1*e7b1675dSTing-Kang Chang// Copyright 2020 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang/////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage services_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "bytes" 21*e7b1675dSTing-Kang Chang "context" 22*e7b1675dSTing-Kang Chang "errors" 23*e7b1675dSTing-Kang Chang "fmt" 24*e7b1675dSTing-Kang Chang "strings" 25*e7b1675dSTing-Kang Chang "testing" 26*e7b1675dSTing-Kang Chang 27*e7b1675dSTing-Kang Chang "google.golang.org/protobuf/proto" 28*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead" 29*e7b1675dSTing-Kang Chang "github.com/google/tink/go/daead" 30*e7b1675dSTing-Kang Chang "github.com/google/tink/go/hybrid" 31*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 32*e7b1675dSTing-Kang Chang "github.com/google/tink/go/mac" 33*e7b1675dSTing-Kang Chang "github.com/google/tink/go/prf" 34*e7b1675dSTing-Kang Chang "github.com/google/tink/go/signature" 35*e7b1675dSTing-Kang Chang "github.com/google/tink/go/streamingaead" 36*e7b1675dSTing-Kang Chang "github.com/google/tink/testing/go/services" 37*e7b1675dSTing-Kang Chang pb "github.com/google/tink/testing/go/protos/testing_api_go_grpc" 38*e7b1675dSTing-Kang Chang) 39*e7b1675dSTing-Kang Chang 40*e7b1675dSTing-Kang Changfunc genKeyset(ctx context.Context, keysetService *services.KeysetService, template []byte) ([]byte, error) { 41*e7b1675dSTing-Kang Chang genRequest := &pb.KeysetGenerateRequest{Template: template} 42*e7b1675dSTing-Kang Chang genResponse, err := keysetService.Generate(ctx, genRequest) 43*e7b1675dSTing-Kang Chang if err != nil { 44*e7b1675dSTing-Kang Chang return nil, err 45*e7b1675dSTing-Kang Chang } 46*e7b1675dSTing-Kang Chang switch r := genResponse.Result.(type) { 47*e7b1675dSTing-Kang Chang case *pb.KeysetGenerateResponse_Keyset: 48*e7b1675dSTing-Kang Chang return r.Keyset, nil 49*e7b1675dSTing-Kang Chang case *pb.KeysetGenerateResponse_Err: 50*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 51*e7b1675dSTing-Kang Chang default: 52*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("genResponse.Result has unexpected type %T", r) 53*e7b1675dSTing-Kang Chang } 54*e7b1675dSTing-Kang Chang} 55*e7b1675dSTing-Kang Chang 56*e7b1675dSTing-Kang Changfunc pubKeyset(ctx context.Context, keysetService *services.KeysetService, privateKeyset []byte) ([]byte, error) { 57*e7b1675dSTing-Kang Chang request := &pb.KeysetPublicRequest{PrivateKeyset: privateKeyset} 58*e7b1675dSTing-Kang Chang response, err := keysetService.Public(ctx, request) 59*e7b1675dSTing-Kang Chang if err != nil { 60*e7b1675dSTing-Kang Chang return nil, err 61*e7b1675dSTing-Kang Chang } 62*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 63*e7b1675dSTing-Kang Chang case *pb.KeysetPublicResponse_PublicKeyset: 64*e7b1675dSTing-Kang Chang return r.PublicKeyset, nil 65*e7b1675dSTing-Kang Chang case *pb.KeysetPublicResponse_Err: 66*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 67*e7b1675dSTing-Kang Chang default: 68*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("response.Result has unexpected type %T", r) 69*e7b1675dSTing-Kang Chang } 70*e7b1675dSTing-Kang Chang} 71*e7b1675dSTing-Kang Chang 72*e7b1675dSTing-Kang Changfunc keysetFromJSON(ctx context.Context, keysetService *services.KeysetService, jsonKeyset string) ([]byte, error) { 73*e7b1675dSTing-Kang Chang request := &pb.KeysetFromJsonRequest{JsonKeyset: jsonKeyset} 74*e7b1675dSTing-Kang Chang response, err := keysetService.FromJson(ctx, request) 75*e7b1675dSTing-Kang Chang if err != nil { 76*e7b1675dSTing-Kang Chang return nil, err 77*e7b1675dSTing-Kang Chang } 78*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 79*e7b1675dSTing-Kang Chang case *pb.KeysetFromJsonResponse_Keyset: 80*e7b1675dSTing-Kang Chang return r.Keyset, nil 81*e7b1675dSTing-Kang Chang case *pb.KeysetFromJsonResponse_Err: 82*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 83*e7b1675dSTing-Kang Chang default: 84*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("response.Result has unexpected type %T", r) 85*e7b1675dSTing-Kang Chang } 86*e7b1675dSTing-Kang Chang} 87*e7b1675dSTing-Kang Chang 88*e7b1675dSTing-Kang Changfunc keysetToJSON(ctx context.Context, keysetService *services.KeysetService, keyset []byte) (string, error) { 89*e7b1675dSTing-Kang Chang request := &pb.KeysetToJsonRequest{Keyset: keyset} 90*e7b1675dSTing-Kang Chang response, err := keysetService.ToJson(ctx, request) 91*e7b1675dSTing-Kang Chang if err != nil { 92*e7b1675dSTing-Kang Chang return "", err 93*e7b1675dSTing-Kang Chang } 94*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 95*e7b1675dSTing-Kang Chang case *pb.KeysetToJsonResponse_JsonKeyset: 96*e7b1675dSTing-Kang Chang return r.JsonKeyset, nil 97*e7b1675dSTing-Kang Chang case *pb.KeysetToJsonResponse_Err: 98*e7b1675dSTing-Kang Chang return "", errors.New(r.Err) 99*e7b1675dSTing-Kang Chang default: 100*e7b1675dSTing-Kang Chang return "", fmt.Errorf("response.Result has unexpected type %T", r) 101*e7b1675dSTing-Kang Chang } 102*e7b1675dSTing-Kang Chang} 103*e7b1675dSTing-Kang Chang 104*e7b1675dSTing-Kang Changfunc TestFromJSON(t *testing.T) { 105*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 106*e7b1675dSTing-Kang Chang ctx := context.Background() 107*e7b1675dSTing-Kang Chang jsonKeyset := ` 108*e7b1675dSTing-Kang Chang { 109*e7b1675dSTing-Kang Chang "primaryKeyId": 42, 110*e7b1675dSTing-Kang Chang "key": [ 111*e7b1675dSTing-Kang Chang { 112*e7b1675dSTing-Kang Chang "keyData": { 113*e7b1675dSTing-Kang Chang "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey", 114*e7b1675dSTing-Kang Chang "keyMaterialType": "SYMMETRIC", 115*e7b1675dSTing-Kang Chang "value": "GhCS/1+ejWpx68NfGt6ziYHd" 116*e7b1675dSTing-Kang Chang }, 117*e7b1675dSTing-Kang Chang "outputPrefixType": "TINK", 118*e7b1675dSTing-Kang Chang "keyId": 42, 119*e7b1675dSTing-Kang Chang "status": "ENABLED" 120*e7b1675dSTing-Kang Chang } 121*e7b1675dSTing-Kang Chang ] 122*e7b1675dSTing-Kang Chang }` 123*e7b1675dSTing-Kang Chang keysetData, err := keysetFromJSON(ctx, keysetService, jsonKeyset) 124*e7b1675dSTing-Kang Chang if err != nil { 125*e7b1675dSTing-Kang Chang t.Fatalf("keysetFromJSON failed: %v", err) 126*e7b1675dSTing-Kang Chang } 127*e7b1675dSTing-Kang Chang reader := keyset.NewBinaryReader(bytes.NewReader(keysetData)) 128*e7b1675dSTing-Kang Chang keyset, err := reader.Read() 129*e7b1675dSTing-Kang Chang if err != nil { 130*e7b1675dSTing-Kang Chang t.Fatalf("reader.Read() failed: %v", err) 131*e7b1675dSTing-Kang Chang } 132*e7b1675dSTing-Kang Chang if keyset.GetPrimaryKeyId() != 42 { 133*e7b1675dSTing-Kang Chang t.Fatalf("Got keyset.GetPrimaryKeyId() == %d, want 42", keyset.GetPrimaryKeyId()) 134*e7b1675dSTing-Kang Chang } 135*e7b1675dSTing-Kang Chang} 136*e7b1675dSTing-Kang Chang 137*e7b1675dSTing-Kang Changfunc TestGenerateToFromJSON(t *testing.T) { 138*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 139*e7b1675dSTing-Kang Chang ctx := context.Background() 140*e7b1675dSTing-Kang Chang 141*e7b1675dSTing-Kang Chang template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 142*e7b1675dSTing-Kang Chang if err != nil { 143*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 144*e7b1675dSTing-Kang Chang } 145*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 146*e7b1675dSTing-Kang Chang if err != nil { 147*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 148*e7b1675dSTing-Kang Chang } 149*e7b1675dSTing-Kang Chang jsonKeyset, err := keysetToJSON(ctx, keysetService, keyset) 150*e7b1675dSTing-Kang Chang if err != nil { 151*e7b1675dSTing-Kang Chang t.Fatalf("keysetToJSON failed: %v", err) 152*e7b1675dSTing-Kang Chang } 153*e7b1675dSTing-Kang Chang output, err := keysetFromJSON(ctx, keysetService, jsonKeyset) 154*e7b1675dSTing-Kang Chang if err != nil { 155*e7b1675dSTing-Kang Chang t.Fatalf("keysetFromJSON failed: %v", err) 156*e7b1675dSTing-Kang Chang } 157*e7b1675dSTing-Kang Chang if bytes.Compare(output, keyset) != 0 { 158*e7b1675dSTing-Kang Chang t.Fatalf("output is %v, want %v", output, keyset) 159*e7b1675dSTing-Kang Chang } 160*e7b1675dSTing-Kang Chang} 161*e7b1675dSTing-Kang Chang 162*e7b1675dSTing-Kang Changfunc TestKeysetFromJSONFail(t *testing.T) { 163*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 164*e7b1675dSTing-Kang Chang ctx := context.Background() 165*e7b1675dSTing-Kang Chang if _, err := keysetFromJSON(ctx, keysetService, "bad JSON"); err == nil { 166*e7b1675dSTing-Kang Chang t.Fatalf("keysetFromJSON from bad JSON succeeded unexpectedly.") 167*e7b1675dSTing-Kang Chang } 168*e7b1675dSTing-Kang Chang} 169*e7b1675dSTing-Kang Chang 170*e7b1675dSTing-Kang Changfunc TestKeysetToJSONFail(t *testing.T) { 171*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 172*e7b1675dSTing-Kang Chang ctx := context.Background() 173*e7b1675dSTing-Kang Chang if _, err := keysetToJSON(ctx, keysetService, []byte("badKeyset")); err == nil { 174*e7b1675dSTing-Kang Chang t.Fatalf("keysetToJSON with bad keyset succeeded unexpectedly.") 