Examples with KeysetHandle com.google.crypto.tink.KeysetHandle used on opensource projects

Example 26 with KeysetHandle

use of com.google.crypto.tink.KeysetHandle in project tink by google.

the class AesSivKeyManagerTest method testCiphertextSize.

@Test
public void testCiphertextSize() throws Exception {
    for (KeyTemplate template : keyTemplates) {
        KeysetHandle keysetHandle = KeysetHandle.generateNew(template);
        DeterministicAead daead = DeterministicAeadFactory.getPrimitive(keysetHandle);
        byte[] plaintext = "plaintext".getBytes("UTF-8");
        byte[] associatedData = "associatedData".getBytes("UTF-8");
        byte[] ciphertext = daead.encryptDeterministically(plaintext, associatedData);
        assertEquals(CryptoFormat.NON_RAW_PREFIX_SIZE + plaintext.length + 16, /* IV_SIZE */
        ciphertext.length);
    }
}

Example 27 with KeysetHandle

use of com.google.crypto.tink.KeysetHandle in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method testGcpKmsKeyRestricted.

@Test
public void testGcpKmsKeyRestricted() throws Exception {
    KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
    TestUtil.runBasicAeadFactoryTests(keysetHandle);
}

Example 28 with KeysetHandle

use of com.google.crypto.tink.KeysetHandle in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method testParsingInvalidCiphertexts.

@Test
public void testParsingInvalidCiphertexts() throws Exception {
    KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
    Aead aead = AeadFactory.getPrimitive(keysetHandle);
    byte[] plaintext = Random.randBytes(20);
    byte[] aad = Random.randBytes(20);
    byte[] ciphertext = aead.encrypt(plaintext, aad);
    ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
    // Skip Tink's header.
    byte[] header = new byte[CryptoFormat.NON_RAW_PREFIX_SIZE];
    buffer.get(header, 0, header.length);
    int encryptedDekSize = buffer.getInt();
    byte[] encryptedDek = new byte[encryptedDekSize];
    buffer.get(encryptedDek, 0, encryptedDekSize);
    byte[] payload = new byte[buffer.remaining()];
    buffer.get(payload, 0, buffer.remaining());
    // valid, should work
    byte[] ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDekSize).put(encryptedDek).put(payload).array();
    assertArrayEquals(plaintext, aead.decrypt(ciphertext2, aad));
    // negative length
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(-1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
    // length larger than actual value
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + 1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
    // length larger than total ciphertext length
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + payload.length + 1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
}

Example 29 with KeysetHandle

use of com.google.crypto.tink.KeysetHandle in project tink by google.

the class DeterministicAeadFactoryTest method testRawKeyAsPrimary.

private static void testRawKeyAsPrimary(int keySize) throws Exception {
    Key primary = TestUtil.createKey(TestUtil.createAesSivKeyData(keySize), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key raw = TestUtil.createKey(TestUtil.createAesSivKeyData(keySize), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key legacy = TestUtil.createKey(TestUtil.createAesSivKeyData(keySize), 44, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary, raw, legacy));
    DeterministicAead daead = DeterministicAeadFactory.getPrimitive(keysetHandle);
    byte[] plaintext = Random.randBytes(20);
    byte[] associatedData = Random.randBytes(20);
    byte[] ciphertext = daead.encryptDeterministically(plaintext, associatedData);
    assertArrayEquals(plaintext, daead.decryptDeterministically(ciphertext, associatedData));
    assertEquals(CryptoFormat.RAW_PREFIX_SIZE + plaintext.length + 16, ciphertext.length);
}

Example 30 with KeysetHandle

use of com.google.crypto.tink.KeysetHandle in project tink by google.

the class DeterministicAeadFactoryTest method testMultipleKeys.

private static void testMultipleKeys(int keySize) throws Exception {
    Key primary = TestUtil.createKey(TestUtil.createAesSivKeyData(keySize), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    Key raw = TestUtil.createKey(TestUtil.createAesSivKeyData(keySize), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key legacy = TestUtil.createKey(TestUtil.createAesSivKeyData(keySize), 44, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    Key tink = TestUtil.createKey(TestUtil.createAesSivKeyData(keySize), 45, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary, raw, legacy, tink));
    DeterministicAead daead = DeterministicAeadFactory.getPrimitive(keysetHandle);
    byte[] plaintext = Random.randBytes(20);
    byte[] associatedData = Random.randBytes(20);
    byte[] ciphertext = daead.encryptDeterministically(plaintext, associatedData);
    byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
    assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(primary));
    assertArrayEquals(plaintext, daead.decryptDeterministically(ciphertext, associatedData));
    assertEquals(CryptoFormat.NON_RAW_PREFIX_SIZE + plaintext.length + 16, ciphertext.length);
    // encrypt with a non-primary RAW key and decrypt with the keyset
    KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(raw, legacy, tink));
    DeterministicAead daead2 = DeterministicAeadFactory.getPrimitive(keysetHandle2);
    ciphertext = daead2.encryptDeterministically(plaintext, associatedData);
    assertArrayEquals(plaintext, daead.decryptDeterministically(ciphertext, associatedData));
    // encrypt with a random key not in the keyset, decrypt with the keyset should fail
    Key random = TestUtil.createKey(TestUtil.createAesSivKeyData(keySize), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(random));
    daead2 = DeterministicAeadFactory.getPrimitive(keysetHandle2);
    ciphertext = daead2.encryptDeterministically(plaintext, associatedData);
    try {
        daead.decryptDeterministically(ciphertext, associatedData);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
}