diff --git a/cc/daead/BUILD.bazel b/cc/daead/BUILD.bazel
index df9018aa5a57020719f39a1434e634c9ef890322..70d43c0f7b78b92a2a484442438e6a87b8c41101 100644
--- a/cc/daead/BUILD.bazel
+++ b/cc/daead/BUILD.bazel
@@ -103,13 +103,10 @@ cc_test(
deps = [
":aes_siv_key_manager",
"//cc:aead",
- "//cc:core/key_manager_impl",
"//cc/util:status",
"//cc/util:statusor",
- "//proto:aes_eax_cc_proto",
+ "//cc/util:test_matchers",
"//proto:aes_siv_cc_proto",
- "//proto:common_cc_proto",
- "//proto:tink_cc_proto",
"@com_google_googletest//:gtest_main",
],
)
diff --git a/cc/daead/CMakeLists.txt b/cc/daead/CMakeLists.txt
index b9e9178c9f42dae0bb001223b94941c424024250..a746c8c6c0d3b52bcc7caccaeefa3a0c924d3202 100644
--- a/cc/daead/CMakeLists.txt
+++ b/cc/daead/CMakeLists.txt
@@ -16,8 +16,6 @@ tink_cc_library(
tink::util::statusor
tink::util::validation
tink::proto::aes_siv_cc_proto
- tink::proto::common_cc_proto
- tink::proto::tink_cc_proto
absl::strings
)
@@ -90,13 +88,10 @@ tink_cc_test(
DEPS
tink::daead::aes_siv_key_manager
tink::core::deterministic_aead
- tink::core::key_manager_impl
tink::util::status
tink::util::statusor
- tink::proto::aes_eax_cc_proto
tink::proto::aes_siv_cc_proto
- tink::proto::common_cc_proto
- tink::proto::tink_cc_proto
+ gmock
)
tink_cc_test(
diff --git a/cc/daead/aes_siv_key_manager_test.cc b/cc/daead/aes_siv_key_manager_test.cc
index e9e1c1399ab90f3825f35e9f0038b20833bb41c4..3cec51007f06bae0ca422e8a702b1537a53ff2c2 100644
--- a/cc/daead/aes_siv_key_manager_test.cc
+++ b/cc/daead/aes_siv_key_manager_test.cc
@@ -16,268 +16,142 @@
#include "tink/daead/aes_siv_key_manager.h"
-#include "tink/core/key_manager_impl.h"
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
#include "tink/deterministic_aead.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
-#include "gtest/gtest.h"
-#include "proto/aes_eax.pb.h"
+#include "tink/util/test_matchers.h"
#include "proto/aes_siv.pb.h"
-#include "proto/common.pb.h"
-#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
-using google::crypto::tink::AesEaxKey;
-using google::crypto::tink::AesEaxKeyFormat;
-using google::crypto::tink::AesSivKey;
-using google::crypto::tink::AesSivKeyFormat;
-using google::crypto::tink::KeyData;
+using ::crypto::tink::test::IsOk;
+using ::google::crypto::tink::AesSivKey;
+using ::google::crypto::tink::AesSivKeyFormat;
+using ::testing::Eq;
+using ::testing::Ne;
+using ::testing::Not;
+using ::testing::SizeIs;
namespace {
-class AesSivKeyManagerTest : public ::testing::Test {
- protected:
- std::string key_type_prefix_ = "type.googleapis.com/";
- std::string aes_siv_key_type_ =
- "type.googleapis.com/google.crypto.tink.AesSivKey";
-};
+TEST(AesSivKeyManagerTest, Basics) {
+ EXPECT_THAT(AesSivKeyManager().get_version(), Eq(0));
+ EXPECT_THAT(AesSivKeyManager().get_key_type(),
+ Eq("type.googleapis.com/google.crypto.tink.AesSivKey"));
+ EXPECT_THAT(AesSivKeyManager().key_material_type(),
+ Eq(google::crypto::tink::KeyData::SYMMETRIC));
+}
-TEST_F(AesSivKeyManagerTest, testBasic) {
- AesSivKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
+TEST(AesSivKeyManagerTest, ValidateEmptyKey) {
+ EXPECT_THAT(AesSivKeyManager().ValidateKey(AesSivKey()), Not(IsOk()));
+}
- EXPECT_EQ(0, key_manager->get_version());
- EXPECT_EQ("type.googleapis.com/google.crypto.tink.AesSivKey",
- key_manager->get_key_type());
- EXPECT_TRUE(key_manager->DoesSupport(key_manager->get_key_type()));
+TEST(AesSivKeyManagerTest, ValidateEmptyKeyFormat) {
+ EXPECT_THAT(AesSivKeyManager().ValidateKeyFormat(AesSivKeyFormat()),
+ Not(IsOk()));
}
-TEST_F(AesSivKeyManagerTest, testKeyDataErrors) {
- AesSivKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
+TEST(AesSivKeyManagerTest, ValidKeyFormat) {
+ AesSivKeyFormat format;
+ format.set_key_size(64);
+ EXPECT_THAT(AesSivKeyManager().ValidateKeyFormat(format), IsOk());
+}
- { // Bad key type.
