1// Copyright 2020 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15/////////////////////////////////////////////////////////////////////////////// 16 17package services_test 18 19import ( 20 "bytes" 21 "context" 22 "errors" 23 "fmt" 24 "strings" 25 "testing" 26 27 "google.golang.org/protobuf/proto" 28 "github.com/google/tink/go/aead" 29 "github.com/google/tink/go/daead" 30 "github.com/google/tink/go/hybrid" 31 "github.com/google/tink/go/keyset" 32 "github.com/google/tink/go/mac" 33 "github.com/google/tink/go/prf" 34 "github.com/google/tink/go/signature" 35 "github.com/google/tink/go/streamingaead" 36 "github.com/google/tink/testing/go/services" 37 pb "github.com/google/tink/testing/go/protos/testing_api_go_grpc" 38) 39 40func genKeyset(ctx context.Context, keysetService *services.KeysetService, template []byte) ([]byte, error) { 41 genRequest := &pb.KeysetGenerateRequest{Template: template} 42 genResponse, err := keysetService.Generate(ctx, genRequest) 43 if err != nil { 44 return nil, err 45 } 46 switch r := genResponse.Result.(type) { 47 case *pb.KeysetGenerateResponse_Keyset: 48 return r.Keyset, nil 49 case *pb.KeysetGenerateResponse_Err: 50 return nil, errors.New(r.Err) 51 default: 52 return nil, fmt.Errorf("genResponse.Result has unexpected type %T", r) 53 } 54} 55 56func pubKeyset(ctx context.Context, keysetService *services.KeysetService, privateKeyset []byte) ([]byte, error) { 57 request := &pb.KeysetPublicRequest{PrivateKeyset: privateKeyset} 58 response, err := keysetService.Public(ctx, request) 59 if err != nil { 60 return nil, err 61 } 62 switch r := response.Result.(type) { 63 case *pb.KeysetPublicResponse_PublicKeyset: 64 return r.PublicKeyset, nil 65 case *pb.KeysetPublicResponse_Err: 66 return nil, errors.New(r.Err) 67 default: 68 return nil, fmt.Errorf("response.Result has unexpected type %T", r) 69 } 70} 71 72func keysetFromJSON(ctx context.Context, keysetService *services.KeysetService, jsonKeyset string) ([]byte, error) { 73 request := &pb.KeysetFromJsonRequest{JsonKeyset: jsonKeyset} 74 response, err := keysetService.FromJson(ctx, request) 75 if err != nil { 76 return nil, err 77 } 78 switch r := response.Result.(type) { 79 case *pb.KeysetFromJsonResponse_Keyset: 80 return r.Keyset, nil 81 case *pb.KeysetFromJsonResponse_Err: 82 return nil, errors.New(r.Err) 83 default: 84 return nil, fmt.Errorf("response.Result has unexpected type %T", r) 85 } 86} 87 88func keysetToJSON(ctx context.Context, keysetService *services.KeysetService, keyset []byte) (string, error) { 89 request := &pb.KeysetToJsonRequest{Keyset: keyset} 90 response, err := keysetService.ToJson(ctx, request) 91 if err != nil { 92 return "", err 93 } 94 switch r := response.Result.(type) { 95 case *pb.KeysetToJsonResponse_JsonKeyset: 96 return r.JsonKeyset, nil 97 case *pb.KeysetToJsonResponse_Err: 98 return "", errors.New(r.Err) 99 default: 100 return "", fmt.Errorf("response.Result has unexpected type %T", r) 101 } 102} 103 104func TestFromJSON(t *testing.T) { 105 keysetService := &services.KeysetService{} 106 ctx := context.Background() 107 jsonKeyset := ` 108 { 109 "primaryKeyId": 42, 110 "key": [ 111 { 112 "keyData": { 113 "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey", 114 "keyMaterialType": "SYMMETRIC", 115 "value": "GhCS/1+ejWpx68NfGt6ziYHd" 116 }, 117 "outputPrefixType": "TINK", 118 "keyId": 42, 119 "status": "ENABLED" 120 } 121 ] 122 }` 123 keysetData, err := keysetFromJSON(ctx, keysetService, jsonKeyset) 124 if err != nil { 125 t.Fatalf("keysetFromJSON failed: %v", err) 126 } 127 reader := keyset.NewBinaryReader(bytes.NewReader(keysetData)) 128 keyset, err := reader.Read() 129 if err != nil { 130 t.Fatalf("reader.Read() failed: %v", err) 131 } 132 if keyset.GetPrimaryKeyId() != 42 { 133 t.Fatalf("Got keyset.GetPrimaryKeyId() == %d, want 42", keyset.GetPrimaryKeyId()) 134 } 135} 136 137func TestGenerateToFromJSON(t *testing.T) { 138 keysetService := &services.KeysetService{} 139 ctx := context.Background() 140 141 template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 142 if err != nil { 143 t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 144 } 145 keyset, err := genKeyset(ctx, keysetService, template) 146 if err != nil { 147 t.Fatalf("genKeyset failed: %v", err) 148 } 149 jsonKeyset, err := keysetToJSON(ctx, keysetService, keyset) 150 if err != nil { 151 t.Fatalf("keysetToJSON failed: %v", err) 152 } 153 output, err := keysetFromJSON(ctx, keysetService, jsonKeyset) 154 if err != nil { 155 t.Fatalf("keysetFromJSON failed: %v", err) 156 } 157 if bytes.Compare(output, keyset) != 0 { 158 t.Fatalf("output is %v, want %v", output, keyset) 159 } 160} 161 162func TestKeysetFromJSONFail(t *testing.T) { 163 keysetService := &services.KeysetService{} 164 ctx := context.Background() 165 if _, err := keysetFromJSON(ctx, keysetService, "bad JSON"); err == nil { 166 t.Fatalf("keysetFromJSON from bad JSON succeeded unexpectedly.") 167 } 168} 169 170func TestKeysetToJSONFail(t *testing.T) { 171 keysetService := &services.KeysetService{} 172 ctx := context.Background() 173 if _, err := keysetToJSON(ctx, keysetService, []byte("badKeyset")); err == nil { 174 t.Fatalf("keysetToJSON with bad keyset succeeded unexpectedly.") 175 } 176} 177 178func keysetWriteEncrypted(ctx context.Context, keysetService *services.KeysetService, keyset []byte, masterKeyset []byte, associatedData []byte) ([]byte, error) { 179 var request *pb.KeysetWriteEncryptedRequest 180 if associatedData != nil { 181 request = &pb.KeysetWriteEncryptedRequest{ 182 Keyset: keyset, 183 MasterKeyset: masterKeyset, 184 AssociatedData: &pb.BytesValue{Value: associatedData}, 185 KeysetWriterType: pb.KeysetWriterType_KEYSET_WRITER_BINARY, 186 } 187 } else { 188 request = &pb.KeysetWriteEncryptedRequest{ 189 Keyset: keyset, 190 MasterKeyset: masterKeyset, 191 KeysetWriterType: pb.KeysetWriterType_KEYSET_WRITER_BINARY, 192 } 193 } 194 response, err := keysetService.WriteEncrypted(ctx, request) 195 if err != nil { 196 return nil, err 197 } 198 switch r := response.Result.(type) { 199 case *pb.KeysetWriteEncryptedResponse_EncryptedKeyset: 200 return r.EncryptedKeyset, nil 201 case *pb.KeysetWriteEncryptedResponse_Err: 202 return nil, errors.New(r.Err) 203 default: 204 return nil, fmt.Errorf("response.Result has unexpected type %T", r) 205 } 206} 207 208func keysetReadEncrypted(ctx context.Context, keysetService *services.KeysetService, encryptedKeyset []byte, masterKeyset []byte, associatedData []byte) ([]byte, error) { 209 var request *pb.KeysetReadEncryptedRequest 210 if associatedData != nil { 211 request = &pb.KeysetReadEncryptedRequest{ 212 EncryptedKeyset: encryptedKeyset, 213 MasterKeyset: masterKeyset, 214 AssociatedData: &pb.BytesValue{Value: associatedData}, 215 KeysetReaderType: pb.KeysetReaderType_KEYSET_READER_BINARY, 216 } 217 } else { 218 request = &pb.KeysetReadEncryptedRequest{ 219 EncryptedKeyset: encryptedKeyset, 220 MasterKeyset: masterKeyset, 221 KeysetReaderType: pb.KeysetReaderType_KEYSET_READER_BINARY, 222 } 223 } 224 response, err := keysetService.ReadEncrypted(ctx, request) 225 if err != nil { 226 return nil, err 227 } 228 switch r := response.Result.(type) { 229 case *pb.KeysetReadEncryptedResponse_Keyset: 230 return r.Keyset, nil 231 case *pb.KeysetReadEncryptedResponse_Err: 232 return nil, errors.New(r.Err) 233 default: 234 return nil, fmt.Errorf("response.Result has unexpected type %T", r) 235 } 236} 237 238func TestKeysetWriteReadEncrypted(t *testing.T) { 239 keysetService := &services.KeysetService{} 240 ctx := context.Background() 241 242 template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 243 if err != nil { 244 t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 245 } 246 247 keyset, err := genKeyset(ctx, keysetService, template) 248 if err != nil { 249 t.Fatalf("genKeyset failed: %v", err) 250 } 251 masterKeyset, err := genKeyset(ctx, keysetService, template) 252 if err != nil { 253 t.Fatalf("genKeyset failed: %v", err) 254 } 255 256 encryptedKeyset, err := keysetWriteEncrypted(ctx, keysetService, keyset, masterKeyset, nil) 257 if err != nil { 258 t.Fatalf("keysetWriteEncrypted failed: %v", err) 259 } 260 261 readKeyset, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, masterKeyset, nil) 262 if err != nil { 263 t.Fatalf("keysetReadEncrypted failed: %v", err) 264 } 265 if bytes.Compare(readKeyset, keyset) != 0 { 266 t.Fatalf("readKeyset is %v, want %v", readKeyset, keyset) 267 } 268 269 if _, err := keysetWriteEncrypted(ctx, keysetService, []byte("badKeyset"), masterKeyset, nil); err == nil { 270 t.Fatalf("keysetWriteEncrypted with bad keyset succeeded unexpectedly.") 271 } 272 if _, err := keysetWriteEncrypted(ctx, keysetService, keyset, []byte("badMasterKeyset"), nil); err == nil { 273 t.Fatalf("keysetWriteEncrypted with bad masterKeyset succeeded unexpectedly.") 274 } 275 if _, err := keysetReadEncrypted(ctx, keysetService, []byte("badEncryptedKeyset"), masterKeyset, nil); err == nil { 276 t.Fatalf("keysetReadEncrypted with bad encryptedKeyset succeeded unexpectedly.") 277 } 278 if _, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, []byte("badMasterKeyset"), nil); err == nil { 279 t.Fatalf("keysetService with bad masterKeyset succeeded unexpectedly.") 280 } 281} 282 283func TestKeysetWriteReadEncryptedWithAssociatedData(t *testing.T) { 284 keysetService := &services.KeysetService{} 285 ctx := context.Background() 286 287 template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 288 if err != nil { 289 t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 290 } 291 292 keyset, err := genKeyset(ctx, keysetService, template) 293 if err != nil { 294 t.Fatalf("genKeyset failed: %v", err) 295 } 296 masterKeyset, err := genKeyset(ctx, keysetService, template) 297 if err != nil { 298 t.Fatalf("genKeyset failed: %v", err) 299 } 300 associatedData := []byte("Associated Data") 301 302 encryptedKeyset, err := keysetWriteEncrypted(ctx, keysetService, keyset, masterKeyset, associatedData) 303 if err != nil { 304 t.Fatalf("keysetWriteEncrypted failed: %v", err) 305 } 306 307 readKeyset, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, masterKeyset, associatedData) 308 if err != nil { 309 t.Fatalf("keysetReadEncrypted failed: %v", err) 310 } 311 if bytes.Compare(readKeyset, keyset) != 0 { 312 t.Fatalf("readKeyset is %v, want %v", readKeyset, keyset) 313 } 314 315 if _, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, masterKeyset, []byte("Invalid Associated Data")); err == nil { 316 t.Fatalf("keysetWriteEncrypted with bad associatedData succeeded unexpectedly.") 317 } 318 319 if _, err := keysetWriteEncrypted(ctx, keysetService, []byte("badKeyset"), masterKeyset, associatedData); err == nil { 320 t.Fatalf("keysetWriteEncrypted with bad keyset succeeded unexpectedly.") 321 } 322 if _, err := keysetWriteEncrypted(ctx, keysetService, keyset, []byte("badMasterKeyset"), associatedData); err == nil { 323 t.Fatalf("keysetWriteEncrypted with bad masterKeyset succeeded unexpectedly.") 324 } 325 if _, err := keysetReadEncrypted(ctx, keysetService, []byte("badEncryptedKeyset"), masterKeyset, associatedData); err == nil { 326 t.Fatalf("keysetReadEncrypted with bad encryptedKeyset succeeded unexpectedly.") 327 } 328 if _, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, []byte("badMasterKeyset"), associatedData); err == nil { 329 t.Fatalf("keysetService with bad masterKeyset succeeded unexpectedly.") 330 } 331} 332 333func TestSuccessfulAeadCreation(t *testing.T) { 334 keysetService := &services.KeysetService{} 335 aeadService := &services.AEADService{} 336 ctx := context.Background() 337 338 template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 339 if err != nil { 340 t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 341 } 342 343 keyset, err := genKeyset(ctx, keysetService, template) 344 if err != nil { 345 t.Fatalf("genKeyset failed: %v", err) 346 } 347 348 result, err := aeadService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}}) 349 if err != nil { 350 t.Fatalf("CreateAead with good keyset failed with gRPC error: %v", err) 351 } 352 if result.GetErr() != "" { 353 t.Fatalf("CreateAead with good keyset failed with creation error: %v", result.GetErr()) 354 } 355} 356 357func TestFailingAeadCreation(t *testing.T) { 358 aeadService := &services.AEADService{} 359 ctx := context.Background() 360 361 result, err := aeadService.Create(ctx, &pb.CreationRequest{ 362 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: []byte{0x80}}}) 363 if err != nil { 364 t.Fatalf("CreateAead with bad keyset failed with gRPC error: %v", err) 365 } 366 if result.GetErr() == "" { 367 t.Fatalf("CreateAead with bad keyset succeeded instead of failing") 368 } 369} 370 371func aeadEncrypt(ctx context.Context, aeadService *services.AEADService, keyset []byte, plaintext []byte, associatedData []byte) ([]byte, error) { 372 encRequest := &pb.AeadEncryptRequest{ 373 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 374 Plaintext: plaintext, 375 AssociatedData: associatedData, 376 } 377 encResponse, err := aeadService.Encrypt(ctx, encRequest) 378 if err != nil { 379 return nil, err 380 } 381 switch r := encResponse.Result.(type) { 382 case *pb.AeadEncryptResponse_Ciphertext: 383 return r.Ciphertext, nil 384 case *pb.AeadEncryptResponse_Err: 385 return nil, errors.New(r.Err) 386 default: 387 return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 388 } 389} 390 391func aeadDecrypt(ctx context.Context, aeadService *services.AEADService, keyset []byte, ciphertext []byte, associatedData []byte) ([]byte, error) { 392 decRequest := &pb.AeadDecryptRequest{ 393 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 394 Ciphertext: ciphertext, 395 AssociatedData: associatedData, 396 } 397 decResponse, err := aeadService.Decrypt(ctx, decRequest) 398 if err != nil { 399 return nil, err 400 } 401 switch r := decResponse.Result.(type) { 402 case *pb.AeadDecryptResponse_Plaintext: 403 return r.Plaintext, nil 404 case *pb.AeadDecryptResponse_Err: 405 return nil, errors.New(r.Err) 406 default: 407 return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 408 } 409} 410 411func TestGenerateEncryptDecrypt(t *testing.T) { 412 keysetService := &services.KeysetService{} 413 aeadService := &services.AEADService{} 414 ctx := context.Background() 415 416 template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 417 if err != nil { 418 t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 419 } 420 421 keyset, err := genKeyset(ctx, keysetService, template) 422 if err != nil { 423 t.Fatalf("genKeyset failed: %v", err) 424 } 425 426 plaintext := []byte("The quick brown fox jumps over the lazy dog") 427 associatedData := []byte("Associated Data") 428 ciphertext, err := aeadEncrypt(ctx, aeadService, keyset, plaintext, associatedData) 429 if err != nil { 430 t.Fatalf("Aead Encrypt failed: %v", err) 431 } 432 output, err := aeadDecrypt(ctx, aeadService, keyset, ciphertext, associatedData) 433 if err != nil { 434 t.Fatalf("aeadDecrypt failed: %v", err) 435 } 436 if bytes.Compare(output, plaintext) != 0 { 437 t.Fatalf("Decrypted ciphertext is %v, want %v", output, plaintext) 438 } 439 440 if _, err := genKeyset(ctx, keysetService, []byte("badTemplate")); err == nil { 441 t.Fatalf("genKeyset from bad template succeeded unexpectedly.") 442 } 443 if _, err := aeadEncrypt(ctx, aeadService, []byte("badKeyset"), plaintext, associatedData); err == nil { 444 t.Fatalf("aeadEncrypt with bad keyset succeeded unexpectedly.") 445 } 446 if _, err := aeadDecrypt(ctx, aeadService, keyset, []byte("badCiphertext"), associatedData); err == nil { 447 t.Fatalf("aeadDecrypt of bad ciphertext succeeded unexpectedly.") 448 } 449} 450 451func TestSuccessfulDaeadCreation(t *testing.T) { 452 keysetService := &services.KeysetService{} 453 daeadService := &services.DeterministicAEADService{} 454 ctx := context.Background() 455 456 template, err := proto.Marshal(daead.AESSIVKeyTemplate()) 457 if err != nil { 458 t.Fatalf("proto.Marshal(daead.AESSIVKeyTemplate()) failed: %v", err) 459 } 460 461 keyset, err := genKeyset(ctx, keysetService, template) 462 if err != nil { 463 t.Fatalf("genKeyset failed: %v", err) 464 } 465 466 result, err := daeadService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}}) 467 if err != nil { 468 t.Fatalf("CreateDeterministicAead with good keyset failed with gRPC error: %v", err) 469 } 470 if result.GetErr() != "" { 471 t.Fatalf("CreateDeterministicAead with good keyset failed with creation error: %v", result.GetErr()) 472 } 473} 474 475func TestFailingDaeadCreation(t *testing.T) { 476 daeadService := &services.DeterministicAEADService{} 477 ctx := context.Background() 478 479 result, err := daeadService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: []byte{0x80}}}) 480 if err != nil { 481 t.Fatalf("CreateAead with bad keyset failed with gRPC error: %v", err) 482 } 483 if result.GetErr() == "" { 484 t.Fatalf("CreateAead with bad keyset succeeded instead of failing") 485 } 486} 487 488func daeadEncrypt(ctx context.Context, daeadService *services.DeterministicAEADService, keyset []byte, plaintext []byte, associatedData []byte) ([]byte, error) { 489 encRequest := &pb.DeterministicAeadEncryptRequest{ 490 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 491 Plaintext: plaintext, 492 AssociatedData: associatedData, 493 } 494 encResponse, err := daeadService.EncryptDeterministically(ctx, encRequest) 495 if err != nil { 496 return nil, err 497 } 498 switch r := encResponse.Result.(type) { 499 case *pb.DeterministicAeadEncryptResponse_Ciphertext: 500 return r.Ciphertext, nil 501 case *pb.DeterministicAeadEncryptResponse_Err: 502 return nil, errors.New(r.Err) 503 default: 504 return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 505 } 506} 507 508func daeadDecrypt(ctx context.Context, daeadService *services.DeterministicAEADService, keyset []byte, ciphertext []byte, associatedData []byte) ([]byte, error) { 509 decRequest := &pb.DeterministicAeadDecryptRequest{ 510 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 511 Ciphertext: ciphertext, 512 AssociatedData: associatedData, 513 } 514 decResponse, err := daeadService.DecryptDeterministically(ctx, decRequest) 515 if err != nil { 516 return nil, err 517 } 518 switch r := decResponse.Result.(type) { 519 case *pb.DeterministicAeadDecryptResponse_Plaintext: 520 return r.Plaintext, nil 521 case *pb.DeterministicAeadDecryptResponse_Err: 522 return nil, errors.New(r.Err) 523 default: 524 return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 525 } 526} 527 528func TestGenerateEncryptDecryptDeterministically(t *testing.T) { 529 keysetService := &services.KeysetService{} 530 daeadService := &services.DeterministicAEADService{} 531 ctx := context.Background() 532 533 template, err := proto.Marshal(daead.AESSIVKeyTemplate()) 534 if err != nil { 535 t.Fatalf("proto.Marshal(daead.AESSIVKeyTemplate()) failed: %v", err) 536 } 537 538 keyset, err := genKeyset(ctx, keysetService, template) 539 if err != nil { 540 t.Fatalf("genKeyset failed: %v", err) 541 } 542 543 plaintext := []byte("The quick brown fox jumps over the lazy dog") 544 associatedData := []byte("Associated Data") 545 ciphertext, err := daeadEncrypt(ctx, daeadService, keyset, plaintext, associatedData) 546 if err != nil { 547 t.Fatalf("Aead Encrypt failed: %v", err) 548 } 549 output, err := daeadDecrypt(ctx, daeadService, keyset, ciphertext, associatedData) 550 if err != nil { 551 t.Fatalf("daeadDecrypt failed: %v", err) 552 } 553 if bytes.Compare(output, plaintext) != 0 { 554 t.Fatalf("Decrypted ciphertext is %v, want %v", output, plaintext) 555 } 556 557 if _, err := genKeyset(ctx, keysetService, []byte("badTemplate")); err == nil { 558 t.Fatalf("genKeyset from bad template succeeded unexpectedly.") 559 } 560 if _, err := daeadEncrypt(ctx, daeadService, []byte("badKeyset"), plaintext, associatedData); err == nil { 561 t.Fatalf("daeadEncrypt with bad keyset succeeded unexpectedly.") 562 } 563 if _, err := daeadDecrypt(ctx, daeadService, keyset, []byte("badCiphertext"), associatedData); err == nil { 564 t.Fatalf("daeadDecrypt of bad ciphertext succeeded unexpectedly.") 565 } 566} 567 568func TestSuccessfulStreamingAEADCreation(t *testing.T) { 569 keysetService := &services.KeysetService{} 570 streamingAEADService := &services.StreamingAEADService{} 571 ctx := context.Background() 572 573 template, err := proto.Marshal(streamingaead.AES128GCMHKDF4KBKeyTemplate()) 574 if err != nil { 575 t.Fatalf("proto.Marshal(streamingaead.AES128GCMHKDF4KBKeyTemplate()) failed: %v", err) 576 } 577 578 privateKeyset, err := genKeyset(ctx, keysetService, template) 579 if err != nil { 580 t.Fatalf("genKeyset failed: %v", err) 581 } 582 583 result, err := streamingAEADService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 584 if err != nil { 585 t.Fatalf("streamingAEADService.Create with good keyset failed with gRPC error: %v, want nil", err) 586 } 587 if result.GetErr() != "" { 588 t.Fatalf("streamingAEADService.Create with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 589 } 590} 591 592func TestFailingStreamingAEADCreation(t *testing.T) { 593 keysetService := &services.KeysetService{} 594 streamingAEADService := &services.StreamingAEADService{} 595 ctx := context.Background() 596 597 template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 598 if err != nil { 599 t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 600 } 601 602 privateKeyset, err := genKeyset(ctx, keysetService, template) 603 if err != nil { 604 t.Fatalf("genKeyset failed: %v", err) 605 } 606 607 result, err := streamingAEADService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 608 if err != nil { 609 t.Fatalf("streamingAEADService.Create with bad keyset failed with gRPC error: %v", err) 610 } 611 if result.GetErr() == "" { 612 t.Fatalf("streamingAEADService.Create with bad keyset succeeded") 613 } 614} 615 616func streamingAEADEncrypt(ctx context.Context, streamingAEADService *services.StreamingAEADService, keyset []byte, plaintext []byte, associatedData []byte) ([]byte, error) { 617 encRequest := &pb.StreamingAeadEncryptRequest{ 618 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 619 Plaintext: plaintext, 620 AssociatedData: associatedData, 621 } 622 encResponse, err := streamingAEADService.Encrypt(ctx, encRequest) 623 if err != nil { 624 return nil, err 625 } 626 switch r := encResponse.Result.(type) { 627 case *pb.StreamingAeadEncryptResponse_Ciphertext: 628 return r.Ciphertext, nil 629 case *pb.StreamingAeadEncryptResponse_Err: 630 return nil, errors.New(r.Err) 631 default: 632 return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 633 } 634} 635 636func streamingAEADDecrypt(ctx context.Context, streamingAEADService *services.StreamingAEADService, keyset []byte, ciphertext []byte, associatedData []byte) ([]byte, error) { 637 decRequest := &pb.StreamingAeadDecryptRequest{ 638 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 639 Ciphertext: ciphertext, 640 AssociatedData: associatedData, 641 } 642 decResponse, err := streamingAEADService.Decrypt(ctx, decRequest) 643 if err != nil { 644 return nil, err 645 } 646 switch r := decResponse.Result.(type) { 647 case *pb.StreamingAeadDecryptResponse_Plaintext: 648 return r.Plaintext, nil 649 case *pb.StreamingAeadDecryptResponse_Err: 650 return nil, errors.New(r.Err) 651 default: 652 return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 653 } 654} 655 656func TestGenerateEncryptDecryptStreaming(t *testing.T) { 657 keysetService := &services.KeysetService{} 658 streamingAEADService := &services.StreamingAEADService{} 659 ctx := context.Background() 660 661 template, err := proto.Marshal(streamingaead.AES128GCMHKDF4KBKeyTemplate()) 662 if err != nil { 663 t.Fatalf("proto.Marshal(streamingaead.AES128GCMHKDF4KBKeyTemplate()) failed: %v", err) 664 } 665 666 keyset, err := genKeyset(ctx, keysetService, template) 667 if err != nil { 668 t.Fatalf("genKeyset failed: %v", err) 669 } 670 671 plaintext := []byte("The quick brown fox jumps over the lazy dog") 672 associatedData := []byte("Associated Data") 673 ciphertext, err := streamingAEADEncrypt(ctx, streamingAEADService, keyset, plaintext, associatedData) 674 if err != nil { 675 t.Fatalf("streamingAEADEncrypt failed: %v", err) 676 } 677 output, err := streamingAEADDecrypt(ctx, streamingAEADService, keyset, ciphertext, associatedData) 678 if err != nil { 679 t.Fatalf("streamingAEADDecrypt failed: %v", err) 680 } 681 if bytes.Compare(output, plaintext) != 0 { 682 t.Errorf("Decrypted ciphertext is %v, want %v", output, plaintext) 683 } 684 685 if _, err := genKeyset(ctx, keysetService, []byte("badTemplate")); err == nil { 686 t.Fatalf("genKeyset from bad template succeeded unexpectedly.") 687 } 688 if _, err := streamingAEADEncrypt(ctx, streamingAEADService, []byte("badKeyset"), plaintext, associatedData); err == nil { 689 t.Fatalf("streamingAEADEncrypt with bad keyset succeeded unexpectedly.") 690 } 691 if _, err := streamingAEADDecrypt(ctx, streamingAEADService, keyset, []byte("badCiphertext"), associatedData); err == nil { 692 t.Fatalf("streamingAEADDecrypt of bad ciphertext succeeded unexpectedly.") 693 } 694} 695 696func TestSuccessfulMacCreation(t *testing.T) { 697 keysetService := &services.KeysetService{} 698 macService := &services.MacService{} 699 ctx := context.Background() 700 701 template, err := proto.Marshal(mac.HMACSHA256Tag128KeyTemplate()) 702 if err != nil { 703 t.Fatalf("proto.Marshal(mac.HMACSHA256Tag128KeyTemplate()) failed: %v", err) 704 } 705 706 privateKeyset, err := genKeyset(ctx, keysetService, template) 707 if err != nil { 708 t.Fatalf("genKeyset failed: %v", err) 709 } 710 711 result, err := macService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 712 if err != nil { 713 t.Fatalf("macService.Create with good keyset failed with gRPC error: %v, want nil", err) 714 } 715 if result.GetErr() != "" { 716 t.Fatalf("macService.Create with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 717 } 718} 719 720func TestFailingMacCreation(t *testing.T) { 721 keysetService := &services.KeysetService{} 722 macService := &services.MacService{} 723 ctx := context.Background() 724 725 // We use signature keys -- then we cannot create a hybrid encrypt 726 template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 727 if err != nil { 728 t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 729 } 730 731 privateKeyset, err := genKeyset(ctx, keysetService, template) 732 if err != nil { 733 t.Fatalf("genKeyset failed: %v", err) 734 } 735 736 result, err := macService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 737 if err != nil { 738 t.Fatalf("macService.Create with bad keyset failed with gRPC error: %v", err) 739 } 740 if result.GetErr() == "" { 741 t.Fatalf("macService.Create with bad keyset succeeded") 742 } 743} 744 745func computeMAC(ctx context.Context, macService *services.MacService, keyset []byte, data []byte) ([]byte, error) { 746 encRequest := &pb.ComputeMacRequest{ 747 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 748 Data: data, 749 } 750 response, err := macService.ComputeMac(ctx, encRequest) 751 if err != nil { 752 return nil, err 753 } 754 switch r := response.Result.(type) { 755 case *pb.ComputeMacResponse_MacValue: 756 return r.MacValue, nil 757 case *pb.ComputeMacResponse_Err: 758 return nil, errors.New(r.Err) 759 default: 760 return nil, fmt.Errorf("response.Result has unexpected type %T", r) 761 } 762} 763 764func verifyMAC(ctx context.Context, macService *services.MacService, keyset []byte, macValue []byte, data []byte) error { 765 request := &pb.VerifyMacRequest{ 766 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 767 MacValue: macValue, 768 Data: data, 769 } 770 response, err := macService.VerifyMac(ctx, request) 771 if err != nil { 772 return err 773 } 774 if response.Err != "" { 775 return errors.New(response.Err) 776 } 777 return nil 778} 779 780func TestComputeVerifyMac(t *testing.T) { 781 keysetService := &services.KeysetService{} 782 macService := &services.MacService{} 783 ctx := context.Background() 784 785 template, err := proto.Marshal(mac.HMACSHA256Tag128KeyTemplate()) 786 if err != nil { 787 t.Fatalf("proto.Marshal(mac.HMACSHA256Tag128KeyTemplate()) failed: %v", err) 788 } 789 790 keyset, err := genKeyset(ctx, keysetService, template) 791 if err != nil { 792 t.Fatalf("genKeyset failed: %v", err) 793 } 794 795 data := []byte("The quick brown fox jumps over the lazy dog") 796 macValue, err := computeMAC(ctx, macService, keyset, data) 797 if err != nil { 798 t.Fatalf("computeMAC failed: %v", err) 799 } 800 if err := verifyMAC(ctx, macService, keyset, macValue, data); err != nil { 801 t.Fatalf("verifyMAC failed: %v", err) 802 } 803 804 if _, err := computeMAC(ctx, macService, []byte("badKeyset"), data); err == nil { 805 t.Fatalf("computeMAC with bad keyset succeeded unexpectedly.") 806 } 807 if err := verifyMAC(ctx, macService, keyset, []byte("badMacValue"), data); err == nil { 808 t.Fatalf("verifyMAC of bad MAC value succeeded unexpectedly.") 809 } 810} 811 812func hybridEncrypt(ctx context.Context, hybridService *services.HybridService, publicKeyset []byte, plaintext []byte, contextInfo []byte) ([]byte, error) { 813 encRequest := &pb.HybridEncryptRequest{ 814 PublicAnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}, 815 Plaintext: plaintext, 816 ContextInfo: contextInfo, 817 } 818 encResponse, err := hybridService.Encrypt(ctx, encRequest) 819 if err != nil { 820 return nil, err 821 } 822 switch r := encResponse.Result.(type) { 823 case *pb.HybridEncryptResponse_Ciphertext: 824 return r.Ciphertext, nil 825 case *pb.HybridEncryptResponse_Err: 826 return nil, errors.New(r.Err) 827 default: 828 return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 829 } 830} 831 832func hybridDecrypt(ctx context.Context, hybridService *services.HybridService, privateKeyset []byte, ciphertext []byte, contextInfo []byte) ([]byte, error) { 833 decRequest := &pb.HybridDecryptRequest{ 834 PrivateAnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}, 835 Ciphertext: ciphertext, 836 ContextInfo: contextInfo, 837 } 838 decResponse, err := hybridService.Decrypt(ctx, decRequest) 839 if err != nil { 840 return nil, err 841 } 842 switch r := decResponse.Result.(type) { 843 case *pb.HybridDecryptResponse_Plaintext: 844 return r.Plaintext, nil 845 case *pb.HybridDecryptResponse_Err: 846 return nil, errors.New(r.Err) 847 default: 848 return nil, fmt.Errorf("decResponse.Result has unexpected type %T", r) 849 } 850} 851 852func TestSuccessfulHybridDecryptCreation(t *testing.T) { 853 keysetService := &services.KeysetService{} 854 hybridService := &services.HybridService{} 855 ctx := context.Background() 856 857 template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 858 if err != nil { 859 t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 860 } 861 862 privateKeyset, err := genKeyset(ctx, keysetService, template) 863 if err != nil { 864 t.Fatalf("genKeyset failed: %v", err) 865 } 866 867 result, err := hybridService.CreateHybridDecrypt(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 868 if err != nil { 869 t.Fatalf("CreateHybridDecrypt with good keyset failed with gRPC error: %v, want nil", err) 870 } 871 if result.GetErr() != "" { 872 t.Fatalf("CreateHybridDecrypt with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 873 } 874} 875 876func TestSuccessfulHybridEncryptCreation(t *testing.T) { 877 keysetService := &services.KeysetService{} 878 hybridService := &services.HybridService{} 879 ctx := context.Background() 880 881 template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 882 if err != nil { 883 t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 884 } 885 886 privateKeyset, err := genKeyset(ctx, keysetService, template) 887 if err != nil { 888 t.Fatalf("genKeyset failed: %v", err) 889 } 890 publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 891 if err != nil { 892 t.Fatalf("pubKeyset failed: %v", err) 893 } 894 895 result, err := hybridService.CreateHybridEncrypt(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}}) 896 if err != nil { 897 t.Fatalf("CreateHybridEncrypt with good keyset failed with gRPC error: %v, want nil", err) 898 } 899 if result.GetErr() != "" { 900 t.Fatalf("CreateHybridEncrypt with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 901 } 902} 903 904func TestFailingHybridDecryptCreation(t *testing.T) { 905 keysetService := &services.KeysetService{} 906 hybridService := &services.HybridService{} 907 ctx := context.Background() 908 909 // We use signature keys -- then we cannot create a hybrid encrypt 910 template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 911 if err != nil { 912 t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 913 } 914 915 privateKeyset, err := genKeyset(ctx, keysetService, template) 916 if err != nil { 917 t.Fatalf("genKeyset failed: %v", err) 918 } 919 920 result, err := hybridService.CreateHybridDecrypt(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 921 if err != nil { 922 t.Fatalf("CreateHybridDecrypt with bad keyset failed with gRPC error: %v", err) 923 } 924 if result.GetErr() == "" { 925 t.Fatalf("CreateHybridDecrypt with bad keyset succeeded") 926 } 927} 928 929func TestFailingHybridEncryptCreation(t *testing.T) { 930 keysetService := &services.KeysetService{} 931 hybridService := &services.HybridService{} 932 ctx := context.Background() 933 934 // We use signature keys -- then we cannot create a hybrid encrypt 935 template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 936 if err != nil { 937 t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 938 } 939 940 privateKeyset, err := genKeyset(ctx, keysetService, template) 941 if err != nil { 942 t.Fatalf("genKeyset failed: %v", err) 943 } 944 publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 945 if err != nil { 946 t.Fatalf("pubKeyset failed: %v", err) 947 } 948 949 result, err := hybridService.CreateHybridEncrypt(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}}) 950 if err != nil { 951 t.Fatalf("CreateHybridEncrypt with good keyset failed with gRPC error: %v", err) 952 } 953 if result.GetErr() == "" { 954 t.Fatalf("CreateHybridEncrypt with bad keyset succeeded") 955 } 956} 957 958func TestHybridGenerateEncryptDecrypt(t *testing.T) { 959 keysetService := &services.KeysetService{} 960 hybridService := &services.HybridService{} 961 ctx := context.Background() 962 963 template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 964 if err != nil { 965 t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 966 } 967 968 privateKeyset, err := genKeyset(ctx, keysetService, template) 969 if err != nil { 970 t.Fatalf("genKeyset failed: %v", err) 971 } 972 publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 973 if err != nil { 974 t.Fatalf("pubKeyset failed: %v", err) 975 } 976 977 plaintext := []byte("The quick brown fox jumps over the lazy dog") 978 associatedData := []byte("Associated Data") 979 ciphertext, err := hybridEncrypt(ctx, hybridService, publicKeyset, plaintext, associatedData) 980 if err != nil { 981 t.Fatalf("hybridEncrypt failed: %v", err) 982 } 983 output, err := hybridDecrypt(ctx, hybridService, privateKeyset, ciphertext, associatedData) 984 if err != nil { 985 t.Fatalf("hybridDecrypt failed: %v", err) 986 } 987 if bytes.Compare(output, plaintext) != 0 { 988 t.Fatalf("Decrypted ciphertext is %v, want %v", output, plaintext) 989 } 990 991 if _, err := pubKeyset(ctx, keysetService, []byte("badPrivateKeyset")); err == nil { 992 t.Fatalf("pubKeyset from bad private keyset succeeded unexpectedly.") 993 } 994 if _, err := hybridEncrypt(ctx, hybridService, []byte("badPublicKeyset"), plaintext, associatedData); err == nil { 995 t.Fatalf("hybridEncrypt with bad public keyset succeeded unexpectedly.") 996 } 997 if _, err := hybridDecrypt(ctx, hybridService, []byte("badPrivateKeyset"), ciphertext, associatedData); err == nil { 998 t.Fatalf("hybridDecrypt with bad private keyset succeeded unexpectedly.") 999 } 1000 if _, err := hybridDecrypt(ctx, hybridService, privateKeyset, []byte("badCiphertext"), associatedData); err == nil { 1001 t.Fatalf("hybridDecrypt of bad ciphertext succeeded unexpectedly.") 1002 } 1003} 1004 1005func TestSuccessfulPublicKeySignCreation(t *testing.T) { 1006 keysetService := &services.KeysetService{} 1007 signatureService := &services.SignatureService{} 1008 ctx := context.Background() 1009 1010 template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 1011 if err != nil { 1012 t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 1013 } 1014 1015 privateKeyset, err := genKeyset(ctx, keysetService, template) 1016 if err != nil { 1017 t.Fatalf("genKeyset failed: %v", err) 1018 } 1019 1020 result, err := signatureService.CreatePublicKeySign(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 1021 if err != nil { 1022 t.Fatalf("CreateHybridDecrypt with good keyset failed with gRPC error: %v", err) 1023 } 1024 if result.GetErr() != "" { 1025 t.Fatalf("CreateHybridDecrypt good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 1026 } 1027} 1028 1029func TestSuccessfulPublicKeyVerifyCreation(t *testing.T) { 1030 keysetService := &services.KeysetService{} 1031 signatureService := &services.SignatureService{} 1032 ctx := context.Background() 1033 1034 template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 1035 if err != nil { 1036 t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 1037 } 1038 1039 privateKeyset, err := genKeyset(ctx, keysetService, template) 1040 if err != nil { 1041 t.Fatalf("genKeyset failed: %v", err) 1042 } 1043 publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 1044 if err != nil { 1045 t.Fatalf("pubKeyset failed: %v", err) 1046 } 1047 1048 result, err := signatureService.CreatePublicKeyVerify(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}}) 1049 if err != nil { 1050 t.Fatalf("CreateHybridEncrypt with good keyset failed with gRPC error: %v", err) 1051 } 1052 if result.GetErr() != "" { 1053 t.Fatalf("CreateHybridEncrypt good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 1054 } 1055} 1056 1057func TestFailingPublicKeySignCreation(t *testing.T) { 1058 keysetService := &services.KeysetService{} 1059 signatureService := &services.SignatureService{} 1060 ctx := context.Background() 1061 1062 template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 1063 if err != nil { 1064 t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 1065 } 1066 1067 privateKeyset, err := genKeyset(ctx, keysetService, template) 1068 if err != nil { 1069 t.Fatalf("genKeyset failed: %v", err) 1070 } 1071 1072 result, err := signatureService.CreatePublicKeySign(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 1073 if err != nil { 1074 t.Fatalf("CreatePublicKeySign with bad keyset failed with gRPC error: %v", err) 1075 } 1076 if result.GetErr() == "" { 1077 t.Fatalf("CreatePublicKeySign with bad keyset succeeded") 1078 } 1079} 1080 1081func TestFailingPublicKeyVerifyCreation(t *testing.T) { 1082 keysetService := &services.KeysetService{} 1083 signatureService := &services.SignatureService{} 1084 ctx := context.Background() 1085 1086 template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 1087 if err != nil { 1088 t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 1089 } 1090 1091 privateKeyset, err := genKeyset(ctx, keysetService, template) 1092 if err != nil { 1093 t.Fatalf("genKeyset failed: %v", err) 1094 } 1095 publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 1096 if err != nil { 1097 t.Fatalf("pubKeyset failed: %v", err) 1098 } 1099 1100 result, err := signatureService.CreatePublicKeyVerify(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}}) 1101 if err != nil { 1102 t.Fatalf("CreatePublicKeyVerify with good keyset failed with gRPC error: %v", err) 1103 } 1104 if result.GetErr() == "" { 1105 t.Fatalf("CreatePublicKeyVerify with bad keyset succeeded") 1106 } 1107} 1108 1109func signatureSign(ctx context.Context, signatureService *services.SignatureService, privateKeyset []byte, data []byte) ([]byte, error) { 1110 encRequest := &pb.SignatureSignRequest{ 1111 PrivateAnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}, 1112 Data: data, 1113 } 1114 response, err := signatureService.Sign(ctx, encRequest) 1115 if err != nil { 1116 return nil, err 1117 } 1118 switch r := response.Result.(type) { 1119 case *pb.SignatureSignResponse_Signature: 1120 return r.Signature, nil 1121 case *pb.SignatureSignResponse_Err: 1122 return nil, errors.New(r.Err) 1123 default: 1124 return nil, fmt.Errorf("response.Result has unexpected type %T", r) 1125 } 1126} 1127 1128func signatureVerify(ctx context.Context, signatureService *services.SignatureService, publicKeyset []byte, signatureValue []byte, data []byte) error { 1129 request := &pb.SignatureVerifyRequest{ 1130 PublicAnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}, 1131 Signature: signatureValue, 1132 Data: data, 1133 } 1134 response, err := signatureService.Verify(ctx, request) 1135 if err != nil { 1136 return err 1137 } 1138 if response.Err != "" { 1139 return errors.New(response.Err) 1140 } 1141 return nil 1142} 1143 1144func TestSignatureSignVerify(t *testing.T) { 1145 keysetService := &services.KeysetService{} 1146 signatureService := &services.SignatureService{} 1147 ctx := context.Background() 1148 1149 template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 1150 if err != nil { 1151 t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 1152 } 1153 1154 privateKeyset, err := genKeyset(ctx, keysetService, template) 1155 if err != nil { 1156 t.Fatalf("genKeyset failed: %v", err) 1157 } 1158 publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 1159 if err != nil { 1160 t.Fatalf("pubKeyset failed: %v", err) 1161 } 1162 1163 data := []byte("The quick brown fox jumps over the lazy dog") 1164 signatureValue, err := signatureSign(ctx, signatureService, privateKeyset, data) 1165 if err != nil { 1166 t.Fatalf("signatureSign failed: %v", err) 1167 } 1168 if err := signatureVerify(ctx, signatureService, publicKeyset, signatureValue, data); err != nil { 1169 t.Fatalf("signatureVerify failed: %v", err) 1170 } 1171 1172 if _, err := signatureSign(ctx, signatureService, []byte("badPrivateKeyset"), data); err == nil { 1173 t.Fatalf("signatureSign with bad private keyset succeeded unexpectedly.") 1174 } 1175 if err := signatureVerify(ctx, signatureService, publicKeyset, []byte("badSignature"), data); err == nil { 1176 t.Fatalf("signatureVerify of bad signature succeeded unexpectedly.") 1177 } 1178 if err := signatureVerify(ctx, signatureService, []byte("badPublicKeyset"), signatureValue, data); err == nil { 1179 t.Fatalf("signatureVerify of bad public keyset succeeded unexpectedly.") 1180 } 1181} 1182 1183func TestSuccessfulPrfSetCreation(t *testing.T) { 1184 keysetService := &services.KeysetService{} 1185 prfSetService := &services.PrfSetService{} 1186 ctx := context.Background() 1187 1188 template, err := proto.Marshal(prf.HMACSHA256PRFKeyTemplate()) 1189 if err != nil { 1190 t.Fatalf("proto.Marshal(prf.HMACSHA256PRFKeyTemplate()) failed: %v", err) 1191 } 1192 1193 privateKeyset, err := genKeyset(ctx, keysetService, template) 1194 if err != nil { 1195 t.Fatalf("genKeyset failed: %v", err) 1196 } 1197 1198 result, err := prfSetService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 1199 if err != nil { 1200 t.Fatalf("macService.Create with good keyset failed with gRPC error: %v", err) 1201 } 1202 if result.GetErr() != "" { 1203 t.Fatalf("macService.Create with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 1204 } 1205} 1206 1207func TestFailingPrfSetCreation(t *testing.T) { 1208 keysetService := &services.KeysetService{} 1209 prfSetService := &services.MacService{} 1210 ctx := context.Background() 1211 1212 // We use signature keys -- then we cannot create a hybrid encrypt 1213 template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 1214 if err != nil { 1215 t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 1216 } 1217 1218 privateKeyset, err := genKeyset(ctx, keysetService, template) 1219 if err != nil { 1220 t.Fatalf("genKeyset failed: %v", err) 1221 } 1222 1223 result, err := prfSetService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 1224 if err != nil { 1225 t.Fatalf("prfSetService.Create with bad keyset failed with gRPC error: %v", err) 1226 } 1227 if result.GetErr() == "" { 1228 t.Fatalf("prfSetService.Create with bad keyset succeeded") 1229 } 1230} 1231 1232func prfSetKeyIds(ctx context.Context, prfSetService *services.PrfSetService, keyset []byte) (uint32, []uint32, error) { 1233 request := &pb.PrfSetKeyIdsRequest{ 1234 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 1235 } 1236 response, err := prfSetService.KeyIds(ctx, request) 1237 if err != nil { 1238 return 0, nil, err 1239 } 1240 switch r := response.Result.(type) { 1241 case *pb.PrfSetKeyIdsResponse_Output_: 1242 return r.Output.PrimaryKeyId, r.Output.KeyId, nil 1243 case *pb.PrfSetKeyIdsResponse_Err: 1244 return 0, nil, errors.New(r.Err) 1245 default: 1246 return 0, nil, fmt.Errorf("response.Result has unexpected type %T", r) 1247 } 1248} 1249 1250func prfSetCompute(ctx context.Context, prfSetService *services.PrfSetService, keyset []byte, keyID uint32, inputData []byte, outputLength int) ([]byte, error) { 1251 request := &pb.PrfSetComputeRequest{ 1252 AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 1253 KeyId: keyID, 1254 InputData: inputData, 1255 OutputLength: int32(outputLength), 1256 } 1257 response, err := prfSetService.Compute(ctx, request) 1258 if err != nil { 1259 return nil, err 1260 } 1261 switch r := response.Result.(type) { 1262 case *pb.PrfSetComputeResponse_Output: 1263 return r.Output, nil 1264 case *pb.PrfSetComputeResponse_Err: 1265 return nil, errors.New(r.Err) 1266 default: 1267 return nil, fmt.Errorf("response.Result has unexpected type %T", r) 1268 } 1269} 1270 1271func TestComputePrf(t *testing.T) { 1272 keysetService := &services.KeysetService{} 1273 prfSetService := &services.PrfSetService{} 1274 ctx := context.Background() 1275 template, err := proto.Marshal(prf.HMACSHA256PRFKeyTemplate()) 1276 if err != nil { 1277 t.Fatalf("proto.Marshal(prf.HMACSHA256PRFKeyTemplate()) failed: %v", err) 1278 } 1279 keyset, err := genKeyset(ctx, keysetService, template) 1280 if err != nil { 1281 t.Fatalf("genKeyset failed: %v", err) 1282 } 1283 1284 primaryKeyID, keyIDs, err := prfSetKeyIds(ctx, prfSetService, keyset) 1285 if err != nil { 1286 t.Fatalf("prfSetKeyIds failed: %v", err) 1287 } 1288 if len(keyIDs) != 1 || keyIDs[0] != primaryKeyID { 1289 t.Fatalf("expected keyIDs = {primaryKeyID}, but go %v", keyIDs) 1290 } 1291 inputData := []byte("inputData") 1292 outputLength := 15 1293 output, err := prfSetCompute(ctx, prfSetService, keyset, primaryKeyID, inputData, outputLength) 1294 if err != nil { 1295 t.Fatalf("prfSetCompute failed: %v", err) 1296 } 1297 if len(output) != outputLength { 1298 t.Fatalf("expected output of length %d, but got length %d (%x)", outputLength, len(output), output) 1299 } 1300 badOutputLength := 123456 1301 if _, err := prfSetCompute(ctx, prfSetService, keyset, primaryKeyID, inputData, badOutputLength); err == nil { 1302 t.Fatalf("prfSetCompute with bad outputLength succeeded unexpectedly.") 1303 } 1304} 1305 1306func TestPrfKeyIdsFail(t *testing.T) { 1307 prfSetService := &services.PrfSetService{} 1308 ctx := context.Background() 1309 if _, _, err := prfSetKeyIds(ctx, prfSetService, []byte("badKeyset")); err == nil { 1310 t.Fatalf("prfSetKeyIds with bad keyset succeeded unexpectedly.") 1311 } 1312} 1313 1314func TestServerInfo(t *testing.T) { 1315 metadataService := &services.MetadataService{} 1316 ctx := context.Background() 1317 1318 req := &pb.ServerInfoRequest{} 1319 rsp, err := metadataService.GetServerInfo(ctx, req) 1320 if err != nil { 1321 t.Fatalf("GetServerInfo failed: %v", err) 1322 } 1323 if strings.Compare(rsp.GetLanguage(), "go") != 0 { 1324 t.Fatalf("Expected language 'go', got: %v", rsp.GetLanguage()) 1325 } 1326} 1327