Examples with Key com.google.crypto.tink.proto.Keyset.Key used on opensource projects

Search in sources :

Example 16 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class StreamingAeadWrapperTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    byte[] primaryKeyValue = Random.randBytes(KDF_KEY_SIZE);
    byte[] otherKeyValue = Random.randBytes(KDF_KEY_SIZE);
    byte[] anotherKeyValue = Random.randBytes(KDF_KEY_SIZE);
    int derivedKeySize = AES_KEY_SIZE;
    Key primaryKey = TestUtil.createKey(TestUtil.createAesGcmHkdfStreamingKeyData(primaryKeyValue, derivedKeySize, 512), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    // Another key with a smaller segment size than the primary key
    Key otherKey = TestUtil.createKey(TestUtil.createAesCtrHmacStreamingKeyData(otherKeyValue, derivedKeySize, 256), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    // Another key with a larger segment size than the primary key
    Key anotherKey = TestUtil.createKey(TestUtil.createAesGcmHkdfStreamingKeyData(anotherKeyValue, derivedKeySize, 1024), 72, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    PrimitiveSet<StreamingAead> primitives = TestUtil.createPrimitiveSet(TestUtil.createKeyset(primaryKey, otherKey, anotherKey), StreamingAead.class);
    StreamingAead streamingAead = new StreamingAeadWrapper().wrap(primitives);
    StreamingAead primaryAead = new StreamingAeadWrapper().wrap(TestUtil.createPrimitiveSet(TestUtil.createKeyset(primaryKey), StreamingAead.class));
    StreamingAead otherAead = new StreamingAeadWrapper().wrap(TestUtil.createPrimitiveSet(TestUtil.createKeyset(otherKey), StreamingAead.class));
    StreamingAead anotherAead = new StreamingAeadWrapper().wrap(TestUtil.createPrimitiveSet(TestUtil.createKeyset(anotherKey), StreamingAead.class));
    StreamingTestUtil.testEncryptionAndDecryption(streamingAead, streamingAead);
    StreamingTestUtil.testEncryptionAndDecryption(streamingAead, primaryAead);
    StreamingTestUtil.testEncryptionAndDecryption(primaryAead, streamingAead);
    StreamingTestUtil.testEncryptionAndDecryption(otherAead, streamingAead);
    StreamingTestUtil.testEncryptionAndDecryption(anotherAead, streamingAead);
    StreamingTestUtil.testEncryptionAndDecryption(primaryAead, primaryAead);
    StreamingTestUtil.testEncryptionAndDecryption(otherAead, otherAead);
    StreamingTestUtil.testEncryptionAndDecryption(anotherAead, anotherAead);
    IOException expected = assertThrows(IOException.class, () -> StreamingTestUtil.testEncryptionAndDecryption(otherAead, primaryAead));
    assertExceptionContains(expected, "No matching key");
    IOException expected2 = assertThrows(IOException.class, () -> StreamingTestUtil.testEncryptionAndDecryption(anotherAead, primaryAead));
    assertExceptionContains(expected2, "No matching key");
}
Also used : IOException(java.io.IOException) Key(com.google.crypto.tink.proto.Keyset.Key) StreamingAead(com.google.crypto.tink.StreamingAead) Test(org.junit.Test)

