Add newKey test for HmacKeyManagerTest.

The basic property of newKey is it has to generate different key every time. Change-Id: I30007d285e9432319f4dc715b3478abb479a76d9 ORIGINAL_AUTHOR=Quan Nguyen <quannguyen@google.com> GitOrigin-RevId: b4ca3e132d11853a6563cd82a52ac41d9bf0358b

Add newKey test for HmacKeyManagerTest.
The basic property of newKey is it has to generate different key every time. Change-Id: I30007d285e9432319f4dc715b3478abb479a76d9 ORIGINAL_AUTHOR=Quan Nguyen <quannguyen@google.com> GitOrigin-RevId: b4ca3e132d11853a6563cd82a52ac41d9bf0358b
b23a88d9 · Quan Nguyen · Thai Duong · 526681d1 · b23a88d9 · b23a88d9
Commit b23a88d9 authored 8 years ago by Quan Nguyen Committed by Thai Duong 8 years ago
--- a/java/src/test/java/com/google/cloud/crypto/tink/mac/HmacKeyTest.java
+++ b/java/src/test/java/com/google/cloud/crypto/tink/mac/HmacKeyTest.java
@@ -16,79 +16,75 @@

 package com.google.cloud.crypto.tink.mac;

+import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.fail;
-import static org.junit.Assert.assertEquals;

-import com.google.cloud.crypto.tink.CryptoFormat;
-import com.google.cloud.crypto.tink.KeysetHandle;
-import com.google.cloud.crypto.tink.Mac;
-import com.google.cloud.crypto.tink.TestUtil;
-import com.google.cloud.crypto.tink.TinkProto.KeyStatusType;
-import com.google.cloud.crypto.tink.TinkProto.OutputPrefixType;
+import com.google.cloud.crypto.tink.CommonProto.HashType;
+import com.google.cloud.crypto.tink.HmacProto.HmacKey;
+import com.google.cloud.crypto.tink.HmacProto.HmacKeyFormat;
+import com.google.cloud.crypto.tink.HmacProto.HmacParams;
+import com.google.cloud.crypto.tink.TinkProto.KeyFormat;
 import com.google.cloud.crypto.tink.subtle.Random;
+import com.google.protobuf.ByteString;
 import java.security.GeneralSecurityException;
-import org.junit.Before;
+import java.util.Set;
+import java.util.TreeSet;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

-/**
- * Tests for HmacKey.
- */
+/** Unit tests for {@link HmacKeyManager}. */
 @RunWith(JUnit4.class)
-public class HmacKeyTest {
-  private static final int HMAC_KEY_SIZE = 20;
-
-  @Before
-  public void setUp() throws Exception {
-    MacFactory.registerStandardKeyTypes();
-  }
-
+public class HmacKeyManagerTest {
  @Test
-  public void testBasic() throws Exception {
-    byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
-    KeysetHandle keysetHandle = TestUtil.createKeysetHandle(
-        TestUtil.createKeyset(
-            TestUtil.createKey(
-                TestUtil.createHmacKey(keyValue, 16),
-                42,
-                KeyStatusType.ENABLED,
-                OutputPrefixType.TINK)));
-    Mac mac = MacFactory.getPrimitive(keysetHandle);
-    byte[] plaintext = "plaintext".getBytes("UTF-8");
-    byte[] tag = mac.computeMac(plaintext);
-    assertEquals(16 + CryptoFormat.NON_RAW_PREFIX_SIZE, tag.length);
-    try {
-      mac.verifyMac(tag, plaintext);
-    } catch (GeneralSecurityException e) {
-      fail("Valid MAC, should not throw exception");
-    }
+  public void testNewKeyMultipleTimes() throws Exception {
+    HmacKeyManager keyManager = new HmacKeyManager();
+    HmacKeyFormat hmacKeyFormat = HmacKeyFormat.newBuilder()
+        .setParams(HmacParams.newBuilder().setHash(HashType.SHA256).setTagSize(16).build())
+        .setKeySize(32)
+        .build();
+    ByteString serialized = ByteString.copyFrom(hmacKeyFormat.toByteArray());
+    KeyFormat keyFormat = KeyFormat.newBuilder()
+        .setTypeUrl("type.googleapis.com/google.cloud.crypto.tink.HmacKey")
+        .setValue(serialized)
+        .build();
+    byte[] plaintext = Random.randBytes(123);
+    // Calls newKey multiple times and make sure that we get different HmacKey each time.
+    Set<String> keys = new TreeSet<String>();
+    int numTests = 27;
+    for (int i = 0; i < numTests / 3; i++) {
+      HmacKey key = keyManager.newKey(hmacKeyFormat);
+      assertEquals(32, key.getKeyValue().toByteArray().length);
+      keys.add(new String(key.getKeyValue().toByteArray(), "UTF-8"));

