Example 11 with StreamingAead
use of com.google.crypto.tink.StreamingAead in project tink by google.
the class AesGcmHkdfStreamingKeyManagerTest method testBasic.
@Test
public void testBasic() throws Exception {
// Create primitive from a given key.
AesGcmHkdfStreamingKey key = AesGcmHkdfStreamingKey.newBuilder().setVersion(0).setKeyValue(ByteString.copyFrom(Random.randBytes(20))).setParams(keyParams).build();
StreamingAead streamingAead = keyManager.getPrimitive(key);
StreamingTestUtil.testEncryptionAndDecryption(streamingAead);
// Create a key from KeyFormat, and use the key.
AesGcmHkdfStreamingKeyFormat keyFormat = AesGcmHkdfStreamingKeyFormat.newBuilder().setParams(keyParams).setKeySize(16).build();
ByteString serializedKeyFormat = ByteString.copyFrom(keyFormat.toByteArray());
key = (AesGcmHkdfStreamingKey) keyManager.newKey(serializedKeyFormat);
streamingAead = keyManager.getPrimitive(key);
StreamingTestUtil.testEncryptionAndDecryption(streamingAead);
}
Also used :
AesGcmHkdfStreamingKey(com.google.crypto.tink.proto.AesGcmHkdfStreamingKey)
AesGcmHkdfStreamingKeyFormat(com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat)
ByteString(com.google.protobuf.ByteString)
StreamingAead(com.google.crypto.tink.StreamingAead)
Test(org.junit.Test)
Example 12 with StreamingAead
use of com.google.crypto.tink.StreamingAead in project tink by google.
the class StreamingAeadCatalogueTest method testBasic.
@Test
public void testBasic() throws Exception {
StreamingAeadCatalogue catalogue = new StreamingAeadCatalogue();
// Check a single key type, incl. case-insensitve primitive name.
String keyType = "type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey";
{
KeyManager<StreamingAead> manager = catalogue.getKeyManager(keyType, "StreamingAead", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
{
KeyManager<StreamingAead> manager = catalogue.getKeyManager(keyType, "STReaMIngAeAD", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
{
KeyManager<StreamingAead> manager = catalogue.getKeyManager(keyType, "STREAMINgaEAD", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
// Check all entries from the current StreamingAeadConfig.
RegistryConfig config = StreamingAeadConfig.TINK_1_1_0;
int count = 0;
for (KeyTypeEntry entry : config.getEntryList()) {
if ("StreamingAead".equals(entry.getPrimitiveName())) {
count = count + 1;
KeyManager<StreamingAead> manager = catalogue.getKeyManager(entry.getTypeUrl(), "streamingaead", entry.getKeyManagerVersion());
assertThat(manager.doesSupport(entry.getTypeUrl())).isTrue();
}
}
assertEquals(2, count);
}
Also used :
RegistryConfig(com.google.crypto.tink.proto.RegistryConfig)
KeyTypeEntry(com.google.crypto.tink.proto.KeyTypeEntry)
KeyManager(com.google.crypto.tink.KeyManager)
StreamingAead(com.google.crypto.tink.StreamingAead)
Test(org.junit.Test)
Example 13 with StreamingAead
use of com.google.crypto.tink.StreamingAead in project tink by google.
the class ReadableByteChannelDecrypter method read.
@Override
@GuardedBy("this")
public synchronized int read(ByteBuffer dst) throws IOException {
if (dst.remaining() == 0) {
return 0;
}
if (matchingChannel != null) {
return matchingChannel.read(dst);
} else {
if (attemptedMatching) {
throw new IOException("No matching key found for the ciphertext in the stream.");
}
attemptedMatching = true;
List<PrimitiveSet.Entry<StreamingAead>> entries;
try {
entries = primitives.getRawPrimitives();
} catch (GeneralSecurityException e) {
throw new IOException("Keyset failure: ", e);
}
for (PrimitiveSet.Entry<StreamingAead> entry : entries) {
try {
ReadableByteChannel attemptedChannel = entry.getPrimitive().newDecryptingChannel(ciphertextChannel, associatedData);
int retValue = attemptedChannel.read(dst);
if (retValue > 0) {
// Found a matching channel
matchingChannel = attemptedChannel;
ciphertextChannel.disableRewinding();
} else if (retValue == 0) {
// Not clear whether the channel could be matched: it might be
// that the underlying channel didn't provide sufficiently many bytes
// to check the header, or maybe the header was checked, but there
// were no actual encrypted bytes in the channel yet.
// Should try again.
ciphertextChannel.rewind();
attemptedMatching = false;
}
return retValue;
} catch (IOException e) {
// Try another key.
// IOException is thrown e.g. when MAC is incorrect, but also in case
// of I/O failures.
