11935120896

Committed 20 Nov 2024 02:11PM UTC coverage: 86.555% (+1.3%) from 85.242%

Build # 11935120896

Build Type

Pull #27

github

Committed by

web-flow

Commit Message

Merge d2b3d706b into 383248641

Pull Request Pull Request #27: ci: update grcov to latest stable version

Run Details

6116 of 7066 relevant lines covered (86.56%)

167.28 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.53

/src/token/cose/maced/mac/tests.rs

/*
 * Copyright (c) 2024 The NAMIB Project Developers.
 * Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
 * https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
 * <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
 * option. This file may not be copied, modified, or distributed
 * except according to those terms.
 *
 * SPDX-License-Identifier: MIT OR Apache-2.0
 */
use core::convert::Infallible;
use std::path::PathBuf;

use coset::iana::Algorithm;
use coset::{
    CoseError, CoseKey, CoseKeyBuilder, CoseMac, CoseMacBuilder, CoseRecipientBuilder,
    EncryptionContext, Header,
};
use rstest::rstest;

use crate::token::cose::key::CoseSymmetricKey;
use crate::token::cose::maced::mac::{CoseMacBuilderExt, CoseMacExt};
use crate::token::cose::maced::MacCryptoBackend;
use crate::token::cose::recipient::CoseRecipientBuilderExt;
use crate::token::cose::recipient::KeyDistributionCryptoBackend;
use crate::token::cose::test_helper::{
    apply_attribute_failures, apply_header_failures, serialize_cose_with_failures,
    CoseStructTestHelper, TestCase,
};
use crate::token::cose::util::determine_algorithm;
use crate::token::cose::{test_helper, CryptoBackend};

#[cfg(feature = "openssl")]
use crate::token::cose::test_helper::openssl_ctx;
#[cfg(all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"))]
use crate::token::cose::test_helper::rustcrypto_ctx;

impl<B: CryptoBackend + MacCryptoBackend + KeyDistributionCryptoBackend> CoseStructTestHelper<B>
    for CoseMac
{
    fn from_test_case(case: &TestCase, backend: &mut B) -> Self {
        let mac_cfg = case
            .input
            .mac
            .as_ref()
            .expect("expected a CoseMac test case, but it was not found");

        let mac = CoseMacBuilder::new();

        let recipient = mac_cfg
            .recipients
            .first()
            .expect("test case has no recipient");

        let unprotected = mac_cfg.unprotected.clone().unwrap_or_default();

        let mut recipient_struct_builder = CoseRecipientBuilder::from(recipient.clone());
        let enc_key: CoseKey;
        if recipient.alg == Some(coset::Algorithm::Assigned(Algorithm::Direct))
            || determine_algorithm::<Infallible>(
                None,
                recipient.protected.as_ref(),
                recipient.unprotected.as_ref(),
            ) == Ok(Algorithm::Direct)
        {
            enc_key = recipient.key.clone();
        } else {
            enc_key = CoseKeyBuilder::new_symmetric_key(
                case.intermediates
                    .as_ref()
                    .expect("CoseMac test case should have intermediates")
                    .cek
                    .clone(),
            )
            .build();
            let parsed_key = CoseSymmetricKey::<Infallible>::try_from(&enc_key)
                .expect("unable to parse CEK input as symmetric key");
            recipient_struct_builder = recipient_struct_builder
                .try_encrypt(
                    backend,
                    &recipient.key,
                    EncryptionContext::EncRecipient,
                    recipient.protected.clone(),
                    recipient.unprotected.clone(),
                    parsed_key.k,
                    &[] as &[u8],
                )
                .expect("unable to create CoseRecipient structure");
        }

        mac.add_recipient(recipient_struct_builder.build())
            .payload(case.input.plaintext.clone().into_bytes())
            .try_compute(
                backend,
                &enc_key,
                mac_cfg.protected.clone(),
                Some(unprotected),
                mac_cfg.external.as_slice(),
            )
            .expect("unable to encrypt Mac object")
            .build()
    }

    fn serialize_and_apply_failures(mut self, case: &TestCase) -> Result<Vec<u8>, CoseError> {
        let failures = &case.input.failures;
        if let Some(1) = &failures.change_tag {
            let byte = self.tag.first_mut().unwrap();
            *byte = byte.wrapping_add(1);
        }

