/*- * Copyright 2014 Square Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package josecipher import ( "bytes" "crypto/aes" "encoding/hex" "testing" ) func TestAesKeyWrap(t *testing.T) { // Test vectors from: http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf kek0, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F") cek0, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF") expected0, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5") kek1, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F1011121314151617") cek1, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF") expected1, _ := hex.DecodeString("96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D") kek2, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F") cek2, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF0001020304050607") expected2, _ := hex.DecodeString("A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1") block0, _ := aes.NewCipher(kek0) block1, _ := aes.NewCipher(kek1) block2, _ := aes.NewCipher(kek2) out0, _ := KeyWrap(block0, cek0) out1, _ := KeyWrap(block1, cek1) out2, _ := KeyWrap(block2, cek2) if bytes.Compare(out0, expected0) != 0 { t.Error("output 0 not as expected, got", out0, "wanted", expected0) } if bytes.Compare(out1, expected1) != 0 { t.Error("output 1 not as expected, got", out1, "wanted", expected1) } if bytes.Compare(out2, expected2) != 0 { t.Error("output 2 not as expected, got", out2, "wanted", expected2) } unwrap0, _ := KeyUnwrap(block0, out0) unwrap1, _ := KeyUnwrap(block1, out1) unwrap2, _ := KeyUnwrap(block2, out2) if bytes.Compare(unwrap0, cek0) != 0 { t.Error("key unwrap did not return original input, got", unwrap0, "wanted", cek0) } if bytes.Compare(unwrap1, cek1) != 0 { t.Error("key unwrap did not return original input, got", unwrap1, "wanted", cek1) } if bytes.Compare(unwrap2, cek2) != 0 { t.Error("key unwrap did not return original input, got", unwrap2, "wanted", cek2) } } func TestAesKeyWrapInvalid(t *testing.T) { kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F") // Invalid unwrap input (bit flipped) input0, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CFE5") block, _ := aes.NewCipher(kek) _, err := KeyUnwrap(block, input0) if err == nil { t.Error("key unwrap failed to detect invalid input") } // Invalid unwrap input (truncated) input1, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CF") _, err = KeyUnwrap(block, input1) if err == nil { t.Error("key unwrap failed to detect truncated input") } // Invalid wrap input (not multiple of 8) input2, _ := hex.DecodeString("0123456789ABCD") _, err = KeyWrap(block, input2) if err == nil { t.Error("key wrap accepted invalid input") } } func BenchmarkAesKeyWrap(b *testing.B) { kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F") key, _ := hex.DecodeString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") block, _ := aes.NewCipher(kek) b.ResetTimer() for i := 0; i < b.N; i++ { KeyWrap(block, key) } } func BenchmarkAesKeyUnwrap(b *testing.B) { kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F") input, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5") block, _ := aes.NewCipher(kek) b.ResetTimer() for i := 0; i < b.N; i++ { KeyUnwrap(block, input) } }