diff options
Diffstat (limited to 'security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java')
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java | 46 |
1 files changed, 14 insertions, 32 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java index 26a506015c5..e63c0c48e9d 100644 --- a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java +++ b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java @@ -11,7 +11,6 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; -import java.security.KeyPair; import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -20,17 +19,17 @@ import static org.junit.jupiter.api.Assertions.assertThrows; public class SharedKeyTest { @Test - void generated_secret_key_is_256_bit_aes() { - var receiverKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); + void generated_secret_key_is_128_bit_aes() { + var receiverKeyPair = KeyUtils.generateX25519KeyPair(); var shared = SharedKeyGenerator.generateForReceiverPublicKey(receiverKeyPair.getPublic(), 1); var secret = shared.secretKey(); assertEquals(secret.getAlgorithm(), "AES"); - assertEquals(secret.getEncoded().length, 32); + assertEquals(secret.getEncoded().length, 16); } @Test void sealed_shared_key_can_be_exchanged_via_token_and_computes_identical_secret_key_at_receiver() { - var receiverKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); + var receiverKeyPair = KeyUtils.generateX25519KeyPair(); var myShared = SharedKeyGenerator.generateForReceiverPublicKey(receiverKeyPair.getPublic(), 1); var publicToken = myShared.sealedSharedKey().toTokenString(); @@ -43,49 +42,32 @@ public class SharedKeyTest { @Test void token_v1_representation_is_stable() { - var receiverPrivate = KeyUtils.fromPemEncodedPrivateKey( - """ - -----BEGIN EC PRIVATE KEY----- - MHcCAQEEIO+CkAccoU9jPjX64mwU54Ar9DNZSLBBTYRSINerSW8EoAoGCCqGSM49 - AwEHoUQDQgAE3FA2VSuOn0vVhtQgNe13H2UE0Vx5A41demyX8nkHTCO4BDXSEPca - vejY7YaVcNSvFUbzDvia51X4pxbr1pe56g== - -----END EC PRIVATE KEY----- - """); - var receiverPublic = KeyUtils.fromPemEncodedPublicKey( - """ - -----BEGIN PUBLIC KEY----- - MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3FA2VSuOn0vVhtQgNe13H2UE0Vx5 - A41demyX8nkHTCO4BDXSEPcavejY7YaVcNSvFUbzDvia51X4pxbr1pe56g== - -----END PUBLIC KEY----- - """ - ); - var receiverKeyPair = new KeyPair(receiverPublic, receiverPrivate); + var receiverPrivate = KeyUtils.fromBase64EncodedX25519PrivateKey("4qGcntygFn_a3uqeBa1PbDlygQ-cpOuNznTPIz9ftWE"); + var receiverPublic = KeyUtils.fromBase64EncodedX25519PublicKey( "ROAH_S862tNMpbJ49lu1dPXFCPHFIXZK30pSrMZEmEg"); // Token generated for the above receiver public key, with the below expected shared secret (in hex) - var publicToken = "AQAAAUfvuJpugUV3knQXwyP7afgEpDXT4JxaF-x7Ykirty2iwUqJv5UsGx78is5Vu4Mdln_mOVbAUv4dj" + - "da7hvzKYNC3IpSMjFrTQ8ab-bEkMpc5tjss_Z7DaJzY4fUlw31Lhx39BMB5yQX0pVLMdFGp5F-_8z8CE" + - "-7d9lkCDP9hPKiD77besjrBt_mEBadCd4oNONqc6zzhuQj4O5T9k_RC5VRV"; - var expectedSharedSecret = "64e01295e736cb827e86cf0281385d5a0dcca217ec1b59f6609a06e2e9debf78"; + var publicToken = "AQAAAQAgwyxd7bFNQB_2LdL3bw-xFlvrxXhs7WWNVCKZ4EFeNVtu42JMwM74bMN4E46v6mYcfQNPzcMGaP22Wl2cTnji0A"; + var expectedSharedSecret = "85ac3c7c3a930a19334cb73e02779733"; var theirSealed = SealedSharedKey.fromTokenString(publicToken); - var theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, receiverKeyPair.getPrivate()); + var theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, receiverPrivate); assertEquals(expectedSharedSecret, Hex.toHexString(theirShared.secretKey().getEncoded())); } @Test void unrelated_private_key_cannot_decrypt_shared_secret_key() { - var aliceKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); - var eveKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); + var aliceKeyPair = KeyUtils.generateX25519KeyPair(); + var eveKeyPair = KeyUtils.generateX25519KeyPair(); var bobShared = SharedKeyGenerator.generateForReceiverPublicKey(aliceKeyPair.getPublic(), 1); - assertThrows(IllegalArgumentException.class, // TODO consider distinct exception class + assertThrows(RuntimeException.class, // TODO consider distinct exception class () -> SharedKeyGenerator.fromSealedKey(bobShared.sealedSharedKey(), eveKeyPair.getPrivate())); } @Test void token_carries_key_id_as_metadata() { int keyId = 12345; - var keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); + var keyPair = KeyUtils.generateX25519KeyPair(); var myShared = SharedKeyGenerator.generateForReceiverPublicKey(keyPair.getPublic(), keyId); var publicToken = myShared.sealedSharedKey().toTokenString(); var theirShared = SealedSharedKey.fromTokenString(publicToken); @@ -124,7 +106,7 @@ public class SharedKeyTest { @Test void can_create_symmetric_ciphers_from_shared_secret_key_and_public_keys() throws Exception { - var receiverKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); + var receiverKeyPair = KeyUtils.generateX25519KeyPair(); var myShared = SharedKeyGenerator.generateForReceiverPublicKey(receiverKeyPair.getPublic(), 1); String terrifyingSecret = "birds are not real D:"; |