xref: /aosp_15_r20/external/tink/go/hybrid/hybrid_key_templates_test.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2019 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package hybrid_test
18
19import (
20	"bytes"
21	"testing"
22
23	"github.com/google/tink/go/hybrid"
24	"github.com/google/tink/go/keyset"
25	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
26)
27
28func TestKeyTemplates(t *testing.T) {
29	var testCases = []struct {
30		name     string
31		template *tinkpb.KeyTemplate
32	}{
33		{name: "ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM",
34			template: hybrid.ECIESHKDFAES128GCMKeyTemplate()},
35		{name: "ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256",
36			template: hybrid.ECIESHKDFAES128CTRHMACSHA256KeyTemplate()},
37		{name: "DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM",
38			template: hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template()},
39		{name: "DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW",
40			template: hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Raw_Key_Template()},
41		{name: "DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM",
42			template: hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Key_Template()},
43		{name: "DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW",
44			template: hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Raw_Key_Template()},
45		{name: "DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305",
46			template: hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Key_Template()},
47		{name: "DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW",
48			template: hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Raw_Key_Template()},
49	}
50	for _, tc := range testCases {
51		t.Run(tc.name, func(t *testing.T) {
52			privateHandle, err := keyset.NewHandle(tc.template)
53			if err != nil {
54				t.Fatalf("keyset.NewHandle(tc.template) failed: %s", err)
55			}
56			publicHandle, err := privateHandle.Public()
57			if err != nil {
58				t.Fatalf("privateHandle.Public() failed: %s", err)
59			}
60			enc, err := hybrid.NewHybridEncrypt(publicHandle)
61			if err != nil {
62				t.Fatalf("NewHybridEncrypt(publicHandle) err = %v, want nil", err)
63			}
64			dec, err := hybrid.NewHybridDecrypt(privateHandle)
65			if err != nil {
66				t.Fatalf("NewHybridDecrypt(privateHandle) err = %v, want nil", err)
67			}
68			var testInputs = []struct {
69				plaintext []byte
70				context1  []byte
71				context2  []byte
72			}{
73				{
74					plaintext: []byte("this data needs to be encrypted"),
75					context1:  []byte("encryption context"),
76					context2:  []byte("encryption context"),
77				}, {
78					plaintext: []byte("this data needs to be encrypted"),
79					context1:  []byte(""),
80					context2:  []byte(""),
81				}, {
82					plaintext: []byte("this data needs to be encrypted"),
83					context1:  nil,
84					context2:  nil,
85				}, {
86					plaintext: []byte(""),
87					context1:  nil,
88					context2:  nil,
89				}, {
90					plaintext: nil,
91					context1:  []byte("encryption context"),
92					context2:  []byte("encryption context"),
93				}, {
94					plaintext: nil,
95					context1:  []byte(""),
96					context2:  []byte(""),
97				}, {
98					plaintext: nil,
99					context1:  nil,
100					context2:  nil,
101				}, {
102					plaintext: []byte("this data needs to be encrypted"),
103					context1:  []byte(""),
104					context2:  nil,
105				}, {
106					plaintext: []byte("this data needs to be encrypted"),
107					context1:  nil,
108					context2:  []byte(""),
109				},
110			}
111			for _, ti := range testInputs {
112				ciphertext, err := enc.Encrypt(ti.plaintext, ti.context1)
113				if err != nil {
114					t.Fatalf("enc.Encrypt(ti.plaintext, ti.context1) err = %v, want nil", err)
115				}
116				decrypted, err := dec.Decrypt(ciphertext, ti.context2)
117				if err != nil {
118					t.Fatalf("dec.Decrypt(ciphertext, ti.context2) err = %v, want nil", err)
119				}
120				if !bytes.Equal(ti.plaintext, decrypted) {
121					t.Errorf("decrypted data doesn't match plaintext, got: %q, want: %q", decrypted, ti.plaintext)
122				}
123			}
124		})
125	}
126}
127