xref: /aosp_15_r20/external/tink/python/tink/testing/fake_kms_test.py (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1# Copyright 2021 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14"""Tests for tink.python.tink.testing._fake_kms."""
15
16from absl.testing import absltest
17import tink
18from tink import aead
19from tink.testing import fake_kms
20
21
22KEY_URI = (
23    'fake-kms://CL3oi0kSVwpMCjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8'
24    'udGluay5BZXNFYXhLZXkSFhICCBAaEPFnQNgtxEG0vEek8bBfgL8YARABGL3oi0kgAQ')
25
26
27def setUpModule():
28  aead.register()
29  fake_kms.register_client()
30
31
32class FakeKmsTest(absltest.TestCase):
33
34  def test_fake_kms_doesn_not_support_other_kms(self):
35    client = fake_kms.FakeKmsClient()
36    self.assertFalse(
37        client.does_support('aws-kms://arn:aws:kms:us-east-2:12345:key/12345')
38    )
39
40  def test_fake_kms_aead_encrypt_decrypt(self):
41    template = aead.aead_key_templates.create_kms_aead_key_template(
42        key_uri=KEY_URI)
43    keyset_handle = tink.new_keyset_handle(template)
44    primitive = keyset_handle.primitive(aead.Aead)
45    plaintext = b'plaintext'
46    associated_data = b'associated_data'
47    ciphertext = primitive.encrypt(plaintext, associated_data)
48    self.assertEqual(primitive.decrypt(ciphertext, associated_data), plaintext)
49
50  def test_fake_kms_envelope_encrypt_decrypt(self):
51    template = aead.aead_key_templates.create_kms_envelope_aead_key_template(
52        kek_uri=KEY_URI,
53        dek_template=aead.aead_key_templates.AES128_GCM)
54    keyset_handle = tink.new_keyset_handle(template)
55    primitive = keyset_handle.primitive(aead.Aead)
56    plaintext = b'plaintext'
57    associated_data = b'associated_data'
58    ciphertext = primitive.encrypt(plaintext, associated_data)
59    self.assertEqual(primitive.decrypt(ciphertext, associated_data), plaintext)
60
61
62if __name__ == '__main__':
63  absltest.main()
64