Example 21 with Mac
use of com.google.crypto.tink.Mac in project tink by google.
the class EncryptThenAuthenticateTest method getAead.
private Aead getAead(byte[] hmacKey, byte[] encKey, int ivSize, int tagLength, String macAlg) throws Exception {
IndCpaCipher cipher = new AesCtrJceCipher(encKey, ivSize);
SecretKeySpec keySpec = new SecretKeySpec(hmacKey, "HMAC");
Mac mac = new MacJce(macAlg, keySpec, tagLength);
return new EncryptThenAuthenticate(cipher, mac, tagLength);
}
Also used :
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Mac(com.google.crypto.tink.Mac)
Example 22 with Mac
use of com.google.crypto.tink.Mac in project tink by google.
the class MacJceTest method testMacTestVectors.
@Test
public void testMacTestVectors() throws Exception {
for (MacTestVector t : HMAC_TEST_VECTORS) {
Mac mac = new MacJce(t.algName, new SecretKeySpec(t.key, "HMAC"), t.tag.length);
assertArrayEquals(t.tag, mac.computeMac(t.message));
try {
mac.verifyMac(t.tag, t.message);
} catch (GeneralSecurityException e) {
fail("Valid MAC, should not throw exception");
}
}
}
Also used :
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
GeneralSecurityException(java.security.GeneralSecurityException)
Mac(com.google.crypto.tink.Mac)
Test(org.junit.Test)
Example 23 with Mac
use of com.google.crypto.tink.Mac in project tink by google.
the class PrfAesCmacTest method testBitFlipMessage.
@Test
public void testBitFlipMessage() throws Exception {
Assume.assumeFalse(TinkFips.useOnlyFips());
for (MacTestVector t : CMAC_TEST_VECTORS) {
Mac mac = new PrfMac(new PrfAesCmac(t.key), t.tag.length);
for (int b = 0; b < t.message.length; b++) {
for (int bit = 0; bit < 8; bit++) {
byte[] modifiedMessage = Arrays.copyOf(t.message, t.message.length);
modifiedMessage[b] = (byte) (modifiedMessage[b] ^ (1 << bit));
assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(t.tag, modifiedMessage));
}
}
}
// Test with random keys.
for (MacTestVector t : CMAC_TEST_VECTORS) {
Mac mac = new PrfMac(new PrfAesCmac(Random.randBytes(t.key.length)), t.tag.length);
for (int j = 1; j < t.tag.length; j++) {
byte[] modifiedTag = Arrays.copyOf(t.tag, t.tag.length - j);
assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(modifiedTag, t.message));
}
}
}Example 24 with Mac
use of com.google.crypto.tink.Mac in project tink by google.
the class PrfAesCmacTest method testBitFlipTag.
@Test
public void testBitFlipTag() throws Exception {
Assume.assumeFalse(TinkFips.useOnlyFips());
for (MacTestVector t : CMAC_TEST_VECTORS) {
Mac mac = new PrfMac(new PrfAesCmac(t.key), t.tag.length);
for (int b = 0; b < t.tag.length; b++) {
for (int bit = 0; bit < 8; bit++) {
byte[] modifiedTag = Arrays.copyOf(t.tag, t.tag.length);
modifiedTag[b] = (byte) (modifiedTag[b] ^ (1 << bit));
assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(modifiedTag, t.message));
}
}
}
// Test with random keys.
for (MacTestVector t : CMAC_TEST_VECTORS) {
Mac mac = new PrfMac(new PrfAesCmac(Random.randBytes(t.key.length)), t.tag.length);
for (int b = 0; b < t.tag.length; b++) {
for (int bit = 0; bit < 8; bit++) {
byte[] modifiedTag = Arrays.copyOf(t.tag, t.tag.length);
modifiedTag[b] = (byte) (modifiedTag[b] ^ (1 << bit));
assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(modifiedTag, t.message));
}
}
}
}Example 25 with Mac
use of com.google.crypto.tink.Mac in project tink by google.
the class AeadThreadSafetyTest method testAesCtrHmac.
@Test
public void testAesCtrHmac() throws Exception {
byte[] key = Random.randBytes(16);
byte[] macKey = Random.randBytes(32);
int ivSize = 12;
int macSize = 12;
IndCpaCipher cipher = new AesCtrJceCipher(key, ivSize);
SecretKeySpec keySpec = new SecretKeySpec(macKey, "HMAC");
Mac mac = new PrfMac(new PrfHmacJce("HMACSHA256", keySpec), macSize);
// TODO(b/148134669): Remove the following line.
// There is a potential (but unlikely) race in java.security.Provider. Since AesCtrHmac
// encryption creates a cipher for the first time in
// http://google3/third_party/tink/java_src/src/main/java/com/google/crypto/tink/subtle/AesCtrJceCipher.java?l=128&rcl=272896379
// if we do this multithreaded, there is a potential for a race in case we call encrypt
// for the first time at the same time in multiple threads. To get around this, we first encrypt
// an empty plaintext here.
cipher.encrypt(new byte[0]);
Aead aesCtrHmac = new EncryptThenAuthenticate(cipher, mac, macSize);
testEncryptionDecryption(aesCtrHmac, 5, 128, 20);
}
Also used :
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Aead(com.google.crypto.tink.Aead)
Mac(com.google.crypto.tink.Mac)
Test(org.junit.Test)
Aggregations
Mac (com.google.crypto.tink.Mac)34
Test (org.junit.Test)29
GeneralSecurityException (java.security.GeneralSecurityException)19
SecretKeySpec (javax.crypto.spec.SecretKeySpec)15
KeysetHandle (com.google.crypto.tink.KeysetHandle)7
Key (com.google.crypto.tink.proto.Keyset.Key)6
PrfMac (com.google.crypto.tink.subtle.PrfMac)4
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3
HmacKey (com.google.crypto.tink.proto.HmacKey)3
PrfHmacJce (com.google.crypto.tink.subtle.PrfHmacJce)3
IOException (java.io.IOException)3
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2
Aead (com.google.crypto.tink.Aead)1
KeyManager (com.google.crypto.tink.KeyManager)1
Prf (com.google.crypto.tink.prf.Prf)1
AesCmacKey (com.google.crypto.tink.proto.AesCmacKey)1
KeyTypeEntry (com.google.crypto.tink.proto.KeyTypeEntry)1
RegistryConfig (com.google.crypto.tink.proto.RegistryConfig)1
ComputeMacResponse (com.google.crypto.tink.proto.testing.ComputeMacResponse)1
VerifyMacResponse (com.google.crypto.tink.proto.testing.VerifyMacResponse)1
