Google Git
Sign in
android / platform / external / tink / refs/heads/sdk-release / . / testing / cross_language / aead_test.py
blob: b3a71d4773185eabd646fe387a9057ef6db978f8 [file] [log] [blame]
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Cross-language tests for the Aead primitive.
These tests check some basic AEAD properties, and that all implementations can
interoperate with each other.
"""
from typing import Iterable, List, Tuple
from absl.testing import absltest
from absl.testing import parameterized
import tink
from tink import aead
from tink.proto import tink_pb2
from tink.testing import keyset_builder
import tink_config
from util import testing_servers
from util import utilities
SUPPORTED_LANGUAGES = testing_servers.SUPPORTED_LANGUAGES_BY_PRIMITIVE['aead']
def setUpModule():
aead.register()
testing_servers.start('aead')
def tearDownModule():
testing_servers.stop()
# Fake KMS keys are base64-encoded keysets. Each server must register a
# fake KmsClient that can handle these keys.
_FAKE_KMS_KEY_URI = (
'fake-kms://CM2b3_MDElQKSAowdHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuY3J5cHRv'
'LnRpbmsuQWVzR2NtS2V5EhIaEIK75t5L-adlUwVhWvRuWUwYARABGM2b3_MDIAE')
# maps from key_template_name to (key_template, supported_langs). Contains all
# templates we want to test which do not have a name in Tinkey.
_ADDITIONAL_KEY_TEMPLATES = {
'_FAKE_KMS_AEAD': (
aead.aead_key_templates.create_kms_aead_key_template(_FAKE_KMS_KEY_URI),
tink_config.supported_languages_for_key_type('KmsAeadKey'),
),
# Since the key type KmsEnvelopeAeadKey is supported by all languages, the
# following templates should be supported if the DEK Template is supported
# by the language.
'_FAKE_KMS_ENVELOPE_AEAD_WITH_AES128_GCM': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.AES128_GCM
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME['AES128_GCM'],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_AES256_GCM': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.AES256_GCM
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME['AES256_GCM'],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_AES128_EAX': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.AES128_EAX
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME['AES128_EAX'],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_AES256_EAX': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.AES256_EAX
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME['AES256_EAX'],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_AES128_GCM_SIV': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.AES128_GCM_SIV
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME['AES128_GCM_SIV'],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_AES256_GCM_SIV': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.AES256_GCM_SIV
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME['AES256_GCM_SIV'],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_AES128_CTR_HMAC_SHA256': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.AES128_CTR_HMAC_SHA256
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME[
'AES128_CTR_HMAC_SHA256'
],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_AES256_CTR_HMAC_SHA256': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.AES256_CTR_HMAC_SHA256
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME[
'AES256_CTR_HMAC_SHA256'
],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_CHACHA20_POLY1305': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, utilities.KEY_TEMPLATE['CHACHA20_POLY1305']
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME['CHACHA20_POLY1305'],
),
'_FAKE_KMS_ENVELOPE_AEAD_WITH_XCHACHA20_POLY1305': (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
_FAKE_KMS_KEY_URI, aead.aead_key_templates.XCHACHA20_POLY1305
),
utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME['XCHACHA20_POLY1305'],
),
}
class AeadPythonTest(parameterized.TestCase):
def _create_aeads_ignore_errors(self,
keyset: bytes) -> List[Tuple[aead.Aead, str]]:
"""Creates AEADs for the given keyset in each language.
Args:
keyset: A keyset as a serialized 'keyset' proto.
