Example 31 with Key
use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.
the class KeysetManagerTest method testAdd_shouldAddNewKey.
@Test
public void testAdd_shouldAddNewKey() throws Exception {
KeyTemplate kt = KeyTemplates.get("AES128_GCM");
Keyset keyset = KeysetManager.withEmptyKeyset().add(kt).getKeysetHandle().getKeyset();
assertThat(keyset.getKeyCount()).isEqualTo(1);
// No primary key because add doesn't automatically promote the new key to primary.
assertThat(keyset.getPrimaryKeyId()).isEqualTo(0);
Keyset.Key key = keyset.getKey(0);
assertThat(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
assertThat(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
assertThat(key.hasKeyData()).isTrue();
assertThat(key.getKeyData().getTypeUrl()).isEqualTo(kt.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(kt.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
assertThat(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat)
Key(com.google.crypto.tink.proto.Keyset.Key)
AesGcmKey(com.google.crypto.tink.proto.AesGcmKey)
Test(org.junit.Test)
Example 32 with Key
use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.
the class AeadFactoryTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
byte[] aesCtrKeyValue = Random.randBytes(AES_KEY_SIZE);
byte[] hmacKeyValue = Random.randBytes(HMAC_KEY_SIZE);
int ivSize = 12;
int tagSize = 16;
Key primary = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
Key raw = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key legacy = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 44, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
Key tink = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 45, KeyStatusType.ENABLED, OutputPrefixType.TINK);
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary, raw, legacy, tink));
Aead aead = keysetHandle.getPrimitive(Aead.class);
byte[] plaintext = Random.randBytes(20);
byte[] associatedData = Random.randBytes(20);
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(primary));
assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
assertEquals(CryptoFormat.NON_RAW_PREFIX_SIZE + plaintext.length + ivSize + tagSize, ciphertext.length);
// encrypt with a non-primary RAW key and decrypt with the keyset
KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(raw, legacy, tink));
Aead aead2 = keysetHandle2.getPrimitive(Aead.class);
ciphertext = aead2.encrypt(plaintext, associatedData);
assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
// encrypt with a random key not in the keyset, decrypt with the keyset should fail
byte[] aesCtrKeyValue2 = Random.randBytes(AES_KEY_SIZE);
byte[] hmacKeyValue2 = Random.randBytes(HMAC_KEY_SIZE);
Key random = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue2, ivSize, hmacKeyValue2, tagSize), 44, KeyStatusType.ENABLED, OutputPrefixType.TINK);
keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(random));
aead2 = keysetHandle2.getPrimitive(Aead.class);
final byte[] ciphertext2 = aead2.encrypt(plaintext, associatedData);
GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext2, associatedData));
assertExceptionContains(e, "decryption failed");
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
GeneralSecurityException(java.security.GeneralSecurityException)
Aead(com.google.crypto.tink.Aead)
Key(com.google.crypto.tink.proto.Keyset.Key)
Test(org.junit.Test)
Example 33 with Key
use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.
the class AeadFactoryTest method testSmallPlaintextWithRawKey.
@Test
public void testSmallPlaintextWithRawKey() throws Exception {
byte[] aesCtrKeyValue = Random.randBytes(AES_KEY_SIZE);
byte[] hmacKeyValue = Random.randBytes(HMAC_KEY_SIZE);
int ivSize = 12;
int tagSize = 16;
Key primary = TestUtil.createKey(TestUtil.createAesCtrHmacAeadKeyData(aesCtrKeyValue, ivSize, hmacKeyValue, tagSize), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(primary));
Aead aead = keysetHandle.getPrimitive(Aead.class);
byte[] plaintext = Random.randBytes(1);
byte[] associatedData = Random.randBytes(20);
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
assertArrayEquals(plaintext, aead.decrypt(ciphertext, associatedData));
assertEquals(CryptoFormat.RAW_PREFIX_SIZE + plaintext.length + ivSize + tagSize, ciphertext.length);
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
Aead(com.google.crypto.tink.Aead)
Key(com.google.crypto.tink.proto.Keyset.Key)
Test(org.junit.Test)
Example 34 with Key
use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.
the class MacFactoryTest method testInvalidKeyMaterial.
@Test
public void testInvalidKeyMaterial() throws Exception {
Key valid = TestUtil.createKey(TestUtil.createHmacKeyData(Random.randBytes(HMAC_KEY_SIZE), 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK);
Key invalid = TestUtil.createKey(TestUtil.createAesSivKeyData(64), 43, KeyStatusType.ENABLED, OutputPrefixType.TINK);
final KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(valid, invalid));
GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> MacFactory.getPrimitive(keysetHandle));
assertExceptionContains(e, "com.google.crypto.tink.Mac not supported");
// invalid as the primary key.
final KeysetHandle keysetHandle2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(invalid, valid));
e = assertThrows(GeneralSecurityException.class, () -> MacFactory.getPrimitive(keysetHandle2));
assertExceptionContains(e, "com.google.crypto.tink.Mac not supported");
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
GeneralSecurityException(java.security.GeneralSecurityException)
Key(com.google.crypto.tink.proto.Keyset.Key)
Test(org.junit.Test)
Example 35 with Key
use of com.google.crypto.tink.proto.Keyset.Key in project tink by google.
the class TestUtil method createKeyset.
/**
* @return a keyset from a list of keys. The first key is primary.
*/
public static Keyset createKeyset(Key primary, Key... keys) throws Exception {
Keyset.Builder builder = Keyset.newBuilder();
builder.addKey(primary).setPrimaryKeyId(primary.getKeyId());
for (Key key : keys) {
builder.addKey(key);
}
return builder.build();
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)
AesSivKey(com.google.crypto.tink.proto.AesSivKey)
AesEaxKey(com.google.crypto.tink.proto.AesEaxKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
EciesAeadHkdfPublicKey(com.google.crypto.tink.proto.EciesAeadHkdfPublicKey)
EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey)
EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)
AesCtrHmacAeadKey(com.google.crypto.tink.proto.AesCtrHmacAeadKey)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
AesCtrKey(com.google.crypto.tink.proto.AesCtrKey)
AesCtrHmacStreamingKey(com.google.crypto.tink.proto.AesCtrHmacStreamingKey)
AesGcmHkdfStreamingKey(com.google.crypto.tink.proto.AesGcmHkdfStreamingKey)
AesGcmKey(com.google.crypto.tink.proto.AesGcmKey)
HmacKey(com.google.crypto.tink.proto.HmacKey)
Key(com.google.crypto.tink.proto.Keyset.Key)
Aggregations
Key (com.google.crypto.tink.proto.Keyset.Key)56
Test (org.junit.Test)44
KeysetHandle (com.google.crypto.tink.KeysetHandle)31
GeneralSecurityException (java.security.GeneralSecurityException)27
Aead (com.google.crypto.tink.Aead)11
DeterministicAead (com.google.crypto.tink.DeterministicAead)10
EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)8
Keyset (com.google.crypto.tink.proto.Keyset)7
Mac (com.google.crypto.tink.Mac)6
PublicKeySign (com.google.crypto.tink.PublicKeySign)6
PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)6
AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)6
EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)6
HybridDecrypt (com.google.crypto.tink.HybridDecrypt)4
HybridEncrypt (com.google.crypto.tink.HybridEncrypt)4
AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4
EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)4
EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)4
HashType (com.google.crypto.tink.proto.HashType)4
KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)4
