use of com.google.crypto.tink.HybridEncrypt in project tink by google.
the class WebPushHybridDecryptTest method testEncryptDecryptWithInvalidRecordSizes.
@Test
public void testEncryptDecryptWithInvalidRecordSizes() throws Exception {
KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
ECPrivateKey uaPrivateKey = (ECPrivateKey) uaKeyPair.getPrivate();
ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
byte[] authSecret = Random.randBytes(16);
// Test with out of range record sizes.
{
try {
new WebPushHybridDecrypt.Builder().withRecordSize(WebPushConstants.MAX_CIPHERTEXT_SIZE + 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException ex) {
// expected.
}
try {
new WebPushHybridDecrypt.Builder().withRecordSize(WebPushConstants.CIPHERTEXT_OVERHEAD - 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
} catch (IllegalArgumentException ex) {
// expected.
}
}
// Test with random mismatched record size.
{
for (int i = 0; i < 50; i++) {
int recordSize = WebPushConstants.CIPHERTEXT_OVERHEAD + Random.randInt(WebPushConstants.MAX_CIPHERTEXT_SIZE - WebPushConstants.CIPHERTEXT_OVERHEAD - 1);
HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withRecordSize(recordSize).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withRecordSize(recordSize + 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
byte[] plaintext = Random.randBytes(recordSize - WebPushConstants.CIPHERTEXT_OVERHEAD);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
try {
hybridDecrypt.decrypt(ciphertext, null);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException ex) {
// expected.
}
}
}
}
use of com.google.crypto.tink.HybridEncrypt in project tink by google.
the class WebPushHybridEncryptTest method testEncryptDecryptWithVaryingRecordSizes.
@Test
public void testEncryptDecryptWithVaryingRecordSizes() throws Exception {
KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
ECPrivateKey uaPrivateKey = (ECPrivateKey) uaKeyPair.getPrivate();
ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
byte[] authSecret = Random.randBytes(16);
// Test with random, valid record sizes.
{
for (int i = 0; i < 100; i++) {
int recordSize = WebPushConstants.CIPHERTEXT_OVERHEAD + Random.randInt(WebPushConstants.MAX_CIPHERTEXT_SIZE - WebPushConstants.CIPHERTEXT_OVERHEAD);
HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withRecordSize(recordSize).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withRecordSize(recordSize).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
byte[] plaintext = Random.randBytes(recordSize - WebPushConstants.CIPHERTEXT_OVERHEAD);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
assertEquals(ciphertext.length, plaintext.length + WebPushConstants.CIPHERTEXT_OVERHEAD);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, null));
}
}
// Test with largest possible record size.
{
HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withRecordSize(WebPushConstants.MAX_CIPHERTEXT_SIZE).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withRecordSize(WebPushConstants.MAX_CIPHERTEXT_SIZE).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
byte[] plaintext = Random.randBytes(WebPushConstants.MAX_CIPHERTEXT_SIZE - WebPushConstants.CIPHERTEXT_OVERHEAD);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
assertEquals(ciphertext.length, plaintext.length + WebPushConstants.CIPHERTEXT_OVERHEAD);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, null));
}
// Test with smallest possible record size.
{
HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withRecordSize(WebPushConstants.CIPHERTEXT_OVERHEAD).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withRecordSize(WebPushConstants.CIPHERTEXT_OVERHEAD).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
byte[] plaintext = new byte[0];
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
assertEquals(ciphertext.length, plaintext.length + WebPushConstants.CIPHERTEXT_OVERHEAD);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, null));
}
// Test with out of range record sizes.
{
try {
new WebPushHybridEncrypt.Builder().withRecordSize(WebPushConstants.MAX_CIPHERTEXT_SIZE + 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException ex) {
// expected.
}
try {
new WebPushHybridEncrypt.Builder().withRecordSize(WebPushConstants.CIPHERTEXT_OVERHEAD - 1).withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException ex) {
// expected.
}
}
}
use of com.google.crypto.tink.HybridEncrypt in project tink by google.
the class WebPushHybridEncryptTest method testNonNullContextInfo.
@Test
public void testNonNullContextInfo() throws Exception {
KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
byte[] authSecret = Random.randBytes(16);
HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
byte[] plaintext = Random.randBytes(20);
byte[] contextInfo = new byte[0];
try {
byte[] unusedCiphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException ex) {
// expected;
}
}
use of com.google.crypto.tink.HybridEncrypt in project tink by google.
the class WebPushHybridDecryptTest method testNonNullContextInfo.
@Test
public void testNonNullContextInfo() throws Exception {
KeyPair uaKeyPair = EllipticCurves.generateKeyPair(WebPushConstants.NIST_P256_CURVE_TYPE);
ECPrivateKey uaPrivateKey = (ECPrivateKey) uaKeyPair.getPrivate();
ECPublicKey uaPublicKey = (ECPublicKey) uaKeyPair.getPublic();
byte[] authSecret = Random.randBytes(16);
HybridEncrypt hybridEncrypt = new WebPushHybridEncrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).build();
HybridDecrypt hybridDecrypt = new WebPushHybridDecrypt.Builder().withAuthSecret(authSecret).withRecipientPublicKey(uaPublicKey).withRecipientPrivateKey(uaPrivateKey).build();
byte[] plaintext = Random.randBytes(20);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, null);
try {
byte[] contextInfo = new byte[0];
hybridDecrypt.decrypt(ciphertext, contextInfo);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException ex) {
// expected;
}
}
use of com.google.crypto.tink.HybridEncrypt in project tink by google.
the class EciesAeadHkdfPrivateKeyManagerTest method testNewKey.
@Test
public void testNewKey() throws Exception {
EllipticCurveType curve = EllipticCurveType.NIST_P384;
HashType hashType = HashType.SHA256;
EcPointFormat pointFormat = EcPointFormat.UNCOMPRESSED;
KeyTemplate demKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
byte[] salt = "some salt".getBytes("UTF-8");
EciesAeadHkdfParams params = HybridKeyTemplates.createEciesAeadHkdfParams(curve, hashType, pointFormat, demKeyTemplate, salt);
EciesAeadHkdfPrivateKeyManager manager = new EciesAeadHkdfPrivateKeyManager();
EciesAeadHkdfPrivateKey keyProto = (EciesAeadHkdfPrivateKey) manager.newKey(EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build());
assertEquals(params, keyProto.getPublicKey().getParams());
Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(keyProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(keyProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub));
KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv));
HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
byte[] plaintext = Random.randBytes(20);
byte[] contextInfo = Random.randBytes(20);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
Aggregations