Reformatting go code.
Public PR: https://github.com/google/tink/pull/68.
Change-Id: Ib87063d72017d34f96872c2de1088df96f03371c
ORIGINAL_AUTHOR=Thai Duong <[email protected]>
GitOrigin-RevId: 180def9971226c35baa93407d654d63cf719e2ba
diff --git a/go/aead/aead_config.go b/go/aead/aead_config.go
index 5aa2161..0de4a13 100644
--- a/go/aead/aead_config.go
+++ b/go/aead/aead_config.go
@@ -17,8 +17,8 @@
package aead
import (
- "sync"
- "github.com/google/tink/go/tink/tink"
+ "github.com/google/tink/go/tink/tink"
+ "sync"
)
// Config offers convenience methods for initializing aead.Factory()
@@ -32,31 +32,32 @@
// This divison allows for gradual retiring insecure or obsolete key types.
var configInstance *config
var configOnce sync.Once
-type config struct {}
+
+type config struct{}
// Config creates an instance of config if there isn't and returns the instance.
func Config() *config {
- configOnce.Do(func() {
- configInstance = new(config)
- })
- return configInstance
+ configOnce.Do(func() {
+ configInstance = new(config)
+ })
+ return configInstance
}
// RegisterStandardKeyTypes registers standard Aead key types and their managers
// with the Registry.
func (c *config) RegisterStandardKeyTypes() (bool, error) {
- return c.RegisterKeyManager(NewAesGcmKeyManager())
+ return c.RegisterKeyManager(NewAesGcmKeyManager())
}
// RegisterLegacyKeyTypes registers legacy Aead key types and their managers
// with the Registry.
func (c *config) RegisterLegacyKeyTypes() (bool, error) {
- return false, nil
+ return false, nil
}
// RegisterKeyManager registers the given keyManager for the key type given in
// keyManager.KeyType(). It returns true if registration was successful, false if
// there already exisits a key manager for the key type.
func (c *config) RegisterKeyManager(keyManager tink.KeyManager) (bool, error) {
- return tink.Registry().RegisterKeyManager(keyManager)
-}
\ No newline at end of file
+ return tink.Registry().RegisterKeyManager(keyManager)
+}
diff --git a/go/aead/aead_config_test.go b/go/aead/aead_config_test.go
index 0a37186..b83c014 100644
--- a/go/aead/aead_config_test.go
+++ b/go/aead/aead_config_test.go
@@ -13,30 +13,31 @@
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
+
package aead_test
import (
- "testing"
- "github.com/google/tink/go/tink/tink"
- "github.com/google/tink/go/aead/aead"
+ "github.com/google/tink/go/aead/aead"
+ "github.com/google/tink/go/tink/tink"
+ "testing"
)
func TestConfigInstance(t *testing.T) {
- c := aead.Config()
- if c == nil {
- t.Errorf("Config() returns nil")
- }
+ c := aead.Config()
+ if c == nil {
+ t.Errorf("Config() returns nil")
+ }
}
func TestConfigRegistration(t *testing.T) {
- success, err := aead.Config().RegisterStandardKeyTypes()
- if !success || err != nil {
- t.Errorf("cannot register standard key types")
- }
- // check for AES-GCM key manager
- keyManager, err := tink.Registry().GetKeyManager(aead.AES_GCM_TYPE_URL)
- if err != nil {
- t.Errorf("unexpected error: %s", err)
- }
- var _ = keyManager.(*aead.AesGcmKeyManager)
-}
\ No newline at end of file
+ success, err := aead.Config().RegisterStandardKeyTypes()
+ if !success || err != nil {
+ t.Errorf("cannot register standard key types")
+ }
+ // check for AES-GCM key manager
+ keyManager, err := tink.Registry().GetKeyManager(aead.AES_GCM_TYPE_URL)
+ if err != nil {
+ t.Errorf("unexpected error: %s", err)
+ }
+ var _ = keyManager.(*aead.AesGcmKeyManager)
+}
diff --git a/go/aead/aead_factory.go b/go/aead/aead_factory.go
index de7d477..a8fbaa7 100644
--- a/go/aead/aead_factory.go
+++ b/go/aead/aead_factory.go
@@ -13,12 +13,13 @@
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
+
package aead
import (
- "sync"
- "fmt"
- "github.com/google/tink/go/tink/tink"
+ "fmt"
+ "github.com/google/tink/go/tink/tink"
+ "sync"
)
// Factory offers methods for obtaining a primitive from a KeysetHandle.
@@ -33,37 +34,38 @@
// work, the primitive tries all keys with OutputPrefixType_RAW.
var factoryInstance *factory
var factoryOnce sync.Once
-type factory struct {}
+
+type factory struct{}
// factory creates an instance of factory if there isn't and returns the instance.
func Factory() *factory {
- factoryOnce.Do(func() {
- factoryInstance = new(factory)
- })
- return factoryInstance
+ factoryOnce.Do(func() {
+ factoryInstance = new(factory)
+ })
+ return factoryInstance
}
// GetPrimitive returns a Aead primitive from the given keyset handle.
func (f *factory) GetPrimitive(handle *tink.KeysetHandle) (tink.Aead, error) {
- return f.GetPrimitiveWithCustomerManager(handle, nil /*keyManager*/)
+ return f.GetPrimitiveWithCustomerManager(handle, nil /*keyManager*/)
}
// GetPrimitiveWithCustomerManager returns a Aead primitive from the given
// keyset handle and custom key manager.
func (f *factory) GetPrimitiveWithCustomerManager(
- handle *tink.KeysetHandle, manager tink.KeyManager) (tink.Aead, error) {
- ps, err := tink.Registry().GetPrimitivesWithCustomManager(handle, manager)
- if err != nil {
- return nil, fmt.Errorf("aead_factory: cannot obtain primitive set: %s", err)
- }
- var ret tink.Aead = newPrimitiveSetAead(ps)
- return ret, nil
+ handle *tink.KeysetHandle, manager tink.KeyManager) (tink.Aead, error) {
+ ps, err := tink.Registry().GetPrimitivesWithCustomManager(handle, manager)
+ if err != nil {
+ return nil, fmt.Errorf("aead_factory: cannot obtain primitive set: %s", err)
+ }
+ var ret tink.Aead = newPrimitiveSetAead(ps)
+ return ret, nil
}
// primitiveSetAead is an Aead implementation that uses the underlying primitive
// set for encryption and decryption.
type primitiveSetAead struct {
- ps *tink.PrimitiveSet
+ ps *tink.PrimitiveSet
}
// Asserts that primitiveSetAead implements the Aead interface.
@@ -71,57 +73,57 @@
// newPrimitiveSetAead creates a new instance of primitiveSetAead
func newPrimitiveSetAead(ps *tink.PrimitiveSet) *primitiveSetAead {
- ret := new(primitiveSetAead)
- ret.ps = ps
- return ret
+ ret := new(primitiveSetAead)
+ ret.ps = ps
+ return ret
}
// Encrypt encrypts the given plaintext with the given additional authenticated data.
