1// Copyright 2019 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17package registry_test 18 19import ( 20 "testing" 21 22 "google.golang.org/protobuf/proto" 23 "github.com/google/tink/go/aead" 24 "github.com/google/tink/go/core/registry" 25 "github.com/google/tink/go/mac" 26 "github.com/google/tink/go/mac/subtle" 27 "github.com/google/tink/go/testing/fakekms" 28 "github.com/google/tink/go/testutil" 29 gcmpb "github.com/google/tink/go/proto/aes_gcm_go_proto" 30 commonpb "github.com/google/tink/go/proto/common_go_proto" 31 hmacpb "github.com/google/tink/go/proto/hmac_go_proto" 32 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 33) 34 35func TestRegisterKeyManager(t *testing.T) { 36 // get HMACKeyManager 37 _, err := registry.GetKeyManager(testutil.HMACTypeURL) 38 if err != nil { 39 t.Errorf("unexpected error: %s", err) 40 } 41 // get AESGCMKeyManager 42 _, err = registry.GetKeyManager(testutil.AESGCMTypeURL) 43 if err != nil { 44 t.Errorf("unexpected error: %s", err) 45 } 46 // some random typeurl 47 if _, err = registry.GetKeyManager("some url"); err == nil { 48 t.Errorf("expect an error when a type url doesn't exist in the registry") 49 } 50} 51 52func TestRegisterKeyManagerWithCollision(t *testing.T) { 53 // dummyKeyManager's typeURL is equal to that of AESGCM 54 var dummyKeyManager = new(testutil.DummyAEADKeyManager) 55 // This should fail because overwriting is disallowed. 56 err := registry.RegisterKeyManager(dummyKeyManager) 57 if err == nil { 58 t.Errorf("%s shouldn't be registered again", testutil.AESGCMTypeURL) 59 } 60 61 km, err := registry.GetKeyManager(testutil.AESGCMTypeURL) 62 if err != nil { 63 t.Errorf("unexpected error: %s", err) 64 } 65 // This should fail because overwriting is disallowed, even with the same key manager. 66 err = registry.RegisterKeyManager(km) 67 if err == nil { 68 t.Errorf("%s shouldn't be registered again", testutil.AESGCMTypeURL) 69 } 70} 71 72func TestNewKeyData(t *testing.T) { 73 // new Keydata from a Hmac KeyTemplate 74 keyData, err := registry.NewKeyData(mac.HMACSHA256Tag128KeyTemplate()) 75 if err != nil { 76 t.Errorf("unexpected error: %s", err) 77 } 78 if keyData.TypeUrl != testutil.HMACTypeURL { 79 t.Errorf("invalid key data") 80 } 81 key := new(hmacpb.HmacKey) 82 if err := proto.Unmarshal(keyData.Value, key); err != nil { 83 t.Errorf("unexpected error when unmarshal HmacKey: %s", err) 84 } 85 // nil 86 if _, err := registry.NewKeyData(nil); err == nil { 87 t.Errorf("expect an error when key template is nil") 88 } 89 // unregistered type url 90 template := &tinkpb.KeyTemplate{TypeUrl: "some url", Value: []byte{0}} 91 if _, err := registry.NewKeyData(template); err == nil { 92 t.Errorf("expect an error when key template contains unregistered typeURL") 93 } 94} 95 96func TestNewKey(t *testing.T) { 97 // aead template 98 aesGcmTemplate := aead.AES128GCMKeyTemplate() 99 key, err := registry.NewKey(aesGcmTemplate) 100 if err != nil { 101 t.Errorf("unexpected error: %s", err) 102 } 103 var aesGcmKey = key.(*gcmpb.AesGcmKey) 104 aesGcmFormat := new(gcmpb.AesGcmKeyFormat) 105 if err := proto.Unmarshal(aesGcmTemplate.Value, aesGcmFormat); err != nil { 106 t.Errorf("unexpected error: %s", err) 107 } 108 if aesGcmFormat.KeySize != uint32(len(aesGcmKey.KeyValue)) { 109 t.Errorf("key doesn't match template") 110 } 111 //nil 112 if _, err := registry.NewKey(nil); err == nil { 113 t.Errorf("expect an error when key template is nil") 114 } 115 // unregistered type url 116 template := &tinkpb.KeyTemplate{TypeUrl: "some url", Value: []byte{0}} 117 if _, err := registry.NewKey(template); err == nil { 118 t.Errorf("expect an error when key template is not registered") 119 } 120} 121 122func TestPrimitiveFromKeyData(t *testing.T) { 123 // hmac keydata 124 keyData := testutil.NewHMACKeyData(commonpb.HashType_SHA256, 16) 125 p, err := registry.PrimitiveFromKeyData(keyData) 126 if err != nil { 127 t.Errorf("unexpected error: %s", err) 128 } 129 var _ *subtle.HMAC = p.(*subtle.HMAC) 130 // unregistered url 131 keyData.TypeUrl = "some url" 132 if _, err := registry.PrimitiveFromKeyData(keyData); err == nil { 133 t.Errorf("expect an error when typeURL has not been registered") 134 } 135 // unmatched url 136 keyData.TypeUrl = testutil.AESGCMTypeURL 137 if _, err := registry.PrimitiveFromKeyData(keyData); err == nil { 138 t.Errorf("expect an error when typeURL doesn't match key") 139 } 140 // nil 141 if _, err := registry.PrimitiveFromKeyData(nil); err == nil { 142 t.Errorf("expect an error when key data is nil") 143 } 144} 145 146func TestPrimitive(t *testing.T) { 147 // hmac key 148 key := testutil.NewHMACKey(commonpb.HashType_SHA256, 16) 149 serializedKey, _ := proto.Marshal(key) 150 p, err := registry.Primitive(testutil.HMACTypeURL, serializedKey) 151 if err != nil { 152 t.Errorf("unexpected error: %s", err) 153 } 154 var _ *subtle.HMAC = p.(*subtle.HMAC) 155 // unregistered url 156 if _, err := registry.Primitive("some url", serializedKey); err == nil { 157 t.Errorf("expect an error when typeURL has not been registered") 158 } 159 // unmatched url 160 if _, err := registry.Primitive(testutil.AESGCMTypeURL, serializedKey); err == nil { 161 t.Errorf("expect an error when typeURL doesn't match key") 162 } 163 // void key 164 if _, err := registry.Primitive(testutil.AESGCMTypeURL, nil); err == nil { 165 t.Errorf("expect an error when key is nil") 166 } 167 if _, err := registry.Primitive(testutil.AESGCMTypeURL, []byte{}); err == nil { 168 t.Errorf("expect an error when key is nil") 169 } 170 if _, err := registry.Primitive(testutil.AESGCMTypeURL, []byte{0}); err == nil { 171 t.Errorf("expect an error when key is nil") 172 } 173} 174 175func TestRegisterKmsClient(t *testing.T) { 176 c1, err := fakekms.NewClient("fake-kms://prefix1") 177 if err != nil { 178 t.Fatalf("fakekms.NewClient('fake-kms://prefix1') failed: %v", err) 179 } 180 c2, err := fakekms.NewClient("fake-kms://prefix2") 181 if err != nil { 182 t.Fatalf("fakekms.NewClient('fake-kms://prefix2') failed: %v", err) 183 } 184 registry.RegisterKMSClient(c1) 185 registry.RegisterKMSClient(c2) 186 output1, err := registry.GetKMSClient("fake-kms://prefix1-postfix") 187 if err != nil { 188 t.Errorf("registry.GetKMSClient('fake-kms://prefix1-postfix') failed: %v", err) 189 } 190 if output1 != c1 { 191 t.Errorf("registry.GetKMSClient('fake-kms://prefix1-postfix') did not return c1") 192 } 193 output2, err := registry.GetKMSClient("fake-kms://prefix2-postfix") 194 if err != nil { 195 t.Errorf("registry.GetKMSClient('fake-kms://prefix2-postfix') failed: %v", err) 196 } 197 if output2 != c2 { 198 t.Errorf("registry.GetKMSClient('fake-kms://prefix2-postfix') did not return c2") 199 } 200 _, err = registry.GetKMSClient("fake-kms://unknown-prefix") 201 if err == nil { 202 t.Errorf("registry.GetKMSClient('fake-kms://unknown-prefix') succeeded, want fail") 203 } 204 _, err = registry.GetKMSClient("bad-kms://unknown-prefix") 205 if err == nil { 206 t.Errorf("registry.GetKMSClient('bad-kms://unknown-prefix') succeeded, want fail") 207 } 208} 209