1 // Copyright 2023 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.aead; 18 19 import static com.google.common.truth.Truth.assertThat; 20 import static com.google.crypto.tink.internal.TinkBugException.exceptionIsBug; 21 import static org.junit.Assert.assertThrows; 22 23 import java.security.GeneralSecurityException; 24 import org.junit.BeforeClass; 25 import org.junit.Test; 26 import org.junit.runner.RunWith; 27 import org.junit.runners.JUnit4; 28 29 @RunWith(JUnit4.class) 30 public final class LegacyKmsEnvelopeAeadParametersTest { 31 @BeforeClass registerAead()32 public static void registerAead() throws Exception { 33 AeadConfig.register(); 34 } 35 36 private static final AeadParameters AES_GCM_PARAMETERS = 37 exceptionIsBug( 38 () -> 39 AesGcmParameters.builder() 40 .setIvSizeBytes(12) 41 .setKeySizeBytes(16) 42 .setTagSizeBytes(16) 43 .setVariant(AesGcmParameters.Variant.NO_PREFIX) 44 .build()); 45 private static final AeadParameters CHACHA20POLY1305_PARAMETERS = 46 ChaCha20Poly1305Parameters.create(ChaCha20Poly1305Parameters.Variant.NO_PREFIX); 47 private static final AeadParameters XCHACHA20POLY1305_PARAMETERS = 48 XChaCha20Poly1305Parameters.create(XChaCha20Poly1305Parameters.Variant.NO_PREFIX); 49 private static final AeadParameters AES_EAX_PARAMETERS = 50 exceptionIsBug( 51 () -> 52 AesEaxParameters.builder() 53 .setIvSizeBytes(16) 54 .setKeySizeBytes(16) 55 .setTagSizeBytes(16) 56 .setVariant(AesEaxParameters.Variant.NO_PREFIX) 57 .build()); 58 public static final AesCtrHmacAeadParameters AES_CTR_HMAC_PARAMETERS = 59 exceptionIsBug( 60 () -> 61 AesCtrHmacAeadParameters.builder() 62 .setAesKeySizeBytes(16) 63 .setHmacKeySizeBytes(32) 64 .setTagSizeBytes(16) 65 .setIvSizeBytes(16) 66 .setHashType(AesCtrHmacAeadParameters.HashType.SHA256) 67 .setVariant(AesCtrHmacAeadParameters.Variant.NO_PREFIX) 68 .build()); 69 public static final AesGcmSivParameters AES_GCM_SIV_PARAMETERS = 70 exceptionIsBug( 71 () -> 72 AesGcmSivParameters.builder() 73 .setKeySizeBytes(16) 74 .setVariant(AesGcmSivParameters.Variant.NO_PREFIX) 75 .build()); 76 77 @Test createBasic_checkValues_works()78 public void createBasic_checkValues_works() throws Exception { 79 LegacyKmsEnvelopeAeadParameters parameters = 80 LegacyKmsEnvelopeAeadParameters.builder() 81 .setKekUri("SomeKekUri") 82 .setDekParsingStrategy( 83 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 84 .setDekParametersForNewKeys(AES_GCM_PARAMETERS) 85 .build(); 86 assertThat(parameters.getVariant()) 87 .isEqualTo(LegacyKmsEnvelopeAeadParameters.Variant.NO_PREFIX); 88 assertThat(parameters.getKekUri()).isEqualTo("SomeKekUri"); 89 assertThat(parameters.getDekParsingStrategy()) 90 .isEqualTo(LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM); 91 assertThat(parameters.getDekParametersForNewKeys()).isEqualTo(AES_GCM_PARAMETERS); 92 assertThat(parameters.hasIdRequirement()).isFalse(); 93 } 94 95 @Test createWithTinkPrefix_checkValues_works()96 public void createWithTinkPrefix_checkValues_works() throws Exception { 97 LegacyKmsEnvelopeAeadParameters parameters = 98 LegacyKmsEnvelopeAeadParameters.builder() 99 .setVariant(LegacyKmsEnvelopeAeadParameters.Variant.TINK) 100 .setKekUri("SomeKekUri") 101 .setDekParsingStrategy( 102 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 103 .setDekParametersForNewKeys(AES_GCM_PARAMETERS) 104 .build(); 105 assertThat(parameters.getVariant()).isEqualTo(LegacyKmsEnvelopeAeadParameters.Variant.TINK); 