java_src/src/test/java/com/google/crypto/tink/aead/AesGcmSivKeyManagerTest.java - third_party/tink - Git at Google

 // Copyright 2017 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package com.google.crypto.tink.aead;

 import static com.google.common.truth.Truth.assertThat;
 import static com.google.crypto.tink.testing.KeyTypeManagerTestUtil.testKeyTemplateCompatible;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThrows;

 import com.google.crypto.tink.Aead;
 import com.google.crypto.tink.KeyTemplate;
 import com.google.crypto.tink.aead.subtle.AesGcmSiv;
 import com.google.crypto.tink.internal.KeyTypeManager;
 import com.google.crypto.tink.proto.AesGcmSivKey;
 import com.google.crypto.tink.proto.AesGcmSivKeyFormat;
 import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
 import com.google.crypto.tink.subtle.Random;
 import com.google.crypto.tink.testing.TestUtil;
 import com.google.protobuf.ByteString;
 import com.google.protobuf.ExtensionRegistryLite;
 import java.io.ByteArrayInputStream;
 import java.security.GeneralSecurityException;
 import java.security.Security;
 import java.util.Set;
 import java.util.TreeSet;
 import org.conscrypt.Conscrypt;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

 /** Test for AesGcmJce and its key manager. */
 @RunWith(JUnit4.class)
 public class AesGcmSivKeyManagerTest {
   private final AesGcmSivKeyManager manager = new AesGcmSivKeyManager();
   private final KeyTypeManager.KeyFactory<AesGcmSivKeyFormat, AesGcmSivKey> factory =
       manager.keyFactory();

   @Before
   public void setUpConscrypt() throws Exception {
     try {
       Conscrypt.checkAvailability();
       Security.addProvider(Conscrypt.newProvider());
     } catch (Throwable cause) {
       throw new IllegalStateException(
           "Cannot test AesGcmSivKeyManager without Conscrypt Provider", cause);
     }
   }

   @Test
   public void basics() throws Exception {
     assertThat(manager.getKeyType())
         .isEqualTo("type.googleapis.com/google.crypto.tink.AesGcmSivKey");
     assertThat(manager.getVersion()).isEqualTo(0);
     assertThat(manager.keyMaterialType()).isEqualTo(KeyMaterialType.SYMMETRIC);
   }

   @Test
   public void validateKeyFormat_empty() throws Exception {
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.validateKeyFormat(AesGcmSivKeyFormat.getDefaultInstance()));
   }

   @Test
   public void validateKeyFormat_valid() throws Exception {
     factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(16).build());
     factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(32).build());
   }

   @Test
   public void validateKeyFormat_invalid() throws Exception {
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(1).build()));
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(15).build()));
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(17).build()));
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(31).build()));
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(33).build()));
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(64).build()));
   }

   @Test
   public void createKey_16Bytes() throws Exception {
     AesGcmSivKey key = factory.createKey(AesGcmSivKeyFormat.newBuilder().setKeySize(16).build());
     assertThat(key.getKeyValue()).hasSize(16);
   }

   @Test
   public void createKey_32Bytes() throws Exception {
     AesGcmSivKey key = factory.createKey(AesGcmSivKeyFormat.newBuilder().setKeySize(32).build());
     assertThat(key.getKeyValue()).hasSize(32);
   }

   @Test
   public void createKey_multipleTimes() throws Exception {
     AesGcmSivKeyFormat format = AesGcmSivKeyFormat.newBuilder().setKeySize(16).build();
     Set<String> keys = new TreeSet<>();
     // Calls newKey multiple times and make sure that they generate different keys.
     int numTests = 50;
     for (int i = 0; i < numTests; i++) {
       keys.add(TestUtil.hexEncode(factory.createKey(format).getKeyValue().toByteArray()));
     }
     assertThat(keys).hasSize(numTests);
   }

   @Test
   public void getPrimitive() throws Exception {
     AesGcmSivKey key = factory.createKey(AesGcmSivKeyFormat.newBuilder().setKeySize(16).build());
     Aead managerAead = manager.getPrimitive(key, Aead.class);
     Aead directAead = new AesGcmSiv(key.getKeyValue().toByteArray());

     byte[] plaintext = Random.randBytes(20);
     byte[] associatedData = Random.randBytes(20);
     assertThat(directAead.decrypt(managerAead.encrypt(plaintext, associatedData), associatedData))
         .isEqualTo(plaintext);
   }