// It returns the concatenation of the primary's identifier and the ciphertext.
func (a *primitiveSetAead) Encrypt(pt []byte, ad []byte) ([]byte, error) {
- primary := a.ps.Primary()
- var p tink.Aead = (primary.Primitive()).(tink.Aead)
- ct, err := p.Encrypt(pt, ad)
- if err != nil {
- return nil, err
- }
- var ret []byte
- ret = append(ret, primary.Identifier()...)
- ret = append(ret, ct...)
- return ret, nil
+ primary := a.ps.Primary()
+ var p tink.Aead = (primary.Primitive()).(tink.Aead)
+ ct, err := p.Encrypt(pt, ad)
+ if err != nil {
+ return nil, err
+ }
+ var ret []byte
+ ret = append(ret, primary.Identifier()...)
+ ret = append(ret, ct...)
+ return ret, nil
}
// Decrypt decrypts the given ciphertext and authenticates it with the given
// additional authenticated data. It returns the corresponding plaintext if the
// ciphertext is authenticated.
func (a *primitiveSetAead) Decrypt(ct []byte, ad []byte) ([]byte, error) {
- // try non-raw keys
- prefixSize := tink.NON_RAW_PREFIX_SIZE
- if len(ct) > prefixSize {
- prefix := ct[:prefixSize]
- ctNoPrefix := ct[prefixSize:]
- entries, err := a.ps.GetPrimitivesWithByteIdentifier(prefix)
- if err == nil {
- for i := 0; i < len(entries); i++ {
- var p = (entries[i].Primitive()).(tink.Aead)
- pt, err := p.Decrypt(ctNoPrefix, ad)
- if err == nil {
- return pt, nil
- }
- }
- }
- }
- // try raw keys
- entries, err := a.ps.GetRawPrimitives()
- if err == nil {
- for i := 0; i < len(entries); i++ {
- var p = (entries[i].Primitive()).(tink.Aead)
- pt, err := p.Decrypt(ct, ad)
- if err == nil {
- return pt, nil
- }
- }
- }
- // nothing worked
- return nil, fmt.Errorf("aead_factory: decryption failed")
-}
\ No newline at end of file
+ // try non-raw keys
+ prefixSize := tink.NON_RAW_PREFIX_SIZE
+ if len(ct) > prefixSize {
+ prefix := ct[:prefixSize]
+ ctNoPrefix := ct[prefixSize:]
+ entries, err := a.ps.GetPrimitivesWithByteIdentifier(prefix)
+ if err == nil {
+ for i := 0; i < len(entries); i++ {
+ var p = (entries[i].Primitive()).(tink.Aead)
+ pt, err := p.Decrypt(ctNoPrefix, ad)
+ if err == nil {
+ return pt, nil
+ }
+ }
+ }
+ }
+ // try raw keys
+ entries, err := a.ps.GetRawPrimitives()
+ if err == nil {
+ for i := 0; i < len(entries); i++ {
+ var p = (entries[i].Primitive()).(tink.Aead)
+ pt, err := p.Decrypt(ct, ad)
+ if err == nil {
+ return pt, nil
+ }
+ }
+ }
+ // nothing worked
+ return nil, fmt.Errorf("aead_factory: decryption failed")
+}
diff --git a/go/aead/aead_factory_test.go b/go/aead/aead_factory_test.go
index f90b048..4aad462 100644
--- a/go/aead/aead_factory_test.go
+++ b/go/aead/aead_factory_test.go
@@ -13,137 +13,138 @@
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
+
package aead_test
import (
- "bytes"
- "fmt"
- "testing"
- "strings"
- "github.com/google/tink/go/aead/aead"
- "github.com/google/tink/go/subtle/random"
- "github.com/google/tink/go/subtle/aes"
- "github.com/google/tink/go/util/util"
- "github.com/google/tink/go/util/testutil"
- "github.com/google/tink/go/tink/tink"
- tinkpb "github.com/google/tink/proto/tink_go_proto"
+ "bytes"
+ "fmt"
+ "github.com/google/tink/go/aead/aead"
+ "github.com/google/tink/go/subtle/aes"
+ "github.com/google/tink/go/subtle/random"
+ "github.com/google/tink/go/tink/tink"
+ "github.com/google/tink/go/util/testutil"
+ "github.com/google/tink/go/util/util"
+ tinkpb "github.com/google/tink/proto/tink_go_proto"
+ "strings"
+ "testing"
)
func setupFactoryTest() {
- aead.Config().RegisterStandardKeyTypes()
+ aead.Config().RegisterStandardKeyTypes()
}
func TestFactoryInstance(t *testing.T) {
- f := aead.Factory()
- if f == nil {
- t.Errorf("Factory() returns nil")
- }
+ f := aead.Factory()
+ if f == nil {
+ t.Errorf("Factory() returns nil")
+ }
}
func TestFactoryMultipleKeys(t *testing.T) {
- setupFactoryTest()
- // encrypt with non-raw key
- keyset := testutil.NewTestAesGcmKeyset(tinkpb.OutputPrefixType_TINK)
- primaryKey := keyset.Key[0]
- if primaryKey.OutputPrefixType == tinkpb.OutputPrefixType_RAW {
- t.Errorf("expect a non-raw key")
- }
- keysetHandle, _ := tink.CleartextKeysetHandle().ParseKeyset(keyset)
- a, err := aead.Factory().GetPrimitive(keysetHandle)
- if err != nil {
- t.Errorf("GetPrimitive failed: %s", err)
- }
- expectedPrefix, _ := tink.GetOutputPrefix(primaryKey)
- if err := validateAeadFactoryCipher(a, a, expectedPrefix); err != nil {
- t.Errorf("invalid cipher: %s", err)
- }
+ setupFactoryTest()
+ // encrypt with non-raw key
+ keyset := testutil.NewTestAesGcmKeyset(tinkpb.OutputPrefixType_TINK)
+ primaryKey := keyset.Key[0]
+ if primaryKey.OutputPrefixType == tinkpb.OutputPrefixType_RAW {
+ t.Errorf("expect a non-raw key")
+ }
+ keysetHandle, _ := tink.CleartextKeysetHandle().ParseKeyset(keyset)
+ a, err := aead.Factory().GetPrimitive(keysetHandle)
+ if err != nil {
+ t.Errorf("GetPrimitive failed: %s", err)
+ }
+ expectedPrefix, _ := tink.GetOutputPrefix(primaryKey)
+ if err := validateAeadFactoryCipher(a, a, expectedPrefix); err != nil {
+ t.Errorf("invalid cipher: %s", err)
+ }
- // encrypt with a non-primary RAW key and decrypt with the keyset
- rawKey := keyset.Key[1]
- if rawKey.OutputPrefixType != tinkpb.OutputPrefixType_RAW {
- t.Errorf("expect a raw key")
- }
- keyset2 := util.NewKeyset(rawKey.KeyId, []*tinkpb.Keyset_Key{rawKey})
- keysetHandle2, _ := tink.CleartextKeysetHandle().ParseKeyset(keyset2)
- a2, err := aead.Factory().GetPrimitive(keysetHandle2)
- if err != nil {
- t.Errorf("GetPrimitive failed: %s", err)
- }
- if err := validateAeadFactoryCipher(a2, a, tink.RAW_PREFIX); err != nil {
- t.Errorf("invalid cipher: %s", err)
- }
+ // encrypt with a non-primary RAW key and decrypt with the keyset
+ rawKey := keyset.Key[1]
+ if rawKey.OutputPrefixType != tinkpb.OutputPrefixType_RAW {
+ t.Errorf("expect a raw key")
