Example 36 with KeysetHandle
use of com.google.crypto.tink.KeysetHandle in project tink by google.
the class MacFactoryTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
Key tink = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
Key legacy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 43, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
Key raw = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key crunchy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 45, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
int j = keys.length;
for (int i = 0; i < j; i++) {
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
Mac mac = MacFactory.getPrimitive(keysetHandle);
byte[] plaintext = "plaintext".getBytes("UTF-8");
byte[] tag = mac.computeMac(plaintext);
if (!keys[i].getOutputPrefixType().equals(OutputPrefixType.RAW)) {
byte[] prefix = Arrays.copyOfRange(tag, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
}
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception: " + i);
}
// Modify plaintext or tag and make sure the verifyMac failed.
byte[] plaintextAndTag = Bytes.concat(plaintext, tag);
for (int b = 0; b < plaintextAndTag.length; b++) {
for (int bit = 0; bit < 8; bit++) {
byte[] modified = Arrays.copyOf(plaintextAndTag, plaintextAndTag.length);
modified[b] ^= (byte) (1 << bit);
try {
mac.verifyMac(Arrays.copyOfRange(modified, plaintext.length, modified.length), Arrays.copyOfRange(modified, 0, plaintext.length));
fail("Invalid tag or plaintext, should have thrown exception");
} catch (GeneralSecurityException expected) {
// Expected
}
}
}
// mac with a non-primary RAW key, verify with the keyset
KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(raw, legacy, tink, crunchy));
Mac mac2 = MacFactory.getPrimitive(keysetHandle2);
tag = mac2.computeMac(plaintext);
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception");
}
// mac with a random key not in the keyset, verify with the keyset should fail
byte[] keyValue2 = Random.randBytes(HMAC_KEY_SIZE);
Key random = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue2, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(random));
mac2 = MacFactory.getPrimitive(keysetHandle2);
tag = mac2.computeMac(plaintext);
try {
mac.verifyMac(tag, plaintext);
fail("Invalid MAC MAC, should have thrown exception");
} catch (GeneralSecurityException expected) {
// Expected
}
}
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
GeneralSecurityException(java.security.GeneralSecurityException)
Key(com.google.crypto.tink.proto.Keyset.Key)
Mac(com.google.crypto.tink.Mac)
Test(org.junit.Test)
Example 37 with KeysetHandle
use of com.google.crypto.tink.KeysetHandle in project tink by google.
the class MacFactoryTest method testSmallPlaintextWithRawKey.
@Test
public void testSmallPlaintextWithRawKey() throws Exception {
byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
Key primary = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary));
Mac mac = MacFactory.getPrimitive(keysetHandle);
byte[] plaintext = "blah".getBytes("UTF-8");
byte[] tag = mac.computeMac(plaintext);
// no prefix
assertEquals(16, /* TAG */
tag.length);
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception");
}
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
GeneralSecurityException(java.security.GeneralSecurityException)
Key(com.google.crypto.tink.proto.Keyset.Key)
Mac(com.google.crypto.tink.Mac)
Test(org.junit.Test)
Example 38 with KeysetHandle
use of com.google.crypto.tink.KeysetHandle in project tink by google.
the class HybridDecryptCli method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.out.println("Usage: HybridDecryptCli keyset-file ciphertext-file context-info output-file");
System.exit(1);
}
String keysetFilename = args[0];
String ciphertextFilename = args[1];
String contextInfo = args[2];
String outputFilename = args[3];
System.out.println("Using keyset from file " + keysetFilename + " to decrypt file " + ciphertextFilename + " with context info '" + contextInfo + "'.");
System.out.println("The resulting plaintext will be written to file " + outputFilename);
// Init Tink.
CliUtil.initTink();
// Read the keyset.
System.out.println("Reading the keyset...");
KeysetHandle keysetHandle = CliUtil.readKeyset(keysetFilename);
// Get the primitive.
