• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2024 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 package com.google.crypto.tink.prf;
18 
19 import static com.google.common.truth.Truth.assertThat;
20 import static org.junit.Assert.assertThrows;
21 
22 import com.google.crypto.tink.KeysetHandle;
23 import com.google.crypto.tink.config.internal.TinkFipsUtil;
24 import com.google.crypto.tink.prf.internal.AesCmacPrfProtoSerialization;
25 import com.google.crypto.tink.prf.internal.HkdfPrfProtoSerialization;
26 import com.google.crypto.tink.prf.internal.HmacPrfProtoSerialization;
27 import com.google.crypto.tink.util.SecretBytes;
28 import java.security.GeneralSecurityException;
29 import org.junit.Assume;
30 import org.junit.Test;
31 import org.junit.runner.RunWith;
32 import org.junit.runners.JUnit4;
33 
34 @RunWith(JUnit4.class)
35 public class PrfConfigurationV0Test {
36   @Test
config_throwsIfInFipsMode()37   public void config_throwsIfInFipsMode() throws Exception {
38     Assume.assumeTrue(TinkFipsUtil.useOnlyFips());
39 
40     assertThrows(GeneralSecurityException.class, PrfConfigurationV0::get);
41   }
42 
43   @Test
config_containsHmacPrf()44   public void config_containsHmacPrf() throws Exception {
45     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
46     HmacPrfProtoSerialization.register();
47 
48     HmacPrfKey key =
49         HmacPrfKey.builder()
50             .setParameters(
51                 HmacPrfParameters.builder()
52                     .setKeySizeBytes(32)
53                     .setHashType(HmacPrfParameters.HashType.SHA512)
54                     .build())
55             .setKeyBytes(SecretBytes.randomBytes(32))
56             .build();
57     KeysetHandle keysetHandle =
58         KeysetHandle.newBuilder()
59             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
60             .build();
61 
62     assertThat(keysetHandle.getPrimitive(PrfConfigurationV0.get(), PrfSet.class)).isNotNull();
63   }
64 
65   @Test
config_containsHkdfPrf()66   public void config_containsHkdfPrf() throws Exception {
67     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
68     HkdfPrfProtoSerialization.register();
69 
70     HkdfPrfKey key =
71         HkdfPrfKey.builder()
72             .setParameters(
73                 HkdfPrfParameters.builder()
74                     .setKeySizeBytes(32)
75                     .setHashType(HkdfPrfParameters.HashType.SHA256)
76                     .build())
77             .setKeyBytes(SecretBytes.randomBytes(32))
78             .build();
79     KeysetHandle keysetHandle =
80         KeysetHandle.newBuilder()
81             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
82             .build();
83 
84     assertThat(keysetHandle.getPrimitive(PrfConfigurationV0.get(), PrfSet.class)).isNotNull();
85   }
86 
87   @Test
config_containsAesCmacPrf()88   public void config_containsAesCmacPrf() throws Exception {
89     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
90     AesCmacPrfProtoSerialization.register();
91 
92     AesCmacPrfKey key =
93         AesCmacPrfKey.create(AesCmacPrfParameters.create(32), SecretBytes.randomBytes(32));
94     KeysetHandle keysetHandle =
95         KeysetHandle.newBuilder()
96             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
97             .build();
98 
99     assertThat(keysetHandle.getPrimitive(PrfConfigurationV0.get(), PrfSet.class)).isNotNull();
100   }
101 
102   @Test
wrongAesCmacPrfKeySize_throws()103   public void wrongAesCmacPrfKeySize_throws() throws Exception {
104     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
105     AesCmacPrfProtoSerialization.register();
106 
107     AesCmacPrfKey key =
108         AesCmacPrfKey.create(AesCmacPrfParameters.create(16), SecretBytes.randomBytes(16));
109     KeysetHandle keysetHandle =
110         KeysetHandle.newBuilder()
111             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
112             .build();
113 
114     assertThrows(
115         GeneralSecurityException.class,
116         () -> keysetHandle.getPrimitive(PrfConfigurationV0.get(), PrfSet.class));
117   }
118 
119   @Test
wrongHkdfPrfKeySize_throws()120   public void wrongHkdfPrfKeySize_throws() throws Exception {
121     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
122     HkdfPrfProtoSerialization.register();
123 
124     HkdfPrfKey key =
125         HkdfPrfKey.builder()
126             .setParameters(
127                 HkdfPrfParameters.builder()
128                     .setKeySizeBytes(16)
129                     .setHashType(HkdfPrfParameters.HashType.SHA256)
130                     .build())
131             .setKeyBytes(SecretBytes.randomBytes(16))
132             .build();
133     KeysetHandle keysetHandle =
134         KeysetHandle.newBuilder()
135             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
136             .build();
137 
138     assertThrows(
139         GeneralSecurityException.class,
140         () -> keysetHandle.getPrimitive(PrfConfigurationV0.get(), PrfSet.class));
141   }
142 
143   @Test
wrongHkdfPrfHashFunction_throws()144   public void wrongHkdfPrfHashFunction_throws() throws Exception {
145     Assume.assumeFalse(TinkFipsUtil.useOnlyFips());
146     HkdfPrfProtoSerialization.register();
147 
148     HkdfPrfKey key =
149         HkdfPrfKey.builder()
150             .setParameters(
151                 HkdfPrfParameters.builder()
152                     .setKeySizeBytes(32)
153                     .setHashType(HkdfPrfParameters.HashType.SHA1)
154                     .build())
155             .setKeyBytes(SecretBytes.randomBytes(32))
156             .build();
157     KeysetHandle keysetHandle =
158         KeysetHandle.newBuilder()
159             .addEntry(KeysetHandle.importKey(key).withRandomId().makePrimary())
160             .build();
161 
162     assertThrows(
163         GeneralSecurityException.class,
164         () -> keysetHandle.getPrimitive(PrfConfigurationV0.get(), PrfSet.class));
165   }
166 }
167