- KeyData key_data;
- std::string bad_key_type =
- "type.googleapis.com/google.crypto.tink.SomeOtherKey";
- key_data.set_type_url(bad_key_type);
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, bad_key_type,
- result.status().error_message());
- }
+TEST(AesSivKeyManagerTest, ValidateKeyFormatWithWrongSizes) {
+ AesSivKeyFormat format;
- { // Bad key value.
- KeyData key_data;
- key_data.set_type_url(aes_siv_key_type_);
- key_data.set_value("some bad serialized proto");
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
- result.status().error_message());
+ for (int i = 0; i < 64; ++i) {
+ format.set_key_size(i);
+ EXPECT_THAT(AesSivKeyManager().ValidateKeyFormat(format), Not(IsOk()))
+ << " for length " << i;
}
-
- { // Bad version.
- KeyData key_data;
- AesSivKey key;
- key.set_version(1);
- key_data.set_type_url(aes_siv_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "version",
- result.status().error_message());
- }
-
- { // Bad key_value size (supported size: 64).
- for (int len = 0; len < 72; len++) {
- AesSivKey key;
- key.set_version(0);
- key.set_key_value(std::string(len, 'a'));
- KeyData key_data;
- key_data.set_type_url(aes_siv_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = key_manager->GetPrimitive(key_data);
- if (len == 64) {
- EXPECT_TRUE(result.ok()) << result.status();
- } else {
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT,
- result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring,
- std::to_string(len) + " bytes",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "supported size",
- result.status().error_message());
- }
- }
+ for (int i = 65; i <= 200; ++i) {
+ format.set_key_size(i);
+ EXPECT_THAT(AesSivKeyManager().ValidateKeyFormat(format), Not(IsOk()))
+ << " for length " << i;
}
}
-TEST_F(AesSivKeyManagerTest, testKeyMessageErrors) {
- AesSivKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
+TEST(AesSivKeyManagerTest, CreateKey) {
+ AesSivKeyFormat format;
+ format.set_key_size(64);
+ auto key_or = AesSivKeyManager().CreateKey(format);
+ ASSERT_THAT(key_or.status(), IsOk());
+ EXPECT_THAT(key_or.ValueOrDie().key_value(), SizeIs(format.key_size()));
+ EXPECT_THAT(key_or.ValueOrDie().version(), Eq(0));
+}
- { // Bad protobuffer.
- AesEaxKey key;
- auto result = key_manager->GetPrimitive(key);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKey",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- }
+TEST(AesSivKeyManagerTest, CreateKeyIsValid) {
+ AesSivKeyFormat format;
+ format.set_key_size(64);
+ auto key_or = AesSivKeyManager().CreateKey(format);
+ ASSERT_THAT(key_or.status(), IsOk());
+ EXPECT_THAT(AesSivKeyManager().ValidateKey(key_or.ValueOrDie()), IsOk());
+}
- { // Bad key_value size (supported size: 64).
