Tidy hybrid tests.

PiperOrigin-RevId: 601889062
tink-crypto · Jan 26, 2024 · 62e208f · 62e208f
1 parent a9bbfe5
commit 62e208f
Show file tree

Hide file tree

Showing 3 changed files with 242 additions and 117 deletions.
diff --git a/go/hybrid/ecies_aead_hkdf_dem_helper_test.go b/go/hybrid/ecies_aead_hkdf_dem_helper_test.go
@@ -18,7 +18,6 @@ package hybrid
 
 import (
 	"bytes"
-	"encoding/hex"
 	"testing"
 
 	"github.com/google/tink/go/aead"
@@ -30,94 +29,187 @@ import (
 	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
 )
 
+type eciesAEADHKDFDEMHelperTestCase struct {
+	name     string
+	template *tinkpb.KeyTemplate
+	keySize  uint32
+}
+
 var (
-	keyTemplates = map[*tinkpb.KeyTemplate]uint32{
-		aead.AES256CTRHMACSHA256KeyTemplate(): 64,
-		aead.AES128CTRHMACSHA256KeyTemplate(): 48,
-		aead.AES256GCMKeyTemplate():           32,
-		aead.AES128GCMKeyTemplate():           16,
-		daead.AESSIVKeyTemplate():             64,
+	eciesAEADHKDFDEMHelperSupportedAEADs = []eciesAEADHKDFDEMHelperTestCase{
+		{
+			name:     "AESCTRHMACSHA256",
+			template: aead.AES256CTRHMACSHA256KeyTemplate(),
+			keySize:  64,
+		},
+		{
+			name:     "AES128CTRHMACSHA256",
+			template: aead.AES128CTRHMACSHA256KeyTemplate(),
+			keySize:  48,
+		},
+		{
+			name:     "AES256GCM",
+			template: aead.AES256GCMKeyTemplate(),
+			keySize:  32,
+		},
+		{
+			name:     "AES128GCM",
+			template: aead.AES128GCMKeyTemplate(),
+			keySize:  16,
+		},
 	}
-	uTemplates = []*tinkpb.KeyTemplate{
-		signature.ECDSAP256KeyTemplate(),
-		mac.HMACSHA256Tag256KeyTemplate(),
-		&tinkpb.KeyTemplate{TypeUrl: "some url", Value: []byte{0}},
-		&tinkpb.KeyTemplate{TypeUrl: aesCTRHMACAEADTypeURL},
-		&tinkpb.KeyTemplate{TypeUrl: aesGCMTypeURL},
-		&tinkpb.KeyTemplate{TypeUrl: aesSIVTypeURL},
+
+	eciesAEADHKDFDEMHelperSupportedDAEADs = []eciesAEADHKDFDEMHelperTestCase{
+		{
+			name:     "AESSIV",
+			template: daead.AESSIVKeyTemplate(),
+			keySize:  64,
+		},
 	}
 )
 
