1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/mac/hmac_parameters.h"
18
19 #include <memory>
20 #include <tuple>
21
22 #include "gmock/gmock.h"
23 #include "gtest/gtest.h"
24 #include "tink/util/statusor.h"
25 #include "tink/util/test_matchers.h"
26
27 namespace crypto {
28 namespace tink {
29 namespace {
30
31 using ::crypto::tink::test::IsOk;
32 using ::crypto::tink::test::StatusIs;
33 using ::testing::Combine;
34 using ::testing::Eq;
35 using ::testing::Range;
36 using ::testing::TestWithParam;
37 using ::testing::Values;
38
39 struct CreateTestCase {
40 HmacParameters::Variant variant;
41 int key_size;
42 int cryptographic_tag_size;
43 int total_tag_size;
44 HmacParameters::HashType hash_type;
45 bool has_id_requirement;
46 };
47
48 using HmacParametersCreateTest = TestWithParam<CreateTestCase>;
49
50 INSTANTIATE_TEST_SUITE_P(
51 HmacParametersCreateTestSuite, HmacParametersCreateTest,
52 Values(CreateTestCase{HmacParameters::Variant::kNoPrefix, /*key_size=*/16,
53 /*cryptographic_tag_size=*/20, /*total_tag_size=*/20,
54 HmacParameters::HashType::kSha1,
55 /*has_id_requirement=*/false},
56 CreateTestCase{HmacParameters::Variant::kTink, /*key_size=*/16,
57 /*cryptographic_tag_size=*/28, /*total_tag_size=*/33,
58 HmacParameters::HashType::kSha224,
59 /*has_id_requirement=*/true},
60 CreateTestCase{HmacParameters::Variant::kCrunchy, /*key_size=*/16,
61 /*cryptographic_tag_size=*/32, /*total_tag_size=*/37,
62 HmacParameters::HashType::kSha256,
63 /*has_id_requirement=*/true},
64 CreateTestCase{HmacParameters::Variant::kLegacy, /*key_size=*/32,
65 /*cryptographic_tag_size=*/48, /*total_tag_size=*/53,
66 HmacParameters::HashType::kSha384,
67 /*has_id_requirement=*/true},
68 CreateTestCase{HmacParameters::Variant::kNoPrefix,
69 /*key_size=*/32, /*cryptographic_tag_size=*/64,
70 /*total_tag_size=*/64,
71 HmacParameters::HashType::kSha512,
72 /*has_id_requirement=*/false}));
73
TEST_P(HmacParametersCreateTest,Create)74 TEST_P(HmacParametersCreateTest, Create) {
75 CreateTestCase test_case = GetParam();
76
77 util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
78 test_case.key_size, test_case.cryptographic_tag_size, test_case.hash_type,
79 test_case.variant);
80 ASSERT_THAT(parameters, IsOk());
81
82 EXPECT_THAT(parameters->GetVariant(), Eq(test_case.variant));
83 EXPECT_THAT(parameters->KeySizeInBytes(), Eq(test_case.key_size));
84 EXPECT_THAT(parameters->CryptographicTagSizeInBytes(),
85 Eq(test_case.cryptographic_tag_size));
86 EXPECT_THAT(parameters->TotalTagSizeInBytes(), Eq(test_case.total_tag_size));
87 EXPECT_THAT(parameters->GetHashType(), Eq(test_case.hash_type));
88 EXPECT_THAT(parameters->HasIdRequirement(), Eq(test_case.has_id_requirement));
89 }
90
TEST(HmacParametersTest,CreateWithInvalidVariantFails)91 TEST(HmacParametersTest, CreateWithInvalidVariantFails) {
92 EXPECT_THAT(HmacParameters::Create(
93 /*key_size_in_bytes=*/16,
94 /*cryptographic_tag_size_in_bytes=*/12,
95 HmacParameters::HashType::kSha256,
96 HmacParameters::Variant::
97 kDoNotUseInsteadUseDefaultWhenWritingSwitchStatements)
98 .status(),
99 StatusIs(absl::StatusCode::kInvalidArgument));
100 }
101
TEST(HmacParametersTest,CreateWithInvalidHashTypeFails)102 TEST(HmacParametersTest, CreateWithInvalidHashTypeFails) {
103 EXPECT_THAT(HmacParameters::Create(
104 /*key_size_in_bytes=*/32,
105 /*cryptographic_tag_size_in_bytes=*/12,
106 HmacParameters::HashType::
107 kDoNotUseInsteadUseDefaultWhenWritingSwitchStatements,
108 HmacParameters::Variant::kNoPrefix)
109 .status(),
110 StatusIs(absl::StatusCode::kInvalidArgument));
111 }
112
TEST(HmacParametersTest,CreateWithInvalidKeySizeFails)113 TEST(HmacParametersTest, CreateWithInvalidKeySizeFails) {
114 EXPECT_THAT(HmacParameters::Create(/*key_size_in_bytes=*/15,
115 /*cryptographic_tag_size_in_bytes=*/16,
116 HmacParameters::HashType::kSha256,
117 HmacParameters::Variant::kNoPrefix)
118 .status(),
119 StatusIs(absl::StatusCode::kInvalidArgument));
120 }
121
TEST(HmacParametersTest,CreateWithInvalidTagSizeFails)122 TEST(HmacParametersTest, CreateWithInvalidTagSizeFails) {
123 // Too small.
