diff options
author | juerg <juerg@google.com> | 2023-07-20 09:41:06 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-07-20 09:42:16 -0700 |
commit | 63fe69f9576bce3aa23e2e11d906a0705540a66a (patch) | |
tree | edf670cb0ffc599b781abed6e04910daf3808755 /java_src/src/test/java | |
parent | 91f28af515a4e782466b4b5c02fd403f568e8aae (diff) | |
download | tink-63fe69f9576bce3aa23e2e11d906a0705540a66a.tar.gz |
Add a test with two envelope AEAD keys in a keyset.
PiperOrigin-RevId: 549657384
Diffstat (limited to 'java_src/src/test/java')
-rw-r--r-- | java_src/src/test/java/com/google/crypto/tink/aead/KmsEnvelopeAeadKeyManagerTest.java | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/java_src/src/test/java/com/google/crypto/tink/aead/KmsEnvelopeAeadKeyManagerTest.java b/java_src/src/test/java/com/google/crypto/tink/aead/KmsEnvelopeAeadKeyManagerTest.java index c2805855f..b1405992f 100644 --- a/java_src/src/test/java/com/google/crypto/tink/aead/KmsEnvelopeAeadKeyManagerTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/aead/KmsEnvelopeAeadKeyManagerTest.java @@ -254,6 +254,36 @@ public class KmsEnvelopeAeadKeyManagerTest { } @Test + public void keysetsWithTwoKmsEnvelopeAeadKeys_canDecryptWithBoth() throws Exception { + KeyTemplate dekTemplate = AesCtrHmacAeadKeyManager.aes128CtrHmacSha256Template(); + byte[] plaintext = Random.randBytes(20); + byte[] associatedData = Random.randBytes(20); + + String kekUri1 = FakeKmsClient.createFakeKeyUri(); + KeysetHandle handle1 = + KeysetHandle.generateNew(KmsEnvelopeAeadKeyManager.createKeyTemplate(kekUri1, dekTemplate)); + Aead aead1 = handle1.getPrimitive(Aead.class); + byte[] ciphertext1 = aead1.encrypt(plaintext, associatedData); + + String kekUri2 = FakeKmsClient.createFakeKeyUri(); + KeysetHandle handle2 = + KeysetHandle.generateNew(KmsEnvelopeAeadKeyManager.createKeyTemplate(kekUri2, dekTemplate)); + Aead aead2 = handle2.getPrimitive(Aead.class); + byte[] ciphertext2 = aead2.encrypt(plaintext, associatedData); + + KeysetHandle handle = + KeysetHandle.newBuilder() + .addEntry( + KeysetHandle.importKey(handle1.getAt(0).getKey()).withRandomId().makePrimary()) + .addEntry(KeysetHandle.importKey(handle2.getAt(0).getKey()).withRandomId()) + .build(); + Aead aead = handle.getPrimitive(Aead.class); + + assertThat(aead.decrypt(ciphertext1, associatedData)).isEqualTo(plaintext); + assertThat(aead.decrypt(ciphertext2, associatedData)).isEqualTo(plaintext); + } + + @Test public void multipleAeadsWithSameKekAndDifferentDekTemplateOfSameKeyType_canDecryptEachOther() throws Exception { String kekUri = FakeKmsClient.createFakeKeyUri(); |