   @Test
   public void testCiphertextSize() throws Exception {
     AesGcmSivKey key = factory.createKey(AesGcmSivKeyFormat.newBuilder().setKeySize(32).build());
     Aead aead = new AesGcmSivKeyManager().getPrimitive(key, Aead.class);
     byte[] plaintext = "plaintext".getBytes(UTF_8);
     byte[] associatedData = "associatedData".getBytes(UTF_8);
     byte[] ciphertext = aead.encrypt(plaintext, associatedData);
     assertThat(ciphertext.length)
         .isEqualTo(12 /* IV_SIZE */ + plaintext.length + 16 /* TAG_SIZE */);
   }

   @Test
   public void testDeriveKey_size32() throws Exception {
     final int keySize = 32;

     byte[] keyMaterial = Random.randBytes(100);
     AesGcmSivKey key =
         factory.deriveKey(
             AesGcmSivKeyFormat.newBuilder().setVersion(0).setKeySize(keySize).build(),
             new ByteArrayInputStream(keyMaterial));
     assertThat(key.getKeyValue()).hasSize(keySize);
     for (int i = 0; i < keySize; ++i) {
       assertThat(key.getKeyValue().byteAt(i)).isEqualTo(keyMaterial[i]);
     }
   }

   @Test
   public void testDeriveKey_size16() throws Exception {
     final int keySize = 16;

     byte[] keyMaterial = Random.randBytes(100);
     AesGcmSivKey key =
         factory.deriveKey(
             AesGcmSivKeyFormat.newBuilder().setVersion(0).setKeySize(keySize).build(),
             new ByteArrayInputStream(keyMaterial));
     assertThat(key.getKeyValue()).hasSize(keySize);
     for (int i = 0; i < keySize; ++i) {
       assertThat(key.getKeyValue().byteAt(i)).isEqualTo(keyMaterial[i]);
     }
   }

   @Test
   public void testDeriveKey_notEnoughKeyMaterial_throws() throws Exception {
     byte[] keyMaterial = Random.randBytes(31);
     AesGcmSivKeyFormat format =
         AesGcmSivKeyFormat.newBuilder().setVersion(0).setKeySize(32).build();
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.deriveKey(format, new ByteArrayInputStream(keyMaterial)));
   }

   @Test
   public void testDeriveKey_badVersion_throws() throws Exception {
     final int keySize = 32;

     byte[] keyMaterial = Random.randBytes(100);
     AesGcmSivKeyFormat format =
         AesGcmSivKeyFormat.newBuilder().setVersion(1).setKeySize(keySize).build();
     assertThrows(
         GeneralSecurityException.class,
         () -> factory.deriveKey(format, new ByteArrayInputStream(keyMaterial)));
   }

   @Test
   public void testDeriveKey_justEnoughKeyMaterial() throws Exception {
     final int keySize = 32;

     byte[] keyMaterial = Random.randBytes(32);
     AesGcmSivKey key =
         factory.deriveKey(
             AesGcmSivKeyFormat.newBuilder().setVersion(0).setKeySize(keySize).build(),
             new ByteArrayInputStream(keyMaterial));
     assertThat(key.getKeyValue()).hasSize(keySize);
     for (int i = 0; i < keySize; ++i) {
       assertThat(key.getKeyValue().byteAt(i)).isEqualTo(keyMaterial[i]);
     }
   }

   @Test
   public void testAes128GcmSivTemplate() throws Exception {
     KeyTemplate template = AesGcmSivKeyManager.aes128GcmSivTemplate();
     assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
     assertEquals(KeyTemplate.OutputPrefixType.TINK, template.getOutputPrefixType());
     AesGcmSivKeyFormat format =
         AesGcmSivKeyFormat.parseFrom(
             ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
     assertEquals(16, format.getKeySize());
   }

   @Test
   public void testRawAes128GcmSivTemplate() throws Exception {
     KeyTemplate template = AesGcmSivKeyManager.rawAes128GcmSivTemplate();
     assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
     assertEquals(KeyTemplate.OutputPrefixType.RAW, template.getOutputPrefixType());
     AesGcmSivKeyFormat format =
         AesGcmSivKeyFormat.parseFrom(
             ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
     assertEquals(16, format.getKeySize());
   }

   @Test
   public void testAes256GcmSivTemplate() throws Exception {
     KeyTemplate template = AesGcmSivKeyManager.aes256GcmSivTemplate();
     assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
     assertEquals(KeyTemplate.OutputPrefixType.TINK, template.getOutputPrefixType());
     AesGcmSivKeyFormat format =
         AesGcmSivKeyFormat.parseFrom(
             ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
     assertEquals(32, format.getKeySize());
   }

   @Test
   public void testRawAes256GcmSivTemplate() throws Exception {
     KeyTemplate template = AesGcmSivKeyManager.rawAes256GcmSivTemplate();
     assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
     assertEquals(KeyTemplate.OutputPrefixType.RAW, template.getOutputPrefixType());
     AesGcmSivKeyFormat format =
         AesGcmSivKeyFormat.parseFrom(
             ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
     assertEquals(32, format.getKeySize());
   }

   @Test
   public void testKeyTemplateAndManagerCompatibility() throws Exception {
     AesGcmSivKeyManager manager = new AesGcmSivKeyManager();

     testKeyTemplateCompatible(manager, AesGcmSivKeyManager.aes128GcmSivTemplate());
     testKeyTemplateCompatible(manager, AesGcmSivKeyManager.rawAes128GcmSivTemplate());
     testKeyTemplateCompatible(manager, AesGcmSivKeyManager.aes256GcmSivTemplate());
     testKeyTemplateCompatible(manager, AesGcmSivKeyManager.rawAes256GcmSivTemplate());
   }

   @Test
   public void testKeyFormats() throws Exception {
     factory.validateKeyFormat(factory.keyFormats().get("AES128_GCM_SIV").keyFormat);
     factory.validateKeyFormat(factory.keyFormats().get("AES128_GCM_SIV_RAW").keyFormat);

     factory.validateKeyFormat(factory.keyFormats().get("AES256_GCM_SIV").keyFormat);
     factory.validateKeyFormat(factory.keyFormats().get("AES256_GCM_SIV_RAW").keyFormat);
   }
 }
	// Copyright 2017 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package com.google.crypto.tink.aead;

	import static com.google.common.truth.Truth.assertThat;
	import static com.google.crypto.tink.testing.KeyTypeManagerTestUtil.testKeyTemplateCompatible;
	import static java.nio.charset.StandardCharsets.UTF_8;
	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertThrows;

	import com.google.crypto.tink.Aead;
	import com.google.crypto.tink.KeyTemplate;
	import com.google.crypto.tink.aead.subtle.AesGcmSiv;
	import com.google.crypto.tink.internal.KeyTypeManager;
	import com.google.crypto.tink.proto.AesGcmSivKey;
	import com.google.crypto.tink.proto.AesGcmSivKeyFormat;
	import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
	import com.google.crypto.tink.subtle.Random;
	import com.google.crypto.tink.testing.TestUtil;
	import com.google.protobuf.ByteString;
	import com.google.protobuf.ExtensionRegistryLite;
	import java.io.ByteArrayInputStream;
	import java.security.GeneralSecurityException;
	import java.security.Security;
	import java.util.Set;
	import java.util.TreeSet;
	import org.conscrypt.Conscrypt;
	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.junit.runners.JUnit4;

	/** Test for AesGcmJce and its key manager. */
	@RunWith(JUnit4.class)
	public class AesGcmSivKeyManagerTest {
	private final AesGcmSivKeyManager manager = new AesGcmSivKeyManager();
	private final KeyTypeManager.KeyFactory<AesGcmSivKeyFormat, AesGcmSivKey> factory =
	manager.keyFactory();

	@Before
	public void setUpConscrypt() throws Exception {
	try {
	Conscrypt.checkAvailability();
	Security.addProvider(Conscrypt.newProvider());
	} catch (Throwable cause) {
	throw new IllegalStateException(
	"Cannot test AesGcmSivKeyManager without Conscrypt Provider", cause);
	}
	}

	@Test
	public void basics() throws Exception {
	assertThat(manager.getKeyType())
	.isEqualTo("type.googleapis.com/google.crypto.tink.AesGcmSivKey");
	assertThat(manager.getVersion()).isEqualTo(0);
	assertThat(manager.keyMaterialType()).isEqualTo(KeyMaterialType.SYMMETRIC);
	}

	@Test
	public void validateKeyFormat_empty() throws Exception {
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.validateKeyFormat(AesGcmSivKeyFormat.getDefaultInstance()));
	}

	@Test
	public void validateKeyFormat_valid() throws Exception {
	factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(16).build());
	factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(32).build());
	}

	@Test
	public void validateKeyFormat_invalid() throws Exception {
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(1).build()));
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(15).build()));
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(17).build()));
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(31).build()));
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(33).build()));
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.validateKeyFormat(AesGcmSivKeyFormat.newBuilder().setKeySize(64).build()));
	}

	@Test
	public void createKey_16Bytes() throws Exception {
	AesGcmSivKey key = factory.createKey(AesGcmSivKeyFormat.newBuilder().setKeySize(16).build());
	assertThat(key.getKeyValue()).hasSize(16);
	}

	@Test
	public void createKey_32Bytes() throws Exception {
	AesGcmSivKey key = factory.createKey(AesGcmSivKeyFormat.newBuilder().setKeySize(32).build());
	assertThat(key.getKeyValue()).hasSize(32);
	}

	@Test
	public void createKey_multipleTimes() throws Exception {
	AesGcmSivKeyFormat format = AesGcmSivKeyFormat.newBuilder().setKeySize(16).build();
	Set<String> keys = new TreeSet<>();
	// Calls newKey multiple times and make sure that they generate different keys.
	int numTests = 50;
	for (int i = 0; i < numTests; i++) {
	keys.add(TestUtil.hexEncode(factory.createKey(format).getKeyValue().toByteArray()));
	}
	assertThat(keys).hasSize(numTests);
	}

	@Test
	public void getPrimitive() throws Exception {
	AesGcmSivKey key = factory.createKey(AesGcmSivKeyFormat.newBuilder().setKeySize(16).build());
	Aead managerAead = manager.getPrimitive(key, Aead.class);
	Aead directAead = new AesGcmSiv(key.getKeyValue().toByteArray());

	byte[] plaintext = Random.randBytes(20);
	byte[] associatedData = Random.randBytes(20);
	assertThat(directAead.decrypt(managerAead.encrypt(plaintext, associatedData), associatedData))
	.isEqualTo(plaintext);
	}

	@Test
	public void testCiphertextSize() throws Exception {
	AesGcmSivKey key = factory.createKey(AesGcmSivKeyFormat.newBuilder().setKeySize(32).build());
	Aead aead = new AesGcmSivKeyManager().getPrimitive(key, Aead.class);
	byte[] plaintext = "plaintext".getBytes(UTF_8);
	byte[] associatedData = "associatedData".getBytes(UTF_8);
	byte[] ciphertext = aead.encrypt(plaintext, associatedData);
	assertThat(ciphertext.length)
	.isEqualTo(12 /* IV_SIZE / + plaintext.length + 16 / TAG_SIZE */);
	}

	@Test
	public void testDeriveKey_size32() throws Exception {
	final int keySize = 32;

	byte[] keyMaterial = Random.randBytes(100);
	AesGcmSivKey key =
	factory.deriveKey(
	AesGcmSivKeyFormat.newBuilder().setVersion(0).setKeySize(keySize).build(),
	new ByteArrayInputStream(keyMaterial));
	assertThat(key.getKeyValue()).hasSize(keySize);
	for (int i = 0; i < keySize; ++i) {
	assertThat(key.getKeyValue().byteAt(i)).isEqualTo(keyMaterial[i]);
	}
	}

	@Test
	public void testDeriveKey_size16() throws Exception {
	final int keySize = 16;

	byte[] keyMaterial = Random.randBytes(100);
	AesGcmSivKey key =
	factory.deriveKey(
	AesGcmSivKeyFormat.newBuilder().setVersion(0).setKeySize(keySize).build(),
	new ByteArrayInputStream(keyMaterial));
	assertThat(key.getKeyValue()).hasSize(keySize);
	for (int i = 0; i < keySize; ++i) {
	assertThat(key.getKeyValue().byteAt(i)).isEqualTo(keyMaterial[i]);
	}
	}

