Skip to content
Snippets Groups Projects
Verified Commit 73c74dd2 authored by Malte Bauch's avatar Malte Bauch
Browse files

Crypto AES with nonce and tag as arguments in enc/dec

parent 487bec7e
No related branches found
No related tags found
1 merge request!225Crypto AES with nonce and tag as arguments in enc and dec
Pipeline #226391 passed
Stage: build
Stage: build-integration-test
Stage: test
Stage: analyze
Hide whitespace changes
Inline Side-by-side
Showing
with 183 additions and 117 deletions
goKMS/api/gen/proto/go/kmsintercom/kmsintercom.pb.go
+ 80
70
View file @ 73c74dd2
...@@ -1027,9 +1027,10 @@ type Key struct { ...@@ -1027,9 +1027,10 @@ type Key struct {
sizeCache protoimpl.SizeCache sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields unknownFields protoimpl.UnknownFields
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Nonce string `protobuf:"bytes,2,opt,name=nonce,proto3" json:"nonce,omitempty"` Nonce string `protobuf:"bytes,2,opt,name=nonce,proto3" json:"nonce,omitempty"`
Key string `protobuf:"bytes,3,opt,name=key,proto3" json:"key,omitempty"` AuthTag string `protobuf:"bytes,3,opt,name=authTag,proto3" json:"authTag,omitempty"`
Key string `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"`
} }
func (x *Key) Reset() { func (x *Key) Reset() {
...@@ -1078,6 +1079,13 @@ func (x *Key) GetNonce() string { ...@@ -1078,6 +1079,13 @@ func (x *Key) GetNonce() string {
return "" return ""
} }
func (x *Key) GetAuthTag() string {
if x != nil {
return x.AuthTag
}
return ""
}
func (x *Key) GetKey() string { func (x *Key) GetKey() string {
if x != nil { if x != nil {
return x.Key return x.Key
...@@ -1196,77 +1204,79 @@ var file_kmsintercom_kmsintercom_proto_rawDesc = []byte{ ...@@ -1196,77 +1204,79 @@ var file_kmsintercom_kmsintercom_proto_rawDesc = []byte{
0x33, 0x0a, 0x13, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x6c, 0x69, 0x76, 0x65, 0x72, 0x79, 0x52, 0x65, 0x33, 0x0a, 0x13, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x6c, 0x69, 0x76, 0x65, 0x72, 0x79, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73,
0x74, 0x61, 0x6d, 0x70, 0x22, 0x3d, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x57, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69,
0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x6e,
0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x6f, 0x6e, 0x63, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x6f, 0x6e, 0x63,
0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x75, 0x74, 0x68, 0x54, 0x61, 0x67, 0x18, 0x03, 0x20, 0x01,
0x6b, 0x65, 0x79, 0x2a, 0x2b, 0x0a, 0x0f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x41, 0x6c, 0x67, 0x28, 0x09, 0x52, 0x07, 0x61, 0x75, 0x74, 0x68, 0x54, 0x61, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x6b,
0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x2a, 0x2b, 0x0a,
0x36, 0x5f, 0x47, 0x43, 0x4d, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x54, 0x50, 0x10, 0x01, 0x0f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d,
0x32, 0xb9, 0x06, 0x0a, 0x09, 0x4b, 0x6d, 0x73, 0x54, 0x61, 0x6c, 0x6b, 0x65, 0x72, 0x12, 0x6a, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x10,
0x0a, 0x14, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x54, 0x50, 0x10, 0x01, 0x32, 0xb9, 0x06, 0x0a, 0x09, 0x4b,
0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x28, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x6d, 0x73, 0x54, 0x61, 0x6c, 0x6b, 0x65, 0x72, 0x12, 0x6a, 0x0a, 0x14, 0x49, 0x6e, 0x74, 0x65,
0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73,
0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x28, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49,
0x1a, 0x26, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49,
0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74,
0x69, 0x65, 0x73, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x0b, 0x53, 0x79, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x6b, 0x6d, 0x73,
0x6e, 0x63, 0x51, 0x6b, 0x64, 0x42, 0x75, 0x6c, 0x6b, 0x12, 0x1f, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f,
0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x51, 0x6b, 0x64, 0x42, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x70,
0x75, 0x6c, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6b, 0x6d, 0x73, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x0b, 0x53, 0x79, 0x6e, 0x63, 0x51, 0x6b, 0x64, 0x42,
0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x51, 0x6b, 0x64, 0x75, 0x6c, 0x6b, 0x12, 0x1f, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f,
0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x64, 0x6d, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x51, 0x6b, 0x64, 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65, 0x71,
0x0a, 0x11, 0x53, 0x79, 0x6e, 0x63, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x73, 0x46, 0x6f, 0x72, 0x42, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63,
0x75, 0x6c, 0x6b, 0x12, 0x25, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6f, 0x6d, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x51, 0x6b, 0x64, 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65,
0x6d, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x73, 0x46, 0x6f, 0x72, 0x42, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x64, 0x0a, 0x11, 0x53, 0x79, 0x6e, 0x63,
0x75, 0x6c, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x6b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x73, 0x46, 0x6f, 0x72, 0x42, 0x75, 0x6c, 0x6b, 0x12, 0x25, 0x2e,
0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x4b, 0x65, 0x79, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x53, 0x79, 0x6e, 0x63,
0x49, 0x64, 0x73, 0x46, 0x6f, 0x72, 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x73, 0x46, 0x6f, 0x72, 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65, 0x71,
0x73, 0x65, 0x22, 0x00, 0x12, 0x8e, 0x01, 0x0a, 0x1f, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63,
0x6d, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4b, 0x65, 0x79, 0x4e, 0x65, 0x67, 0x6f, 0x6d, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x73, 0x46, 0x6f, 0x72,
0x6f, 0x74, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x33, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x8e,
0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x54, 0x01, 0x0a, 0x1f, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x54, 0x72, 0x61, 0x6e, 0x73,
