Search in sources :

Example 1 with HybridDecrypt

use of com.google.crypto.tink.HybridDecrypt in project tink by google.

the class WebPushHybridDecryptTest method testEncryptDecryptWithInvalidRecordSizes.

@Test
public void testEncryptDecryptWithInvalidRecordSizes() throws Exception {
    KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
    ECPrivateKey uaPrivateKey = (ECPrivateKey) uaKeyPair.getPrivate();
    ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
    byte[] authSecret = Random.randBytes(16);
    // Test with out of range record sizes.
    {
        try {
            new WebPushHybridDecrypt.Builder().withRecordSize(WebPushConstants.MAX_CIPHERTEXT_SIZE + 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
            fail("Expected IllegalArgumentException");
        } catch (IllegalArgumentException ex) {
        // expected.
        }
        try {
            new WebPushHybridDecrypt.Builder().withRecordSize(WebPushConstants.CIPHERTEXT_OVERHEAD - 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
        } catch (IllegalArgumentException ex) {
        // expected.
        }
    }
    // Test with random mismatched record size.
    {
        for (int i = 0; i < 50; i++) {
            int recordSize = WebPushConstants.CIPHERTEXT_OVERHEAD + Random.randInt(WebPushConstants.MAX_CIPHERTEXT_SIZE - WebPushConstants.CIPHERTEXT_OVERHEAD - 1);
            HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withRecordSize(recordSize).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
            HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withRecordSize(recordSize + 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
            byte[] plaintext = Random.randBytes(recordSize - WebPushConstants.CIPHERTEXT_OVERHEAD);
            byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
            try {
                hybridDecrypt.decrypt(ciphertext, null);
                fail("Expected GeneralSecurityException");
            } catch (GeneralSecurityException ex) {
            // expected.
            }
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) ECPublicKey(java.security.interfaces.ECPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) Test(org.junit.Test)

Example 2 with HybridDecrypt

use of com.google.crypto.tink.HybridDecrypt in project tink by google.

the class WebPushHybridEncryptTest method testEncryptDecryptWithVaryingRecordSizes.

@Test
public void testEncryptDecryptWithVaryingRecordSizes() throws Exception {
    KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
    ECPrivateKey uaPrivateKey = (ECPrivateKey) uaKeyPair.getPrivate();
    ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
    byte[] authSecret = Random.randBytes(16);
    // Test with random, valid record sizes.
    {
        for (int i = 0; i < 100; i++) {
            int recordSize = WebPushConstants.CIPHERTEXT_OVERHEAD + Random.randInt(WebPushConstants.MAX_CIPHERTEXT_SIZE - WebPushConstants.CIPHERTEXT_OVERHEAD);
            HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withRecordSize(recordSize).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
            HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withRecordSize(recordSize).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
            byte[] plaintext = Random.randBytes(recordSize - WebPushConstants.CIPHERTEXT_OVERHEAD);
            byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
            assertEquals(ciphertext.length, plaintext.length + WebPushConstants.CIPHERTEXT_OVERHEAD);
            assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, null));
        }
    }
    // Test with largest possible record size.
    {
        HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withRecordSize(WebPushConstants.MAX_CIPHERTEXT_SIZE).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
        HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withRecordSize(WebPushConstants.MAX_CIPHERTEXT_SIZE).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
        byte[] plaintext = Random.randBytes(WebPushConstants.MAX_CIPHERTEXT_SIZE - WebPushConstants.CIPHERTEXT_OVERHEAD);
        byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
        assertEquals(ciphertext.length, plaintext.length + WebPushConstants.CIPHERTEXT_OVERHEAD);
        assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, null));
    }
    // Test with smallest possible record size.
    {
        HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withRecordSize(WebPushConstants.CIPHERTEXT_OVERHEAD).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
        HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withRecordSize(WebPushConstants.CIPHERTEXT_OVERHEAD).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
        byte[] plaintext = new byte[0];
        byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
        assertEquals(ciphertext.length, plaintext.length + WebPushConstants.CIPHERTEXT_OVERHEAD);
        assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, null));
    }
    // Test with out of range record sizes.
    {
        try {
            new WebPushHybridEncrypt.Builder().withRecordSize(WebPushConstants.MAX_CIPHERTEXT_SIZE + 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
            fail("Expected IllegalArgumentException");
        } catch (IllegalArgumentException ex) {
        // expected.
        }
        try {
            new WebPushHybridEncrypt.Builder().withRecordSize(WebPushConstants.CIPHERTEXT_OVERHEAD - 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
            fail("Expected IllegalArgumentException");
        } catch (IllegalArgumentException ex) {
        // expected.
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) ECPublicKey(java.security.interfaces.ECPublicKey) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) Test(org.junit.Test)

Example 3 with HybridDecrypt

use of com.google.crypto.tink.HybridDecrypt in project tink by google.

the class WebPushHybridDecryptTest method testNonNullContextInfo.

