diff --git a/cc/signature/BUILD.bazel b/cc/signature/BUILD.bazel
index 75afe81d5a29c8c0481783511538c2192726a5c9..5f2ddbf084d01160e3d95cbb2a70a7eee96955fa 100644
--- a/cc/signature/BUILD.bazel
+++ b/cc/signature/BUILD.bazel
@@ -454,18 +454,16 @@ cc_test(
deps = [
":ed25519_sign_key_manager",
":ed25519_verify_key_manager",
- "//cc:core/key_manager_impl",
"//cc:public_key_sign",
"//cc:public_key_verify",
"//cc:registry",
+ "//cc/subtle:ed25519_sign_boringssl",
+ "//cc/util:enums",
"//cc/util:status",
"//cc/util:statusor",
+ "//cc/util:test_matchers",
"//cc/util:test_util",
- "//proto:aes_eax_cc_proto",
- "//proto:common_cc_proto",
"//proto:ed25519_cc_proto",
- "//proto:empty_cc_proto",
- "//proto:tink_cc_proto",
"@com_google_googletest//:gtest_main",
],
)
@@ -542,20 +540,17 @@ cc_test(
deps = [
":ed25519_sign_key_manager",
":ed25519_verify_key_manager",
- ":signature_key_templates",
- "//cc:core/private_key_manager_impl",
"//cc:public_key_sign",
"//cc:registry",
- "//cc/aead:aead_key_templates",
- "//cc/aead:aes_gcm_key_manager",
+ "//cc/subtle:ed25519_verify_boringssl",
+ "//cc/util:enums",
"//cc/util:protobuf_helper",
"//cc/util:status",
"//cc/util:statusor",
+ "//cc/util:test_matchers",
"//cc/util:test_util",
- "//proto:aes_eax_cc_proto",
- "//proto:common_cc_proto",
"//proto:ed25519_cc_proto",
- "//proto:tink_cc_proto",
+ "@com_google_absl//absl/container:flat_hash_set",
"@com_google_googletest//:gtest_main",
],
)
diff --git a/cc/signature/CMakeLists.txt b/cc/signature/CMakeLists.txt
index 9dd65892de1d703312d58bbd1d05910ed8b8a59b..51a09858accdaf4066a7855f7b8c6a3caa675e3b 100644
--- a/cc/signature/CMakeLists.txt
+++ b/cc/signature/CMakeLists.txt
@@ -395,18 +395,17 @@ tink_cc_test(
DEPS
tink::signature::ed25519_sign_key_manager
tink::signature::ed25519_verify_key_manager
- tink::core::key_manager_impl
tink::core::public_key_sign
tink::core::public_key_verify
tink::core::registry
+ tink::subtle::ed25519_sign_boringssl
+ tink::util::enums
tink::util::status
tink::util::statusor
+ tink::util::test_matchers
tink::util::test_util
- tink::proto::aes_eax_cc_proto
- tink::proto::common_cc_proto
tink::proto::ed25519_cc_proto
- tink::proto::empty_cc_proto
- tink::proto::tink_cc_proto
+ gmock
)
tink_cc_test(
@@ -471,21 +470,18 @@ tink_cc_test(
DEPS
tink::signature::ed25519_sign_key_manager
tink::signature::ed25519_verify_key_manager
- tink::signature::signature_key_templates
- tink::core::private_key_manager_impl
tink::core::public_key_sign
tink::core::registry
- tink::aead::aead_key_templates
- tink::aead::aes_gcm_key_manager
+ tink::subtle::ed25519_verify_boringssl
+ tink::util::enums
tink::util::protobuf_helper
tink::util::status
tink::util::statusor
+ tink::util::test_matchers
tink::util::test_util
- tink::proto::aes_eax_cc_proto
- tink::proto::common_cc_proto
tink::proto::ed25519_cc_proto
- tink::proto::empty_cc_proto
- tink::proto::tink_cc_proto
+ absl::flat_hash_set
+ gmock
)
tink_cc_test(
diff --git a/cc/signature/ed25519_sign_key_manager_test.cc b/cc/signature/ed25519_sign_key_manager_test.cc
index 35178ac81e918a9ebf0165538d01f79d1ccc6631..73a5e4a43b1ed4fd204a3154b8beded1581f8698 100644
--- a/cc/signature/ed25519_sign_key_manager_test.cc
+++ b/cc/signature/ed25519_sign_key_manager_test.cc
@@ -16,197 +16,137 @@
#include "tink/signature/ed25519_sign_key_manager.h"
