Search in sources :

Example 21 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class MacWrapperTest method testSmallPlaintextWithRawKey.

@Test
public void testSmallPlaintextWithRawKey() throws Exception {
    byte[] keyValue = Random.randBytes(HMAC_KEY_SIZE);
    Key primary = TestUtil.createKey(TestUtil.createHmacKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    PrimitiveSet<Mac> primitives = TestUtil.createPrimitiveSet(TestUtil.createKeyset(primary), Mac.class);
    Mac mac = new MacWrapper().wrap(primitives);
    byte[] plaintext = "blah".getBytes("UTF-8");
    byte[] tag = mac.computeMac(plaintext);
    // no prefix
    assertEquals(16, /* TAG */
    tag.length);
    try {
        mac.verifyMac(tag, plaintext);
    } catch (GeneralSecurityException e) {
        fail("Valid MAC, should not throw exception");
    }
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) Key(com.google.crypto.tink.proto.Keyset.Key) Mac(com.google.crypto.tink.Mac) Test(org.junit.Test)

Example 22 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class PrimitiveSetTest method testPrefix_isUnique.

@Test
public void testPrefix_isUnique() throws Exception {
    PrimitiveSet<Mac> pset = PrimitiveSet.newPrimitiveSet(Mac.class);
    Key key1 = Key.newBuilder().setKeyId(0xffffffff).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.TINK).build();
    pset.addPrimitive(new DummyMac1(), key1);
    Key key2 = Key.newBuilder().setKeyId(0xffffffdf).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
    pset.setPrimary(pset.addPrimitive(new DummyMac2(), key2));
    Key key3 = Key.newBuilder().setKeyId(0xffffffef).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.LEGACY).build();
    pset.addPrimitive(new DummyMac1(), key3);
    assertThat(pset.getAll()).hasSize(3);
    assertThat(pset.getPrimitive(Hex.decode("01ffffffff"))).hasSize(1);
    assertThat(pset.getPrimitive(Hex.decode("01ffffffef"))).isEmpty();
    assertThat(pset.getPrimitive(Hex.decode("00ffffffff"))).isEmpty();
    assertThat(pset.getPrimitive(Hex.decode("00ffffffef"))).hasSize(1);
}
Also used : Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Example 23 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class PrimitiveSetTest method testDuplicateKeys.

@Test
public void testDuplicateKeys() throws Exception {
    PrimitiveSet<Mac> pset = PrimitiveSet.newPrimitiveSet(Mac.class);
    Key key1 = Key.newBuilder().setKeyId(1).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.TINK).build();
    pset.addPrimitive(new DummyMac1(), key1);
    Key key2 = Key.newBuilder().setKeyId(1).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
    pset.setPrimary(pset.addPrimitive(new DummyMac2(), key2));
    Key key3 = Key.newBuilder().setKeyId(2).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.LEGACY).build();
    pset.addPrimitive(new DummyMac1(), key3);
    Key key4 = Key.newBuilder().setKeyId(2).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.LEGACY).build();
    pset.addPrimitive(new DummyMac2(), key4);
    Key key5 = Key.newBuilder().setKeyId(3).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
    pset.addPrimitive(new DummyMac1(), key5);
    Key key6 = Key.newBuilder().setKeyId(3).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
    pset.addPrimitive(new DummyMac1(), key6);
    // 3 instead of 6 because of duplicated key ids
    assertEquals(3, pset.getAll().size());
    // tink keys
    List<PrimitiveSet.Entry<Mac>> entries = pset.getPrimitive(key1);
    assertEquals(1, entries.size());
    PrimitiveSet.Entry<Mac> entry = entries.get(0);
    assertEquals(DummyMac1.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertEquals(CryptoFormat.TINK_START_BYTE, entry.getIdentifier()[0]);
    assertArrayEquals(CryptoFormat.getOutputPrefix(key1), entry.getIdentifier());
    assertEquals(1, entry.getKeyId());
    // raw keys
    // The order of the keys is an implementation detail.
    List<Integer> ids = new ArrayList<>();
    entries = pset.getPrimitive(key2);
    assertEquals(3, entries.size());
    entry = entries.get(0);
    assertEquals(DummyMac2.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertEquals(0, entry.getIdentifier().length);
    ids.add(entry.getKeyId());
    entry = entries.get(1);
    assertEquals(DummyMac1.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertEquals(0, entry.getIdentifier().length);
    ids.add(entry.getKeyId());
    entry = entries.get(2);
    assertEquals(DummyMac1.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertEquals(0, entry.getIdentifier().length);
    ids.add(entry.getKeyId());
    assertThat(ids).containsExactly(1, 3, 3);
    // legacy keys
    entries = pset.getPrimitive(key3);
    assertEquals(2, entries.size());
    entry = entries.get(0);
    assertEquals(DummyMac1.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertArrayEquals(CryptoFormat.getOutputPrefix(key3), entry.getIdentifier());
    assertEquals(2, entry.getKeyId());
    entry = entries.get(1);
    assertEquals(DummyMac2.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertArrayEquals(CryptoFormat.getOutputPrefix(key4), entry.getIdentifier());
    assertEquals(2, entry.getKeyId());
    entry = pset.getPrimary();
    assertEquals(DummyMac2.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertEquals(0, entry.getIdentifier().length);
    assertArrayEquals(CryptoFormat.getOutputPrefix(key2), entry.getIdentifier());
    assertEquals(1, entry.getKeyId());
}
Also used : ArrayList(java.util.ArrayList) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Example 24 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class PrimitiveSetTest method testBasicFunctionality.