175*e7b1675dSTing-Kang Chang } 176*e7b1675dSTing-Kang Chang} 177*e7b1675dSTing-Kang Chang 178*e7b1675dSTing-Kang Changfunc keysetWriteEncrypted(ctx context.Context, keysetService *services.KeysetService, keyset []byte, masterKeyset []byte, associatedData []byte) ([]byte, error) { 179*e7b1675dSTing-Kang Chang var request *pb.KeysetWriteEncryptedRequest 180*e7b1675dSTing-Kang Chang if associatedData != nil { 181*e7b1675dSTing-Kang Chang request = &pb.KeysetWriteEncryptedRequest{ 182*e7b1675dSTing-Kang Chang Keyset: keyset, 183*e7b1675dSTing-Kang Chang MasterKeyset: masterKeyset, 184*e7b1675dSTing-Kang Chang AssociatedData: &pb.BytesValue{Value: associatedData}, 185*e7b1675dSTing-Kang Chang KeysetWriterType: pb.KeysetWriterType_KEYSET_WRITER_BINARY, 186*e7b1675dSTing-Kang Chang } 187*e7b1675dSTing-Kang Chang } else { 188*e7b1675dSTing-Kang Chang request = &pb.KeysetWriteEncryptedRequest{ 189*e7b1675dSTing-Kang Chang Keyset: keyset, 190*e7b1675dSTing-Kang Chang MasterKeyset: masterKeyset, 191*e7b1675dSTing-Kang Chang KeysetWriterType: pb.KeysetWriterType_KEYSET_WRITER_BINARY, 192*e7b1675dSTing-Kang Chang } 193*e7b1675dSTing-Kang Chang } 194*e7b1675dSTing-Kang Chang response, err := keysetService.WriteEncrypted(ctx, request) 195*e7b1675dSTing-Kang Chang if err != nil { 196*e7b1675dSTing-Kang Chang return nil, err 197*e7b1675dSTing-Kang Chang } 198*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 199*e7b1675dSTing-Kang Chang case *pb.KeysetWriteEncryptedResponse_EncryptedKeyset: 200*e7b1675dSTing-Kang Chang return r.EncryptedKeyset, nil 201*e7b1675dSTing-Kang Chang case *pb.KeysetWriteEncryptedResponse_Err: 202*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 203*e7b1675dSTing-Kang Chang default: 204*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("response.Result has unexpected type %T", r) 205*e7b1675dSTing-Kang Chang } 206*e7b1675dSTing-Kang Chang} 207*e7b1675dSTing-Kang Chang 208*e7b1675dSTing-Kang Changfunc keysetReadEncrypted(ctx context.Context, keysetService *services.KeysetService, encryptedKeyset []byte, masterKeyset []byte, associatedData []byte) ([]byte, error) { 209*e7b1675dSTing-Kang Chang var request *pb.KeysetReadEncryptedRequest 210*e7b1675dSTing-Kang Chang if associatedData != nil { 211*e7b1675dSTing-Kang Chang request = &pb.KeysetReadEncryptedRequest{ 212*e7b1675dSTing-Kang Chang EncryptedKeyset: encryptedKeyset, 213*e7b1675dSTing-Kang Chang MasterKeyset: masterKeyset, 214*e7b1675dSTing-Kang Chang AssociatedData: &pb.BytesValue{Value: associatedData}, 215*e7b1675dSTing-Kang Chang KeysetReaderType: pb.KeysetReaderType_KEYSET_READER_BINARY, 216*e7b1675dSTing-Kang Chang } 217*e7b1675dSTing-Kang Chang } else { 218*e7b1675dSTing-Kang Chang request = &pb.KeysetReadEncryptedRequest{ 219*e7b1675dSTing-Kang Chang EncryptedKeyset: encryptedKeyset, 220*e7b1675dSTing-Kang Chang MasterKeyset: masterKeyset, 221*e7b1675dSTing-Kang Chang KeysetReaderType: pb.KeysetReaderType_KEYSET_READER_BINARY, 222*e7b1675dSTing-Kang Chang } 223*e7b1675dSTing-Kang Chang } 224*e7b1675dSTing-Kang Chang response, err := keysetService.ReadEncrypted(ctx, request) 225*e7b1675dSTing-Kang Chang if err != nil { 226*e7b1675dSTing-Kang Chang return nil, err 227*e7b1675dSTing-Kang Chang } 228*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 229*e7b1675dSTing-Kang Chang case *pb.KeysetReadEncryptedResponse_Keyset: 230*e7b1675dSTing-Kang Chang return r.Keyset, nil 231*e7b1675dSTing-Kang Chang case *pb.KeysetReadEncryptedResponse_Err: 232*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 233*e7b1675dSTing-Kang Chang default: 234*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("response.Result has unexpected type %T", r) 235*e7b1675dSTing-Kang Chang } 236*e7b1675dSTing-Kang Chang} 237*e7b1675dSTing-Kang Chang 238*e7b1675dSTing-Kang Changfunc TestKeysetWriteReadEncrypted(t *testing.T) { 239*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 240*e7b1675dSTing-Kang Chang ctx := context.Background() 241*e7b1675dSTing-Kang Chang 242*e7b1675dSTing-Kang Chang template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 243*e7b1675dSTing-Kang Chang if err != nil { 244*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 245*e7b1675dSTing-Kang Chang } 246*e7b1675dSTing-Kang Chang 247*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 248*e7b1675dSTing-Kang Chang if err != nil { 249*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 250*e7b1675dSTing-Kang Chang } 251*e7b1675dSTing-Kang Chang masterKeyset, err := genKeyset(ctx, keysetService, template) 252*e7b1675dSTing-Kang Chang if err != nil { 253*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 254*e7b1675dSTing-Kang Chang } 255*e7b1675dSTing-Kang Chang 256*e7b1675dSTing-Kang Chang encryptedKeyset, err := keysetWriteEncrypted(ctx, keysetService, keyset, masterKeyset, nil) 257*e7b1675dSTing-Kang Chang if err != nil { 258*e7b1675dSTing-Kang Chang t.Fatalf("keysetWriteEncrypted failed: %v", err) 259*e7b1675dSTing-Kang Chang } 260*e7b1675dSTing-Kang Chang 261*e7b1675dSTing-Kang Chang readKeyset, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, masterKeyset, nil) 262*e7b1675dSTing-Kang Chang if err != nil { 263*e7b1675dSTing-Kang Chang t.Fatalf("keysetReadEncrypted failed: %v", err) 264*e7b1675dSTing-Kang Chang } 265*e7b1675dSTing-Kang Chang if bytes.Compare(readKeyset, keyset) != 0 { 266*e7b1675dSTing-Kang Chang t.Fatalf("readKeyset is %v, want %v", readKeyset, keyset) 267*e7b1675dSTing-Kang Chang } 268*e7b1675dSTing-Kang Chang 269*e7b1675dSTing-Kang Chang if _, err := keysetWriteEncrypted(ctx, keysetService, []byte("badKeyset"), masterKeyset, nil); err == nil { 270*e7b1675dSTing-Kang Chang t.Fatalf("keysetWriteEncrypted with bad keyset succeeded unexpectedly.") 271*e7b1675dSTing-Kang Chang } 272*e7b1675dSTing-Kang Chang if _, err := keysetWriteEncrypted(ctx, keysetService, keyset, []byte("badMasterKeyset"), nil); err == nil { 273*e7b1675dSTing-Kang Chang t.Fatalf("keysetWriteEncrypted with bad masterKeyset succeeded unexpectedly.") 274*e7b1675dSTing-Kang Chang } 275*e7b1675dSTing-Kang Chang if _, err := keysetReadEncrypted(ctx, keysetService, []byte("badEncryptedKeyset"), masterKeyset, nil); err == nil { 276*e7b1675dSTing-Kang Chang t.Fatalf("keysetReadEncrypted with bad encryptedKeyset succeeded unexpectedly.") 277*e7b1675dSTing-Kang Chang } 278*e7b1675dSTing-Kang Chang if _, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, []byte("badMasterKeyset"), nil); err == nil { 279*e7b1675dSTing-Kang Chang t.Fatalf("keysetService with bad masterKeyset succeeded unexpectedly.") 280*e7b1675dSTing-Kang Chang } 281*e7b1675dSTing-Kang Chang} 282*e7b1675dSTing-Kang Chang 283*e7b1675dSTing-Kang Changfunc TestKeysetWriteReadEncryptedWithAssociatedData(t *testing.T) { 284*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 285*e7b1675dSTing-Kang Chang ctx := context.Background() 286*e7b1675dSTing-Kang Chang 287*e7b1675dSTing-Kang Chang template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 288*e7b1675dSTing-Kang Chang if err != nil { 289*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 290*e7b1675dSTing-Kang Chang } 291*e7b1675dSTing-Kang Chang 292*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 293*e7b1675dSTing-Kang Chang if err != nil { 294*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 295*e7b1675dSTing-Kang Chang } 296*e7b1675dSTing-Kang Chang masterKeyset, err := genKeyset(ctx, keysetService, template) 297*e7b1675dSTing-Kang Chang if err != nil { 298*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 299*e7b1675dSTing-Kang Chang } 300*e7b1675dSTing-Kang Chang associatedData := []byte("Associated Data") 301*e7b1675dSTing-Kang Chang 302*e7b1675dSTing-Kang Chang encryptedKeyset, err := keysetWriteEncrypted(ctx, keysetService, keyset, masterKeyset, associatedData) 303*e7b1675dSTing-Kang Chang if err != nil { 304*e7b1675dSTing-Kang Chang t.Fatalf("keysetWriteEncrypted failed: %v", err) 305*e7b1675dSTing-Kang Chang } 306*e7b1675dSTing-Kang Chang 307*e7b1675dSTing-Kang Chang readKeyset, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, masterKeyset, associatedData) 308*e7b1675dSTing-Kang Chang if err != nil { 309*e7b1675dSTing-Kang Chang t.Fatalf("keysetReadEncrypted failed: %v", err) 310*e7b1675dSTing-Kang Chang } 311*e7b1675dSTing-Kang Chang if bytes.Compare(readKeyset, keyset) != 0 { 312*e7b1675dSTing-Kang Chang t.Fatalf("readKeyset is %v, want %v", readKeyset, keyset) 313*e7b1675dSTing-Kang Chang } 314*e7b1675dSTing-Kang Chang 315*e7b1675dSTing-Kang Chang if _, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, masterKeyset, []byte("Invalid Associated Data")); err == nil { 316*e7b1675dSTing-Kang Chang t.Fatalf("keysetWriteEncrypted with bad associatedData succeeded unexpectedly.") 317*e7b1675dSTing-Kang Chang } 318*e7b1675dSTing-Kang Chang 319*e7b1675dSTing-Kang Chang if _, err := keysetWriteEncrypted(ctx, keysetService, []byte("badKeyset"), masterKeyset, associatedData); err == nil { 320*e7b1675dSTing-Kang Chang t.Fatalf("keysetWriteEncrypted with bad keyset succeeded unexpectedly.") 321*e7b1675dSTing-Kang Chang } 322*e7b1675dSTing-Kang Chang if _, err := keysetWriteEncrypted(ctx, keysetService, keyset, []byte("badMasterKeyset"), associatedData); err == nil { 323*e7b1675dSTing-Kang Chang t.Fatalf("keysetWriteEncrypted with bad masterKeyset succeeded unexpectedly.") 324*e7b1675dSTing-Kang Chang } 325*e7b1675dSTing-Kang Chang if _, err := keysetReadEncrypted(ctx, keysetService, []byte("badEncryptedKeyset"), masterKeyset, associatedData); err == nil { 326*e7b1675dSTing-Kang Chang t.Fatalf("keysetReadEncrypted with bad encryptedKeyset succeeded unexpectedly.") 327*e7b1675dSTing-Kang Chang } 328*e7b1675dSTing-Kang Chang if _, err := keysetReadEncrypted(ctx, keysetService, encryptedKeyset, []byte("badMasterKeyset"), associatedData); err == nil { 329*e7b1675dSTing-Kang Chang t.Fatalf("keysetService with bad masterKeyset succeeded unexpectedly.") 