Add ECIES test vectors and use them in the key manager test.

PiperOrigin-RevId: 694100237
Change-Id: I48679d712b5aecf1f82fd15fd4b8381dc856f699

tink/hybrid/BUILD.bazel

@@ -861,23 +861,31 @@ cc_test(
         ":ecies_aead_hkdf_hybrid_encrypt",
         ":ecies_aead_hkdf_private_key_manager",
         ":ecies_aead_hkdf_public_key_manager",
+        ":hybrid_config",
         ":hybrid_key_templates",
         "//proto:aes_eax_cc_proto",
         "//proto:common_cc_proto",
         "//proto:ecies_aead_hkdf_cc_proto",
         "//proto:tink_cc_proto",
         "//tink:hybrid_decrypt",
+        "//tink:hybrid_encrypt",
+        "//tink:key_status",
+        "//tink:keyset_handle",
         "//tink:registry",
         "//tink/aead:aead_key_templates",
         "//tink/aead:aes_ctr_hmac_aead_key_manager",
         "//tink/aead:aes_gcm_key_manager",
+        "//tink/config:global_registry",
+        "//tink/hybrid/internal/testing:ecies_aead_hkdf_test_vectors",
+        "//tink/hybrid/internal/testing:hybrid_test_vectors",
         "//tink/subtle:hybrid_test_util",
         "//tink/util:status",
         "//tink/util:statusor",
         "//tink/util:test_matchers",
         "//tink/util:test_util",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/status",
+        "@com_google_absl//absl/strings",
         "@com_google_googletest//:gtest_main",
     ],
 )

tink/hybrid/CMakeLists.txt

@@ -848,15 +848,23 @@ tink_cc_test(
     tink::hybrid::ecies_aead_hkdf_hybrid_encrypt
     tink::hybrid::ecies_aead_hkdf_private_key_manager
     tink::hybrid::ecies_aead_hkdf_public_key_manager
+    tink::hybrid::hybrid_config
     tink::hybrid::hybrid_key_templates
     gmock
     absl::memory
     absl::status
+    absl::strings
     tink::core::hybrid_decrypt
+    tink::core::hybrid_encrypt
+    tink::core::key_status
+    tink::core::keyset_handle
     tink::core::registry
     tink::aead::aead_key_templates
     tink::aead::aes_ctr_hmac_aead_key_manager
     tink::aead::aes_gcm_key_manager
+    tink::config::global_registry
+    tink::hybrid::internal::testing::ecies_aead_hkdf_test_vectors
+    tink::hybrid::internal::testing::hybrid_test_vectors
     tink::subtle::hybrid_test_util
     tink::util::status
     tink::util::statusor

tink/hybrid/ecies_aead_hkdf_private_key_manager_test.cc

@@ -15,18 +15,28 @@
 ////////////////////////////////////////////////////////////////////////////////
 
 #include "tink/hybrid/ecies_aead_hkdf_private_key_manager.h"
+#include <memory>
+#include <string>
 
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "absl/memory/memory.h"
 #include "absl/status/status.h"
+#include "absl/strings/str_cat.h"
 #include "tink/aead/aead_key_templates.h"
 #include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
 #include "tink/aead/aes_gcm_key_manager.h"
+#include "tink/config/global_registry.h"
 #include "tink/hybrid/ecies_aead_hkdf_hybrid_encrypt.h"
 #include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h"
+#include "tink/hybrid/hybrid_config.h"
 #include "tink/hybrid/hybrid_key_templates.h"
+#include "tink/hybrid/internal/testing/ecies_aead_hkdf_test_vectors.h"
+#include "tink/hybrid/internal/testing/hybrid_test_vectors.h"
 #include "tink/hybrid_decrypt.h"
+#include "tink/hybrid_encrypt.h"
+#include "tink/key_status.h"
+#include "tink/keyset_handle.h"
 #include "tink/registry.h"
 #include "tink/subtle/hybrid_test_util.h"
 #include "tink/util/status.h"
@@ -41,7 +51,9 @@
 namespace crypto {
 namespace tink {
 
+using ::crypto::tink::internal::HybridTestVector;
 using ::crypto::tink::test::IsOk;
+using ::crypto::tink::test::IsOkAndHolds;
 using ::crypto::tink::test::StatusIs;
 using ::google::crypto::tink::EciesAeadHkdfKeyFormat;
 using ::google::crypto::tink::EciesAeadHkdfPrivateKey;
@@ -271,6 +283,75 @@ TEST(EciesAeadHkdfPrivateKeyManagerTest, CreateDifferentKey) {
               Not(IsOk()));
 }
 