106 assertThat(parameters.getKekUri()).isEqualTo("SomeKekUri"); 107 assertThat(parameters.getDekParsingStrategy()) 108 .isEqualTo(LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM); 109 assertThat(parameters.getDekParametersForNewKeys()).isEqualTo(AES_GCM_PARAMETERS); 110 assertThat(parameters.hasIdRequirement()).isTrue(); 111 } 112 113 @Test createWithChaChaParameters_works()114 public void createWithChaChaParameters_works() throws Exception { 115 LegacyKmsEnvelopeAeadParameters parameters = 116 LegacyKmsEnvelopeAeadParameters.builder() 117 .setKekUri("SomeOtherKekUri") 118 .setDekParsingStrategy( 119 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_CHACHA20POLY1305) 120 .setDekParametersForNewKeys(CHACHA20POLY1305_PARAMETERS) 121 .build(); 122 assertThat(parameters.getVariant()) 123 .isEqualTo(LegacyKmsEnvelopeAeadParameters.Variant.NO_PREFIX); 124 assertThat(parameters.getKekUri()).isEqualTo("SomeOtherKekUri"); 125 assertThat(parameters.getDekParsingStrategy()) 126 .isEqualTo(LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_CHACHA20POLY1305); 127 assertThat(parameters.getDekParametersForNewKeys()).isEqualTo(CHACHA20POLY1305_PARAMETERS); 128 assertThat(parameters.hasIdRequirement()).isFalse(); 129 } 130 131 @Test createWithXChaChaParameters_works()132 public void createWithXChaChaParameters_works() throws Exception { 133 LegacyKmsEnvelopeAeadParameters parameters = 134 LegacyKmsEnvelopeAeadParameters.builder() 135 .setKekUri("SomeOtherKekUri") 136 .setDekParsingStrategy( 137 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_XCHACHA20POLY1305) 138 .setDekParametersForNewKeys(XCHACHA20POLY1305_PARAMETERS) 139 .build(); 140 assertThat(parameters.getVariant()) 141 .isEqualTo(LegacyKmsEnvelopeAeadParameters.Variant.NO_PREFIX); 142 assertThat(parameters.getKekUri()).isEqualTo("SomeOtherKekUri"); 143 assertThat(parameters.getDekParsingStrategy()) 144 .isEqualTo(LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_XCHACHA20POLY1305); 145 assertThat(parameters.getDekParametersForNewKeys()).isEqualTo(XCHACHA20POLY1305_PARAMETERS); 146 assertThat(parameters.hasIdRequirement()).isFalse(); 147 } 148 149 @Test createWithEaxParameters_works()150 public void createWithEaxParameters_works() throws Exception { 151 LegacyKmsEnvelopeAeadParameters parameters = 152 LegacyKmsEnvelopeAeadParameters.builder() 153 .setKekUri("SomeOtherKekUri") 154 .setDekParsingStrategy( 155 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_EAX) 156 .setDekParametersForNewKeys(AES_EAX_PARAMETERS) 157 .build(); 158 assertThat(parameters.getVariant()) 159 .isEqualTo(LegacyKmsEnvelopeAeadParameters.Variant.NO_PREFIX); 160 assertThat(parameters.getKekUri()).isEqualTo("SomeOtherKekUri"); 161 assertThat(parameters.getDekParsingStrategy()) 162 .isEqualTo(LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_EAX); 163 assertThat(parameters.getDekParametersForNewKeys()).isEqualTo(AES_EAX_PARAMETERS); 164 assertThat(parameters.hasIdRequirement()).isFalse(); 165 } 166 167 @Test createAesCtrHmacParameters_works()168 public void createAesCtrHmacParameters_works() throws Exception { 169 LegacyKmsEnvelopeAeadParameters parameters = 170 LegacyKmsEnvelopeAeadParameters.builder() 171 .setKekUri("SomeOtherKekUri") 172 .setDekParsingStrategy( 173 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_EAX) 174 .setDekParametersForNewKeys(AES_EAX_PARAMETERS) 175 .build(); 176 