use of com.google.crypto.tink.KeysetReader in project tink by google.
the class TinkeyUtil method getKeysetHandle.
/**
* Returns a {@code KeysetHandle} from either a cleartext {@code Keyset} or a {@code
* EncryptedKeyset}, read from {@code inputStream}.
*/
public static KeysetHandle getKeysetHandle(InputStream inputStream, String inFormat, String masterKeyUri, String credentialPath) throws IOException, GeneralSecurityException {
KeysetReader reader = createKeysetReader(inputStream, inFormat);
KeysetHandle handle;
if (masterKeyUri != null) {
Aead masterKey = KmsClients.getAutoLoaded(masterKeyUri).withCredentials(credentialPath).getAead(masterKeyUri);
return KeysetHandle.read(reader, masterKey);
}
return CleartextKeysetHandle.read(reader);
}
use of com.google.crypto.tink.KeysetReader in project tink by google.
the class SignaturePemKeysetReaderTest method read_oneRSAPublicKey_shouldWork.
@Test
public void read_oneRSAPublicKey_shouldWork() throws Exception {
String pem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90Xf/NN1lRGBofJQzJf\n" + "lHvo6GAf25GGQGaMmD9T1ZP71CCbJ69lGIS/6akFBg6ECEHGM2EZ4WFLCdr5byUq\n" + "GCf4mY4WuOn+AcwzwAoDz9ASIFcQOoPclO7JYdfo2SOaumumdb5S/7FkKJ70TGYW\n" + "j9aTOYWsCcaojbjGDY/JEXz3BSRIngcgOvXBmV1JokcJ/LsrJD263WE9iUknZDhB\n" + "K7y4ChjHNqL8yJcw/D8xLNiJtIyuxiZ00p/lOVUInr8C/a2C1UGCgEGuXZAEGAdO\n" + "NVez52n5TLvQP3hRd4MTi7YvfhezRcA4aXyIDOv+TYi4p+OVTYQ+FMbkgoWBm5bq\n" + "wQIDAQAB\n" + "-----END PUBLIC KEY-----\n";
KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.RSA_PSS_2048_SHA256).build();
Keyset ks = keysetReader.read();
Keyset.Key key = ks.getKey(0);
KeyData keyData = key.getKeyData();
RsaSsaPssPublicKey publicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
RSAPublicKey publicKey = (RSAPublicKey) PemKeyType.RSA_PSS_2048_SHA256.readKey(new BufferedReader(new StringReader(pem)));
assertThat(ks.getKeyCount()).isEqualTo(1);
assertThat(ks.getPrimaryKeyId()).isEqualTo(key.getKeyId());
assertThat(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
assertThat(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
assertThat(publicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
assertThat(publicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
assertThat(publicKeyProto.getParams().getSaltLength()).isEqualTo(32);
assertThat(publicKeyProto.getN().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getModulus()).toByteArray());
assertThat(publicKeyProto.getE().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getPublicExponent()).toByteArray());
}
use of com.google.crypto.tink.KeysetReader in project tink by google.
the class SignaturePemKeysetReaderTest method read_oneECPublicKey_shouldWork.
@Test
public void read_oneECPublicKey_shouldWork() throws Exception {
String pem = "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7BiT5K5pivl4Qfrt9hRhRREMUzj/\n" + "8suEJ7GlMxZfvdcpbi/GhYPuJi8Gn2H1NaMJZcLZo5MLPKyyGT5u3u1VBQ==\n" + "-----END PUBLIC KEY-----\n";
KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.ECDSA_P256_SHA256).build();
Keyset ks = keysetReader.read();
Keyset.Key key = ks.getKey(0);
KeyData keyData = key.getKeyData();
EcdsaPublicKey publicKeyProto = EcdsaPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
ECPublicKey publicKey = (ECPublicKey) PemKeyType.ECDSA_P256_SHA256.readKey(new BufferedReader(new StringReader(pem)));
assertThat(ks.getKeyCount()).isEqualTo(1);
assertThat(ks.getPrimaryKeyId()).isEqualTo(key.getKeyId());
assertThat(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
assertThat(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
assertThat(keyData.getTypeUrl()).isEqualTo(new EcdsaVerifyKeyManager().getKeyType());
assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
assertThat(publicKeyProto.getParams().getHashType()).isEqualTo(HashType.SHA256);
assertThat(publicKeyProto.getParams().getCurve()).isEqualTo(EllipticCurveType.NIST_P256);
assertThat(publicKeyProto.getParams().getEncoding()).isEqualTo(EcdsaSignatureEncoding.DER);
assertThat(publicKeyProto.getX().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getW().getAffineX()).toByteArray());
assertThat(publicKeyProto.getY().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getW().getAffineY()).toByteArray());
}
use of com.google.crypto.tink.KeysetReader in project tink by google.
the class SignaturePemKeysetReaderTest method read_onePEM_twoRSAPublicKeys_shouldWork.
@Test
public void read_onePEM_twoRSAPublicKeys_shouldWork() throws Exception {
String pem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90Xf/NN1lRGBofJQzJf\n" + "lHvo6GAf25GGQGaMmD9T1ZP71CCbJ69lGIS/6akFBg6ECEHGM2EZ4WFLCdr5byUq\n" + "GCf4mY4WuOn+AcwzwAoDz9ASIFcQOoPclO7JYdfo2SOaumumdb5S/7FkKJ70TGYW\n" + "j9aTOYWsCcaojbjGDY/JEXz3BSRIngcgOvXBmV1JokcJ/LsrJD263WE9iUknZDhB\n" + "K7y4ChjHNqL8yJcw/D8xLNiJtIyuxiZ00p/lOVUInr8C/a2C1UGCgEGuXZAEGAdO\n" + "NVez52n5TLvQP3hRd4MTi7YvfhezRcA4aXyIDOv+TYi4p+OVTYQ+FMbkgoWBm5bq\n" + "wQIDAQAB\n" + "-----END PUBLIC KEY-----\n" + "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHT+woDZHckRv316VyUw\n" + "WnQ8lR7C1rOj+KPuBnAPMQTW8htNG0gfjYEb01ZRvZM8ezOunDnpBqvYPeATKTGu\n" + "YD7/Tq1gkcFGf59aG2vgi8I/+0OkYNyWwuYLKm34t50TKMvQwiIBr0IZfaGnzF/5\n" + "43wqtE6rvcZTavlR0q3ftJQ6OEFXnOzShRctQf7nIn2Mi2mks3cLoWpqLJe0rSiM\n" + "TYqas+fiLd5K5p55H2woBpoRPBmNEBMd2r+P0caGNRd3XuO2OwOx/2XezZ0Lj9ms\n" + "u7BDXM/No6dxLmrgwzokuRg0N/mF+PUCnNakbT1nyn/1uMopialAMDhYUEtZdFjw\n" + "gwIDAQAB\n" + "-----END PUBLIC KEY-----\n";
KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.RSA_PSS_2048_SHA256).build();
Keyset ks = keysetReader.read();
Keyset.Key firstKey = ks.getKey(0);
Keyset.Key secondKey = ks.getKey(1);
assertThat(ks.getKeyCount()).isEqualTo(2);
assertThat(ks.getPrimaryKeyId()).isEqualTo(firstKey.getKeyId());
KeyData keyData = firstKey.getKeyData();
RsaSsaPssPublicKey publicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
RSAPublicKey publicKey = (RSAPublicKey) PemKeyType.RSA_PSS_2048_SHA256.readKey(new BufferedReader(new StringReader(pem)));
assertThat(firstKey.getStatus()).isEqualTo(KeyStatusType.ENABLED);
assertThat(firstKey.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
assertThat(publicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
assertThat(publicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
assertThat(publicKeyProto.getParams().getSaltLength()).isEqualTo(32);
assertThat(publicKeyProto.getN().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getModulus()).toByteArray());
assertThat(publicKeyProto.getE().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getPublicExponent()).toByteArray());
keyData = secondKey.getKeyData();
publicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
assertThat(secondKey.getStatus()).isEqualTo(KeyStatusType.ENABLED);
assertThat(secondKey.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
assertThat(publicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
assertThat(publicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
assertThat(publicKeyProto.getParams().getSaltLength()).isEqualTo(32);
}
use of com.google.crypto.tink.KeysetReader in project tink by google.
the class KeysetServiceImpl method readEncrypted.
@Override
public void readEncrypted(KeysetReadEncryptedRequest request, StreamObserver<KeysetReadEncryptedResponse> responseObserver) {
KeysetReadEncryptedResponse response;
try {
// get masterAead
KeysetHandle masterKeysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getMasterKeyset().toByteArray()));
Aead masterAead = masterKeysetHandle.getPrimitive(Aead.class);
// read encrypted keyset to keysetHandle
KeysetReader reader = BinaryKeysetReader.withBytes(request.getEncryptedKeyset().toByteArray());
KeysetHandle keysetHandle;
if (request.hasAssociatedData()) {
keysetHandle = KeysetHandle.readWithAssociatedData(reader, masterAead, request.getAssociatedData().getValue().toByteArray());
} else {
keysetHandle = KeysetHandle.read(reader, masterAead);
}
// get keyset from keysetHandle
Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
ByteArrayOutputStream keysetStream = new ByteArrayOutputStream();
BinaryKeysetWriter.withOutputStream(keysetStream).write(keyset);
keysetStream.close();
response = KeysetReadEncryptedResponse.newBuilder().setKeyset(ByteString.copyFrom(keysetStream.toByteArray())).build();
} catch (GeneralSecurityException | InvalidProtocolBufferException e) {
response = KeysetReadEncryptedResponse.newBuilder().setErr(e.toString()).build();
} catch (IOException e) {
responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
return;
}
responseObserver.onNext(response);
responseObserver.onCompleted();
}
Aggregations