330*e7b1675dSTing-Kang Chang } 331*e7b1675dSTing-Kang Chang} 332*e7b1675dSTing-Kang Chang 333*e7b1675dSTing-Kang Changfunc TestSuccessfulAeadCreation(t *testing.T) { 334*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 335*e7b1675dSTing-Kang Chang aeadService := &services.AEADService{} 336*e7b1675dSTing-Kang Chang ctx := context.Background() 337*e7b1675dSTing-Kang Chang 338*e7b1675dSTing-Kang Chang template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 339*e7b1675dSTing-Kang Chang if err != nil { 340*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 341*e7b1675dSTing-Kang Chang } 342*e7b1675dSTing-Kang Chang 343*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 344*e7b1675dSTing-Kang Chang if err != nil { 345*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 346*e7b1675dSTing-Kang Chang } 347*e7b1675dSTing-Kang Chang 348*e7b1675dSTing-Kang Chang result, err := aeadService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}}) 349*e7b1675dSTing-Kang Chang if err != nil { 350*e7b1675dSTing-Kang Chang t.Fatalf("CreateAead with good keyset failed with gRPC error: %v", err) 351*e7b1675dSTing-Kang Chang } 352*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 353*e7b1675dSTing-Kang Chang t.Fatalf("CreateAead with good keyset failed with creation error: %v", result.GetErr()) 354*e7b1675dSTing-Kang Chang } 355*e7b1675dSTing-Kang Chang} 356*e7b1675dSTing-Kang Chang 357*e7b1675dSTing-Kang Changfunc TestFailingAeadCreation(t *testing.T) { 358*e7b1675dSTing-Kang Chang aeadService := &services.AEADService{} 359*e7b1675dSTing-Kang Chang ctx := context.Background() 360*e7b1675dSTing-Kang Chang 361*e7b1675dSTing-Kang Chang result, err := aeadService.Create(ctx, &pb.CreationRequest{ 362*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: []byte{0x80}}}) 363*e7b1675dSTing-Kang Chang if err != nil { 364*e7b1675dSTing-Kang Chang t.Fatalf("CreateAead with bad keyset failed with gRPC error: %v", err) 365*e7b1675dSTing-Kang Chang } 366*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 367*e7b1675dSTing-Kang Chang t.Fatalf("CreateAead with bad keyset succeeded instead of failing") 368*e7b1675dSTing-Kang Chang } 369*e7b1675dSTing-Kang Chang} 370*e7b1675dSTing-Kang Chang 371*e7b1675dSTing-Kang Changfunc aeadEncrypt(ctx context.Context, aeadService *services.AEADService, keyset []byte, plaintext []byte, associatedData []byte) ([]byte, error) { 372*e7b1675dSTing-Kang Chang encRequest := &pb.AeadEncryptRequest{ 373*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 374*e7b1675dSTing-Kang Chang Plaintext: plaintext, 375*e7b1675dSTing-Kang Chang AssociatedData: associatedData, 376*e7b1675dSTing-Kang Chang } 377*e7b1675dSTing-Kang Chang encResponse, err := aeadService.Encrypt(ctx, encRequest) 378*e7b1675dSTing-Kang Chang if err != nil { 379*e7b1675dSTing-Kang Chang return nil, err 380*e7b1675dSTing-Kang Chang } 381*e7b1675dSTing-Kang Chang switch r := encResponse.Result.(type) { 382*e7b1675dSTing-Kang Chang case *pb.AeadEncryptResponse_Ciphertext: 383*e7b1675dSTing-Kang Chang return r.Ciphertext, nil 384*e7b1675dSTing-Kang Chang case *pb.AeadEncryptResponse_Err: 385*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 386*e7b1675dSTing-Kang Chang default: 387*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 388*e7b1675dSTing-Kang Chang } 389*e7b1675dSTing-Kang Chang} 390*e7b1675dSTing-Kang Chang 391*e7b1675dSTing-Kang Changfunc aeadDecrypt(ctx context.Context, aeadService *services.AEADService, keyset []byte, ciphertext []byte, associatedData []byte) ([]byte, error) { 392*e7b1675dSTing-Kang Chang decRequest := &pb.AeadDecryptRequest{ 393*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 394*e7b1675dSTing-Kang Chang Ciphertext: ciphertext, 395*e7b1675dSTing-Kang Chang AssociatedData: associatedData, 396*e7b1675dSTing-Kang Chang } 397*e7b1675dSTing-Kang Chang decResponse, err := aeadService.Decrypt(ctx, decRequest) 398*e7b1675dSTing-Kang Chang if err != nil { 399*e7b1675dSTing-Kang Chang return nil, err 400*e7b1675dSTing-Kang Chang } 401*e7b1675dSTing-Kang Chang switch r := decResponse.Result.(type) { 402*e7b1675dSTing-Kang Chang case *pb.AeadDecryptResponse_Plaintext: 403*e7b1675dSTing-Kang Chang return r.Plaintext, nil 404*e7b1675dSTing-Kang Chang case *pb.AeadDecryptResponse_Err: 405*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 406*e7b1675dSTing-Kang Chang default: 407*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 408*e7b1675dSTing-Kang Chang } 409*e7b1675dSTing-Kang Chang} 410*e7b1675dSTing-Kang Chang 411*e7b1675dSTing-Kang Changfunc TestGenerateEncryptDecrypt(t *testing.T) { 412*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 413*e7b1675dSTing-Kang Chang aeadService := &services.AEADService{} 414*e7b1675dSTing-Kang Chang ctx := context.Background() 415*e7b1675dSTing-Kang Chang 416*e7b1675dSTing-Kang Chang template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 417*e7b1675dSTing-Kang Chang if err != nil { 418*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 419*e7b1675dSTing-Kang Chang } 420*e7b1675dSTing-Kang Chang 421*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 422*e7b1675dSTing-Kang Chang if err != nil { 423*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 424*e7b1675dSTing-Kang Chang } 425*e7b1675dSTing-Kang Chang 426*e7b1675dSTing-Kang Chang plaintext := []byte("The quick brown fox jumps over the lazy dog") 427*e7b1675dSTing-Kang Chang associatedData := []byte("Associated Data") 428*e7b1675dSTing-Kang Chang ciphertext, err := aeadEncrypt(ctx, aeadService, keyset, plaintext, associatedData) 429*e7b1675dSTing-Kang Chang if err != nil { 430*e7b1675dSTing-Kang Chang t.Fatalf("Aead Encrypt failed: %v", err) 431*e7b1675dSTing-Kang Chang } 432*e7b1675dSTing-Kang Chang output, err := aeadDecrypt(ctx, aeadService, keyset, ciphertext, associatedData) 433*e7b1675dSTing-Kang Chang if err != nil { 434*e7b1675dSTing-Kang Chang t.Fatalf("aeadDecrypt failed: %v", err) 435*e7b1675dSTing-Kang Chang } 436*e7b1675dSTing-Kang Chang if bytes.Compare(output, plaintext) != 0 { 437*e7b1675dSTing-Kang Chang t.Fatalf("Decrypted ciphertext is %v, want %v", output, plaintext) 438*e7b1675dSTing-Kang Chang } 439*e7b1675dSTing-Kang Chang 440*e7b1675dSTing-Kang Chang if _, err := genKeyset(ctx, keysetService, []byte("badTemplate")); err == nil { 441*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset from bad template succeeded unexpectedly.") 442*e7b1675dSTing-Kang Chang } 443*e7b1675dSTing-Kang Chang if _, err := aeadEncrypt(ctx, aeadService, []byte("badKeyset"), plaintext, associatedData); err == nil { 444*e7b1675dSTing-Kang Chang t.Fatalf("aeadEncrypt with bad keyset succeeded unexpectedly.") 445*e7b1675dSTing-Kang Chang } 446*e7b1675dSTing-Kang Chang if _, err := aeadDecrypt(ctx, aeadService, keyset, []byte("badCiphertext"), associatedData); err == nil { 447*e7b1675dSTing-Kang Chang t.Fatalf("aeadDecrypt of bad ciphertext succeeded unexpectedly.") 448*e7b1675dSTing-Kang Chang } 449*e7b1675dSTing-Kang Chang} 450*e7b1675dSTing-Kang Chang 451*e7b1675dSTing-Kang Changfunc TestSuccessfulDaeadCreation(t *testing.T) { 452*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 453*e7b1675dSTing-Kang Chang daeadService := &services.DeterministicAEADService{} 454*e7b1675dSTing-Kang Chang ctx := context.Background() 455*e7b1675dSTing-Kang Chang 456*e7b1675dSTing-Kang Chang template, err := proto.Marshal(daead.AESSIVKeyTemplate()) 457*e7b1675dSTing-Kang Chang if err != nil { 458*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(daead.AESSIVKeyTemplate()) failed: %v", err) 459*e7b1675dSTing-Kang Chang } 460*e7b1675dSTing-Kang Chang 461*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 462*e7b1675dSTing-Kang Chang if err != nil { 463*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 464*e7b1675dSTing-Kang Chang } 465*e7b1675dSTing-Kang Chang 466*e7b1675dSTing-Kang Chang result, err := daeadService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}}) 467*e7b1675dSTing-Kang Chang if err != nil { 468*e7b1675dSTing-Kang Chang t.Fatalf("CreateDeterministicAead with good keyset failed with gRPC error: %v", err) 469*e7b1675dSTing-Kang Chang } 470*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 471*e7b1675dSTing-Kang Chang t.Fatalf("CreateDeterministicAead with good keyset failed with creation error: %v", result.GetErr()) 472*e7b1675dSTing-Kang Chang } 473*e7b1675dSTing-Kang Chang} 474*e7b1675dSTing-Kang Chang 475*e7b1675dSTing-Kang Changfunc TestFailingDaeadCreation(t *testing.T) { 476*e7b1675dSTing-Kang Chang daeadService := &services.DeterministicAEADService{} 477*e7b1675dSTing-Kang Chang ctx := context.Background() 478*e7b1675dSTing-Kang Chang 479*e7b1675dSTing-Kang Chang result, err := daeadService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: []byte{0x80}}}) 480*e7b1675dSTing-Kang Chang if err != nil { 481*e7b1675dSTing-Kang Chang t.Fatalf("CreateAead with bad keyset failed with gRPC error: %v", err) 482*e7b1675dSTing-Kang Chang } 483*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 484*e7b1675dSTing-Kang Chang t.Fatalf("CreateAead with bad keyset succeeded instead of failing") 485*e7b1675dSTing-Kang Chang } 486*e7b1675dSTing-Kang Chang} 487*e7b1675dSTing-Kang Chang 488*e7b1675dSTing-Kang Changfunc daeadEncrypt(ctx context.Context, daeadService *services.DeterministicAEADService, keyset []byte, plaintext []byte, associatedData []byte) ([]byte, error) { 489*e7b1675dSTing-Kang Chang encRequest := &pb.DeterministicAeadEncryptRequest{ 490*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 491*e7b1675dSTing-Kang Chang Plaintext: plaintext, 492*e7b1675dSTing-Kang Chang AssociatedData: associatedData, 493*e7b1675dSTing-Kang Chang } 494*e7b1675dSTing-Kang Chang encResponse, err := daeadService.EncryptDeterministically(ctx, encRequest) 495*e7b1675dSTing-Kang Chang if err != nil { 496*e7b1675dSTing-Kang Chang return nil, err 497*e7b1675dSTing-Kang Chang } 498*e7b1675dSTing-Kang Chang switch r := encResponse.Result.(type) { 499*e7b1675dSTing-Kang Chang case *pb.DeterministicAeadEncryptResponse_Ciphertext: 500*e7b1675dSTing-Kang Chang return r.Ciphertext, nil 501*e7b1675dSTing-Kang Chang case *pb.DeterministicAeadEncryptResponse_Err: 502*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 503*e7b1675dSTing-Kang Chang default: 504*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 505*e7b1675dSTing-Kang Chang } 506*e7b1675dSTing-Kang Chang} 507*e7b1675dSTing-Kang Chang 508*e7b1675dSTing-Kang Changfunc daeadDecrypt(ctx context.Context, daeadService *services.DeterministicAEADService, keyset []byte, ciphertext []byte, associatedData []byte) ([]byte, error) { 509*e7b1675dSTing-Kang Chang decRequest := &pb.DeterministicAeadDecryptRequest{ 510*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 511*e7b1675dSTing-Kang Chang Ciphertext: ciphertext, 512*e7b1675dSTing-Kang Chang AssociatedData: associatedData, 513*e7b1675dSTing-Kang Chang } 514*e7b1675dSTing-Kang Chang decResponse, err := daeadService.DecryptDeterministically(ctx, decRequest) 515*e7b1675dSTing-Kang Chang if err != nil { 516*e7b1675dSTing-Kang Chang return nil, err 517*e7b1675dSTing-Kang Chang } 518*e7b1675dSTing-Kang Chang switch r := decResponse.Result.