1*e7b1675dSTing-Kang Chang// Copyright 2023 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage keyset_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "bytes" 21*e7b1675dSTing-Kang Chang "testing" 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang Chang "google.golang.org/protobuf/proto" 24*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead" 25*e7b1675dSTing-Kang Chang "github.com/google/tink/go/insecurecleartextkeyset" 26*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 27*e7b1675dSTing-Kang Chang "github.com/google/tink/go/mac" 28*e7b1675dSTing-Kang Chang "github.com/google/tink/go/signature" 29*e7b1675dSTing-Kang Chang "github.com/google/tink/go/testkeyset" 30*e7b1675dSTing-Kang Chang "github.com/google/tink/go/tink" 31*e7b1675dSTing-Kang Chang tinkpb "github.com/google/tink/go/proto/tink_go_proto" 32*e7b1675dSTing-Kang Chang) 33*e7b1675dSTing-Kang Chang 34*e7b1675dSTing-Kang Changfunc TestConvertProtoKeysetIntoHandleInTests(t *testing.T) { 35*e7b1675dSTing-Kang Chang h, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 36*e7b1675dSTing-Kang Chang if err != nil { 37*e7b1675dSTing-Kang Chang t.Fatal(err) 38*e7b1675dSTing-Kang Chang } 39*e7b1675dSTing-Kang Chang protoKeyset := testkeyset.KeysetMaterial(h) 40*e7b1675dSTing-Kang Chang 41*e7b1675dSTing-Kang Chang // In tests, this: 42*e7b1675dSTing-Kang Chang wantHandle, err := insecurecleartextkeyset.Read(&keyset.MemReaderWriter{Keyset: protoKeyset}) 43*e7b1675dSTing-Kang Chang if err != nil { 44*e7b1675dSTing-Kang Chang t.Fatal(err) 45*e7b1675dSTing-Kang Chang } 46*e7b1675dSTing-Kang Chang 47*e7b1675dSTing-Kang Chang // can be replaced by this: 48*e7b1675dSTing-Kang Chang gotHandle, err := testkeyset.NewHandle(protoKeyset) 49*e7b1675dSTing-Kang Chang if err != nil { 50*e7b1675dSTing-Kang Chang t.Fatal(err) 51*e7b1675dSTing-Kang Chang } 52*e7b1675dSTing-Kang Chang 53*e7b1675dSTing-Kang Chang if got, want := testkeyset.KeysetMaterial(gotHandle), testkeyset.KeysetMaterial(wantHandle); !proto.Equal(got, want) { 54*e7b1675dSTing-Kang Chang t.Errorf("gotHandle contains %s, want %s", got, want) 55*e7b1675dSTing-Kang Chang } 56*e7b1675dSTing-Kang Chang} 57*e7b1675dSTing-Kang Chang 58*e7b1675dSTing-Kang Changfunc TestConvertHandleKeysetIntoProtoKeysetInTests(t *testing.T) { 59*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 60*e7b1675dSTing-Kang Chang if err != nil { 61*e7b1675dSTing-Kang Chang t.Fatal(err) 62*e7b1675dSTing-Kang Chang } 63*e7b1675dSTing-Kang Chang 64*e7b1675dSTing-Kang Chang // In tests, this: 65*e7b1675dSTing-Kang Chang writer := &keyset.MemReaderWriter{} 66*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(handle, writer); err != nil { 67*e7b1675dSTing-Kang Chang t.Fatal(err) 68*e7b1675dSTing-Kang Chang } 69*e7b1675dSTing-Kang Chang wantKeyset := writer.Keyset 70*e7b1675dSTing-Kang Chang 71*e7b1675dSTing-Kang Chang // can be replaced by