1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 use super::*;
16 use crate::credential::v0::V0;
17 use crate::credential::v1::V1;
18 use crate::extended::V1IdentityToken;
19 use alloc::vec;
20 use crypto_provider_default::CryptoProviderImpl;
21 use ldt_np_adv::V0IdentityToken;
22
23 #[test]
v0_metadata_decryption_works_same_metadata_key()24 fn v0_metadata_decryption_works_same_metadata_key() {
25 let key_seed = [3u8; 32];
26 let identity_token = V0IdentityToken::from([5u8; 14]);
27
28 let metadata = vec![7u8; 42];
29
30 let hkdf = np_hkdf::NpKeySeedHkdf::<CryptoProviderImpl>::new(&key_seed);
31 let encrypted_metadata =
32 encrypt_metadata::<CryptoProviderImpl, V0>(&hkdf, identity_token, &metadata);
33
34 let decryption_result =
35 decrypt_metadata::<CryptoProviderImpl, V0>(&hkdf, identity_token, &encrypted_metadata);
36 assert_eq!(decryption_result, Ok(metadata))
37 }
38
39 #[test]
v1_metadata_decryption_works_same_metadata_key()40 fn v1_metadata_decryption_works_same_metadata_key() {
41 let key_seed = [9u8; 32];
42 let identity_token = V1IdentityToken::from([2u8; 16]);
43
44 let metadata = vec![6u8; 51];
45
46 let hkdf = np_hkdf::NpKeySeedHkdf::<CryptoProviderImpl>::new(&key_seed);
47 let encrypted_metadata =
48 encrypt_metadata::<CryptoProviderImpl, V1>(&hkdf, identity_token, &metadata);
49
50 let decryption_result =
51 decrypt_metadata::<CryptoProviderImpl, V1>(&hkdf, identity_token, &encrypted_metadata);
52 assert_eq!(decryption_result, Ok(metadata))
53 }
54
55 #[test]
v0_metadata_decryption_fails_different_metadata_key()56 fn v0_metadata_decryption_fails_different_metadata_key() {
57 let key_seed = [3u8; 32];
58 let identity_token = V0IdentityToken::from([5u8; 14]);
59
60 let metadata = vec![7u8; 42];
61
62 let hkdf = np_hkdf::NpKeySeedHkdf::<CryptoProviderImpl>::new(&key_seed);
63 let encrypted_metadata =
64 encrypt_metadata::<CryptoProviderImpl, V0>(&hkdf, identity_token, &metadata);
65
66 let decrypting_identity_token = V0IdentityToken::from([6u8; 14]);
67
68 let decryption_result = decrypt_metadata::<CryptoProviderImpl, V0>(
69 &hkdf,
70 decrypting_identity_token,
71 &encrypted_metadata,
72 );
73 assert_eq!(decryption_result, Err(MetadataDecryptionError))
74 }
75
76 #[test]
v1_metadata_decryption_fails_different_metadata_key()77 fn v1_metadata_decryption_fails_different_metadata_key() {
78 let key_seed = [251u8; 32];
79 let identity_token = V1IdentityToken::from([127u8; 16]);
80
81 let metadata = vec![255u8; 42];
82
83 let hkdf = np_hkdf::NpKeySeedHkdf::<CryptoProviderImpl>::new(&key_seed);
84 let encrypted_metadata =
85 encrypt_metadata::<CryptoProviderImpl, V1>(&hkdf, identity_token, &metadata);
86
87 let decrypting_identity_token = V1IdentityToken::from([249u8; 16]);
88
89 let decryption_result = decrypt_metadata::<CryptoProviderImpl, V1>(
90 &hkdf,
91 decrypting_identity_token,
92 &encrypted_metadata,
93 );
94 assert_eq!(decryption_result, Err(MetadataDecryptionError))
95 }
96