1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/streamingaead/aes_ctr_hmac_streaming_key_manager.h"
18
19 #include <sstream>
20 #include <string>
21
22 #include "gtest/gtest.h"
23 #include "absl/status/status.h"
24 #include "absl/strings/str_cat.h"
25 #include "absl/strings/string_view.h"
26 #include "tink/streaming_aead.h"
27 #include "tink/subtle/aes_ctr_hmac_streaming.h"
28 #include "tink/subtle/common_enums.h"
29 #include "tink/subtle/random.h"
30 #include "tink/subtle/streaming_aead_test_util.h"
31 #include "tink/subtle/test_util.h"
32 #include "tink/util/istream_input_stream.h"
33 #include "tink/util/ostream_output_stream.h"
34 #include "tink/util/secret_data.h"
35 #include "tink/util/status.h"
36 #include "tink/util/statusor.h"
37 #include "tink/util/test_matchers.h"
38 #include "proto/aes_ctr_hmac_streaming.pb.h"
39 #include "proto/aes_eax.pb.h"
40 #include "proto/common.pb.h"
41 #include "proto/tink.pb.h"
42
43 namespace crypto {
44 namespace tink {
45
46 using ::crypto::tink::test::IsOk;
47 using ::crypto::tink::test::StatusIs;
48 using ::google::crypto::tink::AesCtrHmacStreamingKey;
49 using ::google::crypto::tink::AesCtrHmacStreamingKeyFormat;
50 using ::google::crypto::tink::HashType;
51 using ::testing::Eq;
52 using ::testing::HasSubstr;
53 using ::testing::Not;
54
55 namespace {
56
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKey)57 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKey) {
58 AesCtrHmacStreamingKey key;
59 key.set_version(0);
60 key.set_key_value("0123456789abcdef");
61 key.mutable_params()->set_derived_key_size(16);
62 key.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
63 key.mutable_params()->set_ciphertext_segment_size(1024);
64 key.mutable_params()->mutable_hmac_params()->set_hash(HashType::SHA256);
65 key.mutable_params()->mutable_hmac_params()->set_tag_size(32);
66 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKey(key), IsOk());
67 }
68
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyDerivedKeySizes)69 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyDerivedKeySizes) {
70 for (int derived_key_size = 0; derived_key_size < 42; derived_key_size++) {
71 SCOPED_TRACE(absl::StrCat(" derived_key_size = ", derived_key_size));
72 AesCtrHmacStreamingKey key;
73 key.set_version(0);
74 key.set_key_value(std::string(derived_key_size, 'a')); // ikm
75 key.mutable_params()->set_derived_key_size(derived_key_size);
76 key.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
77 key.mutable_params()->set_ciphertext_segment_size(1024);
78 key.mutable_params()->mutable_hmac_params()->set_hash(HashType::SHA256);
79 key.mutable_params()->mutable_hmac_params()->set_tag_size(32);
80 if (derived_key_size == 16 || derived_key_size == 32) {
81 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKey(key), IsOk());
82 } else {
83 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKey(key),
84 StatusIs(absl::StatusCode::kInvalidArgument));
85 }
86 }
87 }
88
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyDerivedKeyWrongVersion)89 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyDerivedKeyWrongVersion) {
90 AesCtrHmacStreamingKey key;
91 key.set_version(1);
92 key.set_key_value("0123456789abcdef");
93 key.mutable_params()->set_derived_key_size(16);
94 key.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
95 key.mutable_params()->set_ciphertext_segment_size(1024);
96 key.mutable_params()->mutable_hmac_params()->set_hash(HashType::SHA256);
97 key.mutable_params()->mutable_hmac_params()->set_tag_size(32);
98 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKey(key),
