Search in sources :

Example 1 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeysetManagerTest method addKeyHandleWithKeyAccess_existingKeyset_shouldAddKey.

@Test
public void addKeyHandleWithKeyAccess_existingKeyset_shouldAddKey() throws Exception {
    KeyTemplate keyTemplate1 = KeyTemplates.get("AES128_GCM");
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset().add(keyTemplate1);
    KeyTemplate keyTemplate2 = KeyTemplates.get("AES256_GCM");
    KeyAccess keyAccess = SecretKeyAccess.insecureSecretAccess();
    KeyHandle keyHandle = KeyHandle.createFromKey(new ProtoKey(Registry.newKeyData(keyTemplate2), keyTemplate2.getOutputPrefixType()), keyAccess);
    keysetManager = keysetManager.add(keyHandle, keyAccess);
    KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
    Keyset keyset = keysetHandle.getKeyset();
    expect.that(keyset.getKeyCount()).isEqualTo(2);
    Keyset.Key key1 = keyset.getKey(0);
    expect.that(key1.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key1.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
    expect.that(key1.hasKeyData()).isTrue();
    expect.that(key1.getKeyData().getTypeUrl()).isEqualTo(keyTemplate1.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat1 = AesGcmKeyFormat.parseFrom(keyTemplate1.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey1 = AesGcmKey.parseFrom(key1.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey1.getKeyValue().size()).isEqualTo(aesGcmKeyFormat1.getKeySize());
    Keyset.Key key2 = keyset.getKey(1);
    expect.that(key2.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key2.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
    expect.that(key2.hasKeyData()).isTrue();
    expect.that(key2.getKeyData().getTypeUrl()).isEqualTo(keyTemplate2.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat2 = AesGcmKeyFormat.parseFrom(keyTemplate2.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey2 = AesGcmKey.parseFrom(key2.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey2.getKeyValue().size()).isEqualTo(aesGcmKeyFormat2.getKeySize());
    // No primary key because add doesn't automatically promote the new key to primary.
    assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) SecretKeyAccess(com.google.crypto.tink.tinkkey.SecretKeyAccess) KeyAccess(com.google.crypto.tink.tinkkey.KeyAccess) ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey) AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat) Key(com.google.crypto.tink.proto.Keyset.Key) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) AesGcmKey(com.google.crypto.tink.proto.AesGcmKey) Test(org.junit.Test)

Example 2 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeysetHandleTest method getKeys.

@Test
public void getKeys() throws Exception {
    KeyTemplate keyTemplate = KeyTemplates.get("AES128_EAX");
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
    final int numKeys = 3;
    for (int i = 0; i < numKeys; i++) {
        keysetManager.add(keyTemplate);
    }
    KeysetHandle handle = keysetManager.getKeysetHandle();
    Keyset keyset = handle.getKeyset();
    List<KeyHandle> keysetKeys = handle.getKeys();
    expect.that(keysetKeys).hasSize(numKeys);
    Map<Integer, KeyHandle> keysetKeysMap = keysetKeys.stream().collect(Collectors.toMap(KeyHandle::getId, key -> key));
    for (Keyset.Key key : keyset.getKeyList()) {
        expect.that(keysetKeysMap).containsKey(key.getKeyId());
        KeyHandle keysetKey = keysetKeysMap.get(key.getKeyId());
        expect.that(KeyStatusTypeProtoConverter.toProto(keysetKey.getStatus())).isEqualTo(key.getStatus());
        KeyData keyData = ((ProtoKey) keysetKey.getKey(SecretKeyAccess.insecureSecretAccess())).getProtoKey();
        expect.that(keyData).isEqualTo(key.getKeyData());
    }
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) Keyset(com.google.crypto.tink.proto.Keyset) PublicKeySignFactory(com.google.crypto.tink.signature.PublicKeySignFactory) PublicKeyVerifyFactory(com.google.crypto.tink.signature.PublicKeyVerifyFactory) ByteArrayOutputStream(java.io.ByteArrayOutputStream) BeforeClass(org.junit.BeforeClass) SignatureConfig(com.google.crypto.tink.signature.SignatureConfig) Assert.assertThrows(org.junit.Assert.assertThrows) KeyStatusType(com.google.crypto.tink.proto.KeyStatusType) RunWith(org.junit.runner.RunWith) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Random(com.google.crypto.tink.subtle.Random) ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey) TreeSet(java.util.TreeSet) GeneralSecurityException(java.security.GeneralSecurityException) SignatureKeyTemplates(com.google.crypto.tink.signature.SignatureKeyTemplates) ByteArrayInputStream(java.io.ByteArrayInputStream) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) AesEaxKeyManager(com.google.crypto.tink.aead.AesEaxKeyManager) ExtensionRegistryLite(com.google.protobuf.ExtensionRegistryLite) Map(java.util.Map) TestUtil(com.google.crypto.tink.testing.TestUtil) SecretKeyAccess(com.google.crypto.tink.tinkkey.SecretKeyAccess) Expect(com.google.common.truth.Expect) AesEaxKey(com.google.crypto.tink.proto.AesEaxKey) UTF_8(java.nio.charset.StandardCharsets.UTF_8) TinkConfig(com.google.crypto.tink.config.TinkConfig) OutputPrefixType(com.google.crypto.tink.proto.OutputPrefixType) Set(java.util.Set) Test(org.junit.Test) JUnit4(org.junit.runners.JUnit4) Truth.assertThat(com.google.common.truth.Truth.assertThat) Hex(com.google.crypto.tink.subtle.Hex) Collectors(java.util.stream.Collectors) KeyStatusTypeProtoConverter(com.google.crypto.tink.internal.KeyStatusTypeProtoConverter) List(java.util.List) Rule(org.junit.Rule) KeyAccess(com.google.crypto.tink.tinkkey.KeyAccess) AesEaxKeyFormat(com.google.crypto.tink.proto.AesEaxKeyFormat) KeyData(com.google.crypto.tink.proto.KeyData) ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 3 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeysetManagerTest method addKeyHandle_fromKeysetWithDisabledKey_shouldCopyStatusCorrectly.

