Example 26 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadWrapperTest method testBasicAesCtrHmacAead.
@Test
public void testBasicAesCtrHmacAead() throws Exception {
byte[] aesCtrKeyValue = Random.randBytes(AES_KEY_SIZE);
byte[] hmacKeyValue = Random.randBytes(HMAC_KEY_SIZE);
int ivSize = 12;
int tagSize = 16;
PrimitiveSet<Aead> primitives = TestUtil.createPrimitiveSet(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK)), Aead.class);
Aead aead = new AeadWrapper().wrap(primitives);
byte[] plaintext = Random.randBytes(20);
byte[] associatedData = Random.randBytes(20);
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
byte[] decrypted = aead.decrypt(ciphertext, associatedData);
assertArrayEquals(plaintext, decrypted);
}Example 27 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class AesGcmKeyManagerTest method testNistVectors.
@Test
public void testNistVectors() throws Exception {
for (NistTestVector t : nistTestVectors) {
if (TestUtil.shouldSkipTestWithAesKeySize(t.keyValue.length)) {
continue;
}
if (t.iv.length != 12 || t.tag.length != 16) {
// We support only 12-byte IV and 16-byte tag.
continue;
}
AesGcmKey key = AesGcmKey.newBuilder().setKeyValue(ByteString.copyFrom(t.keyValue)).build();
Aead aead = manager.getPrimitive(key, Aead.class);
try {
byte[] ciphertext = Bytes.concat(t.iv, t.ciphertext, t.tag);
byte[] plaintext = aead.decrypt(ciphertext, t.aad);
assertArrayEquals(plaintext, t.plaintext);
} catch (GeneralSecurityException e) {
fail("Should not fail at " + t.name + ", but thrown exception " + e);
}
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
Aead(com.google.crypto.tink.Aead)
AesGcmKey(com.google.crypto.tink.proto.AesGcmKey)
Test(org.junit.Test)
Example 28 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class AesGcmKeyManagerTest method getPrimitive.
@Test
public void getPrimitive() throws Exception {
AesGcmKey key = factory.createKey(AesGcmKeyFormat.newBuilder().setKeySize(16).build());
Aead managerAead = manager.getPrimitive(key, Aead.class);
Aead directAead = new AesGcmJce(key.getKeyValue().toByteArray());
byte[] plaintext = Random.randBytes(20);
byte[] associatedData = Random.randBytes(20);
assertThat(directAead.decrypt(managerAead.encrypt(plaintext, associatedData), associatedData)).isEqualTo(plaintext);
}Example 29 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadFactoryTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
byte[] aesCtrKeyValue = Random.randBytes(AES_KEY_SIZE);
byte[] hmacKeyValue = Random.randBytes(HMAC_KEY_SIZE);
int ivSize = 12;
int tagSize = 16;
Key primary = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
Key raw = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key legacy = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 44, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
Key tink = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 45, KeyStatusType.ENABLED, OutputPrefixType.TINK);
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary, raw, legacy, tink));
Aead aead = keysetHandle.getPrimitive(Aead.class);
byte[] plaintext = Random.randBytes(20);
byte[] associatedData = Random.randBytes(20);
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(primary));
assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
assertEquals(CryptoFormat.NON_RAW_PREFIX_SIZE + plaintext.length + ivSize + tagSize, ciphertext.length);
// encrypt with a non-primary RAW key and decrypt with the keyset
KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(raw, legacy, tink));
Aead aead2 = keysetHandle2.getPrimitive(Aead.class);
ciphertext = aead2.encrypt(plaintext, associatedData);
assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
// encrypt with a random key not in the keyset, decrypt with the keyset should fail
byte[] aesCtrKeyValue2 = Random.randBytes(AES_KEY_SIZE);
byte[] hmacKeyValue2 = Random.randBytes(HMAC_KEY_SIZE);
Key random = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue2, ivSize, hmacKeyValue2, tagSize), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(random));
aead2 = keysetHandle2.getPrimitive(Aead.class);
final byte[] ciphertext2 = aead2.encrypt(plaintext, associatedData);
GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext2, associatedData));
assertExceptionContains(e, "decryption failed");
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
GeneralSecurityException(java.security.GeneralSecurityException)
Aead(com.google.crypto.tink.Aead)
Key(com.google.crypto.tink.proto.Keyset.Key)
Test(org.junit.Test)
Example 30 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadFactoryTest method testSmallPlaintextWithRawKey.
@Test
public void testSmallPlaintextWithRawKey() throws Exception {
byte[] aesCtrKeyValue = Random.randBytes(AES_KEY_SIZE);
byte[] hmacKeyValue = Random.randBytes(HMAC_KEY_SIZE);
int ivSize = 12;
int tagSize = 16;
Key primary = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary));
Aead aead = keysetHandle.getPrimitive(Aead.class);
byte[] plaintext = Random.randBytes(1);
byte[] associatedData = Random.randBytes(20);
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
assertEquals(CryptoFormat.RAW_PREFIX_SIZE + plaintext.length + ivSize + tagSize, ciphertext.length);
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
Aead(com.google.crypto.tink.Aead)
Key(com.google.crypto.tink.proto.Keyset.Key)
Test(org.junit.Test)
Aggregations
Aead (com.google.crypto.tink.Aead)84
Test (org.junit.Test)67
GeneralSecurityException (java.security.GeneralSecurityException)25
KeysetHandle (com.google.crypto.tink.KeysetHandle)21
Key (com.google.crypto.tink.proto.Keyset.Key)9
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)7
IOException (java.io.IOException)7
EncryptRequest (com.amazonaws.services.kms.model.EncryptRequest)6
KeyTemplate (com.google.crypto.tink.KeyTemplate)6
ByteString (com.google.protobuf.ByteString)6
DecryptRequest (com.amazonaws.services.kms.model.DecryptRequest)5
EncryptResult (com.amazonaws.services.kms.model.EncryptResult)5
KmsEnvelopeAeadKey (com.google.crypto.tink.proto.KmsEnvelopeAeadKey)5
File (java.io.File)5
FileOutputStream (java.io.FileOutputStream)5
DecryptResult (com.amazonaws.services.kms.model.DecryptResult)4
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)4
ByteBuffer (java.nio.ByteBuffer)4
AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)3
AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)3