0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4b, 0x65, 0x79, 0x4e, 0x65, 0x67, 0x6f, 0x74, 0x70, 0x6f, 0x72, 0x74, 0x4b, 0x65, 0x79, 0x4e, 0x65, 0x67, 0x6f, 0x74, 0x69, 0x61, 0x74, 0x69,
0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x6f, 0x6e, 0x12, 0x33, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d,
0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
0x72, 0x43, 0x6f, 0x6d, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4b, 0x65, 0x79, 0x72, 0x74, 0x4b, 0x65, 0x79, 0x4e, 0x65, 0x67, 0x6f, 0x74, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x4e, 0x65, 0x67, 0x6f, 0x74, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74,
0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x58, 0x0a, 0x0d, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x54, 0x72,
0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x21, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4b, 0x65, 0x79, 0x4e, 0x65, 0x67, 0x6f, 0x74, 0x69,
0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12,
0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x58, 0x0a, 0x0d, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67,
0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x12, 0x21, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b,
0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75,
0x61, 0x0a, 0x10, 0x41, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f,
0x69, 0x6e, 0x67, 0x12, 0x24, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x61, 0x0a, 0x10, 0x41, 0x63, 0x6b,
0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x24, 0x2e,
0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x41, 0x63, 0x6b, 0x4b,
0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f,
0x6d, 0x2e, 0x41, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6d, 0x2e, 0x41, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69,
0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x64, 0x0a, 0x11,
0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x41, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x46, 0x6f, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x6e, 0x12, 0x25, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e,
0x22, 0x00, 0x12, 0x64, 0x0a, 0x11, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x25, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e,
0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x4e, 0x6f, 0x74, 0x69,
0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b, 0x65, 0x79, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x0b, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x6c, 0x69, 0x76, 0x65, 0x72,
0x49, 0x64, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x79, 0x12, 0x1f, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x0b, 0x4b, 0x65, 0x79, 0x44, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x6c, 0x69, 0x76, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
0x65, 0x6c, 0x69, 0x76, 0x65, 0x72, 0x79, 0x12, 0x1f, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d,
0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x6c, 0x69, 0x76, 0x65, 0x72, 0x2e, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x6c, 0x69, 0x76, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70,
0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0xb0, 0x01, 0x0a, 0x0f, 0x63, 0x6f, 0x6d, 0x2e, 0x6b,
0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x6c, 0x69, 0x76, 0x65, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x42, 0x10, 0x4b, 0x6d, 0x73, 0x69,
0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0xb0, 0x01, 0x0a, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f,
0x0f, 0x63, 0x6f, 0x6d, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x63, 0x6f, 0x64, 0x65, 0x2e, 0x66, 0x62, 0x69, 0x2e, 0x68, 0x2d, 0x64, 0x61, 0x2e, 0x64, 0x65,
0x42, 0x10, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x50, 0x72, 0x6f, 0x2f, 0x64, 0x61, 0x6e, 0x65, 0x74, 0x2f, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x2f, 0x67, 0x6f, 0x4b,
0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x63, 0x6f, 0x64, 0x65, 0x2e, 0x66, 0x62, 0x69, 0x2e, 0x68, 0x4d, 0x53, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x2d, 0x64, 0x61, 0x2e, 0x64, 0x65, 0x2f, 0x64, 0x61, 0x6e, 0x65, 0x74, 0x2f, 0x71, 0x75, 0x61, 0x2f, 0x67, 0x6f, 0x2f, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0xa2,
0x6e, 0x74, 0x2f, 0x67, 0x6f, 0x4b, 0x4d, 0x53, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x02, 0x03, 0x4b, 0x58, 0x58, 0xaa, 0x02, 0x0b, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72,
0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x63, 0x6f, 0x6d, 0xca, 0x02, 0x0b, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f,
0x65, 0x72, 0x63, 0x6f, 0x6d, 0xa2, 0x02, 0x03, 0x4b, 0x58, 0x58, 0xaa, 0x02, 0x0b, 0x4b, 0x6d, 0x6d, 0xe2, 0x02, 0x17, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x5c,
0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0xca, 0x02, 0x0b, 0x4b, 0x6d, 0x73, 0x69, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0b, 0x4b, 0x6d,
0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0xe2, 0x02, 0x17, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x65, 0x72, 0x63, 0x6f, 0x6d, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x33,
0x61, 0xea, 0x02, 0x0b, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x62,
0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
} }
var ( var (
......
goKMS/api/kmsintercom/kmsintercom/kmsintercom.proto
+ 2
1
View file @ 73c74dd2
...@@ -112,7 +112,8 @@ message KeyDeliveryResponse { ...@@ -112,7 +112,8 @@ message KeyDeliveryResponse {
message Key { message Key {
string id = 1; string id = 1;
string nonce = 2; string nonce = 2;
string key = 3; string authTag = 3;
string key = 4;
} }
enum CryptoAlgorithm { enum CryptoAlgorithm {
......
goKMS/kms/crypto/aes.go
+ 16
9
View file @ 73c74dd2
...@@ -26,47 +26,54 @@ func NewAES(name string) *AES { ...@@ -26,47 +26,54 @@ func NewAES(name string) *AES {
// Encrypt encrypts the plaintext using a provided key. // Encrypt encrypts the plaintext using a provided key.
// The key should have a length of 16, 24 or 32 bytes to select AES-128, // The key should have a length of 16, 24 or 32 bytes to select AES-128,
// AES-192 or AES-256. // AES-192 or AES-256.
