1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package aescmac_test
import (
"bytes"
"slices"
"testing"
"github.com/tink-crypto/tink-go/v2/core/cryptofmt"
"github.com/tink-crypto/tink-go/v2/insecuresecretdataaccess"
"github.com/tink-crypto/tink-go/v2/keyset"
"github.com/tink-crypto/tink-go/v2/mac/aescmac"
"github.com/tink-crypto/tink-go/v2/mac"
"github.com/tink-crypto/tink-go/v2/secretdata"
)
func TestAESCMACKeyetGenerationFromParams(t *testing.T) {
opts := aescmac.ParametersOpts{
KeySizeInBytes: 32,
TagSizeInBytes: 16,
Variant: aescmac.VariantNoPrefix,
}
params, err := aescmac.NewParameters(opts)
if err != nil {
t.Fatalf("aescmac.NewKeyParams(%v) err = %v, want nil", opts, err)
}
km := keyset.NewManager()
keyID, err := km.AddNewKeyFromParameters(params)
if err != nil {
t.Fatalf("km.AddNewKeyFromParameters() err = %v, want nil", err)
}
if err := km.SetPrimary(keyID); err != nil {
t.Fatalf("km.SetPrimary() err = %v, want nil", err)
}
handle, err := km.Handle()
if err != nil {
t.Fatalf("km.Handle() err = %v, want nil", err)
}
m, err := mac.New(handle)
if err != nil {
t.Fatalf("mac.New() err = %v, want nil", err)
}
data := []byte("data")
tag, err := m.ComputeMAC(data)
if err != nil {
t.Fatalf("m.ComputeMAC() err = %v, want nil", err)
}
if got, want := len(tag), opts.TagSizeInBytes; got != want {
t.Errorf("len(tag) = %d, want %d", got, want)
}
}
func TestAESCMACKeysetGenerationFromKey(t *testing.T) {
opts := aescmac.ParametersOpts{
KeySizeInBytes: 32,
TagSizeInBytes: 16,
Variant: aescmac.VariantTink,
}
params, err := aescmac.NewParameters(opts)
if err != nil {
t.Fatalf("aescmac.NewKeyParams(%v) err = %v, want nil", opts, err)
}
// https://github.com/C2SP/wycheproof/blob/cd27d6419bedd83cbd24611ec54b6d4bfdb0cdca/testvectors/aes_cmac_test.json#L1860
keyBytes := mustHexDecode(t, "e754076ceab3fdaf4f9bcab7d4f0df0cbbafbc87731b8f9b7cd2166472e8eebc")
wantTag := slices.Concat([]byte{cryptofmt.TinkStartByte, 0x01, 0x02, 0x03, 0x04}, mustHexDecode(t, "9d47482c2d9252bace43a75a8335b8b8"))
data := mustHexDecode(t, "40")
key, err := aescmac.NewKey(secretdata.NewBytesFromData(keyBytes, insecuresecretdataaccess.Token{}), params, 0x01020304)
if err != nil {
t.Fatalf("aescmac.NewKey() err = %v, want nil", err)
}
km := keyset.NewManager()
keyID, err := km.AddKey(key)
if err != nil {
t.Fatalf("km.AddKey() err = %v, want nil", err)
}
if err := km.SetPrimary(keyID); err != nil {
t.Fatalf("km.SetPrimary() err = %v, want nil", err)
}
// Add non-primary key.
if _, err = km.AddNewKeyFromParameters(params); err != nil {
t.Fatalf("km.AddNewKeyFromParameters() err = %v, want nil", err)
}
handle, err := km.Handle()
if err != nil {
t.Fatalf("km.Handle() err = %v, want nil", err)
}
m, err := mac.New(handle)
if err != nil {
t.Fatalf("mac.New() err = %v, want nil", err)
}
tag, err := m.ComputeMAC(data)
if err != nil {
t.Fatalf("m.ComputeMAC() err = %v, want nil", err)
}
if got, want := tag, wantTag; !bytes.Equal(got, want) {
t.Errorf("tag = %x, want %x", got, want)
}
}
|
