1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/subtle/aes_ctr_hmac_streaming.h"
18
19 #include <memory>
20 #include <string>
21 #include <utility>
22 #include <vector>
23
24 #include "gmock/gmock.h"
25 #include "gtest/gtest.h"
26 #include "absl/status/status.h"
27 #include "absl/strings/str_cat.h"
28 #include "tink/config/tink_fips.h"
29 #include "tink/subtle/common_enums.h"
30 #include "tink/subtle/random.h"
31 #include "tink/subtle/stream_segment_decrypter.h"
32 #include "tink/subtle/stream_segment_encrypter.h"
33 #include "tink/subtle/streaming_aead_test_util.h"
34 #include "tink/util/status.h"
35 #include "tink/util/statusor.h"
36 #include "tink/util/test_matchers.h"
37 #include "tink/util/test_util.h"
38
39 using ::crypto::tink::test::IsOk;
40 using ::crypto::tink::test::StatusIs;
41 using ::testing::HasSubstr;
42
43 namespace crypto {
44 namespace tink {
45 namespace subtle {
46 namespace {
47
ValidParams()48 AesCtrHmacStreaming::Params ValidParams() {
49 AesCtrHmacStreaming::Params params;
50 params.ikm = Random::GetRandomKeyBytes(32);
51 params.hkdf_algo = SHA256;
52 params.key_size = 32;
53 params.ciphertext_segment_size = 256;
54 params.ciphertext_offset = 0;
55 params.tag_algo = SHA256;
56 params.tag_size = 16;
57 return params;
58 }
59
TEST(AesCtrHmacStreamSegmentEncrypterTest,Basic)60 TEST(AesCtrHmacStreamSegmentEncrypterTest, Basic) {
61 if (IsFipsModeEnabled()) {
62 GTEST_SKIP() << "Not supported in FIPS-only mode";
63 }
64 for (int ikm_size : {16, 32}) {
65 for (HashType hkdf_algo : {SHA1, SHA256, SHA512}) {
66 for (int key_size : {16, 32}) {
67 if (ikm_size < key_size) continue;
68 for (int ciphertext_segment_size : {80, 128, 200}) {
69 for (int ciphertext_offset : {0, 5, 10}) {
70 for (HashType tag_algo : {SHA1, SHA256, SHA512}) {
71 for (int tag_size : {10, 16, 20}) {
72 SCOPED_TRACE(absl::StrCat(
73 "ikm_size = ", ikm_size, ", hkdf_algo = ",
74 EnumToString(hkdf_algo), ", key_size = ", key_size,
75 ", ciphertext_segment_size = ", ciphertext_segment_size,
76 ", ciphertext_offset = ", ciphertext_offset,
77 ", tag_algo = ", EnumToString(tag_algo),
78 ", tag_size = ", tag_size));
79
80 // Construct the parameters.
81 AesCtrHmacStreaming::Params params;
82 params.ikm = Random::GetRandomKeyBytes(ikm_size);
83 params.hkdf_algo = hkdf_algo;
84 params.key_size = key_size;
85 params.ciphertext_segment_size = ciphertext_segment_size;
86 params.ciphertext_offset = ciphertext_offset;
87 params.tag_algo = tag_algo;
88 params.tag_size = tag_size;
89 std::string associated_data = "associated data";
90
91 // Get a segment encrypter.
