1 // Copyright 2021 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.keyderivation; 18 19 import static com.google.common.truth.Truth.assertThat; 20 import static org.junit.Assert.assertThrows; 21 22 import com.google.crypto.tink.KeysetHandle; 23 import com.google.crypto.tink.aead.AeadConfig; 24 import com.google.crypto.tink.aead.PredefinedAeadParameters; 25 import com.google.crypto.tink.config.TinkFips; 26 import com.google.crypto.tink.prf.PredefinedPrfParameters; 27 import java.security.GeneralSecurityException; 28 import org.junit.Assume; 29 import org.junit.Test; 30 import org.junit.runner.RunWith; 31 import org.junit.runners.JUnit4; 32 33 /** Tests for KeyDerivationConfig. */ 34 @RunWith(JUnit4.class) 35 public class KeyDerivationConfigTest { 36 37 @Test notOnlyFips_shouldBeRegistered()38 public void notOnlyFips_shouldBeRegistered() throws Exception { 39 Assume.assumeFalse(TinkFips.useOnlyFips()); 40 41 AeadConfig.register(); 42 KeyDerivationConfig.register(); 43 44 // Check that registration worked by generating a new key. 45 PrfBasedKeyDerivationParameters prfBasedParameters = 46 PrfBasedKeyDerivationParameters.builder() 47 .setPrfParameters(PredefinedPrfParameters.HKDF_SHA256) 48 .setDerivedKeyParameters(PredefinedAeadParameters.AES128_GCM) 49 .build(); 50 assertThat(KeysetHandle.generateNew(prfBasedParameters)).isNotNull(); 51 } 52 53 @Test onlyFips_shouldNotBeRegistered()54 public void onlyFips_shouldNotBeRegistered() throws Exception { 55 Assume.assumeTrue(TinkFips.useOnlyFips()); 56 57 AeadConfig.register(); 58 KeyDerivationConfig.register(); 59 60 // Both the PRF and the Key Derivation key manager should not have been installed. 61 // Check that this by verifying that key generation fails. 62 assertThrows( 63 GeneralSecurityException.class, 64 () -> KeysetHandle.generateNew(PredefinedPrfParameters.HKDF_SHA256)); 65 PrfBasedKeyDerivationParameters prfBasedParameters = 66 PrfBasedKeyDerivationParameters.builder() 67 .setPrfParameters(PredefinedPrfParameters.HKDF_SHA256) 68 .setDerivedKeyParameters(PredefinedAeadParameters.AES128_GCM) 69 .build(); 70 assertThrows( 71 GeneralSecurityException.class, () -> KeysetHandle.generateNew(prfBasedParameters)); 72 } 73 } 74