+ }
+ keyset2 := util.NewKeyset(rawKey.KeyId, []*tinkpb.Keyset_Key{rawKey})
+ keysetHandle2, _ := tink.CleartextKeysetHandle().ParseKeyset(keyset2)
+ a2, err := aead.Factory().GetPrimitive(keysetHandle2)
+ if err != nil {
+ t.Errorf("GetPrimitive failed: %s", err)
+ }
+ if err := validateAeadFactoryCipher(a2, a, tink.RAW_PREFIX); err != nil {
+ t.Errorf("invalid cipher: %s", err)
+ }
- // encrypt with a random key not in the keyset, decrypt with the keyset should fail
- keyset2 = testutil.NewTestAesGcmKeyset(tinkpb.OutputPrefixType_TINK)
- primaryKey = keyset2.Key[0]
- expectedPrefix, _ = tink.GetOutputPrefix(primaryKey)
- keysetHandle2, _ = tink.CleartextKeysetHandle().ParseKeyset(keyset2)
- a2, err = aead.Factory().GetPrimitive(keysetHandle2)
- if err != nil {
- t.Errorf("GetPrimitive failed: %s", err)
- }
- err = validateAeadFactoryCipher(a2, a, expectedPrefix)
- if err == nil || !strings.Contains(err.Error(), "decryption failed") {
- t.Errorf("expect decryption to fail with random key: %s", err)
- }
+ // encrypt with a random key not in the keyset, decrypt with the keyset should fail
+ keyset2 = testutil.NewTestAesGcmKeyset(tinkpb.OutputPrefixType_TINK)
+ primaryKey = keyset2.Key[0]
+ expectedPrefix, _ = tink.GetOutputPrefix(primaryKey)
+ keysetHandle2, _ = tink.CleartextKeysetHandle().ParseKeyset(keyset2)
+ a2, err = aead.Factory().GetPrimitive(keysetHandle2)
+ if err != nil {
+ t.Errorf("GetPrimitive failed: %s", err)
+ }
+ err = validateAeadFactoryCipher(a2, a, expectedPrefix)
+ if err == nil || !strings.Contains(err.Error(), "decryption failed") {
+ t.Errorf("expect decryption to fail with random key: %s", err)
+ }
}
func TestFactoryRawKeyAsPrimary(t *testing.T) {
- setupFactoryTest()
- keyset := testutil.NewTestAesGcmKeyset(tinkpb.OutputPrefixType_RAW)
- if keyset.Key[0].OutputPrefixType != tinkpb.OutputPrefixType_RAW {
- t.Errorf("primary key is not a raw key")
- }
- keysetHandle, _ := tink.CleartextKeysetHandle().ParseKeyset(keyset)
+ setupFactoryTest()
+ keyset := testutil.NewTestAesGcmKeyset(tinkpb.OutputPrefixType_RAW)
+ if keyset.Key[0].OutputPrefixType != tinkpb.OutputPrefixType_RAW {
+ t.Errorf("primary key is not a raw key")
+ }
+ keysetHandle, _ := tink.CleartextKeysetHandle().ParseKeyset(keyset)
- a, err := aead.Factory().GetPrimitive(keysetHandle)
- if err != nil {
- t.Errorf("cannot get primitive from keyset handle: %s", err)
- }
- if err := validateAeadFactoryCipher(a, a, tink.RAW_PREFIX); err != nil {
- t.Errorf("invalid cipher: %s", err)
- }
+ a, err := aead.Factory().GetPrimitive(keysetHandle)
+ if err != nil {
+ t.Errorf("cannot get primitive from keyset handle: %s", err)
+ }
+ if err := validateAeadFactoryCipher(a, a, tink.RAW_PREFIX); err != nil {
+ t.Errorf("invalid cipher: %s", err)
+ }
}
func validateAeadFactoryCipher(encryptCipher tink.Aead,
- decryptCipher tink.Aead,
- expectedPrefix string) error{
- prefixSize := len(expectedPrefix)
- // regular plaintext
- pt := random.GetRandomBytes(20)
- ad := random.GetRandomBytes(20)
- ct, err := encryptCipher.Encrypt(pt, ad)
- if err != nil {
- return fmt.Errorf("encryption failed with regular plaintext: %s", err)
- }
- decrypted, err := decryptCipher.Decrypt(ct, ad)
- if err != nil || !bytes.Equal(decrypted, pt) {
- return fmt.Errorf("decryption failed with regular plaintext: err: %s, pt: %s, decrypted: %s",
- err, pt, decrypted)
- }
- if string(ct[:prefixSize]) != expectedPrefix {
- return fmt.Errorf("incorrect prefix with regular plaintext")
- }
- if prefixSize+len(pt)+aes.AES_GCM_IV_SIZE+aes.AES_GCM_TAG_SIZE != len(ct) {
- return fmt.Errorf("lengths of plaintext and ciphertext don't match with regular plaintext")
- }
+ decryptCipher tink.Aead,
+ expectedPrefix string) error {
+ prefixSize := len(expectedPrefix)
+ // regular plaintext
+ pt := random.GetRandomBytes(20)
+ ad := random.GetRandomBytes(20)
+ ct, err := encryptCipher.Encrypt(pt, ad)
+ if err != nil {
+ return fmt.Errorf("encryption failed with regular plaintext: %s", err)
+ }
+ decrypted, err := decryptCipher.Decrypt(ct, ad)
+ if err != nil || !bytes.Equal(decrypted, pt) {
+ return fmt.Errorf("decryption failed with regular plaintext: err: %s, pt: %s, decrypted: %s",
+ err, pt, decrypted)
+ }
+ if string(ct[:prefixSize]) != expectedPrefix {
+ return fmt.Errorf("incorrect prefix with regular plaintext")
+ }
+ if prefixSize+len(pt)+aes.AES_GCM_IV_SIZE+aes.AES_GCM_TAG_SIZE != len(ct) {
+ return fmt.Errorf("lengths of plaintext and ciphertext don't match with regular plaintext")
+ }
- // short plaintext
- pt = random.GetRandomBytes(1)
- ct, err = encryptCipher.Encrypt(pt, ad)
- if err != nil {
- return fmt.Errorf("encryption failed with short plaintext: %s", err)
- }
- decrypted, err = decryptCipher.Decrypt(ct, ad)
- if err != nil || !bytes.Equal(decrypted, pt) {
- return fmt.Errorf("decryption failed with short plaintext: err: %s, pt: %s, decrypted: %s",
- err, pt, decrypted)
- }
- if string(ct[:prefixSize]) != expectedPrefix {
- return fmt.Errorf("incorrect prefix with short plaintext")
- }
- if prefixSize+len(pt)+aes.AES_GCM_IV_SIZE+aes.AES_GCM_TAG_SIZE != len(ct) {
- return fmt.Errorf("lengths of plaintext and ciphertext don't match with short plaintext")
- }
- return nil
-}
\ No newline at end of file
+ // short plaintext
+ pt = random.GetRandomBytes(1)
+ ct, err = encryptCipher.Encrypt(pt, ad)
+ if err != nil {
+ return fmt.Errorf("encryption failed with short plaintext: %s", err)
+ }
+ decrypted, err = decryptCipher.Decrypt(ct, ad)
+ if err != nil || !bytes.Equal(decrypted, pt) {
+ return fmt.Errorf("decryption failed with short plaintext: err: %s, pt: %s, decrypted: %s",
+ err, pt, decrypted)
+ }
+ if string(ct[:prefixSize]) != expectedPrefix {
+ return fmt.Errorf("incorrect prefix with short plaintext")
