Beispiel #1
0
def main(argv):
    if len(argv) != 4:
        raise app.UsageError(
            'Expected 3 arguments, got %d.\n'
            'Usage: %s keyset-file (encrypt | decrypt) associated-data' %
            (len(argv) - 1, argv[0]))

    keyset_filename = argv[1]
    operation = argv[2]
    aad = argv[3].encode('utf-8')  # TODO take hex and binascii.unhexlify

    if operation not in ('encrypt', 'decrypt'):
        logging.error('Operation %s not recognised', operation)
        return 1

    # Initialise Tink.
    try:
        tink.tink_config.register()
    except tink.TinkError as e:
        logging.error('Error initialising Tink: %s', e)
        return 1

    # Read the keyset.
    with open(keyset_filename, 'rb') as keyset_file:
        try:
            text = keyset_file.read()
            keyset = cleartext_keyset_handle.read(tink.JsonKeysetReader(text))
        except tink.TinkError as e:
            logging.error('Error reading key: %s', e)
            return 1

    # Get the primitive.
    try:
        cipher = keyset.primitive(tink.Aead)
    except tink.TinkError as e:
        logging.error('Error creating primitive: %s', e)
        return 1

    # Compute the operation.
    input_data = sys.stdin.buffer.read()

    try:
        if operation == 'encrypt':
            output_data = cipher.encrypt(input_data, aad)
        elif operation == 'decrypt':
            output_data = cipher.decrypt(input_data, aad)
        else:
            # Unreachable: We checked operation at the start.
            logging.error('(unreachable) Operation %s not recognised',
                          operation)
            return 1
    except tink.TinkError as e:
        logging.error('Operation failed: %s', e)
        return 1

    sys.stdout.buffer.write(output_data)
    return 0
Beispiel #2
0
 def test_write_read(self):
     handle = keyset_handle.KeysetHandle.generate_new(
         mac.mac_key_templates.HMAC_SHA256_128BITTAG)
     output_stream = io.BytesIO()
     writer = core.BinaryKeysetWriter(output_stream)
     cleartext_keyset_handle.write(writer, handle)
     reader = core.BinaryKeysetReader(output_stream.getvalue())
     handle2 = cleartext_keyset_handle.read(reader)
     # Check that handle2 has the same primitive as handle.
     handle2.primitive(mac.Mac).verify_mac(
         handle.primitive(mac.Mac).compute_mac(b'data'), b'data')
Beispiel #3
0
def read_keyset(keyset_filename):
  """Load a keyset from a file.

  Args:
    keyset_filename: A path to a keyset file

  Returns:
    A KeysetHandle of the file's keyset
  Raises:
    TinkError: if the file is not valid
    IOError: if the file does not exist
  """
  with open(keyset_filename, 'rb') as keyset_file:
    text = keyset_file.read()
    keyset = cleartext_keyset_handle.read(tink.BinaryKeysetReader(text))
  return keyset
Beispiel #4
0
def main(argv):
    if len(argv) not in (3, 4):
        raise app.UsageError(
            'Expected 2 or 3 arguments, got %d.\n'
            'Usage: %s keyset-file data-file [expected-code-file]' %
            (len(argv) - 1, argv[0]))

    keyset_filename = argv[1]
    data_filename = argv[2]
    expected_code_filename = argv[3] if len(argv) == 4 else None

    if expected_code_filename is not None:
        with open(expected_code_filename, 'rb') as expected_code_file:
            expected_code_hex = expected_code_file.read().strip()

        logging.info(
            'Using keyset from file %s to verify file %s against expected code %s',
            keyset_filename, data_filename, expected_code_hex.decode('utf-8'))
    else:
        expected_code_hex = None
        logging.info('Using keyset from file %s to verify file %s',
                     keyset_filename, data_filename)

    # Initialise Tink.
    try:
        tink.tink_config.register()
    except tink.TinkError as e:
        logging.error('Error initialising Tink: %s', e)
        return 1

    # Read the keyset.
    with open(keyset_filename, 'rb') as keyset_file:
        try:
            text = keyset_file.read()
            keyset = cleartext_keyset_handle.read(tink.JsonKeysetReader(text))
        except tink.TinkError as e:
            logging.error('Error reading key: %s', e)
            return 1

    # Get the primitive.
    try:
        cipher = keyset.primitive(tink.Mac)
    except tink.TinkError as e:
        logging.error('Error creating primitive: %s', e)
        return 1

    # Compute the MAC.
    with open(data_filename, 'rb') as data_file:
        data = data_file.read()

    if expected_code_hex is None:
        code = cipher.compute_mac(data)
        logging.info('MAC output is %s',
                     binascii.hexlify(code).decode('utf-8'))
        return 0

    try:
        expected_code = binascii.unhexlify(expected_code_hex)
    except binascii.Error as e:
        logging.error('Error reading expected code: %s', e)
        return 1

    try:
        cipher.verify_mac(expected_code, data)
        logging.info('MAC outputs matched. Success!')
        return 0
    except tink.TinkError as e:
        logging.info('MAC outputs did not match!')
        code = binascii.hexlify(cipher.compute_mac(data)).decode('utf-8')
        logging.info('Actual MAC output is %s', code)
        return 1
Beispiel #5
0
 def test_read_empty_keyset_fails(self):
     with self.assertRaises(core.TinkError):
         cleartext_keyset_handle.read(core.BinaryKeysetReader(b''))