Examples with KeyTemplate com.google.crypto.tink.KeyTemplate used on opensource projects

Example 6 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class AesGcmSivKeyManagerTest method testAes128GcmSivTemplate.

@Test
public void testAes128GcmSivTemplate() throws Exception {
    KeyTemplate template = AesGcmSivKeyManager.aes128GcmSivTemplate();
    assertEquals(new AesGcmSivKeyManager().getKeyType(), template.getTypeUrl());
    assertEquals(KeyTemplate.OutputPrefixType.TINK, template.getOutputPrefixType());
    AesGcmSivKeyFormat format = AesGcmSivKeyFormat.parseFrom(ByteString.copyFrom(template.getValue()), ExtensionRegistryLite.getEmptyRegistry());
    assertEquals(16, format.getKeySize());
}

Example 7 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class KmsAeadKeyManagerTest method createKeyTemplate_multipleKeysWithSameKek.

@Test
public void createKeyTemplate_multipleKeysWithSameKek() throws Exception {
    String keyUri = FakeKmsClient.createFakeKeyUri();
    KeyTemplate template1 = KmsAeadKeyManager.createKeyTemplate(keyUri);
    KeysetHandle handle1 = KeysetHandle.generateNew(template1);
    Aead aead1 = handle1.getPrimitive(Aead.class);
    KeyTemplate template2 = KmsAeadKeyManager.createKeyTemplate(keyUri);
    KeysetHandle handle2 = KeysetHandle.generateNew(template2);
    Aead aead2 = handle2.getPrimitive(Aead.class);
    byte[] plaintext = Random.randBytes(20);
    byte[] associatedData = Random.randBytes(20);
    assertThat(aead1.decrypt(aead2.encrypt(plaintext, associatedData), associatedData)).isEqualTo(plaintext);
}

Example 8 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method createKey.

@Test
public void createKey() throws Exception {
    String kekUri = FakeKmsClient.createFakeKeyUri();
    KeyTemplate dekTemplate = AesCtrHmacAeadKeyManager.aes128CtrHmacSha256Template();
    KmsEnvelopeAeadKey key = factory.createKey(KmsEnvelopeAeadKeyManager.createKeyFormat(kekUri, dekTemplate));
    Aead aead = manager.getPrimitive(key, Aead.class);
    byte[] plaintext = Random.randBytes(20);
    byte[] associatedData = Random.randBytes(20);
    assertThat(aead.decrypt(aead.encrypt(plaintext, associatedData), associatedData)).isEqualTo(plaintext);
}

Example 9 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method createKeyTemplate_multipleKeysWithSameKek.

@Test
public void createKeyTemplate_multipleKeysWithSameKek() throws Exception {
    String kekUri = FakeKmsClient.createFakeKeyUri();
    KeyTemplate dekTemplate = AesCtrHmacAeadKeyManager.aes128CtrHmacSha256Template();
    KeyTemplate kt1 = KmsEnvelopeAeadKeyManager.createKeyTemplate(kekUri, dekTemplate);
    KeysetHandle handle1 = KeysetHandle.generateNew(kt1);
    Aead aead1 = handle1.getPrimitive(Aead.class);
    KeyTemplate kt2 = KmsEnvelopeAeadKeyManager.createKeyTemplate(kekUri, dekTemplate);
    KeysetHandle handle2 = KeysetHandle.generateNew(kt2);
    Aead aead2 = handle2.getPrimitive(Aead.class);
    byte[] plaintext = Random.randBytes(20);
    byte[] associatedData = Random.randBytes(20);
    assertThat(aead1.decrypt(aead2.encrypt(plaintext, associatedData), associatedData)).isEqualTo(plaintext);
}

Example 10 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method getPrimitive_parsingInvalidCiphetexts.

@Test
public void getPrimitive_parsingInvalidCiphetexts() throws Exception {
    String kekUri = FakeKmsClient.createFakeKeyUri();
    KeyTemplate dekTemplate = AesCtrHmacAeadKeyManager.aes128CtrHmacSha256Template();
    KmsEnvelopeAeadKey key = factory.createKey(KmsEnvelopeAeadKeyManager.createKeyFormat(kekUri, dekTemplate));
    Aead aead = manager.getPrimitive(key, Aead.class);
    byte[] plaintext = Random.randBytes(20);
    byte[] aad = Random.randBytes(20);
    byte[] ciphertext = aead.encrypt(plaintext, aad);
    ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
    int encryptedDekSize = buffer.getInt();
    byte[] encryptedDek = new byte[encryptedDekSize];
    buffer.get(encryptedDek, 0, encryptedDekSize);
    byte[] payload = new byte[buffer.remaining()];
    buffer.get(payload, 0, buffer.remaining());
    // valid, should work
    byte[] ciphertext2 = ByteBuffer.allocate(ciphertext.length).putInt(encryptedDekSize).put(encryptedDek).put(payload).array();
    assertArrayEquals(plaintext, aead.decrypt(ciphertext2, aad));
    // negative length
    byte[] ciphertext3 = ByteBuffer.allocate(ciphertext.length).putInt(-1).put(encryptedDek).put(payload).array();
    assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext3, aad));
    // length larger than actual value
    byte[] ciphertext4 = ByteBuffer.allocate(ciphertext.length).putInt(encryptedDek.length + 1).put(encryptedDek).put(payload).array();
    assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext4, aad));
    // length larger than total ciphertext length
    byte[] ciphertext5 = ByteBuffer.allocate(ciphertext.length).putInt(encryptedDek.length + payload.length + 1).put(encryptedDek).put(payload).array();
    assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext5, aad));
}