@Test
public void testNonNullContextInfo() throws Exception {
    KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
    ECPrivateKey uaPrivateKey = (ECPrivateKey) uaKeyPair.getPrivate();
    ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
    byte[] authSecret = Random.randBytes(16);
    HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
    HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
    byte[] plaintext = Random.randBytes(20);
    byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
    try {
        byte[] contextInfo = new byte[0];
        hybridDecrypt.decrypt(ciphertext, contextInfo);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException ex) {
    // expected;
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) ECPublicKey(java.security.interfaces.ECPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) Test(org.junit.Test)

Example 4 with HybridDecrypt

use of com.google.crypto.tink.HybridDecrypt in project tink by google.

the class EciesAeadHkdfPrivateKeyManagerTest method testNewKey.

@Test
public void testNewKey() throws Exception {
    EllipticCurveType curve = EllipticCurveType.NIST_P384;
    HashType hashType = HashType.SHA256;
    EcPointFormat pointFormat = EcPointFormat.UNCOMPRESSED;
    KeyTemplate demKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    byte[] salt = "some salt".getBytes("UTF-8");
    EciesAeadHkdfParams params = HybridKeyTemplates.createEciesAeadHkdfParams(curve, hashType, pointFormat, demKeyTemplate, salt);
    EciesAeadHkdfPrivateKeyManager manager = new EciesAeadHkdfPrivateKeyManager();
    EciesAeadHkdfPrivateKey keyProto = (EciesAeadHkdfPrivateKey) manager.newKey(EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build());
    assertEquals(params, keyProto.getPublicKey().getParams());
    Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(keyProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(keyProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub));
    KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv));
    HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
    HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
    byte[] plaintext = Random.randBytes(20);
    byte[] contextInfo = Random.randBytes(20);
    byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
    assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) EciesAeadHkdfParams(com.google.crypto.tink.proto.EciesAeadHkdfParams) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) HashType(com.google.crypto.tink.proto.HashType) EcPointFormat(com.google.crypto.tink.proto.EcPointFormat) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Example 5 with HybridDecrypt

use of com.google.crypto.tink.HybridDecrypt in project tink by google.

the class EciesAeadHkdfPrivateKeyManagerTest method testGetPublicKeyData.

/**
 * Tests that a public key is extracted properly from a private key.
 */
@Test
public void testGetPublicKeyData() throws Exception {
    KeysetHandle privateHandle = KeysetHandle.generateNew(HybridKeyTemplates.ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256);
    KeyData privateKeyData = TestUtil.getKeyset(privateHandle).getKey(0).getKeyData();
    EciesAeadHkdfPrivateKeyManager privateManager = new EciesAeadHkdfPrivateKeyManager();
    KeyData publicKeyData = privateManager.getPublicKeyData(privateKeyData.getValue());
    assertEquals(EciesAeadHkdfPublicKeyManager.TYPE_URL, publicKeyData.getTypeUrl());
    assertEquals(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, publicKeyData.getKeyMaterialType());
    EciesAeadHkdfPrivateKey privateKey = EciesAeadHkdfPrivateKey.parseFrom(privateKeyData.getValue());
    assertArrayEquals(privateKey.getPublicKey().toByteArray(), publicKeyData.getValue().toByteArray());
    EciesAeadHkdfPublicKeyManager publicManager = new EciesAeadHkdfPublicKeyManager();
    HybridEncrypt hybridEncrypt = publicManager.getPrimitive(publicKeyData.getValue());
    HybridDecrypt hybridDecrypt = privateManager.getPrimitive(privateKeyData.getValue());
    byte[] message = Random.randBytes(20);
    byte[] contextInfo = Random.randBytes(20);
    assertArrayEquals(message, hybridDecrypt.decrypt(hybridEncrypt.encrypt(message, contextInfo), contextInfo));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Aggregations

HybridDecrypt (com.google.crypto.tink.HybridDecrypt)16 HybridEncrypt (com.google.crypto.tink.HybridEncrypt)13 Test (org.junit.Test)12 KeyPair (java.security.KeyPair)9 ECPrivateKey (java.security.interfaces.ECPrivateKey)9 ECPublicKey (java.security.interfaces.ECPublicKey)9 GeneralSecurityException (java.security.GeneralSecurityException)5 KeysetHandle (com.google.crypto.tink.KeysetHandle)4 EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)3 EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)2 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2 HashType (com.google.crypto.tink.proto.HashType)2 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)2 Key (com.google.crypto.tink.proto.Keyset.Key)2 EciesAeadHkdfHybridDecrypt (com.google.crypto.tink.subtle.EciesAeadHkdfHybridDecrypt)2 EciesAeadHkdfHybridEncrypt (com.google.crypto.tink.subtle.EciesAeadHkdfHybridEncrypt)2 KeyPairGenerator (java.security.KeyPairGenerator)2 ECParameterSpec (java.security.spec.ECParameterSpec)2 TreeSet (java.util.TreeSet)2 KeyManager (com.google.crypto.tink.KeyManager)1