124 EXPECT_THAT(HmacParameters::Create(/*key_size_in_bytes=*/32,
125 /*cryptographic_tag_size_in_bytes=*/7,
126 HmacParameters::HashType::kSha224,
127 HmacParameters::Variant::kNoPrefix)
128 .status(),
129 StatusIs(absl::StatusCode::kInvalidArgument));
130 // Too big for kSha1.
131 EXPECT_THAT(HmacParameters::Create(/*key_size_in_bytes=*/32,
132 /*cryptographic_tag_size_in_bytes=*/21,
133 HmacParameters::HashType::kSha1,
134 HmacParameters::Variant::kNoPrefix)
135 .status(),
136 StatusIs(absl::StatusCode::kInvalidArgument));
137 // Too big for kSha224.
138 EXPECT_THAT(HmacParameters::Create(/*key_size_in_bytes=*/32,
139 /*cryptographic_tag_size_in_bytes=*/29,
140 HmacParameters::HashType::kSha224,
141 HmacParameters::Variant::kNoPrefix)
142 .status(),
143 StatusIs(absl::StatusCode::kInvalidArgument));
144 // Too big for kSha256;
145 EXPECT_THAT(HmacParameters::Create(/*key_size_in_bytes=*/32,
146 /*cryptographic_tag_size_in_bytes=*/33,
147 HmacParameters::HashType::kSha256,
148 HmacParameters::Variant::kNoPrefix)
149 .status(),
150 StatusIs(absl::StatusCode::kInvalidArgument));
151 // Too big for kSha384;
152 EXPECT_THAT(HmacParameters::Create(/*key_size_in_bytes=*/32,
153 /*cryptographic_tag_size_in_bytes=*/49,
154 HmacParameters::HashType::kSha384,
155 HmacParameters::Variant::kNoPrefix)
156 .status(),
157 StatusIs(absl::StatusCode::kInvalidArgument));
158 // Too big for kSha512;
159 EXPECT_THAT(HmacParameters::Create(/*key_size_in_bytes=*/32,
160 /*cryptographic_tag_size_in_bytes=*/65,
161 HmacParameters::HashType::kSha512,
162 HmacParameters::Variant::kNoPrefix)
163 .status(),
164 StatusIs(absl::StatusCode::kInvalidArgument));
165 }
166
TEST(HmacParametersTest,CopyConstructor)167 TEST(HmacParametersTest, CopyConstructor) {
168 util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
169 /*key_size_in_bytes=*/32,
170 /*cryptographic_tag_size_in_bytes=*/12, HmacParameters::HashType::kSha256,
171 HmacParameters::Variant::kTink);
172 ASSERT_THAT(parameters, IsOk());
173
174 HmacParameters copy(*parameters);
175 EXPECT_THAT(copy.GetVariant(), Eq(parameters->GetVariant()));
176 EXPECT_THAT(copy.CryptographicTagSizeInBytes(),
177 Eq(parameters->CryptographicTagSizeInBytes()));
178 EXPECT_THAT(copy.TotalTagSizeInBytes(),
179 Eq(parameters->TotalTagSizeInBytes()));
180 EXPECT_THAT(copy.GetHashType(), Eq(parameters->GetHashType()));
181 EXPECT_THAT(copy.HasIdRequirement(), Eq(parameters->HasIdRequirement()));
182 }
183
TEST(HmacParametersTest,CopyAssignment)184 TEST(HmacParametersTest, CopyAssignment) {
185 util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
186 /*key_size_in_bytes=*/32,
187 /*cryptographic_tag_size_in_bytes=*/12, HmacParameters::HashType::kSha512,
188 HmacParameters::Variant::kTink);
189 ASSERT_THAT(parameters, IsOk());
190
191 HmacParameters copy = *parameters;
192 EXPECT_THAT(copy.GetVariant(), Eq(parameters->GetVariant()));
193 EXPECT_THAT(copy.CryptographicTagSizeInBytes(),
194 Eq(parameters->CryptographicTagSizeInBytes()));
195 EXPECT_THAT(copy.TotalTagSizeInBytes(),
196 Eq(parameters->TotalTagSizeInBytes()));
197 EXPECT_THAT(copy.GetHashType(), Eq(parameters->GetHashType()));
198 EXPECT_THAT(copy.HasIdRequirement(), Eq(parameters->HasIdRequirement()));
199 }
200
201 using HmacParametersVariantTest = TestWithParam<
202 std::tuple<int, int, HmacParameters::HashType, HmacParameters::Variant>>;
203
204 INSTANTIATE_TEST_SUITE_P(HmacParametersVariantTestSuite,
205 HmacParametersVariantTest,
206 Combine(Range(16, 32), Range(10, 20),
207 Values(HmacParameters::HashType::kSha1,
208 HmacParameters::HashType::kSha224,
209 HmacParameters::HashType::kSha256,
210 HmacParameters::HashType::kSha384,
211 HmacParameters::HashType::kSha512),
212 Values(HmacParameters::Variant::kTink,
213 HmacParameters::Variant::kCrunchy,
214 HmacParameters::Variant::kLegacy,
215 HmacParameters::Variant::kNoPrefix)));
