use of com.google.crypto.tink.Aead in project tink by google.
the class XChaCha20Poly1305Test method testXChaCha20Poly1305TestVectors.
@Test
public void testXChaCha20Poly1305TestVectors() throws Exception {
for (XChaCha20Poly1305TestVector test : xChaCha20Poly1305TestVectors) {
Aead cipher = new XChaCha20Poly1305(test.key);
byte[] message = cipher.decrypt(Bytes.concat(test.nonce, test.ciphertext, test.tag), test.aad);
assertThat(message).isEqualTo(test.plaintext);
}
}
use of com.google.crypto.tink.Aead in project tink by google.
the class EncryptThenAuthenticateTest method testBitFlipAad.
@Test
public void testBitFlipAad() throws Exception {
Aead aead = getAead(Random.randBytes(16), Random.randBytes(16), 16, 16, "HMACSHA256");
byte[] plaintext = Random.randBytes(1001);
byte[] aad = Random.randBytes(13);
byte[] ciphertext = aead.encrypt(plaintext, aad);
for (int i = 0; i < aad.length; i++) {
for (int j = 0; j < 8; j++) {
byte[] aad1 = Arrays.copyOf(aad, aad.length);
aad1[i] = (byte) (aad1[i] ^ (1 << j));
assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext, aad1));
}
}
}
use of com.google.crypto.tink.Aead in project tink by google.
the class EncryptThenAuthenticateTest method testTruncation.
@Test
public void testTruncation() throws Exception {
Aead aead = getAead(Random.randBytes(16), Random.randBytes(16), 16, 16, "HMACSHA256");
byte[] plaintext = Random.randBytes(1001);
byte[] aad = Random.randBytes(13);
byte[] ciphertext = aead.encrypt(plaintext, aad);
for (int i = 1; i < ciphertext.length; i++) {
byte[] c1 = Arrays.copyOf(ciphertext, ciphertext.length - i);
assertThrows(GeneralSecurityException.class, () -> aead.decrypt(c1, aad));
}
}
use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAeadKeyManagerTest method testParsingInvalidCiphertexts.
@Test
public void testParsingInvalidCiphertexts() throws Exception {
KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
Aead aead = AeadFactory.getPrimitive(keysetHandle);
byte[] plaintext = Random.randBytes(20);
byte[] aad = Random.randBytes(20);
byte[] ciphertext = aead.encrypt(plaintext, aad);
ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
// Skip Tink's header.
byte[] header = new byte[CryptoFormat.NON_RAW_PREFIX_SIZE];
buffer.get(header, 0, header.length);
int encryptedDekSize = buffer.getInt();
byte[] encryptedDek = new byte[encryptedDekSize];
buffer.get(encryptedDek, 0, encryptedDekSize);
byte[] payload = new byte[buffer.remaining()];
buffer.get(payload, 0, buffer.remaining());
// valid, should work
byte[] ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDekSize).put(encryptedDek).put(payload).array();
assertArrayEquals(plaintext, aead.decrypt(ciphertext2, aad));
// negative length
ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(-1).put(encryptedDek).put(payload).array();
try {
aead.decrypt(ciphertext2, aad);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "decryption failed");
}
// length larger than actual value
ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + 1).put(encryptedDek).put(payload).array();
try {
aead.decrypt(ciphertext2, aad);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "decryption failed");
}
// length larger than total ciphertext length
ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + payload.length + 1).put(encryptedDek).put(payload).array();
try {
aead.decrypt(ciphertext2, aad);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "decryption failed");
}
}
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadCatalogueTest method testBasic.
@Test
public void testBasic() throws Exception {
AeadCatalogue catalogue = new AeadCatalogue();
// Check a single key type, incl. case-insensitve primitive name.
String keyType = "type.googleapis.com/google.crypto.tink.AesGcmKey";
{
KeyManager<Aead> manager = catalogue.getKeyManager(keyType, "Aead", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
{
KeyManager<Aead> manager = catalogue.getKeyManager(keyType, "AEaD", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
{
KeyManager<Aead> manager = catalogue.getKeyManager(keyType, "aeAD", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
// Check all entries from the current AeadConfig.
RegistryConfig config = AeadConfig.TINK_1_0_0;
int count = 0;
for (KeyTypeEntry entry : config.getEntryList()) {
if ("Aead".equals(entry.getPrimitiveName())) {
count = count + 1;
KeyManager<Aead> manager = catalogue.getKeyManager(entry.getTypeUrl(), "aead", entry.getKeyManagerVersion());
assertThat(manager.doesSupport(entry.getTypeUrl())).isTrue();
}
}
assertEquals(6, count);
}
Aggregations