test Hmac (wip commit, rewrite this message)

tutao · Jan 10, 2025 · cee2158 · cee2158
1 parent a66b7aa
commit cee2158
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 4 deletions.
diff --git a/app-ios/TutanotaSharedFramework/Crypto/IosNativeCryptoFacade.swift b/app-ios/TutanotaSharedFramework/Crypto/IosNativeCryptoFacade.swift
@@ -1,5 +1,4 @@
 import CryptoKit
-import TutanotaSharedFramework
 import tutasdk
 
 /// High-level cryptographic operations API
@@ -67,7 +66,7 @@ public actor IosNativeCryptoFacade: NativeCryptoFacade {
 	}
 	public func hmacSha256(_ key: DataWrapper, _ data: DataWrapper) -> DataWrapper {
 		let symmetricKey = SymmetricKey(data: key.data)
-		let macTag = TutanotaSharedFramework.hmacSha256(symmetricKey, data.data)
+		let macTag = HMAC<SHA256>.authenticationCode(for: data.data, using: symmetricKey)
 		var bytes: [UInt8] = []
 		bytes.append(contentsOf: macTag)
 		return DataWrapper(data: Data(bytes: bytes, count: bytes.count))

diff --git a/app-ios/tutanotaTests/CompatibilityTestSwift.swift b/app-ios/tutanotaTests/CompatibilityTestSwift.swift
@@ -162,9 +162,9 @@ class CompatibilityTestSwift: XCTestCase {
 			let dataHex = TUTEncodingConverter.hex(toBytes: test["dataHex"]! as! String)
 			let hmacSha256TagHex = TUTEncodingConverter.hex(toBytes: test["hmacSha256TagHex"]! as! String)
 			let facade = IosNativeCryptoFacade()
-			let tag = try await facade.hmacSha256(keyHex, dataHex)
+			let tag = await facade.hmacSha256(DataWrapper(data: keyHex), DataWrapper(data: dataHex))
 			var output: [UInt8] = []
-			output.append(contentsOf: tag)
+			output.append(contentsOf: tag.data)
 			XCTAssertEqual(Data(output), hmacSha256TagHex)
 		}
 	}

diff --git a/app-ios/tutanotaTests/HmacTest.swift b/app-ios/tutanotaTests/HmacTest.swift
@@ -0,0 +1,34 @@
+import Foundation
+import XCTest
+
+@testable import TutanotaSharedFramework
+
+class HmacTest: XCTestCase {
+	private func prepareTestData() async -> (IosNativeCryptoFacade, ((DataWrapper, DataWrapper), DataWrapper)) {
+		let facade = IosNativeCryptoFacade()
+		let rawKey = secureRandomBytes(ofLength: 32)
+		let rawData = secureRandomBytes(ofLength: 256)
+		let key = DataWrapper(data: Data(bytes: rawKey, count: rawKey.count))
+		let data = DataWrapper(data: Data(bytes: rawData, count: rawData.count))
+		let computedTag = await facade.hmacSha256(key, data)
+		// Swift does not want tuples to exceed two items. So we respect that.
+		// Feel free to define a struct for this if these nested tuples bother you.
+		return (facade, ((key, data), computedTag))
+	}
+	func testRoundTrip() async throws {
+		let (facade, ((key, data), computedTag)) = await prepareTestData()
+		try await facade.verifyHmacSha256(key, data, computedTag)
+	}
+	func testBadKey() async throws {
+		let (facade, ((key, data), computedTag)) = await prepareTestData()
+		let rawBadKey = secureRandomBytes(ofLength: 32)
+		let badKey = DataWrapper(data: Data(bytes: rawBadKey, count: rawBadKey.count))
+		await TUTAssertThrowsErrorAsync(try await facade.verifyHmacSha256(badKey, data, computedTag))
+	}
+	func testBadData() async throws {
+		let (facade, ((key, data), computedTag)) = await prepareTestData()
+		let rawBadData = secureRandomBytes(ofLength: 256)
+		let badData = DataWrapper(data: Data(bytes: rawBadData, count: rawBadData.count))
+		await TUTAssertThrowsErrorAsync(try await facade.verifyHmacSha256(key, badData, computedTag))
+	}
+}
diff --git a/app-ios/tutanotaTests/TestUtils.swift b/app-ios/tutanotaTests/TestUtils.swift
@@ -0,0 +1,14 @@
+import XCTest
+
+func TUTAssertThrowsErrorAsync<T>(
+	_ expression: @autoclosure () async throws -> T,
+	_ message: @autoclosure () -> String = "",
+	file: StaticString = #filePath,
+	line: UInt = #line,
+	_ errorHandler: (_ error: any Error) -> Void = { _ in }
+) async {
+	do {
+		_ = try await expression()
+		XCTFail(message(), file: file, line: line)
+	} catch { errorHandler(error) }
+}