use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.
the class MacKeyTemplatesTest method hmacSha512_512BitTag.
@Test
public void hmacSha512_512BitTag() throws Exception {
KeyTemplate template = MacKeyTemplates.HMAC_SHA512_512BITTAG;
assertEquals(new HmacKeyManager().getKeyType(), template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
HmacKeyFormat format = HmacKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
assertEquals(64, format.getKeySize());
assertEquals(64, format.getParams().getTagSize());
assertEquals(HashType.SHA512, format.getParams().getHash());
}
use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.
the class AeadKeyTemplatesTest method testAES128_EAX.
@Test
public void testAES128_EAX() throws Exception {
KeyTemplate template = AeadKeyTemplates.AES128_EAX;
assertEquals(AesEaxKeyManager.TYPE_URL, template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
AesEaxKeyFormat format = AesEaxKeyFormat.parseFrom(template.getValue());
assertEquals(16, format.getKeySize());
assertTrue(format.hasParams());
assertEquals(16, format.getParams().getIvSize());
}
use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.
the class AeadKeyTemplatesTest method testCreateKmsEnvelopeAeadKeyFormat.
@Test
public void testCreateKmsEnvelopeAeadKeyFormat() throws Exception {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
String kekUri = "some example KEK URI";
KeyTemplate dekTemplate = AeadKeyTemplates.AES256_GCM;
KeyTemplate template = AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(kekUri, dekTemplate);
assertEquals(KmsEnvelopeAeadKeyManager.TYPE_URL, template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
KmsEnvelopeAeadKeyFormat format = KmsEnvelopeAeadKeyFormat.parseFrom(template.getValue());
assertEquals(kekUri, format.getKekUri());
assertEquals(dekTemplate.toString(), format.getDekTemplate().toString());
}
use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.
the class KmsEnvelopeAeadKeyManagerTest method testGcpKmsKeyRestricted.
@Test
public void testGcpKmsKeyRestricted() throws Exception {
KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
TestUtil.runBasicAeadFactoryTests(keysetHandle);
}
use of com.google.crypto.tink.proto.KeyTemplate in project tink by google.
the class KmsEnvelopeAeadKeyManagerTest method testParsingInvalidCiphertexts.
@Test
public void testParsingInvalidCiphertexts() throws Exception {
KeyTemplate dekTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(TestUtil.RESTRICTED_CRYPTO_KEY_URI, dekTemplate));
Aead aead = AeadFactory.getPrimitive(keysetHandle);
byte[] plaintext = Random.randBytes(20);
byte[] aad = Random.randBytes(20);
byte[] ciphertext = aead.encrypt(plaintext, aad);
ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
// Skip Tink's header.
byte[] header = new byte[CryptoFormat.NON_RAW_PREFIX_SIZE];
buffer.get(header, 0, header.length);
int encryptedDekSize = buffer.getInt();
byte[] encryptedDek = new byte[encryptedDekSize];
buffer.get(encryptedDek, 0, encryptedDekSize);
byte[] payload = new byte[buffer.remaining()];
buffer.get(payload, 0, buffer.remaining());
// valid, should work
byte[] ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDekSize).put(encryptedDek).put(payload).array();
assertArrayEquals(plaintext, aead.decrypt(ciphertext2, aad));
// negative length
ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(-1).put(encryptedDek).put(payload).array();
try {
aead.decrypt(ciphertext2, aad);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "decryption failed");
}
// length larger than actual value
ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + 1).put(encryptedDek).put(payload).array();
try {
aead.decrypt(ciphertext2, aad);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "decryption failed");
}
// length larger than total ciphertext length
ciphertext2 = ByteBuffer.allocate(ciphertext.length).put(header).putInt(encryptedDek.length + payload.length + 1).put(encryptedDek).put(payload).array();
try {
aead.decrypt(ciphertext2, aad);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "decryption failed");
}
}
Aggregations