github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/aead/aes_cbc_hmac_aead_key_manager_test.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package aead_test 8 9 import ( 10 "fmt" 11 "testing" 12 13 subtleaead "github.com/google/tink/go/aead/subtle" 14 "github.com/google/tink/go/core/registry" 15 commonpb "github.com/google/tink/go/proto/common_go_proto" 16 hmacpb "github.com/google/tink/go/proto/hmac_go_proto" 17 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 18 "github.com/google/tink/go/subtle/random" 19 "github.com/stretchr/testify/require" 20 "google.golang.org/protobuf/proto" 21 22 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/aead" 23 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/aead/subtle" 24 aescbcpb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/aes_cbc_go_proto" 25 aeadpb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/aes_cbc_hmac_aead_go_proto" 26 ) 27 28 const ( 29 // AESCBCHMACAEADKeyVersion is the maximal version of AES-CBC-HMAC-AEAD keys that Tink supports. 30 AESCBCHMACAEADKeyVersion = 0 31 // AESCBCHMACAEADTypeURL is the type URL of AES-CBC-HMAC-AEAD keys that Tink supports. 32 AESCBCHMACAEADTypeURL = "type.hyperledger.org/hyperledger.aries.crypto.tink.AesCbcHmacAeadKey" 33 ) 34 35 func TestNewKeyMultipleTimes(t *testing.T) { 36 keyTemplate := aead.AES128CBCHMACSHA256KeyTemplate() 37 aeadKeyFormat := new(aeadpb.AesCbcHmacAeadKeyFormat) 38 err := proto.Unmarshal(keyTemplate.Value, aeadKeyFormat) 39 require.NoError(t, err, "cannot unmarshal AES128CBCHMACSHA256 key template") 40 41 keyManager, err := registry.GetKeyManager(AESCBCHMACAEADTypeURL) 42 require.NoError(t, err, "cannot obtain AES-CBC-HMAC-AEAD key manager: %s", err) 43 44 keys := make(map[string]bool) 45 46 const numTests = 24 47 48 for i := 0; i < numTests/2; i++ { 49 k, err := keyManager.NewKey(keyTemplate.Value) 50 require.NoError(t, err) 51 52 sk, err := proto.Marshal(k) 53 require.NoErrorf(t, err, "cannot serialize key") 54 55 key := new(aeadpb.AesCbcHmacAeadKey) 56 err = proto.Unmarshal(sk, key) 57 require.NoError(t, err) 58 59 keys[string(key.AesCbcKey.KeyValue)] = true 60 keys[string(key.HmacKey.KeyValue)] = true 61 62 require.EqualValuesf(t, 16, len(key.AesCbcKey.KeyValue), fmt.Sprintf("unexpected AES key size, got:"+ 63 " %d, want: 16", len(key.AesCbcKey.KeyValue))) 64 65 require.EqualValuesf(t, 16, len(key.HmacKey.KeyValue), fmt.Sprintf("unexpected HMAC key size, got:"+ 66 " %d, want: 32", len(key.HmacKey.KeyValue))) 67 68 require.EqualValues(t, AESCBCHMACAEADKeyVersion, key.Version) 69 } 70 71 require.EqualValuesf(t, numTests, len(keys), fmt.Sprintf("unexpected number of keys in set, got: %d, want: %d", 72 len(keys), numTests)) 73 } 74 75 func TestNewKeyWithCorruptedFormat(t *testing.T) { 76 