1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include <string>
18 #include <vector>
19
20 #include "gtest/gtest.h"
21 #include "tink/integration/awskms/aws_kms_aead.h"
22 #include "tink/integration/awskms/aws_kms_client.h"
23 #include "tink/integration/awskms/internal/test_file_util.h"
24 #include "tink/util/statusor.h"
25 #include "tink/util/test_matchers.h"
26
27 namespace crypto {
28 namespace tink {
29 namespace integration {
30 namespace awskms {
31 namespace {
32
33 using ::crypto::tink::test::IsOk;
34 using ::crypto::tink::test::IsOkAndHolds;
35
36 constexpr absl::string_view kAwsKmsKeyUri =
37 "aws-kms://arn:aws:kms:us-east-2:235739564943:key/"
38 "3ee50705-5a82-4f5b-9753-05c4f473922f";
39
40 constexpr absl::string_view kAwsKmsKeyAliasUri =
41 "aws-kms://arn:aws:kms:us-east-2:235739564943:alias/"
42 "unit-and-integration-testing";
43
44
TEST(AwsKmsAeadTest,EncryptDecrypt)45 TEST(AwsKmsAeadTest, EncryptDecrypt) {
46 std::string credentials =
47 internal::RunfilesPath("testdata/aws/credentials.ini");
48 util::StatusOr<std::unique_ptr<AwsKmsClient>> client =
49 AwsKmsClient::New(/*key_uri=*/"", credentials);
50 ASSERT_THAT(client, IsOk());
51
52 util::StatusOr<std::unique_ptr<Aead>> aead =
53 (*client)->GetAead(kAwsKmsKeyUri);
54 ASSERT_THAT(aead, IsOk());
55
56 constexpr absl::string_view kPlaintext = "plaintext";
57 constexpr absl::string_view kAssociatedData = "aad";
58
59 util::StatusOr<std::string> ciphertext =
60 (*aead)->Encrypt(kPlaintext, kAssociatedData);
61 ASSERT_THAT(ciphertext, IsOk());
62 EXPECT_THAT((*aead)->Decrypt(*ciphertext, kAssociatedData),
63 IsOkAndHolds(kPlaintext));
64 }
65
TEST(AwsKmsAeadTest,EncryptDecryptWithKeyAlias)66 TEST(AwsKmsAeadTest, EncryptDecryptWithKeyAlias) {
67 std::string credentials =
68 internal::RunfilesPath("testdata/aws/credentials.ini");
69 util::StatusOr<std::unique_ptr<AwsKmsClient>> client =
70 AwsKmsClient::New(/*key_uri=*/"", credentials);
71 ASSERT_THAT(client, IsOk());
72
73 util::StatusOr<std::unique_ptr<Aead>> aead =
74 (*client)->GetAead(kAwsKmsKeyAliasUri);
75 ASSERT_THAT(aead, IsOk());
76
77 constexpr absl::string_view kPlaintext = "plaintext";
78 constexpr absl::string_view kAssociatedData = "aad";
79
80 util::StatusOr<std::string> ciphertext =
81 (*aead)->Encrypt(kPlaintext, kAssociatedData);
82 ASSERT_THAT(ciphertext, IsOk());
83 EXPECT_THAT((*aead)->Decrypt(*ciphertext, kAssociatedData),
84 IsOkAndHolds(kPlaintext));
85 }
86
87 } // namespace
88 } // namespace awskms
89 } // namespace integration
90 } // namespace tink
91 } // namespace crypto
92