Search in sources :

Example 6 with HybridEncrypt

use of com.google.crypto.tink.HybridEncrypt in project tink by google.

the class EciesAeadHkdfPrivateKeyManagerTest method testGetPublicKeyData.

/**
 * Tests that a public key is extracted properly from a private key.
 */
@Test
public void testGetPublicKeyData() throws Exception {
    KeysetHandle privateHandle = KeysetHandle.generateNew(HybridKeyTemplates.ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256);
    KeyData privateKeyData = TestUtil.getKeyset(privateHandle).getKey(0).getKeyData();
    EciesAeadHkdfPrivateKeyManager privateManager = new EciesAeadHkdfPrivateKeyManager();
    KeyData publicKeyData = privateManager.getPublicKeyData(privateKeyData.getValue());
    assertEquals(EciesAeadHkdfPublicKeyManager.TYPE_URL, publicKeyData.getTypeUrl());
    assertEquals(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, publicKeyData.getKeyMaterialType());
    EciesAeadHkdfPrivateKey privateKey = EciesAeadHkdfPrivateKey.parseFrom(privateKeyData.getValue());
    assertArrayEquals(privateKey.getPublicKey().toByteArray(), publicKeyData.getValue().toByteArray());
    EciesAeadHkdfPublicKeyManager publicManager = new EciesAeadHkdfPublicKeyManager();
    HybridEncrypt hybridEncrypt = publicManager.getPrimitive(publicKeyData.getValue());
    HybridDecrypt hybridDecrypt = privateManager.getPrimitive(privateKeyData.getValue());
    byte[] message = Random.randBytes(20);
    byte[] contextInfo = Random.randBytes(20);
    assertArrayEquals(message, hybridDecrypt.decrypt(hybridEncrypt.encrypt(message, contextInfo), contextInfo));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 7 with HybridEncrypt

use of com.google.crypto.tink.HybridEncrypt in project tink by google.

the class HybridEncryptCatalogueTest method testBasic.

@Test
public void testBasic() throws Exception {
    HybridEncryptCatalogue catalogue = new HybridEncryptCatalogue();
    // Check a single key type for encryption, incl. case-insensitve primitive name.
    String keyType = "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";
    {
        KeyManager<HybridEncrypt> manager = catalogue.getKeyManager(keyType, "HybridEncrypt", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<HybridEncrypt> manager = catalogue.getKeyManager(keyType, "HybRIdEncRYPt", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<HybridEncrypt> manager = catalogue.getKeyManager(keyType, "HYBRIdeNCRYPT", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    // Check all entries from the current HybridConfig.
    RegistryConfig config = HybridConfig.TINK_1_0_0;
    int count = 0;
    for (KeyTypeEntry entry : config.getEntryList()) {
        if ("HybridEncrypt".equals(entry.getPrimitiveName())) {
            count = count + 1;
            KeyManager<HybridEncrypt> manager = catalogue.getKeyManager(entry.getTypeUrl(), "hybridencrypt", entry.getKeyManagerVersion());
            assertThat(manager.doesSupport(entry.getTypeUrl())).isTrue();
        }
    }
    assertEquals(1, count);
}
Also used : RegistryConfig(com.google.crypto.tink.proto.RegistryConfig) KeyTypeEntry(com.google.crypto.tink.proto.KeyTypeEntry) KeyManager(com.google.crypto.tink.KeyManager) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) Test(org.junit.Test)

Example 8 with HybridEncrypt

use of com.google.crypto.tink.HybridEncrypt in project tink by google.

the class EciesAeadHkdfHybridDecryptTest method testModifyDecrypt.

