Search in sources :

Example 1 with AesGcmKeyFormat

use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.

the class AesGcmKeyManager method newKey.

/**
 * @param keyFormat {@code AesGcmKeyFormat} proto
 * @return new {@code AesGcmKey} proto
 */
@Override
public MessageLite newKey(MessageLite keyFormat) throws GeneralSecurityException {
    if (!(keyFormat instanceof AesGcmKeyFormat)) {
        throw new GeneralSecurityException("expected AesGcmKeyFormat proto");
    }
    AesGcmKeyFormat format = (AesGcmKeyFormat) keyFormat;
    validate(format);
    return AesGcmKey.newBuilder().setKeyValue(ByteString.copyFrom(Random.randBytes(format.getKeySize()))).setVersion(VERSION).build();
}
Also used : AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) GeneralSecurityException(java.security.GeneralSecurityException)

Example 2 with AesGcmKeyFormat

use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.

the class AesGcmKeyManagerTest method testNewKeyMultipleTimes.

@Test
public void testNewKeyMultipleTimes() throws Exception {
    AesGcmKeyFormat gcmKeyFormat = AesGcmKeyFormat.newBuilder().setKeySize(16).build();
    ByteString serialized = ByteString.copyFrom(gcmKeyFormat.toByteArray());
    KeyTemplate keyTemplate = KeyTemplate.newBuilder().setTypeUrl(AesGcmKeyManager.TYPE_URL).setValue(serialized).build();
    AesGcmKeyManager keyManager = new AesGcmKeyManager();
    Set<String> keys = new TreeSet<String>();
    // Calls newKey multiple times and make sure that they generate different keys.
    int numTests = 27;
    for (int i = 0; i < numTests / 3; i++) {
        AesGcmKey key = (AesGcmKey) keyManager.newKey(gcmKeyFormat);
        keys.add(TestUtil.hexEncode(key.getKeyValue().toByteArray()));
        assertEquals(16, key.getKeyValue().toByteArray().length);
        key = (AesGcmKey) keyManager.newKey(serialized);
        keys.add(TestUtil.hexEncode(key.getKeyValue().toByteArray()));
        assertEquals(16, key.getKeyValue().toByteArray().length);
        KeyData keyData = keyManager.newKeyData(keyTemplate.getValue());
        key = AesGcmKey.parseFrom(keyData.getValue());
        keys.add(TestUtil.hexEncode(key.getKeyValue().toByteArray()));
        assertEquals(16, key.getKeyValue().toByteArray().length);
    }
    assertEquals(numTests, keys.size());
}
Also used : AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) ByteString(com.google.protobuf.ByteString) TreeSet(java.util.TreeSet) ByteString(com.google.protobuf.ByteString) AesGcmKey(com.google.crypto.tink.proto.AesGcmKey) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 3 with AesGcmKeyFormat

use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.

the class AeadKeyTemplatesTest method testCreateAesGcmKeyTemplate.

@Test
public void testCreateAesGcmKeyTemplate() throws Exception {
    // Intentionally using "weird" or invalid values for parameters,
    // to test that the function correctly puts them in the resulting template.
    int keySize = 42;
    KeyTemplate template = AeadKeyTemplates.createAesGcmKeyTemplate(keySize);
    assertEquals(new AesGcmKeyManager().getKeyType(), template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    AesGcmKeyFormat format = AesGcmKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertEquals(keySize, format.getKeySize());
}
Also used : AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Example 4 with AesGcmKeyFormat

use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.

the class AesGcmKeyManager method keyFactory.