99 StatusIs(absl::StatusCode::kInvalidArgument));
100 }
101
TEST(AesCtrHmacStreamingKeyManagerTest,GetPrimitive)102 TEST(AesCtrHmacStreamingKeyManagerTest, GetPrimitive) {
103 std::string plaintext = "some plaintext";
104 std::string aad = "some aad";
105
106 AesCtrHmacStreamingKey key;
107 key.set_version(0);
108 key.set_key_value("16 bytes of key ");
109 key.mutable_params()->set_ciphertext_segment_size(1024);
110 key.mutable_params()->set_derived_key_size(16);
111 key.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
112 key.mutable_params()->mutable_hmac_params()->set_hash(HashType::SHA256);
113 key.mutable_params()->mutable_hmac_params()->set_tag_size(32);
114
115 auto streaming_aead_from_manager_result =
116 AesCtrHmacStreamingKeyManager().GetPrimitive<StreamingAead>(key);
117 ASSERT_THAT(streaming_aead_from_manager_result, IsOk());
118
119 subtle::AesCtrHmacStreaming::Params params;
120 params.ikm = util::SecretDataFromStringView("16 bytes of key ");
121 params.hkdf_algo = subtle::HashType::SHA256;;
122 params.key_size = 16;
123 params.ciphertext_segment_size = 1024;
124 params.ciphertext_offset = 0;
125 params.tag_algo = subtle::HashType::SHA256;
126 params.tag_size = 32;
127 auto streaming_aead_direct_result =
128 crypto::tink::subtle::AesCtrHmacStreaming::New(params);
129 ASSERT_THAT(streaming_aead_direct_result, IsOk());
130
131 // Check that the two primitives are the same by encrypting with one, and
132 // decrypting with the other.
133 EXPECT_THAT(
134 EncryptThenDecrypt(streaming_aead_from_manager_result.value().get(),
135 streaming_aead_direct_result.value().get(),
136 subtle::Random::GetRandomBytes(10000),
137 "some associated data", params.ciphertext_offset),
138 IsOk());
139 }
140
TEST(AesCtrHmacStreamingKeyManagerTest,Version)141 TEST(AesCtrHmacStreamingKeyManagerTest, Version) {
142 EXPECT_THAT(AesCtrHmacStreamingKeyManager().get_version(), Eq(0));
143 }
144
TEST(AesCtrHmacStreamingKeyManagerTest,KeyMaterialType)145 TEST(AesCtrHmacStreamingKeyManagerTest, KeyMaterialType) {
146 EXPECT_THAT(AesCtrHmacStreamingKeyManager().key_material_type(),
147 Eq(google::crypto::tink::KeyData::SYMMETRIC));
148 }
149
TEST(AesCtrHmacStreamingKeyManagerTest,KeyType)150 TEST(AesCtrHmacStreamingKeyManagerTest, KeyType) {
151 EXPECT_THAT(
152 AesCtrHmacStreamingKeyManager().get_key_type(),
153 Eq("type.googleapis.com/google.crypto.tink.AesCtrHmacStreamingKey"));
154 }
155
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyFormatEmpty)156 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyFormatEmpty) {
157 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(
158 AesCtrHmacStreamingKeyFormat()),
159 StatusIs(absl::StatusCode::kInvalidArgument));
160 }
161
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyFormat)162 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyFormat) {
163 AesCtrHmacStreamingKeyFormat key_format;
164 key_format.set_key_size(32);
165 key_format.mutable_params()->set_derived_key_size(32);
166 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
167 key_format.mutable_params()->set_ciphertext_segment_size(1024);
168 key_format.mutable_params()->mutable_hmac_params()->
169 set_hash(HashType::SHA256);
170 key_format.mutable_params()->mutable_hmac_params()->set_tag_size(32);
171 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
172 IsOk());
173 }
174
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyFormatSmallKey)175 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyFormatSmallKey) {
176 AesCtrHmacStreamingKeyFormat key_format;
177 key_format.set_key_size(16);
178 key_format.mutable_params()->set_derived_key_size(32);