+#include "gmock/gmock.h"
#include "gtest/gtest.h"
-#include "tink/aead/aead_key_templates.h"
-#include "tink/aead/aes_gcm_key_manager.h"
-#include "tink/core/private_key_manager_impl.h"
+#include "absl/container/flat_hash_set.h"
#include "tink/public_key_sign.h"
#include "tink/registry.h"
#include "tink/signature/ed25519_verify_key_manager.h"
-#include "tink/signature/signature_key_templates.h"
+#include "tink/subtle/ed25519_verify_boringssl.h"
+#include "tink/util/enums.h"
#include "tink/util/protobuf_helper.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
+#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
-#include "proto/aes_eax.pb.h"
-#include "proto/common.pb.h"
#include "proto/ed25519.pb.h"
-#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
-using google::crypto::tink::AesEaxKey;
-using google::crypto::tink::Ed25519KeyFormat;
-using google::crypto::tink::Ed25519PrivateKey;
-using google::crypto::tink::KeyData;
+using ::crypto::tink::test::IsOk;
+using ::crypto::tink::util::StatusOr;
+using ::google::crypto::tink::Ed25519KeyFormat;
+using ::google::crypto::tink::Ed25519PrivateKey;
+using ::google::crypto::tink::Ed25519PublicKey;
+using ::google::crypto::tink::KeyData;
+using ::testing::Eq;
+using ::testing::Not;
+using ::testing::SizeIs;
namespace {
-class Ed25519SignKeyManagerTest : public ::testing::Test {
- protected:
- std::string key_type_prefix_ = "type.googleapis.com/";
- std::string ed25519_sign_key_type_ =
- "type.googleapis.com/google.crypto.tink.Ed25519PrivateKey";
-};
-
-TEST_F(Ed25519SignKeyManagerTest, testBasic) {
- Ed25519SignKeyManager sign_key_type_manager;
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
-
- EXPECT_EQ(0, key_manager->get_version());
- EXPECT_EQ("type.googleapis.com/google.crypto.tink.Ed25519PrivateKey",
- key_manager->get_key_type());
- EXPECT_TRUE(key_manager->DoesSupport(key_manager->get_key_type()));
+TEST(Ed25519SignKeyManagerTest, Basic) {
+ EXPECT_THAT(Ed25519SignKeyManager().get_version(), Eq(0));
+ EXPECT_THAT(Ed25519SignKeyManager().key_material_type(),
+ Eq(KeyData::ASYMMETRIC_PRIVATE));
+ EXPECT_THAT(Ed25519SignKeyManager().get_key_type(),
+ Eq("type.googleapis.com/google.crypto.tink.Ed25519PrivateKey"));
}
-TEST_F(Ed25519SignKeyManagerTest, testKeyDataErrors) {
- Ed25519SignKeyManager sign_key_type_manager;
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
-
- { // Bad key type.
- KeyData key_data;
- std::string bad_key_type = "type.googleapis.com/google.crypto.tink.SomeOtherKey";
- key_data.set_type_url(bad_key_type);
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, bad_key_type,
- result.status().error_message());
- }
+TEST(Ed25519SignKeyManagerTest, ValidateKeyFormat) {
+ EXPECT_THAT(Ed25519SignKeyManager().ValidateKeyFormat(Ed25519KeyFormat()),
+ IsOk());
+}
- { // Bad key value.
- KeyData key_data;
- key_data.set_type_url(ed25519_sign_key_type_);
- key_data.set_value("some bad serialized proto");
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
- result.status().error_message());
- }
+TEST(Ed25519SignKeyManagerTest, CreateKey) {
+ StatusOr<Ed25519PrivateKey> key_or =
+ Ed25519SignKeyManager().CreateKey(Ed25519KeyFormat());
+ ASSERT_THAT(key_or.status(), IsOk());
+ Ed25519PrivateKey key = key_or.ValueOrDie();
- { // Bad version.