@Override
public KeyFactory<AesGcmKeyFormat, AesGcmKey> keyFactory() {
    return new KeyFactory<AesGcmKeyFormat, AesGcmKey>(AesGcmKeyFormat.class) {

        @Override
        public void validateKeyFormat(AesGcmKeyFormat format) throws GeneralSecurityException {
            Validators.validateAesKeySize(format.getKeySize());
        }

        @Override
        public AesGcmKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
            return AesGcmKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override
        public AesGcmKey createKey(AesGcmKeyFormat format) throws GeneralSecurityException {
            return AesGcmKey.newBuilder().setKeyValue(ByteString.copyFrom(Random.randBytes(format.getKeySize()))).setVersion(getVersion()).build();
        }

        @Override
        public AesGcmKey deriveKey(AesGcmKeyFormat format, InputStream inputStream) throws GeneralSecurityException {
            Validators.validateVersion(format.getVersion(), getVersion());
            byte[] pseudorandomness = new byte[format.getKeySize()];
            try {
                int read = inputStream.read(pseudorandomness);
                if (read != format.getKeySize()) {
                    throw new GeneralSecurityException("Not enough pseudorandomness given");
                }
                return AesGcmKey.newBuilder().setKeyValue(ByteString.copyFrom(pseudorandomness)).setVersion(getVersion()).build();
            } catch (IOException e) {
                throw new GeneralSecurityException("Reading pseudorandomness failed", e);
            }
        }

        @Override
        public Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> keyFormats() throws GeneralSecurityException {
            Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> result = new HashMap<>();
            result.put("AES128_GCM", createKeyFormat(16, KeyTemplate.OutputPrefixType.TINK));
            result.put("AES128_GCM_RAW", createKeyFormat(16, KeyTemplate.OutputPrefixType.RAW));
            result.put("AES256_GCM", createKeyFormat(32, KeyTemplate.OutputPrefixType.TINK));
            result.put("AES256_GCM_RAW", createKeyFormat(32, KeyTemplate.OutputPrefixType.RAW));
            return Collections.unmodifiableMap(result);
        }
    };
}
Also used : AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) HashMap(java.util.HashMap) ByteString(com.google.protobuf.ByteString) InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) ByteString(com.google.protobuf.ByteString) AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat)

Example 5 with AesGcmKeyFormat

use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.

the class KeysetManagerTest method addKeyHandle_newKeyset_shouldAddKey.

@Test
public void addKeyHandle_newKeyset_shouldAddKey() throws Exception {
    KeyTemplate keyTemplate = KeyTemplates.get("AES256_GCM");
    KeyHandle keyHandle = KeyHandle.generateNew(keyTemplate);
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
    keysetManager = keysetManager.add(keyHandle);
    KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
    Keyset keyset = keysetHandle.getKeyset();
    expect.that(keyset.getKeyCount()).isEqualTo(1);
    Keyset.Key key = keyset.getKey(0);
    expect.that(key.getKeyId()).isEqualTo(keyHandle.getId());
    expect.that(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
    expect.that(key.hasKeyData()).isTrue();
    expect.that(key.getKeyData().getTypeUrl()).isEqualTo(keyTemplate.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(keyTemplate.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
    // No primary key because add doesn't automatically promote the new key to primary.
    assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) Key(com.google.crypto.tink.proto.Keyset.Key) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) AesGcmKey(com.google.crypto.tink.proto.AesGcmKey) Test(org.junit.Test)

Aggregations

AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)23 Test (org.junit.Test)21 AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)8 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)6 Keyset (com.google.crypto.tink.proto.Keyset)6 Key (com.google.crypto.tink.proto.Keyset.Key)6 KeyTemplate (com.google.crypto.tink.KeyTemplate)4 KeyHandle (com.google.crypto.tink.tinkkey.KeyHandle)4 ByteArrayInputStream (java.io.ByteArrayInputStream)4 ByteString (com.google.protobuf.ByteString)3 GeneralSecurityException (java.security.GeneralSecurityException)3 KeyData (com.google.crypto.tink.proto.KeyData)2 KeyAccess (com.google.crypto.tink.tinkkey.KeyAccess)2 SecretKeyAccess (com.google.crypto.tink.tinkkey.SecretKeyAccess)2 TreeSet (java.util.TreeSet)2 ProtoKey (com.google.crypto.tink.tinkkey.internal.ProtoKey)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 HashMap (java.util.HashMap)1