Search in sources :

Example 1 with KeysetReader

use of com.google.crypto.tink.KeysetReader in project tink by google.

the class TinkeyUtil method getKeysetHandle.

/**
 * Returns a {@code KeysetHandle} from either a cleartext {@code Keyset} or a {@code
 * EncryptedKeyset}, read from {@code inputStream}.
 */
public static KeysetHandle getKeysetHandle(InputStream inputStream, String inFormat, String masterKeyUri, String credentialPath) throws IOException, GeneralSecurityException {
    KeysetReader reader = createKeysetReader(inputStream, inFormat);
    KeysetHandle handle;
    if (masterKeyUri != null) {
        Aead masterKey = KmsClients.getAutoLoaded(masterKeyUri).withCredentials(credentialPath).getAead(masterKeyUri);
        return KeysetHandle.read(reader, masterKey);
    }
    return CleartextKeysetHandle.read(reader);
}
Also used : CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) KeysetHandle(com.google.crypto.tink.KeysetHandle) BinaryKeysetReader(com.google.crypto.tink.BinaryKeysetReader) JsonKeysetReader(com.google.crypto.tink.JsonKeysetReader) KeysetReader(com.google.crypto.tink.KeysetReader) Aead(com.google.crypto.tink.Aead)

Example 2 with KeysetReader

use of com.google.crypto.tink.KeysetReader in project tink by google.

the class SignaturePemKeysetReaderTest method read_oneRSAPublicKey_shouldWork.

@Test
public void read_oneRSAPublicKey_shouldWork() throws Exception {
    String pem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90Xf/NN1lRGBofJQzJf\n" + "lHvo6GAf25GGQGaMmD9T1ZP71CCbJ69lGIS/6akFBg6ECEHGM2EZ4WFLCdr5byUq\n" + "GCf4mY4WuOn+AcwzwAoDz9ASIFcQOoPclO7JYdfo2SOaumumdb5S/7FkKJ70TGYW\n" + "j9aTOYWsCcaojbjGDY/JEXz3BSRIngcgOvXBmV1JokcJ/LsrJD263WE9iUknZDhB\n" + "K7y4ChjHNqL8yJcw/D8xLNiJtIyuxiZ00p/lOVUInr8C/a2C1UGCgEGuXZAEGAdO\n" + "NVez52n5TLvQP3hRd4MTi7YvfhezRcA4aXyIDOv+TYi4p+OVTYQ+FMbkgoWBm5bq\n" + "wQIDAQAB\n" + "-----END PUBLIC KEY-----\n";
    KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.RSA_PSS_2048_SHA256).build();
    Keyset ks = keysetReader.read();
    Keyset.Key key = ks.getKey(0);
    KeyData keyData = key.getKeyData();
    RsaSsaPssPublicKey publicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPublicKey publicKey = (RSAPublicKey) PemKeyType.RSA_PSS_2048_SHA256.readKey(new BufferedReader(new StringReader(pem)));
    assertThat(ks.getKeyCount()).isEqualTo(1);
    assertThat(ks.getPrimaryKeyId()).isEqualTo(key.getKeyId());
    assertThat(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(publicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getSaltLength()).isEqualTo(32);
    assertThat(publicKeyProto.getN().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getModulus()).toByteArray());
    assertThat(publicKeyProto.getE().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getPublicExponent()).toByteArray());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) RsaSsaPssPublicKey(com.google.crypto.tink.proto.RsaSsaPssPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) KeysetReader(com.google.crypto.tink.KeysetReader) BufferedReader(java.io.BufferedReader) StringReader(java.io.StringReader) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 3 with KeysetReader

use of com.google.crypto.tink.KeysetReader in project tink by google.

the class SignaturePemKeysetReaderTest method read_oneECPublicKey_shouldWork.