keyTemplate := new(tinkpb.KeyTemplate) 77 78 keyTemplate.TypeUrl = AESCBCHMACAEADTypeURL 79 keyTemplate.Value = make([]byte, 128) 80 81 keyManager, err := registry.GetKeyManager(AESCBCHMACAEADTypeURL) 82 require.NoError(t, err, "cannot obtain AES-CBC-HMAC-AEAD key manager") 83 84 _, err = keyManager.NewKey([]byte{}) 85 require.EqualError(t, err, "aes_cbc_hmac_aead_key_manager: invalid key format") 86 87 _, err = keyManager.NewKey(keyTemplate.Value) 88 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: invalid key format", 89 "NewKey got: success, want: error due to corrupted format") 90 91 _, err = keyManager.NewKeyData(keyTemplate.Value) 92 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: invalid key format", 93 "NewKeyData got: success, want: error due to corrupted format") 94 95 keyTemplate = aead.AES128CBCHMACSHA256KeyTemplate() 96 aeadKeyFormat := new(aeadpb.AesCbcHmacAeadKeyFormat) 97 err = proto.Unmarshal(keyTemplate.Value, aeadKeyFormat) 98 require.NoError(t, err, "cannot unmarshal AES128CBCHMACSHA256 key template") 99 100 aeadKeyFormat.AesCbcKeyFormat.KeySize = 0 101 102 badMarshalledFormat, err := proto.Marshal(aeadKeyFormat) 103 require.NoError(t, err, "cannot marshal AES128CBCHMACSHA256 key template") 104 105 _, err = keyManager.NewKeyData(badMarshalledFormat) 106 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: invalid key format: "+ 107 "aes_cbc_hmac_aead_key_manager: invalid AES key size; want 16, 24 or 32, got 0", 108 "NewKeyData got: success, want: error due to format with AES key size=0") 109 110 aeadKeyFormat.AesCbcKeyFormat.KeySize = 16 111 aeadKeyFormat.HmacKeyFormat.KeySize = 0 112 113 badMarshalledFormat, err = proto.Marshal(aeadKeyFormat) 114 require.NoError(t, err, "cannot marshal AES128CBCHMACSHA256 key template") 115 116 _, err = keyManager.NewKeyData(badMarshalledFormat) 117 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: invalid key format: "+ 118 "aes_cbc_hmac_aead_key_manager: HMAC KeySize is too small", 119 "NewKeyData got: success, want: error due to format with HMAC key size=0") 120 121 aeadKeyFormat.HmacKeyFormat.KeySize = 16 122 aeadKeyFormat.HmacKeyFormat.Params.TagSize = 0 123 124 badMarshalledFormat, err = proto.Marshal(aeadKeyFormat) 125 require.NoError(t, err, "cannot marshal AES128CBCHMACSHA256 key template") 126 127 _, err = keyManager.NewKeyData(badMarshalledFormat) 128 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: invalid key format: "+ 129 "aes_cbc_hmac_aead_key_manager: invalid HmacParams: TagSize 0 is too small", 130 "NewKeyData got: success, want: error due to format with HMAC Tag size=0") 131 132 aeadKeyFormat.HmacKeyFormat.Params.TagSize = 33 133 134 badMarshalledFormat, err = proto.Marshal(aeadKeyFormat) 135 require.NoError(t, err, "cannot