• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2024 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 package com.google.crypto.tink.mac;
18 
19 import static com.google.common.truth.Truth.assertThat;
20 import static org.junit.Assert.assertThrows;
21 
22 import com.google.crypto.tink.KeysetHandle;
23 import com.google.crypto.tink.Mac;
24 import com.google.crypto.tink.config.internal.TinkFipsUtil;
25 import com.google.crypto.tink.mac.internal.AesCmacProtoSerialization;
26 import com.google.crypto.tink.mac.internal.HmacProtoSerialization;
27 import com.google.crypto.tink.util.SecretBytes;
28 import java.security.GeneralSecurityException;
29 import org.junit.Assume;
30 import org.junit.Test;
31 import org.junit.runner.RunWith;
32 import org.junit.runners.JUnit4;
33 
34 @RunWith(JUnit4.class)
35 public class MacConfigurationV0Test {
36   @Test
config_throwsIfInFipsMode()37   public void config_throwsIfInFipsMode() throws Exception {
38     Assume.assumeTrue(TinkFipsUtil.useOnlyFips());
39 
40     assertThrows(GeneralSecurityException.class, MacConfigurationV0::get);
41   }
42 
43   @Test
config_containsHmacForMac()44   public void config_containsHmacForMac() throws Exception {
45     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
46 
47     HmacProtoSerialization.register();
48     HmacParameters parameters =
49         HmacParameters.builder()
50             .setTagSizeBytes(16)
51             .setKeySizeBytes(32)
52             .setHashType(HmacParameters.HashType.SHA256)
53             .setVariant(HmacParameters.Variant.NO_PREFIX)
54             .build();
55     HmacKey key =
56         HmacKey.builder()
57             .setParameters(parameters)
58             .setKeyBytes(SecretBytes.randomBytes(32))
59             .build();
60     KeysetHandle keysetHandle =
61         KeysetHandle.newBuilder()
62             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
63             .build();
64 
65     assertThat(keysetHandle.getPrimitive(MacConfigurationV0.get(), Mac.class)).isNotNull();
66   }
67 
68   @Test
config_containsHmacForChunkedMac()69   public void config_containsHmacForChunkedMac() throws Exception {
70     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
71 
72     HmacProtoSerialization.register();
73     HmacParameters parameters =
74         HmacParameters.builder()
75             .setTagSizeBytes(16)
76             .setKeySizeBytes(32)
77             .setHashType(HmacParameters.HashType.SHA256)
78             .setVariant(HmacParameters.Variant.NO_PREFIX)
79             .build();
80     HmacKey key =
81         HmacKey.builder()
82             .setParameters(parameters)
83             .setKeyBytes(SecretBytes.randomBytes(32))
84             .build();
85     KeysetHandle keysetHandle =
86         KeysetHandle.newBuilder()
87             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
88             .build();
89 
90     assertThat(keysetHandle.getPrimitive(MacConfigurationV0.get(), ChunkedMac.class)).isNotNull();
91   }
92 
93   @Test
config_containsAesCmacForMac()94   public void config_containsAesCmacForMac() throws Exception {
95     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
96 
97     AesCmacProtoSerialization.register();
98     AesCmacParameters parameters =
99         AesCmacParameters.builder()
100             .setKeySizeBytes(32)
101             .setTagSizeBytes(10)
102             .setVariant(AesCmacParameters.Variant.NO_PREFIX)
103             .build();
104     AesCmacKey key =
105         AesCmacKey.builder()
106             .setParameters(parameters)
107             .setAesKeyBytes(SecretBytes.randomBytes(32))
108             .build();
109     KeysetHandle keysetHandle =
110         KeysetHandle.newBuilder()
111             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
112             .build();
113 
114     assertThat(keysetHandle.getPrimitive(MacConfigurationV0.get(), Mac.class)).isNotNull();
115   }
116 
117   @Test
config_disallowsNon32ByteAesCmacKeyForMac()118   public void config_disallowsNon32ByteAesCmacKeyForMac() throws Exception {
119     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
120 
121     AesCmacProtoSerialization.register();
122     AesCmacParameters parameters =
123         AesCmacParameters.builder()
124             .setKeySizeBytes(16)
125             .setTagSizeBytes(10)
126             .setVariant(AesCmacParameters.Variant.NO_PREFIX)
127             .build();
128     AesCmacKey key =
129         AesCmacKey.builder()
130             .setParameters(parameters)
131             .setAesKeyBytes(SecretBytes.randomBytes(16))
132             .build();
133     KeysetHandle keysetHandle =
134         KeysetHandle.newBuilder()
135             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
136             .build();
137 
138     assertThrows(
139         GeneralSecurityException.class,
140         () -> keysetHandle.getPrimitive(MacConfigurationV0.get(), Mac.class));
141   }
142 
143   @Test
config_containsAesCmacForChunkedMac()144   public void config_containsAesCmacForChunkedMac() throws Exception {
145     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
146 
147     AesCmacProtoSerialization.register();
148     AesCmacParameters parameters =
149         AesCmacParameters.builder()
150             .setKeySizeBytes(32)
151             .setTagSizeBytes(10)
152             .setVariant(AesCmacParameters.Variant.NO_PREFIX)
153             .build();
154     AesCmacKey key =
155         AesCmacKey.builder()
156             .setParameters(parameters)
157             .setAesKeyBytes(SecretBytes.randomBytes(32))
158             .build();
159     KeysetHandle keysetHandle =
160         KeysetHandle.newBuilder()
161             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
162             .build();
163 
164     assertThat(keysetHandle.getPrimitive(MacConfigurationV0.get(), ChunkedMac.class)).isNotNull();
165   }
166 
167   @Test
config_disallowsNon32ByteAesCmacKeyForChunkedMac()168   public void config_disallowsNon32ByteAesCmacKeyForChunkedMac() throws Exception {
169     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
170 
171     AesCmacProtoSerialization.register();
172     AesCmacParameters parameters =
173         AesCmacParameters.builder()
174             .setKeySizeBytes(16)
175             .setTagSizeBytes(10)
176             .setVariant(AesCmacParameters.Variant.NO_PREFIX)
177             .build();
178     AesCmacKey key =
179         AesCmacKey.builder()
180             .setParameters(parameters)
181             .setAesKeyBytes(SecretBytes.randomBytes(16))
182             .build();
183     KeysetHandle keysetHandle =
184         KeysetHandle.newBuilder()
185             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
186             .build();
187 
188     assertThrows(
189         GeneralSecurityException.class,
190         () -> keysetHandle.getPrimitive(MacConfigurationV0.get(), ChunkedMac.class));
191   }
192 }
193