        apply_header_failures(&mut self.protected.header, failures);

        apply_attribute_failures(&mut self.unprotected, failures)?;
        Ok(serialize_cose_with_failures(self, failures))
    }

    fn check_against_test_case(&self, case: &TestCase, backend: &mut B) {
        let test_case = case.input.mac.as_ref().expect("CoseMac test case expected");
        let keys: Vec<CoseKey> = test_case
            .recipients
            .iter()
            .map(|v| {
                let mut key_with_alg = v.key.clone();
                if key_with_alg.alg.is_none() {
                    key_with_alg.alg.clone_from(&v.alg);
                }
                key_with_alg
            })
            .collect();
        let aad = test_case.external.as_slice();

        let verify_result = self.try_verify_with_recipients(backend, &keys, aad);

        if case.fail {
            verify_result.expect_err("invalid token was successfully verified");
        } else {
            verify_result.expect("unable to verify token");

            assert_eq!(
                &case.input.plaintext.as_bytes(),
                &self.payload.as_deref().unwrap_or(&[] as &[u8])
            );
            let empty_hdr = Header::default();
            assert_eq!(
                test_case.unprotected.as_ref().unwrap_or(&empty_hdr),
                &self.unprotected
            );
            assert_eq!(
                test_case.protected.as_ref().unwrap_or(&empty_hdr),
                &self.protected.header
            );
        }
    }
}

#[rstest]
#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
#[cfg_attr(
    all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
    case::rustcrypto(rustcrypto_ctx())
)]
fn cose_examples_mac_reference_output<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
    #[files("tests/cose_examples/mac-tests/mac-*.json")] test_path: PathBuf,
    #[case] backend: B,
) {
    test_helper::perform_cose_reference_output_test::<CoseMac, B>(test_path, backend);
}

#[rstest]
#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
#[cfg_attr(
    all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
    case::rustcrypto(rustcrypto_ctx())
)]
fn cose_examples_mac_self_signed<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
    #[files("tests/cose_examples/mac-tests/mac-*.json")] test_path: PathBuf,
    #[case] backend: B,
) {
    test_helper::perform_cose_self_signed_test::<CoseMac, B>(test_path, backend);
}

#[rstest]
#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
#[cfg_attr(
    all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
    case::rustcrypto(rustcrypto_ctx())
)]
fn cose_examples_hmac_mac_reference_output<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
    #[files("tests/cose_examples/hmac-examples/HMac-0[0-4].json")] test_path: PathBuf,
    #[case] backend: B,
) {
    test_helper::perform_cose_reference_output_test::<CoseMac, B>(test_path, backend);
}

#[rstest]
#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
#[cfg_attr(
    all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
    case::rustcrypto(rustcrypto_ctx())
)]
fn cose_examples_hmac_mac_self_signed<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
    #[files("tests/cose_examples/hmac-examples/HMac-0[0-4].json")] test_path: PathBuf,
    #[case] backend: B,
) {
    test_helper::perform_cose_self_signed_test::<CoseMac, B>(test_path, backend);
}

#[rstest]
#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
#[cfg_attr(
    all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
    case::rustcrypto(rustcrypto_ctx())
)]
fn hmac_tests<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
    #[files("tests/dcaf_cose_examples/hmac/*.json")] test_path: PathBuf,
    #[case] backend: B,
) {
    test_helper::perform_cose_self_signed_test::<CoseMac, B>(test_path, backend);
}