marshal AES128CBCHMACSHA256 key template") 136 137 _, err = keyManager.NewKeyData(badMarshalledFormat) 138 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: invalid key format: "+ 139 "aes_cbc_hmac_aead_key_manager: invalid HmacParams: TagSize 33 is too big for HashType \"SHA256\"", 140 "NewKeyData got: success, want: error due to format with HMAC Tag size 33 > SHA256 (32)") 141 142 aeadKeyFormat.HmacKeyFormat.Params.TagSize = 32 143 aeadKeyFormat.HmacKeyFormat.Params.Hash = commonpb.HashType_UNKNOWN_HASH 144 145 badMarshalledFormat, err = proto.Marshal(aeadKeyFormat) 146 require.NoError(t, err, "cannot marshal AES128CBCHMACSHA256 key template") 147 148 _, err = keyManager.NewKeyData(badMarshalledFormat) 149 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: invalid key format: "+ 150 "aes_cbc_hmac_aead_key_manager: invalid HmacParams: HashType \"UNKNOWN_HASH\" not supported", 151 "NewKeyData got: success, want: error due to format with invalid HMAC HashType") 152 } 153 154 func TestDoesSupportInvalidURL(t *testing.T) { 155 keyManager, err := registry.GetKeyManager(AESCBCHMACAEADTypeURL) 156 require.NoError(t, err, "cannot obtain AES-CBC-HMAC-AEAD key manager") 157 158 ok := keyManager.DoesSupport("bad/url") 159 require.Falsef(t, ok, "DoesSupport bad URL should return false") 160 } 161 162 func TestPrimitiveWithCorruptedKey(t *testing.T) { 163 keyManager, err := registry.GetKeyManager(AESCBCHMACAEADTypeURL) 164 require.NoError(t, err, "cannot obtain AES-CBC-HMAC-AEAD key manager") 165 166 _, err = keyManager.Primitive([]byte{}) 167 require.EqualError(t, err, "aes_cbc_hmac_aead_key_manager: invalid key") 168 169 _, err = keyManager.Primitive(make([]byte, 128)) 170 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: invalid key", 171 "Primitive() got: success, want: error due to corrupted key") 172 173 key := &aeadpb.AesCbcHmacAeadKey{ 174 Version: 0, 175 AesCbcKey: &aescbcpb.AesCbcKey{ 176 Version: 0, 177 KeyValue: nil, 178 }, 179 HmacKey: &hmacpb.HmacKey{ 180 Version: 0, 181 Params: &hmacpb.HmacParams{ 182 Hash: 0, 183 TagSize: 0, 184 }, 185 KeyValue: nil, 186 }, 187 } 188 189 mKey, err := proto.Marshal(key) 190 require.NoError(t, err) 191 192 _, err = keyManager.Primitive(mKey) 193 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: aes_cbc_hmac_aead_key_manager: invalid AES key"+ 194 " size; want 16, 24 or 32, got 0", 195 "Primitive() got: success, want: error due to corrupted empty aes key") 196 197 key.AesCbcKey.KeyValue = random.GetRandomBytes(32) 198 199 mKey, err = proto.Marshal(key) 200 require.NoError(t, err) 201 202 _, err = keyManager.Primitive(mKey) 203 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: cannot create hmac primitive, error: hmac: "+ 204 "invalid hash algorithm", 205 "Primitive() got: success, want: error due to corrupted key with invalid hmac type") 206 207 key.HmacKey.Params.Hash = commonpb.HashType_SHA256 208 209 mKey, err = proto.Marshal(key) 210 require.NoError(t, err) 211 212 _, err = keyManager.Primitive(mKey) 213 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: cannot create hmac primitive, error: hmac: "+ 214 "tag size too small", 215 "Primitive() got: success, want: error due to corrupted key with small tag size") 216 217 key.HmacKey.Params.TagSize = 16 218 key.Version = 9 219 220 mKey, err = proto.Marshal(key) 221 require.NoError(t, err) 222 223 _, err = keyManager.Primitive(mKey) 224 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: aes_cbc_hmac_aead_key_manager: key has version 9;"+ 225 " only keys with version in range [0..0] are supported", 226 "Primitive() got: success, want: error due to corrupted key with small tag size") 227 228 key.Version = 0 229 key.AesCbcKey.Version = 9 230 231 mKey, err = proto.Marshal(key) 232 require.NoError(t, err) 233 234 _, err = keyManager.Primitive(mKey) 235 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: aes_cbc_hmac_aead_key_manager: key has version 9;"+ 236 " only keys with version in range [0..0] are supported", 237 "Primitive() got: success, want: error due to corrupted key with small tag size") 238 239 key.AesCbcKey.Version = 0 240 key.HmacKey.Version = 9 241 242 mKey, err = proto.Marshal(key) 243 require.NoError(t, err) 244 245 _, err = keyManager.Primitive(mKey) 246 require.EqualErrorf(t, err, "aes_cbc_hmac_aead_key_manager: aes_cbc_hmac_aead_key_manager: key has version 9;"+ 247 " only keys with version in range [0..0] are supported", 248 "Primitive() got: success, want: error due to corrupted key with small tag size") 249 } 250 251 func TestPrimitiveIETFTestVector(t *testing.T) { 252 keyManager, err := registry.GetKeyManager(AESCBCHMACAEADTypeURL) 253 require.NoError(t, err, "cannot obtain AES-CBC-HMAC-AEAD key manager") 254 255 // Source: https://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05#section-5 256 plaintext := []byte{ 257 0x41, 0x20, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x20, 258 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, 259 0x69, 0x72, 0x65, 0x64, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 260 0x74, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x69, 0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 261 0x65, 0x20, 0x61, 0x62, 0x6c, 0x65, 0x20, 0x74, 0x6f, 0x20, 0x66, 0x61, 0x6c, 0x6c, 0x20, 0x69, 262 0x6e, 0x74, 0x6f, 0x20, 0x74, 0x68, 0x65, 0x20, 0x68, 0x61, 0x6e, 0x64, 0x73, 0x20, 0x6f, 0x66, 263 0x20, 0x74, 0x68, 0x65, 0x20, 0x65, 0x6e, 0x65, 0x6d, 0x79, 0x20, 0x77, 0x69, 0x74, 0x68, 0x6f, 264 0x75, 0x74, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x6e, 