179 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
180 key_format.mutable_params()->set_ciphertext_segment_size(1024);
181 key_format.mutable_params()->mutable_hmac_params()->
182 set_hash(HashType::SHA256);
183 key_format.mutable_params()->mutable_hmac_params()->set_tag_size(32);
184 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
185 StatusIs(absl::StatusCode::kInvalidArgument,
186 HasSubstr("derived_key_size")));
187 }
188
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyFormatWrongHash)189 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyFormatWrongHash) {
190 AesCtrHmacStreamingKeyFormat key_format;
191 key_format.set_key_size(32);
192 key_format.mutable_params()->set_derived_key_size(32);
193 key_format.mutable_params()->set_ciphertext_segment_size(1024);
194 key_format.mutable_params()->mutable_hmac_params()->
195 set_hash(HashType::SHA256);
196 key_format.mutable_params()->mutable_hmac_params()->set_tag_size(32);
197 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
198 StatusIs(absl::StatusCode::kInvalidArgument,
199 HasSubstr("hkdf_hash_type")));
200 }
201
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyFormatWrongHmacHash)202 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyFormatWrongHmacHash) {
203 AesCtrHmacStreamingKeyFormat key_format;
204 key_format.set_key_size(32);
205 key_format.mutable_params()->set_derived_key_size(32);
206 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
207 key_format.mutable_params()->set_ciphertext_segment_size(1024);
208 key_format.mutable_params()->mutable_hmac_params()->set_tag_size(32);
209 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
210 StatusIs(absl::StatusCode::kInvalidArgument,
211 HasSubstr("hmac_params.hash")));
212 }
213
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyFormatSmallSegment)214 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyFormatSmallSegment) {
215 AesCtrHmacStreamingKeyFormat key_format;
216 key_format.set_key_size(32);
217 key_format.mutable_params()->set_derived_key_size(32);
218 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
219 key_format.mutable_params()->set_ciphertext_segment_size(45);
220 key_format.mutable_params()->mutable_hmac_params()->
221 set_hash(HashType::SHA256);
222 key_format.mutable_params()->mutable_hmac_params()->set_tag_size(32);
223 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
224 StatusIs(absl::StatusCode::kInvalidArgument,
225 HasSubstr("ciphertext_segment_size")));
226 }
227
TEST(AesCtrHmacStreamingKeyManagerTest,ValidateKeyFormatTooLargeSegment)228 TEST(AesCtrHmacStreamingKeyManagerTest, ValidateKeyFormatTooLargeSegment) {
229 AesCtrHmacStreamingKeyFormat key_format;
230 key_format.set_key_size(32);
231 key_format.mutable_params()->set_derived_key_size(32);
232 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
233 key_format.mutable_params()->set_ciphertext_segment_size(2147483648);
234 key_format.mutable_params()->mutable_hmac_params()->
235 set_hash(HashType::SHA256);
236 key_format.mutable_params()->mutable_hmac_params()->set_tag_size(32);
237 EXPECT_THAT(AesCtrHmacStreamingKeyManager().ValidateKeyFormat(key_format),
238 StatusIs(absl::StatusCode::kInvalidArgument,
239 HasSubstr("ciphertext_segment_size too big")));
240 }
241
TEST(AesCtrHmacStreamingKeyManagerTest,CreateKey)242 TEST(AesCtrHmacStreamingKeyManagerTest, CreateKey) {
243 AesCtrHmacStreamingKeyFormat key_format;
244 key_format.set_key_size(32);
245 key_format.mutable_params()->set_derived_key_size(32);
246 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
247 key_format.mutable_params()->set_ciphertext_segment_size(1024);
