Search in sources :

Example 11 with StreamingAead

use of com.google.crypto.tink.StreamingAead in project tink by google.

the class AesGcmHkdfStreamingKeyManagerTest method testBasic.

@Test
public void testBasic() throws Exception {
    // Create primitive from a given key.
    AesGcmHkdfStreamingKey key = AesGcmHkdfStreamingKey.newBuilder().setVersion(0).setKeyValue(ByteString.copyFrom(Random.randBytes(20))).setParams(keyParams).build();
    StreamingAead streamingAead = keyManager.getPrimitive(key);
    StreamingTestUtil.testEncryptionAndDecryption(streamingAead);
    // Create a key from KeyFormat, and use the key.
    AesGcmHkdfStreamingKeyFormat keyFormat = AesGcmHkdfStreamingKeyFormat.newBuilder().setParams(keyParams).setKeySize(16).build();
    ByteString serializedKeyFormat = ByteString.copyFrom(keyFormat.toByteArray());
    key = (AesGcmHkdfStreamingKey) keyManager.newKey(serializedKeyFormat);
    streamingAead = keyManager.getPrimitive(key);
    StreamingTestUtil.testEncryptionAndDecryption(streamingAead);
}
Also used : AesGcmHkdfStreamingKey(com.google.crypto.tink.proto.AesGcmHkdfStreamingKey) AesGcmHkdfStreamingKeyFormat(com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat) ByteString(com.google.protobuf.ByteString) StreamingAead(com.google.crypto.tink.StreamingAead) Test(org.junit.Test)

Example 12 with StreamingAead

use of com.google.crypto.tink.StreamingAead in project tink by google.

the class StreamingAeadCatalogueTest method testBasic.

@Test
public void testBasic() throws Exception {
    StreamingAeadCatalogue catalogue = new StreamingAeadCatalogue();
    // Check a single key type, incl. case-insensitve primitive name.
    String keyType = "type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey";
    {
        KeyManager<StreamingAead> manager = catalogue.getKeyManager(keyType, "StreamingAead", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<StreamingAead> manager = catalogue.getKeyManager(keyType, "STReaMIngAeAD", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<StreamingAead> manager = catalogue.getKeyManager(keyType, "STREAMINgaEAD", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    // Check all entries from the current StreamingAeadConfig.
    RegistryConfig config = StreamingAeadConfig.TINK_1_1_0;
    int count = 0;
    for (KeyTypeEntry entry : config.getEntryList()) {
        if ("StreamingAead".equals(entry.getPrimitiveName())) {
            count = count + 1;
            KeyManager<StreamingAead> manager = catalogue.getKeyManager(entry.getTypeUrl(), "streamingaead", entry.getKeyManagerVersion());
            assertThat(manager.doesSupport(entry.getTypeUrl())).isTrue();
        }
    }
    assertEquals(2, count);
}
Also used : RegistryConfig(com.google.crypto.tink.proto.RegistryConfig) KeyTypeEntry(com.google.crypto.tink.proto.KeyTypeEntry) KeyManager(com.google.crypto.tink.KeyManager) StreamingAead(com.google.crypto.tink.StreamingAead) Test(org.junit.Test)

Example 13 with StreamingAead

use of com.google.crypto.tink.StreamingAead in project tink by google.

the class ReadableByteChannelDecrypter method read.

@Override
@GuardedBy("this")
public synchronized int read(ByteBuffer dst) throws IOException {
    if (dst.remaining() == 0) {
        return 0;
    }
    if (matchingChannel != null) {
        return matchingChannel.read(dst);
    } else {
        if (attemptedMatching) {
            throw new IOException("No matching key found for the ciphertext in the stream.");
        }
        attemptedMatching = true;
        List<PrimitiveSet.Entry<StreamingAead>> entries;
        try {
            entries = primitives.getRawPrimitives();
        } catch (GeneralSecurityException e) {
            throw new IOException("Keyset failure: ", e);
        }
        for (PrimitiveSet.Entry<StreamingAead> entry : entries) {
            try {
                ReadableByteChannel attemptedChannel = entry.getPrimitive().newDecryptingChannel(ciphertextChannel, associatedData);
                int retValue = attemptedChannel.read(dst);
                if (retValue > 0) {
                    // Found a matching channel
                    matchingChannel = attemptedChannel;
                    ciphertextChannel.disableRewinding();
                } else if (retValue == 0) {
                    // Not clear whether the channel could be matched: it might be
                    // that the underlying channel didn't provide sufficiently many bytes
                    // to check the header, or maybe the header was checked, but there
                    // were no actual encrypted bytes in the channel yet.
                    // Should try again.
                    ciphertextChannel.rewind();
                    attemptedMatching = false;
                }
                return retValue;
            } catch (IOException e) {
                // Try another key.
                // IOException is thrown e.g. when MAC is incorrect, but also in case
                // of I/O failures.
                // TODO(b/66098906): Use a subclass of IOException.
                ciphertextChannel.rewind();
                continue;
            } catch (GeneralSecurityException e) {
                // Try another key.
                ciphertextChannel.rewind();
                continue;
            }
        }
        throw new IOException("No matching key found for the ciphertext in the stream.");
    }
}
Also used : RewindableReadableByteChannel(com.google.crypto.tink.subtle.RewindableReadableByteChannel) ReadableByteChannel(java.nio.channels.ReadableByteChannel) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) PrimitiveSet(com.google.crypto.tink.PrimitiveSet) StreamingAead(com.google.crypto.tink.StreamingAead) GuardedBy(javax.annotation.concurrent.GuardedBy)

Example 14 with StreamingAead

use of com.google.crypto.tink.StreamingAead in project tink by google.

the class SeekableByteChannelDecrypter method read.

