From 6b5c5a95a382b1d207d869c2c306e4fb256d2121 Mon Sep 17 00:00:00 2001
From: tholenst <tholenst@google.com>
Date: Mon, 26 Aug 2019 01:41:51 -0700
Subject: [PATCH] Migrate the Ecdsa tests.
PiperOrigin-RevId: 265408902
---
cc/signature/BUILD.bazel | 17 +-
cc/signature/CMakeLists.txt | 25 +-
cc/signature/ecdsa_sign_key_manager.cc | 1 -
cc/signature/ecdsa_sign_key_manager_test.cc | 546 +++++++-----------
cc/signature/ecdsa_verify_key_manager_test.cc | 368 ++++++------
5 files changed, 394 insertions(+), 563 deletions(-)
diff --git a/cc/signature/BUILD.bazel b/cc/signature/BUILD.bazel
index d6a3b5726..e598441cb 100644
--- a/cc/signature/BUILD.bazel
+++ b/cc/signature/BUILD.bazel
@@ -431,11 +431,14 @@ cc_test(
deps = [
":ecdsa_sign_key_manager",
":ecdsa_verify_key_manager",
- "//cc:config",
"//cc:public_key_sign",
"//cc:public_key_verify",
"//cc:registry",
+ "//cc/subtle:ecdsa_sign_boringssl",
+ "//cc/subtle:subtle_util_boringssl",
+ "//cc/util:enums",
"//cc/util:status",
+ "//cc/util:test_matchers",
"//cc/util:test_util",
"//proto:aes_eax_cc_proto",
"//proto:common_cc_proto",
@@ -520,18 +523,14 @@ cc_test(
deps = [
":ecdsa_sign_key_manager",
":ecdsa_verify_key_manager",
- ":signature_key_templates",
- "//cc:config",
"//cc:public_key_sign",
- "//cc:registry",
- "//cc/aead:aead_key_templates",
- "//cc/aead:aes_gcm_key_manager",
+ "//cc:public_key_verify",
+ "//cc/util:enums",
"//cc/util:status",
+ "//cc/util:statusor",
+ "//cc/util:test_matchers",
"//cc/util:test_util",
- "//proto:aes_eax_cc_proto",
- "//proto:common_cc_proto",
"//proto:ecdsa_cc_proto",
- "//proto:tink_cc_proto",
"@com_google_googletest//:gtest_main",
],
)
diff --git a/cc/signature/CMakeLists.txt b/cc/signature/CMakeLists.txt
index 8647d0764..0b6751669 100644
--- a/cc/signature/CMakeLists.txt
+++ b/cc/signature/CMakeLists.txt
@@ -378,16 +378,17 @@ tink_cc_test(
DEPS
tink::signature::ecdsa_sign_key_manager
tink::signature::ecdsa_verify_key_manager
- tink::core::config
tink::core::public_key_sign
tink::core::public_key_verify
- tink::core::registry
+ tink::subtle::ecdsa_sign_boringssl
+ tink::subtle::subtle_util_boringssl
+ tink::util::enums
tink::util::status
+ tink::util::statusor
+ tink::util::test_matchers
tink::util::test_util
- tink::proto::aes_eax_cc_proto
- tink::proto::common_cc_proto
tink::proto::ecdsa_cc_proto
- tink::proto::tink_cc_proto
+ gmock
)
tink_cc_test(
@@ -452,17 +453,17 @@ tink_cc_test(
tink::signature::ecdsa_sign_key_manager
tink::signature::ecdsa_verify_key_manager
tink::signature::signature_key_templates
- tink::core::config
tink::core::public_key_sign
- tink::core::registry
- tink::aead::aead_key_templates
- tink::aead::aes_gcm_key_manager
+ tink::core::public_key_verify
+ tink::subtle::ecdsa_verify_boringssl
+ tink::subtle::subtle_util_boringssl
+ tink::util::enums
tink::util::status
+ tink::util::statusor
+ tink::util::test_matchers
tink::util::test_util
- tink::proto::aes_eax_cc_proto
- tink::proto::common_cc_proto
tink::proto::ecdsa_cc_proto
- tink::proto::tink_cc_proto
+ gmock
)
tink_cc_test(
diff --git a/cc/signature/ecdsa_sign_key_manager.cc b/cc/signature/ecdsa_sign_key_manager.cc
index 43de7b880..3449e4ef8 100644
--- a/cc/signature/ecdsa_sign_key_manager.cc
+++ b/cc/signature/ecdsa_sign_key_manager.cc
@@ -39,7 +39,6 @@ using crypto::tink::util::StatusOr;
using google::crypto::tink::EcdsaKeyFormat;
using google::crypto::tink::EcdsaPrivateKey;
using google::crypto::tink::EcdsaPublicKey;
-using google::crypto::tink::KeyData;
StatusOr<EcdsaPrivateKey> EcdsaSignKeyManager::CreateKey(
const EcdsaKeyFormat& ecdsa_key_format) const {
diff --git a/cc/signature/ecdsa_sign_key_manager_test.cc b/cc/signature/ecdsa_sign_key_manager_test.cc
index 62d83633a..301d4bbd6 100644
--- a/cc/signature/ecdsa_sign_key_manager_test.cc
+++ b/cc/signature/ecdsa_sign_key_manager_test.cc
@@ -16,374 +16,248 @@
#include "tink/signature/ecdsa_sign_key_manager.h"
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
#include "tink/public_key_sign.h"
-#include "tink/registry.h"
-#include "tink/aead/aead_key_templates.h"
-#include "tink/aead/aes_gcm_key_manager.h"
-#include "tink/signature/signature_key_templates.h"
+#include "tink/public_key_verify.h"
#include "tink/signature/ecdsa_verify_key_manager.h"
+#include "tink/subtle/ecdsa_verify_boringssl.h"
+#include "tink/subtle/subtle_util_boringssl.h"
+#include "tink/util/enums.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