(type) { 519*e7b1675dSTing-Kang Chang case *pb.DeterministicAeadDecryptResponse_Plaintext: 520*e7b1675dSTing-Kang Chang return r.Plaintext, nil 521*e7b1675dSTing-Kang Chang case *pb.DeterministicAeadDecryptResponse_Err: 522*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 523*e7b1675dSTing-Kang Chang default: 524*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 525*e7b1675dSTing-Kang Chang } 526*e7b1675dSTing-Kang Chang} 527*e7b1675dSTing-Kang Chang 528*e7b1675dSTing-Kang Changfunc TestGenerateEncryptDecryptDeterministically(t *testing.T) { 529*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 530*e7b1675dSTing-Kang Chang daeadService := &services.DeterministicAEADService{} 531*e7b1675dSTing-Kang Chang ctx := context.Background() 532*e7b1675dSTing-Kang Chang 533*e7b1675dSTing-Kang Chang template, err := proto.Marshal(daead.AESSIVKeyTemplate()) 534*e7b1675dSTing-Kang Chang if err != nil { 535*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(daead.AESSIVKeyTemplate()) failed: %v", err) 536*e7b1675dSTing-Kang Chang } 537*e7b1675dSTing-Kang Chang 538*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 539*e7b1675dSTing-Kang Chang if err != nil { 540*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 541*e7b1675dSTing-Kang Chang } 542*e7b1675dSTing-Kang Chang 543*e7b1675dSTing-Kang Chang plaintext := []byte("The quick brown fox jumps over the lazy dog") 544*e7b1675dSTing-Kang Chang associatedData := []byte("Associated Data") 545*e7b1675dSTing-Kang Chang ciphertext, err := daeadEncrypt(ctx, daeadService, keyset, plaintext, associatedData) 546*e7b1675dSTing-Kang Chang if err != nil { 547*e7b1675dSTing-Kang Chang t.Fatalf("Aead Encrypt failed: %v", err) 548*e7b1675dSTing-Kang Chang } 549*e7b1675dSTing-Kang Chang output, err := daeadDecrypt(ctx, daeadService, keyset, ciphertext, associatedData) 550*e7b1675dSTing-Kang Chang if err != nil { 551*e7b1675dSTing-Kang Chang t.Fatalf("daeadDecrypt failed: %v", err) 552*e7b1675dSTing-Kang Chang } 553*e7b1675dSTing-Kang Chang if bytes.Compare(output, plaintext) != 0 { 554*e7b1675dSTing-Kang Chang t.Fatalf("Decrypted ciphertext is %v, want %v", output, plaintext) 555*e7b1675dSTing-Kang Chang } 556*e7b1675dSTing-Kang Chang 557*e7b1675dSTing-Kang Chang if _, err := genKeyset(ctx, keysetService, []byte("badTemplate")); err == nil { 558*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset from bad template succeeded unexpectedly.") 559*e7b1675dSTing-Kang Chang } 560*e7b1675dSTing-Kang Chang if _, err := daeadEncrypt(ctx, daeadService, []byte("badKeyset"), plaintext, associatedData); err == nil { 561*e7b1675dSTing-Kang Chang t.Fatalf("daeadEncrypt with bad keyset succeeded unexpectedly.") 562*e7b1675dSTing-Kang Chang } 563*e7b1675dSTing-Kang Chang if _, err := daeadDecrypt(ctx, daeadService, keyset, []byte("badCiphertext"), associatedData); err == nil { 564*e7b1675dSTing-Kang Chang t.Fatalf("daeadDecrypt of bad ciphertext succeeded unexpectedly.") 565*e7b1675dSTing-Kang Chang } 566*e7b1675dSTing-Kang Chang} 567*e7b1675dSTing-Kang Chang 568*e7b1675dSTing-Kang Changfunc TestSuccessfulStreamingAEADCreation(t *testing.T) { 569*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 570*e7b1675dSTing-Kang Chang streamingAEADService := &services.StreamingAEADService{} 571*e7b1675dSTing-Kang Chang ctx := context.Background() 572*e7b1675dSTing-Kang Chang 573*e7b1675dSTing-Kang Chang template, err := proto.Marshal(streamingaead.AES128GCMHKDF4KBKeyTemplate()) 574*e7b1675dSTing-Kang Chang if err != nil { 575*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(streamingaead.AES128GCMHKDF4KBKeyTemplate()) failed: %v", err) 576*e7b1675dSTing-Kang Chang } 577*e7b1675dSTing-Kang Chang 578*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 579*e7b1675dSTing-Kang Chang if err != nil { 580*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 581*e7b1675dSTing-Kang Chang } 582*e7b1675dSTing-Kang Chang 583*e7b1675dSTing-Kang Chang result, err := streamingAEADService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 584*e7b1675dSTing-Kang Chang if err != nil { 585*e7b1675dSTing-Kang Chang t.Fatalf("streamingAEADService.Create with good keyset failed with gRPC error: %v, want nil", err) 586*e7b1675dSTing-Kang Chang } 587*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 588*e7b1675dSTing-Kang Chang t.Fatalf("streamingAEADService.Create with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 589*e7b1675dSTing-Kang Chang } 590*e7b1675dSTing-Kang Chang} 591*e7b1675dSTing-Kang Chang 592*e7b1675dSTing-Kang Changfunc TestFailingStreamingAEADCreation(t *testing.T) { 593*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 594*e7b1675dSTing-Kang Chang streamingAEADService := &services.StreamingAEADService{} 595*e7b1675dSTing-Kang Chang ctx := context.Background() 596*e7b1675dSTing-Kang Chang 597*e7b1675dSTing-Kang Chang template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 598*e7b1675dSTing-Kang Chang if err != nil { 599*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 600*e7b1675dSTing-Kang Chang } 601*e7b1675dSTing-Kang Chang 602*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 603*e7b1675dSTing-Kang Chang if err != nil { 604*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 605*e7b1675dSTing-Kang Chang } 606*e7b1675dSTing-Kang Chang 607*e7b1675dSTing-Kang Chang result, err := streamingAEADService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 608*e7b1675dSTing-Kang Chang if err != nil { 609*e7b1675dSTing-Kang Chang t.Fatalf("streamingAEADService.Create with bad keyset failed with gRPC error: %v", err) 610*e7b1675dSTing-Kang Chang } 611*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 612*e7b1675dSTing-Kang Chang t.Fatalf("streamingAEADService.Create with bad keyset succeeded") 613*e7b1675dSTing-Kang Chang } 614*e7b1675dSTing-Kang Chang} 615*e7b1675dSTing-Kang Chang 616*e7b1675dSTing-Kang Changfunc streamingAEADEncrypt(ctx context.Context, streamingAEADService *services.StreamingAEADService, keyset []byte, plaintext []byte, associatedData []byte) ([]byte, error) { 617*e7b1675dSTing-Kang Chang encRequest := &pb.StreamingAeadEncryptRequest{ 618*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 619*e7b1675dSTing-Kang Chang Plaintext: plaintext, 620*e7b1675dSTing-Kang Chang AssociatedData: associatedData, 621*e7b1675dSTing-Kang Chang } 622*e7b1675dSTing-Kang Chang encResponse, err := streamingAEADService.Encrypt(ctx, encRequest) 623*e7b1675dSTing-Kang Chang if err != nil { 624*e7b1675dSTing-Kang Chang return nil, err 625*e7b1675dSTing-Kang Chang } 626*e7b1675dSTing-Kang Chang switch r := encResponse.Result.(type) { 627*e7b1675dSTing-Kang Chang case *pb.StreamingAeadEncryptResponse_Ciphertext: 628*e7b1675dSTing-Kang Chang return r.Ciphertext, nil 629*e7b1675dSTing-Kang Chang case *pb.StreamingAeadEncryptResponse_Err: 630*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 631*e7b1675dSTing-Kang Chang default: 632*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 633*e7b1675dSTing-Kang Chang } 634*e7b1675dSTing-Kang Chang} 635*e7b1675dSTing-Kang Chang 636*e7b1675dSTing-Kang Changfunc streamingAEADDecrypt(ctx context.Context, streamingAEADService *services.StreamingAEADService, keyset []byte, ciphertext []byte, associatedData []byte) ([]byte, error) { 637*e7b1675dSTing-Kang Chang decRequest := &pb.StreamingAeadDecryptRequest{ 638*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 639*e7b1675dSTing-Kang Chang Ciphertext: ciphertext, 640*e7b1675dSTing-Kang Chang AssociatedData: associatedData, 641*e7b1675dSTing-Kang Chang } 642*e7b1675dSTing-Kang Chang decResponse, err := streamingAEADService.Decrypt(ctx, decRequest) 643*e7b1675dSTing-Kang Chang if err != nil { 644*e7b1675dSTing-Kang Chang return nil, err 645*e7b1675dSTing-Kang Chang } 646*e7b1675dSTing-Kang Chang switch r := decResponse.Result.(type) { 647*e7b1675dSTing-Kang Chang case *pb.StreamingAeadDecryptResponse_Plaintext: 648*e7b1675dSTing-Kang Chang return r.Plaintext, nil 649*e7b1675dSTing-Kang Chang case *pb.StreamingAeadDecryptResponse_Err: 650*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 651*e7b1675dSTing-Kang Chang default: 652*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 653*e7b1675dSTing-Kang Chang } 654*e7b1675dSTing-Kang Chang} 655*e7b1675dSTing-Kang Chang 656*e7b1675dSTing-Kang Changfunc TestGenerateEncryptDecryptStreaming(t *testing.T) { 657*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 658*e7b1675dSTing-Kang Chang streamingAEADService := &services.StreamingAEADService{} 659*e7b1675dSTing-Kang Chang ctx := context.Background() 660*e7b1675dSTing-Kang Chang 661*e7b1675dSTing-Kang Chang template, err := proto.Marshal(streamingaead.AES128GCMHKDF4KBKeyTemplate()) 662*e7b1675dSTing-Kang Chang if err != nil { 663*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(streamingaead.AES128GCMHKDF4KBKeyTemplate()) failed: %v", err) 664*e7b1675dSTing-Kang Chang } 665*e7b1675dSTing-Kang Chang 666*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 667*e7b1675dSTing-Kang Chang if err != nil { 668*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 669*e7b1675dSTing-Kang Chang } 670*e7b1675dSTing-Kang Chang 671*e7b1675dSTing-Kang Chang plaintext := []byte("The quick brown fox jumps over the lazy dog") 672*e7b1675dSTing-Kang Chang associatedData := []byte("Associated Data") 673*e7b1675dSTing-Kang Chang ciphertext, err := streamingAEADEncrypt(ctx, streamingAEADService, keyset, plaintext, associatedData) 674*e7b1675dSTing-Kang Chang if err != nil { 675*e7b1675dSTing-Kang Chang t.Fatalf("streamingAEADEncrypt failed: %v", err) 676*e7b1675dSTing-Kang Chang } 677*e7b1675dSTing-Kang Chang output, err := streamingAEADDecrypt(ctx, streamingAEADService, keyset, ciphertext, associatedData) 678*e7b1675dSTing-Kang Chang if err != nil { 679*e7b1675dSTing-Kang Chang t.Fatalf("streamingAEADDecrypt failed: %v", err) 680*e7b1675dSTing-Kang Chang } 681*e7b1675dSTing-Kang Chang if bytes.Compare(output, plaintext) != 0 { 682*e7b1675dSTing-Kang Chang t.Errorf("Decrypted ciphertext is %v, want %v", output, plaintext) 683*e7b1675dSTing-Kang Chang } 684*e7b1675dSTing-Kang Chang 685*e7b1675dSTing-Kang Chang if _, err := genKeyset(ctx, keysetService, []byte("badTemplate")); err == nil { 686*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset from bad template succeeded unexpectedly.") 