Example 17 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class StreamingAeadIntegrationTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    byte[] primaryKeyValue = Random.randBytes(KDF_KEY_SIZE);
    byte[] otherKeyValue = Random.randBytes(KDF_KEY_SIZE);
    byte[] anotherKeyValue = Random.randBytes(KDF_KEY_SIZE);
    int derivedKeySize = AES_KEY_SIZE;
    Key primaryKey = TestUtil.createKey(TestUtil.createAesGcmHkdfStreamingKeyData(primaryKeyValue, derivedKeySize, 512), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    // Another key with a smaller segment size than the primary key
    Key otherKey = TestUtil.createKey(TestUtil.createAesCtrHmacStreamingKeyData(otherKeyValue, derivedKeySize, 256), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    // Another key with a larger segment size than the primary key
    Key anotherKey = TestUtil.createKey(TestUtil.createAesGcmHkdfStreamingKeyData(anotherKeyValue, derivedKeySize, 1024), 72, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryKey, otherKey, anotherKey));
    StreamingAead streamingAead = keysetHandle.getPrimitive(StreamingAead.class);
    StreamingAead primaryAead = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryKey)).getPrimitive(StreamingAead.class);
    StreamingAead otherAead = TestUtil.createKeysetHandle(TestUtil.createKeyset(otherKey)).getPrimitive(StreamingAead.class);
    StreamingAead anotherAead = TestUtil.createKeysetHandle(TestUtil.createKeyset(anotherKey)).getPrimitive(StreamingAead.class);
    StreamingTestUtil.testEncryptionAndDecryption(streamingAead, streamingAead);
    StreamingTestUtil.testEncryptionAndDecryption(streamingAead, primaryAead);
    StreamingTestUtil.testEncryptionAndDecryption(primaryAead, streamingAead);
    StreamingTestUtil.testEncryptionAndDecryption(otherAead, streamingAead);
    StreamingTestUtil.testEncryptionAndDecryption(anotherAead, streamingAead);
    StreamingTestUtil.testEncryptionAndDecryption(primaryAead, primaryAead);
    StreamingTestUtil.testEncryptionAndDecryption(otherAead, otherAead);
    StreamingTestUtil.testEncryptionAndDecryption(anotherAead, anotherAead);
    IOException expected = assertThrows(IOException.class, () -> StreamingTestUtil.testEncryptionAndDecryption(otherAead, primaryAead));
    assertExceptionContains(expected, "No matching key");
    IOException expected2 = assertThrows(IOException.class, () -> StreamingTestUtil.testEncryptionAndDecryption(anotherAead, primaryAead));
    assertExceptionContains(expected2, "No matching key");
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) IOException(java.io.IOException) Key(com.google.crypto.tink.proto.Keyset.Key) StreamingAead(com.google.crypto.tink.StreamingAead) Test(org.junit.Test)

Example 18 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class MacIntegrationTest method testSmallPlaintextWithRawKey.

@Test
public void testSmallPlaintextWithRawKey() throws Exception {
    byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
    Key primary = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary));
    Mac mac = keysetHandle.getPrimitive(Mac.class);
    byte[] plaintext = "blah".getBytes("UTF-8");
    byte[] tag = mac.computeMac(plaintext);
    // no prefix
    assertEquals(16, /* TAG */
    tag.length);
    try {
        mac.verifyMac(tag, plaintext);
    } catch (GeneralSecurityException e) {
        fail("Valid MAC, should not throw exception");
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) Key(com.google.crypto.tink.proto.Keyset.Key) Mac(com.google.crypto.tink.Mac) Test(org.junit.Test)

Example 19 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class MacIntegrationTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
    Key tink = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    Key legacy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 43, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    Key raw = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key crunchy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 45, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    for (int i = 0; i < keys.length; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % keys.length], keys[(i + 2) % keys.length], keys[(i + 3) % keys.length]));
        Mac mac = keysetHandle.getPrimitive(Mac.class);
        byte[] plaintext = "plaintext".getBytes("UTF-8");
        byte[] tag = mac.computeMac(plaintext);
        if (!keys[i].getOutputPrefixType().equals(OutputPrefixType.RAW)) {
            byte[] prefix = Arrays.copyOfRange(tag, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
            assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
        }
        try {
            mac.verifyMac(tag, plaintext);
        } catch (GeneralSecurityException e) {
            fail("Valid MAC, should not throw exception: " + i);
        }
        // Modify plaintext or tag and make sure the verifyMac failed.
        byte[] plaintextAndTag = Bytes.concat(plaintext, tag);
        for (int b = 0; b < plaintextAndTag.length; b++) {
            for (int bit = 0; bit < 8; bit++) {
                byte[] modified = Arrays.copyOf(plaintextAndTag, plaintextAndTag.length);
                modified[b] ^= (byte) (1 << bit);
                assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(Arrays.copyOfRange(modified, plaintext.length, modified.length), Arrays.copyOfRange(modified, 0, plaintext.length)));
            }
        }
        // mac with a non-primary RAW key, verify with the keyset
        KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(raw, legacy, tink, crunchy));
        Mac mac2 = keysetHandle2.getPrimitive(Mac.class);
        tag = mac2.computeMac(plaintext);
        try {
            mac.verifyMac(tag, plaintext);
        } catch (GeneralSecurityException e) {
            fail("Valid MAC, should not throw exception");
        }
        // mac with a random key not in the keyset, verify with the keyset should fail
        byte[] keyValue2 = Random.randBytes(HMAC_KEY_SIZE);
        Key random = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue2, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
        keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(random));
        mac2 = keysetHandle2.getPrimitive(Mac.class);
        byte[] tag2 = mac2.computeMac(plaintext);
        assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(tag2, plaintext));
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) Key(com.google.crypto.tink.proto.Keyset.Key) Mac(com.google.crypto.tink.Mac) Test(org.junit.Test)