this: 72*e7b1675dSTing-Kang Chang gotKeyset := testkeyset.KeysetMaterial(handle) 73*e7b1675dSTing-Kang Chang 74*e7b1675dSTing-Kang Chang if !proto.Equal(gotKeyset, wantKeyset) { 75*e7b1675dSTing-Kang Chang t.Errorf("testkeyset.KeysetMaterial(handle) = %v, want %v", gotKeyset, wantKeyset) 76*e7b1675dSTing-Kang Chang } 77*e7b1675dSTing-Kang Chang} 78*e7b1675dSTing-Kang Chang 79*e7b1675dSTing-Kang Changfunc TestConvertProtoKeysetIntoHandle(t *testing.T) { 80*e7b1675dSTing-Kang Chang h, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 81*e7b1675dSTing-Kang Chang if err != nil { 82*e7b1675dSTing-Kang Chang t.Fatal(err) 83*e7b1675dSTing-Kang Chang } 84*e7b1675dSTing-Kang Chang protoKeyset := testkeyset.KeysetMaterial(h) 85*e7b1675dSTing-Kang Chang 86*e7b1675dSTing-Kang Chang // This: 87*e7b1675dSTing-Kang Chang wantHandle, err := insecurecleartextkeyset.Read(&keyset.MemReaderWriter{Keyset: protoKeyset}) 88*e7b1675dSTing-Kang Chang if err != nil { 89*e7b1675dSTing-Kang Chang t.Fatal(err) 90*e7b1675dSTing-Kang Chang } 91*e7b1675dSTing-Kang Chang 92*e7b1675dSTing-Kang Chang // can be replaced by this: 93*e7b1675dSTing-Kang Chang serializedKeyset, err := proto.Marshal(protoKeyset) 94*e7b1675dSTing-Kang Chang if err != nil { 95*e7b1675dSTing-Kang Chang t.Fatal(err) 96*e7b1675dSTing-Kang Chang } 97*e7b1675dSTing-Kang Chang gotHandle, err := insecurecleartextkeyset.Read( 98*e7b1675dSTing-Kang Chang keyset.NewBinaryReader(bytes.NewBuffer(serializedKeyset))) 99*e7b1675dSTing-Kang Chang if err != nil { 100*e7b1675dSTing-Kang Chang t.Fatal(err) 101*e7b1675dSTing-Kang Chang } 102*e7b1675dSTing-Kang Chang 103*e7b1675dSTing-Kang Chang if got, want := testkeyset.KeysetMaterial(gotHandle), testkeyset.KeysetMaterial(wantHandle); !proto.Equal(got, want) { 104*e7b1675dSTing-Kang Chang t.Errorf("gotHandle contains %s, want %s", got, want) 105*e7b1675dSTing-Kang Chang } 106*e7b1675dSTing-Kang Chang} 107*e7b1675dSTing-Kang Chang 108*e7b1675dSTing-Kang Changfunc TestConvertHandleKeysetIntoProtoKeyset(t *testing.T) { 109*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 110*e7b1675dSTing-Kang Chang if err != nil { 111*e7b1675dSTing-Kang Chang t.Fatal(err) 112*e7b1675dSTing-Kang Chang } 113*e7b1675dSTing-Kang Chang 114*e7b1675dSTing-Kang Chang // This: 115*e7b1675dSTing-Kang Chang writer := &keyset.MemReaderWriter{} 116*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(handle, writer); err != nil { 117*e7b1675dSTing-Kang Chang t.Fatal(err) 118*e7b1675dSTing-Kang Chang } 119*e7b1675dSTing-Kang Chang wantKeyset := writer.Keyset 120*e7b1675dSTing-Kang Chang 121*e7b1675dSTing-Kang Chang // can be replaced by this: 122*e7b1675dSTing-Kang Chang gotKeyset := insecurecleartextkeyset.KeysetMaterial(handle) 123*e7b1675dSTing-Kang Chang 124*e7b1675dSTing-Kang Chang if !proto.Equal(gotKeyset, wantKeyset) { 125*e7b1675dSTing-Kang Chang t.Errorf("insecurecleartextkeyset.KeysetMaterial(handle) = %v, want %v", gotKeyset, wantKeyset) 126*e7b1675dSTing-Kang Chang } 127*e7b1675dSTing-Kang Chang} 128*e7b1675dSTing-Kang Chang 129*e7b1675dSTing-Kang Changfunc TestConvertHandleKeysetIntoSerializedKeyset(t *testing.T) { 130*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 131*e7b1675dSTing-Kang Chang if err != nil { 132*e7b1675dSTing-Kang Chang t.Fatal(err) 133*e7b1675dSTing-Kang Chang } 134*e7b1675dSTing-Kang Chang 135*e7b1675dSTing-Kang Chang // This: 136*e7b1675dSTing-Kang Chang writer := &keyset.MemReaderWriter{} 137*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(handle, writer); err != nil { 138*e7b1675dSTing-Kang Chang t.Fatal(err) 139*e7b1675dSTing-Kang Chang } 140*e7b1675dSTing-Kang Chang wantSerializedKeyset, err := proto.Marshal(writer.Keyset) 141*e7b1675dSTing-Kang Chang if err != nil { 142*e7b1675dSTing-Kang Chang t.Fatal(err) 143*e7b1675dSTing-Kang Chang } 144*e7b1675dSTing-Kang Chang 145*e7b1675dSTing-Kang Chang // can be replaced by this: 146*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 147*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)); err != nil { 148*e7b1675dSTing-Kang Chang t.Fatal(err) 149*e7b1675dSTing-Kang Chang } 150*e7b1675dSTing-Kang Chang gotSerializedKeyset := buff.Bytes() 151*e7b1675dSTing-Kang Chang 152*e7b1675dSTing-Kang Chang // Since serialization may not be deterministic, we parse the keyset and compare the protos. 153*e7b1675dSTing-Kang Chang wantKeyset := new(tinkpb.Keyset) 154*e7b1675dSTing-Kang Chang err = proto.Unmarshal(wantSerializedKeyset, wantKeyset) 155*e7b1675dSTing-Kang Chang if err != nil { 156*e7b1675dSTing-Kang Chang t.Fatal(err) 157*e7b1675dSTing-Kang Chang } 158*e7b1675dSTing-Kang Chang gotKeyset := new(tinkpb.Keyset) 159*e7b1675dSTing-Kang Chang err = proto.Unmarshal(gotSerializedKeyset, gotKeyset) 160*e7b1675dSTing-Kang Chang if err != nil { 161*e7b1675dSTing-Kang Chang t.Fatal(err) 162*e7b1675dSTing-Kang Chang } 163*e7b1675dSTing-Kang Chang if !proto.Equal(gotKeyset, wantKeyset) { 164*e7b1675dSTing-Kang Chang t.Errorf("gotKeyset = %v, want %v", gotKeyset, wantKeyset) 165*e7b1675dSTing-Kang Chang } 166*e7b1675dSTing-Kang Chang} 167*e7b1675dSTing-Kang Chang 168*e7b1675dSTing-Kang Changfunc TestConvertPublicKeyProtoKeysetIntoHandle(t *testing.T) { 169*e7b1675dSTing-Kang Chang privateHandle, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) 170*e7b1675dSTing-Kang Chang if err != nil { 171*e7b1675dSTing-Kang Chang t.Fatal(err) 172*e7b1675dSTing-Kang Chang } 173*e7b1675dSTing-Kang Chang publicHandle, err := privateHandle.Public() 174*e7b1675dSTing-Kang Chang if err != nil { 175*e7b1675dSTing-Kang Chang t.Fatal(err) 176*e7b1675dSTing-Kang Chang } 177*e7b1675dSTing-Kang Chang protoPublicKeyset := testkeyset.KeysetMaterial(publicHandle) 178*e7b1675dSTing-Kang Chang 179*e7b1675dSTing-Kang Chang // This: 180*e7b1675dSTing-Kang Chang wantHandle, err := keyset.ReadWithNoSecrets(&keyset.MemReaderWriter{Keyset: protoPublicKeyset}) 181*e7b1675dSTing-Kang Chang if err != nil { 182*e7b1675dSTing-Kang Chang t.Fatal(err) 183*e7b1675dSTing-Kang Chang } 184*e7b1675dSTing-Kang Chang 185*e7b1675dSTing-Kang Chang // can be replaced by this: 186*e7b1675dSTing-Kang Chang serializedKeyset, err := proto.Marshal(protoPublicKeyset) 187*e7b1675dSTing-Kang Chang if err != nil { 188*e7b1675dSTing-Kang Chang t.Fatal(err) 189*e7b1675dSTing-Kang Chang } 190*e7b1675dSTing-Kang Chang gotHandle, err := keyset.ReadWithNoSecrets( 191*e7b1675dSTing-Kang Chang keyset.NewBinaryReader(bytes.NewBuffer(serializedKeyset))) 192*e7b1675dSTing-Kang Chang if err != nil { 193*e7b1675dSTing-Kang Chang t.Fatal(err) 194*e7b1675dSTing-Kang Chang } 195*e7b1675dSTing-Kang Chang 196*e7b1675dSTing-Kang Chang if got, want := testkeyset.KeysetMaterial(gotHandle), testkeyset.KeysetMaterial(wantHandle); !proto.Equal(got, want) { 197*e7b1675dSTing-Kang Chang t.Errorf("gotHandle contains %s, want %s", got, want) 198*e7b1675dSTing-Kang Chang } 199*e7b1675dSTing-Kang Chang} 200*e7b1675dSTing-Kang Chang 201*e7b1675dSTing-Kang Changfunc TestConvertPublicKeysetHandleIntoProtoKeyset(t *testing.T) { 202*e7b1675dSTing-Kang Chang privateHandle, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) 203*e7b1675dSTing-Kang Chang if err != nil { 204*e7b1675dSTing-Kang Chang t.Fatal(err) 205*e7b1675dSTing-Kang Chang } 206*e7b1675dSTing-Kang Chang publicHandle, err := privateHandle.Public() 207*e7b1675dSTing-Kang Chang if err != nil { 208*e7b1675dSTing-Kang Chang t.Fatal(err) 209*e7b1675dSTing-Kang Chang } 210*e7b1675dSTing-Kang Chang 211*e7b1675dSTing-Kang Chang // This: 212*e7b1675dSTing-Kang Chang writer := &keyset.MemReaderWriter{} 213*e7b1675dSTing-Kang Chang if err := publicHandle.WriteWithNoSecrets(writer); err != nil { 214*e7b1675dSTing-Kang Chang t.Fatal(err) 215*e7b1675dSTing-Kang Chang } 216*e7b1675dSTing-Kang Chang wantKeyset := writer.Keyset 217*e7b1675dSTing-Kang Chang 218*e7b1675dSTing-Kang Chang // can be replaced by this: 219*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 220*e7b1675dSTing-Kang Chang if err := publicHandle.WriteWithNoSecrets(keyset.NewBinaryWriter(buff)); err != nil { 221*e7b1675dSTing-Kang Chang t.Fatal(err) 222*e7b1675dSTing-Kang Chang } 223*e7b1675dSTing-Kang Chang serializedKeyset := buff.Bytes() 224*e7b1675dSTing-Kang Chang gotKeyset := new(tinkpb.Keyset) 225*e7b1675dSTing-Kang Chang err = proto.Unmarshal(serializedKeyset, gotKeyset) 226*e7b1675dSTing-Kang Chang if err != nil { 227*e7b1675dSTing-Kang Chang t.Fatal(err) 228*e7b1675dSTing-Kang Chang } 229*e7b1675dSTing-Kang Chang 230*e7b1675dSTing-Kang Chang if !proto.Equal(gotKeyset, wantKeyset) { 231*e7b1675dSTing-Kang Chang t.Errorf("gotKeyset = %v, want %v", gotKeyset, wantKeyset) 232*e7b1675dSTing-Kang Chang } 233*e7b1675dSTing-Kang Chang} 