- KeyData key_data;
- Ed25519PrivateKey key;
- key.set_version(1);
- key_data.set_type_url(ed25519_sign_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "version",
- result.status().error_message());
- }
-}
+ EXPECT_THAT(key.version(), Eq(0));
-TEST_F(Ed25519SignKeyManagerTest, testKeyMessageErrors) {
- Ed25519SignKeyManager sign_key_type_manager;
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
-
- { // Bad protobuffer.
- AesEaxKey key;
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKey",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- }
+ EXPECT_THAT(key.public_key().version(), Eq(key.version()));
+
+ EXPECT_THAT(key.key_value(), SizeIs(32));
+ EXPECT_THAT(key.public_key().key_value(), SizeIs(32));
}
-TEST_F(Ed25519SignKeyManagerTest, testPrimitives) {
- std::string message = "some message to sign";
- Ed25519SignKeyManager sign_key_type_manager;
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto sign_key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- auto verify_key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&verify_key_type_manager);
-
- Ed25519PrivateKey key = test::GetEd25519TestPrivateKey();
-
- { // Using Key proto.
- auto result = sign_key_manager->GetPrimitive(key);
- EXPECT_TRUE(result.ok()) << result.status();
- auto sign = std::move(result.ValueOrDie());
- auto signing_result = sign->Sign(message);
- EXPECT_TRUE(signing_result.ok()) << signing_result.status();
- }
+TEST(Ed25519SignKeyManagerTest, CreateKeyValid) {
+ StatusOr<Ed25519PrivateKey> key_or =
+ Ed25519SignKeyManager().CreateKey(Ed25519KeyFormat());
+ ASSERT_THAT(key_or.status(), IsOk());
+ EXPECT_THAT(Ed25519SignKeyManager().ValidateKey(key_or.ValueOrDie()), IsOk());
+}
- { // Using KeyData proto.
- KeyData key_data;
- key_data.set_type_url(ed25519_sign_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = sign_key_manager->GetPrimitive(key_data);
- EXPECT_TRUE(result.ok()) << result.status();
- auto sign = std::move(result.ValueOrDie());
- auto signing_result = sign->Sign(message);
- EXPECT_TRUE(signing_result.ok()) << signing_result.status();
+TEST(Ed25519SignKeyManagerTest, CreateKeyAlwaysNew) {
+ absl::flat_hash_set<std::string> keys;
+ int num_tests = 100;
+ for (int i = 0; i < num_tests; ++i) {
+ StatusOr<Ed25519PrivateKey> key_or =
+ Ed25519SignKeyManager().CreateKey(Ed25519KeyFormat());
+ ASSERT_THAT(key_or.status(), IsOk());
+ keys.insert(key_or.ValueOrDie().key_value());
}
+ EXPECT_THAT(keys, SizeIs(num_tests));
}
-TEST_F(Ed25519SignKeyManagerTest, testPublicKeyExtraction) {
- Ed25519SignKeyManager sign_key_type_manager;
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- auto private_key_factory =
- dynamic_cast<const PrivateKeyFactory*>(&(key_manager->get_key_factory()));
- ASSERT_NE(private_key_factory, nullptr);
-
- auto new_key_result =
- private_key_factory->NewKey(SignatureKeyTemplates::Ed25519().value());
- std::unique_ptr<Ed25519PrivateKey> new_key(
- reinterpret_cast<Ed25519PrivateKey*>(
- new_key_result.ValueOrDie().release()));
- auto public_key_data_result =
- private_key_factory->GetPublicKeyData(new_key->SerializeAsString());
- EXPECT_TRUE(public_key_data_result.ok()) << public_key_data_result.status();
- auto public_key_data = std::move(public_key_data_result.ValueOrDie());
- EXPECT_EQ(Ed25519VerifyKeyManager().get_key_type(),
- public_key_data->type_url());
- EXPECT_EQ(KeyData::ASYMMETRIC_PUBLIC, public_key_data->key_material_type());
- EXPECT_EQ(new_key->public_key().SerializeAsString(),
- public_key_data->value());
+TEST(Ed25519SignKeyManagerTest, GetPublicKey) {
+ StatusOr<Ed25519PrivateKey> key_or =
+ Ed25519SignKeyManager().CreateKey(Ed25519KeyFormat());