@Test
public void addKeyHandle_fromKeysetWithDisabledKey_shouldCopyStatusCorrectly() throws Exception {
    KeyTemplate keyTemplate = KeyTemplates.get("AES128_GCM_RAW");
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
    for (int i = 0; i < 3; i++) {
        keysetManager.add(keyTemplate);
    }
    keysetManager.disable(keysetManager.getKeysetHandle().getKeys().get(0).getId());
    KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
    List<KeyHandle> keyList = keysetHandle.getKeys();
    KeysetManager copiedKeysetManager = KeysetManager.withEmptyKeyset();
    for (KeyHandle key : keyList) {
        copiedKeysetManager.add(key);
    }
    KeysetHandle copiedKeysetHandle = copiedKeysetManager.getKeysetHandle();
    List<KeyHandle> copiedKeyList = copiedKeysetHandle.getKeys();
    expect.that(copiedKeyList.size()).isEqualTo(keyList.size());
    for (int i = 0; i < copiedKeyList.size(); i++) {
        KeyHandle copiedKeyHandle = copiedKeyList.get(i);
        KeyHandle keyHandle = keyList.get(i);
        expect.that(copiedKeyHandle.getStatus()).isEqualTo(keyHandle.getStatus());
        expect.that(copiedKeyHandle.hasSecret()).isEqualTo(keyHandle.hasSecret());
        expect.that(copiedKeyHandle.getId()).isEqualTo(keyHandle.getId());
        ProtoKey copiedProtoKey = (ProtoKey) copiedKeyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
        ProtoKey protoKey = (ProtoKey) keyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
        expect.that(copiedProtoKey.getOutputPrefixType()).isEqualTo(protoKey.getOutputPrefixType());
        expect.that(copiedProtoKey.getProtoKey()).isEqualTo(protoKey.getProtoKey());
    }
}
Also used : ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) Test(org.junit.Test)

Example 4 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeysetHandle method getKeys.

/**
 * Returns the keyset data as a list of {@link KeyHandle}s.
 */
public List<KeyHandle> getKeys() {
    ArrayList<KeyHandle> result = new ArrayList<>();
    for (Keyset.Key key : keyset.getKeyList()) {
        KeyData keyData = key.getKeyData();
        result.add(new InternalKeyHandle(new ProtoKey(keyData, KeyTemplate.fromProto(key.getOutputPrefixType())), key.getStatus(), key.getKeyId()));
    }
    return Collections.unmodifiableList(result);
}
Also used : EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset) Keyset(com.google.crypto.tink.proto.Keyset) InternalKeyHandle(com.google.crypto.tink.tinkkey.internal.InternalKeyHandle) ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey) ArrayList(java.util.ArrayList) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) InternalKeyHandle(com.google.crypto.tink.tinkkey.internal.InternalKeyHandle) KeyData(com.google.crypto.tink.proto.KeyData)

Example 5 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeysetManager method add.

/**
 * Adds the input {@code KeyHandle} to the existing keyset with {@code OutputPrefixType.TINK}.
 *
 * @throws GeneralSecurityException if the given {@code KeyAccess} does not grant access to the
 *     key contained in the {@code KeyHandle}.
 * @throws UnsupportedOperationException if the {@code KeyHandle} contains a {@code TinkKey} which
 *     is not a {@code ProtoKey}.
 * @deprecated Use KeysetManager.add(KeyHandle) instead.
 */
@Deprecated
public synchronized KeysetManager add(KeyHandle keyHandle, KeyAccess access) throws GeneralSecurityException {
    ProtoKey pkey;
    try {
        pkey = (ProtoKey) keyHandle.getKey(access);
    } catch (ClassCastException e) {
        throw new UnsupportedOperationException("KeyHandles which contain TinkKeys that are not ProtoKeys are not yet supported.", e);
    }
    keysetBuilder.addKey(createKeysetKey(pkey.getProtoKey(), KeyTemplate.toProto(pkey.getOutputPrefixType())));
    return this;
}
Also used : ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey)

Aggregations

ProtoKey (com.google.crypto.tink.tinkkey.internal.ProtoKey)11 Test (org.junit.Test)7 KeyData (com.google.crypto.tink.proto.KeyData)6 KeyHandle (com.google.crypto.tink.tinkkey.KeyHandle)5 KeyTemplate (com.google.crypto.tink.KeyTemplate)3 AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)3 Keyset (com.google.crypto.tink.proto.Keyset)3 AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)2 KeyAccess (com.google.crypto.tink.tinkkey.KeyAccess)2 SecretKeyAccess (com.google.crypto.tink.tinkkey.SecretKeyAccess)2 ByteString (com.google.protobuf.ByteString)2 GeneralSecurityException (java.security.GeneralSecurityException)2 TreeSet (java.util.TreeSet)2 Expect (com.google.common.truth.Expect)1 Truth.assertThat (com.google.common.truth.Truth.assertThat)1 KeysetManager (com.google.crypto.tink.KeysetManager)1 AesEaxKeyManager (com.google.crypto.tink.aead.AesEaxKeyManager)1 TinkConfig (com.google.crypto.tink.config.TinkConfig)1 KeyStatusTypeProtoConverter (com.google.crypto.tink.internal.KeyStatusTypeProtoConverter)1 AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)1