+ }
+ if prefixSize+len(pt)+aes.AES_GCM_IV_SIZE+aes.AES_GCM_TAG_SIZE != len(ct) {
+ return fmt.Errorf("lengths of plaintext and ciphertext don't match with short plaintext")
+ }
+ return nil
+}
diff --git a/go/aead/aead_key_templates.go b/go/aead/aead_key_templates.go
index d049b4c..294ae4f 100644
--- a/go/aead/aead_key_templates.go
+++ b/go/aead/aead_key_templates.go
@@ -13,12 +13,13 @@
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
+
package aead
import (
- "github.com/golang/protobuf/proto"
- gcmpb "github.com/google/tink/proto/aes_gcm_go_proto"
- tinkpb "github.com/google/tink/proto/tink_go_proto"
+ "github.com/golang/protobuf/proto"
+ gcmpb "github.com/google/tink/proto/aes_gcm_go_proto"
+ tinkpb "github.com/google/tink/proto/tink_go_proto"
)
// This file contains pre-generated KeyTemplate for Aead keys. One can use these templates
@@ -27,24 +28,24 @@
// Aes128GcmKeyTemplate is a KeyTemplate of AesGcmKey with the following parameters:
// - Key size: 16 bytes
func Aes128GcmKeyTemplate() *tinkpb.KeyTemplate {
- return createAesGcmKeyTemplate(16)
+ return createAesGcmKeyTemplate(16)
}
// Aes256GcmKeyTemplate is a KeyTemplate of AesGcmKey with the following parameters:
// - Key size: 32 bytes
func Aes256GcmKeyTemplate() *tinkpb.KeyTemplate {
- return createAesGcmKeyTemplate(32)
+ return createAesGcmKeyTemplate(32)
}
// createAesGcmKeyTemplate creates a new AES-GCM key template with the given key
// size in bytes.
func createAesGcmKeyTemplate(keySize uint32) *tinkpb.KeyTemplate {
- format := &gcmpb.AesGcmKeyFormat{
- KeySize: keySize,
- }
- serializedFormat, _ := proto.Marshal(format)
- return &tinkpb.KeyTemplate{
- TypeUrl: AES_GCM_TYPE_URL,
- Value: serializedFormat,
- }
-}
\ No newline at end of file
+ format := &gcmpb.AesGcmKeyFormat{
+ KeySize: keySize,
+ }
+ serializedFormat, _ := proto.Marshal(format)
+ return &tinkpb.KeyTemplate{
+ TypeUrl: AES_GCM_TYPE_URL,
+ Value: serializedFormat,
+ }
+}
diff --git a/go/aead/aead_key_templates_test.go b/go/aead/aead_key_templates_test.go
index 3e10db2..f012509 100644
--- a/go/aead/aead_key_templates_test.go
+++ b/go/aead/aead_key_templates_test.go
@@ -13,41 +13,42 @@
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
+
package aead_test
import (
- "fmt"
- "testing"
- "github.com/google/tink/go/aead/aead"
- "github.com/golang/protobuf/proto"
- gcmpb "github.com/google/tink/proto/aes_gcm_go_proto"
- tinkpb "github.com/google/tink/proto/tink_go_proto"
+ "fmt"
+ "github.com/golang/protobuf/proto"
+ "github.com/google/tink/go/aead/aead"
+ gcmpb "github.com/google/tink/proto/aes_gcm_go_proto"
+ tinkpb "github.com/google/tink/proto/tink_go_proto"
+ "testing"
)
func TestAesGcmKeyTemplates(t *testing.T) {
- // AES-GCM 128 bit
- template := aead.Aes128GcmKeyTemplate()
- if err := checkAesGcmKeyTemplate(template, uint32(16)); err != nil {
- t.Errorf("invalid AES-128 GCM key template: %s", err)
- }
- // AES-GCM 256 bit
- template = aead.Aes256GcmKeyTemplate()
- if err := checkAesGcmKeyTemplate(template, uint32(32)); err != nil {
- t.Errorf("invalid AES-256 GCM key template: %s", err)
- }
+ // AES-GCM 128 bit
+ template := aead.Aes128GcmKeyTemplate()
+ if err := checkAesGcmKeyTemplate(template, uint32(16)); err != nil {
+ t.Errorf("invalid AES-128 GCM key template: %s", err)
+ }
+ // AES-GCM 256 bit
+ template = aead.Aes256GcmKeyTemplate()
+ if err := checkAesGcmKeyTemplate(template, uint32(32)); err != nil {
+ t.Errorf("invalid AES-256 GCM key template: %s", err)
+ }
}
func checkAesGcmKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32) error {
- if template.TypeUrl != aead.AES_GCM_TYPE_URL {
- return fmt.Errorf("incorrect type url")
- }
- keyFormat := new(gcmpb.AesGcmKeyFormat)
- err := proto.Unmarshal(template.Value, keyFormat)
- if err != nil {
- return fmt.Errorf("cannot deserialize key format: %s", err)
- }
- if keyFormat.KeySize != keySize {
- return fmt.Errorf("incorrect key size, expect %d, got %d", keySize, keyFormat.KeySize)
- }
- return nil
-}
\ No newline at end of file
+ if template.TypeUrl != aead.AES_GCM_TYPE_URL {
+ return fmt.Errorf("incorrect type url")
+ }
+ keyFormat := new(gcmpb.AesGcmKeyFormat)
+ err := proto.Unmarshal(template.Value, keyFormat)
+ if err != nil {
+ return fmt.Errorf("cannot deserialize key format: %s", err)
+ }
+ if keyFormat.KeySize != keySize {
+ return fmt.Errorf("incorrect key size, expect %d, got %d", keySize, keyFormat.KeySize)
+ }
+ return nil
+}
diff --git a/go/aead/aes_gcm_key_manager.go b/go/aead/aes_gcm_key_manager.go
index e4f08de..9f95027 100644
--- a/go/aead/aes_gcm_key_manager.go
+++ b/go/aead/aes_gcm_key_manager.go
@@ -13,25 +13,26 @@
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
+
package aead
import (
- "fmt"
- "github.com/google/tink/go/tink/tink"
- "github.com/google/tink/go/util/util"
- "github.com/google/tink/go/subtle/aes"
- "github.com/google/tink/go/subtle/random"
- "github.com/golang/protobuf/proto"
- gcmpb "github.com/google/tink/proto/aes_gcm_go_proto"
- tinkpb "github.com/google/tink/proto/tink_go_proto"
+ "fmt"
+ "github.com/golang/protobuf/proto"
+ "github.com/google/tink/go/subtle/aes"
+ "github.com/google/tink/go/subtle/random"
+ "github.com/google/tink/go/tink/tink"
+ "github.com/google/tink/go/util/util"
+ gcmpb "github.com/google/tink/proto/aes_gcm_go_proto"
+ tinkpb "github.com/google/tink/proto/tink_go_proto"
)
const (
- // Supported version
- AES_GCM_KEY_VERSION = 0
+ // Supported version
+ AES_GCM_KEY_VERSION = 0
- // Supported type url
- AES_GCM_TYPE_URL = "type.googleapis.com/google.crypto.tink.AesGcmKey"
+ // Supported type url
+ AES_GCM_TYPE_URL = "type.googleapis.com/google.crypto.tink.AesGcmKey"
)
// common errors
@@ -40,120 +41,120 @@
// AesGcmKeyManager is an implementation of KeyManager interface.
