// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // //////////////////////////////////////////////////////////////////////////////// package com.google.crypto.tink.internal; import static com.google.common.truth.Truth.assertThat; import static org.junit.Assert.assertThrows; import com.google.crypto.tink.InsecureSecretKeyAccess; import com.google.crypto.tink.SecretKeyAccess; import com.google.crypto.tink.proto.KeyData.KeyMaterialType; import com.google.crypto.tink.proto.OutputPrefixType; import com.google.protobuf.ByteString; import java.security.GeneralSecurityException; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @RunWith(JUnit4.class) public final class LegacyProtoKeyTest { private static final SecretKeyAccess ACCESS = InsecureSecretKeyAccess.get(); @Test public void testLegacyProtoKeyCreate() throws Exception { ProtoKeySerialization serialization = ProtoKeySerialization.create( "myTypeUrl", ByteString.copyFrom(new byte[] {}), KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, /*idRequirement = */ null); LegacyProtoKey key = new LegacyProtoKey(serialization, ACCESS); assertThat(key.getSerialization(ACCESS)).isSameInstanceAs(serialization); } @Test public void testLegacyProtoKey_getParameters() throws Exception { ProtoKeySerialization serialization = ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, /*idRequirement = */ null); LegacyProtoKey key = new LegacyProtoKey(serialization, ACCESS); assertThat(key.getSerialization(ACCESS)).isSameInstanceAs(serialization); assertThat(key.getParameters().toString()).contains("typeUrl=myTypeUrl"); assertThat(key.getParameters().toString()).contains("outputPrefixType=RAW"); } @Test public void testGetIdRequirementOrNull() throws Exception { // RAW LegacyProtoKey key = new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.copyFrom(new byte[] {}), KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, /*idRequirement = */ null), ACCESS); assertThat(key.getIdRequirementOrNull()).isNull(); // TINK key = new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.copyFrom(new byte[] {}), KeyMaterialType.SYMMETRIC, OutputPrefixType.TINK, 123), ACCESS); assertThat(key.getIdRequirementOrNull()).isEqualTo(123); // CRUNCHY key = new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.copyFrom(new byte[] {}), KeyMaterialType.SYMMETRIC, OutputPrefixType.CRUNCHY, 123), ACCESS); assertThat(key.getIdRequirementOrNull()).isEqualTo(123); // LEGACY key = new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.LEGACY, 123), ACCESS); assertThat(key.getIdRequirementOrNull()).isEqualTo(123); } @Test public void constructorAccessCheck_symmetric_throws() throws Exception { ProtoKeySerialization serialization = ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, /* idRequirement = */ null); assertThrows( GeneralSecurityException.class, () -> new LegacyProtoKey(serialization, /* access = */ null)); LegacyProtoKey key = new LegacyProtoKey(serialization, ACCESS); assertThrows(GeneralSecurityException.class, () -> key.getSerialization(/* access = */ null)); } @Test public void constructorAccessCheck_asymmetricPrivate_throws() throws Exception { ProtoKeySerialization serialization = ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.ASYMMETRIC_PRIVATE, OutputPrefixType.RAW, /* idRequirement = */ null); assertThrows( GeneralSecurityException.class, () -> new LegacyProtoKey(serialization, /* access = */ null)); LegacyProtoKey key = new LegacyProtoKey(serialization, ACCESS); assertThrows(GeneralSecurityException.class, () -> key.getSerialization(/* access = */ null)); } @Test @SuppressWarnings("CheckReturnValue") public void constructorAccessCheck_asymmetricPublic_works() throws Exception { ProtoKeySerialization serialization = ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.ASYMMETRIC_PUBLIC, OutputPrefixType.RAW, /* idRequirement= */ null); LegacyProtoKey key = new LegacyProtoKey(serialization, /* access = */ null); key.getSerialization(/* access = */ null); } @Test @SuppressWarnings("CheckReturnValue") public void constructorAccessCheck_remote_works() throws Exception { ProtoKeySerialization serialization = ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.REMOTE, OutputPrefixType.RAW, /* idRequirement= */ null); LegacyProtoKey key = new LegacyProtoKey(serialization, /* access = */ null); key.getSerialization(/* access = */ null); } @Test public void testEquals() throws Exception { LegacyProtoKey key = new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, /* idRequirement = */ null), ACCESS); assertThat( key.equalsKey( new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, /* idRequirement = */ null), ACCESS))) .isTrue(); // Different type url: assertThat( key.equalsKey( new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl2", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, /* idRequirement = */ null), ACCESS))) .isFalse(); // Different value: assertThat( key.equalsKey( new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.copyFrom(new byte[] {1}), KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, /* idRequirement = */ null), ACCESS))) .isFalse(); // Different KeyMaterialType: assertThat( key.equalsKey( new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.ASYMMETRIC_PRIVATE, OutputPrefixType.RAW, /* idRequirement = */ null), ACCESS))) .isFalse(); // Different OutputPrefixType: assertThat( key.equalsKey( new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.TINK, 123), ACCESS))) .isFalse(); } @Test public void testEquals_differentIdRequirement() throws Exception { LegacyProtoKey key123 = new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.TINK, 123), ACCESS); LegacyProtoKey key123b = new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.TINK, 123), ACCESS); LegacyProtoKey key124 = new LegacyProtoKey( ProtoKeySerialization.create( "myTypeUrl", ByteString.EMPTY, KeyMaterialType.SYMMETRIC, OutputPrefixType.TINK, 124), ACCESS); assertThat(key123.equalsKey(key123b)).isTrue(); assertThat(key123.equalsKey(key124)).isFalse(); } }