signature.signature_key_templates.ECDSA_P256_IEEE_P1363,
69      signature.signature_key_templates.ECDSA_P384_SHA384_IEEE_P1363,
70      signature.signature_key_templates.ECDSA_P521_IEEE_P1363,
71      signature.signature_key_templates.ED25519,
72      signature.signature_key_templates.RSA_SSA_PKCS1_3072_SHA256_F4,
73      signature.signature_key_templates.RSA_SSA_PKCS1_4096_SHA512_F4,
74      signature.signature_key_templates.RSA_SSA_PSS_3072_SHA256_SHA256_32_F4,
75      signature.signature_key_templates.RSA_SSA_PSS_4096_SHA512_SHA512_64_F4,
76  ])
77  def test_sign_verify_success(self, template):
78    private_handle = tink.new_keyset_handle(template)
79    public_handle = private_handle.public_keyset_handle()
80    verifier = public_handle.primitive(signature.PublicKeyVerify)
81    signer = private_handle.primitive(signature.PublicKeySign)
82
83    data = b'data'
84    data_signature = signer.sign(data)
85    verifier.verify(data_signature, data)
86
87  @parameterized.parameters([
88      signature.signature_key_templates.ECDSA_P256,
89      signature.signature_key_templates.ECDSA_P384,
90      signature.signature_key_templates.ECDSA_P384_SHA384,
91      signature.signature_key_templates.ECDSA_P521,
92      signature.signature_key_templates.ECDSA_P256_IEEE_P1363,
93      signature.signature_key_templates.ECDSA_P384_IEEE_P1363,
94      signature.signature_key_templates.ECDSA_P384_SHA384_IEEE_P1363,
95      signature.signature_key_templates.ECDSA_P521_IEEE_P1363,
96      signature.signature_key_templates.ED25519,
97      signature.signature_key_templates.RSA_SSA_PKCS1_3072_SHA256_F4,
98      signature.signature_key_templates.RSA_SSA_PKCS1_4096_SHA512_F4,
99      signature.signature_key_templates.RSA_SSA_PSS_3072_SHA256_SHA256_32_F4,
100      signature.signature_key_templates.RSA_SSA_PSS_4096_SHA512_SHA512_64_F4,
101  ])
102  def test_verify_wrong_fails(self, template):
103    private_handle = tink.new_keyset_handle(template)
104    public_handle = private_handle.public_keyset_handle()
105    verifier = public_handle.primitive(signature.PublicKeyVerify)
106    signer = private_handle.primitive(signature.PublicKeySign)
107
108    with self.assertRaises(core.TinkError):
109      verifier.verify(signer.sign(b'data'), b'wrongdata')
110
111    with self.assertRaises(core.TinkError):
112      verifier.verify(b'wrongsignature', b'data')
113
114
115if __name__ == '__main__':
116  absltest.main()
117