// The method returns the nonce, the encrypted output and an error if something // The method returns the nonce, the authentication tag and the encrypted
// went wrong. // output.
func (a *AES) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, error) { // If something went wrong in the encryption process, an error is returned.
func (a *AES) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, []byte, error) {
defaultTagSize := 16
// create a new cipher block from the key // create a new cipher block from the key
c, err := aes.NewCipher(key) c, err := aes.NewCipher(key)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, nil, err
} }
// create a new block cipher wrapped in GCM with default nonce (12 // create a new block cipher wrapped in GCM with default nonce (12
// bytes) and tag size (16 bytes). // bytes) and tag size (16 bytes).
gcm, err := cipher.NewGCM(c) gcm, err := cipher.NewGCM(c)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, nil, err
} }
// generate a random nonce of nonce size (12 bytes) // generate a random nonce of nonce size (12 bytes)
nonce := make([]byte, gcm.NonceSize()) nonce := make([]byte, gcm.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil { if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
return nil, nil, err return nil, nil, nil, err
} }
// Encrypt the plaintext using AES-GCM // Encrypt the plaintext using AES-GCM
// Destination is set to nil, therefore seal only contains the // Destination is set to nil, therefore seal only contains the
// ciphertext with the tag appended. // ciphertext with the tag appended.
seal := gcm.Seal(nil, nonce, plaintext, nil) seal := gcm.Seal(nil, nonce, plaintext, nil)
ciphertext := seal[:len(seal)-defaultTagSize]
authTag := seal[len(seal)-defaultTagSize:]
return nonce, seal, nil return nonce, authTag, ciphertext, nil
} }
// Decrypt decrypts the ciphertext using the provided key and nonce. // Decrypt decrypts the ciphertext using the provided nonce and authentication
// tag.
// The key should have a length of 16, 24 or 32 bytes to select AES-128, // The key should have a length of 16, 24 or 32 bytes to select AES-128,
// AES-192 or AES-256. // AES-192 or AES-256.
// The method returns the decrypted input. // The method returns the decrypted input.
func (a *AES) Decrypt(nonce, ciphertext []byte, key []byte) ([]byte, error) { func (a *AES) Decrypt(nonce, authTag, ciphertext []byte, key []byte) ([]byte, error) {
// create a new cipher block from the key // create a new cipher block from the key
c, err := aes.NewCipher(key) c, err := aes.NewCipher(key)
if err != nil { if err != nil {
return nil, err return nil, err
} }
ciphertext = append(ciphertext, authTag...)
// create a new block cipher wrapped in GCM with default nonce (12 // create a new block cipher wrapped in GCM with default nonce (12
// bytes) and tag size (16 bytes). // bytes) and tag size (16 bytes).
gcm, err := cipher.NewGCM(c) gcm, err := cipher.NewGCM(c)
......
goKMS/kms/crypto/aes_test.go
+ 60
20
View file @ 73c74dd2
...@@ -17,25 +17,25 @@ func TestCrypto_AES_Encrypt(t *testing.T) { ...@@ -17,25 +17,25 @@ func TestCrypto_AES_Encrypt(t *testing.T) {
plaintext: []byte("testMessage"), plaintext: []byte("testMessage"),
key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae}, key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae},
error: false, error: false,
expectedCipherTextLength: 27, expectedCipherTextLength: 11,
}, },
"AES-192": { "AES-192": {
plaintext: []byte("testMessage"), plaintext: []byte("testMessage"),
key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59}, key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59},
error: false, error: false,
expectedCipherTextLength: 27, expectedCipherTextLength: 11,
}, },
"AES-256": { "AES-256": {
plaintext: []byte("testMessage"), plaintext: []byte("testMessage"),
key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf}, key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf},
error: false, error: false,
expectedCipherTextLength: 27, expectedCipherTextLength: 11,
}, },
"AES-256 longer plaintext": { "AES-256 longer plaintext": {
plaintext: []byte("testMessageThatIsLonger"), plaintext: []byte("testMessageThatIsLonger"),
key: []byte{0x54, 0x39, 0xc8, 0x71, 0x4e, 0x79, 0x27, 0x92, 0xa6, 0x1, 0xf0, 0xfc, 0xff, 0xa0, 0x3c, 0x76, 0x5f, 0x33, 0xc8, 0xa6, 0x42, 0x3c, 0x14, 0x67, 0x64, 0xbf, 0x22, 0xac, 0x84, 0x55, 0x9, 0x13}, key: []byte{0x54, 0x39, 0xc8, 0x71, 0x4e, 0x79, 0x27, 0x92, 0xa6, 0x1, 0xf0, 0xfc, 0xff, 0xa0, 0x3c, 0x76, 0x5f, 0x33, 0xc8, 0xa6, 0x42, 0x3c, 0x14, 0x67, 0x64, 0xbf, 0x22, 0xac, 0x84, 0x55, 0x9, 0x13},