1	/*
2	* Copyright (c) 2024 The NAMIB Project Developers.
3	* Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
4	* https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
5	* <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
6	* option. This file may not be copied, modified, or distributed
7	* except according to those terms.
8	*
9	* SPDX-License-Identifier: MIT OR Apache-2.0
10	*/
11	use core::convert::Infallible;
12	use std::path::PathBuf;
13
14	use coset::iana::Algorithm;
15	use coset::{
16	CoseError, CoseKey, CoseKeyBuilder, CoseMac, CoseMacBuilder, CoseRecipientBuilder,
17	EncryptionContext, Header,
18	};
19	use rstest::rstest;
20
21	use crate::token::cose::key::CoseSymmetricKey;
22	use crate::token::cose::maced::mac::{CoseMacBuilderExt, CoseMacExt};
23	use crate::token::cose::maced::MacCryptoBackend;
24	use crate::token::cose::recipient::CoseRecipientBuilderExt;
25	use crate::token::cose::recipient::KeyDistributionCryptoBackend;
26	use crate::token::cose::test_helper::{
27	apply_attribute_failures, apply_header_failures, serialize_cose_with_failures,
28	CoseStructTestHelper, TestCase,
29	};
30	use crate::token::cose::util::determine_algorithm;
31	use crate::token::cose::{test_helper, CryptoBackend};
32
33	#[cfg(feature = "openssl")]
34	use crate::token::cose::test_helper::openssl_ctx;
35	#[cfg(all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"))]
36	use crate::token::cose::test_helper::rustcrypto_ctx;
37
38	impl<B: CryptoBackend + MacCryptoBackend + KeyDistributionCryptoBackend> CoseStructTestHelper<B>
39	for CoseMac
40	{
41	fn from_test_case(case: &TestCase, backend: &mut B) -> Self {	28✔
42	let mac_cfg = case	28✔
43	.input	28✔
44	.mac	28✔
45	.as_ref()	28✔
46	.expect("expected a CoseMac test case, but it was not found");	28✔
47		28✔
48	let mac = CoseMacBuilder::new();	28✔
49		28✔
50	let recipient = mac_cfg	28✔
51	.recipients	28✔
52	.first()	28✔
53	.expect("test case has no recipient");	28✔
54		28✔
55	let unprotected = mac_cfg.unprotected.clone().unwrap_or_default();	28✔
56		28✔
57	let mut recipient_struct_builder = CoseRecipientBuilder::from(recipient.clone());	28✔
58	let enc_key: CoseKey;	28✔
59	if recipient.alg == Some(coset::Algorithm::Assigned(Algorithm::Direct))	28✔
60	\|\| determine_algorithm::<Infallible>(	28✔
61	None,	28✔
62	recipient.protected.as_ref(),	28✔
63	recipient.unprotected.as_ref(),	28✔
64	) == Ok(Algorithm::Direct)	28✔
65	{	28✔
66	enc_key = recipient.key.clone();	28✔
67	} else {	28✔
68	enc_key = CoseKeyBuilder::new_symmetric_key(	×
69	case.intermediates	×
70	.as_ref()	×
71	.expect("CoseMac test case should have intermediates")	×
72	.cek	×
73	.clone(),	×
74	)	×
75	.build();	×
76	let parsed_key = CoseSymmetricKey::<Infallible>::try_from(&enc_key)	×
77	.expect("unable to parse CEK input as symmetric key");	×
78	recipient_struct_builder = recipient_struct_builder	×
79	.try_encrypt(	×
80	backend,	×
81	&recipient.key,	×
82	EncryptionContext::EncRecipient,	×
83	recipient.protected.clone(),	×
84	recipient.unprotected.clone(),	×
85	parsed_key.k,	×
86	&[] as &[u8],	×
87	)	×
88	.expect("unable to create CoseRecipient structure");	×
89	}	×
90
91	mac.add_recipient(recipient_struct_builder.build())	28✔
92	.payload(case.input.plaintext.clone().into_bytes())	28✔
93	.try_compute(	28✔
94	backend,	28✔
95	&enc_key,	28✔
96	mac_cfg.protected.clone(),	28✔
97	Some(unprotected),	28✔
98	mac_cfg.external.as_slice(),	28✔
99	)	28✔
100	.expect("unable to encrypt Mac object")	28✔
101	.build()	28✔
102	}	28✔
103
104	fn serialize_and_apply_failures(mut self, case: &TestCase) -> Result<Vec<u8>, CoseError> {	28✔
105	let failures = &case.input.failures;	28✔
106	if let Some(1) = &failures.change_tag {	28✔
107	let byte = self.tag.first_mut().unwrap();	4✔
108	*byte = byte.wrapping_add(1);	4✔
109	}	24✔
110
111	apply_header_failures(&mut self.protected.header, failures);	28✔
112		28✔
113	apply_attribute_failures(&mut self.unprotected, failures)?;	28✔