-func TestCipherKeySize(t *testing.T) {
-	for c, l := range keyTemplates {
-		rDem, err := newRegisterECIESAEADHKDFDemHelper(c)
-		if err != nil {
-			t.Fatalf("error generating a DEM helper :%s", err)
-		}
-		if rDem.GetSymmetricKeySize() != l {
-			t.Errorf("incorrect key size %s template, got: %d, want: %d", c, rDem.GetSymmetricKeySize(), l)
-		}
+func TestECIESAEADHKDFDEMHelper_AEADKeyTemplates(t *testing.T) {
+	plaintext := random.GetRandomBytes(20)
+	associatedData := random.GetRandomBytes(20)
+
+	for _, tc := range eciesAEADHKDFDEMHelperSupportedAEADs {
+		t.Run(tc.name, func(t *testing.T) {
+			dem, err := newRegisterECIESAEADHKDFDemHelper(tc.template)
+			if err != nil {
+				t.Fatalf("newRegisterECIESAEADHKDFDEMHelper(tc.template) err = %s, want nil", err)
+			}
+
+			sk := random.GetRandomBytes(dem.GetSymmetricKeySize())
+			primitive, err := dem.GetAEADOrDAEAD(sk)
+			if err != nil {
+				t.Fatalf("dem.GetAEADorDAEAD(sk) err = %v, want nil", err)
+			}
+			a, ok := primitive.(tink.AEAD)
+			if !ok {
+				t.Fatalf("primitive is not of type tink.AEAD")
+			}
+
+			var ciphertext []byte
+			ciphertext, err = a.Encrypt(plaintext, associatedData)
+			if err != nil {
+				t.Fatalf("a.Encrypt() err = %v, want nil", err)
+			}
+
+			var decrypted []byte
+			decrypted, err = a.Decrypt(ciphertext, associatedData)
+			if err != nil {
+				t.Fatalf("a.Decrypt() err = %v, want nil", err)
+			}
+			if !bytes.Equal(decrypted, plaintext) {
+				t.Errorf("a.Decrypt() = %x, want: %x", decrypted, plaintext)
+			}
+		})
+	}
+}
+
+func TestECIESAEADHKDFDEMHelper_DAEADKeyTemplates(t *testing.T) {
+	plaintext := random.GetRandomBytes(20)
+	associatedData := random.GetRandomBytes(20)
+
+	for _, tc := range eciesAEADHKDFDEMHelperSupportedDAEADs {
+		t.Run(tc.name, func(t *testing.T) {
+			dem, err := newRegisterECIESAEADHKDFDemHelper(tc.template)
+			if err != nil {
+				t.Fatalf("newRegisterECIESAEADHKDFDEMHelper(tc.template) err = %s, want nil", err)
+			}
+
+			sk := random.GetRandomBytes(dem.GetSymmetricKeySize())
+			primitive, err := dem.GetAEADOrDAEAD(sk)
+			if err != nil {
+				t.Fatalf("dem.GetAEADorDAEAD(sk) err = %v, want nil", err)
+			}
+			d, ok := primitive.(tink.DeterministicAEAD)
+			if !ok {
+				t.Fatalf("primitive is not of type tink.DeterministicAEAD")
+			}
+
+			var ciphertext []byte
+			ciphertext, err = d.EncryptDeterministically(plaintext, associatedData)
+			if err != nil {
+				t.Fatalf("d.Encrypt() err = %v, want nil", err)
+			}
+
+			var decrypted []byte
+			decrypted, err = d.DecryptDeterministically(ciphertext, associatedData)
+			if err != nil {
+				t.Fatalf("d.Decrypt() err = %v, want nil", err)
+			}
+			if !bytes.Equal(decrypted, plaintext) {
+				t.Errorf("d.Decrypt() = %x, want: %x", decrypted, plaintext)
+			}
+		})
 	}
 }
 
-func TestUnsupportedKeyTemplates(t *testing.T) {
-	for _, l := range uTemplates {
-		_, err := newRegisterECIESAEADHKDFDemHelper(l)
-		if err == nil {
-			t.Fatalf("unsupported key template %s should have generated error", l)
-		}
+func TestECIESAEADHKDFDEMHelper_KeySizes(t *testing.T) {
+	var testCases []eciesAEADHKDFDEMHelperTestCase
+	testCases = append(testCases, eciesAEADHKDFDEMHelperSupportedAEADs...)
+	testCases = append(testCases, eciesAEADHKDFDEMHelperSupportedDAEADs...)
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			dem, err := newRegisterECIESAEADHKDFDemHelper(tc.template)
+			if err != nil {
+				t.Fatalf("newRegisterECIESAEADHKDFDemHelper(tc.template): %s", err)
+			}
+			if dem.GetSymmetricKeySize() != tc.keySize {
+				t.Errorf("dem.GetSymmetricKeySize() = %d, want: %d", dem.GetSymmetricKeySize(), tc.keySize)
+			}
+
+			shortKey := make([]byte, tc.keySize-1)
+			if _, err = dem.GetAEADOrDAEAD(shortKey); err == nil {
+				t.Errorf("dem.GetAEADOrDAEAD(shortKey) err = nil, want non-nil")
+			}
+
+			longKey := make([]byte, tc.keySize+1)
+			if _, err = dem.GetAEADOrDAEAD(longKey); err == nil {
+				t.Errorf("dem.GetAEADOrDAEAD(longKey) err = nil, want non-nil")
+			}
+		})
 	}
 }
 