687*e7b1675dSTing-Kang Chang } 688*e7b1675dSTing-Kang Chang if _, err := streamingAEADEncrypt(ctx, streamingAEADService, []byte("badKeyset"), plaintext, associatedData); err == nil { 689*e7b1675dSTing-Kang Chang t.Fatalf("streamingAEADEncrypt with bad keyset succeeded unexpectedly.") 690*e7b1675dSTing-Kang Chang } 691*e7b1675dSTing-Kang Chang if _, err := streamingAEADDecrypt(ctx, streamingAEADService, keyset, []byte("badCiphertext"), associatedData); err == nil { 692*e7b1675dSTing-Kang Chang t.Fatalf("streamingAEADDecrypt of bad ciphertext succeeded unexpectedly.") 693*e7b1675dSTing-Kang Chang } 694*e7b1675dSTing-Kang Chang} 695*e7b1675dSTing-Kang Chang 696*e7b1675dSTing-Kang Changfunc TestSuccessfulMacCreation(t *testing.T) { 697*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 698*e7b1675dSTing-Kang Chang macService := &services.MacService{} 699*e7b1675dSTing-Kang Chang ctx := context.Background() 700*e7b1675dSTing-Kang Chang 701*e7b1675dSTing-Kang Chang template, err := proto.Marshal(mac.HMACSHA256Tag128KeyTemplate()) 702*e7b1675dSTing-Kang Chang if err != nil { 703*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(mac.HMACSHA256Tag128KeyTemplate()) failed: %v", err) 704*e7b1675dSTing-Kang Chang } 705*e7b1675dSTing-Kang Chang 706*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 707*e7b1675dSTing-Kang Chang if err != nil { 708*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 709*e7b1675dSTing-Kang Chang } 710*e7b1675dSTing-Kang Chang 711*e7b1675dSTing-Kang Chang result, err := macService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 712*e7b1675dSTing-Kang Chang if err != nil { 713*e7b1675dSTing-Kang Chang t.Fatalf("macService.Create with good keyset failed with gRPC error: %v, want nil", err) 714*e7b1675dSTing-Kang Chang } 715*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 716*e7b1675dSTing-Kang Chang t.Fatalf("macService.Create with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 717*e7b1675dSTing-Kang Chang } 718*e7b1675dSTing-Kang Chang} 719*e7b1675dSTing-Kang Chang 720*e7b1675dSTing-Kang Changfunc TestFailingMacCreation(t *testing.T) { 721*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 722*e7b1675dSTing-Kang Chang macService := &services.MacService{} 723*e7b1675dSTing-Kang Chang ctx := context.Background() 724*e7b1675dSTing-Kang Chang 725*e7b1675dSTing-Kang Chang // We use signature keys -- then we cannot create a hybrid encrypt 726*e7b1675dSTing-Kang Chang template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 727*e7b1675dSTing-Kang Chang if err != nil { 728*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 729*e7b1675dSTing-Kang Chang } 730*e7b1675dSTing-Kang Chang 731*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 732*e7b1675dSTing-Kang Chang if err != nil { 733*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 734*e7b1675dSTing-Kang Chang } 735*e7b1675dSTing-Kang Chang 736*e7b1675dSTing-Kang Chang result, err := macService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 737*e7b1675dSTing-Kang Chang if err != nil { 738*e7b1675dSTing-Kang Chang t.Fatalf("macService.Create with bad keyset failed with gRPC error: %v", err) 739*e7b1675dSTing-Kang Chang } 740*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 741*e7b1675dSTing-Kang Chang t.Fatalf("macService.Create with bad keyset succeeded") 742*e7b1675dSTing-Kang Chang } 743*e7b1675dSTing-Kang Chang} 744*e7b1675dSTing-Kang Chang 745*e7b1675dSTing-Kang Changfunc computeMAC(ctx context.Context, macService *services.MacService, keyset []byte, data []byte) ([]byte, error) { 746*e7b1675dSTing-Kang Chang encRequest := &pb.ComputeMacRequest{ 747*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 748*e7b1675dSTing-Kang Chang Data: data, 749*e7b1675dSTing-Kang Chang } 750*e7b1675dSTing-Kang Chang response, err := macService.ComputeMac(ctx, encRequest) 751*e7b1675dSTing-Kang Chang if err != nil { 752*e7b1675dSTing-Kang Chang return nil, err 753*e7b1675dSTing-Kang Chang } 754*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 755*e7b1675dSTing-Kang Chang case *pb.ComputeMacResponse_MacValue: 756*e7b1675dSTing-Kang Chang return r.MacValue, nil 757*e7b1675dSTing-Kang Chang case *pb.ComputeMacResponse_Err: 758*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 759*e7b1675dSTing-Kang Chang default: 760*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("response.Result has unexpected type %T", r) 761*e7b1675dSTing-Kang Chang } 762*e7b1675dSTing-Kang Chang} 763*e7b1675dSTing-Kang Chang 764*e7b1675dSTing-Kang Changfunc verifyMAC(ctx context.Context, macService *services.MacService, keyset []byte, macValue []byte, data []byte) error { 765*e7b1675dSTing-Kang Chang request := &pb.VerifyMacRequest{ 766*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 767*e7b1675dSTing-Kang Chang MacValue: macValue, 768*e7b1675dSTing-Kang Chang Data: data, 769*e7b1675dSTing-Kang Chang } 770*e7b1675dSTing-Kang Chang response, err := macService.VerifyMac(ctx, request) 771*e7b1675dSTing-Kang Chang if err != nil { 772*e7b1675dSTing-Kang Chang return err 773*e7b1675dSTing-Kang Chang } 774*e7b1675dSTing-Kang Chang if response.Err != "" { 775*e7b1675dSTing-Kang Chang return errors.New(response.Err) 776*e7b1675dSTing-Kang Chang } 777*e7b1675dSTing-Kang Chang return nil 778*e7b1675dSTing-Kang Chang} 779*e7b1675dSTing-Kang Chang 780*e7b1675dSTing-Kang Changfunc TestComputeVerifyMac(t *testing.T) { 781*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 782*e7b1675dSTing-Kang Chang macService := &services.MacService{} 783*e7b1675dSTing-Kang Chang ctx := context.Background() 784*e7b1675dSTing-Kang Chang 785*e7b1675dSTing-Kang Chang template, err := proto.Marshal(mac.HMACSHA256Tag128KeyTemplate()) 786*e7b1675dSTing-Kang Chang if err != nil { 787*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(mac.HMACSHA256Tag128KeyTemplate()) failed: %v", err) 788*e7b1675dSTing-Kang Chang } 789*e7b1675dSTing-Kang Chang 790*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 791*e7b1675dSTing-Kang Chang if err != nil { 792*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 793*e7b1675dSTing-Kang Chang } 794*e7b1675dSTing-Kang Chang 795*e7b1675dSTing-Kang Chang data := []byte("The quick brown fox jumps over the lazy dog") 796*e7b1675dSTing-Kang Chang macValue, err := computeMAC(ctx, macService, keyset, data) 797*e7b1675dSTing-Kang Chang if err != nil { 798*e7b1675dSTing-Kang Chang t.Fatalf("computeMAC failed: %v", err) 799*e7b1675dSTing-Kang Chang } 800*e7b1675dSTing-Kang Chang if err := verifyMAC(ctx, macService, keyset, macValue, data); err != nil { 801*e7b1675dSTing-Kang Chang t.Fatalf("verifyMAC failed: %v", err) 802*e7b1675dSTing-Kang Chang } 803*e7b1675dSTing-Kang Chang 804*e7b1675dSTing-Kang Chang if _, err := computeMAC(ctx, macService, []byte("badKeyset"), data); err == nil { 805*e7b1675dSTing-Kang Chang t.Fatalf("computeMAC with bad keyset succeeded unexpectedly.") 806*e7b1675dSTing-Kang Chang } 807*e7b1675dSTing-Kang Chang if err := verifyMAC(ctx, macService, keyset, []byte("badMacValue"), data); err == nil { 808*e7b1675dSTing-Kang Chang t.Fatalf("verifyMAC of bad MAC value succeeded unexpectedly.") 809*e7b1675dSTing-Kang Chang } 810*e7b1675dSTing-Kang Chang} 811*e7b1675dSTing-Kang Chang 812*e7b1675dSTing-Kang Changfunc hybridEncrypt(ctx context.Context, hybridService *services.HybridService, publicKeyset []byte, plaintext []byte, contextInfo []byte) ([]byte, error) { 813*e7b1675dSTing-Kang Chang encRequest := &pb.HybridEncryptRequest{ 814*e7b1675dSTing-Kang Chang PublicAnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}, 815*e7b1675dSTing-Kang Chang Plaintext: plaintext, 816*e7b1675dSTing-Kang Chang ContextInfo: contextInfo, 817*e7b1675dSTing-Kang Chang } 818*e7b1675dSTing-Kang Chang encResponse, err := hybridService.Encrypt(ctx, encRequest) 819*e7b1675dSTing-Kang Chang if err != nil { 820*e7b1675dSTing-Kang Chang return nil, err 821*e7b1675dSTing-Kang Chang } 822*e7b1675dSTing-Kang Chang switch r := encResponse.Result.(type) { 823*e7b1675dSTing-Kang Chang case *pb.HybridEncryptResponse_Ciphertext: 824*e7b1675dSTing-Kang Chang return r.Ciphertext, nil 825*e7b1675dSTing-Kang Chang case *pb.HybridEncryptResponse_Err: 826*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 827*e7b1675dSTing-Kang Chang default: 828*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("encResponse.Result has unexpected type %T", r) 829*e7b1675dSTing-Kang Chang } 830*e7b1675dSTing-Kang Chang} 831*e7b1675dSTing-Kang Chang 832*e7b1675dSTing-Kang Changfunc hybridDecrypt(ctx context.Context, hybridService *services.HybridService, privateKeyset []byte, ciphertext []byte, contextInfo []byte) ([]byte, error) { 833*e7b1675dSTing-Kang Chang decRequest := &pb.HybridDecryptRequest{ 834*e7b1675dSTing-Kang Chang PrivateAnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}, 835*e7b1675dSTing-Kang Chang Ciphertext: ciphertext, 836*e7b1675dSTing-Kang Chang ContextInfo: contextInfo, 837*e7b1675dSTing-Kang Chang } 838*e7b1675dSTing-Kang Chang decResponse, err := hybridService.Decrypt(ctx, decRequest) 839*e7b1675dSTing-Kang Chang if err != nil { 840*e7b1675dSTing-Kang Chang return nil, err 841*e7b1675dSTing-Kang Chang } 842*e7b1675dSTing-Kang Chang switch r := decResponse.Result.