0x76, 0x65, 0x6e, 0x69, 0x65, 0x6e, 0x63, 0x65, 265 } 266 267 aad := []byte{ 268 0x54, 0x68, 0x65, 0x20, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x20, 0x70, 0x72, 0x69, 0x6e, 0x63, 269 0x69, 0x70, 0x6c, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x41, 0x75, 0x67, 0x75, 0x73, 0x74, 0x65, 0x20, 270 0x4b, 0x65, 0x72, 0x63, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x73, 271 } 272 273 nonce := []byte{ 274 0x1a, 0xf3, 0x8c, 0x2d, 0xc2, 0xb9, 0x6f, 0xfd, 0xd8, 0x66, 0x94, 0x09, 0x23, 0x41, 0xbc, 0x04, 275 } 276 277 ciphertext1 := []byte{ 278 0xc8, 0x0e, 0xdf, 0xa3, 0x2d, 0xdf, 0x39, 0xd5, 0xef, 0x00, 0xc0, 0xb4, 0x68, 0x83, 0x42, 0x79, 279 0xa2, 0xe4, 0x6a, 0x1b, 0x80, 0x49, 0xf7, 0x92, 0xf7, 0x6b, 0xfe, 0x54, 0xb9, 0x03, 0xa9, 0xc9, 280 0xa9, 0x4a, 0xc9, 0xb4, 0x7a, 0xd2, 0x65, 0x5c, 0x5f, 0x10, 0xf9, 0xae, 0xf7, 0x14, 0x27, 0xe2, 281 0xfc, 0x6f, 0x9b, 0x3f, 0x39, 0x9a, 0x22, 0x14, 0x89, 0xf1, 0x63, 0x62, 0xc7, 0x03, 0x23, 0x36, 282 0x09, 0xd4, 0x5a, 0xc6, 0x98, 0x64, 0xe3, 0x32, 0x1c, 0xf8, 0x29, 0x35, 0xac, 0x40, 0x96, 0xc8, 283 0x6e, 0x13, 0x33, 0x14, 0xc5, 0x40, 0x19, 0xe8, 0xca, 0x79, 0x80, 0xdf, 0xa4, 0xb9, 0xcf, 0x1b, 284 0x38, 0x4c, 0x48, 0x6f, 0x3a, 0x54, 0xc5, 0x10, 0x78, 0x15, 0x8e, 0xe5, 0xd7, 0x9d, 0xe5, 0x9f, 285 0xbd, 0x34, 0xd8, 0x48, 0xb3, 0xd6, 0x95, 0x50, 0xa6, 0x76, 0x46, 0x34, 0x44, 0x27, 0xad, 0xe5, 286 0x4b, 0x88, 0x51, 0xff, 0xb5, 0x98, 0xf7, 0xf8, 0x00, 0x74, 0xb9, 0x47, 0x3c, 0x82, 0xe2, 0xdb, 287 } 288 289 authTag1 := []byte{ 290 0x65, 0x2c, 0x3f, 0xa3, 0x6b, 0x0a, 0x7c, 0x5b, 0x32, 0x19, 0xfa, 0xb3, 0xa3, 0x0b, 0xc1, 0xc4, 291 } 292 293 key1 := []byte{ 294 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 295 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 296 } 297 298 ciphertext2 := []byte{ 299 0xea, 0x65, 0xda, 0x6b, 0x59, 0xe6, 0x1e, 0xdb, 0x41, 0x9b, 0xe6, 0x2d, 0x19, 0x71, 0x2a, 0xe5, 300 0xd3, 0x03, 0xee, 0xb5, 0x00, 0x52, 0xd0, 0xdf, 0xd6, 0x69, 0x7f, 0x77, 0x22, 0x4c, 0x8e, 0xdb, 301 0x00, 0x0d, 0x27, 0x9b, 0xdc, 0x14, 0xc1, 0x07, 0x26, 0x54, 0xbd, 0x30, 0x94, 0x42, 0x30, 0xc6, 302 0x57, 0xbe, 0xd4, 0xca, 0x0c, 0x9f, 0x4a, 0x84, 0x66, 0xf2, 0x2b, 0x22, 0x6d, 0x17, 0x46, 0x21, 303 0x4b, 0xf8, 0xcf, 0xc2, 0x40, 0x0a, 0xdd, 0x9f, 0x51, 0x26, 0xe4, 0x79, 0x66, 0x3f, 0xc9, 0x0b, 304 0x3b, 0xed, 0x78, 0x7a, 0x2f, 0x0f, 0xfc, 0xbf, 0x39, 0x04, 0xbe, 0x2a, 0x64, 0x1d, 0x5c, 0x21, 305 0x05, 0xbf, 0xe5, 0x91, 0xba, 0xe2, 0x3b, 0x1d, 0x74, 0x49, 0xe5, 0x32, 0xee, 0xf6, 0x0a, 0x9a, 306 0xc8, 0xbb, 0x6c, 0x6b, 0x01, 0xd3, 0x5d, 0x49, 0x78, 0x7b, 0xcd, 0x57, 0xef, 0x48, 0x49, 0x27, 307 0xf2, 0x80, 0xad, 0xc9, 0x1a, 0xc0, 0xc4, 0xe7, 0x9c, 0x7b, 0x11, 0xef, 0xc6, 0x00, 0x54, 0xe3, 308 } 309 310 authTag2 := []byte{ 311 0x84, 0x90, 0xac, 0x0e, 0x58, 0x94, 0x9b, 0xfe, 0x51, 0x87, 