-func TestAead(t *testing.T) {
-	for c := range keyTemplates {
-		pt := random.GetRandomBytes(20)
-		ad := random.GetRandomBytes(20)
-		rDem, err := newRegisterECIESAEADHKDFDemHelper(c)
-		if err != nil {
-			t.Fatalf("error generating a DEM helper :%s", err)
-		}
-		sk := random.GetRandomBytes(rDem.GetSymmetricKeySize())
-		prim, err := rDem.GetAEADOrDAEAD(sk)
-		if err != nil {
-			t.Errorf("error getting AEAD primitive :%s", err)
-		}
-		var ct []byte
-		switch a := prim.(type) {
-		case tink.AEAD:
-			ct, err = a.Encrypt(pt, ad)
-		case tink.DeterministicAEAD:
-			ct, err = a.EncryptDeterministically(pt, ad)
-		}
-		if err != nil {
-			t.Errorf("error encrypting :%s", err)
-		}
-
-		var dt []byte
-		switch a := prim.(type) {
-		case tink.AEAD:
-			dt, err = a.Decrypt(ct, ad)
-		case tink.DeterministicAEAD:
-			dt, err = a.DecryptDeterministically(ct, ad)
-		}
-		if err != nil {
-			t.Errorf("error decrypting :%s", err)
-		}
-		if !bytes.Equal(dt, pt) {
-			t.Errorf("decryption not inverse of encryption,\n want :%s,\n got: %s", hex.Dump(pt), hex.Dump(dt))
-		}
-
-		// shorter symmetric key
-		sk = random.GetRandomBytes(rDem.GetSymmetricKeySize() - 1)
-		if _, err = rDem.GetAEADOrDAEAD(sk); err == nil {
-			t.Errorf("retrieving AEAD primitive should have failed")
-		}
-
-		// longer symmetric key
-		sk = random.GetRandomBytes(rDem.GetSymmetricKeySize() + 1)
-		if _, err = rDem.GetAEADOrDAEAD(sk); err == nil {
-			t.Errorf("retrieving AEAD primitive should have failed")
-		}
+func TestECIESAEADHKDFDEMHelper_UnsupportedKeyTemplates(t *testing.T) {
+	testCases := []struct {
+		name     string
+		template *tinkpb.KeyTemplate
+	}{
+		{
+			name:     "signature",
+			template: signature.ECDSAP256KeyTemplate(),
+		},
+		{
+			name:     "mac",
+			template: mac.HMACSHA256Tag256KeyTemplate(),
+		},
+		{
+			name:     "invalid_type_and_value",
+			template: &tinkpb.KeyTemplate{TypeUrl: "some url", Value: []byte{0}},
+		},
+		{
+			name:     "aesctrhmac_empty_value",
+			template: &tinkpb.KeyTemplate{TypeUrl: aesCTRHMACAEADTypeURL},
+		},
+		{
+			name:     "aesgcm_empty_value",
+			template: &tinkpb.KeyTemplate{TypeUrl: aesGCMTypeURL},
+		},
+		{
+			name:     "aessiv_empty_value",
+			template: &tinkpb.KeyTemplate{TypeUrl: aesSIVTypeURL},
+		},
+	}
 
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			if _, err := newRegisterECIESAEADHKDFDemHelper(tc.template); err == nil {
+				t.Errorf("newRegisterECIESAEADHKDFDemHelper() err = nil, want non-nil")
+			}
+		})
 	}
 }
diff --git a/go/hybrid/hpke_private_key_manager_test.go b/go/hybrid/hpke_private_key_manager_test.go
@@ -61,21 +61,30 @@ func TestPrivateKeyManagerPrimitiveRejectsInvalidParams(t *testing.T) {
 		name   string
 		params *hpkepb.HpkeParams
 	}{
-		{"kem", &hpkepb.HpkeParams{
-			Kem:  hpkepb.HpkeKem_KEM_UNKNOWN,
-			Kdf:  hpkepb.HpkeKdf_HKDF_SHA256,
-			Aead: hpkepb.HpkeAead_AES_256_GCM,
-		}},
-		{"kdf", &hpkepb.HpkeParams{
-			Kem:  hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
-			Kdf:  hpkepb.HpkeKdf_KDF_UNKNOWN,
-			Aead: hpkepb.HpkeAead_AES_256_GCM,
-		}},
-		{"aead", &hpkepb.HpkeParams{
-			Kem:  hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
-			Kdf:  hpkepb.HpkeKdf_HKDF_SHA256,
-			Aead: hpkepb.HpkeAead_AEAD_UNKNOWN,
-		}},
+		{
+			name: "invalid_kem",
+			params: &hpkepb.HpkeParams{
+				Kem:  hpkepb.HpkeKem_KEM_UNKNOWN,
+				Kdf:  hpkepb.HpkeKdf_HKDF_SHA256,
+				Aead: hpkepb.HpkeAead_AES_256_GCM,
+			},
+		},
+		{
+			name: "invalid_kdf",
+			params: &hpkepb.HpkeParams{
+				Kem:  hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
+				Kdf:  hpkepb.HpkeKdf_KDF_UNKNOWN,
+				Aead: hpkepb.HpkeAead_AES_256_GCM,
+			},
+		},
+		{
+			name: "invalid_aead",
+			params: &hpkepb.HpkeParams{
+				Kem:  hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
+				Kdf:  hpkepb.HpkeKdf_HKDF_SHA256,
+				Aead: hpkepb.HpkeAead_AEAD_UNKNOWN,
+			},
+		},
 	}
 
 	for _, test := range tests {