github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/composite/ecdh/ecdh_x25519kw_public_key_manager_test.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package ecdh 8 9 import ( 10 "crypto/ed25519" 11 "crypto/rand" 12 "strings" 13 "testing" 14 15 "github.com/golang/protobuf/proto" 16 "github.com/google/tink/go/aead" 17 commonpb "github.com/google/tink/go/proto/common_go_proto" 18 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 19 "github.com/stretchr/testify/require" 20 21 "github.com/trustbloc/kms-go/util/cryptoutil" 22 23 cbcaead "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/aead" 24 ecdhpb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/ecdh_aead_go_proto" 25 ) 26 27 func TestECDHX25519XChachaPublicKeyManager_Primitive(t *testing.T) { 28 km := newX25519ECDHKWPublicKeyManager() 29 30 t.Run("Test public key manager Primitive() with empty serialized key", func(t *testing.T) { 31 p, err := km.Primitive([]byte("")) 32 require.EqualError(t, err, errInvalidx25519ECDHKWPublicKey.Error(), 33 "x25519ECDHKWPublicKeyManager primitive from empty serialized key must fail") 34 require.Empty(t, p) 35 }) 36 37 t.Run("Test public key manager Primitive() with bad serialize key", func(t *testing.T) { 38 p, err := km.Primitive([]byte("bad.data")) 39 require.EqualError(t, err, errInvalidx25519ECDHKWPublicKey.Error(), 40 "x25519ECDHKWPublicKeyManager primitive from bad serialized key must fail") 41 require.Empty(t, p) 42 }) 43 44 flagTests := []struct { 45 tcName string 46 version uint32 47 curveType commonpb.EllipticCurveType 48 keyType ecdhpb.KeyType 49 encTmp *tinkpb.KeyTemplate 50 }{ 51 { 52 tcName: "public key manager Primitive() using key with bad version", 53 version: 9999, 54 curveType: commonpb.EllipticCurveType_CURVE25519, 55 keyType: ecdhpb.KeyType_OKP, 56 encTmp: aead.XChaCha20Poly1305KeyTemplate(), 57 }, 58 { 59 tcName: "private key manager NewKey() and NewKeyData() using key with bad curve", 60 version: 0, 61 curveType: commonpb.EllipticCurveType_UNKNOWN_CURVE, 62 keyType: ecdhpb.KeyType_OKP, 63 encTmp: aead.XChaCha20Poly1305KeyTemplate(), 64 }, 65 { 66 tcName: "public key manager Primitive() using key with bad key type", 67 version: 0, 68 curveType: commonpb.EllipticCurveType_CURVE25519, 69 keyType: ecdhpb.KeyType_EC, 70 encTmp: aead.XChaCha20Poly1305KeyTemplate(), 71 }, 72 { 73 tcName: "success public key manager Primitive()", 74 version: 0, 75 curveType: commonpb.EllipticCurveType_CURVE25519, 76 keyType: ecdhpb.KeyType_OKP, 77 encTmp: aead.XChaCha20Poly1305KeyTemplate(), 78 }, 79 { 80 tcName: "public key manager Primitive() using key with bad key template URL", 81 version: 0, 82 curveType: commonpb.EllipticCurveType_CURVE25519, 83 keyType: ecdhpb.KeyType_OKP, 84 encTmp: &tinkpb.KeyTemplate{ 85 TypeUrl: "bad.type/url/value", 86 OutputPrefixType: tinkpb.OutputPrefixType_RAW, 87 }, 88 }, 89 { 90 tcName: "success public key manager Primitive() with AES-CBC+HMAC encTmp", 91 version: 0, 92 curveType: commonpb.EllipticCurveType_CURVE25519, 93 keyType: ecdhpb.KeyType_OKP, 94 encTmp: cbcaead.AES128CBCHMACSHA256KeyTemplate(), 95 }, 96 } 97 98 for _, tc := range flagTests { 99 tt := tc 100 t.Run("Test "+tt.tcName, func(t *testing.T) { 101 pub, _, err := ed25519.GenerateKey(rand.Reader) 102 require.NoError(t, err) 103 104 x25519Pub, err := cryptoutil.PublicEd25519toCurve25519(pub) 105 require.NoError(t, err) 106 107 pubKeyProto := &ecdhpb.EcdhAeadPublicKey{ 108 Version: tt.version, // if version > 0 to force an error when calling km.Primitive() 109 Params: &ecdhpb.EcdhAeadParams{ 110 KwParams: &ecdhpb.EcdhKwParams{ 111 CurveType: tt.curveType, // unknown curve to force an error when calling km.NewKey() 112 KeyType: tt.keyType, // invalid key type to force error when calling km.Primitive() 113 }, 114 EncParams: &ecdhpb.EcdhAeadEncParams{ 115 AeadEnc: tt.encTmp, // invalid data enc key template to force error when calling km.Primitive() 116 CEK: []byte{}, 117 }, 118 EcPointFormat: commonpb.EcPointFormat_UNCOMPRESSED, 119 }, 120 X: x25519Pub, 121 } 122 123 sPubKey, err := proto.Marshal(pubKeyProto) 124 require.NoError(t, err) 125 126 p, err := km.Primitive(sPubKey) 127 if strings.Contains(tt.tcName, "with bad content encryption key size") { 128 require.EqualError(t, err, errInvalidx25519ECDHKWPublicKey.Error(), 129 "x25519ECDHKWPublicKeyManager primitive from serialized key with invalid serialized key") 130 require.Empty(t, p) 131 132 return 133 } 134 135 if strings.Contains(tt.tcName, "success") { 136 require.NoError(t, err) 137 require.NotEmpty(t, p) 138 return 139 } 140 141 require.Errorf(t, err, tt.tcName) 142 require.Empty(t, p) 143 }) 144 } 145 } 146 147 func TestEcdhX25519XChachaPublicKeyManager_DoesSupport(t *testing.T) { 148 km := newX25519ECDHKWPublicKeyManager() 149 require.False(t, km.DoesSupport("bad/url")) 150 require.True(t, km.DoesSupport(x25519ECDHKWPublicKeyTypeURL)) 151 } 152 153 func TestEcdhX25519XChachaPublicKeyManager_NewKeyAndNewKeyData(t *testing.T) { 154 km := newX25519ECDHKWPublicKeyManager() 155 156 t.Run("Test public key manager NewKey()", func(t *testing.T) { 157 k, err := km.NewKey(nil) 158 require.EqualError(t, err, "x25519kw_ecdh_public_key_manager: NewKey not implemented") 159 require.Empty(t, k) 160 }) 161 162 t.Run("Test private key manager NewKeyData()", func(t *testing.T) { 163 p, err := km.NewKeyData(nil) 164 require.EqualError(t, err, "x25519kw_ecdh_public_key_manager: NewKeyData not implemented") 165 require.Empty(t, p) 166 }) 167 }