// It generates new AesGcmKey keys and produces new instances of AesGcm subtle.
-type AesGcmKeyManager struct {}
+type AesGcmKeyManager struct{}
// Assert that aesGcmKeyManager implements the KeyManager interface.
var _ tink.KeyManager = (*AesGcmKeyManager)(nil)
// NewAesGcmKeyManager creates a new aesGcmKeyManager.
func NewAesGcmKeyManager() *AesGcmKeyManager {
- return new(AesGcmKeyManager)
+ return new(AesGcmKeyManager)
}
// GetPrimitiveFromSerializedKey creates an AesGcm subtle for the given
// serialized AesGcmKey proto.
func (km *AesGcmKeyManager) GetPrimitiveFromSerializedKey(serializedKey []byte) (interface{}, error) {
- if len(serializedKey) == 0 {
- return nil, errInvalidAesGcmKey
- }
- key := new(gcmpb.AesGcmKey)
- if err := proto.Unmarshal(serializedKey, key); err != nil {
- return nil, errInvalidAesGcmKey
- }
- return km.GetPrimitiveFromKey(key)
+ if len(serializedKey) == 0 {
+ return nil, errInvalidAesGcmKey
+ }
+ key := new(gcmpb.AesGcmKey)
+ if err := proto.Unmarshal(serializedKey, key); err != nil {
+ return nil, errInvalidAesGcmKey
+ }
+ return km.GetPrimitiveFromKey(key)
}
// GetPrimitiveFromKey creates an AesGcm subtle for the given AesGcmKey proto.
func (km *AesGcmKeyManager) GetPrimitiveFromKey(m proto.Message) (interface{}, error) {
- key, ok := m.(*gcmpb.AesGcmKey)
- if !ok {
- return nil, errInvalidAesGcmKey
- }
- if err := km.validateKey(key); err != nil {
- return nil, err
- }
- ret, err := aes.NewAesGcm(key.KeyValue)
- if err != nil {
- return nil, fmt.Errorf("aes_gcm_key_manager: cannot create new primitive: %s", err)
- }
- return ret, nil
+ key, ok := m.(*gcmpb.AesGcmKey)
+ if !ok {
+ return nil, errInvalidAesGcmKey
+ }
+ if err := km.validateKey(key); err != nil {
+ return nil, err
+ }
+ ret, err := aes.NewAesGcm(key.KeyValue)
+ if err != nil {
+ return nil, fmt.Errorf("aes_gcm_key_manager: cannot create new primitive: %s", err)
+ }
+ return ret, nil
}
// NewKeyFromSerializedKeyFormat creates a new key according to specification
// the given serialized AesGcmKeyFormat.
func (km *AesGcmKeyManager) NewKeyFromSerializedKeyFormat(serializedKeyFormat []byte) (proto.Message, error) {
- if len(serializedKeyFormat) == 0 {
- return nil, errInvalidAesGcmKeyFormat
- }
- keyFormat := new(gcmpb.AesGcmKeyFormat)
- if err := proto.Unmarshal(serializedKeyFormat, keyFormat); err != nil {
- return nil, errInvalidAesGcmKeyFormat
- }
- return km.NewKeyFromKeyFormat(keyFormat)
+ if len(serializedKeyFormat) == 0 {
+ return nil, errInvalidAesGcmKeyFormat
+ }
+ keyFormat := new(gcmpb.AesGcmKeyFormat)
+ if err := proto.Unmarshal(serializedKeyFormat, keyFormat); err != nil {
+ return nil, errInvalidAesGcmKeyFormat
+ }
+ return km.NewKeyFromKeyFormat(keyFormat)
}
// NewKeyFromKeyFormat creates a new key according to specification in the
// given AesGcmKeyFormat.
func (km *AesGcmKeyManager) NewKeyFromKeyFormat(m proto.Message) (proto.Message, error) {
- keyFormat, ok := m.(*gcmpb.AesGcmKeyFormat)
- if !ok {
- return nil, errInvalidAesGcmKeyFormat
- }
- if err := km.validateKeyFormat(keyFormat); err != nil {
- return nil, fmt.Errorf("aes_gcm_key_manager: invalid key format: %s", err)
- }
- keyValue := random.GetRandomBytes(keyFormat.KeySize)
- return &gcmpb.AesGcmKey{
- Version: AES_GCM_KEY_VERSION,
- KeyValue: keyValue,
- }, nil
+ keyFormat, ok := m.(*gcmpb.AesGcmKeyFormat)
+ if !ok {
+ return nil, errInvalidAesGcmKeyFormat
+ }
+ if err := km.validateKeyFormat(keyFormat); err != nil {
+ return nil, fmt.Errorf("aes_gcm_key_manager: invalid key format: %s", err)
+ }
+ keyValue := random.GetRandomBytes(keyFormat.KeySize)
+ return &gcmpb.AesGcmKey{
+ Version: AES_GCM_KEY_VERSION,
+ KeyValue: keyValue,
+ }, nil
}
// NewKeyData creates a new KeyData according to specification in the given
// serialized AesGcmKeyFormat. It should be used solely by the key management API.
func (km *AesGcmKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) {
- key, err := km.NewKeyFromSerializedKeyFormat(serializedKeyFormat)
- if err != nil {
- return nil, err
- }
- serializedKey, err := proto.Marshal(key)
- if err != nil {
- return nil, err
- }
- return &tinkpb.KeyData{
- TypeUrl: AES_GCM_TYPE_URL,
- Value: serializedKey,
- KeyMaterialType: tinkpb.KeyData_SYMMETRIC,
- }, nil
+ key, err := km.NewKeyFromSerializedKeyFormat(serializedKeyFormat)
+ if err != nil {
+ return nil, err
+ }
+ serializedKey, err := proto.Marshal(key)
+ if err != nil {
+ return nil, err
+ }
+ return &tinkpb.KeyData{
+ TypeUrl: AES_GCM_TYPE_URL,
+ Value: serializedKey,
+ KeyMaterialType: tinkpb.KeyData_SYMMETRIC,
+ }, nil
}
// DoesSupport indicates if this key manager supports the given key type.
func (_ *AesGcmKeyManager) DoesSupport(typeUrl string) bool {
- return typeUrl == AES_GCM_TYPE_URL
+ return typeUrl == AES_GCM_TYPE_URL
}
// GetKeyType returns the key type of keys managed by this key manager.
func (_ *AesGcmKeyManager) GetKeyType() string {
- return AES_GCM_TYPE_URL
+ return AES_GCM_TYPE_URL
}
// validateKey validates the given AesGcmKey.
func (_ *AesGcmKeyManager) validateKey(key *gcmpb.AesGcmKey) error {
- err := util.ValidateVersion(key.Version, AES_GCM_KEY_VERSION)
- if err != nil {
- return fmt.Errorf("aes_gcm_key_manager: %s", err)
- }
- keySize := uint32(len(key.KeyValue))
- if err := aes.ValidateAesKeySize(keySize); err != nil {
- return fmt.Errorf("aes_gcm_key_manager: %s", err)
- }
- return nil
+ err := util.ValidateVersion(key.Version, AES_GCM_KEY_VERSION)
+ if err != nil {
+ return fmt.Errorf("aes_gcm_key_manager: %s", err)
+ }
+ keySize := uint32(len(key.KeyValue))
+ if err := aes.ValidateAesKeySize(keySize); err != nil {
+ return fmt.Errorf("aes_gcm_key_manager: %s", err)
+ }
+ return nil
}
// validateKeyFormat validates the given AesGcmKeyFormat.
func (_ *AesGcmKeyManager) validateKeyFormat(format *gcmpb.AesGcmKeyFormat) error {
- if err := aes.ValidateAesKeySize(format.KeySize); err != nil {
- return fmt.Errorf("aes_gcm_key_manager: %s", err)
- }
- return nil
-}
\ No newline at end of file
+ if err := aes.ValidateAesKeySize(format.KeySize); err != nil {
+ return fmt.Errorf("aes_gcm_key_manager: %s", err)
+ }
+ return nil
+}
diff --git a/go/aead/aes_gcm_key_manager_test.go b/go/aead/aes_gcm_key_manager_test.go
index bb63835..631753c 100644
--- a/go/aead/aes_gcm_key_manager_test.go
+++ b/go/aead/aes_gcm_key_manager_test.go
@@ -13,269 +13,270 @@
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
+
package aead_test
import (
- "bytes"
- "fmt"
- "testing"
- "github.com/google/tink/go/util/util"
- "github.com/google/tink/go/util/testutil"
- "github.com/google/tink/go/aead/aead"
- "github.com/google/tink/go/subtle/aes"
- "github.com/google/tink/go/subtle/random"
- "github.com/golang/protobuf/proto"
- gcmpb "github.com/google/tink/proto/aes_gcm_go_proto"
- tinkpb "github.com/google/tink/proto/tink_go_proto"
+ "bytes"
+ "fmt"
+ "github.com/golang/protobuf/proto"
+ "github.com/google/tink/go/aead/aead"
+ "github.com/google/tink/go/subtle/aes"
+ "github.com/google/tink/go/subtle/random"
+ "github.com/google/tink/go/util/testutil"
+ "github.com/google/tink/go/util/util"
+ gcmpb "github.com/google/tink/proto/aes_gcm_go_proto"
+ tinkpb "github.com/google/tink/proto/tink_go_proto"
+ "testing"
)
var keySizes = []uint32{16, 24, 32}
func TestNewAesGcmKeyManager(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- if keyManager == nil {
- t.Errorf("NewAesGcmKeyManager() returns nil")
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ if keyManager == nil {
+ t.Errorf("NewAesGcmKeyManager() returns nil")
+ }
}
func TestAesGcmGetPrimitiveBasic(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- for _, keySize := range keySizes {
- key := testutil.NewAesGcmKey(uint32(keySize))
- p, err := keyManager.GetPrimitiveFromKey(key)
- if err != nil {
- t.Errorf("unexpected error: %s", err)
- }
- if err := validateAesGcmPrimitive(p, key); err != nil {
- t.Errorf("%s", err)
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ for _, keySize := range keySizes {
+ key := testutil.NewAesGcmKey(uint32(keySize))
+ p, err := keyManager.GetPrimitiveFromKey(key)
+ if err != nil {
+ t.Errorf("unexpected error: %s", err)
+ }
+ if err := validateAesGcmPrimitive(p, key); err != nil {
+ t.Errorf("%s", err)
+ }
- serializedKey, _ := proto.Marshal(key)
- p, err = keyManager.GetPrimitiveFromSerializedKey(serializedKey)
- if err != nil {
- t.Errorf("unexpected error: %s", err)
- }
- if err := validateAesGcmPrimitive(p, key); err != nil {
- t.Errorf("%s", err)
- }
- }
+ serializedKey, _ := proto.Marshal(key)
+ p, err = keyManager.GetPrimitiveFromSerializedKey(serializedKey)
+ if err != nil {
+ t.Errorf("unexpected error: %s", err)
+ }
+ if err := validateAesGcmPrimitive(p, key); err != nil {
+ t.Errorf("%s", err)
+ }
+ }
}
func TestAesGcmGetPrimitiveWithInvalidInput(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- // invalid AesGcmKey
- testKeys := genInvalidAesGcmKeys()
- for i := 0; i < len(testKeys); i++ {
- if _, err := keyManager.GetPrimitiveFromKey(testKeys[i]); err == nil {
- t.Errorf("expect an error in test case %d", i)
- }
- serializedKey, _ := proto.Marshal(testKeys[i])
- if _, err := keyManager.GetPrimitiveFromSerializedKey(serializedKey); err == nil {
- t.Errorf("expect an error in test case %d", i)
- }
- }
- // nil
- if _, err := keyManager.GetPrimitiveFromKey(nil); err == nil {
- t.Errorf("expect an error when input is nil")
- }
- if _, err := keyManager.GetPrimitiveFromSerializedKey(nil); err == nil {
- t.Errorf("expect an error when input is nil")
- }
- // empty array
- if _, err := keyManager.GetPrimitiveFromSerializedKey([]byte{}); err == nil {
- t.Errorf("expect an error when input is empty")
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ // invalid AesGcmKey
+ testKeys := genInvalidAesGcmKeys()
+ for i := 0; i < len(testKeys); i++ {
+ if _, err := keyManager.GetPrimitiveFromKey(testKeys[i]); err == nil {
+ t.Errorf("expect an error in test case %d", i)
+ }
+ serializedKey, _ := proto.Marshal(testKeys[i])
+ if _, err := keyManager.GetPrimitiveFromSerializedKey(serializedKey); err == nil {
+ t.Errorf("expect an error in test case %d", i)
+ }
+ }
+ // nil
+ if _, err := keyManager.GetPrimitiveFromKey(nil); err == nil {
+ t.Errorf("expect an error when input is nil")
+ }
+ if _, err := keyManager.GetPrimitiveFromSerializedKey(nil); err == nil {
+ t.Errorf("expect an error when input is nil")
+ }
+ // empty array
+ if _, err := keyManager.GetPrimitiveFromSerializedKey([]byte{}); err == nil {
+ t.Errorf("expect an error when input is empty")
+ }
}
func TestAesGcmNewKeyMultipleTimes(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- format := util.NewAesGcmKeyFormat(32)
- serializedFormat, _ := proto.Marshal(format)
- keys := make(map[string]bool)
- nTest := 26
- for i := 0; i < nTest; i++ {
- key, _ := keyManager.NewKeyFromSerializedKeyFormat(serializedFormat)
- serializedKey, _ := proto.Marshal(key)
- keys[string(serializedKey)] = true
+ keyManager := aead.NewAesGcmKeyManager()
+ format := util.NewAesGcmKeyFormat(32)
+ serializedFormat, _ := proto.Marshal(format)
+ keys := make(map[string]bool)
+ nTest := 26
+ for i := 0; i < nTest; i++ {
+ key, _ := keyManager.NewKeyFromSerializedKeyFormat(serializedFormat)
+ serializedKey, _ := proto.Marshal(key)
+ keys[string(serializedKey)] = true
- key, _ = keyManager.NewKeyFromKeyFormat(format)
- serializedKey, _ = proto.Marshal(key)
- keys[string(serializedKey)] = true
- }
- if len(keys) != nTest*2 {
- t.Errorf("key is repeated")
- }
+ key, _ = keyManager.NewKeyFromKeyFormat(format)
+ serializedKey, _ = proto.Marshal(key)
+ keys[string(serializedKey)] = true
+ }
+ if len(keys) != nTest*2 {
+ t.Errorf("key is repeated")
+ }
}
func TestAesGcmNewKeyBasic(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- for _, keySize := range keySizes {
- format := util.NewAesGcmKeyFormat(uint32(keySize))
- m, err := keyManager.NewKeyFromKeyFormat(format)
- if err != nil {
- t.Errorf("unexpected error: %s", err)
- }
- key := m.(*gcmpb.AesGcmKey)
- if err := validateAesGcmKey(key, format); err != nil {
- t.Errorf("%s", err)
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ for _, keySize := range keySizes {
+ format := util.NewAesGcmKeyFormat(uint32(keySize))
+ m, err := keyManager.NewKeyFromKeyFormat(format)
+ if err != nil {
+ t.Errorf("unexpected error: %s", err)
+ }
+ key := m.(*gcmpb.AesGcmKey)
+ if err := validateAesGcmKey(key, format); err != nil {
+ t.Errorf("%s", err)
+ }
- serializedFormat, _ := proto.Marshal(format)
- m, err = keyManager.NewKeyFromSerializedKeyFormat(serializedFormat)
- if err != nil {
- t.Errorf("unexpected error: %s", err)
- }
- key = m.(*gcmpb.AesGcmKey)
- if err := validateAesGcmKey(key, format); err != nil {
- t.Errorf("%s", err)
- }
- }
+ serializedFormat, _ := proto.Marshal(format)
+ m, err = keyManager.NewKeyFromSerializedKeyFormat(serializedFormat)
+ if err != nil {
+ t.Errorf("unexpected error: %s", err)
+ }
+ key = m.(*gcmpb.AesGcmKey)
+ if err := validateAesGcmKey(key, format); err != nil {
+ t.Errorf("%s", err)
+ }
+ }
}
func TestAesGcmNewKeyWithInvalidInput(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- // bad format
- badFormats := genInvalidAesGcmKeyFormats()
- for i := 0; i < len(badFormats); i++ {
- if _, err := keyManager.NewKeyFromKeyFormat(badFormats[i]); err == nil {
- t.Errorf("expect an error in test case %d", i)
- }
- serializedFormat, _ := proto.Marshal(badFormats[i])
- if _, err := keyManager.NewKeyFromSerializedKeyFormat(serializedFormat); err == nil {
- t.Errorf("expect an error in test case %d", i)
- }
- }
- // nil
- if _, err := keyManager.NewKeyFromKeyFormat(nil); err == nil {
- t.Errorf("expect an error when input is nil")
- }
- if _, err := keyManager.NewKeyFromSerializedKeyFormat(nil); err == nil {
- t.Errorf("expect an error when input is nil")
- }
- // empty array
- if _, err := keyManager.NewKeyFromSerializedKeyFormat([]byte{}); err == nil {
- t.Errorf("expect an error when input is empty")
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ // bad format
+ badFormats := genInvalidAesGcmKeyFormats()
+ for i := 0; i < len(badFormats); i++ {
+ if _, err := keyManager.NewKeyFromKeyFormat(badFormats[i]); err == nil {
+ t.Errorf("expect an error in test case %d", i)
+ }
+ serializedFormat, _ := proto.Marshal(badFormats[i])
+ if _, err := keyManager.NewKeyFromSerializedKeyFormat(serializedFormat); err == nil {
+ t.Errorf("expect an error in test case %d", i)
+ }
+ }
+ // nil
+ if _, err := keyManager.NewKeyFromKeyFormat(nil); err == nil {
+ t.Errorf("expect an error when input is nil")
+ }
+ if _, err := keyManager.NewKeyFromSerializedKeyFormat(nil); err == nil {
+ t.Errorf("expect an error when input is nil")
+ }
+ // empty array
+ if _, err := keyManager.NewKeyFromSerializedKeyFormat([]byte{}); err == nil {
+ t.Errorf("expect an error when input is empty")
+ }
}
func TestAesGcmNewKeyDataBasic(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- for _, keySize := range keySizes {
- format := util.NewAesGcmKeyFormat(uint32(keySize))
- serializedFormat, _ := proto.Marshal(format)
- keyData, err := keyManager.NewKeyData(serializedFormat)
- if err != nil {
- t.Errorf("unexpected error: %s", err)
- }
- if keyData.TypeUrl != aead.AES_GCM_TYPE_URL {
- t.Errorf("incorrect type url")
- }
- if keyData.KeyMaterialType != tinkpb.KeyData_SYMMETRIC {
- t.Errorf("incorrect key material type")
- }
- key := new(gcmpb.AesGcmKey)
- if err := proto.Unmarshal(keyData.Value, key); err != nil {
- t.Errorf("incorrect key value")
- }
- if err := validateAesGcmKey(key, format); err != nil {
- t.Errorf("%s", err)
- }
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ for _, keySize := range keySizes {
+ format := util.NewAesGcmKeyFormat(uint32(keySize))
+ serializedFormat, _ := proto.Marshal(format)
+ keyData, err := keyManager.NewKeyData(serializedFormat)
+ if err != nil {
+ t.Errorf("unexpected error: %s", err)
+ }
+ if keyData.TypeUrl != aead.AES_GCM_TYPE_URL {
+ t.Errorf("incorrect type url")
+ }
+ if keyData.KeyMaterialType != tinkpb.KeyData_SYMMETRIC {
+ t.Errorf("incorrect key material type")
+ }
+ key := new(gcmpb.AesGcmKey)
+ if err := proto.Unmarshal(keyData.Value, key); err != nil {
+ t.Errorf("incorrect key value")
+ }
+ if err := validateAesGcmKey(key, format); err != nil {
+ t.Errorf("%s", err)
+ }
+ }
}
func TestAesGcmNewKeyDataWithInvalidInput(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- badFormats := genInvalidAesGcmKeyFormats()
- for i := 0; i < len(badFormats); i++ {
- serializedFormat, _ := proto.Marshal(badFormats[i])
- if _, err := keyManager.NewKeyData(serializedFormat); err == nil {
- t.Errorf("expect an error in test case %d", i)
- }
- }
- // nil input
- if _, err := keyManager.NewKeyData(nil); err == nil {
- t.Errorf("expect an error when input is nil")
- }
- // empty input
- if _, err := keyManager.NewKeyData([]byte{}); err == nil {
- t.Errorf("expect an error when input is empty")
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ badFormats := genInvalidAesGcmKeyFormats()
+ for i := 0; i < len(badFormats); i++ {
+ serializedFormat, _ := proto.Marshal(badFormats[i])
+ if _, err := keyManager.NewKeyData(serializedFormat); err == nil {
+ t.Errorf("expect an error in test case %d", i)
+ }
+ }
+ // nil input
+ if _, err := keyManager.NewKeyData(nil); err == nil {
+ t.Errorf("expect an error when input is nil")
+ }
+ // empty input
+ if _, err := keyManager.NewKeyData([]byte{}); err == nil {
+ t.Errorf("expect an error when input is empty")
+ }
}
func TestAesGcmDoesSupport(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- if !keyManager.DoesSupport(aead.AES_GCM_TYPE_URL) {
- t.Errorf("AesGcmKeyManager must support %s", aead.AES_GCM_TYPE_URL)
- }
- if keyManager.DoesSupport("some bad type") {
- t.Errorf("AesGcmKeyManager must support only %s", aead.AES_GCM_TYPE_URL)
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ if !keyManager.DoesSupport(aead.AES_GCM_TYPE_URL) {
+ t.Errorf("AesGcmKeyManager must support %s", aead.AES_GCM_TYPE_URL)
+ }
+ if keyManager.DoesSupport("some bad type") {
+ t.Errorf("AesGcmKeyManager must support only %s", aead.AES_GCM_TYPE_URL)
+ }
}
func TestAesGcmGetKeyType(t *testing.T) {
- keyManager := aead.NewAesGcmKeyManager()
- if keyManager.GetKeyType() != aead.AES_GCM_TYPE_URL {
- t.Errorf("incorrect key type")
- }
+ keyManager := aead.NewAesGcmKeyManager()
+ if keyManager.GetKeyType() != aead.AES_GCM_TYPE_URL {
+ t.Errorf("incorrect key type")
+ }
}
func genInvalidAesGcmKeys() []proto.Message {
- return []proto.Message{
- // not a AesGcmKey
- util.NewAesGcmKeyFormat(32),
- // bad key size
- util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION, random.GetRandomBytes(17)),
- util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION, random.GetRandomBytes(25)),
- util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION, random.GetRandomBytes(33)),
- // bad version
- util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION+1, random.GetRandomBytes(16)),
- }
+ return []proto.Message{
+ // not a AesGcmKey
+ util.NewAesGcmKeyFormat(32),
+ // bad key size
+ util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION, random.GetRandomBytes(17)),
+ util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION, random.GetRandomBytes(25)),
+ util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION, random.GetRandomBytes(33)),
+ // bad version
+ util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION+1, random.GetRandomBytes(16)),
+ }
}
func genInvalidAesGcmKeyFormats() []proto.Message {
- return []proto.Message{
- // not AesGcmKeyFormat
- util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION, random.GetRandomBytes(16)),
- // invalid key size
- util.NewAesGcmKeyFormat(uint32(15)),
- util.NewAesGcmKeyFormat(uint32(23)),
- util.NewAesGcmKeyFormat(uint32(31)),
- }
+ return []proto.Message{
+ // not AesGcmKeyFormat
+ util.NewAesGcmKey(aead.AES_GCM_KEY_VERSION, random.GetRandomBytes(16)),
+ // invalid key size
+ util.NewAesGcmKeyFormat(uint32(15)),
+ util.NewAesGcmKeyFormat(uint32(23)),
+ util.NewAesGcmKeyFormat(uint32(31)),
+ }
}
func validateAesGcmKey(key *gcmpb.AesGcmKey, format *gcmpb.AesGcmKeyFormat) error {
- if uint32(len(key.KeyValue)) != format.KeySize {
- return fmt.Errorf("incorrect key size")
- }
- if key.Version != aead.AES_GCM_KEY_VERSION {
- return fmt.Errorf("incorrect key version")
- }
- // try to encrypt and decrypt
- p, err := aes.NewAesGcm(key.KeyValue)
- if err != nil {
- return fmt.Errorf("invalid key")
- }
- return validateAesGcmPrimitive(p, key)
+ if uint32(len(key.KeyValue)) != format.KeySize {
+ return fmt.Errorf("incorrect key size")
+ }
+ if key.Version != aead.AES_GCM_KEY_VERSION {
+ return fmt.Errorf("incorrect key version")
+ }
+ // try to encrypt and decrypt
+ p, err := aes.NewAesGcm(key.KeyValue)
+ if err != nil {
+ return fmt.Errorf("invalid key")
+ }
+ return validateAesGcmPrimitive(p, key)
}
func validateAesGcmPrimitive(p interface{}, key *gcmpb.AesGcmKey) error {
- cipher := p.(*aes.AesGcm)
- if !bytes.Equal(cipher.Key, key.KeyValue) {
- return fmt.Errorf("key and primitive don't match")
- }
- // try to encrypt and decrypt
- pt := random.GetRandomBytes(32)
- aad := random.GetRandomBytes(32)
- ct, err := cipher.Encrypt(pt, aad)
- if err != nil {
- return fmt.Errorf("encryption failed")
- }
- decrypted, err := cipher.Decrypt(ct, aad)
- if err != nil {
- return fmt.Errorf("decryption failed")
- }
- if !bytes.Equal(decrypted, pt) {
- return fmt.Errorf("decryption failed")
- }
- return nil
-}
\ No newline at end of file
+ cipher := p.(*aes.AesGcm)
+ if !bytes.Equal(cipher.Key, key.KeyValue) {
+ return fmt.Errorf("key and primitive don't match")
+ }
+ // try to encrypt and decrypt
+ pt := random.GetRandomBytes(32)
+ aad := random.GetRandomBytes(32)
+ ct, err := cipher.Encrypt(pt, aad)
+ if err != nil {
+ return fmt.Errorf("encryption failed")
+ }
+ decrypted, err := cipher.Decrypt(ct, aad)
+ if err != nil {
+ return fmt.Errorf("decryption failed")
+ }
+ if !bytes.Equal(decrypted, pt) {
+ return fmt.Errorf("decryption failed")
+ }
+ return nil
+}
