github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/composite/ecdh/ecdh_key_template_test.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package ecdh 8 9 import ( 10 "testing" 11 "time" 12 13 "github.com/google/tink/go/keyset" 14 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 15 "github.com/google/tink/go/subtle/random" 16 "github.com/stretchr/testify/require" 17 18 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/aead/subtle" 19 ) 20 21 func TestECDHESKeyTemplateSuccess(t *testing.T) { 22 flagTests := []struct { 23 tcName string 24 tmplFunc func() *tinkpb.KeyTemplate 25 nistpKW bool 26 encAlg AEADAlg 27 }{ 28 { 29 tcName: "create ECDH NIST P-256 KW with AES256-GCM key templates test", 30 tmplFunc: NISTP256ECDHKWKeyTemplate, 31 nistpKW: true, 32 encAlg: AES256GCM, 33 }, 34 { 35 tcName: "create ECDH NIST P-384 KW AES256-GCM key templates test", 36 tmplFunc: NISTP384ECDHKWKeyTemplate, 37 nistpKW: true, 38 encAlg: AES256GCM, 39 }, 40 { 41 tcName: "create ECDH NIST P-521 KW AES256-GCM key templates test", 42 tmplFunc: NISTP521ECDHKWKeyTemplate, 43 nistpKW: true, 44 encAlg: AES256GCM, 45 }, 46 { 47 tcName: "creat ECDH X25519 KW with AES256-GCM key templates test", 48 tmplFunc: X25519ECDHKWKeyTemplate, 49 encAlg: AES256GCM, 50 }, 51 { 52 tcName: "create ECDH NIST P-256 KW with XChacha20Poly1305 key templates test", 53 tmplFunc: NISTP256ECDHKWKeyTemplate, 54 nistpKW: true, 55 encAlg: XC20P, 56 }, 57 { 58 tcName: "create ECDH NIST P-384 KW XChacha20Poly1305 key templates test", 59 tmplFunc: NISTP384ECDHKWKeyTemplate, 60 nistpKW: true, 61 encAlg: XC20P, 62 }, 63 { 64 tcName: "create ECDH NIST P-521 KW XChacha20Poly1305 key templates test", 65 tmplFunc: NISTP521ECDHKWKeyTemplate, 66 nistpKW: true, 67 encAlg: XC20P, 68 }, 69 { 70 tcName: "creat ECDH X25519 KW with XChacha20Poly1305 key templates test", 71 tmplFunc: X25519ECDHKWKeyTemplate, 72 encAlg: XC20P, 73 }, 74 { 75 tcName: "create ECDH NIST P-256 KW with AES128-CBC+HMAC-SHA256 key templates test", 76 tmplFunc: NISTP256ECDHKWKeyTemplate, 77 nistpKW: true, 78 encAlg: AES128CBCHMACSHA256, 79 }, 80 { 81 tcName: "create ECDH NIST P-384 KW AES128-CBC+HMAC-SHA256 key templates test", 82 tmplFunc: NISTP384ECDHKWKeyTemplate, 83 nistpKW: true, 84 encAlg: AES128CBCHMACSHA256, 85 }, 86 { 87 tcName: "create ECDH NIST P-521 KW AES128-CBC+HMAC-SHA256 key templates test", 88 tmplFunc: NISTP521ECDHKWKeyTemplate, 89 nistpKW: true, 90 encAlg: AES128CBCHMACSHA256, 91 }, 92 { 93 tcName: "creat ECDH X25519 KW with AES128-CBC+HMAC-SHA256 key templates test", 94 tmplFunc: X25519ECDHKWKeyTemplate, 95 encAlg: AES128CBCHMACSHA256, 96 }, 97 { 98 tcName: "create ECDH NIST P-256 KW with AES192-CBC+HMAC-SHA384 key templates test", 99 tmplFunc: NISTP256ECDHKWKeyTemplate, 100 nistpKW: true, 101 encAlg: AES192CBCHMACSHA384, 102 }, 103 { 104 tcName: "create ECDH NIST P-384 KW AES192-CBC+HMAC-SHA384 key templates test", 105 tmplFunc: NISTP384ECDHKWKeyTemplate, 106 nistpKW: true, 107 encAlg: AES192CBCHMACSHA384, 108 }, 109 { 110 tcName: "create ECDH NIST P-521 KW AES192-CBC+HMAC-SHA384 key templates test", 111 tmplFunc: NISTP521ECDHKWKeyTemplate, 112 nistpKW: true, 113 encAlg: AES192CBCHMACSHA384, 114 }, 115 { 116 tcName: "creat ECDH X25519 KW with AES192-CBC+HMAC-SHA384 key templates test", 117 tmplFunc: X25519ECDHKWKeyTemplate, 118 encAlg: AES192CBCHMACSHA384, 119 }, 120 { 121 tcName: "create ECDH NIST P-256 KW with AES256-CBC+HMAC-SHA384 key templates test", 122 