+ ASSERT_THAT(key_or.status(), IsOk());
+ StatusOr<Ed25519PublicKey> public_key_or =
+ Ed25519SignKeyManager().GetPublicKey(key_or.ValueOrDie());
+ ASSERT_THAT(public_key_or.status(), IsOk());
+ EXPECT_THAT(public_key_or.ValueOrDie().version(),
+ Eq(key_or.ValueOrDie().public_key().version()));
+ EXPECT_THAT(public_key_or.ValueOrDie().key_value(),
+ Eq(key_or.ValueOrDie().public_key().key_value()));
}
-TEST_F(Ed25519SignKeyManagerTest, testPublicKeyExtractionErrors) {
- Ed25519SignKeyManager sign_key_type_manager;
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- auto private_key_factory =
- dynamic_cast<const PrivateKeyFactory*>(&(key_manager->get_key_factory()));
- ASSERT_NE(private_key_factory, nullptr);
-
- auto public_key_data_result = private_key_factory->GetPublicKeyData(
- google::crypto::tink::AesGcmKey().SerializeAsString());
- EXPECT_FALSE(public_key_data_result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT,
- public_key_data_result.status().error_code());
-}
+TEST(EcdsaSignKeyManagerTest, Create) {
+ StatusOr<Ed25519PrivateKey> key_or =
+ Ed25519SignKeyManager().CreateKey(Ed25519KeyFormat());
+ ASSERT_THAT(key_or.status(), IsOk());
+ Ed25519PrivateKey key = key_or.ValueOrDie();
-TEST_F(Ed25519SignKeyManagerTest, testNewKey) {
- Ed25519SignKeyManager sign_key_type_manager;
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- const KeyFactory& key_factory = key_manager->get_key_factory();
- Ed25519KeyFormat key_format;
- auto result = key_factory.NewKey(key_format);
- EXPECT_TRUE(result.ok());
+ auto signer_or =
+ Ed25519SignKeyManager().GetPrimitive<PublicKeySign>(key);
+ ASSERT_THAT(signer_or.status(), IsOk());
+
+ auto direct_verifier_or =
+ subtle::Ed25519VerifyBoringSsl::New(key.public_key().key_value());
+
+ ASSERT_THAT(direct_verifier_or.status(), IsOk());
+
+ std::string message = "Some message";
+ EXPECT_THAT(direct_verifier_or.ValueOrDie()->Verify(
+ signer_or.ValueOrDie()->Sign(message).ValueOrDie(), message),
+ IsOk());
}
+TEST(EcdsaSignKeyManagerTest, CreateDifferentKey) {
+ StatusOr<Ed25519PrivateKey> key_or =
+ Ed25519SignKeyManager().CreateKey(Ed25519KeyFormat());
+ ASSERT_THAT(key_or.status(), IsOk());
+ Ed25519PrivateKey key = key_or.ValueOrDie();
+
+ auto signer_or =
+ Ed25519SignKeyManager().GetPrimitive<PublicKeySign>(key);
+ ASSERT_THAT(signer_or.status(), IsOk());
+
+ auto direct_verifier_or =
+ subtle::Ed25519VerifyBoringSsl::New("01234567890123456789012345678901");
+
+ ASSERT_THAT(direct_verifier_or.status(), IsOk());
+
+ std::string message = "Some message";
+ EXPECT_THAT(direct_verifier_or.ValueOrDie()->Verify(
+ signer_or.ValueOrDie()->Sign(message).ValueOrDie(), message),
+ Not(IsOk()));
+}
} // namespace
} // namespace tink
} // namespace crypto
+
diff --git a/cc/signature/ed25519_verify_key_manager_test.cc b/cc/signature/ed25519_verify_key_manager_test.cc
index b5d50aee5f4dd6ed8c1e9dd942655498ce118a33..b903e51c85e9ec15e40800df038c3a25eb45e6ac 100644
--- a/cc/signature/ed25519_verify_key_manager_test.cc
+++ b/cc/signature/ed25519_verify_key_manager_test.cc
@@ -16,154 +16,120 @@
#include "tink/signature/ed25519_verify_key_manager.h"
+#include "gmock/gmock.h"
#include "gtest/gtest.h"
-#include "tink/core/key_manager_impl.h"
#include "tink/public_key_sign.h"
#include "tink/public_key_verify.h"
#include "tink/registry.h"
#include "tink/signature/ed25519_sign_key_manager.h"
+#include "tink/subtle/ed25519_sign_boringssl.h"
+#include "tink/util/enums.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
+#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
-#include "proto/aes_eax.pb.h"
-#include "proto/common.pb.h"
#include "proto/ed25519.pb.h"
-#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
-using google::crypto::tink::AesEaxKey;
-using google::crypto::tink::Ed25519KeyFormat;
-using google::crypto::tink::Ed25519PrivateKey;
-using google::crypto::tink::Ed25519PublicKey;
-using google::crypto::tink::KeyData;
+using ::crypto::tink::test::IsOk;
+using ::google::crypto::tink::Ed25519KeyFormat;
+using ::google::crypto::tink::Ed25519PrivateKey;
+using ::google::crypto::tink::Ed25519PublicKey;
+using ::google::crypto::tink::KeyData;
+using ::testing::Eq;
+using ::testing::Not;
namespace {
-class Ed25519VerifyKeyManagerTest : public ::testing::Test {
- protected:
- std::string key_type_prefix_ = "type.googleapis.com/";
- std::string ed25519_verify_key_type_ =
- "type.googleapis.com/google.crypto.tink.Ed25519PublicKey";
-};
-
-TEST_F(Ed25519VerifyKeyManagerTest, testBasic) {
- Ed25519VerifyKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&key_type_manager);
-
- EXPECT_EQ(0, key_manager->get_version());
- EXPECT_EQ("type.googleapis.com/google.crypto.tink.Ed25519PublicKey",
- key_manager->get_key_type());
- EXPECT_TRUE(key_manager->DoesSupport(key_manager->get_key_type()));
+TEST(Ed25519VerifyKeyManagerTest, Basics) {
+ EXPECT_THAT(Ed25519VerifyKeyManager().get_version(), Eq(0));
+ EXPECT_THAT(Ed25519VerifyKeyManager().key_material_type(),
+ Eq(KeyData::ASYMMETRIC_PUBLIC));
+ EXPECT_THAT(Ed25519VerifyKeyManager().get_key_type(),
+ Eq("type.googleapis.com/google.crypto.tink.Ed25519PublicKey"));
}
-TEST_F(Ed25519VerifyKeyManagerTest, testKeyDataErrors) {
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&verify_key_type_manager);
-
- { // Bad key type.
- KeyData key_data;
- std::string bad_key_type = "type.googleapis.com/google.crypto.tink.SomeOtherKey";
- key_data.set_type_url(bad_key_type);
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, bad_key_type,
- result.status().error_message());
- }
-
- { // Bad key value.
- KeyData key_data;
- key_data.set_type_url(ed25519_verify_key_type_);
- key_data.set_value("some bad serialized proto");
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
- result.status().error_message());
- }
-
- { // Bad version.
- KeyData key_data;
- Ed25519PublicKey key;
- key.set_version(1);
- key_data.set_type_url(ed25519_verify_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "version",
- result.status().error_message());
- }
+TEST(Ed25519VerifyKeyManagerTest, ValidateEmptyKey) {
+ EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(Ed25519PublicKey()),
+ Not(IsOk()));
}
-TEST_F(Ed25519VerifyKeyManagerTest, testKeyMessageErrors) {
- Ed25519VerifyKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&key_type_manager);
-
- { // Bad protobuffer.
- AesEaxKey key;
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKey",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- }
+Ed25519PrivateKey CreateValidPrivateKey() {
+ return Ed25519SignKeyManager().CreateKey(Ed25519KeyFormat()).ValueOrDie();
}
-TEST_F(Ed25519VerifyKeyManagerTest, testPrimitives) {
- std::string message = "some message to sign";
- Ed25519SignKeyManager sign_key_type_manager;
- Ed25519VerifyKeyManager verify_key_type_manager;
- auto sign_key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- auto verify_key_manager = internal::MakeKeyManager<PublicKeyVerify>(
- &verify_key_type_manager);
-
- Ed25519PrivateKey private_key = test::GetEd25519TestPrivateKey();
- Ed25519PublicKey key = private_key.public_key();
- auto sign =
- std::move(sign_key_manager->GetPrimitive(private_key).ValueOrDie());
- std::string signature = sign->Sign(message).ValueOrDie();
-
- { // Using Key proto.
- auto result = verify_key_manager->GetPrimitive(key);
- EXPECT_TRUE(result.ok()) << result.status();
- auto verify = std::move(result.ValueOrDie());
- auto verify_status = verify->Verify(signature, message);
- EXPECT_TRUE(verify_status.ok()) << verify_status;
- }
-
- { // Using KeyData proto.
- KeyData key_data;
- key_data.set_type_url(ed25519_verify_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = verify_key_manager->GetPrimitive(key_data);
- EXPECT_TRUE(result.ok()) << result.status();
- auto verify = std::move(result.ValueOrDie());
- auto verify_status = verify->Verify(signature, message);
- EXPECT_TRUE(verify_status.ok()) << verify_status;
- }
+Ed25519PublicKey CreateValidPublicKey() {
+ return Ed25519SignKeyManager()
+ .GetPublicKey(CreateValidPrivateKey())
+ .ValueOrDie();
}
-TEST_F(Ed25519VerifyKeyManagerTest, testNewKey) {
- Ed25519VerifyKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&key_type_manager);
- const KeyFactory& key_factory = key_manager->get_key_factory();
- Ed25519KeyFormat key_format;
- auto result = key_factory.NewKey(key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
+// Checks that a public key generaed by the SignKeyManager is considered valid.
+TEST(Ed25519VerifyKeyManagerTest, PublicKeyValid) {
+ Ed25519PublicKey key = CreateValidPublicKey();
+ EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(key), IsOk());
+}
+
+TEST(Ed25519VerifyKeyManagerTest, PublicKeyWrongVersion) {
+ Ed25519PublicKey key = CreateValidPublicKey();
+ key.set_version(1);
+ EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(key), Not(IsOk()));
+}
+
+TEST(Ed25519VerifyKeyManagerTest, PublicKeyWrongKeyLength31) {
+ Ed25519PublicKey key = CreateValidPublicKey();
+ key.set_key_value(std::string(31, 'a'));
+ EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(key), Not(IsOk()));
+}
+
+TEST(Ed25519VerifyKeyManagerTest, PublicKeyWrongKeyLength64) {
+ Ed25519PublicKey key = CreateValidPublicKey();
+ key.set_key_value(std::string(64, 'a'));
+ EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(key), Not(IsOk()));
+}
+
+TEST(Ed25519SignKeyManagerTest, Create) {
+ Ed25519PrivateKey private_key = CreateValidPrivateKey();
+ Ed25519PublicKey public_key =
+ Ed25519SignKeyManager().GetPublicKey(private_key).ValueOrDie();
+
+ auto direct_signer_or = subtle::Ed25519SignBoringSsl::New(
+ absl::StrCat(private_key.key_value(), public_key.key_value()));
+ ASSERT_THAT(direct_signer_or.status(), IsOk());
+
+ auto verifier_or =
+ Ed25519VerifyKeyManager().GetPrimitive<PublicKeyVerify>(public_key);
+ ASSERT_THAT(verifier_or.status(), IsOk());
+
+ std::string message = "Some message";
+ EXPECT_THAT(
+ verifier_or.ValueOrDie()->Verify(
+ direct_signer_or.ValueOrDie()->Sign(message).ValueOrDie(), message),
+ IsOk());
+}
+
+TEST(Ed25519SignKeyManagerTest, CreateDifferentPrivateKey) {
+ Ed25519PrivateKey private_key = CreateValidPrivateKey();
+ // Note: we create a new key in the next line.
+ Ed25519PublicKey public_key = Ed25519SignKeyManager()
+ .GetPublicKey(CreateValidPrivateKey())
+ .ValueOrDie();
+
+ auto direct_signer_or = subtle::Ed25519SignBoringSsl::New(absl::StrCat(
+ private_key.key_value(), private_key.public_key().key_value()));
+ ASSERT_THAT(direct_signer_or.status(), IsOk());
+
+ auto verifier_or =
+ Ed25519VerifyKeyManager().GetPrimitive<PublicKeyVerify>(public_key);
+ ASSERT_THAT(verifier_or.status(), IsOk());
+
+ std::string message = "Some message";
+ EXPECT_THAT(
+ verifier_or.ValueOrDie()->Verify(
+ direct_signer_or.ValueOrDie()->Sign(message).ValueOrDie(), message),
+ Not(IsOk()));
}
} // namespace