92 auto enc_result = AesCtrHmacStreamSegmentEncrypter::New(
93 params, associated_data);
94 ASSERT_THAT(enc_result, IsOk());
95 auto enc = std::move(enc_result.value());
96 EXPECT_EQ(0, enc->get_segment_number());
97 int header_size = 1 + key_size + /* nonce_prefix_size = */ 7;
98 EXPECT_EQ(header_size, enc->get_header().size());
99 EXPECT_EQ(header_size, enc->get_header()[0]);
100 EXPECT_EQ(ciphertext_segment_size,
101 enc->get_ciphertext_segment_size());
102 EXPECT_EQ(ciphertext_segment_size - tag_size,
103 enc->get_plaintext_segment_size());
104 EXPECT_EQ(ciphertext_offset, enc->get_ciphertext_offset());
105
106 int segment_number = 0;
107 for (int pt_size :
108 {0, 1, 10, enc->get_plaintext_segment_size()}) {
109 for (bool is_last_segment : {false, true}) {
110 SCOPED_TRACE(
111 absl::StrCat("plaintext_size = ", pt_size,
112 ", is_last_segment = ", is_last_segment));
113 std::vector<uint8_t> pt(pt_size, 'p');
114 std::vector<uint8_t> ct;
115 EXPECT_THAT(enc->EncryptSegment(pt, is_last_segment, &ct),
116 IsOk());
117 EXPECT_EQ(ct.size(), pt.size() + tag_size);
118 segment_number++;
119 EXPECT_EQ(segment_number, enc->get_segment_number());
120 }
121 }
122 }
123 }
124 }
125 }
126 }
127 }
128 }
129 }
130
TEST(AesCtrHmacStreamSegmentEncrypterTest,EncryptLongPlaintext)131 TEST(AesCtrHmacStreamSegmentEncrypterTest, EncryptLongPlaintext) {
132 if (IsFipsModeEnabled()) {
133 GTEST_SKIP() << "Not supported in FIPS-only mode";
134 }
135 AesCtrHmacStreaming::Params params = ValidParams();
136 std::string associated_data = "associated data";
137
138 auto enc_result =
139 AesCtrHmacStreamSegmentEncrypter::New(params, associated_data);
140 ASSERT_THAT(enc_result, IsOk());
141 auto enc = std::move(enc_result.value());
142
143 std::vector<uint8_t> pt(enc->get_plaintext_segment_size() + 1, 'p');
144 std::vector<uint8_t> ct;
145 ASSERT_THAT(enc->EncryptSegment(pt, true, &ct),
146 StatusIs(absl::StatusCode::kInvalidArgument,
147 HasSubstr("plaintext too long")));
148 }
149
TEST(AesCtrHmacStreamSegmentEncrypterTest,EncryptNullCtBuffer)150 TEST(AesCtrHmacStreamSegmentEncrypterTest, EncryptNullCtBuffer) {
151 if (IsFipsModeEnabled()) {
152 GTEST_SKIP() << "Not supported in FIPS-only mode";
153 }
154 AesCtrHmacStreaming::Params params = ValidParams();
155 std::string associated_data = "associated data";
156
157 auto enc_result =
158 AesCtrHmacStreamSegmentEncrypter::New(params, associated_data);
159 ASSERT_THAT(enc_result, IsOk());
160 auto enc = std::move(enc_result.value());
161
162 std::vector<uint8_t> pt(enc->get_plaintext_segment_size(), 'p');
163 ASSERT_THAT(enc->EncryptSegment(pt, true, nullptr),
164 StatusIs(absl::StatusCode::kInvalidArgument,
165 HasSubstr("must be non-null")));
166 }
167
TEST(AesCtrHmacStreamSegmentDecrypterTest,Basic)168 TEST(AesCtrHmacStreamSegmentDecrypterTest, Basic) {
169 if (IsFipsModeEnabled()) {
170 GTEST_SKIP() << "Not supported in FIPS-only mode";
171 }
172 for (int ikm_size : {16, 32}) {
173 for (HashType hkdf_algo : {SHA1, SHA256, SHA512}) {
174 for (int key_size : {16, 32}) {
175 if (ikm_size < key_size) continue;
176 for (int ciphertext_segment_size : {80, 128, 200}) {
177 for (int ciphertext_offset : {0, 5, 10}) {
178 for (HashType tag_algo : {SHA1, SHA256, SHA512}) {
179 for (int tag_size : {10, 16, 20}) {
180 SCOPED_TRACE(absl::StrCat(
181 "ikm_size = ", ikm_size, ", hkdf_algo = ",
182 EnumToString(hkdf_algo), ", key_size = ", key_size,
183 ", ciphertext_segment_size = ", ciphertext_segment_size,
184 ", ciphertext_offset = ", ciphertext_offset,
185 ", tag_algo = ", EnumToString(tag_algo),
186 ", tag_size = ", tag_size));
187
188 // Construct the parameters.
189 AesCtrHmacStreaming::Params params;
190 params.ikm = Random::GetRandomKeyBytes(ikm_size);
191 params.hkdf_algo = hkdf_algo;
192 params.key_size = key_size;
193 params.ciphertext_segment_size = ciphertext_segment_size;
194 params.ciphertext_offset = ciphertext_offset;
195 params.tag_algo = tag_algo;
196 params.tag_size = tag_size;
197 std::string associated_data = "associated data";
198
199 // Get a segment encrypter.
200 auto enc_result = AesCtrHmacStreamSegmentEncrypter::New(
201 params, associated_data);
202 ASSERT_THAT(enc_result, IsOk());
203 auto enc = std::move(enc_result.value());
204
205 // Get and initialize a segment decrypter.
206 auto dec_result = AesCtrHmacStreamSegmentDecrypter::New(
207 params, associated_data);
208 ASSERT_THAT(dec_result, IsOk());
209 auto dec = std::move(dec_result.value());
210 ASSERT_THAT(dec->Init(enc->get_header()), IsOk());
211 int header_size = 1 + key_size + /* nonce_prefix_size = */ 7;
212 EXPECT_EQ(header_size, dec->get_header_size());
213 EXPECT_EQ(enc->get_header().size(), dec->get_header_size());
214 EXPECT_EQ(ciphertext_segment_size,
215 dec->get_ciphertext_segment_size());
216 EXPECT_EQ(ciphertext_segment_size - tag_size,
217 dec->get_plaintext_segment_size());
218 EXPECT_EQ(ciphertext_offset, dec->get_ciphertext_offset());
219
220 int segment_number = 0;
221 for (int pt_size :
222 {0, 1, 10, dec->get_plaintext_segment_size()}) {
223 for (bool is_last_segment : {false, true}) {
224 SCOPED_TRACE(
225 absl::StrCat("plaintext_size = ", pt_size,
226 ", is_last_segment = ", is_last_segment));
227 std::vector<uint8_t> pt(pt_size, 'p');
228 std::vector<uint8_t> ct;
229 std::vector<uint8_t> decrypted;
230 auto status = enc->EncryptSegment(pt, is_last_segment, &ct);
231 EXPECT_THAT(status, IsOk());
232 EXPECT_EQ(ct.size(), pt.size() + tag_size);
233 EXPECT_THAT(
234 dec->DecryptSegment(ct, segment_number, is_last_segment,
235 &decrypted),
236 IsOk());
237 EXPECT_EQ(pt, decrypted);
238 segment_number++;
239 EXPECT_EQ(segment_number, enc->get_segment_number());
240 }
241 }
242 }
243 }
244 }
245 }
246 }
247 }
248 }
249 }
250
TEST(AesCtrHmacStreamSegmentDecrypterTest,AlreadyInit)251 TEST(AesCtrHmacStreamSegmentDecrypterTest, AlreadyInit) {
252 if (IsFipsModeEnabled()) {
253 GTEST_SKIP() << "Not supported in FIPS-only mode";
254 }
255 AesCtrHmacStreaming::Params params = ValidParams();
256 std::string associated_data = "associated data";
257
258 auto enc_result =
259 AesCtrHmacStreamSegmentEncrypter::New(params, associated_data);
260 ASSERT_THAT(enc_result, IsOk());
261 auto enc = std::move(enc_result.value());
262 auto dec_result =
263 AesCtrHmacStreamSegmentDecrypter::New(params, associated_data);
264 ASSERT_THAT(dec_result, IsOk());
265 auto dec = std::move(dec_result.value());
266 ASSERT_THAT(dec->Init(enc->get_header()), IsOk());
267 ASSERT_THAT(dec->Init(enc->get_header()),
268 StatusIs(absl::StatusCode::kFailedPrecondition,
269 HasSubstr("alreday initialized")));
270 }
271
TEST(AesCtrHmacStreamSegmentDecrypterTest,InitWrongHeaderSize)272 TEST(AesCtrHmacStreamSegmentDecrypterTest, InitWrongHeaderSize) {
273 if (IsFipsModeEnabled()) {
274 GTEST_SKIP() << "Not supported in FIPS-only mode";
275 }
276 AesCtrHmacStreaming::Params params = ValidParams();
277 std::string associated_data = "associated data";
278
279 auto enc_result =
280 AesCtrHmacStreamSegmentEncrypter::New(params, associated_data);
281 ASSERT_THAT(enc_result, IsOk());
282 auto enc = std::move(enc_result.value());
283 auto dec_result =
284 AesCtrHmacStreamSegmentDecrypter::New(params, associated_data);
285 ASSERT_THAT(dec_result, IsOk());
286 auto dec = std::move(dec_result.value());
287 auto header = enc->get_header();
288 header.resize(dec->get_header_size() - 1);
289 ASSERT_THAT(dec->Init(header), StatusIs(absl::StatusCode::kInvalidArgument,