error: false, error: false,
expectedCipherTextLength: 39, expectedCipherTextLength: 23,
}, },
"wrong key size": { "wrong key size": {
plaintext: []byte("testMessage"), plaintext: []byte("testMessage"),
...@@ -50,13 +50,14 @@ func TestCrypto_AES_Encrypt(t *testing.T) { ...@@ -50,13 +50,14 @@ func TestCrypto_AES_Encrypt(t *testing.T) {
t.Parallel() t.Parallel()
aes := NewAES("AES-256-GCM") aes := NewAES("AES-256-GCM")
nonce, cipherText, err := aes.Encrypt(test.plaintext, test.key) nonce, authTag, cipherText, err := aes.Encrypt(test.plaintext, test.key)
if test.error { if test.error {
assert.Error(t, err) assert.Error(t, err)
assert.Len(t, nonce, 0) assert.Len(t, nonce, 0)
} else { } else {
assert.NoError(t, err) assert.NoError(t, err)
assert.Len(t, nonce, 12) assert.Len(t, nonce, 12)
assert.Len(t, authTag, 16)
} }
assert.Len(t, cipherText, test.expectedCipherTextLength) assert.Len(t, cipherText, test.expectedCipherTextLength)
}) })
...@@ -68,20 +69,31 @@ func TestCrypto_AES_Decrypt(t *testing.T) { ...@@ -68,20 +69,31 @@ func TestCrypto_AES_Decrypt(t *testing.T) {
cipherText []byte cipherText []byte
key []byte key []byte
nonce []byte nonce []byte
authTag []byte
error bool error bool
expectedPlainText string expectedPlainText string
}{ }{
"AES-128": { "AES-128": {
cipherText: []byte{0x7b, 0x45, 0x4b, 0x44, 0xcf, 0xc6, 0x5b, 0xe8, 0x7b, 0xc0, 0x10, 0x36, 0xea, 0x41, 0xc4, 0x25, 0x32, 0xe7, 0xe7, 0x9, 0x38, 0xca, 0xf9, 0x47, 0x8d, 0xdf, 0xac}, cipherText: []byte{0x7b, 0x45, 0x4b, 0x44, 0xcf, 0xc6, 0x5b, 0xe8, 0x7b, 0xc0, 0x10},
key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae}, key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae},
nonce: []byte{0x1a, 0x1e, 0xeb, 0x20, 0x8e, 0xd4, 0xbb, 0x77, 0x58, 0x6a, 0xd, 0x82}, nonce: []byte{0x1a, 0x1e, 0xeb, 0x20, 0x8e, 0xd4, 0xbb, 0x77, 0x58, 0x6a, 0xd, 0x82},
authTag: []byte{0x36, 0xea, 0x41, 0xc4, 0x25, 0x32, 0xe7, 0xe7, 0x9, 0x38, 0xca, 0xf9, 0x47, 0x8d, 0xdf, 0xac},
error: false, error: false,
expectedPlainText: "testMessage", expectedPlainText: "testMessage",
}, },
"AES-128 faulty nonce": { "AES-128 faulty nonce": {
cipherText: []byte{0x7b, 0x45, 0x4b, 0x44, 0xcf, 0xc6, 0x5b, 0xe8, 0x7b, 0xc0, 0x10, 0x36, 0xea, 0x41, 0xc4, 0x25, 0x32, 0xe7, 0xe7, 0x9, 0x38, 0xca, 0xf9, 0x47, 0x8d, 0xdf, 0xac}, cipherText: []byte{0x7b, 0x45, 0x4b, 0x44, 0xcf, 0xc6, 0x5b, 0xe8, 0x7b, 0xc0, 0x10},
key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae}, key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae},
nonce: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93}, nonce: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93},
authTag: []byte{0x36, 0xea, 0x41, 0xc4, 0x25, 0x32, 0xe7, 0xe7, 0x9, 0x38, 0xca, 0xf9, 0x47, 0x8d, 0xdf, 0xac},
error: true,
expectedPlainText: "",
},
"AES-128 faulty authentication tag": {
cipherText: []byte{0x7b, 0x45, 0x4b, 0x44, 0xcf, 0xc6, 0x5b, 0xe8, 0x7b, 0xc0, 0x10},
key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae},
nonce: []byte{0x1a, 0x1e, 0xeb, 0x20, 0x8e, 0xd4, 0xbb, 0x77, 0x58, 0x6a, 0xd, 0x82},
authTag: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93, 0xf9, 0xe7, 0x38, 0xac},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
...@@ -89,6 +101,7 @@ func TestCrypto_AES_Decrypt(t *testing.T) { ...@@ -89,6 +101,7 @@ func TestCrypto_AES_Decrypt(t *testing.T) {
cipherText: []byte{0x7b, 0x45, 0x4b, 0x44, 0xcf, 0xc6, 0x5b, 0xe8, 0x7b, 0xc0, 0x10, 0x36, 0xea, 0x41, 0xc4, 0x25, 0x32, 0xe7, 0xe7, 0x9, 0x38, 0xca, 0xf9, 0x47, 0x8d, 0xdf, 0xac}, cipherText: []byte{0x7b, 0x45, 0x4b, 0x44, 0xcf, 0xc6, 0x5b, 0xe8, 0x7b, 0xc0, 0x10, 0x36, 0xea, 0x41, 0xc4, 0x25, 0x32, 0xe7, 0xe7, 0x9, 0x38, 0xca, 0xf9, 0x47, 0x8d, 0xdf, 0xac},
key: []byte{0x2b, 0x1c, 0xc9, 0x6d, 0xa2, 0x17, 0x25, 0x21, 0xa9, 0x9a, 0x8e, 0x17, 0x49, 0xc7, 0x3d, 0x32}, key: []byte{0x2b, 0x1c, 0xc9, 0x6d, 0xa2, 0x17, 0x25, 0x21, 0xa9, 0x9a, 0x8e, 0x17, 0x49, 0xc7, 0x3d, 0x32},
nonce: []byte{0x1a, 0x1e, 0xeb, 0x20, 0x8e, 0xd4, 0xbb, 0x77, 0x58, 0x6a, 0xd, 0x82}, nonce: []byte{0x1a, 0x1e, 0xeb, 0x20, 0x8e, 0xd4, 0xbb, 0x77, 0x58, 0x6a, 0xd, 0x82},
authTag: []byte{0x36, 0xea, 0x41, 0xc4, 0x25, 0x32, 0xe7, 0xe7, 0x9, 0x38, 0xca, 0xf9, 0x47, 0x8d, 0xdf, 0xac},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
...@@ -96,76 +109,103 @@ func TestCrypto_AES_Decrypt(t *testing.T) { ...@@ -96,76 +109,103 @@ func TestCrypto_AES_Decrypt(t *testing.T) {