248 key_format.mutable_params()->mutable_hmac_params()->
249 set_hash(HashType::SHA256);
250 key_format.mutable_params()->mutable_hmac_params()->set_tag_size(32);
251 auto key_or = AesCtrHmacStreamingKeyManager().CreateKey(key_format);
252 ASSERT_THAT(key_or, IsOk());
253 EXPECT_THAT(key_or.value().version(), Eq(0));
254 EXPECT_THAT(key_or.value().params().ciphertext_segment_size(),
255 Eq(key_format.params().ciphertext_segment_size()));
256 EXPECT_THAT(key_or.value().params().derived_key_size(),
257 Eq(key_format.params().derived_key_size()));
258 EXPECT_THAT(key_or.value().params().hkdf_hash_type(),
259 Eq(key_format.params().hkdf_hash_type()));
260 EXPECT_THAT(key_or.value().key_value().size(), Eq(key_format.key_size()));
261 EXPECT_THAT(key_or.value().params().hmac_params().hash(),
262 Eq(key_format.params().hmac_params().hash()));
263 EXPECT_THAT(key_or.value().params().hmac_params().tag_size(),
264 Eq(key_format.params().hmac_params().tag_size()));
265 }
266
TEST(AesCtrHmacStreamingKeyManagerTest,DeriveKey)267 TEST(AesCtrHmacStreamingKeyManagerTest, DeriveKey) {
268 AesCtrHmacStreamingKeyFormat key_format;
269 key_format.set_version(0);
270 key_format.set_key_size(32);
271 key_format.mutable_params()->set_derived_key_size(32);
272 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
273 key_format.mutable_params()->set_ciphertext_segment_size(1024);
274
275 util::IstreamInputStream input_stream{
276 absl::make_unique<std::stringstream>("01234567890123456789012345678901")};
277
278 util::StatusOr<AesCtrHmacStreamingKey> key_or =
279 AesCtrHmacStreamingKeyManager().DeriveKey(key_format, &input_stream);
280 ASSERT_THAT(key_or, IsOk());
281 EXPECT_THAT(key_or.value().key_value(),
282 Eq("01234567890123456789012345678901"));
283 EXPECT_THAT(key_or.value().params().derived_key_size(),
284 Eq(key_format.params().derived_key_size()));
285 EXPECT_THAT(key_or.value().params().hkdf_hash_type(),
286 Eq(key_format.params().hkdf_hash_type()));
287 EXPECT_THAT(key_or.value().params().ciphertext_segment_size(),
288 Eq(key_format.params().ciphertext_segment_size()));
289 }
290
TEST(AesCtrHmacStreamingKeyManagerTest,DeriveKeyNotEnoughRandomness)291 TEST(AesCtrHmacStreamingKeyManagerTest, DeriveKeyNotEnoughRandomness) {
292 AesCtrHmacStreamingKeyFormat key_format;
293 key_format.set_version(0);
294 key_format.set_key_size(32);
295 key_format.mutable_params()->set_derived_key_size(32);
296 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
297 key_format.mutable_params()->set_ciphertext_segment_size(1024);
298
299 util::IstreamInputStream input_stream{
300 absl::make_unique<std::stringstream>("0123456789012345678901234567890")};
301
302 ASSERT_THAT(AesCtrHmacStreamingKeyManager()
303 .DeriveKey(key_format, &input_stream)
304 .status(),
305 Not(IsOk()));
306 }
307
TEST(AesCtrHmacStreamingKeyManagerTest,DeriveKeyWrongVersion)308 TEST(AesCtrHmacStreamingKeyManagerTest, DeriveKeyWrongVersion) {
309 AesCtrHmacStreamingKeyFormat key_format;
310 key_format.set_version(1);
311 key_format.set_key_size(32);
312 key_format.mutable_params()->set_derived_key_size(32);
313 key_format.mutable_params()->set_hkdf_hash_type(HashType::SHA256);
314 key_format.mutable_params()->set_ciphertext_segment_size(1024);
315
316 util::IstreamInputStream input_stream{
317 absl::make_unique<std::stringstream>("0123456789abcdef")};
318
319 ASSERT_THAT(
320 AesCtrHmacStreamingKeyManager()
321 .DeriveKey(key_format, &input_stream)
322 .status(),
323 StatusIs(absl::StatusCode::kInvalidArgument, HasSubstr("version")));
324 }
325
326 } // namespace
327 } // namespace tink
328 } // namespace crypto
329