...

Source file src/gopkg.in/go-jose/go-jose.v2/cipher/key_wrap_test.go

Documentation: gopkg.in/go-jose/go-jose.v2/cipher 

     1  /*-
     2   * Copyright 2014 Square Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   */
    16  
    17  package josecipher
    18  
    19  import (
    20  	"bytes"
    21  	"crypto/aes"
    22  	"encoding/hex"
    23  	"testing"
    24  )
    25  
    26  func TestAesKeyWrap(t *testing.T) {
    27  	// Test vectors from: http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
    28  	kek0, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
    29  	cek0, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF")
    30  
    31  	expected0, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5")
    32  
    33  	kek1, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F1011121314151617")
    34  	cek1, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF")
    35  
    36  	expected1, _ := hex.DecodeString("96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D")
    37  
    38  	kek2, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F")
    39  	cek2, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF0001020304050607")
    40  
    41  	expected2, _ := hex.DecodeString("A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1")
    42  
    43  	block0, _ := aes.NewCipher(kek0)
    44  	block1, _ := aes.NewCipher(kek1)
    45  	block2, _ := aes.NewCipher(kek2)
    46  
    47  	out0, _ := KeyWrap(block0, cek0)
    48  	out1, _ := KeyWrap(block1, cek1)
    49  	out2, _ := KeyWrap(block2, cek2)
    50  
    51  	if bytes.Compare(out0, expected0) != 0 {
    52  		t.Error("output 0 not as expected, got", out0, "wanted", expected0)
    53  	}
    54  
    55  	if bytes.Compare(out1, expected1) != 0 {
    56  		t.Error("output 1 not as expected, got", out1, "wanted", expected1)
    57  	}
    58  
    59  	if bytes.Compare(out2, expected2) != 0 {
    60  		t.Error("output 2 not as expected, got", out2, "wanted", expected2)
    61  	}
    62  
    63  	unwrap0, _ := KeyUnwrap(block0, out0)
    64  	unwrap1, _ := KeyUnwrap(block1, out1)
    65  	unwrap2, _ := KeyUnwrap(block2, out2)
    66  
    67  	if bytes.Compare(unwrap0, cek0) != 0 {
    68  		t.Error("key unwrap did not return original input, got", unwrap0, "wanted", cek0)
    69  	}
    70  
    71  	if bytes.Compare(unwrap1, cek1) != 0 {
    72  		t.Error("key unwrap did not return original input, got", unwrap1, "wanted", cek1)
    73  	}
    74  
    75  	if bytes.Compare(unwrap2, cek2) != 0 {
    76  		t.Error("key unwrap did not return original input, got", unwrap2, "wanted", cek2)
    77  	}
    78  }
    79  
    80  func TestAesKeyWrapInvalid(t *testing.T) {
    81  	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
    82  
    83  	// Invalid unwrap input (bit flipped)
    84  	input0, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CFE5")
    85  
    86  	block, _ := aes.NewCipher(kek)
    87  
    88  	_, err := KeyUnwrap(block, input0)
    89  	if err == nil {
    90  		t.Error("key unwrap failed to detect invalid input")
    91  	}
    92  
    93  	// Invalid unwrap input (truncated)
    94  	input1, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CF")
    95  
    96  	_, err = KeyUnwrap(block, input1)
    97  	if err == nil {
    98  		t.Error("key unwrap failed to detect truncated input")
    99  	}
   100  
   101  	// Invalid wrap input (not multiple of 8)
   102  	input2, _ := hex.DecodeString("0123456789ABCD")
   103  
   104  	_, err = KeyWrap(block, input2)
   105  	if err == nil {
   106  		t.Error("key wrap accepted invalid input")
   107  	}
   108  
   109  }
   110  
   111  func BenchmarkAesKeyWrap(b *testing.B) {
   112  	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
   113  	key, _ := hex.DecodeString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")
   114  
   115  	block, _ := aes.NewCipher(kek)
   116  
   117  	b.ResetTimer()
   118  	for i := 0; i < b.N; i++ {
   119  		KeyWrap(block, key)
   120  	}
   121  }
   122  
   123  func BenchmarkAesKeyUnwrap(b *testing.B) {
   124  	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
   125  	input, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5")
   126  
   127  	block, _ := aes.NewCipher(kek)
   128  
   129  	b.ResetTimer()
   130  	for i := 0; i < b.N; i++ {
   131  		KeyUnwrap(block, input)
   132  	}
   133  }
   134  

View as plain text