Returns:
A list of pairs (aead, language)
"""
result = []
for lang in utilities.ALL_LANGUAGES:
try:
aead_p = testing_servers.remote_primitive(lang, keyset, aead.Aead)
result.append((aead_p, lang))
except tink.TinkError:
pass
return result
def _langs_from_key_template_name(self, key_template_name: str) -> List[str]:
if key_template_name in _ADDITIONAL_KEY_TEMPLATES:
_, supported_langs = _ADDITIONAL_KEY_TEMPLATES[key_template_name]
return supported_langs
else:
return utilities.SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME[key_template_name]
def _as_proto_template(self, key_template_name: str) -> tink_pb2.KeyTemplate:
if key_template_name in _ADDITIONAL_KEY_TEMPLATES:
key_template, _ = _ADDITIONAL_KEY_TEMPLATES[key_template_name]
return key_template
else:
return utilities.KEY_TEMPLATE[key_template_name]
@parameterized.parameters([
*utilities.tinkey_template_names_for(aead.Aead),
*_ADDITIONAL_KEY_TEMPLATES.keys()
])
def test_encrypt_decrypt(self, key_template_name):
langs = self._langs_from_key_template_name(key_template_name)
self.assertNotEmpty(langs)
proto_template = self._as_proto_template(key_template_name)
# Take the first supported language to generate the keyset.
keyset = testing_servers.new_keyset(langs[0], proto_template)
supported_aeads = self._create_aeads_ignore_errors(keyset)
self.assertEqual(set([lang for (_, lang) in supported_aeads]), set(langs))
for (p, lang) in supported_aeads:
plaintext = (
b'This is some plaintext message to be encrypted using key_template '
b'%s using %s for encryption.' %
(key_template_name.encode('utf8'), lang.encode('utf8')))
associated_data = (
b'Some associated data for %s using %s for encryption.' %
(key_template_name.encode('utf8'), lang.encode('utf8')))
ciphertext = p.encrypt(plaintext, associated_data)
for (p2, lang2) in supported_aeads:
output = p2.decrypt(ciphertext, associated_data)
self.assertEqual(
output, plaintext,
'While encrypting in %s an decrypting in %s' % (lang, lang2))
@parameterized.parameters(
tink_config.supported_languages_for_key_type('KmsEnvelopeAeadKey')
)
def test_envelope_encryption_rejects_envelope_templates_as_dek(self, lang):
dek_template = (
aead.aead_key_templates.create_kms_envelope_aead_key_template(
kek_uri=_FAKE_KMS_KEY_URI,
dek_template=aead.aead_key_templates.AES128_GCM,
)
)
template = aead.aead_key_templates.create_kms_envelope_aead_key_template(
kek_uri=_FAKE_KMS_KEY_URI, dek_template=dek_template
)
with self.assertRaises(tink.TinkError):
_ = testing_servers.new_keyset(lang, template)
@parameterized.parameters(
tink_config.supported_languages_for_key_type('KmsAeadKey')
)
def test_envelope_encryption_rejects_kms_templates_as_dek(self, lang):
dek_template = aead.aead_key_templates.create_kms_aead_key_template(
key_uri=_FAKE_KMS_KEY_URI
)
template = aead.aead_key_templates.create_kms_envelope_aead_key_template(
kek_uri=_FAKE_KMS_KEY_URI, dek_template=dek_template
)
with self.assertRaises(tink.TinkError):
_ = testing_servers.new_keyset(lang, template)
# If the implementations work fine for keysets with single keys, then key
# rotation should work if the primitive wrapper is implemented correctly.
# These wrappers do not depend on the key type, so it should be fine to always
# test with the same key type. Since the AEAD wrapper needs to treat keys
# with output prefix RAW differently, we also include such a template for that.
KEY_ROTATION_TEMPLATES = [
aead.aead_key_templates.AES128_CTR_HMAC_SHA256,
keyset_builder.raw_template(aead.aead_key_templates.AES128_CTR_HMAC_SHA256)
]
def key_rotation_test_cases(
) -> Iterable[Tuple[str, str, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]:
for enc_lang in SUPPORTED_LANGUAGES:
for dec_lang in SUPPORTED_LANGUAGES:
for old_key_tmpl in KEY_ROTATION_TEMPLATES:
for new_key_tmpl in KEY_ROTATION_TEMPLATES:
yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl)
class AeadKeyRotationTest(parameterized.TestCase):
@parameterized.parameters(key_rotation_test_cases())
def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl, new_key_tmpl):
# Do a key rotation from an old key generated from old_key_tmpl to a new
# key generated from new_key_tmpl. Encryption and decryption are done
# in languages enc_lang and dec_lang.
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_key_tmpl)
builder.set_primary_key(older_key_id)
enc_aead1 = testing_servers.remote_primitive(enc_lang, builder.keyset(),
aead.Aead)
dec_aead1 = testing_servers.remote_primitive(dec_lang, builder.keyset(),
aead.Aead)
newer_key_id = builder.add_new_key(new_key_tmpl)
enc_aead2 = testing_servers.remote_primitive(enc_lang, builder.keyset(),
aead.Aead)
dec_aead2 = testing_servers.remote_primitive(dec_lang, builder.keyset(),
aead.Aead)
builder.set_primary_key(newer_key_id)
enc_aead3 = testing_servers.remote_primitive(enc_lang, builder.keyset(),
aead.Aead)
dec_aead3 = testing_servers.remote_primitive(dec_lang, builder.keyset(),
aead.Aead)
builder.disable_key(older_key_id)
enc_aead4 = testing_servers.remote_primitive(enc_lang, builder.keyset(),
aead.Aead)
dec_aead4 = testing_servers.remote_primitive(dec_lang, builder.keyset(),
aead.Aead)
self.assertNotEqual(older_key_id, newer_key_id)
# 1 encrypts with the older key. So 1, 2 and 3 can decrypt it, but not 4.
ciphertext1 = enc_aead1.encrypt(b'plaintext', b'ad')
self.assertEqual(dec_aead1.decrypt(ciphertext1, b'ad'), b'plaintext')
self.assertEqual(dec_aead2.decrypt(ciphertext1, b'ad'), b'plaintext')
self.assertEqual(dec_aead3.decrypt(ciphertext1, b'ad'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = dec_aead4.decrypt(ciphertext1, b'ad')
# 2 encrypts with the older key. So 1, 2 and 3 can decrypt it, but not 4.
ciphertext2 = enc_aead2.encrypt(b'plaintext', b'ad')
self.assertEqual(dec_aead1.decrypt(ciphertext2, b'ad'), b'plaintext')
self.assertEqual(dec_aead2.decrypt(ciphertext2, b'ad'), b'plaintext')
self.assertEqual(dec_aead3.decrypt(ciphertext2, b'ad'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = dec_aead4.decrypt(ciphertext2, b'ad')
# 3 encrypts with the newer key. So 2, 3 and 4 can decrypt it, but not 1.
ciphertext3 = enc_aead3.encrypt(b'plaintext', b'ad')
with self.assertRaises(tink.TinkError):
_ = dec_aead1.decrypt(ciphertext3, b'ad')
self.assertEqual(dec_aead2.decrypt(ciphertext3, b'ad'), b'plaintext')
self.assertEqual(dec_aead3.decrypt(ciphertext3, b'ad'), b'plaintext')
self.assertEqual(dec_aead4.decrypt(ciphertext3, b'ad'), b'plaintext')
# 4 encrypts with the newer key. So 2, 3 and 4 can decrypt it, but not 1.
ciphertext4 = enc_aead4.encrypt(b'plaintext', b'ad')
with self.assertRaises(tink.TinkError):
_ = dec_aead1.decrypt(ciphertext4, b'ad')
self.assertEqual(dec_aead2.decrypt(ciphertext4, b'ad'), b'plaintext')
self.assertEqual(dec_aead3.decrypt(ciphertext4, b'ad'), b'plaintext')
self.assertEqual(dec_aead4.decrypt(ciphertext4, b'ad'), b'plaintext')
if __name__ == '__main__':
absltest.main()