private void testModifyDecrypt(CurveType curveType, KeyTemplate keyTemplate) throws Exception {
    KeyPair recipientKey = EllipticCurves.generateKeyPair(curveType);
    ECPublicKey recipientPublicKey = (ECPublicKey) recipientKey.getPublic();
    ECPrivateKey recipientPrivateKey = (ECPrivateKey) recipientKey.getPrivate();
    byte[] salt = Random.randBytes(8);
    byte[] plaintext = Random.randBytes(4);
    byte[] context = Random.randBytes(4);
    String hmacAlgo = HybridUtil.toHmacAlgo(HashType.SHA256);
    HybridEncrypt hybridEncrypt = new EciesAeadHkdfHybridEncrypt(recipientPublicKey, salt, hmacAlgo, EllipticCurves.PointFormatType.UNCOMPRESSED, new RegistryEciesAeadHkdfDemHelper(keyTemplate));
    HybridDecrypt hybridDecrypt = new EciesAeadHkdfHybridDecrypt(recipientPrivateKey, salt, hmacAlgo, EllipticCurves.PointFormatType.UNCOMPRESSED, new RegistryEciesAeadHkdfDemHelper(keyTemplate));
    byte[] ciphertext = hybridEncrypt.encrypt(plaintext, context);
    byte[] decrypted = hybridDecrypt.decrypt(ciphertext, context);
    assertArrayEquals(plaintext, decrypted);
    // implicitly checks the modification of public key and the raw ciphertext.
    for (int bytes = 0; bytes < ciphertext.length; bytes++) {
        for (int bit = 0; bit < 8; bit++) {
            byte[] modifiedCiphertext = Arrays.copyOf(ciphertext, ciphertext.length);
            modifiedCiphertext[bytes] ^= (byte) (1 << bit);
            try {
                hybridDecrypt.decrypt(modifiedCiphertext, context);
                fail("Invalid ciphertext, should have thrown exception");
            } catch (GeneralSecurityException expected) {
            // Expected
            }
        }
    }
    // Modify context.
    for (int bytes = 0; bytes < context.length; bytes++) {
        for (int bit = 0; bit < 8; bit++) {
            byte[] modifiedContext = Arrays.copyOf(context, context.length);
            modifiedContext[bytes] ^= (byte) (1 << bit);
            try {
                hybridDecrypt.decrypt(ciphertext, modifiedContext);
                fail("Invalid context, should have thrown exception");
            } catch (GeneralSecurityException expected) {
            // Expected
            }
        }
    }
    // modifying the length may not be detected.
    for (int bytes = 0; bytes < salt.length; bytes++) {
        for (int bit = 0; bit < 8; bit++) {
            byte[] modifiedSalt = Arrays.copyOf(salt, salt.length);
            modifiedSalt[bytes] ^= (byte) (1 << bit);
            hybridDecrypt = new EciesAeadHkdfHybridDecrypt(recipientPrivateKey, modifiedSalt, hmacAlgo, EllipticCurves.PointFormatType.UNCOMPRESSED, new RegistryEciesAeadHkdfDemHelper(keyTemplate));
            try {
                hybridDecrypt.decrypt(ciphertext, context);
                fail("Invalid salt, should have thrown exception");
            } catch (GeneralSecurityException expected) {
            // Expected
            }
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) EciesAeadHkdfHybridDecrypt(com.google.crypto.tink.subtle.EciesAeadHkdfHybridDecrypt) ECPublicKey(java.security.interfaces.ECPublicKey) EciesAeadHkdfHybridDecrypt(com.google.crypto.tink.subtle.EciesAeadHkdfHybridDecrypt) GeneralSecurityException(java.security.GeneralSecurityException) EciesAeadHkdfHybridEncrypt(com.google.crypto.tink.subtle.EciesAeadHkdfHybridEncrypt) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) EciesAeadHkdfHybridEncrypt(com.google.crypto.tink.subtle.EciesAeadHkdfHybridEncrypt)

Example 9 with HybridEncrypt

use of com.google.crypto.tink.HybridEncrypt in project tink by google.

the class PaymentMethodTokenHybridEncryptTest method testBasicMultipleEncrypts.

