github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/aead/aead_key_templates_test.go (about)

     1  /*
     2  Copyright SecureKey Technologies Inc. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package aead_test
     8  
     9  import (
    10  	"bytes"
    11  	"testing"
    12  
    13  	tinkaead "github.com/google/tink/go/aead"
    14  	"github.com/google/tink/go/keyset"
    15  	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
    16  	"github.com/stretchr/testify/require"
    17  
    18  	"github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/aead"
    19  )
    20  
    21  func TestKeyTemplates(t *testing.T) {
    22  	testCases := []struct {
    23  		name     string
    24  		template *tinkpb.KeyTemplate
    25  	}{
    26  		{
    27  			name:     "AEAD_AES_128_CBC_HMAC_SHA_256",
    28  			template: aead.AES128CBCHMACSHA256KeyTemplate(),
    29  		}, {
    30  			name:     "AEAD_AES_192_CBC_HMAC_SHA_384",
    31  			template: aead.AES192CBCHMACSHA384KeyTemplate(),
    32  		}, {
    33  			name:     "AEAD_AES_256_CBC_HMAC_SHA_384",
    34  			template: aead.AES256CBCHMACSHA384KeyTemplate(),
    35  		}, {
    36  			name:     "AEAD_AES_256_CBC_HMAC_SHA_512",
    37  			template: aead.AES256CBCHMACSHA512KeyTemplate(),
    38  		},
    39  	}
    40  
    41  	for _, tc := range testCases {
    42  		t.Run(tc.name, func(t *testing.T) {
    43  			kh, err := keyset.NewHandle(tc.template)
    44  			require.NoError(t, err)
    45  
    46  			testEncryptDecrypt(t, kh)
    47  		})
    48  	}
    49  }
    50  
    51  func testEncryptDecrypt(t *testing.T, kh *keyset.Handle) {
    52  	t.Helper()
    53  
    54  	primitive, err := tinkaead.New(kh)
    55  	require.NoError(t, err, "aead.New(handle) failed")
    56  
    57  	testInputs := []struct {
    58  		plaintext []byte
    59  		aad1      []byte
    60  		aad2      []byte
    61  	}{
    62  		{
    63  			plaintext: []byte("some data to encrypt"),
    64  			aad1:      []byte("extra data to authenticate"),
    65  			aad2:      []byte("extra data to authenticate"),
    66  		}, {
    67  			plaintext: []byte("some data to encrypt"),
    68  			aad1:      []byte(""),
    69  			aad2:      []byte(""),
    70  		}, {
    71  			plaintext: []byte("some data to encrypt"),
    72  			aad1:      nil,
    73  			aad2:      nil,
    74  		}, {
    75  			plaintext: []byte(""),
    76  			aad1:      nil,
    77  			aad2:      nil,
    78  		}, {
    79  			plaintext: nil,
    80  			aad1:      []byte("extra data to authenticate"),
    81  			aad2:      []byte("extra data to authenticate"),
    82  		}, {
    83  			plaintext: nil,
    84  			aad1:      []byte(""),
    85  			aad2:      []byte(""),
    86  		}, {
    87  			plaintext: nil,
    88  			aad1:      nil,
    89  			aad2:      nil,
    90  		}, {
    91  			plaintext: []byte("some data to encrypt"),
    92  			aad1:      []byte(""),
    93  			aad2:      nil,
    94  		}, {
    95  			plaintext: []byte("some data to encrypt"),
    96  			aad1:      nil,
    97  			aad2:      []byte(""),
    98  		},
    99  	}
   100  
   101  	for _, ti := range testInputs {
   102  		ciphertext, err := primitive.Encrypt(ti.plaintext, ti.aad1)
   103  		require.NoError(t, err, "encryption failed")
   104  
   105  		decrypted, err := primitive.Decrypt(ciphertext, ti.aad2)
   106  		require.NoError(t, err, "decryption failed")
   107  
   108  		// must use bytes.Equal() instead of require.EqualValues() which errors out when ti.plaintext = []byte(nil)
   109  		// and decrypted = []byte{}.
   110  		if !bytes.Equal(ti.plaintext, decrypted) {
   111  			t.Fatalf("decrypted data doesn't match plaintext, got: %q, want: %q", decrypted, ti.plaintext)
   112  		}
   113  	}
   114  }