// TODO(b/66098906): Use a subclass of IOException.
ciphertextChannel.rewind();
continue;
} catch (GeneralSecurityException e) {
// Try another key.
ciphertextChannel.rewind();
continue;
}
}
throw new IOException("No matching key found for the ciphertext in the stream.");
}
}
Also used :
RewindableReadableByteChannel(com.google.crypto.tink.subtle.RewindableReadableByteChannel)
ReadableByteChannel(java.nio.channels.ReadableByteChannel)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
PrimitiveSet(com.google.crypto.tink.PrimitiveSet)
StreamingAead(com.google.crypto.tink.StreamingAead)
GuardedBy(javax.annotation.concurrent.GuardedBy)
Example 14 with StreamingAead
use of com.google.crypto.tink.StreamingAead in project tink by google.
the class SeekableByteChannelDecrypter method read.
@Override
@GuardedBy("this")
public synchronized int read(ByteBuffer dst) throws IOException {
if (dst.remaining() == 0) {
return 0;
}
if (matchingChannel != null) {
return matchingChannel.read(dst);
} else {
if (attemptedMatching) {
throw new IOException("No matching key found for the ciphertext in the stream.");
}
attemptedMatching = true;
List<PrimitiveSet.Entry<StreamingAead>> entries;
try {
entries = primitives.getRawPrimitives();
} catch (GeneralSecurityException e) {
throw new IOException("Keyset failure: ", e);
}
for (PrimitiveSet.Entry<StreamingAead> entry : entries) {
try {
SeekableByteChannel attemptedChannel = entry.getPrimitive().newSeekableDecryptingChannel(ciphertextChannel, associatedData);
if (cachedPosition >= 0) {
// Caller did set new position before 1st read().
attemptedChannel.position(cachedPosition);
}
int retValue = attemptedChannel.read(dst);
if (retValue > 0) {
// Found a matching channel.
matchingChannel = attemptedChannel;
} else if (retValue == 0) {
// Not clear whether the channel could be matched: it might be
// that the underlying channel didn't provide sufficiently many bytes
// to check the header, or maybe the header was checked, but there
// were no actual encrypted bytes in the channel yet.
// Should try again.
ciphertextChannel.position(startingPosition);
attemptedMatching = false;
}
matchingChannel = attemptedChannel;
return retValue;
} catch (IOException e) {
// Try another key.
// IOException is thrown e.g. when MAC is incorrect, but also in case
// of I/O failures.
// TODO(b/66098906): Use a subclass of IOException.
ciphertextChannel.position(startingPosition);
continue;
} catch (GeneralSecurityException e) {
// Try another key.
ciphertextChannel.position(startingPosition);
continue;
}
}
throw new IOException("No matching key found for the ciphertext in the stream.");
}
}
Also used :
SeekableByteChannel(java.nio.channels.SeekableByteChannel)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
PrimitiveSet(com.google.crypto.tink.PrimitiveSet)
StreamingAead(com.google.crypto.tink.StreamingAead)
GuardedBy(javax.annotation.concurrent.GuardedBy)
Example 15 with StreamingAead
use of com.google.crypto.tink.StreamingAead in project tink by google.
the class StreamingAeadIntegrationTest method testBasicAesGcmHkdfStreamingAead.
@Test
public void testBasicAesGcmHkdfStreamingAead() throws Exception {
byte[] keyValue = Random.randBytes(KDF_KEY_SIZE);
int derivedKeySize = AES_KEY_SIZE;
int ciphertextSegmentSize = 128;
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createAesGcmHkdfStreamingKeyData(keyValue, derivedKeySize, ciphertextSegmentSize), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW)));
StreamingAead streamingAead = keysetHandle.getPrimitive(StreamingAead.class);
StreamingTestUtil.testEncryptionAndDecryption(streamingAead);
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
StreamingAead(com.google.crypto.tink.StreamingAead)
Test(org.junit.Test)
Aggregations
StreamingAead (com.google.crypto.tink.StreamingAead)21
Test (org.junit.Test)14
IOException (java.io.IOException)10
KeysetHandle (com.google.crypto.tink.KeysetHandle)9
GeneralSecurityException (java.security.GeneralSecurityException)7
GuardedBy (javax.annotation.concurrent.GuardedBy)4
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3
PrimitiveSet (com.google.crypto.tink.PrimitiveSet)3
Key (com.google.crypto.tink.proto.Keyset.Key)3
AesCtrHmacStreamingKey (com.google.crypto.tink.proto.AesCtrHmacStreamingKey)2
AesCtrHmacStreamingKeyFormat (com.google.crypto.tink.proto.AesCtrHmacStreamingKeyFormat)2
AesGcmHkdfStreamingKey (com.google.crypto.tink.proto.AesGcmHkdfStreamingKey)2
ByteString (com.google.protobuf.ByteString)2
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
InputStream (java.io.InputStream)2
SeekableByteChannel (java.nio.channels.SeekableByteChannel)2
KeyManager (com.google.crypto.tink.KeyManager)1
AesGcmHkdfStreamingKeyFormat (com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat)1
KeyTypeEntry (com.google.crypto.tink.proto.KeyTypeEntry)1