cipherText: []byte{0x94, 0x7f, 0xd2, 0xd1, 0x71, 0xf8, 0xe7, 0x31, 0x23, 0x37, 0xad, 0x88, 0xfa, 0x5c, 0xcc, 0xdd, 0xd, 0xc2, 0x78, 0xee, 0x4d, 0xbe, 0xb, 0x2e, 0xf4, 0x77, 0xda}, cipherText: []byte{0x94, 0x7f, 0xd2, 0xd1, 0x71, 0xf8, 0xe7, 0x31, 0x23, 0x37, 0xad, 0x88, 0xfa, 0x5c, 0xcc, 0xdd, 0xd, 0xc2, 0x78, 0xee, 0x4d, 0xbe, 0xb, 0x2e, 0xf4, 0x77, 0xda},
key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae}, key: []byte{0xaa, 0xdf, 0x4f, 0x20, 0x9e, 0x35, 0xe0, 0x9c, 0xde, 0x6f, 0xf8, 0x51, 0x29, 0x98, 0x49, 0xae},
nonce: []byte{0x1a, 0x1e, 0xeb, 0x20, 0x8e, 0xd4, 0xbb, 0x77, 0x58, 0x6a, 0xd, 0x82}, nonce: []byte{0x1a, 0x1e, 0xeb, 0x20, 0x8e, 0xd4, 0xbb, 0x77, 0x58, 0x6a, 0xd, 0x82},
authTag: []byte{0x36, 0xea, 0x41, 0xc4, 0x25, 0x32, 0xe7, 0xe7, 0x9, 0x38, 0xca, 0xf9, 0x47, 0x8d, 0xdf, 0xac},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
"AES-192": { "AES-192": {
cipherText: []byte{0x80, 0x8, 0xa9, 0x68, 0x51, 0x6a, 0x93, 0xf8, 0xc7, 0x96, 0xb1, 0xc4, 0x9d, 0xf8, 0x8c, 0xde, 0x43, 0x20, 0xe9, 0x11, 0x7a, 0x6e, 0x4c, 0x74, 0xb1, 0xf8, 0xa4}, cipherText: []byte{0x80, 0x8, 0xa9, 0x68, 0x51, 0x6a, 0x93, 0xf8, 0xc7, 0x96, 0xb1},
key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59}, key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59},
nonce: []byte{0x33, 0x55, 0xb8, 0x34, 0x3b, 0x4, 0xc5, 0xd7, 0xef, 0x8b, 0x49, 0x9e}, nonce: []byte{0x33, 0x55, 0xb8, 0x34, 0x3b, 0x4, 0xc5, 0xd7, 0xef, 0x8b, 0x49, 0x9e},
authTag: []byte{0xc4, 0x9d, 0xf8, 0x8c, 0xde, 0x43, 0x20, 0xe9, 0x11, 0x7a, 0x6e, 0x4c, 0x74, 0xb1, 0xf8, 0xa4},
error: false, error: false,
expectedPlainText: "testMessage", expectedPlainText: "testMessage",
}, },
"AES-192 faulty nonce": { "AES-192 faulty nonce": {
cipherText: []byte{0x80, 0x8, 0xa9, 0x68, 0x51, 0x6a, 0x93, 0xf8, 0xc7, 0x96, 0xb1, 0xc4, 0x9d, 0xf8, 0x8c, 0xde, 0x43, 0x20, 0xe9, 0x11, 0x7a, 0x6e, 0x4c, 0x74, 0xb1, 0xf8, 0xa4}, cipherText: []byte{0x80, 0x8, 0xa9, 0x68, 0x51, 0x6a, 0x93, 0xf8, 0xc7, 0x96, 0xb1},
key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59}, key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59},
nonce: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93}, nonce: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93},
authTag: []byte{0xc4, 0x9d, 0xf8, 0x8c, 0xde, 0x43, 0x20, 0xe9, 0x11, 0x7a, 0x6e, 0x4c, 0x74, 0xb1, 0xf8, 0xa4},
error: true,
expectedPlainText: "",
},
"AES-192 faulty authentication tag": {
cipherText: []byte{0x80, 0x8, 0xa9, 0x68, 0x51, 0x6a, 0x93, 0xf8, 0xc7, 0x96, 0xb1},
key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59},
nonce: []byte{0x33, 0x55, 0xb8, 0x34, 0x3b, 0x4, 0xc5, 0xd7, 0xef, 0x8b, 0x49, 0x9e},
authTag: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93, 0xf9, 0xe7, 0x38, 0xac},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
"AES-192 faulty key": { "AES-192 faulty key": {
cipherText: []byte{0x80, 0x8, 0xa9, 0x68, 0x51, 0x6a, 0x93, 0xf8, 0xc7, 0x96, 0xb1, 0xc4, 0x9d, 0xf8, 0x8c, 0xde, 0x43, 0x20, 0xe9, 0x11, 0x7a, 0x6e, 0x4c, 0x74, 0xb1, 0xf8, 0xa4}, cipherText: []byte{0x80, 0x8, 0xa9, 0x68, 0x51, 0x6a, 0x93, 0xf8, 0xc7, 0x96, 0xb1},
key: []byte{0x2b, 0x1c, 0xc9, 0x6d, 0xa2, 0x17, 0x25, 0x21, 0xa9, 0x9a, 0x8e, 0x17, 0x49, 0xc7, 0x3d, 0x32, 0x24, 0x78, 0xb2, 0xc1, 0x15, 0x9f, 0x8b, 0xf3}, key: []byte{0x2b, 0x1c, 0xc9, 0x6d, 0xa2, 0x17, 0x25, 0x21, 0xa9, 0x9a, 0x8e, 0x17, 0x49, 0xc7, 0x3d, 0x32, 0x24, 0x78, 0xb2, 0xc1, 0x15, 0x9f, 0x8b, 0xf3},
nonce: []byte{0x33, 0x55, 0xb8, 0x34, 0x3b, 0x4, 0xc5, 0xd7, 0xef, 0x8b, 0x49, 0x9e}, nonce: []byte{0x33, 0x55, 0xb8, 0x34, 0x3b, 0x4, 0xc5, 0xd7, 0xef, 0x8b, 0x49, 0x9e},
authTag: []byte{0xc4, 0x9d, 0xf8, 0x8c, 0xde, 0x43, 0x20, 0xe9, 0x11, 0x7a, 0x6e, 0x4c, 0x74, 0xb1, 0xf8, 0xa4},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
"AES-192 faulty cipherText": { "AES-192 faulty cipherText": {
cipherText: []byte{0x94, 0x7f, 0xd2, 0xd1, 0x71, 0xf8, 0xe7, 0x31, 0x23, 0x37, 0xad, 0x88, 0xfa, 0x5c, 0xcc, 0xdd, 0xd, 0xc2, 0x78, 0xee, 0x4d, 0xbe, 0xb, 0x2e, 0xf4, 0x77, 0xda}, cipherText: []byte{0x94, 0x7f, 0xd2, 0xd1, 0x71, 0xf8, 0xe7, 0x31, 0x23, 0x37, 0xad},
key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59}, key: []byte{0x67, 0xc8, 0x12, 0x60, 0x8, 0x1e, 0x1f, 0x2e, 0x1d, 0x58, 0x60, 0xb1, 0x9c, 0xf, 0x14, 0x4d, 0xe2, 0x9e, 0xd3, 0xc1, 0x9f, 0xa8, 0x9f, 0x59},
nonce: []byte{0x33, 0x55, 0xb8, 0x34, 0x3b, 0x4, 0xc5, 0xd7, 0xef, 0x8b, 0x49, 0x9e}, nonce: []byte{0x33, 0x55, 0xb8, 0x34, 0x3b, 0x4, 0xc5, 0xd7, 0xef, 0x8b, 0x49, 0x9e},