114	Ok(serialize_cose_with_failures(self, failures))	26✔
115	}	28✔
116
117	fn check_against_test_case(&self, case: &TestCase, backend: &mut B) {	46✔
118	let test_case = case.input.mac.as_ref().expect("CoseMac test case expected");	46✔
119	let keys: Vec<CoseKey> = test_case	46✔
120	.recipients	46✔
121	.iter()	46✔
122	.map(\|v\| {	46✔
123	let mut key_with_alg = v.key.clone();	46✔
124	if key_with_alg.alg.is_none() {	46✔
125	key_with_alg.alg.clone_from(&v.alg);	46✔
126	}	46✔
127	key_with_alg	46✔
128	})	46✔
129	.collect();	46✔
130	let aad = test_case.external.as_slice();	46✔
131		46✔
132	let verify_result = self.try_verify_with_recipients(backend, &keys, aad);	46✔
133		46✔
134	if case.fail {	46✔
135	verify_result.expect_err("invalid token was successfully verified");	20✔
136	} else {	20✔
137	verify_result.expect("unable to verify token");	26✔
138		26✔
139	assert_eq!(	26✔
140	&case.input.plaintext.as_bytes(),	26✔
141	&self.payload.as_deref().unwrap_or(&[] as &[u8])	26✔
142	);	26✔
143	let empty_hdr = Header::default();	26✔
144	assert_eq!(	26✔
145	test_case.unprotected.as_ref().unwrap_or(&empty_hdr),	26✔
146	&self.unprotected	26✔
147	);	26✔
148	assert_eq!(	26✔
149	test_case.protected.as_ref().unwrap_or(&empty_hdr),	26✔
150	&self.protected.header	26✔
151	);	26✔
152	}
153	}	46✔
154	}
155
156	#[rstest]	36✔
157	#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
158	#[cfg_attr(
159	all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
160	case::rustcrypto(rustcrypto_ctx())
161	)]
162	fn cose_examples_mac_reference_output<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
163	#[files("tests/cose_examples/mac-tests/mac-*.json")] test_path: PathBuf,
164	#[case] backend: B,
165	) {
166	test_helper::perform_cose_reference_output_test::<CoseMac, B>(test_path, backend);
167	}
168
169	#[rstest]	36✔
170	#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
171	#[cfg_attr(
172	all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
173	case::rustcrypto(rustcrypto_ctx())
174	)]
175	fn cose_examples_mac_self_signed<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
176	#[files("tests/cose_examples/mac-tests/mac-*.json")] test_path: PathBuf,
177	#[case] backend: B,
178	) {
179	test_helper::perform_cose_self_signed_test::<CoseMac, B>(test_path, backend);
180	}
181
182	#[rstest]	16✔
183	#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
184	#[cfg_attr(
185	all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
186	case::rustcrypto(rustcrypto_ctx())
187	)]
188	fn cose_examples_hmac_mac_reference_output<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
189	#[files("tests/cose_examples/hmac-examples/HMac-0[0-4].json")] test_path: PathBuf,
190	#[case] backend: B,
191	) {
192	test_helper::perform_cose_reference_output_test::<CoseMac, B>(test_path, backend);
193	}
194
195	#[rstest]	16✔
196	#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
197	#[cfg_attr(
198	all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
199	case::rustcrypto(rustcrypto_ctx())
200	)]
201	fn cose_examples_hmac_mac_self_signed<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
202	#[files("tests/cose_examples/hmac-examples/HMac-0[0-4].json")] test_path: PathBuf,
203	#[case] backend: B,
204	) {
205	test_helper::perform_cose_self_signed_test::<CoseMac, B>(test_path, backend);
206	}
207
208	#[rstest]	4✔
209	#[cfg_attr(feature = "openssl", case::openssl(openssl_ctx()))]
210	#[cfg_attr(
211	all(feature = "rustcrypto-hmac", feature = "rustcrypto-aes-kw"),
212	case::rustcrypto(rustcrypto_ctx())
213	)]
214	fn hmac_tests<B: MacCryptoBackend + KeyDistributionCryptoBackend>(
215	#[files("tests/dcaf_cose_examples/hmac/*.json")] test_path: PathBuf,
216	#[case] backend: B,
217	) {
218	test_helper::perform_cose_self_signed_test::<CoseMac, B>(test_path, backend);
219	}

namib-project / dcaf-rs / 11935120896

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous