java_src/src/test/java/com/google/crypto/tink/aead/KmsEnvelopeAeadTest.java - third_party/tink - Git at Google

 // Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package com.google.crypto.tink.aead;


 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertThrows;

 import com.google.crypto.tink.Aead;
 import com.google.crypto.tink.KeyTemplates;
 import com.google.crypto.tink.KeysetHandle;
 import com.google.crypto.tink.internal.KeyTemplateProtoConverter;
 import java.security.GeneralSecurityException;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

 /** Tests for {@link KmsEnvelopeAead} */
 @RunWith(JUnit4.class)
 public final class KmsEnvelopeAeadTest {
   private static final byte[] EMPTY_ADD = new byte[0];

   @Before
   public void setUp() throws GeneralSecurityException {
     AeadConfig.register();
   }

   private Aead generateNewRemoteAead() throws GeneralSecurityException {
     KeysetHandle keysetHandle = KeysetHandle.generateNew(KeyTemplates.get("AES128_EAX"));
     return keysetHandle.getPrimitive(Aead.class);
   }


   @Test
   public void encryptDecrypt_works() throws GeneralSecurityException {
     Aead remoteAead =  this.generateNewRemoteAead();
     KmsEnvelopeAead envAead =
         new KmsEnvelopeAead(
             KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
     byte[] plaintext = "helloworld".getBytes(UTF_8);
     byte[] ciphertext = envAead.encrypt(plaintext, EMPTY_ADD);
     assertArrayEquals(plaintext, envAead.decrypt(ciphertext, EMPTY_ADD));
   }


   @Test
   public void encryptDecryptMissingAd_fails() throws GeneralSecurityException {
     Aead remoteAead =  this.generateNewRemoteAead();
     KmsEnvelopeAead envAead =
         new KmsEnvelopeAead(
             KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
     byte[] plaintext = "helloworld".getBytes(UTF_8);
     byte[] associatedData = "envelope_ad".getBytes(UTF_8);
     byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
     assertThrows(GeneralSecurityException.class, () -> envAead.decrypt(ciphertext, EMPTY_ADD));
   }

   @Test
   public void corruptedCiphertext_fails() throws GeneralSecurityException {
     Aead remoteAead =  this.generateNewRemoteAead();
     KmsEnvelopeAead envAead =
         new KmsEnvelopeAead(
             KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
     byte[] associatedData = "envelope_ad".getBytes(UTF_8);
     byte[] plaintext = "helloworld".getBytes(UTF_8);
     byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
     ciphertext[ciphertext.length - 1] = (byte) (ciphertext[ciphertext.length - 1] ^ 0x1);
     byte[] corruptedCiphertext = ciphertext;
     assertThrows(
         GeneralSecurityException.class, () -> envAead.decrypt(corruptedCiphertext, EMPTY_ADD));
   }

   @Test
   public void corruptedDek_fails() throws GeneralSecurityException {
     Aead remoteAead =  this.generateNewRemoteAead();
     KmsEnvelopeAead envAead =
         new KmsEnvelopeAead(
             KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
     byte[] plaintext = "helloworld".getBytes(UTF_8);
     byte[] associatedData = "envelope_ad".getBytes(UTF_8);
     byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
     ciphertext[4] = (byte) (ciphertext[4] ^ 0x1);
     byte[] corruptedCiphertext = ciphertext;
     assertThrows(
         GeneralSecurityException.class, () -> envAead.decrypt(corruptedCiphertext, EMPTY_ADD));
   }

   @Test
   public void ciphertextTooShort_fails() throws GeneralSecurityException {
     Aead remoteAead =  this.generateNewRemoteAead();
     KmsEnvelopeAead envAead =
         new KmsEnvelopeAead(
             KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
     assertThrows(
         GeneralSecurityException.class,
         () -> envAead.decrypt("foo".getBytes(UTF_8), "envelope_ad".getBytes(UTF_8)));
   }

   @Test
   public void malformedDekLength_fails() throws GeneralSecurityException {
     Aead remoteAead =  this.generateNewRemoteAead();
     KmsEnvelopeAead envAead =
         new KmsEnvelopeAead(
             KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);

     byte[] plaintext = "helloworld".getBytes(UTF_8);
     byte[] associatedData = "envelope_ad".getBytes(UTF_8);
     byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
     for (int i = 0; i <= 3; i++) {
       ciphertext[i] = (byte) 0xff;
     }
     byte[] corruptedCiphertext1 = ciphertext;

     assertThrows(
         GeneralSecurityException.class,
         () -> envAead.decrypt(corruptedCiphertext1, associatedData));
     for (int i = 0; i <= 3; i++) {
       ciphertext[i] = 0;
     }
     byte[] corruptedCiphertext2 = ciphertext;

     assertThrows(
         GeneralSecurityException.class,
         () -> envAead.decrypt(corruptedCiphertext2, associatedData));
   }
 }
	// Copyright 2021 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package com.google.crypto.tink.aead;


	import static java.nio.charset.StandardCharsets.UTF_8;
	import static org.junit.Assert.assertArrayEquals;
	import static org.junit.Assert.assertThrows;

	import com.google.crypto.tink.Aead;
	import com.google.crypto.tink.KeyTemplates;
	import com.google.crypto.tink.KeysetHandle;
	import com.google.crypto.tink.internal.KeyTemplateProtoConverter;
	import java.security.GeneralSecurityException;
	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.junit.runners.JUnit4;