@Override
@GuardedBy("this")
public synchronized int read(ByteBuffer dst) throws IOException {
    if (dst.remaining() == 0) {
        return 0;
    }
    if (matchingChannel != null) {
        return matchingChannel.read(dst);
    } else {
        if (attemptedMatching) {
            throw new IOException("No matching key found for the ciphertext in the stream.");
        }
        attemptedMatching = true;
        List<PrimitiveSet.Entry<StreamingAead>> entries;
        try {
            entries = primitives.getRawPrimitives();
        } catch (GeneralSecurityException e) {
            throw new IOException("Keyset failure: ", e);
        }
        for (PrimitiveSet.Entry<StreamingAead> entry : entries) {
            try {
                SeekableByteChannel attemptedChannel = entry.getPrimitive().newSeekableDecryptingChannel(ciphertextChannel, associatedData);
                if (cachedPosition >= 0) {
                    // Caller did set new position before 1st read().
                    attemptedChannel.position(cachedPosition);
                }
                int retValue = attemptedChannel.read(dst);
                if (retValue > 0) {
                    // Found a matching channel.
                    matchingChannel = attemptedChannel;
                } else if (retValue == 0) {
                    // Not clear whether the channel could be matched: it might be
                    // that the underlying channel didn't provide sufficiently many bytes
                    // to check the header, or maybe the header was checked, but there
                    // were no actual encrypted bytes in the channel yet.
                    // Should try again.
                    ciphertextChannel.position(startingPosition);
                    attemptedMatching = false;
                }
                matchingChannel = attemptedChannel;
                return retValue;
            } catch (IOException e) {
                // Try another key.
                // IOException is thrown e.g. when MAC is incorrect, but also in case
                // of I/O failures.
                // TODO(b/66098906): Use a subclass of IOException.
                ciphertextChannel.position(startingPosition);
                continue;
            } catch (GeneralSecurityException e) {
                // Try another key.
                ciphertextChannel.position(startingPosition);
                continue;
            }
        }
        throw new IOException("No matching key found for the ciphertext in the stream.");
    }
}
Also used : SeekableByteChannel(java.nio.channels.SeekableByteChannel) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) PrimitiveSet(com.google.crypto.tink.PrimitiveSet) StreamingAead(com.google.crypto.tink.StreamingAead) GuardedBy(javax.annotation.concurrent.GuardedBy)

Example 15 with StreamingAead

use of com.google.crypto.tink.StreamingAead in project tink by google.

the class StreamingAeadIntegrationTest method testBasicAesGcmHkdfStreamingAead.

@Test
public void testBasicAesGcmHkdfStreamingAead() throws Exception {
    byte[] keyValue = Random.randBytes(KDF_KEY_SIZE);
    int derivedKeySize = AES_KEY_SIZE;
    int ciphertextSegmentSize = 128;
    KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createAesGcmHkdfStreamingKeyData(keyValue, derivedKeySize, ciphertextSegmentSize), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW)));
    StreamingAead streamingAead = keysetHandle.getPrimitive(StreamingAead.class);
    StreamingTestUtil.testEncryptionAndDecryption(streamingAead);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) StreamingAead(com.google.crypto.tink.StreamingAead) Test(org.junit.Test)

Aggregations

StreamingAead (com.google.crypto.tink.StreamingAead)21 Test (org.junit.Test)14 IOException (java.io.IOException)10 KeysetHandle (com.google.crypto.tink.KeysetHandle)9 GeneralSecurityException (java.security.GeneralSecurityException)7 GuardedBy (javax.annotation.concurrent.GuardedBy)4 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3 PrimitiveSet (com.google.crypto.tink.PrimitiveSet)3 Key (com.google.crypto.tink.proto.Keyset.Key)3 AesCtrHmacStreamingKey (com.google.crypto.tink.proto.AesCtrHmacStreamingKey)2 AesCtrHmacStreamingKeyFormat (com.google.crypto.tink.proto.AesCtrHmacStreamingKeyFormat)2 AesGcmHkdfStreamingKey (com.google.crypto.tink.proto.AesGcmHkdfStreamingKey)2 ByteString (com.google.protobuf.ByteString)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 InputStream (java.io.InputStream)2 SeekableByteChannel (java.nio.channels.SeekableByteChannel)2 KeyManager (com.google.crypto.tink.KeyManager)1 AesGcmHkdfStreamingKeyFormat (com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat)1 KeyTypeEntry (com.google.crypto.tink.proto.KeyTypeEntry)1