Search in sources :

Example 71 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class MacKeyTemplatesTest method hmacSha512_512BitTag.

@Test
public void hmacSha512_512BitTag() throws Exception {
    KeyTemplate template = MacKeyTemplates.HMAC_SHA512_512BITTAG;
    assertEquals(new HmacKeyManager().getKeyType(), template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    HmacKeyFormat format = HmacKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertEquals(64, format.getKeySize());
    assertEquals(64, format.getParams().getTagSize());
    assertEquals(HashType.SHA512, format.getParams().getHash());
}
Also used : HmacKeyFormat(com.google.crypto.tink.proto.HmacKeyFormat) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Example 72 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class AeadKeyTemplatesTest method testAES128_EAX.

@Test
public void testAES128_EAX() throws Exception {
    KeyTemplate template = AeadKeyTemplates.AES128_EAX;
    assertEquals(AesEaxKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    AesEaxKeyFormat format = AesEaxKeyFormat.parseFrom(template.getValue());
    assertEquals(16, format.getKeySize());
    assertTrue(format.hasParams());
    assertEquals(16, format.getParams().getIvSize());
}
Also used : AesEaxKeyFormat(com.google.crypto.tink.proto.AesEaxKeyFormat) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Example 73 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class AeadKeyTemplatesTest method testCreateKmsEnvelopeAeadKeyFormat.

@Test
public void testCreateKmsEnvelopeAeadKeyFormat() throws Exception {
    // Intentionally using "weird" or invalid values for parameters,
    // to test that the function correctly puts them in the resulting template.
    String kekUri = "some example KEK URI";
    KeyTemplate dekTemplate = AeadKeyTemplates.AES256_GCM;
    KeyTemplate template = AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(kekUri, dekTemplate);
    assertEquals(KmsEnvelopeAeadKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    KmsEnvelopeAeadKeyFormat format = KmsEnvelopeAeadKeyFormat.parseFrom(template.getValue());
    assertEquals(kekUri, format.getKekUri());
    assertEquals(dekTemplate.toString(), format.getDekTemplate().toString());
}
Also used : KmsEnvelopeAeadKeyFormat(com.google.crypto.tink.proto.KmsEnvelopeAeadKeyFormat) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Example 74 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method testGcpKmsKeyRestricted.

@Test
public void testGcpKmsKeyRestricted() throws Exception {
    KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
    TestUtil.runBasicAeadFactoryTests(keysetHandle);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Example 75 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method testParsingInvalidCiphertexts.

@Test
public void testParsingInvalidCiphertexts() throws Exception {
    KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
    Aead aead = AeadFactory.getPrimitive(keysetHandle);
    byte[] plaintext = Random.randBytes(20);
    byte[] aad = Random.randBytes(20);
    byte[] ciphertext = aead.encrypt(plaintext, aad);
    ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
    // Skip Tink's header.
    byte[] header = new byte[CryptoFormat.NON_RAW_PREFIX_SIZE];
    buffer.get(header, 0, header.length);
    int encryptedDekSize = buffer.getInt();
    byte[] encryptedDek = new byte[encryptedDekSize];
    buffer.get(encryptedDek, 0, encryptedDekSize);
    byte[] payload = new byte[buffer.remaining()];
    buffer.get(payload, 0, buffer.remaining());
    // valid, should work
    byte[] ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDekSize).put(encryptedDek).put(payload).array();
    assertArrayEquals(plaintext, aead.decrypt(ciphertext2, aad));
    // negative length
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(-1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
    // length larger than actual value
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + 1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
    // length larger than total ciphertext length
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + payload.length + 1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) Aead(com.google.crypto.tink.Aead) ByteBuffer(java.nio.ByteBuffer) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Aggregations

KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)119 Test (org.junit.Test)116 GeneralSecurityException (java.security.GeneralSecurityException)14 ByteString (com.google.protobuf.ByteString)12 ByteArrayOutputStream (java.io.ByteArrayOutputStream)12 EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)11 HashType (com.google.crypto.tink.proto.HashType)11 KeyData (com.google.crypto.tink.proto.KeyData)11 HmacKeyFormat (com.google.crypto.tink.proto.HmacKeyFormat)8 AesCtrHmacStreamingKeyFormat (com.google.crypto.tink.proto.AesCtrHmacStreamingKeyFormat)7 AesGcmHkdfStreamingKeyFormat (com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat)7 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)7 ByteArrayInputStream (java.io.ByteArrayInputStream)7 TreeSet (java.util.TreeSet)7 KeysetHandle (com.google.crypto.tink.KeysetHandle)6 AesCtrHmacAeadKeyFormat (com.google.crypto.tink.proto.AesCtrHmacAeadKeyFormat)6 AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)6 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)6 EciesAeadHkdfKeyFormat (com.google.crypto.tink.proto.EciesAeadHkdfKeyFormat)6 EciesHkdfKemParams (com.google.crypto.tink.proto.EciesHkdfKemParams)6