@Test
public void read_oneECPublicKey_shouldWork() throws Exception {
    String pem = "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7BiT5K5pivl4Qfrt9hRhRREMUzj/\n" + "8suEJ7GlMxZfvdcpbi/GhYPuJi8Gn2H1NaMJZcLZo5MLPKyyGT5u3u1VBQ==\n" + "-----END PUBLIC KEY-----\n";
    KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.ECDSA_P256_SHA256).build();
    Keyset ks = keysetReader.read();
    Keyset.Key key = ks.getKey(0);
    KeyData keyData = key.getKeyData();
    EcdsaPublicKey publicKeyProto = EcdsaPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    ECPublicKey publicKey = (ECPublicKey) PemKeyType.ECDSA_P256_SHA256.readKey(new BufferedReader(new StringReader(pem)));
    assertThat(ks.getKeyCount()).isEqualTo(1);
    assertThat(ks.getPrimaryKeyId()).isEqualTo(key.getKeyId());
    assertThat(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new EcdsaVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(publicKeyProto.getParams().getHashType()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getCurve()).isEqualTo(EllipticCurveType.NIST_P256);
    assertThat(publicKeyProto.getParams().getEncoding()).isEqualTo(EcdsaSignatureEncoding.DER);
    assertThat(publicKeyProto.getX().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getW().getAffineX()).toByteArray());
    assertThat(publicKeyProto.getY().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getW().getAffineY()).toByteArray());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) ECPublicKey(java.security.interfaces.ECPublicKey) EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey) KeysetReader(com.google.crypto.tink.KeysetReader) BufferedReader(java.io.BufferedReader) StringReader(java.io.StringReader) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 4 with KeysetReader

use of com.google.crypto.tink.KeysetReader in project tink by google.

the class SignaturePemKeysetReaderTest method read_onePEM_twoRSAPublicKeys_shouldWork.

@Test
public void read_onePEM_twoRSAPublicKeys_shouldWork() throws Exception {
    String pem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90Xf/NN1lRGBofJQzJf\n" + "lHvo6GAf25GGQGaMmD9T1ZP71CCbJ69lGIS/6akFBg6ECEHGM2EZ4WFLCdr5byUq\n" + "GCf4mY4WuOn+AcwzwAoDz9ASIFcQOoPclO7JYdfo2SOaumumdb5S/7FkKJ70TGYW\n" + "j9aTOYWsCcaojbjGDY/JEXz3BSRIngcgOvXBmV1JokcJ/LsrJD263WE9iUknZDhB\n" + "K7y4ChjHNqL8yJcw/D8xLNiJtIyuxiZ00p/lOVUInr8C/a2C1UGCgEGuXZAEGAdO\n" + "NVez52n5TLvQP3hRd4MTi7YvfhezRcA4aXyIDOv+TYi4p+OVTYQ+FMbkgoWBm5bq\n" + "wQIDAQAB\n" + "-----END PUBLIC KEY-----\n" + "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHT+woDZHckRv316VyUw\n" + "WnQ8lR7C1rOj+KPuBnAPMQTW8htNG0gfjYEb01ZRvZM8ezOunDnpBqvYPeATKTGu\n" + "YD7/Tq1gkcFGf59aG2vgi8I/+0OkYNyWwuYLKm34t50TKMvQwiIBr0IZfaGnzF/5\n" + "43wqtE6rvcZTavlR0q3ftJQ6OEFXnOzShRctQf7nIn2Mi2mks3cLoWpqLJe0rSiM\n" + "TYqas+fiLd5K5p55H2woBpoRPBmNEBMd2r+P0caGNRd3XuO2OwOx/2XezZ0Lj9ms\n" + "u7BDXM/No6dxLmrgwzokuRg0N/mF+PUCnNakbT1nyn/1uMopialAMDhYUEtZdFjw\n" + "gwIDAQAB\n" + "-----END PUBLIC KEY-----\n";
    KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.RSA_PSS_2048_SHA256).build();
    Keyset ks = keysetReader.read();
    Keyset.Key firstKey = ks.getKey(0);
    Keyset.Key secondKey = ks.getKey(1);
    assertThat(ks.getKeyCount()).isEqualTo(2);
    assertThat(ks.getPrimaryKeyId()).isEqualTo(firstKey.getKeyId());
    KeyData keyData = firstKey.getKeyData();
    RsaSsaPssPublicKey publicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPublicKey publicKey = (RSAPublicKey) PemKeyType.RSA_PSS_2048_SHA256.readKey(new BufferedReader(new StringReader(pem)));
    assertThat(firstKey.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(firstKey.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(publicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getSaltLength()).isEqualTo(32);
    assertThat(publicKeyProto.getN().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getModulus()).toByteArray());
    assertThat(publicKeyProto.getE().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getPublicExponent()).toByteArray());
    keyData = secondKey.getKeyData();
    publicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertThat(secondKey.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(secondKey.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(publicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getSaltLength()).isEqualTo(32);
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) RsaSsaPssPublicKey(com.google.crypto.tink.proto.RsaSsaPssPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) KeysetReader(com.google.crypto.tink.KeysetReader) BufferedReader(java.io.BufferedReader) StringReader(java.io.StringReader) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 5 with KeysetReader