@Test
public void testBasicFunctionality() throws Exception {
    PrimitiveSet<Mac> pset = PrimitiveSet.newPrimitiveSet(Mac.class);
    Key key1 = Key.newBuilder().setKeyId(1).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.TINK).build();
    pset.addPrimitive(new DummyMac1(), key1);
    Key key2 = Key.newBuilder().setKeyId(2).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
    pset.setPrimary(pset.addPrimitive(new DummyMac2(), key2));
    Key key3 = Key.newBuilder().setKeyId(3).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.LEGACY).build();
    pset.addPrimitive(new DummyMac1(), key3);
    assertThat(pset.getAll()).hasSize(3);
    List<PrimitiveSet.Entry<Mac>> entries = pset.getPrimitive(key1);
    assertThat(entries).hasSize(1);
    PrimitiveSet.Entry<Mac> entry = entries.get(0);
    assertEquals(DummyMac1.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertEquals(CryptoFormat.TINK_START_BYTE, entry.getIdentifier()[0]);
    assertArrayEquals(CryptoFormat.getOutputPrefix(key1), entry.getIdentifier());
    assertEquals(entry.getKeyId(), 1);
    entries = pset.getPrimitive(key2);
    assertThat(entries).hasSize(1);
    entry = entries.get(0);
    assertEquals(DummyMac2.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertThat(entry.getIdentifier()).isEmpty();
    assertArrayEquals(CryptoFormat.getOutputPrefix(key2), entry.getIdentifier());
    assertEquals(2, entry.getKeyId());
    entries = pset.getPrimitive(key3);
    assertThat(entries).hasSize(1);
    entry = entries.get(0);
    assertEquals(DummyMac1.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertEquals(CryptoFormat.LEGACY_START_BYTE, entry.getIdentifier()[0]);
    assertArrayEquals(CryptoFormat.getOutputPrefix(key3), entry.getIdentifier());
    assertEquals(entry.getKeyId(), 3);
    entry = pset.getPrimary();
    assertEquals(DummyMac2.class.getSimpleName(), new String(entry.getPrimitive().computeMac(null), UTF_8));
    assertEquals(KeyStatusType.ENABLED, entry.getStatus());
    assertArrayEquals(CryptoFormat.getOutputPrefix(key2), entry.getIdentifier());
    assertEquals(2, entry.getKeyId());
}
Also used : Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Example 25 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class KeysetManagerTest method addKeyHandle_newKeyset_shouldAddKey.

@Test
public void addKeyHandle_newKeyset_shouldAddKey() throws Exception {
    KeyTemplate keyTemplate = KeyTemplates.get("AES256_GCM");
    KeyHandle keyHandle = KeyHandle.generateNew(keyTemplate);
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
    keysetManager = keysetManager.add(keyHandle);
    KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
    Keyset keyset = keysetHandle.getKeyset();
    expect.that(keyset.getKeyCount()).isEqualTo(1);
    Keyset.Key key = keyset.getKey(0);
    expect.that(key.getKeyId()).isEqualTo(keyHandle.getId());
    expect.that(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
    expect.that(key.hasKeyData()).isTrue();
    expect.that(key.getKeyData().getTypeUrl()).isEqualTo(keyTemplate.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(keyTemplate.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
    // No primary key because add doesn't automatically promote the new key to primary.
    assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) Key(com.google.crypto.tink.proto.Keyset.Key) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) AesGcmKey(com.google.crypto.tink.proto.AesGcmKey) Test(org.junit.Test)

Aggregations

Key (com.google.crypto.tink.proto.Keyset.Key)56 Test (org.junit.Test)44 KeysetHandle (com.google.crypto.tink.KeysetHandle)31 GeneralSecurityException (java.security.GeneralSecurityException)27 Aead (com.google.crypto.tink.Aead)11 DeterministicAead (com.google.crypto.tink.DeterministicAead)10 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)8 Keyset (com.google.crypto.tink.proto.Keyset)7 Mac (com.google.crypto.tink.Mac)6 PublicKeySign (com.google.crypto.tink.PublicKeySign)6 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)6 AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)6 EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)6 HybridDecrypt (com.google.crypto.tink.HybridDecrypt)4 HybridEncrypt (com.google.crypto.tink.HybridEncrypt)4 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4 EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)4 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)4 HashType (com.google.crypto.tink.proto.HashType)4 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)4