1 // Copyright 2019 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/streamingaead/streaming_aead_key_templates.h"
18
19 #include "gmock/gmock.h"
20 #include "gtest/gtest.h"
21 #include "tink/streamingaead/aes_ctr_hmac_streaming_key_manager.h"
22 #include "tink/streamingaead/aes_gcm_hkdf_streaming_key_manager.h"
23 #include "tink/util/test_matchers.h"
24 #include "proto/aes_ctr_hmac_streaming.pb.h"
25 #include "proto/aes_gcm_hkdf_streaming.pb.h"
26 #include "proto/common.pb.h"
27 #include "proto/tink.pb.h"
28
29 using google::crypto::tink::AesCtrHmacStreamingKeyFormat;
30 using google::crypto::tink::AesGcmHkdfStreamingKeyFormat;
31 using google::crypto::tink::HashType;
32 using google::crypto::tink::KeyTemplate;
33 using google::crypto::tink::OutputPrefixType;
34
35 namespace crypto {
36 namespace tink {
37 namespace {
38
39 using ::crypto::tink::test::IsOk;
40 using ::testing::Eq;
41 using ::testing::Ref;
42
TEST(Aes128GcmHkdf4KBTest,TypeUrl)43 TEST(Aes128GcmHkdf4KBTest, TypeUrl) {
44 EXPECT_THAT(
45 StreamingAeadKeyTemplates::Aes128GcmHkdf4KB().type_url(),
46 Eq("type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey"));
47 EXPECT_THAT(StreamingAeadKeyTemplates::Aes128GcmHkdf4KB().type_url(),
48 Eq(AesGcmHkdfStreamingKeyManager().get_key_type()));
49 }
50
TEST(Aes128GcmHkdf4KBTest,OutputPrefixType)51 TEST(Aes128GcmHkdf4KBTest, OutputPrefixType) {
52 EXPECT_THAT(
53 StreamingAeadKeyTemplates::Aes128GcmHkdf4KB().output_prefix_type(),
54 Eq(OutputPrefixType::RAW));
55 }
56
TEST(Aes128GcmHkdf4KBTest,SameReference)57 TEST(Aes128GcmHkdf4KBTest, SameReference) {
58 // Check that reference to the same object is returned.
59 EXPECT_THAT(StreamingAeadKeyTemplates::Aes128GcmHkdf4KB(),
60 Ref(StreamingAeadKeyTemplates::Aes128GcmHkdf4KB()));
61 }
62
TEST(Aes128GcmHkdf4KBTest,WorksWithKeyTypeManager)63 TEST(Aes128GcmHkdf4KBTest, WorksWithKeyTypeManager) {
64 const KeyTemplate& key_template =
65 StreamingAeadKeyTemplates::Aes128GcmHkdf4KB();
66 AesGcmHkdfStreamingKeyFormat key_format;
67 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
68 EXPECT_THAT(AesGcmHkdfStreamingKeyManager().ValidateKeyFormat(key_format),
69 IsOk());
70 }
71
TEST(Aes128GcmHkdf4KBTest,CheckValues)72 TEST(Aes128GcmHkdf4KBTest, CheckValues) {
73 const KeyTemplate& key_template =
74 StreamingAeadKeyTemplates::Aes128GcmHkdf4KB();
75 AesGcmHkdfStreamingKeyFormat key_format;
76 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
77 EXPECT_THAT(key_format.key_size(), Eq(16));
78 EXPECT_THAT(key_format.params().derived_key_size(), Eq(16));
79 EXPECT_THAT(key_format.params().ciphertext_segment_size(), Eq(4096));
80 EXPECT_THAT(key_format.params().hkdf_hash_type(), Eq(HashType::SHA256));
81 }
82
TEST(Aes256GcmHkdf4KBTest,TypeUrl)83 TEST(Aes256GcmHkdf4KBTest, TypeUrl) {
84 EXPECT_THAT(
85 StreamingAeadKeyTemplates::Aes256GcmHkdf4KB().type_url(),
86 Eq("type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey"));
87 EXPECT_THAT(StreamingAeadKeyTemplates::Aes256GcmHkdf4KB().type_url(),
88 Eq(AesGcmHkdfStreamingKeyManager().get_key_type()));
89 }
90
TEST(Aes256GcmHkdf4KBTest,OutputPrefixType)91 TEST(Aes256GcmHkdf4KBTest, OutputPrefixType) {
92 EXPECT_THAT(
93 StreamingAeadKeyTemplates::Aes256GcmHkdf4KB().output_prefix_type(),
94 Eq(OutputPrefixType::RAW));
95 }
96
TEST(Aes256GcmHkdf4KBTest,SameReference)97 TEST(Aes256GcmHkdf4KBTest, SameReference) {
98 // Check that reference to the same object is returned.