+#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
-#include "gtest/gtest.h"
-#include "proto/common.pb.h"
#include "proto/ecdsa.pb.h"
-#include "proto/aes_eax.pb.h"
-#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
-using google::crypto::tink::AesEaxKey;
-using google::crypto::tink::AesEaxKeyFormat;
-using google::crypto::tink::EcdsaKeyFormat;
-using google::crypto::tink::EcdsaPrivateKey;
-using google::crypto::tink::EcdsaSignatureEncoding;
-using google::crypto::tink::EllipticCurveType;
-using google::crypto::tink::HashType;
-using google::crypto::tink::KeyData;
+using ::crypto::tink::test::IsOk;
+using ::crypto::tink::test::StatusIs;
+using ::crypto::tink::util::Enums;
+using ::crypto::tink::util::StatusOr;
+using ::google::crypto::tink::EcdsaKeyFormat;
+using ::google::crypto::tink::EcdsaParams;
+using ::google::crypto::tink::EcdsaPrivateKey;
+using ::google::crypto::tink::EcdsaPublicKey;
+using ::google::crypto::tink::EcdsaSignatureEncoding;
+using ::google::crypto::tink::EllipticCurveType;
+using ::google::crypto::tink::HashType;
+using ::google::crypto::tink::KeyData;
+using ::testing::Eq;
+using ::testing::Gt;
+using ::testing::HasSubstr;
+using ::testing::Not;
+using ::testing::SizeIs;
namespace {
-class EcdsaSignKeyManagerTest : public ::testing::Test {
- protected:
- std::string key_type_prefix_ = "type.googleapis.com/";
- std::string ecdsa_sign_key_type_ =
- "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey";
-};
-
-// Checks whether given key is compatible with the given format.
-void CheckNewKey(const EcdsaPrivateKey& ecdsa_key,
- const EcdsaKeyFormat& key_format) {
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
-
- EXPECT_EQ(0, ecdsa_key.version());
- EXPECT_TRUE(ecdsa_key.has_public_key());
- EXPECT_GT(ecdsa_key.key_value().length(), 0);
- EXPECT_EQ(0, ecdsa_key.public_key().version());
- EXPECT_GT(ecdsa_key.public_key().x().length(), 0);
- EXPECT_GT(ecdsa_key.public_key().y().length(), 0);
- EXPECT_EQ(ecdsa_key.public_key().params().SerializeAsString(),
- key_format.params().SerializeAsString());
- auto primitive_result = key_manager->GetPrimitive(ecdsa_key);
- EXPECT_TRUE(primitive_result.ok()) << primitive_result.status();
+TEST(EcdsaSignKeyManagerTest, Basic) {
+ EXPECT_THAT(EcdsaSignKeyManager().get_version(), Eq(0));
+ EXPECT_THAT(EcdsaSignKeyManager().key_material_type(),
+ Eq(KeyData::ASYMMETRIC_PRIVATE));
+ EXPECT_THAT(EcdsaSignKeyManager().get_key_type(),
+ Eq("type.googleapis.com/google.crypto.tink.EcdsaPrivateKey"));
}
-TEST_F(EcdsaSignKeyManagerTest, testBasic) {
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
+TEST(EcdsaSignKeyManagerTest, ValidateEmptyKeyFormat) {
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKeyFormat(EcdsaKeyFormat()),
+ Not(IsOk()));
+}
- EXPECT_EQ(0, key_manager->get_version());
- EXPECT_EQ("type.googleapis.com/google.crypto.tink.EcdsaPrivateKey",
- key_manager->get_key_type());
- EXPECT_TRUE(key_manager->DoesSupport(key_manager->get_key_type()));
+EcdsaKeyFormat CreateValidKeyFormat() {
+ EcdsaKeyFormat key_format;
+ EcdsaParams* params = key_format.mutable_params();
+ params->set_hash_type(HashType::SHA256);
+ params->set_curve(EllipticCurveType::NIST_P256);
+ params->set_encoding(EcdsaSignatureEncoding::DER);
+ return key_format;
}
-TEST_F(EcdsaSignKeyManagerTest, testKeyDataErrors) {
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
-
- { // Bad key type.
- KeyData key_data;
- std::string bad_key_type =
- "type.googleapis.com/google.crypto.tink.SomeOtherKey";
- key_data.set_type_url(bad_key_type);
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, bad_key_type,
- result.status().error_message());
- }
-
- { // Bad key value.
- KeyData key_data;
- key_data.set_type_url(ecdsa_sign_key_type_);
- key_data.set_value("some bad serialized proto");
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
- result.status().error_message());
- }
-
- { // Bad version.
- KeyData key_data;
- EcdsaPrivateKey key;
- key.set_version(1);
- key_data.set_type_url(ecdsa_sign_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "version",
- result.status().error_message());
- }
+TEST(EcdsaSignKeyManagerTest, ValidateKeyFormat) {
+ EcdsaKeyFormat format = CreateValidKeyFormat();
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKeyFormat(format), IsOk());
}
-TEST_F(EcdsaSignKeyManagerTest, testKeyMessageErrors) {
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
-
- { // Bad protobuffer.