-    byte original = plaintext[0];
-    plaintext[0] = (byte) ~original;
-    try {
-      mac.verifyMac(tag, plaintext);
-      fail("Invalid MAC, should have thrown exception");
-    } catch (GeneralSecurityException expected) {
-      // Expected
+      key = keyManager.newKey(serialized);
+      assertEquals(32, key.getKeyValue().toByteArray().length);
+      keys.add(new String(key.getKeyValue().toByteArray(), "UTF-8"));
+
+      key = HmacKey.parseFrom(keyManager.newKey(keyFormat).getValue());
+      assertEquals(32, key.getKeyValue().toByteArray().length);
+      keys.add(new String(key.getKeyValue().toByteArray(), "UTF-8"));
    }
+    assertEquals(numTests, keys.size());
+  }

-    plaintext[0] = original;
-    original = tag[0];
-    tag[0] = (byte) ~original;
+  @Test
+  public void testNewKeyCorruptedFormat() throws Exception {
+    HmacKeyManager keyManager = new HmacKeyManager();
+    ByteString serialized = ByteString.copyFrom(new byte[128]);
+    KeyFormat keyFormat = KeyFormat.newBuilder()
+        .setTypeUrl("type.googleapis.com/google.cloud.crypto.tink.HmacKey")
+        .setValue(serialized)
+        .build();
    try {
-      mac.verifyMac(tag, plaintext);
-      fail("Invalid MAC, should have thrown exception");
+      keyManager.newKey(serialized);
+      fail("Corrupted format, should have thrown exception");
    } catch (GeneralSecurityException expected) {
      // Expected
    }
-
-    tag[0] = original;
-    original = tag[CryptoFormat.NON_RAW_PREFIX_SIZE];
-    tag[CryptoFormat.NON_RAW_PREFIX_SIZE] = (byte) ~original;
    try {
-      mac.verifyMac(tag, plaintext);
-      fail("Invalid MAC, should have thrown exception");
+      keyManager.newKey(keyFormat);
+      fail("Corrupted format, should have thrown exception");
    } catch (GeneralSecurityException expected) {
      // Expected
    }

--- a/java/src/test/java/com/google/cloud/crypto/tink/mac/MacFactoryTest.java
+++ b/java/src/test/java/com/google/cloud/crypto/tink/mac/MacFactoryTest.java
@@ -29,6 +29,7 @@ import com.google.cloud.crypto.tink.TinkProto.KeyStatusType;
 import com.google.cloud.crypto.tink.TinkProto.Keyset.Key;
 import com.google.cloud.crypto.tink.TinkProto.OutputPrefixType;
 import com.google.cloud.crypto.tink.subtle.Random;
+import com.google.cloud.crypto.tink.subtle.SubtleUtil;
 import java.security.GeneralSecurityException;
 import java.util.Arrays;
 import org.junit.Before;
@@ -86,6 +87,22 @@ public class MacFactoryTest {
      fail("Valid MAC, should not throw exception");
    }

+    // Modify plaintext or tag and make sure the verifyMac failed.
+    byte[] plaintextAndTag = SubtleUtil.concat(plaintext, tag);
+    for (int b = 0; b < plaintextAndTag.length; b++) {
+      for (int bit = 0; bit < 8; bit++) {
+        byte[] modified = Arrays.copyOf(plaintextAndTag, plaintextAndTag.length);
+        modified[b] ^= (byte) (1 << bit);
+        try {
+          mac.verifyMac(Arrays.copyOfRange(modified, plaintext.length, modified.length),
+              Arrays.copyOfRange(modified, 0, plaintext.length));
+          fail("Invalid tag or plaintext, should have thrown exception");
+        } catch (GeneralSecurityException expected) {
+          // Expected
+        }
+      }
+    }
+
    // mac with a non-primary RAW key, verify with the keyset
    KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(
        TestUtil.createKeyset(raw, legacy, tink));