// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // //////////////////////////////////////////////////////////////////////////////// #include "tink/restricted_data.h" #include #include #include "gmock/gmock.h" #include "gtest/gtest.h" #include "tink/insecure_secret_key_access.h" #include "tink/subtle/random.h" #include "tink/util/secret_data.h" namespace crypto { namespace tink { using ::crypto::tink::subtle::Random; using ::testing::Eq; using ::testing::SizeIs; TEST(RestrictedDataTest, CreateAndGetSecret) { const std::string secret = Random::GetRandomBytes(32); RestrictedData data(secret, InsecureSecretKeyAccess::Get()); EXPECT_THAT(data.GetSecret(InsecureSecretKeyAccess::Get()), Eq(secret)); } TEST(RestrictedDataTest, GenerateRandomAndSize) { RestrictedData data(/*num_random_bytes=*/32); EXPECT_THAT(data.GetSecret(InsecureSecretKeyAccess::Get()), SizeIs(32)); EXPECT_THAT(data.size(), Eq(32)); } TEST(RestrictedDataTest, GenerateRandomNegative) { EXPECT_DEATH_IF_SUPPORTED( RestrictedData(/*num_random_bytes=*/-1), "Cannot generate a negative number of random bytes.\n"); } TEST(RestrictedDataTest, Equals) { const std::string secret = Random::GetRandomBytes(32); RestrictedData data(secret, InsecureSecretKeyAccess::Get()); RestrictedData same_data(secret, InsecureSecretKeyAccess::Get()); EXPECT_TRUE(data == same_data); EXPECT_TRUE(same_data == data); EXPECT_FALSE(data != same_data); EXPECT_FALSE(same_data != data); } TEST(RestrictedDataTest, NotEquals) { RestrictedData data( util::SecretDataAsStringView(Random::GetRandomKeyBytes(32)), InsecureSecretKeyAccess::Get()); RestrictedData diff_data( util::SecretDataAsStringView(Random::GetRandomKeyBytes(32)), InsecureSecretKeyAccess::Get()); EXPECT_TRUE(data != diff_data); EXPECT_TRUE(diff_data != data); EXPECT_FALSE(data == diff_data); EXPECT_FALSE(diff_data == data); } TEST(RestrictedDataTest, CopyConstructor) { RestrictedData data(/*num_random_bytes=*/32); RestrictedData copy(data); EXPECT_THAT(copy, SizeIs(32)); EXPECT_THAT(copy.GetSecret(InsecureSecretKeyAccess::Get()), Eq(data.GetSecret(InsecureSecretKeyAccess::Get()))); } TEST(RestrictedDataTest, CopyAssignment) { RestrictedData data(/*num_random_bytes=*/32); RestrictedData copy = data; EXPECT_THAT(copy, SizeIs(32)); EXPECT_THAT(copy.GetSecret(InsecureSecretKeyAccess::Get()), Eq(copy.GetSecret(InsecureSecretKeyAccess::Get()))); } TEST(RestrictedDataTest, MoveConstructor) { const std::string secret = Random::GetRandomBytes(32); RestrictedData data(secret, InsecureSecretKeyAccess::Get()); RestrictedData move(std::move(data)); EXPECT_THAT(move, SizeIs(32)); EXPECT_THAT(move.GetSecret(InsecureSecretKeyAccess::Get()), Eq(secret)); } TEST(RestrictedDataTest, MoveAssignment) { const std::string secret = Random::GetRandomBytes(32); RestrictedData data(secret, InsecureSecretKeyAccess::Get()); RestrictedData move = std::move(data); EXPECT_THAT(move, SizeIs(32)); EXPECT_THAT(move.GetSecret(InsecureSecretKeyAccess::Get()), Eq(secret)); } } // namespace tink } // namespace crypto