	@Test
	public void testDeriveKey_notEnoughKeyMaterial_throws() throws Exception {
	byte[] keyMaterial = Random.randBytes(31);
	AesGcmSivKeyFormat format =
	AesGcmSivKeyFormat.newBuilder().setVersion(0).setKeySize(32).build();
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.deriveKey(format, new ByteArrayInputStream(keyMaterial)));
	}

	@Test
	public void testDeriveKey_badVersion_throws() throws Exception {
	final int keySize = 32;

	byte[] keyMaterial = Random.randBytes(100);
	AesGcmSivKeyFormat format =
	AesGcmSivKeyFormat.newBuilder().setVersion(1).setKeySize(keySize).build();
	assertThrows(
	GeneralSecurityException.class,
	() -> factory.deriveKey(format, new ByteArrayInputStream(keyMaterial)));
	}

	@Test
	public void testDeriveKey_justEnoughKeyMaterial() throws Exception {
	final int keySize = 32;

	byte[] keyMaterial = Random.randBytes(32);
	AesGcmSivKey key =
	factory.deriveKey(
	AesGcmSivKeyFormat.newBuilder().setVersion(0).setKeySize(keySize).build(),
	new ByteArrayInputStream(keyMaterial));
	assertThat(key.getKeyValue()).hasSize(keySize);
	for (int i = 0; i < keySize; ++i) {
	assertThat(key.getKeyValue().byteAt(i)).isEqualTo(keyMaterial[i]);
	}
	}

	@Test
	public void testAes128GcmSivTemplate() throws Exception {
	KeyTemplate template = AesGcmSivKeyManager.aes128GcmSivTemplate();
	assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
	assertEquals(KeyTemplate.OutputPrefixType.TINK, template.getOutputPrefixType());
	AesGcmSivKeyFormat format =
	AesGcmSivKeyFormat.parseFrom(
	ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
	assertEquals(16, format.getKeySize());
	}

	@Test
	public void testRawAes128GcmSivTemplate() throws Exception {
	KeyTemplate template = AesGcmSivKeyManager.rawAes128GcmSivTemplate();
	assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
	assertEquals(KeyTemplate.OutputPrefixType.RAW, template.getOutputPrefixType());
	AesGcmSivKeyFormat format =
	AesGcmSivKeyFormat.parseFrom(
	ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
	assertEquals(16, format.getKeySize());
	}

	@Test
	public void testAes256GcmSivTemplate() throws Exception {
	KeyTemplate template = AesGcmSivKeyManager.aes256GcmSivTemplate();
	assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
	assertEquals(KeyTemplate.OutputPrefixType.TINK, template.getOutputPrefixType());
	AesGcmSivKeyFormat format =
	AesGcmSivKeyFormat.parseFrom(
	ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
	assertEquals(32, format.getKeySize());
	}

	@Test
	public void testRawAes256GcmSivTemplate() throws Exception {
	KeyTemplate template = AesGcmSivKeyManager.rawAes256GcmSivTemplate();
	assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
	assertEquals(KeyTemplate.OutputPrefixType.RAW, template.getOutputPrefixType());
	AesGcmSivKeyFormat format =
	AesGcmSivKeyFormat.parseFrom(
	ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
	assertEquals(32, format.getKeySize());
	}

	@Test
	public void testKeyTemplateAndManagerCompatibility() throws Exception {
	AesGcmSivKeyManager manager = new AesGcmSivKeyManager();

	testKeyTemplateCompatible(manager, AesGcmSivKeyManager.aes128GcmSivTemplate());
	testKeyTemplateCompatible(manager, AesGcmSivKeyManager.rawAes128GcmSivTemplate());
	testKeyTemplateCompatible(manager, AesGcmSivKeyManager.aes256GcmSivTemplate());
	testKeyTemplateCompatible(manager, AesGcmSivKeyManager.rawAes256GcmSivTemplate());
	}

	@Test
	public void testKeyFormats() throws Exception {
	factory.validateKeyFormat(factory.keyFormats().get("AES128_GCM_SIV").keyFormat);
	factory.validateKeyFormat(factory.keyFormats().get("AES128_GCM_SIV_RAW").keyFormat);

	factory.validateKeyFormat(factory.keyFormats().get("AES256_GCM_SIV").keyFormat);
	factory.validateKeyFormat(factory.keyFormats().get("AES256_GCM_SIV_RAW").keyFormat);
	}
	}