Examples with Key com.google.crypto.tink.proto.Keyset.Key used on opensource projects

Search in sources :

Example 26 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class KeysetManagerTest method addKeyHandleWithKeyAccess_newKeyset_shouldAddKey.

@Test
public void addKeyHandleWithKeyAccess_newKeyset_shouldAddKey() throws Exception {
    KeyTemplate keyTemplate = KeyTemplates.get("AES128_GCM");
    KeyHandle keyHandle = KeyHandle.generateNew(keyTemplate);
    KeyAccess keyAccess = SecretKeyAccess.insecureSecretAccess();
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
    keysetManager = keysetManager.add(keyHandle, keyAccess);
    KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
    Keyset keyset = keysetHandle.getKeyset();
    expect.that(keyset.getKeyCount()).isEqualTo(1);
    Keyset.Key key = keyset.getKey(0);
    expect.that(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
    expect.that(key.hasKeyData()).isTrue();
    expect.that(key.getKeyData().getTypeUrl()).isEqualTo(keyTemplate.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(keyTemplate.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
    // No primary key because add doesn't automatically promote the new key to primary.
    assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) SecretKeyAccess(com.google.crypto.tink.tinkkey.SecretKeyAccess) KeyAccess(com.google.crypto.tink.tinkkey.KeyAccess) AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) Key(com.google.crypto.tink.proto.Keyset.Key) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) AesGcmKey(com.google.crypto.tink.proto.AesGcmKey) Test(org.junit.Test)

Example 27 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class KeysetManagerTest method addKeyHandleWithKeyAccess_existingKeyset_shouldAddKey.

@Test
public void addKeyHandleWithKeyAccess_existingKeyset_shouldAddKey() throws Exception {
    KeyTemplate keyTemplate1 = KeyTemplates.get("AES128_GCM");
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset().add(keyTemplate1);
    KeyTemplate keyTemplate2 = KeyTemplates.get("AES256_GCM");
    KeyAccess keyAccess = SecretKeyAccess.insecureSecretAccess();
    KeyHandle keyHandle = KeyHandle.createFromKey(new ProtoKey(Registry.newKeyData(keyTemplate2), keyTemplate2.getOutputPrefixType()), keyAccess);
    keysetManager = keysetManager.add(keyHandle, keyAccess);
    KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
    Keyset keyset = keysetHandle.getKeyset();
    expect.that(keyset.getKeyCount()).isEqualTo(2);
    Keyset.Key key1 = keyset.getKey(0);
    expect.that(key1.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key1.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
    expect.that(key1.hasKeyData()).isTrue();
    expect.that(key1.getKeyData().getTypeUrl()).isEqualTo(keyTemplate1.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat1 = AesGcmKeyFormat.parseFrom(keyTemplate1.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey1 = AesGcmKey.parseFrom(key1.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey1.getKeyValue().size()).isEqualTo(aesGcmKeyFormat1.getKeySize());
    Keyset.Key key2 = keyset.getKey(1);
    expect.that(key2.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key2.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
    expect.that(key2.hasKeyData()).isTrue();
    expect.that(key2.getKeyData().getTypeUrl()).isEqualTo(keyTemplate2.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat2 = AesGcmKeyFormat.parseFrom(keyTemplate2.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey2 = AesGcmKey.parseFrom(key2.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey2.getKeyValue().size()).isEqualTo(aesGcmKeyFormat2.getKeySize());
    // No primary key because add doesn't automatically promote the new key to primary.
    assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) SecretKeyAccess(com.google.crypto.tink.tinkkey.SecretKeyAccess) KeyAccess(com.google.crypto.tink.tinkkey.KeyAccess) ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey) AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) Key(com.google.crypto.tink.proto.Keyset.Key) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) AesGcmKey(com.google.crypto.tink.proto.AesGcmKey) Test(org.junit.Test)

Example 28 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class AeadIntegrationTest method testRawKeyAsPrimary.