- AesEaxKey key;
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKey",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- }
-
- { // Bad elliptic curve.
- EcdsaPrivateKey key;
- auto public_key = key.mutable_public_key();
- public_key->mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- public_key->mutable_params()->set_curve(EllipticCurveType::UNKNOWN_CURVE);
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Unsupported elliptic curve",
- result.status().error_message());
- }
-
- { // Bad hash type for NIST P256.
- EcdsaPrivateKey key;
- auto public_key = key.mutable_public_key();
- public_key->mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- public_key->mutable_params()->set_curve(EllipticCurveType::NIST_P256);
- public_key->mutable_params()->set_hash_type(HashType::SHA512);
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Only SHA256",
- result.status().error_message());
- }
-
- { // Bad hash type for NIST P384.
- EcdsaPrivateKey key;
- auto public_key = key.mutable_public_key();
- public_key->mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- public_key->mutable_params()->set_curve(EllipticCurveType::NIST_P384);
- public_key->mutable_params()->set_hash_type(HashType::SHA256);
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Only SHA512",
- result.status().error_message());
- }
-
- { // Bad hash type for NIST P521.
- EcdsaPrivateKey key;
- auto public_key = key.mutable_public_key();
- public_key->mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- public_key->mutable_params()->set_curve(EllipticCurveType::NIST_P384);
- public_key->mutable_params()->set_hash_type(HashType::SHA256);
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Only SHA512",
- result.status().error_message());
- }
+TEST(EcdsaSignKeyManagerTest, ValidateKeyFormatUnknownCurve) {
+ EcdsaKeyFormat format = CreateValidKeyFormat();
+ EcdsaParams* params = format.mutable_params();
+ params->set_curve(EllipticCurveType::UNKNOWN_CURVE);
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKeyFormat(format), Not(IsOk()));
}
-TEST_F(EcdsaSignKeyManagerTest, testPrimitives) {
- EcdsaSignatureEncoding encodings[2] = {EcdsaSignatureEncoding::DER,
- EcdsaSignatureEncoding::IEEE_P1363};
- for (EcdsaSignatureEncoding encoding : encodings) {
- std::string message = "some message to sign";
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto sign_key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- EcdsaPrivateKey key = test::GetEcdsaTestPrivateKey(
- EllipticCurveType::NIST_P256, HashType::SHA256, encoding);
-
- { // Using Key proto.
- auto result = sign_key_manager->GetPrimitive(key);
- EXPECT_TRUE(result.ok()) << result.status();
- auto sign = std::move(result.ValueOrDie());
- auto signing_result = sign->Sign(message);
- EXPECT_TRUE(signing_result.ok()) << signing_result.status();
- }
-
- { // Using KeyData proto.
- KeyData key_data;
- key_data.set_type_url(ecdsa_sign_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = sign_key_manager->GetPrimitive(key_data);
- EXPECT_TRUE(result.ok()) << result.status();
- auto sign = std::move(result.ValueOrDie());
- auto signing_result = sign->Sign(message);
- EXPECT_TRUE(signing_result.ok()) << signing_result.status();
- }
- }
+TEST(EcdsaSignKeyManagerTest, ValidateKeyFormatBadHashP256) {
+ EcdsaKeyFormat format = CreateValidKeyFormat();
+ EcdsaParams* params = format.mutable_params();
+ params->set_curve(EllipticCurveType::NIST_P256);
+ params->set_hash_type(HashType::SHA512);
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKeyFormat(format), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaSignKeyManager().ValidateKeyFormat(format),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA256")));
}
-TEST_F(EcdsaSignKeyManagerTest, testNewKeyCreation) {
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- const KeyFactory& key_factory = key_manager->get_key_factory();
-
- { // Via NewKey(format_proto).
- EcdsaKeyFormat key_format;
- ASSERT_TRUE(key_format.ParseFromString(
- SignatureKeyTemplates::EcdsaP256().value()));
- auto result = key_factory.NewKey(key_format);
- EXPECT_TRUE(result.ok()) << result.status();
- auto key = std::move(result.ValueOrDie());
- ASSERT_EQ(ecdsa_sign_key_type_, key_type_prefix_ + key->GetTypeName());
- std::unique_ptr<EcdsaPrivateKey> ecdsa_key(
- static_cast<EcdsaPrivateKey*>(key.release()));
- CheckNewKey(*ecdsa_key, key_format);
- }
-
- { // Via NewKey(serialized_format_proto).
- EcdsaKeyFormat key_format;
- ASSERT_TRUE(key_format.ParseFromString(
- SignatureKeyTemplates::EcdsaP384().value()));
- auto result = key_factory.NewKey(key_format.SerializeAsString());
- EXPECT_TRUE(result.ok()) << result.status();
- auto key = std::move(result.ValueOrDie());
- ASSERT_EQ(ecdsa_sign_key_type_, key_type_prefix_ + key->GetTypeName());
- std::unique_ptr<EcdsaPrivateKey> ecdsa_key(
- static_cast<EcdsaPrivateKey*>(key.release()));
- CheckNewKey(*ecdsa_key, key_format);
- }
-
- { // Via NewKeyData(serialized_format_proto).