authTag: []byte{0xc4, 0x9d, 0xf8, 0x8c, 0xde, 0x43, 0x20, 0xe9, 0x11, 0x7a, 0x6e, 0x4c, 0x74, 0xb1, 0xf8, 0xa4},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
"AES-256": { "AES-256": {
cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0, 0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5}, cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0},
key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf}, key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf},
nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45}, nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45},
authTag: []byte{0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5},
error: false, error: false,
expectedPlainText: "testMessage", expectedPlainText: "testMessage",
}, },
"AES-256 faulty nonce": { "AES-256 faulty nonce": {
cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0, 0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5}, cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0},
key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf}, key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf},
nonce: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93}, nonce: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93},
authTag: []byte{0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5},
error: true,
expectedPlainText: "",
},
"AES-256 faulty autentication tag": {
cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0},
key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf},
nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45},
authTag: []byte{0x91, 0x66, 0x68, 0x5b, 0x64, 0x84, 0x5a, 0x81, 0xfd, 0xce, 0x89, 0x93, 0xf9, 0xe7, 0x38, 0xac},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
"AES-256 faulty key": { "AES-256 faulty key": {
cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0, 0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5}, cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0},
key: []byte{0x2b, 0x1c, 0xc9, 0x6d, 0xa2, 0x17, 0x25, 0x21, 0xa9, 0x9a, 0x8e, 0x17, 0x49, 0xc7, 0x3d, 0x32, 0x24, 0x78, 0xb2, 0xc1, 0x15, 0x9f, 0x8b, 0xf3, 0xa9, 0x54, 0xc4, 0x90, 0x26, 0x33, 0x9, 0x60}, key: []byte{0x2b, 0x1c, 0xc9, 0x6d, 0xa2, 0x17, 0x25, 0x21, 0xa9, 0x9a, 0x8e, 0x17, 0x49, 0xc7, 0x3d, 0x32, 0x24, 0x78, 0xb2, 0xc1, 0x15, 0x9f, 0x8b, 0xf3, 0xa9, 0x54, 0xc4, 0x90, 0x26, 0x33, 0x9, 0x60},
nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45}, nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45},
authTag: []byte{0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
"AES-256 faulty cipherText": { "AES-256 faulty cipherText": {
cipherText: []byte{0x94, 0x7f, 0xd2, 0xd1, 0x71, 0xf8, 0xe7, 0x31, 0x23, 0x37, 0xad, 0x88, 0xfa, 0x5c, 0xcc, 0xdd, 0xd, 0xc2, 0x78, 0xee, 0x4d, 0xbe, 0xb, 0x2e, 0xf4, 0x77, 0xda}, cipherText: []byte{0x94, 0x7f, 0xd2, 0xd1, 0x71, 0xf8, 0xe7, 0x31, 0x23, 0x37, 0xad},
key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf}, key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9, 0x8c, 0xf},
nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45}, nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45},
authTag: []byte{0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
"AES-256 longer cipherText": { "AES-256 longer cipherText": {
cipherText: []byte{0x44, 0x35, 0x7a, 0x70, 0x19, 0x31, 0x11, 0xbf, 0xab, 0xf1, 0x32, 0x9d, 0x7b, 0x73, 0xcc, 0x78, 0x7b, 0x5, 0xe7, 0x87, 0xcf, 0xd9, 0xe6, 0x28, 0xa8, 0x53, 0xbf, 0x70, 0x37, 0x64, 0x2f, 0x14, 0x2c, 0xc, 0xeb, 0x53, 0x1, 0x22, 0xd0}, cipherText: []byte{0x44, 0x35, 0x7a, 0x70, 0x19, 0x31, 0x11, 0xbf, 0xab, 0xf1, 0x32, 0x9d, 0x7b, 0x73, 0xcc, 0x78, 0x7b, 0x5, 0xe7, 0x87, 0xcf, 0xd9, 0xe6},
key: []byte{0x54, 0x39, 0xc8, 0x71, 0x4e, 0x79, 0x27, 0x92, 0xa6, 0x1, 0xf0, 0xfc, 0xff, 0xa0, 0x3c, 0x76, 0x5f, 0x33, 0xc8, 0xa6, 0x42, 0x3c, 0x14, 0x67, 0x64, 0xbf, 0x22, 0xac, 0x84, 0x55, 0x9, 0x13}, key: []byte{0x54, 0x39, 0xc8, 0x71, 0x4e, 0x79, 0x27, 0x92, 0xa6, 0x1, 0xf0, 0xfc, 0xff, 0xa0, 0x3c, 0x76, 0x5f, 0x33, 0xc8, 0xa6, 0x42, 0x3c, 0x14, 0x67, 0x64, 0xbf, 0x22, 0xac, 0x84, 0x55, 0x9, 0x13},
nonce: []byte{0x59, 0xf6, 0x94, 0xeb, 0x6a, 0x5a, 0xdc, 0x3a, 0x89, 0xa9, 0xbb, 0x53}, nonce: []byte{0x59, 0xf6, 0x94, 0xeb, 0x6a, 0x5a, 0xdc, 0x3a, 0x89, 0xa9, 0xbb, 0x53},
authTag: []byte{0x28, 0xa8, 0x53, 0xbf, 0x70, 0x37, 0x64, 0x2f, 0x14, 0x2c, 0xc, 0xeb, 0x53, 0x1, 0x22, 0xd0},
error: false, error: false,