assertThat(parameters.getVariant()) 177 .isEqualTo(LegacyKmsEnvelopeAeadParameters.Variant.NO_PREFIX); 178 assertThat(parameters.getKekUri()).isEqualTo("SomeOtherKekUri"); 179 assertThat(parameters.getDekParsingStrategy()) 180 .isEqualTo(LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_EAX); 181 assertThat(parameters.getDekParametersForNewKeys()).isEqualTo(AES_EAX_PARAMETERS); 182 assertThat(parameters.hasIdRequirement()).isFalse(); 183 } 184 185 @Test createWithDekParametersMismatch_throws()186 public void createWithDekParametersMismatch_throws() throws Exception { 187 assertThrows( 188 GeneralSecurityException.class, 189 () -> 190 LegacyKmsEnvelopeAeadParameters.builder() 191 .setKekUri("SomeKekUri") 192 .setDekParsingStrategy( 193 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_EAX) 194 .setDekParametersForNewKeys(AES_GCM_PARAMETERS) 195 .build()); 196 assertThrows( 197 GeneralSecurityException.class, 198 () -> 199 LegacyKmsEnvelopeAeadParameters.builder() 200 .setKekUri("SomeKekUri") 201 .setDekParsingStrategy( 202 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_XCHACHA20POLY1305) 203 .setDekParametersForNewKeys(CHACHA20POLY1305_PARAMETERS) 204 .build()); 205 assertThrows( 206 GeneralSecurityException.class, 207 () -> 208 LegacyKmsEnvelopeAeadParameters.builder() 209 .setKekUri("SomeKekUri") 210 .setDekParsingStrategy( 211 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_CHACHA20POLY1305) 212 .setDekParametersForNewKeys(XCHACHA20POLY1305_PARAMETERS) 213 .build()); 214 assertThrows( 215 GeneralSecurityException.class, 216 () -> 217 LegacyKmsEnvelopeAeadParameters.builder() 218 .setKekUri("SomeKekUri") 219 .setDekParsingStrategy( 220 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_CTR_HMAC) 221 .setDekParametersForNewKeys(AES_GCM_SIV_PARAMETERS) 222 .build()); 223 assertThrows( 224 GeneralSecurityException.class, 225 () -> 226 LegacyKmsEnvelopeAeadParameters.builder() 227 .setKekUri("SomeKekUri") 228 .setDekParsingStrategy( 229 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM_SIV) 230 .setDekParametersForNewKeys(AES_GCM_PARAMETERS) 231 .build()); 232 assertThrows( 233 GeneralSecurityException.class, 234 () -> 235 LegacyKmsEnvelopeAeadParameters.builder() 236 .setKekUri("SomeKekUri") 237 .setDekParsingStrategy( 238 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 239 .setDekParametersForNewKeys(AES_EAX_PARAMETERS) 240 .build()); 241 } 242 243 @Test build_setDekParametersForNewKeysWithIdRequirement_throws()244 public void build_setDekParametersForNewKeysWithIdRequirement_throws() throws Exception { 245 AeadParameters aesGcm128Tink = 246 AesGcmParameters.builder() 247 .setIvSizeBytes(12) 248 .setKeySizeBytes(16) 249 .setTagSizeBytes(16) 250 .setVariant(AesGcmParameters.Variant.TINK) 251 .build(); 252 LegacyKmsEnvelopeAeadParameters.Builder parameters = 253 LegacyKmsEnvelopeAeadParameters.builder() 254 .setKekUri("SomeKekUri") 255 .setDekParsingStrategy( 256 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 257 .setDekParametersForNewKeys(aesGcm128Tink); 258 assertThrows(GeneralSecurityException.class, parameters::build); 259 } 260 261 @Test build_doNotSetKekUri_throws()262 public void build_doNotSetKekUri_throws() throws Exception { 263 AeadParameters aesGcm128Raw = 264 AesGcmParameters.builder() 265 .setIvSizeBytes(12) 266 .setKeySizeBytes(16) 267 .setTagSizeBytes(16) 268 .setVariant(AesGcmParameters.Variant.NO_PREFIX) 269 .build(); 270 LegacyKmsEnvelopeAeadParameters.Builder parameters = 271 LegacyKmsEnvelopeAeadParameters.builder() 272 .setDekParsingStrategy( 273 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 274 .setDekParametersForNewKeys(aesGcm128Raw); 275 assertThrows(GeneralSecurityException.class, parameters::build); 276 } 277 278 @Test build_doNotSetDekTypeUrlForParsing_throws()279 public void build_doNotSetDekTypeUrlForParsing_throws() throws Exception { 280 AeadParameters aesGcm128Raw = 281 AesGcmParameters.builder() 282 .setIvSizeBytes(12) 283 .setKeySizeBytes(16) 284 .setTagSizeBytes(16) 285 .setVariant(AesGcmParameters.Variant.NO_PREFIX) 286 .build(); 287 LegacyKmsEnvelopeAeadParameters.Builder parameters = 288 LegacyKmsEnvelopeAeadParameters.builder() 289 .setKekUri("SomeKekUri") 290 .setDekParametersForNewKeys(aesGcm128Raw); 291 assertThrows(GeneralSecurityException.class, parameters::build); 292 } 293 294 @Test createBasic_doNotSetParameters_throws()295 public void createBasic_doNotSetParameters_throws() throws Exception { 296 LegacyKmsEnvelopeAeadParameters.Builder parameters = 297 LegacyKmsEnvelopeAeadParameters.builder() 298 .setKekUri("SomeKekUri") 299 .setDekParsingStrategy( 300 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM); 301 assertThrows(GeneralSecurityException.class, parameters::build); 302 } 303 304 @Test testEqualityAndHash()305 public void testEqualityAndHash() throws Exception { 306 LegacyKmsEnvelopeAeadParameters parameters1 = 307 LegacyKmsEnvelopeAeadParameters.builder() 308 .setKekUri("SomeKekUri") 309 .setDekParsingStrategy( 310 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 311 .setDekParametersForNewKeys(AES_GCM_PARAMETERS) 312 .build(); 313 LegacyKmsEnvelopeAeadParameters parameters1Copy = 314 LegacyKmsEnvelopeAeadParameters.builder() 315 .setKekUri("SomeKekUri") 316 .setDekParsingStrategy( 317 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 318 .setDekParametersForNewKeys( 319 AesGcmParameters.builder() 320 .setIvSizeBytes(12) 321 .setKeySizeBytes(16) 322 .setTagSizeBytes(16) 323 .setVariant(AesGcmParameters.Variant.NO_PREFIX) 324 .build()) 325 .build(); 326 LegacyKmsEnvelopeAeadParameters parametersWithDifferentKekUri = 327 LegacyKmsEnvelopeAeadParameters.builder() 328 .setKekUri("DifferentSomeKekUri") 329 .setDekParsingStrategy( 330 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 331 .setDekParametersForNewKeys(AES_GCM_PARAMETERS) 332 .build(); 333 LegacyKmsEnvelopeAeadParameters parametersWithDifferentDekKeySize = 334 LegacyKmsEnvelopeAeadParameters.builder() 335 .setKekUri("DifferentSomeKekUri") 336 .setDekParsingStrategy( 337 LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM) 338 .setDekParametersForNewKeys( 339 AesGcmParameters.builder() 340 .setIvSizeBytes(12) 341 // 32 Byte Keys 342 .setKeySizeBytes(32) 343 .setTagSizeBytes(16) 344 .setVariant(AesGcmParameters.Variant.NO_PREFIX) 345 .build()) 346 .build(); 347 348 assertThat(parameters1).isEqualTo(parameters1Copy); 349 assertThat(parameters1).isNotEqualTo(parametersWithDifferentKekUri); 350 assertThat(parameters1).isNotEqualTo(parametersWithDifferentDekKeySize); 351 352 assertThat(parameters1.hashCode()).isEqualTo(parameters1Copy.hashCode()); 353 assertThat(parameters1.hashCode()).isNotEqualTo(parametersWithDifferentKekUri.hashCode()); 354 assertThat(parameters1.hashCode()).isNotEqualTo(parametersWithDifferentDekKeySize.hashCode()); 355 } 356 } 357