(type) { 843*e7b1675dSTing-Kang Chang case *pb.HybridDecryptResponse_Plaintext: 844*e7b1675dSTing-Kang Chang return r.Plaintext, nil 845*e7b1675dSTing-Kang Chang case *pb.HybridDecryptResponse_Err: 846*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 847*e7b1675dSTing-Kang Chang default: 848*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("decResponse.Result has unexpected type %T", r) 849*e7b1675dSTing-Kang Chang } 850*e7b1675dSTing-Kang Chang} 851*e7b1675dSTing-Kang Chang 852*e7b1675dSTing-Kang Changfunc TestSuccessfulHybridDecryptCreation(t *testing.T) { 853*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 854*e7b1675dSTing-Kang Chang hybridService := &services.HybridService{} 855*e7b1675dSTing-Kang Chang ctx := context.Background() 856*e7b1675dSTing-Kang Chang 857*e7b1675dSTing-Kang Chang template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 858*e7b1675dSTing-Kang Chang if err != nil { 859*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 860*e7b1675dSTing-Kang Chang } 861*e7b1675dSTing-Kang Chang 862*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 863*e7b1675dSTing-Kang Chang if err != nil { 864*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 865*e7b1675dSTing-Kang Chang } 866*e7b1675dSTing-Kang Chang 867*e7b1675dSTing-Kang Chang result, err := hybridService.CreateHybridDecrypt(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 868*e7b1675dSTing-Kang Chang if err != nil { 869*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridDecrypt with good keyset failed with gRPC error: %v, want nil", err) 870*e7b1675dSTing-Kang Chang } 871*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 872*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridDecrypt with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 873*e7b1675dSTing-Kang Chang } 874*e7b1675dSTing-Kang Chang} 875*e7b1675dSTing-Kang Chang 876*e7b1675dSTing-Kang Changfunc TestSuccessfulHybridEncryptCreation(t *testing.T) { 877*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 878*e7b1675dSTing-Kang Chang hybridService := &services.HybridService{} 879*e7b1675dSTing-Kang Chang ctx := context.Background() 880*e7b1675dSTing-Kang Chang 881*e7b1675dSTing-Kang Chang template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 882*e7b1675dSTing-Kang Chang if err != nil { 883*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 884*e7b1675dSTing-Kang Chang } 885*e7b1675dSTing-Kang Chang 886*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 887*e7b1675dSTing-Kang Chang if err != nil { 888*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 889*e7b1675dSTing-Kang Chang } 890*e7b1675dSTing-Kang Chang publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 891*e7b1675dSTing-Kang Chang if err != nil { 892*e7b1675dSTing-Kang Chang t.Fatalf("pubKeyset failed: %v", err) 893*e7b1675dSTing-Kang Chang } 894*e7b1675dSTing-Kang Chang 895*e7b1675dSTing-Kang Chang result, err := hybridService.CreateHybridEncrypt(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}}) 896*e7b1675dSTing-Kang Chang if err != nil { 897*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridEncrypt with good keyset failed with gRPC error: %v, want nil", err) 898*e7b1675dSTing-Kang Chang } 899*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 900*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridEncrypt with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 901*e7b1675dSTing-Kang Chang } 902*e7b1675dSTing-Kang Chang} 903*e7b1675dSTing-Kang Chang 904*e7b1675dSTing-Kang Changfunc TestFailingHybridDecryptCreation(t *testing.T) { 905*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 906*e7b1675dSTing-Kang Chang hybridService := &services.HybridService{} 907*e7b1675dSTing-Kang Chang ctx := context.Background() 908*e7b1675dSTing-Kang Chang 909*e7b1675dSTing-Kang Chang // We use signature keys -- then we cannot create a hybrid encrypt 910*e7b1675dSTing-Kang Chang template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 911*e7b1675dSTing-Kang Chang if err != nil { 912*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 913*e7b1675dSTing-Kang Chang } 914*e7b1675dSTing-Kang Chang 915*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 916*e7b1675dSTing-Kang Chang if err != nil { 917*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 918*e7b1675dSTing-Kang Chang } 919*e7b1675dSTing-Kang Chang 920*e7b1675dSTing-Kang Chang result, err := hybridService.CreateHybridDecrypt(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 921*e7b1675dSTing-Kang Chang if err != nil { 922*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridDecrypt with bad keyset failed with gRPC error: %v", err) 923*e7b1675dSTing-Kang Chang } 924*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 925*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridDecrypt with bad keyset succeeded") 926*e7b1675dSTing-Kang Chang } 927*e7b1675dSTing-Kang Chang} 928*e7b1675dSTing-Kang Chang 929*e7b1675dSTing-Kang Changfunc TestFailingHybridEncryptCreation(t *testing.T) { 930*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 931*e7b1675dSTing-Kang Chang hybridService := &services.HybridService{} 932*e7b1675dSTing-Kang Chang ctx := context.Background() 933*e7b1675dSTing-Kang Chang 934*e7b1675dSTing-Kang Chang // We use signature keys -- then we cannot create a hybrid encrypt 935*e7b1675dSTing-Kang Chang template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 936*e7b1675dSTing-Kang Chang if err != nil { 937*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 938*e7b1675dSTing-Kang Chang } 939*e7b1675dSTing-Kang Chang 940*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 941*e7b1675dSTing-Kang Chang if err != nil { 942*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 943*e7b1675dSTing-Kang Chang } 944*e7b1675dSTing-Kang Chang publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 945*e7b1675dSTing-Kang Chang if err != nil { 946*e7b1675dSTing-Kang Chang t.Fatalf("pubKeyset failed: %v", err) 947*e7b1675dSTing-Kang Chang } 948*e7b1675dSTing-Kang Chang 949*e7b1675dSTing-Kang Chang result, err := hybridService.CreateHybridEncrypt(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}}) 950*e7b1675dSTing-Kang Chang if err != nil { 951*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridEncrypt with good keyset failed with gRPC error: %v", err) 952*e7b1675dSTing-Kang Chang } 953*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 954*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridEncrypt with bad keyset succeeded") 955*e7b1675dSTing-Kang Chang } 956*e7b1675dSTing-Kang Chang} 957*e7b1675dSTing-Kang Chang 958*e7b1675dSTing-Kang Changfunc TestHybridGenerateEncryptDecrypt(t *testing.T) { 959*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 960*e7b1675dSTing-Kang Chang hybridService := &services.HybridService{} 961*e7b1675dSTing-Kang Chang ctx := context.Background() 962*e7b1675dSTing-Kang Chang 963*e7b1675dSTing-Kang Chang template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 964*e7b1675dSTing-Kang Chang if err != nil { 965*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 966*e7b1675dSTing-Kang Chang } 967*e7b1675dSTing-Kang Chang 968*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 969*e7b1675dSTing-Kang Chang if err != nil { 970*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 971*e7b1675dSTing-Kang Chang } 972*e7b1675dSTing-Kang Chang publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 973*e7b1675dSTing-Kang Chang if err != nil { 974*e7b1675dSTing-Kang Chang t.Fatalf("pubKeyset failed: %v", err) 975*e7b1675dSTing-Kang Chang } 976*e7b1675dSTing-Kang Chang 977*e7b1675dSTing-Kang Chang plaintext := []byte("The quick brown fox jumps over the lazy dog") 978*e7b1675dSTing-Kang Chang associatedData := []byte("Associated Data") 979*e7b1675dSTing-Kang Chang ciphertext, err := hybridEncrypt(ctx, hybridService, publicKeyset, plaintext, associatedData) 980*e7b1675dSTing-Kang Chang if err != nil { 981*e7b1675dSTing-Kang Chang t.Fatalf("hybridEncrypt failed: %v", err) 982*e7b1675dSTing-Kang Chang } 983*e7b1675dSTing-Kang Chang output, err := hybridDecrypt(ctx, hybridService, privateKeyset, ciphertext, associatedData) 984*e7b1675dSTing-Kang Chang if err != nil { 985*e7b1675dSTing-Kang Chang t.Fatalf("hybridDecrypt failed: %v", err) 986*e7b1675dSTing-Kang Chang } 987*e7b1675dSTing-Kang Chang if bytes.Compare(output, plaintext) != 0 { 988*e7b1675dSTing-Kang Chang t.Fatalf("Decrypted ciphertext is %v, want %v", output, plaintext) 989*e7b1675dSTing-Kang Chang } 990*e7b1675dSTing-Kang Chang 991*e7b1675dSTing-Kang Chang if _, err := pubKeyset(ctx, keysetService, []byte("badPrivateKeyset")); err == nil { 992*e7b1675dSTing-Kang Chang t.Fatalf("pubKeyset from bad private keyset succeeded unexpectedly.") 993*e7b1675dSTing-Kang Chang } 994*e7b1675dSTing-Kang Chang if _, err := hybridEncrypt(ctx, hybridService, []byte("badPublicKeyset"), plaintext, associatedData); err == nil { 995*e7b1675dSTing-Kang Chang t.Fatalf("hybridEncrypt with bad public keyset succeeded unexpectedly.") 996*e7b1675dSTing-Kang Chang } 997*e7b1675dSTing-Kang Chang if _, err := hybridDecrypt(ctx, hybridService, []byte("badPrivateKeyset"), ciphertext, associatedData); err == nil { 998*e7b1675dSTing-Kang Chang t.Fatalf("hybridDecrypt with bad private keyset succeeded unexpectedly.") 999*e7b1675dSTing-Kang Chang } 1000*e7b1675dSTing-Kang Chang if _, err := hybridDecrypt(ctx, hybridService, privateKeyset, []byte("badCiphertext"), associatedData); err == nil { 1001*e7b1675dSTing-Kang Chang t.Fatalf("hybridDecrypt of bad ciphertext succeeded unexpectedly.") 1002*e7b1675dSTing-Kang Chang } 1003*e7b1675dSTing-Kang Chang} 1004*e7b1675dSTing-Kang Chang 1005*e7b1675dSTing-Kang Changfunc TestSuccessfulPublicKeySignCreation(t *testing.T) { 1006*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 1007*e7b1675dSTing-Kang Chang signatureService := &services.SignatureService{} 1008*e7b1675dSTing-Kang Chang ctx := context.Background() 1009*e7b1675dSTing-Kang Chang 1010*e7b1675dSTing-Kang Chang template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 1011*e7b1675dSTing-Kang Chang if err != nil { 1012*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 1013*e7b1675dSTing-Kang Chang } 1014*e7b1675dSTing-Kang Chang 1015*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 1016*e7b1675dSTing-Kang Chang if err != nil { 1017*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 1018*e7b1675dSTing-Kang Chang } 1019*e7b1675dSTing-Kang Chang 1020*e7b1675dSTing-Kang Chang result, err := signatureService.CreatePublicKeySign(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 1021*e7b1675dSTing-Kang Chang if err != nil { 1022*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridDecrypt with good keyset failed with gRPC error: %v", err) 1023*e7b1675dSTing-Kang Chang } 1024*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 1025*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridDecrypt good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 1026*e7b1675dSTing-Kang Chang } 1027*e7b1675dSTing-Kang Chang} 1028*e7b1675dSTing-Kang Chang 1029*e7b1675dSTing-Kang Changfunc TestSuccessfulPublicKeyVerifyCreation(t *testing.T) { 1030*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 1031*e7b1675dSTing-Kang Chang signatureService := &services.SignatureService{} 1032*e7b1675dSTing-Kang Chang ctx := context.Background() 1033*e7b1675dSTing-Kang Chang 1034*e7b1675dSTing-Kang Chang template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 1035*e7b1675dSTing-Kang Chang if err != nil { 1036*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 1037*e7b1675dSTing-Kang Chang } 1038*e7b1675dSTing-Kang Chang 1039*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 1040*e7b1675dSTing-Kang Chang if err != nil { 1041*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 1042*e7b1675dSTing-Kang Chang } 1043*e7b1675dSTing-Kang Chang publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 1044*e7b1675dSTing-Kang Chang if err != nil { 1045*e7b1675dSTing-Kang Chang t.Fatalf("pubKeyset failed: %v", err) 1046*e7b1675dSTing-Kang Chang } 1047*e7b1675dSTing-Kang Chang 1048*e7b1675dSTing-Kang Chang result, err := signatureService.CreatePublicKeyVerify(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}}) 1049*e7b1675dSTing-Kang Chang if err != nil { 1050*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridEncrypt with good keyset failed with gRPC error: %v", err) 1051*e7b1675dSTing-Kang Chang } 1052*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 1053*e7b1675dSTing-Kang Chang t.Fatalf("CreateHybridEncrypt good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 1054*e7b1675dSTing-Kang Chang } 1055*e7b1675dSTing-Kang Chang} 1056*e7b1675dSTing-Kang Chang 1057*e7b1675dSTing-Kang Changfunc TestFailingPublicKeySignCreation(t *testing.T) { 1058*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 1059*e7b1675dSTing-Kang Chang signatureService := &services.SignatureService{} 1060*e7b1675dSTing-Kang Chang ctx := context.Background() 1061*e7b1675dSTing-Kang Chang 1062*e7b1675dSTing-Kang Chang template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 1063*e7b1675dSTing-Kang Chang if err != nil { 1064*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 1065*e7b1675dSTing-Kang Chang } 1066*e7b1675dSTing-Kang Chang 1067*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 1068*e7b1675dSTing-Kang Chang if err != nil { 1069*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 1070*e7b1675dSTing-Kang Chang } 1071*e7b1675dSTing-Kang Chang 1072*e7b1675dSTing-Kang Chang result, err := signatureService.CreatePublicKeySign(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 1073*e7b1675dSTing-Kang Chang if err != nil { 1074*e7b1675dSTing-Kang Chang t.Fatalf("CreatePublicKeySign with bad keyset failed with gRPC error: %v", err) 1075*e7b1675dSTing-Kang Chang } 1076*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 1077*e7b1675dSTing-Kang Chang t.Fatalf("CreatePublicKeySign with bad keyset succeeded") 1078*e7b1675dSTing-Kang Chang } 1079*e7b1675dSTing-Kang Chang} 1080*e7b1675dSTing-Kang Chang 1081*e7b1675dSTing-Kang Changfunc TestFailingPublicKeyVerifyCreation(t *testing.T) { 1082*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 1083*e7b1675dSTing-Kang Chang signatureService := &services.SignatureService{} 1084*e7b1675dSTing-Kang Chang ctx := context.Background() 1085*e7b1675dSTing-Kang Chang 1086*e7b1675dSTing-Kang Chang template, err := proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) 1087*e7b1675dSTing-Kang Chang if err != nil { 1088*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(hybrid.ECIESHKDFAES128GCMKeyTemplate()) failed: %v", err) 1089*e7b1675dSTing-Kang Chang } 1090*e7b1675dSTing-Kang Chang 1091*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 1092*e7b1675dSTing-Kang Chang if err != nil { 1093*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 1094*e7b1675dSTing-Kang Chang } 1095*e7b1675dSTing-Kang Chang publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 1096*e7b1675dSTing-Kang Chang if err != nil { 1097*e7b1675dSTing-Kang Chang t.Fatalf("pubKeyset failed: %v", err) 1098*e7b1675dSTing-Kang Chang } 1099*e7b1675dSTing-Kang Chang 1100*e7b1675dSTing-Kang Chang result, err := signatureService.CreatePublicKeyVerify(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}}) 1101*e7b1675dSTing-Kang Chang if err != nil { 1102*e7b1675dSTing-Kang Chang t.Fatalf("CreatePublicKeyVerify with good keyset failed with gRPC error: %v", err) 1103*e7b1675dSTing-Kang Chang } 1104*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 1105*e7b1675dSTing-Kang Chang t.Fatalf("CreatePublicKeyVerify with bad keyset succeeded") 1106*e7b1675dSTing-Kang Chang } 1107*e7b1675dSTing-Kang Chang} 1108*e7b1675dSTing-Kang Chang 1109*e7b1675dSTing-Kang Changfunc signatureSign(ctx context.Context, signatureService *services.SignatureService, privateKeyset []byte, data []byte) ([]byte, error) { 1110*e7b1675dSTing-Kang Chang encRequest := &pb.SignatureSignRequest{ 1111*e7b1675dSTing-Kang Chang PrivateAnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}, 1112*e7b1675dSTing-Kang Chang Data: data, 1113*e7b1675dSTing-Kang Chang } 1114*e7b1675dSTing-Kang Chang response, err := signatureService.Sign(ctx, encRequest) 1115*e7b1675dSTing-Kang Chang if err != nil { 1116*e7b1675dSTing-Kang Chang return nil, err 1117*e7b1675dSTing-Kang Chang } 1118*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 1119*e7b1675dSTing-Kang Chang case *pb.SignatureSignResponse_Signature: 1120*e7b1675dSTing-Kang Chang return r.Signature, nil 1121*e7b1675dSTing-Kang Chang case *pb.SignatureSignResponse_Err: 1122*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 1123*e7b1675dSTing-Kang Chang default: 1124*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("response.Result has unexpected type %T", r) 1125*e7b1675dSTing-Kang Chang } 1126*e7b1675dSTing-Kang Chang} 1127*e7b1675dSTing-Kang Chang 1128*e7b1675dSTing-Kang Changfunc signatureVerify(ctx context.Context, signatureService *services.SignatureService, publicKeyset []byte, signatureValue []byte, data []byte) error { 1129*e7b1675dSTing-Kang Chang request := &pb.SignatureVerifyRequest{ 1130*e7b1675dSTing-Kang Chang PublicAnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: publicKeyset}, 1131*e7b1675dSTing-Kang Chang Signature: signatureValue, 1132*e7b1675dSTing-Kang Chang Data: data, 1133*e7b1675dSTing-Kang Chang } 1134*e7b1675dSTing-Kang Chang response, err := signatureService.Verify(ctx, request) 1135*e7b1675dSTing-Kang Chang if err != nil { 1136*e7b1675dSTing-Kang Chang return err 1137*e7b1675dSTing-Kang Chang } 1138*e7b1675dSTing-Kang Chang if response.Err != "" { 1139*e7b1675dSTing-Kang Chang return errors.New(response.Err) 1140*e7b1675dSTing-Kang Chang } 1141*e7b1675dSTing-Kang Chang return nil 1142*e7b1675dSTing-Kang Chang} 1143*e7b1675dSTing-Kang Chang 1144*e7b1675dSTing-Kang Changfunc TestSignatureSignVerify(t *testing.T) { 1145*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 1146*e7b1675dSTing-Kang Chang signatureService := &services.SignatureService{} 1147*e7b1675dSTing-Kang Chang ctx := context.Background() 1148*e7b1675dSTing-Kang Chang 1149*e7b1675dSTing-Kang Chang template, err := proto.Marshal(signature.ECDSAP256KeyTemplate()) 1150*e7b1675dSTing-Kang Chang if err != nil { 1151*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(signature.ECDSAP256KeyTemplate()) failed: %v", err) 1152*e7b1675dSTing-Kang Chang } 1153*e7b1675dSTing-Kang Chang 1154*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 1155*e7b1675dSTing-Kang Chang if err != nil { 1156*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 1157*e7b1675dSTing-Kang Chang } 1158*e7b1675dSTing-Kang Chang publicKeyset, err := pubKeyset(ctx, keysetService, privateKeyset) 1159*e7b1675dSTing-Kang Chang if err != nil { 1160*e7b1675dSTing-Kang Chang t.Fatalf("pubKeyset failed: %v", err) 1161*e7b1675dSTing-Kang Chang } 1162*e7b1675dSTing-Kang Chang 1163*e7b1675dSTing-Kang Chang data := []byte("The quick brown fox jumps over the lazy dog") 1164*e7b1675dSTing-Kang Chang signatureValue, err := signatureSign(ctx, signatureService, privateKeyset, data) 1165*e7b1675dSTing-Kang Chang if err != nil { 1166*e7b1675dSTing-Kang Chang t.Fatalf("signatureSign failed: %v", err) 1167*e7b1675dSTing-Kang Chang } 1168*e7b1675dSTing-Kang Chang if err := signatureVerify(ctx, signatureService, publicKeyset, signatureValue, data); err != nil { 1169*e7b1675dSTing-Kang Chang t.Fatalf("signatureVerify failed: %v", err) 1170*e7b1675dSTing-Kang Chang } 1171*e7b1675dSTing-Kang Chang 1172*e7b1675dSTing-Kang Chang if _, err := signatureSign(ctx, signatureService, []byte("badPrivateKeyset"), data); err == nil { 1173*e7b1675dSTing-Kang Chang t.Fatalf("signatureSign with bad private keyset succeeded unexpectedly.") 