- EcdsaKeyFormat key_format;
- ASSERT_TRUE(key_format.ParseFromString(
- SignatureKeyTemplates::EcdsaP521().value()));
- auto result = key_factory.NewKeyData(key_format.SerializeAsString());
- EXPECT_TRUE(result.ok()) << result.status();
- auto key_data = std::move(result.ValueOrDie());
- EXPECT_EQ(ecdsa_sign_key_type_, key_data->type_url());
- EXPECT_EQ(KeyData::ASYMMETRIC_PRIVATE, key_data->key_material_type());
- EcdsaPrivateKey ecdsa_key;
- ASSERT_TRUE(ecdsa_key.ParseFromString(key_data->value()));
- CheckNewKey(ecdsa_key, key_format);
- }
+TEST(EcdsaSignKeyManagerTest, ValidateKeyFormatBadHashP384) {
+ EcdsaKeyFormat format = CreateValidKeyFormat();
+ EcdsaParams* params = format.mutable_params();
+ params->set_curve(EllipticCurveType::NIST_P384);
+ params->set_hash_type(HashType::SHA256);
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKeyFormat(format), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaSignKeyManager().ValidateKeyFormat(format),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA512")));
}
-TEST_F(EcdsaSignKeyManagerTest, testPublicKeyExtraction) {
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- auto private_key_factory =
- dynamic_cast<const PrivateKeyFactory*>(&(key_manager->get_key_factory()));
- ASSERT_NE(private_key_factory, nullptr);
-
- auto new_key_result = private_key_factory->NewKey(
- SignatureKeyTemplates::EcdsaP256().value());
- std::unique_ptr<EcdsaPrivateKey> new_key(
- reinterpret_cast<EcdsaPrivateKey*>(
- new_key_result.ValueOrDie().release()));
- auto public_key_data_result = private_key_factory->GetPublicKeyData(
- new_key->SerializeAsString());
- EXPECT_TRUE(public_key_data_result.ok()) << public_key_data_result.status();
- auto public_key_data = std::move(public_key_data_result.ValueOrDie());
- EXPECT_EQ(EcdsaVerifyKeyManager().get_key_type(),
- public_key_data->type_url());
- EXPECT_EQ(KeyData::ASYMMETRIC_PUBLIC, public_key_data->key_material_type());
- EXPECT_EQ(new_key->public_key().SerializeAsString(),
- public_key_data->value());
+TEST(EcdsaSignKeyManagerTest, ValidateKeyFormatBadHashP521) {
+ EcdsaKeyFormat format = CreateValidKeyFormat();
+ EcdsaParams* params = format.mutable_params();
+ params->set_curve(EllipticCurveType::NIST_P521);
+ params->set_hash_type(HashType::SHA256);
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKeyFormat(format), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaSignKeyManager().ValidateKeyFormat(format),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA512")));
}
-TEST_F(EcdsaSignKeyManagerTest, testPublicKeyExtractionErrors) {
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- auto private_key_factory =
- dynamic_cast<const PrivateKeyFactory*>(&(key_manager->get_key_factory()));
- ASSERT_NE(private_key_factory, nullptr);
-
- auto public_key_data_result = private_key_factory->GetPublicKeyData(
- google::crypto::tink::AesGcmKey().SerializeAsString());
- EXPECT_FALSE(public_key_data_result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT,
- public_key_data_result.status().error_code());
+TEST(EcdsaSignKeyManagerTest, CreateKey) {
+ EcdsaKeyFormat format = CreateValidKeyFormat();
+ StatusOr<EcdsaPrivateKey> key_or = EcdsaSignKeyManager().CreateKey(format);
+ ASSERT_THAT(key_or.status(), IsOk());
+ EcdsaPrivateKey key = key_or.ValueOrDie();
+
+ EXPECT_THAT(key.version(), Eq(0));
+
+ EXPECT_THAT(key.public_key().version(), Eq(key.version()));
+ EXPECT_THAT(key.public_key().params().hash_type(),
+ Eq(format.params().hash_type()));
+ EXPECT_THAT(key.public_key().params().curve(), Eq(format.params().curve()));
+ EXPECT_THAT(key.public_key().params().encoding(),
+ Eq(format.params().encoding()));
+
+ EXPECT_THAT(key.public_key().x(), SizeIs(Gt(0)));
+ EXPECT_THAT(key.public_key().y(), SizeIs(Gt(0)));
+
+ EXPECT_THAT(key.key_value(), SizeIs(Gt(0)));
}
-TEST_F(EcdsaSignKeyManagerTest, testNewKeyErrors) {
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- const KeyFactory& key_factory = key_manager->get_key_factory();
+TEST(EcdsaSignKeyManagerTest, CreateKeyValid) {
+ EcdsaKeyFormat format = CreateValidKeyFormat();
+ StatusOr<EcdsaPrivateKey> key_or = EcdsaSignKeyManager().CreateKey(format);
+ ASSERT_THAT(key_or.status(), IsOk());
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKey(key_or.ValueOrDie()), IsOk());
+}
- // Empty key format.
- EcdsaKeyFormat key_format;
- {
- auto result = key_factory.NewKey(key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Missing params",
- result.status().error_message());
- }
-
- // Wrong encoding.
- auto params = key_format.mutable_params();
- {
- auto result = key_factory.NewKey(key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Unsupported signature encoding",
- result.status().error_message());
- }
- // Wrong curve
- params->set_encoding(EcdsaSignatureEncoding::DER);
- {
- auto result = key_factory.NewKey(key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Unsupported elliptic curve",
- result.status().error_message());
- }
-
- // Wrong hash for the curve.