- for (int len = 0; len < 72; len++) {
- AesSivKey key;
- key.set_version(0);
- key.set_key_value(std::string(len, 'a'));
- auto result = key_manager->GetPrimitive(key);
- if (len == 64) {
- EXPECT_TRUE(result.ok()) << result.status();
- } else {
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT,
- result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring,
- std::to_string(len) + " bytes",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "supported size",
- result.status().error_message());
- }
- }
- }
+TEST(AesSivKeyManagerTest, MultipleCreateCallsCreateDifferentKeys) {
+ AesSivKeyFormat format;
+ AesSivKeyManager manager;
+ format.set_key_size(64);
+ auto key1_or = manager.CreateKey(format);
+ ASSERT_THAT(key1_or.status(), IsOk());
+ auto key2_or = manager.CreateKey(format);
+ ASSERT_THAT(key2_or.status(), IsOk());
+ EXPECT_THAT(key1_or.ValueOrDie().key_value(),
+ Ne(key2_or.ValueOrDie().key_value()));
}
-TEST_F(AesSivKeyManagerTest, testPrimitives) {
- std::string plaintext = "some plaintext";
- std::string aad = "some aad";
- AesSivKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
+TEST(AesSivKeyManagerTest, ValidateKey) {
AesSivKey key;
-
+ *key.mutable_key_value() = std::string(64, 'a');
key.set_version(0);
- key.set_key_value(
- "64 bytes of key 0123456789abcdef0123456789abcdef0123456789abcdef");
-
- { // Using key message only.
- auto result = key_manager->GetPrimitive(key);
- EXPECT_TRUE(result.ok()) << result.status();
- auto aes_siv = std::move(result.ValueOrDie());
- auto encrypt_result = aes_siv->EncryptDeterministically(plaintext, aad);
- EXPECT_TRUE(encrypt_result.ok()) << encrypt_result.status();
- auto decrypt_result =
- aes_siv->DecryptDeterministically(encrypt_result.ValueOrDie(), aad);
- EXPECT_TRUE(decrypt_result.ok()) << decrypt_result.status();
- EXPECT_EQ(plaintext, decrypt_result.ValueOrDie());
- }
-
- { // Using KeyData proto.
- KeyData key_data;
- key_data.set_type_url(aes_siv_key_type_);
- key_data.set_value(key.SerializeAsString());
- auto result = key_manager->GetPrimitive(key_data);
- EXPECT_TRUE(result.ok()) << result.status();
- auto aes_siv = std::move(result.ValueOrDie());
- auto encrypt_result = aes_siv->EncryptDeterministically(plaintext, aad);
- EXPECT_TRUE(encrypt_result.ok()) << encrypt_result.status();
- auto decrypt_result =
- aes_siv->DecryptDeterministically(encrypt_result.ValueOrDie(), aad);
- EXPECT_TRUE(decrypt_result.ok()) << decrypt_result.status();
- EXPECT_EQ(plaintext, decrypt_result.ValueOrDie());
- }
+ EXPECT_THAT(AesSivKeyManager().ValidateKey(key), IsOk());
}
-TEST_F(AesSivKeyManagerTest, testNewKeyErrors) {
- AesSivKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
- const KeyFactory& key_factory = key_manager->get_key_factory();
-
- { // Bad key format.
- AesEaxKeyFormat key_format;
- auto result = key_factory.NewKey(key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
- result.status().error_message());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKeyFormat",
- result.status().error_message());
- }
-
- { // Bad serialized key format.
- auto result = key_factory.NewKey("some bad serialized proto");
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
- result.status().error_message());
+TEST(AesSivKeyManagerTest, ValidateKeyStringLength) {
+ AesSivKey key;
+ key.set_version(0);
+ for (int i = 0 ; i < 64; ++i) {
+ *key.mutable_key_value() = std::string(i, 'a');
+ EXPECT_THAT(AesSivKeyManager().ValidateKey(key), Not(IsOk()));
}
-
- { // Bad AesSivKeyFormat: small key_size.
- AesSivKeyFormat key_format;
- key_format.set_key_size(32);
- auto result = key_factory.NewKey(key_format);
- EXPECT_FALSE(result.ok());
- EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "key size",
- result.status().error_message());
+ for (int i = 65 ; i <= 200; ++i) {
+ *key.mutable_key_value() = std::string(i, 'a');
+ EXPECT_THAT(AesSivKeyManager().ValidateKey(key), Not(IsOk()));
}
}
-TEST_F(AesSivKeyManagerTest, testNewKeyBasic) {
- AesSivKeyManager key_type_manager;
- auto key_manager =
- internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
- const KeyFactory& key_factory = key_manager->get_key_factory();
- AesSivKeyFormat key_format;
- key_format.set_key_size(64);
-
- { // Via NewKey(format_proto).
- auto result = key_factory.NewKey(key_format);
- EXPECT_TRUE(result.ok()) << result.status();
- auto key = std::move(result.ValueOrDie());
- EXPECT_EQ(key_type_prefix_ + key->GetTypeName(), aes_siv_key_type_);
- std::unique_ptr<AesSivKey> aes_siv_key(
- reinterpret_cast<AesSivKey*>(key.release()));
- EXPECT_EQ(0, aes_siv_key->version());
- EXPECT_EQ(key_format.key_size(), aes_siv_key->key_value().size());
- }
-
- { // Via NewKey(serialized_format_proto).
- auto result = key_factory.NewKey(key_format.SerializeAsString());
- EXPECT_TRUE(result.ok()) << result.status();
- auto key = std::move(result.ValueOrDie());
- EXPECT_EQ(key_type_prefix_ + key->GetTypeName(), aes_siv_key_type_);
- std::unique_ptr<AesSivKey> aes_siv_key(
- reinterpret_cast<AesSivKey*>(key.release()));
- EXPECT_EQ(0, aes_siv_key->version());
- EXPECT_EQ(key_format.key_size(), aes_siv_key->key_value().size());
- }
+TEST(AesSivKeyManagerTest, ValidateKeyVersion) {
+ AesSivKey key;
+ *key.mutable_key_value() = std::string(64, 'a');
+ key.set_version(1);
+ EXPECT_THAT(AesSivKeyManager().ValidateKey(key), Not(IsOk()));
+}
- { // Via NewKeyData(serialized_format_proto).
- auto result = key_factory.NewKeyData(key_format.SerializeAsString());
- EXPECT_TRUE(result.ok()) << result.status();
- auto key_data = std::move(result.ValueOrDie());
- EXPECT_EQ(aes_siv_key_type_, key_data->type_url());
- EXPECT_EQ(KeyData::SYMMETRIC, key_data->key_material_type());
- AesSivKey aes_siv_key;
- EXPECT_TRUE(aes_siv_key.ParseFromString(key_data->value()));
- EXPECT_EQ(0, aes_siv_key.version());
- EXPECT_EQ(key_format.key_size(), aes_siv_key.key_value().size());
- }
+TEST(AesSivKeyManagerTest, GetPrimitive) {
+ AesSivKeyFormat format;
+ format.set_key_size(64);
+ auto key_or = AesSivKeyManager().CreateKey(format);
+ ASSERT_THAT(key_or.status(), IsOk());
+ auto daead_or =
+ AesSivKeyManager().GetPrimitive<DeterministicAead>(key_or.ValueOrDie());
+ ASSERT_THAT(daead_or.status(), IsOk());
+
+ auto direct_daead_or =
+ subtle::AesSivBoringSsl::New(key_or.ValueOrDie().key_value());
+ ASSERT_THAT(direct_daead_or.status(), IsOk());
+
+ auto encryption_or =
+ daead_or.ValueOrDie()->EncryptDeterministically("123", "abcd");
+ ASSERT_THAT(encryption_or.status(), IsOk());
+ auto direct_encryption_or =
+ direct_daead_or.ValueOrDie()->EncryptDeterministically("123", "abcd");
+ ASSERT_THAT(direct_encryption_or.status(), IsOk());
+ ASSERT_THAT(encryption_or.ValueOrDie(),
+ Eq(direct_encryption_or.ValueOrDie()));
}
} // namespace