use of com.google.crypto.tink.KeysetReader in project tink by google.

the class KeysetServiceImpl method readEncrypted.

@Override
public void readEncrypted(KeysetReadEncryptedRequest request, StreamObserver<KeysetReadEncryptedResponse> responseObserver) {
    KeysetReadEncryptedResponse response;
    try {
        // get masterAead
        KeysetHandle masterKeysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getMasterKeyset().toByteArray()));
        Aead masterAead = masterKeysetHandle.getPrimitive(Aead.class);
        // read encrypted keyset to keysetHandle
        KeysetReader reader = BinaryKeysetReader.withBytes(request.getEncryptedKeyset().toByteArray());
        KeysetHandle keysetHandle;
        if (request.hasAssociatedData()) {
            keysetHandle = KeysetHandle.readWithAssociatedData(reader, masterAead, request.getAssociatedData().getValue().toByteArray());
        } else {
            keysetHandle = KeysetHandle.read(reader, masterAead);
        }
        // get keyset from keysetHandle
        Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
        ByteArrayOutputStream keysetStream = new ByteArrayOutputStream();
        BinaryKeysetWriter.withOutputStream(keysetStream).write(keyset);
        keysetStream.close();
        response = KeysetReadEncryptedResponse.newBuilder().setKeyset(ByteString.copyFrom(keysetStream.toByteArray())).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = KeysetReadEncryptedResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) GeneralSecurityException(java.security.GeneralSecurityException) KeysetReadEncryptedResponse(com.google.crypto.tink.proto.testing.KeysetReadEncryptedResponse) Aead(com.google.crypto.tink.Aead) BinaryKeysetReader(com.google.crypto.tink.BinaryKeysetReader) JsonKeysetReader(com.google.crypto.tink.JsonKeysetReader) KeysetReader(com.google.crypto.tink.KeysetReader) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException)

Aggregations

KeysetReader (com.google.crypto.tink.KeysetReader)10 Keyset (com.google.crypto.tink.proto.Keyset)7 KeyData (com.google.crypto.tink.proto.KeyData)6 Test (org.junit.Test)6 BufferedReader (java.io.BufferedReader)5 StringReader (java.io.StringReader)5 RsaSsaPssPublicKey (com.google.crypto.tink.proto.RsaSsaPssPublicKey)4 RSAPublicKey (java.security.interfaces.RSAPublicKey)4 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3 KeysetHandle (com.google.crypto.tink.KeysetHandle)3 EcdsaPublicKey (com.google.crypto.tink.proto.EcdsaPublicKey)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 Aead (com.google.crypto.tink.Aead)2 BinaryKeysetReader (com.google.crypto.tink.BinaryKeysetReader)2 JsonKeysetReader (com.google.crypto.tink.JsonKeysetReader)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2 InputStream (java.io.InputStream)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 KeysetReadEncryptedResponse (com.google.crypto.tink.proto.testing.KeysetReadEncryptedResponse)1