use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAeadTest method ciphertextTooShort_fails.
@Test
public void ciphertextTooShort_fails() throws GeneralSecurityException {
Aead remoteAead = this.generateNewRemoteAead();
KmsEnvelopeAead envAead = new KmsEnvelopeAead(KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
assertThrows(GeneralSecurityException.class, () -> envAead.decrypt("foo".getBytes(UTF_8), "envelope_ad".getBytes(UTF_8)));
}
use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAeadTest method corruptedCiphertext_fails.
@Test
public void corruptedCiphertext_fails() throws GeneralSecurityException {
Aead remoteAead = this.generateNewRemoteAead();
KmsEnvelopeAead envAead = new KmsEnvelopeAead(KeyTemplateProtoConverter.toProto(KeyTemplates.get("AES128_EAX")), remoteAead);
byte[] associatedData = "envelope_ad".getBytes(UTF_8);
byte[] plaintext = "helloworld".getBytes(UTF_8);
byte[] ciphertext = envAead.encrypt(plaintext, associatedData);
ciphertext[ciphertext.length - 1] = (byte) (ciphertext[ciphertext.length - 1] ^ 0x1);
byte[] corruptedCiphertext = ciphertext;
assertThrows(GeneralSecurityException.class, () -> envAead.decrypt(corruptedCiphertext, EMPTY_ADD));
}
use of com.google.crypto.tink.Aead in project tink by google.
the class TinkeyUtil method writeKeyset.
/**
* Writes the keyset managed by {@code handle} to {@code outputStream} with format {@code
* outFormat}. Maybe encrypt it with {@code masterKeyUri} and {@code credentialPath}.
*/
public static void writeKeyset(KeysetHandle handle, OutputStream outputStream, String outFormat, String masterKeyUri, String credentialPath) throws GeneralSecurityException, IOException {
KeysetWriter writer = createKeysetWriter(outputStream, outFormat);
if (masterKeyUri != null) {
Aead masterKey = KmsClients.getAutoLoaded(masterKeyUri).withCredentials(credentialPath).getAead(masterKeyUri);
handle.write(writer, masterKey);
} else {
CleartextKeysetHandle.write(handle, writer);
}
}
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadCli method main.
public static void main(String[] args) throws Exception {
if (args.length != 5) {
System.out.println("Usage: AeadCli keyset-file operation input-file associated-data-file output-file");
System.exit(1);
}
String keysetFilename = args[0];
String operation = args[1];
String inputFilename = args[2];
String associatedDataFile = args[3];
String outputFilename = args[4];
GcpKmsClient.register(Optional.empty(), Optional.of("../tink_base/" + TestUtil.SERVICE_ACCOUNT_FILE));
AwsKmsClient.register(Optional.of(TestUtil.AWS_CRYPTO_URI), Optional.of("../tink_base/" + TestUtil.AWS_CREDS));
AeadConfig.register();
if (!(operation.equals("encrypt") || operation.equals("decrypt"))) {
System.out.println("Unknown operation '" + operation + "'.\nExpected 'encrypt' or 'decrypt'.");
System.exit(1);
}
System.out.println("Using keyset from file " + keysetFilename + " to AEAD-" + operation + " file " + inputFilename + " with associated data from file " + associatedDataFile + ".");
System.out.println("The resulting output will be written to file " + outputFilename);
// Init Tink.
CliUtil.initTink();
// Read the keyset.
System.out.println("Reading the keyset...");
KeysetHandle keysetHandle = CliUtil.readKeyset(keysetFilename);
// Get the primitive.
System.out.println("Getting the primitive...");
Aead aead = keysetHandle.getPrimitive(Aead.class);
// Read the input.
byte[] input = CliUtil.read(inputFilename);
byte[] aad = CliUtil.read(associatedDataFile);
// Compute the output.
System.out.println(operation + "ing...");
byte[] output;
if (operation.equals("encrypt")) {
output = aead.encrypt(input, aad);
} else {
// operation.equals("decrypt")
output = aead.decrypt(input, aad);
}
// Write the output to the output file.
CliUtil.write(output, outputFilename);
System.out.println("All done.");
}
Aggregations