+EcdsaPrivateKey CreateValidKey() {
+ EcdsaKeyFormat format = CreateValidKeyFormat();
+ return EcdsaSignKeyManager().CreateKey(format).ValueOrDie();
+}
+
+TEST(EcdsaSignKeyManagerTest, ValidateKey) {
+ EcdsaPrivateKey key = CreateValidKey();
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKey(key), IsOk());
+}
+
+TEST(EcdsaSignKeyManagerTest, ValidateKeyBadHashP256) {
+ EcdsaPrivateKey key = CreateValidKey();
+ EcdsaParams* params = key.mutable_public_key()->mutable_params();
+ params->set_curve(EllipticCurveType::NIST_P256);
+ params->set_hash_type(HashType::SHA512);
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKey(key), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaSignKeyManager().ValidateKey(key),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA256")));
+}
+
+TEST(EcdsaSignKeyManagerTest, ValidateKeyBadHashP384) {
+ EcdsaPrivateKey key = CreateValidKey();
+ EcdsaParams* params = key.mutable_public_key()->mutable_params();
+ params->set_curve(EllipticCurveType::NIST_P384);
+ params->set_hash_type(HashType::SHA256);
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKey(key), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaSignKeyManager().ValidateKey(key),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA512")));
+}
+
+TEST(EcdsaSignKeyManagerTest, ValidateKeyBadHashP521) {
+ EcdsaPrivateKey key = CreateValidKey();
+ EcdsaParams* params = key.mutable_public_key()->mutable_params();
params->set_curve(EllipticCurveType::NIST_P521);
- {
- auto result = key_factory.NewKey(key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Only SHA512",
- result.status().error_message());
- }
-
- // Bad serialized format.
- {
- auto result = key_factory.NewKey("some bad serialization");
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Could not parse",
- result.status().error_message());
- }
-
- // Wrong format proto.
- {
- AesEaxKeyFormat wrong_key_format;
- auto result = key_factory.NewKey(wrong_key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "is not supported",
- result.status().error_message());
- }
+ params->set_hash_type(HashType::SHA256);
+ EXPECT_THAT(EcdsaSignKeyManager().ValidateKey(key), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaSignKeyManager().ValidateKey(key),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA512")));
+}
+
+TEST(EcdsaSignKeyManagerTest, GetPublicKey) {
+ EcdsaPrivateKey key = CreateValidKey();
+ StatusOr<EcdsaPublicKey> public_key_or =
+ EcdsaSignKeyManager().GetPublicKey(key);
+
+ ASSERT_THAT(public_key_or.status(), IsOk());
+ EcdsaPublicKey public_key = public_key_or.ValueOrDie();
+
+ EXPECT_THAT(public_key.version(), Eq(key.public_key().version()));
+ EXPECT_THAT(public_key.params().hash_type(),
+ Eq(key.public_key().params().hash_type()));
+ EXPECT_THAT(public_key.params().curve(),
+ Eq(key.public_key().params().curve()));
+ EXPECT_THAT(public_key.params().encoding(),
+ Eq(key.public_key().params().encoding()));
+
+ EXPECT_THAT(public_key.x(), Eq(key.public_key().x()));
+ EXPECT_THAT(public_key.y(), Eq(key.public_key().y()));
+}
+
+TEST(EcdsaSignKeyManagerTest, Create) {
+ EcdsaPrivateKey private_key = CreateValidKey();
+ EcdsaPublicKey public_key =
+ EcdsaSignKeyManager().GetPublicKey(private_key).ValueOrDie();
+
+ auto signer_or =
+ EcdsaSignKeyManager().GetPrimitive<PublicKeySign>(private_key);
+ ASSERT_THAT(signer_or.status(), IsOk());
+
+ subtle::SubtleUtilBoringSSL::EcKey ec_key;
+ ec_key.curve = Enums::ProtoToSubtle(public_key.params().curve());
+ ec_key.pub_x = public_key.x();
+ ec_key.pub_y = public_key.y();
+ auto direct_verifier_or = subtle::EcdsaVerifyBoringSsl::New(
+ ec_key, Enums::ProtoToSubtle(public_key.params().hash_type()),
+ Enums::ProtoToSubtle(public_key.params().encoding()));
+ ASSERT_THAT(direct_verifier_or.status(), IsOk());
+
+ std::string message = "Some message";
+ EXPECT_THAT(direct_verifier_or.ValueOrDie()->Verify(
+ signer_or.ValueOrDie()->Sign(message).ValueOrDie(), message),
+ IsOk());
+}
+
+TEST(EcdsaSignKeyManagerTest, CreateDifferentKey) {
+ EcdsaPrivateKey private_key = CreateValidKey();
+ // Note: we create a new key in the next line.