99 EXPECT_THAT(StreamingAeadKeyTemplates::Aes256GcmHkdf4KB(),
100 Ref(StreamingAeadKeyTemplates::Aes256GcmHkdf4KB()));
101 }
102
TEST(Aes256GcmHkdf4KBTest,WorksWithKeyTypeManager)103 TEST(Aes256GcmHkdf4KBTest, WorksWithKeyTypeManager) {
104 const KeyTemplate& key_template =
105 StreamingAeadKeyTemplates::Aes256GcmHkdf4KB();
106 AesGcmHkdfStreamingKeyFormat key_format;
107 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
108 EXPECT_THAT(AesGcmHkdfStreamingKeyManager().ValidateKeyFormat(key_format),
109 IsOk());
110 }
111
TEST(Aes256GcmHkdf4KBTest,CheckValues)112 TEST(Aes256GcmHkdf4KBTest, CheckValues) {
113 const KeyTemplate& key_template =
114 StreamingAeadKeyTemplates::Aes256GcmHkdf4KB();
115 AesGcmHkdfStreamingKeyFormat key_format;
116 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
117 EXPECT_THAT(key_format.key_size(), Eq(32));
118 EXPECT_THAT(key_format.params().derived_key_size(), Eq(32));
119 EXPECT_THAT(key_format.params().ciphertext_segment_size(), Eq(4096));
120 EXPECT_THAT(key_format.params().hkdf_hash_type(), Eq(HashType::SHA256));
121 }
122
TEST(Aes256GcmHkdf1MBTest,TypeUrl)123 TEST(Aes256GcmHkdf1MBTest, TypeUrl) {
124 EXPECT_THAT(
125 StreamingAeadKeyTemplates::Aes256GcmHkdf1MB().type_url(),
126 Eq("type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey"));
127 EXPECT_THAT(StreamingAeadKeyTemplates::Aes256GcmHkdf1MB().type_url(),
128 Eq(AesGcmHkdfStreamingKeyManager().get_key_type()));
129 }
130
TEST(Aes256GcmHkdf1MBTest,OutputPrefixType)131 TEST(Aes256GcmHkdf1MBTest, OutputPrefixType) {
132 EXPECT_THAT(
133 StreamingAeadKeyTemplates::Aes256GcmHkdf1MB().output_prefix_type(),
134 Eq(OutputPrefixType::RAW));
135 }
136
TEST(Aes256GcmHkdf1MBTest,SameReference)137 TEST(Aes256GcmHkdf1MBTest, SameReference) {
138 // Check that reference to the same object is returned.
139 EXPECT_THAT(StreamingAeadKeyTemplates::Aes256GcmHkdf1MB(),
140 Ref(StreamingAeadKeyTemplates::Aes256GcmHkdf1MB()));
141 }
142
TEST(Aes256GcmHkdf1MBTest,WorksWithKeyTypeManager)143 TEST(Aes256GcmHkdf1MBTest, WorksWithKeyTypeManager) {
144 const KeyTemplate& key_template =
145 StreamingAeadKeyTemplates::Aes256GcmHkdf1MB();
146 AesGcmHkdfStreamingKeyFormat key_format;
147 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
148 EXPECT_THAT(AesGcmHkdfStreamingKeyManager().ValidateKeyFormat(key_format),
149 IsOk());
150 }
151
TEST(Aes256GcmHkdf1MBTest,CheckValues)152 TEST(Aes256GcmHkdf1MBTest, CheckValues) {
153 const KeyTemplate& key_template =
154 StreamingAeadKeyTemplates::Aes256GcmHkdf1MB();
155 AesGcmHkdfStreamingKeyFormat key_format;
156 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
157 EXPECT_THAT(key_format.key_size(), Eq(32));
158 EXPECT_THAT(key_format.params().derived_key_size(), Eq(32));
159 EXPECT_THAT(key_format.params().ciphertext_segment_size(), Eq(1048576));
160 EXPECT_THAT(key_format.params().hkdf_hash_type(), Eq(HashType::SHA256));
161 }
162
TEST(Aes128CtrHmacSha256Segment4KBTest,TypeUrl)163 TEST(Aes128CtrHmacSha256Segment4KBTest, TypeUrl) {
164 EXPECT_THAT(
165 StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment4KB().type_url(),
166 Eq("type.googleapis.com/google.crypto.tink.AesCtrHmacStreamingKey"));
167 EXPECT_THAT(
168 StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment4KB().type_url(),
169 Eq(AesCtrHmacStreamingKeyManager().get_key_type()));
170 }
171
TEST(Aes128CtrHmacSha256Segment4KBTest,OutputPrefixType)172 TEST(Aes128CtrHmacSha256Segment4KBTest, OutputPrefixType) {
173 EXPECT_THAT(StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment4KB()
174 .output_prefix_type(),
175 Eq(OutputPrefixType::RAW));
176 }
177
TEST(Aes128CtrHmacSha256Segment4KBTest,SameReference)178 TEST(Aes128CtrHmacSha256Segment4KBTest, SameReference) {
179 // Check that reference to the same object is returned.
