use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.
the class AesGcmKeyManager method newKey.
/**
* @param keyFormat {@code AesGcmKeyFormat} proto
* @return new {@code AesGcmKey} proto
*/
@Override
public MessageLite newKey(MessageLite keyFormat) throws GeneralSecurityException {
if (!(keyFormat instanceof AesGcmKeyFormat)) {
throw new GeneralSecurityException("expected AesGcmKeyFormat proto");
}
AesGcmKeyFormat format = (AesGcmKeyFormat) keyFormat;
validate(format);
return AesGcmKey.newBuilder().setKeyValue(ByteString.copyFrom(Random.randBytes(format.getKeySize()))).setVersion(VERSION).build();
}
use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.
the class AesGcmKeyManagerTest method testNewKeyMultipleTimes.
@Test
public void testNewKeyMultipleTimes() throws Exception {
AesGcmKeyFormat gcmKeyFormat = AesGcmKeyFormat.newBuilder().setKeySize(16).build();
ByteString serialized = ByteString.copyFrom(gcmKeyFormat.toByteArray());
KeyTemplate keyTemplate = KeyTemplate.newBuilder().setTypeUrl(AesGcmKeyManager.TYPE_URL).setValue(serialized).build();
AesGcmKeyManager keyManager = new AesGcmKeyManager();
Set<String> keys = new TreeSet<String>();
// Calls newKey multiple times and make sure that they generate different keys.
int numTests = 27;
for (int i = 0; i < numTests / 3; i++) {
AesGcmKey key = (AesGcmKey) keyManager.newKey(gcmKeyFormat);
keys.add(TestUtil.hexEncode(key.getKeyValue().toByteArray()));
assertEquals(16, key.getKeyValue().toByteArray().length);
key = (AesGcmKey) keyManager.newKey(serialized);
keys.add(TestUtil.hexEncode(key.getKeyValue().toByteArray()));
assertEquals(16, key.getKeyValue().toByteArray().length);
KeyData keyData = keyManager.newKeyData(keyTemplate.getValue());
key = AesGcmKey.parseFrom(keyData.getValue());
keys.add(TestUtil.hexEncode(key.getKeyValue().toByteArray()));
assertEquals(16, key.getKeyValue().toByteArray().length);
}
assertEquals(numTests, keys.size());
}
use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.
the class AeadKeyTemplatesTest method testCreateAesGcmKeyTemplate.
@Test
public void testCreateAesGcmKeyTemplate() throws Exception {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
int keySize = 42;
KeyTemplate template = AeadKeyTemplates.createAesGcmKeyTemplate(keySize);
assertEquals(new AesGcmKeyManager().getKeyType(), template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
AesGcmKeyFormat format = AesGcmKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
assertEquals(keySize, format.getKeySize());
}
use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.
the class AesGcmKeyManager method keyFactory.
@Override
public KeyFactory<AesGcmKeyFormat, AesGcmKey> keyFactory() {
return new KeyFactory<AesGcmKeyFormat, AesGcmKey>(AesGcmKeyFormat.class) {
@Override
public void validateKeyFormat(AesGcmKeyFormat format) throws GeneralSecurityException {
Validators.validateAesKeySize(format.getKeySize());
}
@Override
public AesGcmKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
return AesGcmKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
}
@Override
public AesGcmKey createKey(AesGcmKeyFormat format) throws GeneralSecurityException {
return AesGcmKey.newBuilder().setKeyValue(ByteString.copyFrom(Random.randBytes(format.getKeySize()))).setVersion(getVersion()).build();
}
@Override
public AesGcmKey deriveKey(AesGcmKeyFormat format, InputStream inputStream) throws GeneralSecurityException {
Validators.validateVersion(format.getVersion(), getVersion());
byte[] pseudorandomness = new byte[format.getKeySize()];
try {
int read = inputStream.read(pseudorandomness);
if (read != format.getKeySize()) {
throw new GeneralSecurityException("Not enough pseudorandomness given");
}
return AesGcmKey.newBuilder().setKeyValue(ByteString.copyFrom(pseudorandomness)).setVersion(getVersion()).build();
} catch (IOException e) {
throw new GeneralSecurityException("Reading pseudorandomness failed", e);
}
}
@Override
public Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> keyFormats() throws GeneralSecurityException {
Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> result = new HashMap<>();
result.put("AES128_GCM", createKeyFormat(16, KeyTemplate.OutputPrefixType.TINK));
result.put("AES128_GCM_RAW", createKeyFormat(16, KeyTemplate.OutputPrefixType.RAW));
result.put("AES256_GCM", createKeyFormat(32, KeyTemplate.OutputPrefixType.TINK));
result.put("AES256_GCM_RAW", createKeyFormat(32, KeyTemplate.OutputPrefixType.RAW));
return Collections.unmodifiableMap(result);
}
};
}
use of com.google.crypto.tink.proto.AesGcmKeyFormat in project tink by google.
the class KeysetManagerTest method addKeyHandle_newKeyset_shouldAddKey.
@Test
public void addKeyHandle_newKeyset_shouldAddKey() throws Exception {
KeyTemplate keyTemplate = KeyTemplates.get("AES256_GCM");
KeyHandle keyHandle = KeyHandle.generateNew(keyTemplate);
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
keysetManager = keysetManager.add(keyHandle);
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
Keyset keyset = keysetHandle.getKeyset();
expect.that(keyset.getKeyCount()).isEqualTo(1);
Keyset.Key key = keyset.getKey(0);
expect.that(key.getKeyId()).isEqualTo(keyHandle.getId());
expect.that(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
expect.that(key.hasKeyData()).isTrue();
expect.that(key.getKeyData().getTypeUrl()).isEqualTo(keyTemplate.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(keyTemplate.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
// No primary key because add doesn't automatically promote the new key to primary.
assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
Aggregations