vendor/gopkg.in/square/go-jose.v2/cipher/key_wrap_test.go - cloudstack-kubernetes-provider - Git at Google

 /*-
  * Copyright 2014 Square Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package josecipher

 import (
 	"bytes"
 	"crypto/aes"
 	"encoding/hex"
 	"testing"
 )

 func TestAesKeyWrap(t *testing.T) {
 	// Test vectors from: http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
 	kek0, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
 	cek0, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF")

 	expected0, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5")

 	kek1, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F1011121314151617")
 	cek1, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF")

 	expected1, _ := hex.DecodeString("96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D")

 	kek2, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F")
 	cek2, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF0001020304050607")

 	expected2, _ := hex.DecodeString("A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1")

 	block0, _ := aes.NewCipher(kek0)
 	block1, _ := aes.NewCipher(kek1)
 	block2, _ := aes.NewCipher(kek2)

 	out0, _ := KeyWrap(block0, cek0)
 	out1, _ := KeyWrap(block1, cek1)
 	out2, _ := KeyWrap(block2, cek2)

 	if bytes.Compare(out0, expected0) != 0 {
 		t.Error("output 0 not as expected, got", out0, "wanted", expected0)
 	}

 	if bytes.Compare(out1, expected1) != 0 {
 		t.Error("output 1 not as expected, got", out1, "wanted", expected1)
 	}

 	if bytes.Compare(out2, expected2) != 0 {
 		t.Error("output 2 not as expected, got", out2, "wanted", expected2)
 	}

 	unwrap0, _ := KeyUnwrap(block0, out0)
 	unwrap1, _ := KeyUnwrap(block1, out1)
 	unwrap2, _ := KeyUnwrap(block2, out2)

 	if bytes.Compare(unwrap0, cek0) != 0 {
 		t.Error("key unwrap did not return original input, got", unwrap0, "wanted", cek0)
 	}

 	if bytes.Compare(unwrap1, cek1) != 0 {
 		t.Error("key unwrap did not return original input, got", unwrap1, "wanted", cek1)
 	}

 	if bytes.Compare(unwrap2, cek2) != 0 {
 		t.Error("key unwrap did not return original input, got", unwrap2, "wanted", cek2)
 	}
 }

 func TestAesKeyWrapInvalid(t *testing.T) {
 	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")

 	// Invalid unwrap input (bit flipped)
 	input0, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CFE5")

 	block, _ := aes.NewCipher(kek)

 	_, err := KeyUnwrap(block, input0)
 	if err == nil {
 		t.Error("key unwrap failed to detect invalid input")
 	}

 	// Invalid unwrap input (truncated)
 	input1, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CF")

 	_, err = KeyUnwrap(block, input1)
 	if err == nil {
 		t.Error("key unwrap failed to detect truncated input")
 	}

 	// Invalid wrap input (not multiple of 8)
 	input2, _ := hex.DecodeString("0123456789ABCD")

 	_, err = KeyWrap(block, input2)
 	if err == nil {
 		t.Error("key wrap accepted invalid input")
 	}

 }

 func BenchmarkAesKeyWrap(b *testing.B) {
 	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
 	key, _ := hex.DecodeString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")

 	block, _ := aes.NewCipher(kek)

 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		KeyWrap(block, key)
 	}
 }

 func BenchmarkAesKeyUnwrap(b *testing.B) {
 	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
 	input, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5")

 	block, _ := aes.NewCipher(kek)

 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		KeyUnwrap(block, input)
 	}
 }
	/*-
	* Copyright 2014 Square Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package josecipher

	import (
	"bytes"
	"crypto/aes"
	"encoding/hex"
	"testing"
	)

	func TestAesKeyWrap(t *testing.T) {
	// Test vectors from: http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
	kek0, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
	cek0, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF")

	expected0, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5")

	kek1, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F1011121314151617")
	cek1, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF")

	expected1, _ := hex.DecodeString("96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D")

	kek2, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F")
	cek2, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF0001020304050607")

	expected2, _ := hex.DecodeString("A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1")

	block0, _ := aes.NewCipher(kek0)
	block1, _ := aes.NewCipher(kek1)
	block2, _ := aes.NewCipher(kek2)

	out0, _ := KeyWrap(block0, cek0)
	out1, _ := KeyWrap(block1, cek1)
	out2, _ := KeyWrap(block2, cek2)

	if bytes.Compare(out0, expected0) != 0 {
	t.Error("output 0 not as expected, got", out0, "wanted", expected0)
	}

	if bytes.Compare(out1, expected1) != 0 {
	t.Error("output 1 not as expected, got", out1, "wanted", expected1)
	}

	if bytes.Compare(out2, expected2) != 0 {
	t.Error("output 2 not as expected, got", out2, "wanted", expected2)
	}

	unwrap0, _ := KeyUnwrap(block0, out0)
	unwrap1, _ := KeyUnwrap(block1, out1)
	unwrap2, _ := KeyUnwrap(block2, out2)

	if bytes.Compare(unwrap0, cek0) != 0 {
	t.Error("key unwrap did not return original input, got", unwrap0, "wanted", cek0)
	}

	if bytes.Compare(unwrap1, cek1) != 0 {
	t.Error("key unwrap did not return original input, got", unwrap1, "wanted", cek1)
	}

	if bytes.Compare(unwrap2, cek2) != 0 {
	t.Error("key unwrap did not return original input, got", unwrap2, "wanted", cek2)
	}
	}

	func TestAesKeyWrapInvalid(t *testing.T) {
	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")

	// Invalid unwrap input (bit flipped)
	input0, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CFE5")

	block, _ := aes.NewCipher(kek)

	_, err := KeyUnwrap(block, input0)
	if err == nil {
	t.Error("key unwrap failed to detect invalid input")
	}

	// Invalid unwrap input (truncated)
	input1, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CF")

	_, err = KeyUnwrap(block, input1)
	if err == nil {
	t.Error("key unwrap failed to detect truncated input")
	}

	// Invalid wrap input (not multiple of 8)
	input2, _ := hex.DecodeString("0123456789ABCD")

	_, err = KeyWrap(block, input2)
	if err == nil {
	t.Error("key wrap accepted invalid input")
	}

	}

	func BenchmarkAesKeyWrap(b *testing.B) {
	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
	key, _ := hex.DecodeString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")

	block, _ := aes.NewCipher(kek)

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
	KeyWrap(block, key)
	}
	}

	func BenchmarkAesKeyUnwrap(b *testing.B) {
	kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
	input, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5")

	block, _ := aes.NewCipher(kek)

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
	KeyUnwrap(block, input)
	}
	}