From fb6e8d763a331a34600b5ac47e8d14bb7636a328 Mon Sep 17 00:00:00 2001
From: tanujdhir <tanujdhir@google.com>
Date: Tue, 16 Jul 2019 05:00:44 -0700
Subject: [PATCH] Add more tests for Python file_mac example.

Also handle non-hex MAC and use absl instead of pyglib for logging.

PiperOrigin-RevId: 258344414
---
 examples/file_mac/python/file_mac.py      |  11 ++-
 examples/file_mac/python/file_mac_test.sh | 112 ++++++++++++++++++++--
 2 files changed, 112 insertions(+), 11 deletions(-)

diff --git a/examples/file_mac/python/file_mac.py b/examples/file_mac/python/file_mac.py
index 06e5efde9..515da13d7 100644
--- a/examples/file_mac/python/file_mac.py
+++ b/examples/file_mac/python/file_mac.py
@@ -32,11 +32,9 @@ import binascii
 # Special imports
 from absl import app
 from absl import flags
+from absl import logging
 import tink
 
-from pyglib import logging
-
-
 FLAGS = flags.FLAGS
 
 
@@ -95,7 +93,12 @@ def main(argv):
     logging.info('MAC output is %s', binascii.hexlify(code).decode('utf-8'))
     return 0
 
-  expected_code = binascii.unhexlify(expected_code_hex)
+  try:
+    expected_code = binascii.unhexlify(expected_code_hex)
+  except binascii.Error as e:
+    logging.error('Error reading expected code: %s', e)
+    return 1
+
   try:
     cipher.verify_mac(expected_code, data)
     logging.info('MAC outputs matched. Success!')
diff --git a/examples/file_mac/python/file_mac_test.sh b/examples/file_mac/python/file_mac_test.sh
index 1ee9120f9..4beae2a38 100755
--- a/examples/file_mac/python/file_mac_test.sh
+++ b/examples/file_mac/python/file_mac_test.sh
@@ -12,6 +12,7 @@
 # limitations under the License.
 ################################################################################
 
+set -euo pipefail
 
 #############################################################################
 ##### Tests for file_mac python example.
@@ -23,18 +24,115 @@ KEYSET_FILE="$ROOT_DIR/examples/file_mac/python/hmac_sha256_256bittag_test_keyse
 DATA_FILE="$TEST_TMPDIR/example_data.txt"
 EXPECTED_MAC_FILE="$TEST_TMPDIR/expected_mac.txt"
 
+echo "This is some message to be verified." > $DATA_FILE
+CORRECT_MAC="01293CE659EBCFB08AF02C9B2E564D8352CD8EB58A363E7DE62BAA0BED9CA92BD257F76F4F"
+
 #############################################################################
 
-##### Create a plaintext.
-echo "This is some message to be verified." > $DATA_FILE
-echo "01293CE659EBCFB08AF02C9B2E564D8352CD8EB58A363E7DE62BAA0BED9CA92BD257F76F4F" > $EXPECTED_MAC_FILE
+# A helper function for getting the return code of a command that may fail
+# Temporarily disables error safety and stores return value in $TEST_STATUS
+# Usage:
+# % test_command somecommand some args
+# % echo $TEST_STATUS
+test_command() {
+  set +e
+  $@
+  TEST_STATUS=$?
+  set -e
+}
+
+#############################################################################
+#### Test good key and correct MAC verification.
+test_name="normal_verification"
+echo "+++ Starting test $test_name..."
+
+##### Create a plaintext and actual MAC.
+echo "$CORRECT_MAC" > $EXPECTED_MAC_FILE
 
 ##### Run verification
-$FILE_MAC_CLI $KEYSET_FILE $DATA_FILE $EXPECTED_MAC_FILE
+test_command $FILE_MAC_CLI $KEYSET_FILE $DATA_FILE $EXPECTED_MAC_FILE
 
-##### Check that it exited successfully
-if [ $? -ne 0 ]; then
+if [[ $TEST_STATUS -eq 0 ]]; then
+  echo "+++ Success: MAC outputs matched."
+else
   echo "--- Failure: the MAC outputs did not match"
   exit 1
 fi
-echo "+++ Success: MAC outputs matched."
+
+
+#############################################################################
+#### Test good key and incorrect MAC verification.
+test_name="incorrect_mac_verification"
+echo "+++ Starting test $test_name..."
+
+##### Create a plaintext and incorrect MAC.
+echo "ABCABCABCD" > $EXPECTED_MAC_FILE
+
+##### Run verification.
+test_command $FILE_MAC_CLI $KEYSET_FILE $DATA_FILE $EXPECTED_MAC_FILE
+
+if [[ $TEST_STATUS -ne 0 ]]; then
+  echo "+++ Success: MAC verification reported non-match for incorrect MAC."
+else
+  echo "--- Failure: MAC verification reported match for incorrect MAC"
+  exit 1
+fi
+
+
+#############################################################################
+#### Test good key and non-hexadecimal MAC verification.
+test_name="non_hex_mac_verification"
+echo "+++ Starting test $test_name..."
+
+##### Create a plaintext and non-hexadecimal MAC.
+echo "SMDHTBFYGM" > $EXPECTED_MAC_FILE
+
+##### Run verification.
+test_command $FILE_MAC_CLI $KEYSET_FILE $DATA_FILE $EXPECTED_MAC_FILE
+
+if [[ $TEST_STATUS -ne 0 ]]; then
+  echo "+++ Success: MAC verification reported non-match for non-hex MAC."
+else
+  echo "--- Failure: MAC verification reported match for non-hex MAC"
+  exit 1
+fi
+
+
+#############################################################################
+#### Test good key MAC computation.
+test_name="mac_computation"
+echo "+++ Starting test $test_name..."
+
+##### Create a plaintext and actual MAC.
+MAC_OUTPUT_FILE="$TEST_TMPDIR/computed_mac_log.txt"
+
+##### Run computation.
+test_command $FILE_MAC_CLI $KEYSET_FILE $DATA_FILE --alsologtostderr 2> $MAC_OUTPUT_FILE
+TEST_STATUS=$?
+
+if [[ $TEST_STATUS -eq 0 ]]; then
+  echo "+++ Success: MAC computation was successful."
+else
+  echo "--- Failure: MAC computation was unsuccessful"
+  exit 1
+fi
+
+
+#############################################################################
+#### Test bad key MAC computation.
+test_name="bad_key_computation"
+echo "+++ Starting test $test_name..."
+
+##### Create a plaintext and bad keyset.
+BAD_KEY_FILE="$TEST_TMPDIR/bad_key.txt"
+echo "not a key" > $BAD_KEY_FILE
+
+##### Run computation.
+test_command $FILE_MAC_CLI $BAD_KEY_FILE $DATA_FILE
+
+if [[ $TEST_STATUS -ne 0 ]]; then
+  echo "+++ Success: MAC computation failed with bad keyset."
+else
+  echo "--- Failure: MAC computation did not fail with bad keyset"
+  exit 1
+fi
-- 
GitLab