diff --git a/abe/cpabe/tkn20/testdata/policies b/abe/cpabe/tkn20/testdata/policies deleted file mode 100644 index 80028026a..000000000 --- a/abe/cpabe/tkn20/testdata/policies +++ /dev/null @@ -1,26 +0,0 @@ -region: US -"fail": true, "attributes": {"region": "EU"} - -not region: US -"fail": false, "attributes": {"region": "EU"} - -region: US or region: EU or tier: 1 or tier: 2 or tier: 3 and owner: cloudflare -"fail": false, "attributes": {"region": "AZ", "tier": "2", "owner": "cloudflare"} - -(region: US or region: EU) or (tier: 1 or tier: 2 or tier: 3) and (owner: cloudflare) -"fail": false, "attributes": {"region": "AZ", "tier": "1", "owner": "cloudflare"} - -((region: US or region: EU) and (not (tier: 3))) -"fail": false, "attributes": {"region": "EU", "tier": "2", "owner": "cloudflare"} - -not (region: US or region: EU) -"fail": true, "attributes": {"region": "EU"} - -not not region: US -"fail": true, "attributes": {"region": "EU"} - -region: US or region: US -"fail": true, "attributes": {"region": "AZ"} - -region: US and region: EU or region: ASIA -"fail": true, "attributes": {"region": "US"} \ No newline at end of file diff --git a/abe/cpabe/tkn20/testdata/policies.json b/abe/cpabe/tkn20/testdata/policies.json new file mode 100644 index 000000000..d0c874a9d --- /dev/null +++ b/abe/cpabe/tkn20/testdata/policies.json @@ -0,0 +1,71 @@ +[ + { + "policy": "region: US", + "success": false, + "attributes": { + "region": "EU" + } + }, + { + "policy": "not region: US", + "success": true, + "attributes": { + "region": "EU" + } + }, + { + "policy": "region: US or region: EU or tier: 1 or tier: 2 or tier: 3 and owner: cloudflare", + "success": true, + "attributes": { + "region": "AZ", + "tier": "2", + "owner": "cloudflare" + } + }, + { + "policy": "(region: US or region: EU) or (tier: 1 or tier: 2 or tier: 3) and (owner: cloudflare)", + "success": true, + "attributes": { + "region": "AZ", + "tier": "1", + "owner": "cloudflare" + } + }, + { + "policy": "((region: US or region: EU) and (not (tier: 3)))", + "success": true, + "attributes": { + "region": "EU", + "tier": "2", + "owner": "cloudflare" + } + }, + { + "policy": "not (region: US or region: EU)", + "success": false, + "attributes": { + "region": "EU" + } + }, + { + "policy": "not not region: US", + "success": false, + "attributes": { + "region": "EU" + } + }, + { + "policy": "region: US or region: US", + "success": false, + "attributes": { + "region": "AZ" + } + }, + { + "policy": "region: US and region: EU or region: ASIA", + "success": false, + "attributes": { + "region": "US" + } + } +] \ No newline at end of file diff --git a/abe/cpabe/tkn20/tkn20_test.go b/abe/cpabe/tkn20/tkn20_test.go index 82fc92d0b..3913e1aed 100644 --- a/abe/cpabe/tkn20/tkn20_test.go +++ b/abe/cpabe/tkn20/tkn20_test.go @@ -1,81 +1,52 @@ package tkn20 import ( - "bufio" "bytes" "crypto/rand" "encoding/json" "fmt" "os" "testing" - - "github.com/cloudflare/circl/abe/cpabe/tkn20/internal/dsl" - "github.com/cloudflare/circl/abe/cpabe/tkn20/internal/tkn" ) -type TestAttribute struct { - Fail bool // if this test case should fail - Attrs map[string]string `json:"attributes"` +type TestCase struct { + Policy string + Success bool + Attrs map[string]string `json:"attributes"` } -func loadTestCases(t *testing.T) ([]Policy, []TestAttribute, []Attributes) { - testFile, err := os.Open("testdata/policies") +func TestConcurrentDecryption(t *testing.T) { + var tests []TestCase + buf, _ := os.ReadFile("testdata/policies.json") + err := json.Unmarshal(buf, &tests) if err != nil { t.Fatal(err) } - defer testFile.Close() - - scanner := bufio.NewScanner(testFile) - var policies []Policy - var testAttrs []TestAttribute - i := 0 - for scanner.Scan() { - if i%3 == 0 { - p := Policy{} - err := p.FromString(scanner.Text()) - if err != nil { - t.Fatal(err) - } - policies = append(policies, p) - } else if i%3 == 1 { - testAttrs = append(testAttrs, parseTestAttr(t, scanner.Text())) - } - i++ - } - - attrs := make([]Attributes, len(testAttrs)) - for i, testAttr := range testAttrs { - currAttrMap := make(map[string]tkn.Attribute, len(testAttr.Attrs)) - for k, v := range testAttr.Attrs { - currAttrMap[k] = tkn.Attribute{ - Value: tkn.HashStringToScalar(dsl.AttrHashKey, v), - } - } - attrs[i] = Attributes{currAttrMap} - } - return policies, testAttrs, attrs -} - -func TestConcurrentDecryption(t *testing.T) { - policies, testAttrs, attrs := loadTestCases(t) msg := []byte("must have the precious") - for i, policy := range policies { + for i, test := range tests { t.Run(fmt.Sprintf("TestConcurrentDecryption:#%d", i), func(t *testing.T) { pk, msk, err := Setup(rand.Reader) if err != nil { t.Fatal(err) } + policy := Policy{} + err = policy.FromString(test.Policy) + if err != nil { + t.Fatal(err) + } ct, err := pk.Encrypt(rand.Reader, policy, msg) if err != nil { t.Fatalf("encryption failed: %s", err) } - sk, err := msk.KeyGen(rand.Reader, attrs[i]) + attrs := Attributes{} + attrs.FromMap(test.Attrs) + sk, err := msk.KeyGen(rand.Reader, attrs) if err != nil { t.Fatalf("key generation failed: %s", err) } checkResults := func(ct []byte, sk AttributeKey, i int) { pt, err := sk.Decrypt(ct) - if !testAttrs[i].Fail { + if tests[i].Success { if err != nil { t.Errorf("decryption failed: %s", err) } @@ -95,19 +66,31 @@ func TestConcurrentDecryption(t *testing.T) { } func TestEndToEndEncryption(t *testing.T) { - policies, testAttrs, attrs := loadTestCases(t) + var tests []TestCase + buf, _ := os.ReadFile("testdata/policies.json") + err := json.Unmarshal(buf, &tests) + if err != nil { + t.Fatal(err) + } msg := []byte("must have the precious") - for i, policy := range policies { + for i, test := range tests { t.Run(fmt.Sprintf("TestEndToEndEncryption:#%d", i), func(t *testing.T) { pk, msk, err := Setup(rand.Reader) if err != nil { t.Fatal(err) } + policy := Policy{} + err = policy.FromString(test.Policy) + if err != nil { + t.Fatal(err) + } ct, err := pk.Encrypt(rand.Reader, policy, msg) if err != nil { t.Fatalf("encryption failed: %s", err) } - sk, err := msk.KeyGen(rand.Reader, attrs[i]) + attrs := Attributes{} + attrs.FromMap(test.Attrs) + sk, err := msk.KeyGen(rand.Reader, attrs) if err != nil { t.Fatalf("key generation failed: %s", err) } @@ -120,16 +103,16 @@ func TestEndToEndEncryption(t *testing.T) { if err = npol2.FromString(strpol); err != nil { t.Fatalf("string %s didn't parse: %s", strpol, err) } - sat := policy.Satisfaction(attrs[i]) - if sat != npol.Satisfaction(attrs[i]) { + sat := policy.Satisfaction(attrs) + if sat != npol.Satisfaction(attrs) { t.Fatalf("extracted policy doesn't match original") } - if sat != npol2.Satisfaction(attrs[i]) { + if sat != npol2.Satisfaction(attrs) { t.Fatalf("round triped policy doesn't match original") } - ctSat := attrs[i].CouldDecrypt(ct) + ctSat := attrs.CouldDecrypt(ct) pt, err := sk.Decrypt(ct) - if !testAttrs[i].Fail { + if test.Success { // test case should succeed if !sat { t.Fatalf("satisfaction failed") @@ -250,12 +233,3 @@ func TestPolicyMethods(t *testing.T) { } } } - -func parseTestAttr(t *testing.T, buf string) TestAttribute { - var testAttr TestAttribute - err := json.Unmarshal([]byte("{"+buf+"}"), &testAttr) - if err != nil { - t.Fatalf("invalid attributes %s, parse error: %s\n", buf, err) - } - return testAttr -}