1174*e7b1675dSTing-Kang Chang } 1175*e7b1675dSTing-Kang Chang if err := signatureVerify(ctx, signatureService, publicKeyset, []byte("badSignature"), data); err == nil { 1176*e7b1675dSTing-Kang Chang t.Fatalf("signatureVerify of bad signature succeeded unexpectedly.") 1177*e7b1675dSTing-Kang Chang } 1178*e7b1675dSTing-Kang Chang if err := signatureVerify(ctx, signatureService, []byte("badPublicKeyset"), signatureValue, data); err == nil { 1179*e7b1675dSTing-Kang Chang t.Fatalf("signatureVerify of bad public keyset succeeded unexpectedly.") 1180*e7b1675dSTing-Kang Chang } 1181*e7b1675dSTing-Kang Chang} 1182*e7b1675dSTing-Kang Chang 1183*e7b1675dSTing-Kang Changfunc TestSuccessfulPrfSetCreation(t *testing.T) { 1184*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 1185*e7b1675dSTing-Kang Chang prfSetService := &services.PrfSetService{} 1186*e7b1675dSTing-Kang Chang ctx := context.Background() 1187*e7b1675dSTing-Kang Chang 1188*e7b1675dSTing-Kang Chang template, err := proto.Marshal(prf.HMACSHA256PRFKeyTemplate()) 1189*e7b1675dSTing-Kang Chang if err != nil { 1190*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(prf.HMACSHA256PRFKeyTemplate()) failed: %v", err) 1191*e7b1675dSTing-Kang Chang } 1192*e7b1675dSTing-Kang Chang 1193*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 1194*e7b1675dSTing-Kang Chang if err != nil { 1195*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 1196*e7b1675dSTing-Kang Chang } 1197*e7b1675dSTing-Kang Chang 1198*e7b1675dSTing-Kang Chang result, err := prfSetService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 1199*e7b1675dSTing-Kang Chang if err != nil { 1200*e7b1675dSTing-Kang Chang t.Fatalf("macService.Create with good keyset failed with gRPC error: %v", err) 1201*e7b1675dSTing-Kang Chang } 1202*e7b1675dSTing-Kang Chang if result.GetErr() != "" { 1203*e7b1675dSTing-Kang Chang t.Fatalf("macService.Create with good keyset failed with result.GetErr() = %q, want empty string", result.GetErr()) 1204*e7b1675dSTing-Kang Chang } 1205*e7b1675dSTing-Kang Chang} 1206*e7b1675dSTing-Kang Chang 1207*e7b1675dSTing-Kang Changfunc TestFailingPrfSetCreation(t *testing.T) { 1208*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 1209*e7b1675dSTing-Kang Chang prfSetService := &services.MacService{} 1210*e7b1675dSTing-Kang Chang ctx := context.Background() 1211*e7b1675dSTing-Kang Chang 1212*e7b1675dSTing-Kang Chang // We use signature keys -- then we cannot create a hybrid encrypt 1213*e7b1675dSTing-Kang Chang template, err := proto.Marshal(aead.AES128GCMKeyTemplate()) 1214*e7b1675dSTing-Kang Chang if err != nil { 1215*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(aead.AES128GCMKeyTemplate()) failed: %v", err) 1216*e7b1675dSTing-Kang Chang } 1217*e7b1675dSTing-Kang Chang 1218*e7b1675dSTing-Kang Chang privateKeyset, err := genKeyset(ctx, keysetService, template) 1219*e7b1675dSTing-Kang Chang if err != nil { 1220*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 1221*e7b1675dSTing-Kang Chang } 1222*e7b1675dSTing-Kang Chang 1223*e7b1675dSTing-Kang Chang result, err := prfSetService.Create(ctx, &pb.CreationRequest{AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: privateKeyset}}) 1224*e7b1675dSTing-Kang Chang if err != nil { 1225*e7b1675dSTing-Kang Chang t.Fatalf("prfSetService.Create with bad keyset failed with gRPC error: %v", err) 1226*e7b1675dSTing-Kang Chang } 1227*e7b1675dSTing-Kang Chang if result.GetErr() == "" { 1228*e7b1675dSTing-Kang Chang t.Fatalf("prfSetService.Create with bad keyset succeeded") 1229*e7b1675dSTing-Kang Chang } 1230*e7b1675dSTing-Kang Chang} 1231*e7b1675dSTing-Kang Chang 1232*e7b1675dSTing-Kang Changfunc prfSetKeyIds(ctx context.Context, prfSetService *services.PrfSetService, keyset []byte) (uint32, []uint32, error) { 1233*e7b1675dSTing-Kang Chang request := &pb.PrfSetKeyIdsRequest{ 1234*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 1235*e7b1675dSTing-Kang Chang } 1236*e7b1675dSTing-Kang Chang response, err := prfSetService.KeyIds(ctx, request) 1237*e7b1675dSTing-Kang Chang if err != nil { 1238*e7b1675dSTing-Kang Chang return 0, nil, err 1239*e7b1675dSTing-Kang Chang } 1240*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 1241*e7b1675dSTing-Kang Chang case *pb.PrfSetKeyIdsResponse_Output_: 1242*e7b1675dSTing-Kang Chang return r.Output.PrimaryKeyId, r.Output.KeyId, nil 1243*e7b1675dSTing-Kang Chang case *pb.PrfSetKeyIdsResponse_Err: 1244*e7b1675dSTing-Kang Chang return 0, nil, errors.New(r.Err) 1245*e7b1675dSTing-Kang Chang default: 1246*e7b1675dSTing-Kang Chang return 0, nil, fmt.Errorf("response.Result has unexpected type %T", r) 1247*e7b1675dSTing-Kang Chang } 1248*e7b1675dSTing-Kang Chang} 1249*e7b1675dSTing-Kang Chang 1250*e7b1675dSTing-Kang Changfunc prfSetCompute(ctx context.Context, prfSetService *services.PrfSetService, keyset []byte, keyID uint32, inputData []byte, outputLength int) ([]byte, error) { 1251*e7b1675dSTing-Kang Chang request := &pb.PrfSetComputeRequest{ 1252*e7b1675dSTing-Kang Chang AnnotatedKeyset: &pb.AnnotatedKeyset{SerializedKeyset: keyset}, 1253*e7b1675dSTing-Kang Chang KeyId: keyID, 1254*e7b1675dSTing-Kang Chang InputData: inputData, 1255*e7b1675dSTing-Kang Chang OutputLength: int32(outputLength), 1256*e7b1675dSTing-Kang Chang } 1257*e7b1675dSTing-Kang Chang response, err := prfSetService.Compute(ctx, request) 1258*e7b1675dSTing-Kang Chang if err != nil { 1259*e7b1675dSTing-Kang Chang return nil, err 1260*e7b1675dSTing-Kang Chang } 1261*e7b1675dSTing-Kang Chang switch r := response.Result.(type) { 1262*e7b1675dSTing-Kang Chang case *pb.PrfSetComputeResponse_Output: 1263*e7b1675dSTing-Kang Chang return r.Output, nil 1264*e7b1675dSTing-Kang Chang case *pb.PrfSetComputeResponse_Err: 1265*e7b1675dSTing-Kang Chang return nil, errors.New(r.Err) 1266*e7b1675dSTing-Kang Chang default: 1267*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("response.Result has unexpected type %T", r) 1268*e7b1675dSTing-Kang Chang } 1269*e7b1675dSTing-Kang Chang} 1270*e7b1675dSTing-Kang Chang 1271*e7b1675dSTing-Kang Changfunc TestComputePrf(t *testing.T) { 1272*e7b1675dSTing-Kang Chang keysetService := &services.KeysetService{} 1273*e7b1675dSTing-Kang Chang prfSetService := &services.PrfSetService{} 1274*e7b1675dSTing-Kang Chang ctx := context.Background() 1275*e7b1675dSTing-Kang Chang template, err := proto.Marshal(prf.HMACSHA256PRFKeyTemplate()) 1276*e7b1675dSTing-Kang Chang if err != nil { 1277*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal(prf.HMACSHA256PRFKeyTemplate()) failed: %v", err) 1278*e7b1675dSTing-Kang Chang } 1279*e7b1675dSTing-Kang Chang keyset, err := genKeyset(ctx, keysetService, template) 1280*e7b1675dSTing-Kang Chang if err != nil { 1281*e7b1675dSTing-Kang Chang t.Fatalf("genKeyset failed: %v", err) 1282*e7b1675dSTing-Kang Chang } 1283*e7b1675dSTing-Kang Chang 1284*e7b1675dSTing-Kang Chang primaryKeyID, keyIDs, err := prfSetKeyIds(ctx, prfSetService, keyset) 1285*e7b1675dSTing-Kang Chang if err != nil { 1286*e7b1675dSTing-Kang Chang t.Fatalf("prfSetKeyIds failed: %v", err) 1287*e7b1675dSTing-Kang Chang } 1288*e7b1675dSTing-Kang Chang if len(keyIDs) != 1 || keyIDs[0] != primaryKeyID { 1289*e7b1675dSTing-Kang Chang t.Fatalf("expected keyIDs = {primaryKeyID}, but go %v", keyIDs) 1290*e7b1675dSTing-Kang Chang } 1291*e7b1675dSTing-Kang Chang inputData := []byte("inputData") 1292*e7b1675dSTing-Kang Chang outputLength := 15 1293*e7b1675dSTing-Kang Chang output, err := prfSetCompute(ctx, prfSetService, keyset, primaryKeyID, inputData, outputLength) 1294*e7b1675dSTing-Kang Chang if err != nil { 1295*e7b1675dSTing-Kang Chang t.Fatalf("prfSetCompute failed: %v", err) 1296*e7b1675dSTing-Kang Chang } 1297*e7b1675dSTing-Kang Chang if len(output) != outputLength { 1298*e7b1675dSTing-Kang Chang t.Fatalf("expected output of length %d, but got length %d (%x)", outputLength, len(output), output) 1299*e7b1675dSTing-Kang Chang } 1300*e7b1675dSTing-Kang Chang badOutputLength := 123456 1301*e7b1675dSTing-Kang Chang if _, err := prfSetCompute(ctx, prfSetService, keyset, primaryKeyID, inputData, badOutputLength); err == nil { 1302*e7b1675dSTing-Kang Chang t.Fatalf("prfSetCompute with bad outputLength succeeded unexpectedly.") 1303*e7b1675dSTing-Kang Chang } 1304*e7b1675dSTing-Kang Chang} 1305*e7b1675dSTing-Kang Chang 1306*e7b1675dSTing-Kang Changfunc TestPrfKeyIdsFail(t *testing.T) { 1307*e7b1675dSTing-Kang Chang prfSetService := &services.PrfSetService{} 1308*e7b1675dSTing-Kang Chang ctx := context.Background() 1309*e7b1675dSTing-Kang Chang if _, _, err := prfSetKeyIds(ctx, prfSetService, []byte("badKeyset")); err == nil { 1310*e7b1675dSTing-Kang Chang t.Fatalf("prfSetKeyIds with bad keyset succeeded unexpectedly.") 1311*e7b1675dSTing-Kang Chang } 1312*e7b1675dSTing-Kang Chang} 1313*e7b1675dSTing-Kang Chang 1314*e7b1675dSTing-Kang Changfunc TestServerInfo(t *testing.T) { 1315*e7b1675dSTing-Kang Chang metadataService := &services.MetadataService{} 1316*e7b1675dSTing-Kang Chang ctx := context.Background() 1317*e7b1675dSTing-Kang Chang 1318*e7b1675dSTing-Kang Chang req := &pb.ServerInfoRequest{} 1319*e7b1675dSTing-Kang Chang rsp, err := metadataService.GetServerInfo(ctx, req) 1320*e7b1675dSTing-Kang Chang if err != nil { 1321*e7b1675dSTing-Kang Chang t.Fatalf("GetServerInfo failed: %v", err) 1322*e7b1675dSTing-Kang Chang } 1323*e7b1675dSTing-Kang Chang if strings.Compare(rsp.GetLanguage(), "go") != 0 { 1324*e7b1675dSTing-Kang Chang t.Fatalf("Expected language 'go', got: %v", rsp.GetLanguage()) 1325*e7b1675dSTing-Kang Chang } 1326*e7b1675dSTing-Kang Chang} 1327