expectedPlainText: "testMessageThatIsLonger", expectedPlainText: "testMessageThatIsLonger",
}, },
"wrong key size": { "wrong key size": {
cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0, 0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5}, cipherText: []byte{0xea, 0x80, 0x9c, 0xd8, 0x21, 0x2b, 0x50, 0x42, 0x8, 0x4d, 0xd0},
key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9}, key: []byte{0xf6, 0x4e, 0x81, 0x5f, 0x90, 0x87, 0x78, 0x66, 0x33, 0x7b, 0xc, 0xe2, 0x8, 0xcd, 0xe, 0x49, 0xd1, 0x26, 0x4d, 0x35, 0xa6, 0x36, 0xde, 0x5c, 0x58, 0xfa, 0xa3, 0x83, 0xc0, 0xc9},
nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45}, nonce: []byte{0x59, 0xf5, 0x6, 0xa8, 0x82, 0x2, 0xa2, 0x3d, 0x28, 0xac, 0x85, 0x45},
authTag: []byte{0xb3, 0x6b, 0x48, 0x1e, 0x90, 0xd0, 0xa, 0x76, 0x85, 0x58, 0xc2, 0x39, 0xfb, 0x66, 0xe7, 0x5},
error: true, error: true,
expectedPlainText: "", expectedPlainText: "",
}, },
...@@ -176,7 +216,7 @@ func TestCrypto_AES_Decrypt(t *testing.T) { ...@@ -176,7 +216,7 @@ func TestCrypto_AES_Decrypt(t *testing.T) {
t.Parallel() t.Parallel()
aes := NewAES("AES-256-GCM") aes := NewAES("AES-256-GCM")
plainText, err := aes.Decrypt(test.nonce, test.cipherText, test.key) plainText, err := aes.Decrypt(test.nonce, test.authTag, test.cipherText, test.key)
if test.error { if test.error {
assert.Error(t, err) assert.Error(t, err)
} else { } else {
...@@ -194,11 +234,11 @@ func TestCrypto_AES_EncryptAndDecryptPlaintext(t *testing.T) { ...@@ -194,11 +234,11 @@ func TestCrypto_AES_EncryptAndDecryptPlaintext(t *testing.T) {
aes := NewAES("AES-256-GCM") aes := NewAES("AES-256-GCM")
// encrypt the secret with encrypt method // encrypt the secret with encrypt method
nonce, encryptedSecret, err := aes.Encrypt(secret, key) nonce, authTag, encryptedSecret, err := aes.Encrypt(secret, key)
assert.NoError(t, err) assert.NoError(t, err)
// decrypt the encryptedSecret with decrypt method // decrypt the encryptedSecret with decrypt method
decryptedSecret, err := aes.Decrypt(nonce, encryptedSecret, key) decryptedSecret, err := aes.Decrypt(nonce, authTag, encryptedSecret, key)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, secret, decryptedSecret) assert.Equal(t, secret, decryptedSecret)
} }
goKMS/kms/crypto/crypto.go
+ 2
2
View file @ 73c74dd2
...@@ -5,7 +5,7 @@ package crypto ...@@ -5,7 +5,7 @@ package crypto
// Currently only AES is supported, but this could be extended to support other // Currently only AES is supported, but this could be extended to support other
// algorithms in the future. // algorithms in the future.
type CryptoAlgorithm interface { type CryptoAlgorithm interface {
Encrypt(plaintext []byte, key []byte) ([]byte, []byte, error) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, []byte, error)
Decrypt(nonce, ciphertext []byte, key []byte) ([]byte, error) Decrypt(nonce, authTag, ciphertext []byte, key []byte) ([]byte, error)
Name() string Name() string
} }
goKMS/kms/crypto/otp.go
+ 4
4
View file @ 73c74dd2
...@@ -12,11 +12,11 @@ func NewOTP(name string) *OTP { ...@@ -12,11 +12,11 @@ func NewOTP(name string) *OTP {
} }
} }
func (o *OTP) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, error) { func (o *OTP) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, []byte, error) {
plainTextLen := len(plaintext) plainTextLen := len(plaintext)
keyLen := len(key) keyLen := len(key)
if plainTextLen != keyLen { if plainTextLen != keyLen {
return nil, nil, fmt.Errorf("For OTP the length of plaintext and key must not differ. Length of plaintext: %d, length of key: %d", plainTextLen, keyLen) return nil, nil, nil, fmt.Errorf("For OTP the length of plaintext and key must not differ. Length of plaintext: %d, length of key: %d", plainTextLen, keyLen)
} }
ciphertext := make([]byte, plainTextLen) ciphertext := make([]byte, plainTextLen)
...@@ -25,10 +25,10 @@ func (o *OTP) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, error) { ...@@ -25,10 +25,10 @@ func (o *OTP) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, error) {
ciphertext[i] = plaintext[i] ^ key[i] ciphertext[i] = plaintext[i] ^ key[i]
} }
return nil, ciphertext, nil return nil, nil, ciphertext, nil
} }
func (o *OTP) Decrypt(nonce, ciphertext []byte, key []byte) ([]byte, error) { func (o *OTP) Decrypt(nonce, authTag, ciphertext []byte, key []byte) ([]byte, error) {
cipherTextLen := len(ciphertext) cipherTextLen := len(ciphertext)
keyLen := len(key) keyLen := len(key)
if cipherTextLen != keyLen { if cipherTextLen != keyLen {
......
