Examples with Aead com.google.crypto.tink.Aead used on opensource projects

Example 41 with Aead

use of com.google.crypto.tink.Aead in project tink by google.

the class XChaCha20Poly1305Test method testXChaCha20Poly1305TestVectors.

@Test
public void testXChaCha20Poly1305TestVectors() throws Exception {
    for (XChaCha20Poly1305TestVector test : xChaCha20Poly1305TestVectors) {
        Aead cipher = new XChaCha20Poly1305(test.key);
        byte[] message = cipher.decrypt(Bytes.concat(test.nonce, test.ciphertext, test.tag), test.aad);
        assertThat(message).isEqualTo(test.plaintext);
    }
}

Example 42 with Aead

use of com.google.crypto.tink.Aead in project tink by google.

the class EncryptThenAuthenticateTest method testBitFlipAad.

@Test
public void testBitFlipAad() throws Exception {
    Aead aead = getAead(Random.randBytes(16), Random.randBytes(16), 16, 16, "HMACSHA256");
    byte[] plaintext = Random.randBytes(1001);
    byte[] aad = Random.randBytes(13);
    byte[] ciphertext = aead.encrypt(plaintext, aad);
    for (int i = 0; i < aad.length; i++) {
        for (int j = 0; j < 8; j++) {
            byte[] aad1 = Arrays.copyOf(aad, aad.length);
            aad1[i] = (byte) (aad1[i] ^ (1 << j));
            assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext, aad1));
        }
    }
}

Example 43 with Aead

use of com.google.crypto.tink.Aead in project tink by google.

the class EncryptThenAuthenticateTest method testTruncation.

@Test
public void testTruncation() throws Exception {
    Aead aead = getAead(Random.randBytes(16), Random.randBytes(16), 16, 16, "HMACSHA256");
    byte[] plaintext = Random.randBytes(1001);
    byte[] aad = Random.randBytes(13);
    byte[] ciphertext = aead.encrypt(plaintext, aad);
    for (int i = 1; i < ciphertext.length; i++) {
        byte[] c1 = Arrays.copyOf(ciphertext, ciphertext.length - i);
        assertThrows(GeneralSecurityException.class, () -> aead.decrypt(c1, aad));
    }
}

Example 44 with Aead

use of com.google.crypto.tink.Aead in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method testParsingInvalidCiphertexts.

@Test
public void testParsingInvalidCiphertexts() throws Exception {
    KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
    Aead aead = AeadFactory.getPrimitive(keysetHandle);
    byte[] plaintext = Random.randBytes(20);
    byte[] aad = Random.randBytes(20);
    byte[] ciphertext = aead.encrypt(plaintext, aad);
    ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
    // Skip Tink's header.
    byte[] header = new byte[CryptoFormat.NON_RAW_PREFIX_SIZE];
    buffer.get(header, 0, header.length);
    int encryptedDekSize = buffer.getInt();
    byte[] encryptedDek = new byte[encryptedDekSize];
    buffer.get(encryptedDek, 0, encryptedDekSize);
    byte[] payload = new byte[buffer.remaining()];
    buffer.get(payload, 0, buffer.remaining());
    // valid, should work
    byte[] ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDekSize).put(encryptedDek).put(payload).array();
    assertArrayEquals(plaintext, aead.decrypt(ciphertext2, aad));
    // negative length
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(-1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
    // length larger than actual value
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + 1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
    // length larger than total ciphertext length
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + payload.length + 1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
}

Example 45 with Aead

use of com.google.crypto.tink.Aead in project tink by google.

the class AeadCatalogueTest method testBasic.

@Test
public void testBasic() throws Exception {
    AeadCatalogue catalogue = new AeadCatalogue();
    // Check a single key type, incl. case-insensitve primitive name.
    String keyType = "type.googleapis.com/google.crypto.tink.AesGcmKey";
    {
        KeyManager<Aead> manager = catalogue.getKeyManager(keyType, "Aead", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<Aead> manager = catalogue.getKeyManager(keyType, "AEaD", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<Aead> manager = catalogue.getKeyManager(keyType, "aeAD", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    // Check all entries from the current AeadConfig.
    RegistryConfig config = AeadConfig.TINK_1_0_0;
    int count = 0;
    for (KeyTypeEntry entry : config.getEntryList()) {
        if ("Aead".equals(entry.getPrimitiveName())) {
            count = count + 1;
            KeyManager<Aead> manager = catalogue.getKeyManager(entry.getTypeUrl(), "aead", entry.getKeyManagerVersion());
            assertThat(manager.doesSupport(entry.getTypeUrl())).isTrue();
        }
    }
    assertEquals(6, count);
}