System.out.println("Getting the primitive...");
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandle);
// Read the ciphertext.
byte[] ciphertext = CliUtil.read(ciphertextFilename);
// Compute the plaintext.
System.out.println("Decrypting...");
byte[] plaintext = hybridDecrypt.decrypt(ciphertext, contextInfo.getBytes(CliUtil.UTF_8));
// Write the plaintext to the output file.
CliUtil.write(plaintext, outputFilename);
System.out.println("All done.");
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
HybridDecrypt(com.google.crypto.tink.HybridDecrypt)
Example 39 with KeysetHandle
use of com.google.crypto.tink.KeysetHandle in project tink by google.
the class HybridEncryptCli method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.out.println("Usage: HybridEncryptCli keyset-file plaintext-file context-info output-file");
System.exit(1);
}
String keysetFilename = args[0];
String plaintextFilename = args[1];
String contextInfo = args[2];
String outputFilename = args[3];
System.out.println("Using keyset from file " + keysetFilename + " to encrypt file " + plaintextFilename + " with context info '" + contextInfo + "'.");
System.out.println("The resulting ciphertext will be written to file " + outputFilename);
// Init Tink.
CliUtil.initTink();
// Read the keyset.
System.out.println("Reading the keyset...");
KeysetHandle keysetHandle = CliUtil.readKeyset(keysetFilename);
// Get the primitive.
System.out.println("Getting the primitive...");
HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandle);
// Read the plaintext.
byte[] plaintext = CliUtil.read(plaintextFilename);
// Compute the ciphertext.
System.out.println("Encrypting...");
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo.getBytes(CliUtil.UTF_8));
// Write the ciphertext to the output file.
CliUtil.write(ciphertext, outputFilename);
System.out.println("All done.");
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
HybridEncrypt(com.google.crypto.tink.HybridEncrypt)
Example 40 with KeysetHandle
use of com.google.crypto.tink.KeysetHandle in project tink by google.
the class PublicKeySignCli method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.out.println("Usage: PublicKeySignCli keyset-file message-file output-file");
System.exit(1);
}
String keysetFilename = args[0];
String messageFilename = args[1];
String outputFilename = args[2];
System.out.println("Using keyset from file " + keysetFilename + " to sign message from " + messageFilename + ".");
System.out.println("The resulting signature will be written to file " + outputFilename);
// Init Tink.
CliUtil.initTink();
// Read the keyset.
System.out.println("Reading the keyset...");
KeysetHandle keysetHandle = CliUtil.readKeyset(keysetFilename);
// Get the primitive.
System.out.println("Getting the primitive...");
PublicKeySign pkSign = PublicKeySignFactory.getPrimitive(keysetHandle);
// Read the message.
byte[] message = CliUtil.read(messageFilename);
// Compute the signature.
System.out.println("Signing...");
byte[] signature = pkSign.sign(message);
// Write the signature to the output file.
CliUtil.write(signature, outputFilename);
System.out.println("All done.");
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
PublicKeySign(com.google.crypto.tink.PublicKeySign)
Aggregations
KeysetHandle (com.google.crypto.tink.KeysetHandle)42
Test (org.junit.Test)27
Key (com.google.crypto.tink.proto.Keyset.Key)13
GeneralSecurityException (java.security.GeneralSecurityException)10
Aead (com.google.crypto.tink.Aead)9
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)5
DeterministicAead (com.google.crypto.tink.DeterministicAead)5
PublicKeySign (com.google.crypto.tink.PublicKeySign)5
PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)5
KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)5
HybridDecrypt (com.google.crypto.tink.HybridDecrypt)4
HybridEncrypt (com.google.crypto.tink.HybridEncrypt)4
StreamingAead (com.google.crypto.tink.StreamingAead)3
EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)3
EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)3
KeyData (com.google.crypto.tink.proto.KeyData)3
KeysetReader (com.google.crypto.tink.KeysetReader)2
Mac (com.google.crypto.tink.Mac)2
EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)2
EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2