234*e7b1675dSTing-Kang Chang 235*e7b1675dSTing-Kang Changfunc decryptKeyset(encrypted *tinkpb.EncryptedKeyset, keysetEncryptionAEAD tink.AEAD) (*tinkpb.Keyset, error) { 236*e7b1675dSTing-Kang Chang decrypted, err := keysetEncryptionAEAD.Decrypt(encrypted.GetEncryptedKeyset(), nil) 237*e7b1675dSTing-Kang Chang if err != nil { 238*e7b1675dSTing-Kang Chang return nil, err 239*e7b1675dSTing-Kang Chang } 240*e7b1675dSTing-Kang Chang k := new(tinkpb.Keyset) 241*e7b1675dSTing-Kang Chang err = proto.Unmarshal(decrypted, k) 242*e7b1675dSTing-Kang Chang if err != nil { 243*e7b1675dSTing-Kang Chang return nil, err 244*e7b1675dSTing-Kang Chang } 245*e7b1675dSTing-Kang Chang return k, err 246*e7b1675dSTing-Kang Chang} 247*e7b1675dSTing-Kang Chang 248*e7b1675dSTing-Kang Changfunc TestConvertHandleKeysetIntoProtoEncryptedKeyset(t *testing.T) { 249*e7b1675dSTing-Kang Chang kekHandle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate()) 250*e7b1675dSTing-Kang Chang if err != nil { 251*e7b1675dSTing-Kang Chang t.Fatal(err) 252*e7b1675dSTing-Kang Chang } 253*e7b1675dSTing-Kang Chang keysetEncryptionAEAD, err := aead.New(kekHandle) 254*e7b1675dSTing-Kang Chang if err != nil { 255*e7b1675dSTing-Kang Chang t.Fatal(err) 256*e7b1675dSTing-Kang Chang } 257*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 258*e7b1675dSTing-Kang Chang if err != nil { 259*e7b1675dSTing-Kang Chang t.Fatal(err) 260*e7b1675dSTing-Kang Chang } 261*e7b1675dSTing-Kang Chang 262*e7b1675dSTing-Kang Chang // This: 263*e7b1675dSTing-Kang Chang memWriter := &keyset.MemReaderWriter{} 264*e7b1675dSTing-Kang Chang if err := handle.Write(memWriter, keysetEncryptionAEAD); err != nil { 265*e7b1675dSTing-Kang Chang t.Fatal(err) 266*e7b1675dSTing-Kang Chang } 267*e7b1675dSTing-Kang Chang wantEncryptedKeyset := memWriter.EncryptedKeyset 268*e7b1675dSTing-Kang Chang 269*e7b1675dSTing-Kang Chang // can be replaced by this: 270*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 271*e7b1675dSTing-Kang Chang if err := handle.Write(keyset.NewBinaryWriter(buff), keysetEncryptionAEAD); err != nil { 272*e7b1675dSTing-Kang Chang t.Fatal(err) 273*e7b1675dSTing-Kang Chang } 274*e7b1675dSTing-Kang Chang serializedKeyset := buff.Bytes() 275*e7b1675dSTing-Kang Chang gotEncryptedKeyset := new(tinkpb.EncryptedKeyset) 276*e7b1675dSTing-Kang Chang err = proto.Unmarshal(serializedKeyset, gotEncryptedKeyset) 277*e7b1675dSTing-Kang Chang if err != nil { 278*e7b1675dSTing-Kang Chang t.Fatal(err) 279*e7b1675dSTing-Kang Chang } 280*e7b1675dSTing-Kang Chang 281*e7b1675dSTing-Kang Chang wantKeyset, err := decryptKeyset(wantEncryptedKeyset, keysetEncryptionAEAD) 282*e7b1675dSTing-Kang Chang if err != nil { 283*e7b1675dSTing-Kang Chang t.Fatal(err) 284*e7b1675dSTing-Kang Chang } 285*e7b1675dSTing-Kang Chang gotKeyset, err := decryptKeyset(gotEncryptedKeyset, keysetEncryptionAEAD) 286*e7b1675dSTing-Kang Chang if err != nil { 