xref: /aosp_15_r20/external/tink/go/daead/daead_key_templates_test.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2019 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package daead_test
18
19import (
20	"bytes"
21	"fmt"
22	"testing"
23
24	"github.com/google/tink/go/daead"
25	"github.com/google/tink/go/keyset"
26
27	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
28)
29
30func TestKeyTemplates(t *testing.T) {
31	var testCases = []struct {
32		name     string
33		template *tinkpb.KeyTemplate
34	}{
35		{name: "AES256_SIV",
36			template: daead.AESSIVKeyTemplate()},
37	}
38	for _, tc := range testCases {
39		t.Run(tc.name, func(t *testing.T) {
40			if err := testEncryptDecrypt(tc.template); err != nil {
41				t.Errorf("%v", err)
42			}
43		})
44	}
45}
46
47func testEncryptDecrypt(template *tinkpb.KeyTemplate) error {
48	handle, err := keyset.NewHandle(template)
49	if err != nil {
50		return fmt.Errorf("keyset.NewHandle(template) failed: %v", err)
51	}
52
53	primitive, err := daead.New(handle)
54	if err != nil {
55		return fmt.Errorf("daead.New(handle) failed: %v", err)
56	}
57
58	var testInputs = []struct {
59		plaintext []byte
60		aad1      []byte
61		aad2      []byte
62	}{
63		{
64			plaintext: []byte("some data to encrypt"),
65			aad1:      []byte("extra data to authenticate"),
66			aad2:      []byte("extra data to authenticate"),
67		}, {
68			plaintext: []byte("some data to encrypt"),
69			aad1:      []byte(""),
70			aad2:      []byte(""),
71		}, {
72			plaintext: []byte("some data to encrypt"),
73			aad1:      nil,
74			aad2:      nil,
75		}, {
76			plaintext: []byte(""),
77			aad1:      nil,
78			aad2:      nil,
79		}, {
80			plaintext: nil,
81			aad1:      []byte("extra data to authenticate"),
82			aad2:      []byte("extra data to authenticate"),
83		}, {
84			plaintext: nil,
85			aad1:      []byte(""),
86			aad2:      []byte(""),
87		}, {
88			plaintext: nil,
89			aad1:      nil,
90			aad2:      nil,
91		}, {
92			plaintext: []byte("some data to encrypt"),
93			aad1:      []byte(""),
94			aad2:      nil,
95		}, {
96			plaintext: []byte("some data to encrypt"),
97			aad1:      nil,
98			aad2:      []byte(""),
99		},
100	}
101	for _, ti := range testInputs {
102		ciphertext, err := primitive.EncryptDeterministically(ti.plaintext, ti.aad1)
103		if err != nil {
104			return fmt.Errorf("encryption failed, error: %v", err)
105		}
106		decrypted, err := primitive.DecryptDeterministically(ciphertext, ti.aad2)
107		if err != nil {
108			return fmt.Errorf("decryption failed, error: %v", err)
109		}
110
111		if !bytes.Equal(ti.plaintext, decrypted) {
112			return fmt.Errorf("decrypted data doesn't match plaintext, got: %q, want: %q", decrypted, ti.plaintext)
113		}
114	}
115	return nil
116}
117