290 HasSubstr("wrong header size")));
291 }
292
TEST(AesCtrHmacStreamSegmentDecrypterTest,InitCorruptedHeader)293 TEST(AesCtrHmacStreamSegmentDecrypterTest, InitCorruptedHeader) {
294 if (IsFipsModeEnabled()) {
295 GTEST_SKIP() << "Not supported in FIPS-only mode";
296 }
297 AesCtrHmacStreaming::Params params = ValidParams();
298 std::string associated_data = "associated data";
299
300 auto enc_result =
301 AesCtrHmacStreamSegmentEncrypter::New(params, associated_data);
302 ASSERT_THAT(enc_result, IsOk());
303 auto enc = std::move(enc_result.value());
304 auto dec_result =
305 AesCtrHmacStreamSegmentDecrypter::New(params, associated_data);
306 ASSERT_THAT(dec_result, IsOk());
307 auto dec = std::move(dec_result.value());
308 auto header = enc->get_header();
309 header[0] = 0;
310 ASSERT_THAT(dec->Init(header), StatusIs(absl::StatusCode::kInvalidArgument,
311 HasSubstr("corrupted header")));
312 }
313
TEST(AesCtrHmacStreamSegmentDecrypterTest,DecryptNotInit)314 TEST(AesCtrHmacStreamSegmentDecrypterTest, DecryptNotInit) {
315 if (IsFipsModeEnabled()) {
316 GTEST_SKIP() << "Not supported in FIPS-only mode";
317 }
318 AesCtrHmacStreaming::Params params = ValidParams();
319 std::string associated_data = "associated data";
320
321 auto enc_result =
322 AesCtrHmacStreamSegmentEncrypter::New(params, associated_data);
323 ASSERT_THAT(enc_result, IsOk());
324 auto enc = std::move(enc_result.value());
325 auto dec_result =
326 AesCtrHmacStreamSegmentDecrypter::New(params, associated_data);
327 ASSERT_THAT(dec_result, IsOk());
328 auto dec = std::move(dec_result.value());
329
330 std::vector<uint8_t> ct(dec->get_ciphertext_segment_size(), 'c');
331 std::vector<uint8_t> pt;
332 ASSERT_THAT(dec->DecryptSegment(ct, 0, true, &pt),
333 StatusIs(absl::StatusCode::kFailedPrecondition,
334 HasSubstr("not initialized")));
335 }
336
TEST(AesCtrHmacStreamSegmentDecrypterTest,DecryptLongCiphertext)337 TEST(AesCtrHmacStreamSegmentDecrypterTest, DecryptLongCiphertext) {
338 if (IsFipsModeEnabled()) {
339 GTEST_SKIP() << "Not supported in FIPS-only mode";
340 }
341 AesCtrHmacStreaming::Params params = ValidParams();
342 std::string associated_data = "associated data";
343
344 auto enc_result =
345 AesCtrHmacStreamSegmentEncrypter::New(params, associated_data);
346 ASSERT_THAT(enc_result, IsOk());
347 auto enc = std::move(enc_result.value());
348 auto dec_result =
349 AesCtrHmacStreamSegmentDecrypter::New(params, associated_data);
350 ASSERT_THAT(dec_result, IsOk());
351 auto dec = std::move(dec_result.value());
352 ASSERT_THAT(dec->Init(enc->get_header()), IsOk());
353
354 std::vector<uint8_t> ct(dec->get_ciphertext_segment_size() + 1, 'c');
355 std::vector<uint8_t> pt;
356 ASSERT_THAT(dec->DecryptSegment(ct, 0, true, &pt),
357 StatusIs(absl::StatusCode::kInvalidArgument,
358 HasSubstr("ciphertext too long")));
359 }
360
TEST(AesCtrHmacStreamSegmentDecrypterTest,DecryptNullPtBuffer)361 TEST(AesCtrHmacStreamSegmentDecrypterTest, DecryptNullPtBuffer) {
362 if (IsFipsModeEnabled()) {
363 GTEST_SKIP() << "Not supported in FIPS-only mode";
364 }
365 AesCtrHmacStreaming::Params params = ValidParams();
366 std::string associated_data = "associated data";
367
368 auto enc_result =
369 AesCtrHmacStreamSegmentEncrypter::New(params, associated_data);
370 ASSERT_THAT(enc_result, IsOk());
371 auto enc = std::move(enc_result.value());
372 auto dec_result =