@Test
public void testRawKeyAsPrimary() throws Exception {
    byte[] aesCtrKeyValue = Random.randBytes(AES_KEY_SIZE);
    byte[] hmacKeyValue = Random.randBytes(HMAC_KEY_SIZE);
    int ivSize = 12;
    int tagSize = 16;
    Key primary = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key raw = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key legacy = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 44, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary, raw, legacy));
    Aead aead = keysetHandle.getPrimitive(Aead.class);
    byte[] plaintext = Random.randBytes(20);
    byte[] associatedData = Random.randBytes(20);
    byte[] ciphertext = aead.encrypt(plaintext, associatedData);
    assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
    assertEquals(CryptoFormat.RAW_PREFIX_SIZE + plaintext.length + ivSize + tagSize, ciphertext.length);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) Aead(com.google.crypto.tink.Aead) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Example 29 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class AeadIntegrationTest method testInvalidKeyMaterial.

@Test
public void testInvalidKeyMaterial() throws Exception {
    byte[] aesCtrKeyValue = Random.randBytes(AES_KEY_SIZE);
    byte[] hmacKeyValue = Random.randBytes(HMAC_KEY_SIZE);
    int ivSize = 12;
    int tagSize = 16;
    Key valid = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key invalid = TestUtil.createKey(TestUtil.createAesSivKeyData(64), 43, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    final KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(valid, invalid));
    GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
    assertExceptionContains(e, "com.google.crypto.tink.DeterministicAead");
    // invalid as the primary key.
    final KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(invalid, valid));
    e = assertThrows(GeneralSecurityException.class, () -> keysetHandle2.getPrimitive(Aead.class));
    assertExceptionContains(e, "com.google.crypto.tink.DeterministicAead");
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) Aead(com.google.crypto.tink.Aead) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Example 30 with Key

use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.

the class AeadWrapperTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    byte[] aesCtrKeyValue = Random.randBytes(AES_KEY_SIZE);
    byte[] hmacKeyValue = Random.randBytes(HMAC_KEY_SIZE);
    int ivSize = 12;
    int tagSize = 16;
    Key primary = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    Key raw = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key legacy = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 44, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    Key tink = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 45, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    Aead aead = new AeadWrapper().wrap(TestUtil.createPrimitiveSet(TestUtil.createKeyset(primary, raw, legacy, tink), Aead.class));
    byte[] plaintext = Random.randBytes(20);
    byte[] associatedData = Random.randBytes(20);
    byte[] ciphertext = aead.encrypt(plaintext, associatedData);
    byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
    assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(primary));
    assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
    assertEquals(CryptoFormat.NON_RAW_PREFIX_SIZE + plaintext.length + ivSize + tagSize, ciphertext.length);
    // encrypt with a non-primary RAW key and decrypt with the keyset
    Aead aead2 = new AeadWrapper().wrap(TestUtil.createPrimitiveSet(TestUtil.createKeyset(raw, legacy, tink), Aead.class));
    ciphertext = aead2.encrypt(plaintext, associatedData);
    assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
    // encrypt with a random key not in the keyset, decrypt with the keyset should fail
    byte[] aesCtrKeyValue2 = Random.randBytes(AES_KEY_SIZE);
    byte[] hmacKeyValue2 = Random.randBytes(HMAC_KEY_SIZE);
    Key random = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue2, ivSize, hmacKeyValue2, tagSize), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    aead2 = new AeadWrapper().wrap(TestUtil.createPrimitiveSet(TestUtil.createKeyset(random), Aead.class));
    final byte[] ciphertext2 = aead2.encrypt(plaintext, associatedData);
    GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext2, associatedData));
    assertExceptionContains(e, "decryption failed");
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) Aead(com.google.crypto.tink.Aead) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Aggregations

Key (com.google.crypto.tink.proto.Keyset.Key)56 Test (org.junit.Test)44 KeysetHandle (com.google.crypto.tink.KeysetHandle)31 GeneralSecurityException (java.security.GeneralSecurityException)27 Aead (com.google.crypto.tink.Aead)11 DeterministicAead (com.google.crypto.tink.DeterministicAead)10 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)8 Keyset (com.google.crypto.tink.proto.Keyset)7 Mac (com.google.crypto.tink.Mac)6 PublicKeySign (com.google.crypto.tink.PublicKeySign)6 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)6 AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)6 EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)6 HybridDecrypt (com.google.crypto.tink.HybridDecrypt)4 HybridEncrypt (com.google.crypto.tink.HybridEncrypt)4 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4 EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)4 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)4 HashType (com.google.crypto.tink.proto.HashType)4 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial