xref: /aosp_15_r20/external/tink/cc/hybrid/internal/hpke_test_util.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2021 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #include "tink/hybrid/internal/hpke_test_util.h"
18 
19 #include <string>
20 
21 #include "absl/status/status.h"
22 #include "tink/hybrid/internal/hpke_util.h"
23 #include "tink/util/status.h"
24 #include "proto/hpke.pb.h"
25 
26 namespace crypto {
27 namespace tink {
28 namespace internal {
29 
30 // Test vector from https://www.rfc-editor.org/rfc/rfc9180.html#appendix-A.1.
31 // DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM
32 const absl::string_view kTestX25519HkdfSha256Aes128Gcm[] = {
33     "3948cfe0ad1ddb695d780e59077195da6c56506b027329794ab02bca80815c4d",  // pkRm
34     "52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736",  // skEm
35     "4f6465206f6e2061204772656369616e2055726e",                          // info
36     "4265617574792069732074727574682c20747275746820626561757479",        // pt
37     "436f756e742d30",                                                    // aad
38     "f938558b5d72f1a23810b4be2ab4f84331acc02fc97babc53a52ae8218a355a96d8770ac83"
39     "d07bea87e13c512a",                                                  // ct
40     "4612c550263fc8ad58375df3f557aac531d26850903e55a9f23f21d8534e8ac8",  // skRm
41     "37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431",  // enc
42     "",                        // exporter_contexts[0]
43     "00",                      // exporter_contexts[1]
44     "54657374436f6e74657874",  // exporter_contexts[2]
45     // exporter_values[0]
46     "3853fe2b4035195a573ffc53856e77058e15d9ea064de3e59f4961d0095250ee",
47     // exporter_values[1]
48     "2e8f0b54673c7029649d4eb9d5e33bf1872cf76d623ff164ac185da9e88c21a5",
49     // exporter_values[2]
50     "e9e43065102c3836401bed8c3c3c75ae46be1639869391d62c61f1ec7af54931"
51 };
52 
53 // Test vector from https://www.rfc-editor.org/rfc/rfc9180.html#appendix-A.2.
54 // DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305
55 const absl::string_view kTestX25519HkdfSha256ChaCha20Poly1305[] = {
56     "4310ee97d88cc1f088a5576c77ab0cf5c3ac797f3d95139c6c84b5429c59662a",  // pkRm
57     "f4ec9b33b792c372c1d2c2063507b684ef925b8c75a42dbcbf57d63ccd381600",  // skEm
58     "4f6465206f6e2061204772656369616e2055726e",                          // info
59     "4265617574792069732074727574682c20747275746820626561757479",        // pt
60     "436f756e742d30",                                                    // aad
61     "1c5250d8034ec2b784ba2cfd69dbdb8af406cfe3ff938e131f0def8c8b60b4db21993c"
62     "62ce81883d2dd1b51a28",                                              // ct
63     "8057991eef8f1f1af18f4a9491d16a1ce333f695d4db8e38da75975c4478e0fb",  // skRm
64     "1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a",  // enc
65     "",                        // exporter_contexts[0]
66     "00",                      // exporter_contexts[1]
67     "54657374436f6e74657874",  // exporter_contexts[2]
68     // exporter_values[0]
69     "4bbd6243b8bb54cec311fac9df81841b6fd61f56538a775e7c80a9f40160606e",
70     // exporter_values[1]
71     "8c1df14732580e5501b00f82b10a1647b40713191b7c1240ac80e2b68808ba69",
72     // exporter_values[2]
73     "5acb09211139c43b3090489a9da433e8a30ee7188ba8b0a9a1ccf0c229283e53"
74 };
75 
76 // BoringSSL test vectors with aead_id = 2.  Missing 'skRm' and 'enc'.
77 // (No test vectors provided by RFC 9180 for this test case).
78 // DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-256-GCM
79 const absl::string_view kTestX25519HkdfSha256Aes256Gcm[] = {
80     "ac66bae9ffa270cf4a89ed9f274e30c0456babae2572aaaf002ff0d8884ab018",  // pkRm
81     "28e212563a8b6f068af7ff17400ff1baf23612b7a738bbaf5dfb321b2b5b431a",  // skEm
82     "4f6465206f6e2061204772656369616e2055726e",                          // info
83     "4265617574792069732074727574682c20747275746820626561757479",        // pt
84     "436f756e742d30",                                                    // aad
85     "23ded2d5d90ea89d975dac4792b297240f194952d7421aacbff0474100052b6bb8aa58d1"
86     "8ef6c42b6960e2e28f",  // ct
87     "",                    // Missing skRm
88     "",                    // Missing enc
89     "",                    // Missing exporter_contexts[0]
90     "",                    // Missing exporter_contexts[1]
91     "",                    // Missing exporter_contexts[2]
92     "",                    // Missing exporter_values[0]
93     "",                    // Missing exporter_values[1]
94     "",                    // Missing exporter_values[2]
95 };
96 
DefaultHpkeTestParams()97 HpkeTestParams DefaultHpkeTestParams() {
98   return HpkeTestParams(kTestX25519HkdfSha256Aes128Gcm);
99 }
100 
CreateHpkeTestParams(const google::crypto::tink::HpkeParams & params)101 util::StatusOr<HpkeTestParams> CreateHpkeTestParams(
102     const google::crypto::tink::HpkeParams& params) {
103   if (params.kem() != google::crypto::tink::HpkeKem::DHKEM_X25519_HKDF_SHA256) {
104     return util::Status(
105         absl::StatusCode::kInvalidArgument,
106         absl::StrCat("No test parameters for specified KEM:", params.kem()));
107   }
108   if (params.kdf() != google::crypto::tink::HpkeKdf::HKDF_SHA256) {
109     return util::Status(
110         absl::StatusCode::kInvalidArgument,
111         absl::StrCat("No test parameters for specified KDF:", params.kdf()));
112   }
113   switch (params.aead()) {
114     case google::crypto::tink::HpkeAead::AES_128_GCM:
115       return HpkeTestParams(kTestX25519HkdfSha256Aes128Gcm);
116     case google::crypto::tink::HpkeAead::AES_256_GCM:
117       return HpkeTestParams(kTestX25519HkdfSha256Aes256Gcm);
118     case google::crypto::tink::HpkeAead::CHACHA20_POLY1305:
119       return HpkeTestParams(kTestX25519HkdfSha256ChaCha20Poly1305);
120     default:
121       return util::Status(absl::StatusCode::kInvalidArgument,
122                           absl::StrCat("No test parameters for specified AEAD:",
123                                        params.aead()));
124   }
125 }
126 
CreateHpkeTestParams(const HpkeParams & params)127 util::StatusOr<HpkeTestParams> CreateHpkeTestParams(const HpkeParams& params) {
128   if (params.kem != HpkeKem::kX25519HkdfSha256) {
129     return util::Status(
130         absl::StatusCode::kInvalidArgument,
131         absl::StrCat("No test parameters for specified KEM:", params.kem));
132   }
133   if (params.kdf != HpkeKdf::kHkdfSha256) {
134     return util::Status(
135         absl::StatusCode::kInvalidArgument,
136         absl::StrCat("No test parameters for specified KDF:", params.kdf));
137   }
138   switch (params.aead) {
139     case HpkeAead::kAes128Gcm:
140       return HpkeTestParams(kTestX25519HkdfSha256Aes128Gcm);
141     case HpkeAead::kAes256Gcm:
142       return HpkeTestParams(kTestX25519HkdfSha256Aes256Gcm);
143     case HpkeAead::kChaCha20Poly1305:
144       return HpkeTestParams(kTestX25519HkdfSha256ChaCha20Poly1305);
145     default:
146       return util::Status(
147           absl::StatusCode::kInvalidArgument,
148           absl::StrCat("No test parameters for specified AEAD:", params.aead));
149   }
150 }
151 
CreateHpkeParams(const google::crypto::tink::HpkeKem & kem,const google::crypto::tink::HpkeKdf & kdf,const google::crypto::tink::HpkeAead & aead)152 google::crypto::tink::HpkeParams CreateHpkeParams(
153     const google::crypto::tink::HpkeKem& kem,
154     const google::crypto::tink::HpkeKdf& kdf,
155     const google::crypto::tink::HpkeAead& aead) {
156   google::crypto::tink::HpkeParams params;
157   params.set_kem(kem);
158   params.set_kdf(kdf);
159   params.set_aead(aead);
160   return params;
161 }
162 
CreateHpkePublicKey(const google::crypto::tink::HpkeParams & params,const std::string & raw_key_bytes)163 google::crypto::tink::HpkePublicKey CreateHpkePublicKey(
164     const google::crypto::tink::HpkeParams& params,
165     const std::string& raw_key_bytes) {
166   google::crypto::tink::HpkePublicKey key_proto;
167   key_proto.set_version(0);
168   key_proto.set_public_key(raw_key_bytes);
169   *key_proto.mutable_params() = params;
170   return key_proto;
171 }
172 
CreateHpkePrivateKey(const google::crypto::tink::HpkeParams & params,const std::string & raw_key_bytes)173 google::crypto::tink::HpkePrivateKey CreateHpkePrivateKey(
174     const google::crypto::tink::HpkeParams& params,
175     const std::string& raw_key_bytes) {
176   google::crypto::tink::HpkePrivateKey private_key_proto;
177   private_key_proto.set_version(0);
178   private_key_proto.set_private_key(raw_key_bytes);
179   google::crypto::tink::HpkePublicKey* public_key_proto =
180       private_key_proto.mutable_public_key();
181   *public_key_proto->mutable_params() = params;
182   return private_key_proto;
183 }
184 
185 }  // namespace internal
186 }  // namespace tink
187 }  // namespace crypto
188