0x5d, 0x73, 0x3f, 0x93, 0xac, 0x20, 312 0x75, 0x16, 0x80, 0x39, 0xcc, 0xc7, 0x33, 0xd7, 313 } 314 315 key2 := []byte{ 316 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 317 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 318 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 319 } 320 321 ciphertext3 := []byte{ 322 0x89, 0x31, 0x29, 0xb0, 0xf4, 0xee, 0x9e, 0xb1, 0x8d, 0x75, 0xed, 0xa6, 0xf2, 0xaa, 0xa9, 0xf3, 323 0x60, 0x7c, 0x98, 0xc4, 0xba, 0x04, 0x44, 0xd3, 0x41, 0x62, 0x17, 0x0d, 0x89, 0x61, 0x88, 0x4e, 324 0x58, 0xf2, 0x7d, 0x4a, 0x35, 0xa5, 0xe3, 0xe3, 0x23, 0x4a, 0xa9, 0x94, 0x04, 0xf3, 0x27, 0xf5, 325 0xc2, 0xd7, 0x8e, 0x98, 0x6e, 0x57, 0x49, 0x85, 0x8b, 0x88, 0xbc, 0xdd, 0xc2, 0xba, 0x05, 0x21, 326 0x8f, 0x19, 0x51, 0x12, 0xd6, 0xad, 0x48, 0xfa, 0x3b, 0x1e, 0x89, 0xaa, 0x7f, 0x20, 0xd5, 0x96, 327 0x68, 0x2f, 0x10, 0xb3, 0x64, 0x8d, 0x3b, 0xb0, 0xc9, 0x83, 0xc3, 0x18, 0x5f, 0x59, 0xe3, 0x6d, 328 0x28, 0xf6, 0x47, 0xc1, 0xc1, 0x39, 0x88, 0xde, 0x8e, 0xa0, 0xd8, 0x21, 0x19, 0x8c, 0x15, 0x09, 329 0x77, 0xe2, 0x8c, 0xa7, 0x68, 0x08, 0x0b, 0xc7, 0x8c, 0x35, 0xfa, 0xed, 0x69, 0xd8, 0xc0, 0xb7, 330 0xd9, 0xf5, 0x06, 0x23, 0x21, 0x98, 0xa4, 0x89, 0xa1, 0xa6, 0xae, 0x03, 0xa3, 0x19, 0xfb, 0x30, 331 } 332 333 authTag3 := []byte{ 334 0xdd, 0x13, 0x1d, 0x05, 0xab, 0x34, 0x67, 0xdd, 0x05, 0x6f, 0x8e, 0x88, 0x2b, 0xad, 0x70, 0x63, 335 0x7f, 0x1e, 0x9a, 0x54, 0x1d, 0x9c, 0x23, 0xe7, 336 } 337 338 key3 := []byte{ 339 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 340 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 341 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 342 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 343 } 344 345 ciphertext4 := []byte{ 346 0x4a, 0xff, 0xaa, 0xad, 0xb7, 0x8c, 0x31, 0xc5, 0xda, 0x4b, 0x1b, 0x59, 0x0d, 0x10, 0xff, 0xbd, 347 0x3d, 0xd8, 0xd5, 0xd3, 0x02, 0x42, 0x35, 0x26, 0x91, 0x2d, 0xa0, 0x37, 0xec, 0xbc, 0xc7, 0xbd, 348 0x82, 0x2c, 0x30, 0x1d, 0xd6, 0x7c, 0x37, 0x3b, 0xcc, 0xb5, 0x84, 0xad, 0x3e, 0x92, 0x79, 0xc2, 349 0xe6, 0xd1, 0x2a, 0x13, 0x74, 0xb7, 0x7f, 0x07, 0x75, 0x53, 0xdf, 0x82, 0x94, 0x10, 0x44, 0x6b, 350 0x36, 0xeb, 0xd9, 0x70, 0x66, 0x29, 0x6a, 0xe6, 0x42, 0x7e, 0xa7, 0x5c, 0x2e, 0x08, 0x46, 0xa1, 351 0x1a, 0x09, 0xcc, 0xf5, 0x37, 0x0d, 0xc8, 0x0b, 0xfe, 0xcb, 0xad, 0x28, 0xc7, 0x3f, 0x09, 0xb3, 352 0xa3, 0xb7, 0x5e, 0x66, 0x2a, 0x25, 0x94, 0x41, 0x0a, 0xe4, 0x96, 0xb2, 0xe2, 0xe6, 0x60, 0x9e, 353 0x31, 0xe6, 0xe0, 0x2c, 0xc8, 0x37, 0xf0, 0x53, 0xd2, 0x1f, 0x37, 0xff, 0x4f, 0x51, 0x95, 0x0b, 354 0xbe, 0x26, 0x38, 0xd0, 0x9d, 0xd7, 0xa4, 0x93, 0x09, 0x30, 0x80, 0x6d, 0x07, 0x03, 0xb1, 0xf6, 355 } 356 357 authTag4 := []byte{ 358 0x4d, 0xd3, 0xb4, 0xc0, 0x88, 0xa7, 0xf4, 0x5c, 0x21, 0x68, 0x39, 0x64, 0x5b, 0x20, 0x12, 0xbf, 359 0x2e, 0x62, 0x69, 0xa8, 