180 EXPECT_THAT(StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment4KB(),
181 Ref(StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment4KB()));
182 }
183
TEST(Aes128CtrHmacSha256Segment4KBTest,WorksWithKeyTypeManager)184 TEST(Aes128CtrHmacSha256Segment4KBTest, WorksWithKeyTypeManager) {
185 const KeyTemplate& key_template =
186 StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment4KB();
187 AesCtrHmacStreamingKeyFormat key_format;
188 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
189 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
190 IsOk());
191 }
192
TEST(Aes128CtrHmacSha256Segment4KBTest,CheckValues)193 TEST(Aes128CtrHmacSha256Segment4KBTest, CheckValues) {
194 const KeyTemplate& key_template =
195 StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment4KB();
196 AesCtrHmacStreamingKeyFormat key_format;
197 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
198 EXPECT_THAT(key_format.key_size(), Eq(16));
199 EXPECT_THAT(key_format.params().ciphertext_segment_size(), Eq(4096));
200 EXPECT_THAT(key_format.params().derived_key_size(), Eq(16));
201 EXPECT_THAT(key_format.params().hkdf_hash_type(), Eq(HashType::SHA256));
202 EXPECT_THAT(key_format.params().hmac_params().hash(), Eq(HashType::SHA256));
203 EXPECT_THAT(key_format.params().hmac_params().tag_size(), Eq(32));
204 }
205
TEST(Aes128CtrHmacSha256Segment1MBTest,TypeUrl)206 TEST(Aes128CtrHmacSha256Segment1MBTest, TypeUrl) {
207 EXPECT_THAT(
208 StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment1MB().type_url(),
209 Eq("type.googleapis.com/google.crypto.tink.AesCtrHmacStreamingKey"));
210 EXPECT_THAT(
211 StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment1MB().type_url(),
212 Eq(AesCtrHmacStreamingKeyManager().get_key_type()));
213 }
214
TEST(Aes128CtrHmacSha256Segment1MBTest,OutputPrefixType)215 TEST(Aes128CtrHmacSha256Segment1MBTest, OutputPrefixType) {
216 EXPECT_THAT(StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment1MB()
217 .output_prefix_type(),
218 Eq(OutputPrefixType::RAW));
219 }
220
TEST(Aes128CtrHmacSha256Segment1MBTest,SameReference)221 TEST(Aes128CtrHmacSha256Segment1MBTest, SameReference) {
222 // Check that reference to the same object is returned.
223 EXPECT_THAT(StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment1MB(),
224 Ref(StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment1MB()));
225 }
226
TEST(Aes128CtrHmacSha256Segment1MBTest,WorksWithKeyTypeManager)227 TEST(Aes128CtrHmacSha256Segment1MBTest, WorksWithKeyTypeManager) {
228 const KeyTemplate& key_template =
229 StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment1MB();
230 AesCtrHmacStreamingKeyFormat key_format;
231 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
232 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
233 IsOk());
234 }
235
TEST(Aes128CtrHmacSha256Segment1MBTest,CheckValues)236 TEST(Aes128CtrHmacSha256Segment1MBTest, CheckValues) {
237 const KeyTemplate& key_template =
238 StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment1MB();
239 AesCtrHmacStreamingKeyFormat key_format;
240 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
241 EXPECT_THAT(key_format.key_size(), Eq(16));
242 EXPECT_THAT(key_format.params().ciphertext_segment_size(), Eq(1048576));
243 EXPECT_THAT(key_format.params().derived_key_size(), Eq(16));
244 EXPECT_THAT(key_format.params().hkdf_hash_type(), Eq(HashType::SHA256));
245 EXPECT_THAT(key_format.params().hmac_params().hash(), Eq(HashType::SHA256));
246 EXPECT_THAT(key_format.params().hmac_params().tag_size(), Eq(32));
247 }
248
TEST(Aes256CtrHmacSha256Segment4KBTest,TypeUrl)249 TEST(Aes256CtrHmacSha256Segment4KBTest, TypeUrl) {
250 EXPECT_THAT(
251 StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment4KB().type_url(),
252 Eq("type.googleapis.com/google.crypto.tink.AesCtrHmacStreamingKey"));
253 EXPECT_THAT(
254 StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment4KB().type_url(),
255 Eq(AesCtrHmacStreamingKeyManager().get_key_type()));
256 }
257
TEST(Aes256CtrHmacSha256Segment4KBTest,OutputPrefixType)258 TEST(Aes256CtrHmacSha256Segment4KBTest, OutputPrefixType) {
259 EXPECT_THAT(StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment4KB()
260 .output_prefix_type(),
261 Eq(OutputPrefixType::RAW));
262 }
263
TEST(Aes256CtrHmacSha256Segment4KBTest,SameReference)264 TEST(Aes256CtrHmacSha256Segment4KBTest, SameReference) {
265 // Check that reference to the same object is returned.