216
TEST_P(HmacParametersVariantTest,ParametersEquals)217 TEST_P(HmacParametersVariantTest, ParametersEquals) {
218 int key_size;
219 int cryptographic_tag_size;
220 HmacParameters::HashType hash_type;
221 HmacParameters::Variant variant;
222 std::tie(key_size, cryptographic_tag_size, hash_type, variant) = GetParam();
223
224 util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
225 key_size, cryptographic_tag_size, hash_type, variant);
226 ASSERT_THAT(parameters, IsOk());
227
228 util::StatusOr<HmacParameters> other_parameters = HmacParameters::Create(
229 key_size, cryptographic_tag_size, hash_type, variant);
230 ASSERT_THAT(other_parameters, IsOk());
231
232 EXPECT_TRUE(*parameters == *other_parameters);
233 EXPECT_TRUE(*other_parameters == *parameters);
234 EXPECT_FALSE(*parameters != *other_parameters);
235 EXPECT_FALSE(*other_parameters != *parameters);
236 }
237
TEST(HmacParametersTest,KeySizeNotEqual)238 TEST(HmacParametersTest, KeySizeNotEqual) {
239 util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
240 /*key_size_in_bytes=*/16,
241 /*cryptographic_tag_size_in_bytes=*/10, HmacParameters::HashType::kSha224,
242 HmacParameters::Variant::kNoPrefix);
243 ASSERT_THAT(parameters, IsOk());
244
245 util::StatusOr<HmacParameters> other_parameters = HmacParameters::Create(
246 /*key_size_in_bytes=*/32,
247 /*cryptographic_tag_size_in_bytes=*/10, HmacParameters::HashType::kSha224,
248 HmacParameters::Variant::kNoPrefix);
249 ASSERT_THAT(other_parameters, IsOk());
250
251 EXPECT_TRUE(*parameters != *other_parameters);
252 EXPECT_FALSE(*parameters == *other_parameters);
253 }
254
TEST(HmacParametersTest,HashTypeNotEqual)255 TEST(HmacParametersTest, HashTypeNotEqual) {
256 util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
257 /*key_size_in_bytes=*/32,
258 /*cryptographic_tag_size_in_bytes=*/10, HmacParameters::HashType::kSha256,
259 HmacParameters::Variant::kNoPrefix);
260 ASSERT_THAT(parameters, IsOk());
261
262 util::StatusOr<HmacParameters> other_parameters = HmacParameters::Create(
263 /*key_size_in_bytes=*/32,
264 /*cryptographic_tag_size_in_bytes=*/10, HmacParameters::HashType::kSha512,
265 HmacParameters::Variant::kNoPrefix);
266 ASSERT_THAT(other_parameters, IsOk());
267
268 EXPECT_TRUE(*parameters != *other_parameters);
269 EXPECT_FALSE(*parameters == *other_parameters);
270 }
271
TEST(HmacParametersTest,TagSizeNotEqual)272 TEST(HmacParametersTest, TagSizeNotEqual) {
273 util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
274 /*key_size_in_bytes=*/32,
275 /*cryptographic_tag_size_in_bytes=*/10, HmacParameters::HashType::kSha256,
276 HmacParameters::Variant::kNoPrefix);
277 ASSERT_THAT(parameters, IsOk());
278
279 util::StatusOr<HmacParameters> other_parameters = HmacParameters::Create(
280 /*key_size_in_bytes=*/32,
281 /*cryptographic_tag_size_in_bytes=*/11, HmacParameters::HashType::kSha256,
282 HmacParameters::Variant::kNoPrefix);
283 ASSERT_THAT(other_parameters, IsOk());
284
285 EXPECT_TRUE(*parameters != *other_parameters);
286 EXPECT_FALSE(*parameters == *other_parameters);
287 }
288
TEST(HmacParametersTest,VariantNotEqual)289 TEST(HmacParametersTest, VariantNotEqual) {
290 util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
291 /*key_size_in_bytes=*/32,
292 /*cryptographic_tag_size_in_bytes=*/10, HmacParameters::HashType::kSha256,
293 HmacParameters::Variant::kNoPrefix);
294 ASSERT_THAT(parameters, IsOk());
295
296 util::StatusOr<HmacParameters> other_parameters = HmacParameters::Create(
297 /*key_size_in_bytes=*/32,
298 /*cryptographic_tag_size_in_bytes=*/10, HmacParameters::HashType::kSha256,
299 HmacParameters::Variant::kTink);
300 ASSERT_THAT(other_parameters, IsOk());
301
302 EXPECT_TRUE(*parameters != *other_parameters);
303 EXPECT_FALSE(*parameters == *other_parameters);
304 }
305
306 } // namespace
307 } // namespace tink
308 } // namespace crypto
309