0xc5, 0x6a, 0x81, 0x6d, 0xbc, 0x1b, 0x26, 0x77, 0x61, 0x95, 0x5b, 0xc5, 360 } 361 362 key4 := []byte{ 363 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 364 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 365 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 366 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 367 } 368 369 tests := []struct { 370 name string 371 plaintext []byte 372 aad []byte 373 ciphertext []byte 374 authTag []byte 375 key []byte 376 nonce []byte 377 keySize int 378 hmacFn commonpb.HashType 379 tagSize int 380 }{ 381 { 382 name: "AEAD_AES_128_CBC_HMAC_SHA256", 383 plaintext: plaintext, 384 aad: aad, 385 ciphertext: ciphertext1, 386 authTag: authTag1, 387 key: key1, 388 nonce: nonce, 389 keySize: subtle.AES128Size, 390 hmacFn: commonpb.HashType_SHA256, 391 tagSize: len(authTag1), 392 }, 393 { 394 name: "AEAD_AES_192_CBC_HMAC_SHA384", 395 plaintext: plaintext, 396 aad: aad, 397 ciphertext: ciphertext2, 398 authTag: authTag2, 399 key: key2, 400 nonce: nonce, 401 keySize: subtle.AES192Size, 402 hmacFn: commonpb.HashType_SHA384, 403 tagSize: len(authTag2), 404 }, 405 { 406 name: "AEAD_AES_256_CBC_HMAC_SHA384", 407 plaintext: plaintext, 408 aad: aad, 409 ciphertext: ciphertext3, 410 authTag: authTag3, 411 key: key3, 412 nonce: nonce, 413 keySize: subtle.AES192Size, // Mac key is 24 (192 bits), AES key is 32 (256 bits) in key3. 414 hmacFn: commonpb.HashType_SHA384, 415 tagSize: len(authTag2), 416 }, 417 { 418 name: "AEAD_AES_256_CBC_HMAC_SHA512", 419 plaintext: plaintext, 420 aad: aad, 421 ciphertext: ciphertext4, 422 authTag: authTag4, 423 key: key4, 424 nonce: nonce, 425 keySize: subtle.AES256Size, 426 hmacFn: commonpb.HashType_SHA512, 427 tagSize: len(authTag4), 428 }, 429 } 430 431 t.Parallel() 432 433 for _, test := range tests { 434 tc := test 435 t.Run(tc.name, func(t *testing.T) { 436 key := &aeadpb.AesCbcHmacAeadKey{ 437 Version: 0, 438 AesCbcKey: &aescbcpb.AesCbcKey{ 439 Version: 0, 440 KeyValue: tc.key[tc.keySize:], 441 }, 442 HmacKey: &hmacpb.HmacKey{ 443 Version: 0, 444 Params: &hmacpb.HmacParams{ 445 Hash: tc.hmacFn, 446 TagSize: uint32(tc.tagSize), 447 }, 448 KeyValue: tc.key[:tc.keySize], 449 }, 450 } 451 452 mKey, err := proto.Marshal(key) 453 require.NoError(t, err) 454 455 enc, err := keyManager.Primitive(mKey) 456 require.NoError(t, err) 457 458 tinkAEAD, ok := enc.(*subtleaead.EncryptThenAuthenticate) 459 require.True(t, ok) 460 461 ct := make([]byte, len(nonce)+len(tc.ciphertext)+len(tc.authTag)) 462 copy(ct, nonce) 463 copy(ct[len(nonce):], tc.ciphertext) 464 copy(ct[len(nonce)+len(tc.ciphertext):], tc.authTag) 465 466 out, err := tinkAEAD.Decrypt(ct, aad) 467 require.NoError(t, err, "unable to decrypt") 468 469 require.EqualValues(t, plaintext, out) 470 }) 471 } 472 }