	/** Tests for {@link KmsEnvelopeAead} */
	@RunWith(JUnit4.class)
	public final class KmsEnvelopeAeadTest {
	private static final byte[] EMPTY_ADD = new byte[0];

	@Before
	public void setUp() throws GeneralSecurityException {
	AeadConfig.register();
	}

	private Aead generateNewRemoteAead() throws GeneralSecurityException {
	KeysetHandle keysetHandle = KeysetHandle.generateNew(KeyTemplates.get("AES128_EAX"));
	return keysetHandle.getPrimitive(Aead.class);
	}


	@Test
	public void encryptDecrypt_works() throws GeneralSecurityException {
	Aead remoteAead = this.generateNewRemoteAead();
	KmsEnvelopeAead envAead =
	new KmsEnvelopeAead(
	KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
	byte[] plaintext = "helloworld".getBytes(UTF_8);
	byte[] ciphertext = envAead.encrypt(plaintext, EMPTY_ADD);
	assertArrayEquals(plaintext, envAead.decrypt(ciphertext, EMPTY_ADD));
	}


	@Test
	public void encryptDecryptMissingAd_fails() throws GeneralSecurityException {
	Aead remoteAead = this.generateNewRemoteAead();
	KmsEnvelopeAead envAead =
	new KmsEnvelopeAead(
	KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
	byte[] plaintext = "helloworld".getBytes(UTF_8);
	byte[] associatedData = "envelope_ad".getBytes(UTF_8);
	byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
	assertThrows(GeneralSecurityException.class, () -> envAead.decrypt(ciphertext, EMPTY_ADD));
	}

	@Test
	public void corruptedCiphertext_fails() throws GeneralSecurityException {
	Aead remoteAead = this.generateNewRemoteAead();
	KmsEnvelopeAead envAead =
	new KmsEnvelopeAead(
	KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
	byte[] associatedData = "envelope_ad".getBytes(UTF_8);
	byte[] plaintext = "helloworld".getBytes(UTF_8);
	byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
	ciphertext[ciphertext.length - 1] = (byte) (ciphertext[ciphertext.length - 1] ^ 0x1);
	byte[] corruptedCiphertext = ciphertext;
	assertThrows(
	GeneralSecurityException.class, () -> envAead.decrypt(corruptedCiphertext, EMPTY_ADD));
	}

	@Test
	public void corruptedDek_fails() throws GeneralSecurityException {
	Aead remoteAead = this.generateNewRemoteAead();
	KmsEnvelopeAead envAead =
	new KmsEnvelopeAead(
	KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
	byte[] plaintext = "helloworld".getBytes(UTF_8);
	byte[] associatedData = "envelope_ad".getBytes(UTF_8);
	byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
	ciphertext[4] = (byte) (ciphertext[4] ^ 0x1);
	byte[] corruptedCiphertext = ciphertext;
	assertThrows(
	GeneralSecurityException.class, () -> envAead.decrypt(corruptedCiphertext, EMPTY_ADD));
	}

	@Test
	public void ciphertextTooShort_fails() throws GeneralSecurityException {
	Aead remoteAead = this.generateNewRemoteAead();
	KmsEnvelopeAead envAead =
	new KmsEnvelopeAead(
	KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
	assertThrows(
	GeneralSecurityException.class,
	() -> envAead.decrypt("foo".getBytes(UTF_8), "envelope_ad".getBytes(UTF_8)));
	}

	@Test
	public void malformedDekLength_fails() throws GeneralSecurityException {
	Aead remoteAead = this.generateNewRemoteAead();
	KmsEnvelopeAead envAead =
	new KmsEnvelopeAead(
	KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);

	byte[] plaintext = "helloworld".getBytes(UTF_8);
	byte[] associatedData = "envelope_ad".getBytes(UTF_8);
	byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
	for (int i = 0; i <= 3; i++) {
	ciphertext[i] = (byte) 0xff;
	}
	byte[] corruptedCiphertext1 = ciphertext;

	assertThrows(
	GeneralSecurityException.class,
	() -> envAead.decrypt(corruptedCiphertext1, associatedData));
	for (int i = 0; i <= 3; i++) {
	ciphertext[i] = 0;
	}
	byte[] corruptedCiphertext2 = ciphertext;

	assertThrows(
	GeneralSecurityException.class,
	() -> envAead.decrypt(corruptedCiphertext2, associatedData));
	}
	}