266 EXPECT_THAT(StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment4KB(),
267 Ref(StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment4KB()));
268 }
269
TEST(Aes256CtrHmacSha256Segment4KBTest,WorksWithKeyTypeManager)270 TEST(Aes256CtrHmacSha256Segment4KBTest, WorksWithKeyTypeManager) {
271 const KeyTemplate& key_template =
272 StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment4KB();
273 AesCtrHmacStreamingKeyFormat key_format;
274 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
275 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
276 IsOk());
277 }
278
TEST(Aes256CtrHmacSha256Segment4KBTest,CheckValues)279 TEST(Aes256CtrHmacSha256Segment4KBTest, CheckValues) {
280 const KeyTemplate& key_template =
281 StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment4KB();
282 AesCtrHmacStreamingKeyFormat key_format;
283 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
284 EXPECT_THAT(key_format.key_size(), Eq(32));
285 EXPECT_THAT(key_format.params().ciphertext_segment_size(), Eq(4096));
286 EXPECT_THAT(key_format.params().derived_key_size(), Eq(32));
287 EXPECT_THAT(key_format.params().hkdf_hash_type(), Eq(HashType::SHA256));
288 EXPECT_THAT(key_format.params().hmac_params().hash(), Eq(HashType::SHA256));
289 EXPECT_THAT(key_format.params().hmac_params().tag_size(), Eq(32));
290 }
291
TEST(Aes256CtrHmacSha256Segment1MBTest,TypeUrl)292 TEST(Aes256CtrHmacSha256Segment1MBTest, TypeUrl) {
293 EXPECT_THAT(
294 StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment1MB().type_url(),
295 Eq("type.googleapis.com/google.crypto.tink.AesCtrHmacStreamingKey"));
296 EXPECT_THAT(
297 StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment1MB().type_url(),
298 Eq(AesCtrHmacStreamingKeyManager().get_key_type()));
299 }
300
TEST(Aes256CtrHmacSha256Segment1MBTest,OutputPrefixType)301 TEST(Aes256CtrHmacSha256Segment1MBTest, OutputPrefixType) {
302 EXPECT_THAT(StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment1MB()
303 .output_prefix_type(),
304 Eq(OutputPrefixType::RAW));
305 }
306
TEST(Aes256CtrHmacSha256Segment1MBTest,SameReference)307 TEST(Aes256CtrHmacSha256Segment1MBTest, SameReference) {
308 // Check that reference to the same object is returned.
309 EXPECT_THAT(StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment1MB(),
310 Ref(StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment1MB()));
311 }
312
TEST(Aes256CtrHmacSha256Segment1MBTest,WorksWithKeyTypeManager)313 TEST(Aes256CtrHmacSha256Segment1MBTest, WorksWithKeyTypeManager) {
314 const KeyTemplate& key_template =
315 StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment1MB();
316 AesCtrHmacStreamingKeyFormat key_format;
317 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
318 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
319 IsOk());
320 }
321
TEST(Aes256CtrHmacSha256Segment1MBTest,CheckValues)322 TEST(Aes256CtrHmacSha256Segment1MBTest, CheckValues) {
323 const KeyTemplate& key_template =
324 StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment1MB();
325 AesCtrHmacStreamingKeyFormat key_format;
326 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
327 EXPECT_THAT(key_format.key_size(), Eq(32));
328 EXPECT_THAT(key_format.params().ciphertext_segment_size(), Eq(1048576));
329 EXPECT_THAT(key_format.params().derived_key_size(), Eq(32));
330 EXPECT_THAT(key_format.params().hkdf_hash_type(), Eq(HashType::SHA256));
331 EXPECT_THAT(key_format.params().hmac_params().hash(), Eq(HashType::SHA256));
332 EXPECT_THAT(key_format.params().hmac_params().tag_size(), Eq(32));
333 }
334
335 } // namespace
336 } // namespace tink
337 } // namespace crypto
338