+ EcdsaPublicKey public_key =
+ EcdsaSignKeyManager().GetPublicKey(CreateValidKey()).ValueOrDie();
+
+ auto signer_or =
+ EcdsaSignKeyManager().GetPrimitive<PublicKeySign>(private_key);
+ ASSERT_THAT(signer_or.status(), IsOk());
+
+ subtle::SubtleUtilBoringSSL::EcKey ec_key;
+ ec_key.curve = Enums::ProtoToSubtle(public_key.params().curve());
+ ec_key.pub_x = public_key.x();
+ ec_key.pub_y = public_key.y();
+ auto direct_verifier_or = subtle::EcdsaVerifyBoringSsl::New(
+ ec_key, Enums::ProtoToSubtle(public_key.params().hash_type()),
+ Enums::ProtoToSubtle(public_key.params().encoding()));
+ ASSERT_THAT(direct_verifier_or.status(), IsOk());
+
+ std::string message = "Some message";
+ EXPECT_THAT(direct_verifier_or.ValueOrDie()->Verify(
+ signer_or.ValueOrDie()->Sign(message).ValueOrDie(), message),
+ Not(IsOk()));
}
} // namespace
diff --git a/cc/signature/ecdsa_verify_key_manager_test.cc b/cc/signature/ecdsa_verify_key_manager_test.cc
index ba3ab548b..5fa27e6e9 100644
--- a/cc/signature/ecdsa_verify_key_manager_test.cc
+++ b/cc/signature/ecdsa_verify_key_manager_test.cc
@@ -16,243 +16,201 @@
#include "tink/signature/ecdsa_verify_key_manager.h"
+#include "gmock/gmock.h"
#include "gtest/gtest.h"
-#include "tink/core/key_manager_impl.h"
-#include "tink/core/private_key_manager_impl.h"
#include "tink/public_key_sign.h"
#include "tink/public_key_verify.h"
-#include "tink/registry.h"
#include "tink/signature/ecdsa_sign_key_manager.h"
+#include "tink/subtle/ecdsa_sign_boringssl.h"
+#include "tink/subtle/subtle_util_boringssl.h"
+#include "tink/util/enums.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
+#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
-#include "proto/aes_eax.pb.h"
-#include "proto/common.pb.h"
#include "proto/ecdsa.pb.h"
-#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
-using google::crypto::tink::AesEaxKey;
-using google::crypto::tink::EcdsaKeyFormat;
-using google::crypto::tink::EcdsaPrivateKey;
-using google::crypto::tink::EcdsaPublicKey;
-using google::crypto::tink::EcdsaSignatureEncoding;
-using google::crypto::tink::EllipticCurveType;
-using google::crypto::tink::HashType;
-using google::crypto::tink::KeyData;
+using ::crypto::tink::test::IsOk;
+using ::crypto::tink::test::StatusIs;
+using ::crypto::tink::util::Enums;
+using ::google::crypto::tink::EcdsaKeyFormat;
+using ::google::crypto::tink::EcdsaParams;
+using ::google::crypto::tink::EcdsaPrivateKey;
+using ::google::crypto::tink::EcdsaPublicKey;
+using ::google::crypto::tink::EcdsaSignatureEncoding;
+using ::google::crypto::tink::EllipticCurveType;
+using ::google::crypto::tink::HashType;
+using ::google::crypto::tink::KeyData;
+using ::testing::Eq;
+using ::testing::HasSubstr;
+using ::testing::Not;
namespace {
-class EcdsaVerifyKeyManagerTest : public ::testing::Test {
- protected:
- std::string key_type_prefix_ = "type.googleapis.com/";
- std::string ecdsa_verify_key_type_ =
- "type.googleapis.com/google.crypto.tink.EcdsaPublicKey";
-};
-
-TEST_F(EcdsaVerifyKeyManagerTest, testBasic) {
- EcdsaVerifyKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&key_type_manager);
-
- EXPECT_EQ(0, key_manager->get_version());
- EXPECT_EQ("type.googleapis.com/google.crypto.tink.EcdsaPublicKey",
- key_manager->get_key_type());
- EXPECT_TRUE(key_manager->DoesSupport(key_manager->get_key_type()));
+TEST(EcdsaVerifyKeyManagerTest, Basics) {
+ EXPECT_THAT(EcdsaVerifyKeyManager().get_version(), Eq(0));
+ EXPECT_THAT(EcdsaVerifyKeyManager().key_material_type(),
+ Eq(KeyData::ASYMMETRIC_PUBLIC));
+ EXPECT_THAT(EcdsaVerifyKeyManager().get_key_type(),
+ Eq("type.googleapis.com/google.crypto.tink.EcdsaPublicKey"));
}
-TEST_F(EcdsaVerifyKeyManagerTest, testKeyDataErrors) {
- EcdsaVerifyKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&key_type_manager);
-
- { // Bad key type.
- KeyData key_data;
- std::string bad_key_type =
- "type.googleapis.com/google.crypto.tink.SomeOtherKey";
- key_data.set_type_url(bad_key_type);
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, bad_key_type,
- result.status().error_message());
- }
-
- { // Bad key value.
- KeyData key_data;
- key_data.set_type_url(ecdsa_verify_key_type_);
- key_data.set_value("some bad serialized proto");
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
- result.status().error_message());
- }
-
- { // Bad version.
- KeyData key_data;
- EcdsaPublicKey key;
- key.set_version(1);
- key_data.set_type_url(ecdsa_verify_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "version",
- result.status().error_message());
- }
+TEST(EcdsaVerifyKeyManagerTest, ValidateEmptyKey) {
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateKey(EcdsaPublicKey()),
+ Not(IsOk()));
}
-TEST_F(EcdsaVerifyKeyManagerTest, testKeyMessageErrors) {
- EcdsaVerifyKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&key_type_manager);
-
- { // Bad protobuffer.
- AesEaxKey key;
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKey",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- }
-
- { // Bad elliptic curve.
