aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java')
-rw-r--r--security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java46
1 files changed, 14 insertions, 32 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
index 26a506015c5..e63c0c48e9d 100644
--- a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
@@ -11,7 +11,6 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
-import java.security.KeyPair;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -20,17 +19,17 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
public class SharedKeyTest {
@Test
- void generated_secret_key_is_256_bit_aes() {
- var receiverKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC);
+ void generated_secret_key_is_128_bit_aes() {
+ var receiverKeyPair = KeyUtils.generateX25519KeyPair();
var shared = SharedKeyGenerator.generateForReceiverPublicKey(receiverKeyPair.getPublic(), 1);
var secret = shared.secretKey();
assertEquals(secret.getAlgorithm(), "AES");
- assertEquals(secret.getEncoded().length, 32);
+ assertEquals(secret.getEncoded().length, 16);
}
@Test
void sealed_shared_key_can_be_exchanged_via_token_and_computes_identical_secret_key_at_receiver() {
- var receiverKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC);
+ var receiverKeyPair = KeyUtils.generateX25519KeyPair();
var myShared = SharedKeyGenerator.generateForReceiverPublicKey(receiverKeyPair.getPublic(), 1);
var publicToken = myShared.sealedSharedKey().toTokenString();
@@ -43,49 +42,32 @@ public class SharedKeyTest {
@Test
void token_v1_representation_is_stable() {
- var receiverPrivate = KeyUtils.fromPemEncodedPrivateKey(
- """
- -----BEGIN EC PRIVATE KEY-----
- MHcCAQEEIO+CkAccoU9jPjX64mwU54Ar9DNZSLBBTYRSINerSW8EoAoGCCqGSM49
- AwEHoUQDQgAE3FA2VSuOn0vVhtQgNe13H2UE0Vx5A41demyX8nkHTCO4BDXSEPca
- vejY7YaVcNSvFUbzDvia51X4pxbr1pe56g==
- -----END EC PRIVATE KEY-----
- """);
- var receiverPublic = KeyUtils.fromPemEncodedPublicKey(
- """
- -----BEGIN PUBLIC KEY-----
- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3FA2VSuOn0vVhtQgNe13H2UE0Vx5
- A41demyX8nkHTCO4BDXSEPcavejY7YaVcNSvFUbzDvia51X4pxbr1pe56g==
- -----END PUBLIC KEY-----
- """
- );
- var receiverKeyPair = new KeyPair(receiverPublic, receiverPrivate);
+ var receiverPrivate = KeyUtils.fromBase64EncodedX25519PrivateKey("4qGcntygFn_a3uqeBa1PbDlygQ-cpOuNznTPIz9ftWE");
+ var receiverPublic = KeyUtils.fromBase64EncodedX25519PublicKey( "ROAH_S862tNMpbJ49lu1dPXFCPHFIXZK30pSrMZEmEg");
// Token generated for the above receiver public key, with the below expected shared secret (in hex)
- var publicToken = "AQAAAUfvuJpugUV3knQXwyP7afgEpDXT4JxaF-x7Ykirty2iwUqJv5UsGx78is5Vu4Mdln_mOVbAUv4dj" +
- "da7hvzKYNC3IpSMjFrTQ8ab-bEkMpc5tjss_Z7DaJzY4fUlw31Lhx39BMB5yQX0pVLMdFGp5F-_8z8CE" +
- "-7d9lkCDP9hPKiD77besjrBt_mEBadCd4oNONqc6zzhuQj4O5T9k_RC5VRV";
- var expectedSharedSecret = "64e01295e736cb827e86cf0281385d5a0dcca217ec1b59f6609a06e2e9debf78";
+ var publicToken = "AQAAAQAgwyxd7bFNQB_2LdL3bw-xFlvrxXhs7WWNVCKZ4EFeNVtu42JMwM74bMN4E46v6mYcfQNPzcMGaP22Wl2cTnji0A";
+ var expectedSharedSecret = "85ac3c7c3a930a19334cb73e02779733";
var theirSealed = SealedSharedKey.fromTokenString(publicToken);
- var theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, receiverKeyPair.getPrivate());
+ var theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, receiverPrivate);
assertEquals(expectedSharedSecret, Hex.toHexString(theirShared.secretKey().getEncoded()));
}
@Test
void unrelated_private_key_cannot_decrypt_shared_secret_key() {
- var aliceKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC);
- var eveKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC);
+ var aliceKeyPair = KeyUtils.generateX25519KeyPair();
+ var eveKeyPair = KeyUtils.generateX25519KeyPair();
var bobShared = SharedKeyGenerator.generateForReceiverPublicKey(aliceKeyPair.getPublic(), 1);
- assertThrows(IllegalArgumentException.class, // TODO consider distinct exception class
+ assertThrows(RuntimeException.class, // TODO consider distinct exception class
() -> SharedKeyGenerator.fromSealedKey(bobShared.sealedSharedKey(), eveKeyPair.getPrivate()));
}
@Test
void token_carries_key_id_as_metadata() {
int keyId = 12345;
- var keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC);
+ var keyPair = KeyUtils.generateX25519KeyPair();
var myShared = SharedKeyGenerator.generateForReceiverPublicKey(keyPair.getPublic(), keyId);
var publicToken = myShared.sealedSharedKey().toTokenString();
var theirShared = SealedSharedKey.fromTokenString(publicToken);
@@ -124,7 +106,7 @@ public class SharedKeyTest {
@Test
void can_create_symmetric_ciphers_from_shared_secret_key_and_public_keys() throws Exception {
- var receiverKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC);
+ var receiverKeyPair = KeyUtils.generateX25519KeyPair();
var myShared = SharedKeyGenerator.generateForReceiverPublicKey(receiverKeyPair.getPublic(), 1);
String terrifyingSecret = "birds are not real D:";