use of com.google.crypto.tink.Mac in project tink by google.
the class EncryptThenAuthenticate method newAesCtrHmac.
/**
* Returns a new EncryptThenAuthenticate instance using AES-CTR and HMAC.
*/
public static Aead newAesCtrHmac(final byte[] aesCtrKey, int ivSize, String hmacAlgorithm, final byte[] hmacKey, int tagSize) throws GeneralSecurityException {
IndCpaCipher cipher = new AesCtrJceCipher(aesCtrKey, ivSize);
SecretKeySpec hmacKeySpec = new SecretKeySpec(hmacKey, "HMAC");
Mac hmac = new PrfMac(new PrfHmacJce(hmacAlgorithm, hmacKeySpec), tagSize);
return new EncryptThenAuthenticate(cipher, hmac, tagSize);
}
use of com.google.crypto.tink.Mac in project tink by google.
the class MacIntegrationTest method testSmallPlaintextWithRawKey.
@Test
public void testSmallPlaintextWithRawKey() throws Exception {
byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
Key primary = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary));
Mac mac = keysetHandle.getPrimitive(Mac.class);
byte[] plaintext = "blah".getBytes("UTF-8");
byte[] tag = mac.computeMac(plaintext);
// no prefix
assertEquals(16, /* TAG */
tag.length);
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception");
}
}
use of com.google.crypto.tink.Mac in project tink by google.
the class MacIntegrationTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
Key tink = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
Key legacy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 43, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
Key raw = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key crunchy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 45, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
for (int i = 0; i < keys.length; i++) {
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % keys.length], keys[(i + 2) % keys.length], keys[(i + 3) % keys.length]));
Mac mac = keysetHandle.getPrimitive(Mac.class);
byte[] plaintext = "plaintext".getBytes("UTF-8");
byte[] tag = mac.computeMac(plaintext);
if (!keys[i].getOutputPrefixType().equals(OutputPrefixType.RAW)) {
byte[] prefix = Arrays.copyOfRange(tag, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
}
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception: " + i);
}
// Modify plaintext or tag and make sure the verifyMac failed.
byte[] plaintextAndTag = Bytes.concat(plaintext, tag);
for (int b = 0; b < plaintextAndTag.length; b++) {
for (int bit = 0; bit < 8; bit++) {
byte[] modified = Arrays.copyOf(plaintextAndTag, plaintextAndTag.length);
modified[b] ^= (byte) (1 << bit);
assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(Arrays.copyOfRange(modified, plaintext.length, modified.length), Arrays.copyOfRange(modified, 0, plaintext.length)));
}
}
// mac with a non-primary RAW key, verify with the keyset
KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(raw, legacy, tink, crunchy));
Mac mac2 = keysetHandle2.getPrimitive(Mac.class);
tag = mac2.computeMac(plaintext);
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception");
}
// mac with a random key not in the keyset, verify with the keyset should fail
byte[] keyValue2 = Random.randBytes(HMAC_KEY_SIZE);
Key random = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue2, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(random));
mac2 = keysetHandle2.getPrimitive(Mac.class);
byte[] tag2 = mac2.computeMac(plaintext);
assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(tag2, plaintext));
}
}
use of com.google.crypto.tink.Mac in project tink by google.
the class MacWrapperTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
Key tink = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
Key legacy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 43, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
Key raw = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key crunchy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 45, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
int j = keys.length;
for (int i = 0; i < j; i++) {
PrimitiveSet<Mac> primitives = TestUtil.createPrimitiveSet(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]), Mac.class);
Mac mac = new MacWrapper().wrap(primitives);
byte[] plaintext = "plaintext".getBytes("UTF-8");
byte[] tag = mac.computeMac(plaintext);
if (!keys[i].getOutputPrefixType().equals(OutputPrefixType.RAW)) {
byte[] prefix = Arrays.copyOfRange(tag, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
}
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception: " + i);
}
// Modify plaintext or tag and make sure the verifyMac failed.
byte[] plaintextAndTag = Bytes.concat(plaintext, tag);
for (int b = 0; b < plaintextAndTag.length; b++) {
for (int bit = 0; bit < 8; bit++) {
byte[] modified = Arrays.copyOf(plaintextAndTag, plaintextAndTag.length);
modified[b] ^= (byte) (1 << bit);
assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(Arrays.copyOfRange(modified, plaintext.length, modified.length), Arrays.copyOfRange(modified, 0, plaintext.length)));
}
}
// mac with a non-primary RAW key, verify with the keyset
PrimitiveSet<Mac> primitives2 = TestUtil.createPrimitiveSet(TestUtil.createKeyset(raw, legacy, tink, crunchy), Mac.class);
Mac mac2 = new MacWrapper().wrap(primitives2);
tag = mac2.computeMac(plaintext);
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception");
}
// mac with a random key not in the keyset, verify with the keyset should fail
byte[] keyValue2 = Random.randBytes(HMAC_KEY_SIZE);
Key random = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue2, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
PrimitiveSet<Mac> primitives3 = TestUtil.createPrimitiveSet(TestUtil.createKeyset(random), Mac.class);
mac2 = new MacWrapper().wrap(primitives3);
byte[] tag2 = mac2.computeMac(plaintext);
assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(tag2, plaintext));
}
}
use of com.google.crypto.tink.Mac in project tink by google.
the class MacWrapperTest method testSmallPlaintextWithRawKey.
@Test
public void testSmallPlaintextWithRawKey() throws Exception {
byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
Key primary = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
PrimitiveSet<Mac> primitives = TestUtil.createPrimitiveSet(TestUtil.createKeyset(primary), Mac.class);
Mac mac = new MacWrapper().wrap(primitives);
byte[] plaintext = "blah".getBytes("UTF-8");
byte[] tag = mac.computeMac(plaintext);
// no prefix
assertEquals(16, /* TAG */
tag.length);
try {
mac.verifyMac(tag, plaintext);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception");
}
}
Aggregations