@Test
public void testBasicMultipleEncrypts() throws Exception {
    ECParameterSpec spec = EllipticCurves.getNistP256Params();
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(spec);
    KeyPair recipientKey = keyGen.generateKeyPair();
    ECPublicKey recipientPublicKey = (ECPublicKey) recipientKey.getPublic();
    ECPrivateKey recipientPrivateKey = (ECPrivateKey) recipientKey.getPrivate();
    HybridEncrypt hybridEncrypt = new PaymentMethodTokenHybridEncrypt(recipientPublicKey, ProtocolVersionConfig.EC_V1);
    HybridDecrypt hybridDecrypt = new PaymentMethodTokenHybridDecrypt(recipientPrivateKey, ProtocolVersionConfig.EC_V1);
    testBasicMultipleEncrypts(hybridEncrypt, hybridDecrypt);
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) ECPublicKey(java.security.interfaces.ECPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) Test(org.junit.Test)

Example 10 with HybridEncrypt

use of com.google.crypto.tink.HybridEncrypt in project tink by google.

the class HybridEncryptFactoryTest method testBasicEncryption.

@Test
public void testBasicEncryption() throws Exception {
    EllipticCurveType curve = EllipticCurveType.NIST_P384;
    HashType hashType = HashType.SHA256;
    EcPointFormat primaryPointFormat = EcPointFormat.UNCOMPRESSED;
    EcPointFormat rawPointFormat = EcPointFormat.COMPRESSED;
    KeyTemplate primaryDemKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeyTemplate rawDemKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    byte[] primarySalt = "some salt".getBytes("UTF-8");
    byte[] rawSalt = "other salt".getBytes("UTF-8");
    EciesAeadHkdfPrivateKey primaryPrivProto = TestUtil.generateEciesAeadHkdfPrivKey(curve, hashType, primaryPointFormat, primaryDemKeyTemplate, primarySalt);
    Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(primaryPrivProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(primaryPrivProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EciesAeadHkdfPrivateKey rawPrivProto = TestUtil.generateEciesAeadHkdfPrivKey(curve, hashType, rawPointFormat, rawDemKeyTemplate, rawSalt);
    Key rawPriv = TestUtil.createKey(TestUtil.createKeyData(rawPrivProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 11, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key rawPub = TestUtil.createKey(TestUtil.createKeyData(rawPrivProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub, rawPub));
    KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv, rawPriv));
    HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
    HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
    byte[] plaintext = Random.randBytes(20);
    byte[] contextInfo = Random.randBytes(20);
    byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
    assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) HashType(com.google.crypto.tink.proto.HashType) EcPointFormat(com.google.crypto.tink.proto.EcPointFormat) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Aggregations

HybridEncrypt (com.google.crypto.tink.HybridEncrypt)16 HybridDecrypt (com.google.crypto.tink.HybridDecrypt)13 Test (org.junit.Test)12 KeyPair (java.security.KeyPair)10 ECPublicKey (java.security.interfaces.ECPublicKey)10 ECPrivateKey (java.security.interfaces.ECPrivateKey)9 GeneralSecurityException (java.security.GeneralSecurityException)6 KeysetHandle (com.google.crypto.tink.KeysetHandle)4 EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)3 EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)2 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2 HashType (com.google.crypto.tink.proto.HashType)2 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)2 Key (com.google.crypto.tink.proto.Keyset.Key)2 EciesAeadHkdfHybridDecrypt (com.google.crypto.tink.subtle.EciesAeadHkdfHybridDecrypt)2 EciesAeadHkdfHybridEncrypt (com.google.crypto.tink.subtle.EciesAeadHkdfHybridEncrypt)2 KeyPairGenerator (java.security.KeyPairGenerator)2 ECParameterSpec (java.security.spec.ECParameterSpec)2 TreeSet (java.util.TreeSet)2 KeyManager (com.google.crypto.tink.KeyManager)1