Examples with KeyTemplate com.google.crypto.tink.proto.KeyTemplate used on opensource projects

Example 71 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class MacKeyTemplatesTest method hmacSha512_512BitTag.

@Test
public void hmacSha512_512BitTag() throws Exception {
    KeyTemplate template = MacKeyTemplates.HMAC_SHA512_512BITTAG;
    assertEquals(new HmacKeyManager().getKeyType(), template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    HmacKeyFormat format = HmacKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertEquals(64, format.getKeySize());
    assertEquals(64, format.getParams().getTagSize());
    assertEquals(HashType.SHA512, format.getParams().getHash());
}

Example 72 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class AeadKeyTemplatesTest method testAES128_EAX.

@Test
public void testAES128_EAX() throws Exception {
    KeyTemplate template = AeadKeyTemplates.AES128_EAX;
    assertEquals(AesEaxKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    AesEaxKeyFormat format = AesEaxKeyFormat.parseFrom(template.getValue());
    assertEquals(16, format.getKeySize());
    assertTrue(format.hasParams());
    assertEquals(16, format.getParams().getIvSize());
}

Example 73 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class AeadKeyTemplatesTest method testCreateKmsEnvelopeAeadKeyFormat.

@Test
public void testCreateKmsEnvelopeAeadKeyFormat() throws Exception {
    // Intentionally using "weird" or invalid values for parameters,
    // to test that the function correctly puts them in the resulting template.
    String kekUri = "some example KEK URI";
    KeyTemplate dekTemplate = AeadKeyTemplates.AES256_GCM;
    KeyTemplate template = AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(kekUri, dekTemplate);
    assertEquals(KmsEnvelopeAeadKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    KmsEnvelopeAeadKeyFormat format = KmsEnvelopeAeadKeyFormat.parseFrom(template.getValue());
    assertEquals(kekUri, format.getKekUri());
    assertEquals(dekTemplate.toString(), format.getDekTemplate().toString());
}

Example 74 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method testGcpKmsKeyRestricted.

@Test
public void testGcpKmsKeyRestricted() throws Exception {
    KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
    TestUtil.runBasicAeadFactoryTests(keysetHandle);
}

Example 75 with KeyTemplate

use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.

the class KmsEnvelopeAeadKeyManagerTest method testParsingInvalidCiphertexts.

@Test
public void testParsingInvalidCiphertexts() throws Exception {
    KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
    Aead aead = AeadFactory.getPrimitive(keysetHandle);
    byte[] plaintext = Random.randBytes(20);
    byte[] aad = Random.randBytes(20);
    byte[] ciphertext = aead.encrypt(plaintext, aad);
    ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
    // Skip Tink's header.
    byte[] header = new byte[CryptoFormat.NON_RAW_PREFIX_SIZE];
    buffer.get(header, 0, header.length);
    int encryptedDekSize = buffer.getInt();
    byte[] encryptedDek = new byte[encryptedDekSize];
    buffer.get(encryptedDek, 0, encryptedDekSize);
    byte[] payload = new byte[buffer.remaining()];
    buffer.get(payload, 0, buffer.remaining());
    // valid, should work
    byte[] ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDekSize).put(encryptedDek).put(payload).array();
    assertArrayEquals(plaintext, aead.decrypt(ciphertext2, aad));
    // negative length
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(-1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
    // length larger than actual value
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + 1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
    // length larger than total ciphertext length
    ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + payload.length + 1).put(encryptedDek).put(payload).array();
    try {
        aead.decrypt(ciphertext2, aad);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "decryption failed");
    }
}