287*e7b1675dSTing-Kang Chang t.Fatal(err) 288*e7b1675dSTing-Kang Chang } 289*e7b1675dSTing-Kang Chang if !proto.Equal(gotKeyset, wantKeyset) { 290*e7b1675dSTing-Kang Chang t.Errorf("gotKeyset = %v, want %v", gotKeyset, wantKeyset) 291*e7b1675dSTing-Kang Chang } 292*e7b1675dSTing-Kang Chang} 293*e7b1675dSTing-Kang Chang 294*e7b1675dSTing-Kang Changfunc TestConvertProtoEncryptedKeysetIntoHandle(t *testing.T) { 295*e7b1675dSTing-Kang Chang kekHandle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate()) 296*e7b1675dSTing-Kang Chang if err != nil { 297*e7b1675dSTing-Kang Chang t.Fatal(err) 298*e7b1675dSTing-Kang Chang } 299*e7b1675dSTing-Kang Chang keysetEncryptionAEAD, err := aead.New(kekHandle) 300*e7b1675dSTing-Kang Chang if err != nil { 301*e7b1675dSTing-Kang Chang t.Fatal(err) 302*e7b1675dSTing-Kang Chang } 303*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 304*e7b1675dSTing-Kang Chang if err != nil { 305*e7b1675dSTing-Kang Chang t.Fatal(err) 306*e7b1675dSTing-Kang Chang } 307*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 308*e7b1675dSTing-Kang Chang if err := handle.Write(keyset.NewBinaryWriter(buff), keysetEncryptionAEAD); err != nil { 309*e7b1675dSTing-Kang Chang t.Fatal(err) 310*e7b1675dSTing-Kang Chang } 311*e7b1675dSTing-Kang Chang encryptedKeyset := new(tinkpb.EncryptedKeyset) 312*e7b1675dSTing-Kang Chang err = proto.Unmarshal(buff.Bytes(), encryptedKeyset) 313*e7b1675dSTing-Kang Chang if err != nil { 314*e7b1675dSTing-Kang Chang t.Fatal(err) 315*e7b1675dSTing-Kang Chang } 316*e7b1675dSTing-Kang Chang 317*e7b1675dSTing-Kang Chang // This: 318*e7b1675dSTing-Kang Chang memReader := &keyset.MemReaderWriter{ 319*e7b1675dSTing-Kang Chang EncryptedKeyset: encryptedKeyset, 320*e7b1675dSTing-Kang Chang } 321*e7b1675dSTing-Kang Chang wantHandle, err := keyset.Read(memReader, keysetEncryptionAEAD) 322*e7b1675dSTing-Kang Chang if err != nil { 323*e7b1675dSTing-Kang Chang t.Fatal(err) 324*e7b1675dSTing-Kang Chang } 325*e7b1675dSTing-Kang Chang 326*e7b1675dSTing-Kang Chang // can be replaced by this: 327*e7b1675dSTing-Kang Chang serializedKeyset, err := proto.Marshal(encryptedKeyset) 328*e7b1675dSTing-Kang Chang if err != nil { 329*e7b1675dSTing-Kang Chang t.Fatal(err) 330*e7b1675dSTing-Kang Chang } 331*e7b1675dSTing-Kang Chang gotHandle, err := keyset.Read( 332*e7b1675dSTing-Kang Chang keyset.NewBinaryReader(bytes.NewBuffer(serializedKeyset)), 333*e7b1675dSTing-Kang Chang keysetEncryptionAEAD) 334*e7b1675dSTing-Kang Chang if err != nil { 335*e7b1675dSTing-Kang Chang t.Fatal(err) 336*e7b1675dSTing-Kang Chang } 337*e7b1675dSTing-Kang Chang 338*e7b1675dSTing-Kang Chang if got, want := testkeyset.KeysetMaterial(gotHandle), testkeyset.KeysetMaterial(wantHandle); !proto.Equal(got, want) { 339*e7b1675dSTing-Kang Chang t.Errorf("gotHandle contains %s, want %s", got, want) 340*e7b1675dSTing-Kang Chang } 341*e7b1675dSTing-Kang Chang} 342