+using EciesTestVectorTest = testing::TestWithParam<HybridTestVector>;
+
+TEST_P(EciesTestVectorTest, DecryptWorks) {
+  ASSERT_THAT(HybridConfig::Register(), IsOk());
+  const HybridTestVector& param = GetParam();
+  util::StatusOr<KeysetHandle> handle =
+      KeysetHandleBuilder()
+          .AddEntry(KeysetHandleBuilder::Entry::CreateFromKey(
+              param.hybrid_private_key, KeyStatus::kEnabled,
+              /*is_primary=*/true))
+          .Build();
+  ASSERT_THAT(handle, IsOk());
+  util::StatusOr<std::unique_ptr<HybridDecrypt>> decrypter =
+      handle->GetPrimitive<HybridDecrypt>(ConfigGlobalRegistry());
+  ASSERT_THAT(decrypter, IsOk());
+  EXPECT_THAT((*decrypter)->Decrypt(param.ciphertext, param.context_info),
+              IsOkAndHolds(Eq(param.plaintext)));
+}
+
+TEST_P(EciesTestVectorTest, DecryptDifferentContextInfoFails) {
+  ASSERT_THAT(HybridConfig::Register(), IsOk());
+  const HybridTestVector& param = GetParam();
+  util::StatusOr<KeysetHandle> handle =
+      KeysetHandleBuilder()
+          .AddEntry(KeysetHandleBuilder::Entry::CreateFromKey(
+              param.hybrid_private_key, KeyStatus::kEnabled,
+              /*is_primary=*/true))
+          .Build();
+  ASSERT_THAT(handle, IsOk());
+  util::StatusOr<std::unique_ptr<HybridDecrypt>> decrypter =
+      handle->GetPrimitive<HybridDecrypt>(ConfigGlobalRegistry());
+  ASSERT_THAT(decrypter, IsOk());
+  EXPECT_THAT(
+      (*decrypter)
+          ->Decrypt(param.ciphertext, absl::StrCat(param.context_info, "x")),
+      Not(IsOk()));
+}
+
+TEST_P(EciesTestVectorTest, EncryptThenDecryptWorks) {
+  ASSERT_THAT(HybridConfig::Register(), IsOk());
+  const HybridTestVector& param = GetParam();
+  util::StatusOr<KeysetHandle> handle =
+      KeysetHandleBuilder()
+          .AddEntry(KeysetHandleBuilder::Entry::CreateFromKey(
+              param.hybrid_private_key, KeyStatus::kEnabled,
+              /*is_primary=*/true))
+          .Build();
+  ASSERT_THAT(handle, IsOk());
+  util::StatusOr<std::unique_ptr<HybridDecrypt>> decrypter =
+      handle->GetPrimitive<HybridDecrypt>(ConfigGlobalRegistry());
+  ASSERT_THAT(decrypter, IsOk());
+
+  util::StatusOr<std::unique_ptr<KeysetHandle>> public_handle =
+      handle->GetPublicKeysetHandle(KeyGenConfigGlobalRegistry());
+  ASSERT_THAT(public_handle, IsOk());
+  util::StatusOr<std::unique_ptr<HybridEncrypt>> encrypter =
+      (*public_handle)->GetPrimitive<HybridEncrypt>(ConfigGlobalRegistry());
+  ASSERT_THAT(encrypter, IsOk());
+
+  util::StatusOr<std::string> ciphertext =
+      (*encrypter)->Encrypt(param.plaintext, param.context_info);
+  ASSERT_THAT(ciphertext, IsOk());
+  EXPECT_THAT((*decrypter)->Decrypt(*ciphertext, param.context_info),
+              IsOkAndHolds(Eq(param.plaintext)));
+}
+
+INSTANTIATE_TEST_SUITE_P(EciesTestVectorTest, EciesTestVectorTest,
+                         testing::ValuesIn(internal::CreateEciesTestVectors()));
+
 }  // namespace
 }  // namespace tink
 }  // namespace crypto

tink/hybrid/internal/testing/BUILD.bazel

@@ -37,3 +37,26 @@ cc_library(
         "@com_google_absl//absl/strings",
     ],
 )
+
+cc_library(
+    name = "ecies_aead_hkdf_test_vectors",
+    testonly = 1,
+    srcs = ["ecies_aead_hkdf_test_vectors.cc"],
+    hdrs = ["ecies_aead_hkdf_test_vectors.h"],
+    include_prefix = "tink/hybrid/internal/testing",
+    deps = [
+        ":hybrid_test_vectors",
+        "//tink:big_integer",
+        "//tink:ec_point",
+        "//tink:insecure_secret_key_access",
+        "//tink:partial_key_access",
+        "//tink:restricted_big_integer",
+        "//tink/hybrid:ecies_parameters",
+        "//tink/hybrid:ecies_private_key",
+        "//tink/hybrid:ecies_public_key",
+        "//tink/util:statusor",
+        "//tink/util:test_util",
+        "@com_google_absl//absl/log:check",
+        "@com_google_absl//absl/types:optional",
+    ],
+)

tink/hybrid/internal/testing/CMakeLists.txt

@@ -30,3 +30,25 @@ tink_cc_library(
     tink::util::test_util
   TESTONLY
 )
+
+tink_cc_library(
+  NAME ecies_aead_hkdf_test_vectors
+  SRCS
+    ecies_aead_hkdf_test_vectors.cc
+    ecies_aead_hkdf_test_vectors.h
+  DEPS
+    tink::hybrid::internal::testing::hybrid_test_vectors
+    absl::check
+    absl::optional
+    tink::core::big_integer
+    tink::core::ec_point
+    tink::core::insecure_secret_key_access
+    tink::core::partial_key_access
+    tink::core::restricted_big_integer
+    tink::hybrid::ecies_parameters
+    tink::hybrid::ecies_private_key
+    tink::hybrid::ecies_public_key
+    tink::util::statusor
+    tink::util::test_util
+  TESTONLY
+)