tmplFunc: NISTP256ECDHKWKeyTemplate, 123 nistpKW: true, 124 encAlg: AES256CBCHMACSHA384, 125 }, 126 { 127 tcName: "create ECDH NIST P-384 KW AES256-CBC+HMAC-SHA384 key templates test", 128 tmplFunc: NISTP384ECDHKWKeyTemplate, 129 nistpKW: true, 130 encAlg: AES256CBCHMACSHA384, 131 }, 132 { 133 tcName: "create ECDH NIST P-521 KW AES256-CBC+HMAC-SHA384 key templates test", 134 tmplFunc: NISTP521ECDHKWKeyTemplate, 135 nistpKW: true, 136 encAlg: AES256CBCHMACSHA384, 137 }, 138 { 139 tcName: "creat ECDH X25519 KW with AES256-CBC+HMAC-SHA384 key templates test", 140 tmplFunc: X25519ECDHKWKeyTemplate, 141 encAlg: AES256CBCHMACSHA384, 142 }, 143 { 144 tcName: "create ECDH NIST P-256 KW with AES256-CBC+HMAC-SHA512 key templates test", 145 tmplFunc: NISTP256ECDHKWKeyTemplate, 146 nistpKW: true, 147 encAlg: AES256CBCHMACSHA512, 148 }, 149 { 150 tcName: "create ECDH NIST P-384 KW AES256-CBC+HMAC-SHA512 key templates test", 151 tmplFunc: NISTP384ECDHKWKeyTemplate, 152 nistpKW: true, 153 encAlg: AES256CBCHMACSHA512, 154 }, 155 { 156 tcName: "create ECDH NIST P-521 KW AES256-CBC+HMAC-SHA512 key templates test", 157 tmplFunc: NISTP521ECDHKWKeyTemplate, 158 nistpKW: true, 159 encAlg: AES256CBCHMACSHA512, 160 }, 161 { 162 tcName: "creat ECDH X25519 KW with AES256-CBC+HMAC-SHA512 key templates test", 163 tmplFunc: X25519ECDHKWKeyTemplate, 164 encAlg: AES256CBCHMACSHA512, 165 }, 166 } 167 168 for _, tt := range flagTests { 169 tc := tt 170 t.Run("Test "+tc.tcName, func(t *testing.T) { 171 cek := createCEK(tc.encAlg) 172 kt := tc.tmplFunc() 173 174 kh, err := keyset.NewHandle(kt) 175 require.NoError(t, err) 176 177 pubKH, err := kh.Public() 178 require.NoError(t, err) 179 180 e, err := NewECDHEncrypt(pubKH) 181 require.NoError(t, err) 182 183 pt := []byte("secret message") 184 aad := []byte("aad message") 185 186 // trying to encrypt using the above KH should fail since cek was not set 187 ct, err := e.Encrypt(pt, aad) 188 require.Error(t, err) 189 require.Empty(t, ct) 190 191 elapsed := time.Now() 192 193 // now try to create a new KH for primitive execution and try to encrypt 194 kt = KeyTemplateForECDHPrimitiveWithCEK(cek, tc.nistpKW, tc.encAlg) 195 196 t.Logf("time spent in ECDH keyTemplateWithCEK: %s", time.Since(elapsed)) 197 198 kh, err = keyset.NewHandle(kt) 199 require.NoError(t, err) 200 201 t.Logf("time spent in ECDH keyTemplateWithCEK + NewHandle(): %s", time.Since(elapsed)) 202 203 pubKH, err = kh.Public() 204 require.NoError(t, err) 205 206 e, err = NewECDHEncrypt(pubKH) 207 require.NoError(t, err) 208 209 ct, err = e.Encrypt(pt, aad) 210 require.NoError(t, err) 211 require.NotEmpty(t, ct) 212 213 // decrypt with kh that has cek 214 d, er := NewECDHDecrypt(kh) 215 require.NoError(t, er) 216 217 dpt, er := d.Decrypt(ct, aad) 218 require.NoError(t, er) 219 require.Equal(t, pt, dpt) 220 }) 221 } 222 } 223 224 func createCEK(cbcAlg AEADAlg) []byte { 225 switch cbcAlg { 226 case AES128CBCHMACSHA256: 227 return random.GetRandomBytes(uint32(subtle.AES128Size * 2)) // cek: 32 bytes. 228 case AES192CBCHMACSHA384: 229 return random.GetRandomBytes(uint32(subtle.AES192Size * 2)) // cek: 48 bytes. 230 case AES256CBCHMACSHA384: 231 return random.GetRandomBytes(uint32(subtle.AES256Size + subtle.AES192Size)) // cek: 56 bytes. 232 case AES256CBCHMACSHA512: 233 return random.GetRandomBytes(uint32(subtle.AES256Size * 2)) // cek: 64 bytes. 234 default: 235 return random.GetRandomBytes(uint32(32)) // default cek: 32 bytes. 236 } 237 }