goKMS/kms/crypto/otp_test.go
+ 2
2
View file @ 73c74dd2
...@@ -30,11 +30,11 @@ func TestCrypto_OTP_EncryptAndDecryptPlaintext(t *testing.T) { ...@@ -30,11 +30,11 @@ func TestCrypto_OTP_EncryptAndDecryptPlaintext(t *testing.T) {
otp := NewOTP("OTP") otp := NewOTP("OTP")
// encrypt the secret with encrypt method // encrypt the secret with encrypt method
_, encryptedSecret, err := otp.Encrypt(secret, key) _, _, encryptedSecret, err := otp.Encrypt(secret, key)
assert.NoError(t, err) assert.NoError(t, err)
// decrypt the encryptedSecret with decrypt method // decrypt the encryptedSecret with decrypt method
decryptedSecret, err := otp.Decrypt(nil, encryptedSecret, key) decryptedSecret, err := otp.Decrypt(nil, nil, encryptedSecret, key)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, secret, decryptedSecret) assert.Equal(t, secret, decryptedSecret)
} }
goKMS/kms/kms.go
+ 6
4
View file @ 73c74dd2
...@@ -630,7 +630,7 @@ func generateNewKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byt ...@@ -630,7 +630,7 @@ func generateNewKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byt
} }
// encrypt the key // encrypt the key
nonce, encryptedKSAKey, err := cryptoAlgo.Encrypt(ksaKey.Key, platformKeyValue) nonce, authTag, encryptedKSAKey, err := cryptoAlgo.Encrypt(ksaKey.Key, platformKeyValue)
if err != nil { if err != nil {
log.Error(err) log.Error(err)
return nil, nil, err return nil, nil, err
...@@ -639,11 +639,13 @@ func generateNewKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byt ...@@ -639,11 +639,13 @@ func generateNewKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byt
ksaKeyAsString := base64.StdEncoding.EncodeToString(ksaKey.Key) ksaKeyAsString := base64.StdEncoding.EncodeToString(ksaKey.Key)
encryptedKSAKeyAsString := base64.StdEncoding.EncodeToString(encryptedKSAKey) encryptedKSAKeyAsString := base64.StdEncoding.EncodeToString(encryptedKSAKey)
nonceAsString := base64.StdEncoding.EncodeToString(nonce) nonceAsString := base64.StdEncoding.EncodeToString(nonce)
authTagAsString := base64.StdEncoding.EncodeToString(authTag)
ksaKeyToSend := &pbIC.Key{ ksaKeyToSend := &pbIC.Key{
Id: ksaKeyId.String(), Id: ksaKeyId.String(),
Nonce: nonceAsString, Nonce: nonceAsString,
Key: encryptedKSAKeyAsString, AuthTag: authTagAsString,
Key: encryptedKSAKeyAsString,
} }
akmsKSAKey := &crypto.KSAKey{ akmsKSAKey := &crypto.KSAKey{
......
goKMS/kms/kmsintercom.go
+ 5
1
View file @ 73c74dd2
...@@ -355,8 +355,12 @@ func (s *kmsTalkerServer) getDecryptedKey(keyForDecryption []byte, cryptoAlgorit ...@@ -355,8 +355,12 @@ func (s *kmsTalkerServer) getDecryptedKey(keyForDecryption []byte, cryptoAlgorit
if err != nil { if err != nil {
return nil, err return nil, err
} }
authTagAsByte, err := base64.StdEncoding.DecodeString(encryptedKey.GetAuthTag())
if err != nil {
return nil, err
}
decryptedKey, err := cryptoAlgorithm.Decrypt(nonceAsByte, keyAsByte, keyForDecryption) decryptedKey, err := cryptoAlgorithm.Decrypt(nonceAsByte, authTagAsByte, keyAsByte, keyForDecryption)
if err != nil { if err != nil {
return nil, err return nil, err
} }
......
goKMS/kms/peers/kmsPeer.go
+ 6
4
View file @ 73c74dd2
...@@ -172,13 +172,14 @@ func (kp *KmsPeer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID) ...@@ -172,13 +172,14 @@ func (kp *KmsPeer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID)
kp.servingQuantumModul.KeyStore().DeleteKey(key.KeyID) kp.servingQuantumModul.KeyStore().DeleteKey(key.KeyID)
nonce, encryptedPayload, err := kp.cryptoAlgorithm.Encrypt(payload.Key, key.Key) nonce, authTag, encryptedPayload, err := kp.cryptoAlgorithm.Encrypt(payload.Key, key.Key)
if err != nil { if err != nil {
return err return err
} }
encryptedPayloadAsString := base64.StdEncoding.EncodeToString(encryptedPayload) encryptedPayloadAsString := base64.StdEncoding.EncodeToString(encryptedPayload)
nonceAsString := base64.StdEncoding.EncodeToString(nonce) nonceAsString := base64.StdEncoding.EncodeToString(nonce)
authTagAsString := base64.StdEncoding.EncodeToString(authTag)
log.Infof("Sent encrypted Payload: %s with nonce: %s", encryptedPayloadAsString, nonceAsString) log.Infof("Sent encrypted Payload: %s with nonce: %s", encryptedPayloadAsString, nonceAsString)
...@@ -196,9 +197,10 @@ func (kp *KmsPeer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID) ...@@ -196,9 +197,10 @@ func (kp *KmsPeer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID)
ProcessId: processId.String(), ProcessId: processId.String(),
CryptoAlgorithm: pbIC.CryptoAlgorithm(cryptoAlgorithmEnum), CryptoAlgorithm: pbIC.CryptoAlgorithm(cryptoAlgorithmEnum),
Key: &pbIC.Key{ Key: &pbIC.Key{
Id: payload.ID.String(), Id: payload.ID.String(),
Nonce: nonceAsString, Nonce: nonceAsString,
Key: encryptedPayloadAsString, AuthTag: authTagAsString,
Key: encryptedPayloadAsString,
}, },
}) })
if err != nil { if err != nil {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment