use of com.google.crypto.tink.HybridDecrypt in project tink by google.
the class PaymentMethodTokenHybridDecryptTest method testModifyDecrypt.
@Test
public void testModifyDecrypt() throws Exception {
ECParameterSpec spec = EllipticCurves.getNistP256Params();
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
keyGen.initialize(spec);
KeyPair recipientKey = keyGen.generateKeyPair();
ECPublicKey recipientPublicKey = (ECPublicKey) recipientKey.getPublic();
ECPrivateKey recipientPrivateKey = (ECPrivateKey) recipientKey.getPrivate();
HybridEncrypt hybridEncrypt = new PaymentMethodTokenHybridEncrypt(recipientPublicKey, ProtocolVersionConfig.EC_V1);
HybridDecrypt hybridDecrypt = new PaymentMethodTokenHybridDecrypt(recipientPrivateKey, ProtocolVersionConfig.EC_V1);
testModifyDecrypt(hybridEncrypt, hybridDecrypt);
}
use of com.google.crypto.tink.HybridDecrypt in project tink by google.
the class EciesAeadHkdfHybridEncryptTest method testBasicMultipleEncrypts.
private void testBasicMultipleEncrypts(CurveType curveType, KeyTemplate keyTemplate) throws Exception {
KeyPair recipientKey = EllipticCurves.generateKeyPair(curveType);
ECPublicKey recipientPublicKey = (ECPublicKey) recipientKey.getPublic();
ECPrivateKey recipientPrivateKey = (ECPrivateKey) recipientKey.getPrivate();
byte[] salt = "some salt".getBytes("UTF-8");
byte[] plaintext = Random.randBytes(20);
byte[] context = "context info".getBytes("UTF-8");
String hmacAlgo = HybridUtil.toHmacAlgo(HashType.SHA256);
HybridEncrypt hybridEncrypt = new EciesAeadHkdfHybridEncrypt(recipientPublicKey, salt, hmacAlgo, EllipticCurves.PointFormatType.UNCOMPRESSED, new RegistryEciesAeadHkdfDemHelper(keyTemplate));
HybridDecrypt hybridDecrypt = new EciesAeadHkdfHybridDecrypt(recipientPrivateKey, salt, hmacAlgo, EllipticCurves.PointFormatType.UNCOMPRESSED, new RegistryEciesAeadHkdfDemHelper(keyTemplate));
// Makes sure that the encryption is randomized.
Set<String> ciphertexts = new TreeSet<String>();
for (int j = 0; j < 8; j++) {
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, context);
if (ciphertexts.contains(new String(ciphertext, "UTF-8"))) {
throw new GeneralSecurityException("Encryption is not randomized");
}
ciphertexts.add(new String(ciphertext, "UTF-8"));
byte[] decrypted = hybridDecrypt.decrypt(ciphertext, context);
assertArrayEquals(plaintext, decrypted);
}
assertEquals(8, ciphertexts.size());
}
use of com.google.crypto.tink.HybridDecrypt in project tink by google.
the class HybridDecryptCli method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.out.println("Usage: HybridDecryptCli keyset-file ciphertext-file context-info output-file");
System.exit(1);
}
String keysetFilename = args[0];
String ciphertextFilename = args[1];
String contextInfo = args[2];
String outputFilename = args[3];
System.out.println("Using keyset from file " + keysetFilename + " to decrypt file " + ciphertextFilename + " with context info '" + contextInfo + "'.");
System.out.println("The resulting plaintext will be written to file " + outputFilename);
// Init Tink.
CliUtil.initTink();
// Read the keyset.
System.out.println("Reading the keyset...");
KeysetHandle keysetHandle = CliUtil.readKeyset(keysetFilename);
// Get the primitive.
System.out.println("Getting the primitive...");
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandle);
// Read the ciphertext.
byte[] ciphertext = CliUtil.read(ciphertextFilename);
// Compute the plaintext.
System.out.println("Decrypting...");
byte[] plaintext = hybridDecrypt.decrypt(ciphertext, contextInfo.getBytes(CliUtil.UTF_8));
// Write the plaintext to the output file.
CliUtil.write(plaintext, outputFilename);
System.out.println("All done.");
}
use of com.google.crypto.tink.HybridDecrypt in project tink by google.
the class WebPushHybridEncryptTest method testEncryptDecrypt.
@Test
public void testEncryptDecrypt() throws Exception {
for (int i = 0; i < 10; i++) {
KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
ECPrivateKey uaPrivateKey = (ECPrivateKey) uaKeyPair.getPrivate();
ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
byte[] uaPublicKeyBytes = EllipticCurves.pointEncode(WebPushConstants.NIST_P256_CURVE_TYPE, WebPushConstants.UNCOMPRESSED_POINT_FORMAT, uaPublicKey.getW());
byte[] authSecret = Random.randBytes(16);
HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKeyBytes).build();
HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKeyBytes).withRecipientPrivateKey(uaPrivateKey).build();
Set<String> salts = new TreeSet<String>();
Set<String> ephemeralPublicKeys = new TreeSet<String>();
Set<String> payloads = new TreeSet<String>();
int numTests = 50;
for (int j = 0; j < numTests; j++) {
byte[] plaintext = Random.randBytes(j);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
assertEquals(ciphertext.length, plaintext.length + WebPushConstants.CIPHERTEXT_OVERHEAD);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, null));
// Checks that the encryption is randomized.
ByteBuffer record = ByteBuffer.wrap(ciphertext);
byte[] salt = new byte[WebPushConstants.SALT_SIZE];
record.get(salt);
salts.add(Hex.encode(salt));
int unused1 = record.getInt();
int unused2 = (int) record.get();
byte[] ephemeralPublicKey = new byte[WebPushConstants.PUBLIC_KEY_SIZE];
record.get(ephemeralPublicKey);
ephemeralPublicKeys.add(Hex.encode(ephemeralPublicKey));
byte[] payload = new byte[ciphertext.length - WebPushConstants.CONTENT_CODING_HEADER_SIZE];
record.get(payload);
payloads.add(Hex.encode(payload));
}
assertEquals(numTests, salts.size());
assertEquals(numTests, ephemeralPublicKeys.size());
assertEquals(numTests, payloads.size());
}
}
use of com.google.crypto.tink.HybridDecrypt in project tink by google.
the class WebPushHybridDecryptTest method testModifyCiphertext.
@Test
public void testModifyCiphertext() throws Exception {
KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
ECPrivateKey uaPrivateKey = (ECPrivateKey) uaKeyPair.getPrivate();
ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
byte[] authSecret = Random.randBytes(16);
HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
byte[] plaintext = Random.randBytes(20);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
// Flipping bits.
for (int b = 0; b < ciphertext.length; b++) {
for (int bit = 0; bit < 8; bit++) {
byte[] modified = Arrays.copyOf(ciphertext, ciphertext.length);
modified[b] ^= (byte) (1 << bit);
try {
byte[] unused = hybridDecrypt.decrypt(modified, null);
fail("Decrypting modified ciphertext should fail");
} catch (GeneralSecurityException ex) {
// This is expected.
}
}
}
// Truncate the message.
for (int length = 0; length < ciphertext.length; length++) {
byte[] modified = Arrays.copyOf(ciphertext, length);
try {
byte[] unused = hybridDecrypt.decrypt(modified, null);
fail("Decrypting modified ciphertext should fail");
} catch (GeneralSecurityException ex) {
// This is expected.
}
}
}
Aggregations