- EcdsaPublicKey key;
- key.mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- key.mutable_params()->set_curve(EllipticCurveType::UNKNOWN_CURVE);
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Unsupported elliptic curve",
- result.status().error_message());
- }
+EcdsaPrivateKey CreateValidPrivateKey() {
+ EcdsaKeyFormat key_format;
+ EcdsaParams* params = key_format.mutable_params();
+ params->set_hash_type(HashType::SHA256);
+ params->set_curve(EllipticCurveType::NIST_P256);
+ params->set_encoding(EcdsaSignatureEncoding::DER);
+ return EcdsaSignKeyManager().CreateKey(key_format).ValueOrDie();
+}
- { // Bad hash type for NIST P256.
- EcdsaPublicKey key;
- key.mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- key.mutable_params()->set_curve(EllipticCurveType::NIST_P256);
- key.mutable_params()->set_hash_type(HashType::SHA512);
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Only SHA256",
- result.status().error_message());
- }
+EcdsaPublicKey CreateValidPublicKey() {
+ return EcdsaSignKeyManager()
+ .GetPublicKey(CreateValidPrivateKey())
+ .ValueOrDie();
+}
- { // Bad hash type for NIST P384.
- EcdsaPublicKey key;
- key.mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- key.mutable_params()->set_curve(EllipticCurveType::NIST_P384);
- key.mutable_params()->set_hash_type(HashType::SHA256);
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Only SHA512",
- result.status().error_message());
- }
+// Checks that a public key generaed by the SignKeyManager is considered valid.
+TEST(EcdsaVerifyKeyManagerTest, PublicKeyValid) {
+ EcdsaPublicKey key = CreateValidPublicKey();
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateKey(key), IsOk());
+}
- { // Bad hash type for NIST P521.
- EcdsaPublicKey key;
- key.mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- key.mutable_params()->set_curve(EllipticCurveType::NIST_P384);
- key.mutable_params()->set_hash_type(HashType::SHA256);
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "Only SHA512",
- result.status().error_message());
- }
+TEST(EcdsaSignKeyManagerTest, ValidateKeyBadHashP256) {
+ EcdsaPublicKey key = CreateValidPublicKey();
+ EcdsaParams* params = key.mutable_params();
+ params->set_curve(EllipticCurveType::NIST_P256);
+ params->set_hash_type(HashType::SHA512);
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateKey(key), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaVerifyKeyManager().ValidateKey(key),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA256")));
}
-TEST_F(EcdsaVerifyKeyManagerTest, testPrimitives) {
- EcdsaSignatureEncoding encodings[2] = {EcdsaSignatureEncoding::DER,
- EcdsaSignatureEncoding::IEEE_P1363};
- for (EcdsaSignatureEncoding encoding : encodings) {
- std::string message = "some message to sign";
- EcdsaSignKeyManager sign_key_type_manager;
- EcdsaVerifyKeyManager verify_key_type_manager;
- auto verify_key_manager =
- internal::MakeKeyManager<PublicKeyVerify>(&verify_key_type_manager);
- auto sign_key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
- &sign_key_type_manager, &verify_key_type_manager);
- EcdsaPrivateKey private_key = test::GetEcdsaTestPrivateKey(
- EllipticCurveType::NIST_P256, HashType::SHA256, encoding);
- EcdsaPublicKey key = private_key.public_key();
- auto sign =
- std::move(sign_key_manager->GetPrimitive(private_key).ValueOrDie());
- std::string signature = sign->Sign(message).ValueOrDie();
+TEST(EcdsaSignKeyManagerTest, ValidateKeyBadHashP384) {
+ EcdsaPublicKey key = CreateValidPublicKey();
+ EcdsaParams* params = key.mutable_params();
+ params->set_curve(EllipticCurveType::NIST_P384);
+ params->set_hash_type(HashType::SHA256);
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateKey(key), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaVerifyKeyManager().ValidateKey(key),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA512")));
+}
- { // Using Key proto.
- auto result = verify_key_manager->GetPrimitive(key);
- EXPECT_TRUE(result.ok()) << result.status();
- auto verify = std::move(result.ValueOrDie());
- auto verify_status = verify->Verify(signature, message);
- EXPECT_TRUE(verify_status.ok()) << verify_status;
- }
+TEST(EcdsaSignKeyManagerTest, ValidateKeyBadHashP521) {
+ EcdsaPublicKey key = CreateValidPublicKey();
+ EcdsaParams* params = key.mutable_params();
+ params->set_curve(EllipticCurveType::NIST_P521);
+ params->set_hash_type(HashType::SHA256);
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateKey(key), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaVerifyKeyManager().ValidateKey(key),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA512")));
+}
- { // Using KeyData proto.
- KeyData key_data;
- key_data.set_type_url(ecdsa_verify_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = verify_key_manager->GetPrimitive(key_data);
- EXPECT_TRUE(result.ok()) << result.status();
- auto verify = std::move(result.ValueOrDie());
- auto verify_status = verify->Verify(signature, message);
- EXPECT_TRUE(verify_status.ok()) << verify_status;
- }
+TEST(EcdsaSignKeyManagerTest, ValidateParams) {
+ EcdsaParams params;
+ params.set_hash_type(HashType::SHA256);
+ params.set_curve(EllipticCurveType::NIST_P256);
+ params.set_encoding(EcdsaSignatureEncoding::DER);
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateParams(params), IsOk());
+}
- { // Using Key proto with wrong encoding.
- auto params = key.mutable_params();
- params->set_encoding(encoding == EcdsaSignatureEncoding::DER
- ? EcdsaSignatureEncoding::IEEE_P1363
- : EcdsaSignatureEncoding::DER);
- auto result = verify_key_manager->GetPrimitive(key);
- EXPECT_TRUE(result.ok()) << result.status();
- auto verify = std::move(result.ValueOrDie());
- auto verify_status = verify->Verify(signature, message);
- EXPECT_FALSE(verify_status.ok()) << verify_status;
- }
- }
+TEST(EcdsaSignKeyManagerTest, ValidateParamsBadHashP256) {
+ EcdsaParams params;
+ params.set_hash_type(HashType::SHA512);
+ params.set_curve(EllipticCurveType::NIST_P256);
+ params.set_encoding(EcdsaSignatureEncoding::DER);
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateParams(params), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaVerifyKeyManager().ValidateParams(params),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA256")));
}
-TEST_F(EcdsaVerifyKeyManagerTest, testNewKeyError) {
- EcdsaVerifyKeyManager key_type_manager;
- auto key_manager = internal::MakeKeyManager<PublicKeySign>(&key_type_manager);
- const KeyFactory& key_factory = key_manager->get_key_factory();
+TEST(EcdsaSignKeyManagerTest, ValidateParamsBadHashP384) {
+ EcdsaParams params;
+ params.set_curve(EllipticCurveType::NIST_P384);
+ params.set_hash_type(HashType::SHA256);
+ params.set_encoding(EcdsaSignatureEncoding::DER);
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateParams(params), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaVerifyKeyManager().ValidateParams(params),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA512")));
+}
- { // Via NewKey(format_proto).
- EcdsaKeyFormat key_format;
- auto result = key_factory.NewKey(key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::UNIMPLEMENTED, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- }
+TEST(EcdsaSignKeyManagerTest, ValidateParamsBadHashP521) {
+ EcdsaParams params;
+ params.set_curve(EllipticCurveType::NIST_P521);
+ params.set_hash_type(HashType::SHA256);
+ params.set_encoding(EcdsaSignatureEncoding::DER);
+ EXPECT_THAT(EcdsaVerifyKeyManager().ValidateParams(params), Not(IsOk()));
+ EXPECT_THAT(
+ EcdsaVerifyKeyManager().ValidateParams(params),
+ StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("Only SHA512")));
+}
- { // Via NewKey(serialized_format_proto).
- EcdsaKeyFormat key_format;
- auto result = key_factory.NewKey(key_format.SerializeAsString());
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::UNIMPLEMENTED, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- }
+TEST(EcdsaSignKeyManagerTest, Create) {
+ EcdsaPrivateKey private_key = CreateValidPrivateKey();
+ EcdsaPublicKey public_key =
+ EcdsaSignKeyManager().GetPublicKey(private_key).ValueOrDie();
+
+ subtle::SubtleUtilBoringSSL::EcKey ec_key;
+ ec_key.curve = Enums::ProtoToSubtle(public_key.params().curve());
+ ec_key.pub_x = public_key.x();
+ ec_key.pub_y = public_key.y();
+ ec_key.priv = private_key.key_value();
+
+ auto direct_signer_or = subtle::EcdsaSignBoringSsl::New(
+ ec_key, Enums::ProtoToSubtle(public_key.params().hash_type()),
+ Enums::ProtoToSubtle(public_key.params().encoding()));
+ ASSERT_THAT(direct_signer_or.status(), IsOk());
+
+ auto verifier_or =
+ EcdsaVerifyKeyManager().GetPrimitive<PublicKeyVerify>(public_key);
+ ASSERT_THAT(verifier_or.status(), IsOk());
+
+ std::string message = "Some message";
+ EXPECT_THAT(
+ verifier_or.ValueOrDie()->Verify(
+ direct_signer_or.ValueOrDie()->Sign(message).ValueOrDie(), message),
+ IsOk());
+}
- { // Via NewKeyData(serialized_format_proto).
- EcdsaKeyFormat key_format;
- auto result = key_factory.NewKeyData(key_format.SerializeAsString());
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::UNIMPLEMENTED, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- }
+TEST(EcdsaSignKeyManagerTest, CreateDifferentPrivateKey) {
+ EcdsaPrivateKey private_key = CreateValidPrivateKey();
+ // Note: we create a new key in the next line.
+ EcdsaPublicKey public_key =
+ EcdsaSignKeyManager().GetPublicKey(CreateValidPrivateKey()).ValueOrDie();
+
+ subtle::SubtleUtilBoringSSL::EcKey ec_key;
+ ec_key.curve = Enums::ProtoToSubtle(public_key.params().curve());
+ ec_key.pub_x = public_key.x();
+ ec_key.pub_y = public_key.y();
+ ec_key.priv = private_key.key_value();
+
+ auto direct_signer_or = subtle::EcdsaSignBoringSsl::New(
+ ec_key, Enums::ProtoToSubtle(public_key.params().hash_type()),
+ Enums::ProtoToSubtle(public_key.params().encoding()));
+ ASSERT_THAT(direct_signer_or.status(), IsOk());
+
+ auto verifier_or =
+ EcdsaVerifyKeyManager().GetPrimitive<PublicKeyVerify>(public_key);
+ ASSERT_THAT(verifier_or.status(), IsOk());
+
+ std::string message = "Some message";
+ EXPECT_THAT(
+ verifier_or.ValueOrDie()->Verify(
+ direct_signer_or.ValueOrDie()->Sign(message).ValueOrDie(), message),
+ Not(IsOk()));
}
} // namespace
--
GitLab