373 AesCtrHmacStreamSegmentDecrypter::New(params, associated_data);
374 ASSERT_THAT(dec_result, IsOk());
375 auto dec = std::move(dec_result.value());
376 ASSERT_THAT(dec->Init(enc->get_header()), IsOk());
377
378 std::vector<uint8_t> ct(dec->get_ciphertext_segment_size(), 'c');
379 ASSERT_THAT(dec->DecryptSegment(ct, 0, true, nullptr),
380 StatusIs(absl::StatusCode::kInvalidArgument,
381 HasSubstr("must be non-null")));
382 }
383
TEST(AesCtrHmacStreamingTest,Basic)384 TEST(AesCtrHmacStreamingTest, Basic) {
385 if (IsFipsModeEnabled()) {
386 GTEST_SKIP() << "Not supported in FIPS-only mode";
387 }
388 for (int ikm_size : {16, 32}) {
389 for (HashType hkdf_algo : {SHA1, SHA256, SHA512}) {
390 for (int key_size : {16, 32}) {
391 if (ikm_size < key_size) continue;
392 for (int ciphertext_segment_size : {80, 128, 200}) {
393 for (int ciphertext_offset : {0, 5, 10}) {
394 for (HashType tag_algo : {SHA1, SHA256, SHA512}) {
395 for (int tag_size : {10, 16, 20}) {
396 for (int plaintext_size : {0, 10, 100, 1000}) {
397 SCOPED_TRACE(absl::StrCat(
398 "ikm_size = ", ikm_size, ", hkdf_algo = ",
399 EnumToString(hkdf_algo), ", key_size = ", key_size,
400 ", ciphertext_segment_size = ", ciphertext_segment_size,
401 ", ciphertext_offset = ", ciphertext_offset,
402 ", tag_algo = ", EnumToString(tag_algo), ", tag_size = ",
403 tag_size, ", plaintext_size = ", plaintext_size));
404
405 // Create AesCtrHmacStreaming.
406 AesCtrHmacStreaming::Params params;
407 params.ikm = Random::GetRandomKeyBytes(ikm_size);
408 params.hkdf_algo = hkdf_algo;
409 params.key_size = key_size;
410 params.ciphertext_segment_size = ciphertext_segment_size;
411 params.ciphertext_offset = ciphertext_offset;
412 params.tag_algo = tag_algo;
413 params.tag_size = tag_size;
414 auto result = AesCtrHmacStreaming::New(params);
415 ASSERT_THAT(result, IsOk());
416 auto streaming_aead = std::move(result.value());
417
418 std::string plaintext(plaintext_size, 'p');
419 std::string associated_data = "associated data";
420
421 EXPECT_THAT(
422 EncryptThenDecrypt(streaming_aead.get(),
423 streaming_aead.get(), plaintext,
424 associated_data, ciphertext_offset),
425 IsOk());
426 }
427 }
428 }
429 }
430 }
431 }
432 }
433 }
434 }
435
TEST(ValidateTest,ValidParams)436 TEST(ValidateTest, ValidParams) {
437 if (IsFipsModeEnabled()) {
438 GTEST_SKIP() << "Not supported in FIPS-only mode";
439 }
440 AesCtrHmacStreaming::Params params = ValidParams();
441 ASSERT_THAT(AesCtrHmacStreaming::New(params), IsOk());
442 }
443
TEST(ValidateTest,WrongIkm)444 TEST(ValidateTest, WrongIkm) {
445 if (IsFipsModeEnabled()) {
446 GTEST_SKIP() << "Not supported in FIPS-only mode";
447 }
448 AesCtrHmacStreaming::Params params = ValidParams();
449 params.ikm = Random::GetRandomKeyBytes(16);
450 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
451 StatusIs(absl::StatusCode::kInvalidArgument,
452 HasSubstr("key material too small")));
453 }
454
TEST(ValidateTest,WrongHkdfAlgo)455 TEST(ValidateTest, WrongHkdfAlgo) {
456 if (IsFipsModeEnabled()) {
457 GTEST_SKIP() << "Not supported in FIPS-only mode";
458 }
459 AesCtrHmacStreaming::Params params = ValidParams();
460 params.hkdf_algo = SHA384;
461 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
462 StatusIs(absl::StatusCode::kInvalidArgument,
463 HasSubstr("unsupported hkdf_algo")));
464 }
465
TEST(ValidateTest,WrongKeySize)466 TEST(ValidateTest, WrongKeySize) {
467 if (IsFipsModeEnabled()) {
468 GTEST_SKIP() << "Not supported in FIPS-only mode";
469 }
470 AesCtrHmacStreaming::Params params = ValidParams();
471 params.ikm = Random::GetRandomKeyBytes(64);
472 params.key_size = 64;
473 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
474 StatusIs(absl::StatusCode::kInvalidArgument,
475 HasSubstr("key_size must be")));
476 }
477
TEST(ValidateTest,WrongCtSegmentSize)478 TEST(ValidateTest, WrongCtSegmentSize) {
479 if (IsFipsModeEnabled()) {
480 GTEST_SKIP() << "Not supported in FIPS-only mode";
481 }
482 AesCtrHmacStreaming::Params params = ValidParams();
483 params.ciphertext_segment_size = 10;
484 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
485 StatusIs(absl::StatusCode::kInvalidArgument,
486 HasSubstr("ciphertext_segment_size too small")));
487
488 params.ciphertext_segment_size = 1 + 32 + 7 + 16;
489 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
490 StatusIs(absl::StatusCode::kInvalidArgument,
491 HasSubstr("ciphertext_segment_size too small")));
492 }
493
TEST(ValidateTest,WrongCtOffset)494 TEST(ValidateTest, WrongCtOffset) {
495 if (IsFipsModeEnabled()) {
496 GTEST_SKIP() << "Not supported in FIPS-only mode";
497 }
498 AesCtrHmacStreaming::Params params = ValidParams();
499 params.ciphertext_offset = -10;
500 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
501 StatusIs(absl::StatusCode::kInvalidArgument,
502 HasSubstr("ciphertext_offset must be")));
503 }
504
TEST(ValidateTest,WrongTagSize)505 TEST(ValidateTest, WrongTagSize) {
506 if (IsFipsModeEnabled()) {
507 GTEST_SKIP() << "Not supported in FIPS-only mode";
508 }
509 AesCtrHmacStreaming::Params params = ValidParams();
510 params.tag_size = 5;
511 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
512 StatusIs(absl::StatusCode::kInvalidArgument,
513 HasSubstr("tag_size too small")));
514
515 params.tag_algo = SHA1;
516 params.tag_size = 21;
517 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
518 StatusIs(absl::StatusCode::kInvalidArgument,
519 HasSubstr("tag_size too big")));
520
521 params.tag_algo = SHA256;
522 params.tag_size = 33;
523 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
524 StatusIs(absl::StatusCode::kInvalidArgument,
525 HasSubstr("tag_size too big")));
526
527 params.tag_algo = SHA512;
528 params.tag_size = 65;
529 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
530 StatusIs(absl::StatusCode::kInvalidArgument,
531 HasSubstr("tag_size too big")));
532 }
533
TEST(ValidateTest,WrongTagAlgo)534 TEST(ValidateTest, WrongTagAlgo) {
535 if (IsFipsModeEnabled()) {
536 GTEST_SKIP() << "Not supported in FIPS-only mode";
537 }
538 AesCtrHmacStreaming::Params params = ValidParams();
539 params.tag_algo = SHA384;
540 ASSERT_THAT(AesCtrHmacStreaming::New(params).status(),
541 StatusIs(absl::StatusCode::kInvalidArgument,
542 HasSubstr("unsupported tag_algo")));
543 }
544
545 // FIPS only mode tests
TEST(AesCtrHmacStreamingTest,TestFipsOnly)546 TEST(AesCtrHmacStreamingTest, TestFipsOnly) {
547 if (!IsFipsModeEnabled()) {
548 GTEST_SKIP() << "Only supported in FIPS-only mode";
549 }
550 AesCtrHmacStreaming::Params params = ValidParams();
551
552 EXPECT_THAT(AesCtrHmacStreaming::New(std::move(params)).status(),
553 StatusIs(absl::StatusCode::kInternal));
554 }
555
556 } // namespace
557 } // namespace subtle
558 } // namespace tink
559 } // namespace crypto
560