Example 20 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class MacWrapperTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
    Key tink = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    Key legacy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 43, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    Key raw = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key crunchy = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 45, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        PrimitiveSet<Mac> primitives = TestUtil.createPrimitiveSet(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]), Mac.class);
        Mac mac = new MacWrapper().wrap(primitives);
        byte[] plaintext = "plaintext".getBytes("UTF-8");
        byte[] tag = mac.computeMac(plaintext);
        if (!keys[i].getOutputPrefixType().equals(OutputPrefixType.RAW)) {
            byte[] prefix = Arrays.copyOfRange(tag, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
            assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
        }
        try {
            mac.verifyMac(tag, plaintext);
        } catch (GeneralSecurityException e) {
            fail("Valid MAC, should not throw exception: " + i);
        }
        // Modify plaintext or tag and make sure the verifyMac failed.
        byte[] plaintextAndTag = Bytes.concat(plaintext, tag);
        for (int b = 0; b < plaintextAndTag.length; b++) {
            for (int bit = 0; bit < 8; bit++) {
                byte[] modified = Arrays.copyOf(plaintextAndTag, plaintextAndTag.length);
                modified[b] ^= (byte) (1 << bit);
                assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(Arrays.copyOfRange(modified, plaintext.length, modified.length), Arrays.copyOfRange(modified, 0, plaintext.length)));
            }
        }
        // mac with a non-primary RAW key, verify with the keyset
        PrimitiveSet<Mac> primitives2 = TestUtil.createPrimitiveSet(TestUtil.createKeyset(raw, legacy, tink, crunchy), Mac.class);
        Mac mac2 = new MacWrapper().wrap(primitives2);
        tag = mac2.computeMac(plaintext);
        try {
            mac.verifyMac(tag, plaintext);
        } catch (GeneralSecurityException e) {
            fail("Valid MAC, should not throw exception");
        }
        // mac with a random key not in the keyset, verify with the keyset should fail
        byte[] keyValue2 = Random.randBytes(HMAC_KEY_SIZE);
        Key random = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue2, 16), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
        PrimitiveSet<Mac> primitives3 = TestUtil.createPrimitiveSet(TestUtil.createKeyset(random), Mac.class);
        mac2 = new MacWrapper().wrap(primitives3);
        byte[] tag2 = mac2.computeMac(plaintext);
        assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(tag2, plaintext));
    }
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) Key(com.google.crypto.tink.proto.Keyset.Key) Mac(com.google.crypto.tink.Mac) Test(org.junit.Test)

Aggregations

Key (com.google.crypto.tink.proto.Keyset.Key)56 Test (org.junit.Test)44 KeysetHandle (com.google.crypto.tink.KeysetHandle)31 GeneralSecurityException (java.security.GeneralSecurityException)27 Aead (com.google.crypto.tink.Aead)11 DeterministicAead (com.google.crypto.tink.DeterministicAead)10 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)8 Keyset (com.google.crypto.tink.proto.Keyset)7 Mac (com.google.crypto.tink.Mac)6 PublicKeySign (com.google.crypto.tink.PublicKeySign)6 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)6 AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)6 EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)6 HybridDecrypt (com.google.crypto.tink.HybridDecrypt)4 HybridEncrypt (com.google.crypto.tink.HybridEncrypt)4 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4 EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)4 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)4 HashType (com.google.crypto.tink.proto.HashType)4 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial