def setUpModule():
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
testing_servers.start('key_generation_consistency')
def register():
aead.register()
daead.register()
hybrid.register()
cc_tink_config.register()
_register_key_managers()
_register_primitive_wrappers()
def main(unused_argv):
aead.register()
daead.register()
hybrid.register()
mac.register()
prf.register()
signature.register()
streaming_aead.register()
jwt.register_jwt_mac()
fake_kms.register_client()
server = grpc.server(futures.ThreadPoolExecutor(max_workers=2))
testing_api_pb2_grpc.add_MetadataServicer_to_server(
services.MetadataServicer(), server)
testing_api_pb2_grpc.add_KeysetServicer_to_server(
services.KeysetServicer(), server)
testing_api_pb2_grpc.add_AeadServicer_to_server(services.AeadServicer(),
server)
testing_api_pb2_grpc.add_DeterministicAeadServicer_to_server(
services.DeterministicAeadServicer(), server)
testing_api_pb2_grpc.add_MacServicer_to_server(services.MacServicer(),
server)
testing_api_pb2_grpc.add_PrfSetServicer_to_server(
services.PrfSetServicer(), server)
testing_api_pb2_grpc.add_HybridServicer_to_server(
services.HybridServicer(), server)
testing_api_pb2_grpc.add_SignatureServicer_to_server(
services.SignatureServicer(), server)
testing_api_pb2_grpc.add_StreamingAeadServicer_to_server(
services.StreamingAeadServicer(), server)
testing_api_pb2_grpc.add_JwtServicer_to_server(jwt_service.JwtServicer(),
server)
server.add_secure_port('[::]:%d' % FLAGS.port,
grpc.local_server_credentials())
server.start()
server.wait_for_termination()
def setUpModule():
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
testing_servers.start()
def setUpClass(cls):
super().setUpClass()
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
def main(argv):
del argv
context_info = b'' if not FLAGS.context_info else bytes(
FLAGS.context_info, 'utf-8')
# Initialise Tink.
try:
hybrid.register()
except tink.TinkError:
logging.exception('Error initialising Tink.')
return 1
# Read the keyset into a keyset_handle.
with open(FLAGS.keyset_path, 'rt') as keyset_file:
text = keyset_file.read()
try:
keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(text))
except tink.TinkError:
logging.exception('Error reading key.')
return 1
# Get the primitive.
try:
primitive = keyset_handle.primitive(hybrid.HybridDecrypt)
except tink.TinkError:
logging.exception(
'Error creating hybrid decrypt primitive from keyset.')
return 1
with open(FLAGS.input_path, 'rb') as input_file:
with open(FLAGS.output_path, 'wb') as output_file:
data = input_file.read()
plaintext = primitive.decrypt(data, context_info)
output_file.write(plaintext)
def register():
aead.register()
daead.register()
hybrid.register()
mac.register()
prf.register()
signature.register()
streaming_aead.register()
def main(argv):
del argv # Unused
mode = FLAGS.mode
if mode not in ('encrypt', 'decrypt'):
logging.error('Incorrect mode. Please select "encrypt" or "decrypt".')
return 1
context_info = b'' if not FLAGS.context_info else bytes(
FLAGS.context_info, 'utf-8')
# Initialise Tink
try:
hybrid.register()
except tink.TinkError as e:
logging.exception('Error initialising Tink: %s', e)
return 1
# Read the keyset into a keyset_handle
with open(FLAGS.keyset_path, 'rt') as keyset_file:
try:
text = keyset_file.read()
keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(text))
except tink.TinkError as e:
logging.exception('Error reading key: %s', e)
return 1
with open(FLAGS.input_path, 'rb') as input_file:
data = input_file.read()
if mode == 'encrypt':
# Get the primitive
try:
primitive = keyset_handle.primitive(hybrid.HybridEncrypt)
except tink.TinkError as e:
logging.exception(
'Error creating hybrid encrypt primitive from keyset: %s', e)
return 1
# Encrypt data
with open(FLAGS.output_path, 'wb') as output_file:
ciphertext = primitive.encrypt(data, context_info)
output_file.write(ciphertext)
return 0
# Get the primitive
try:
primitive = keyset_handle.primitive(hybrid.HybridDecrypt)
except tink.TinkError as e:
logging.exception(
'Error creating hybrid encrypt primitive from keyset: %s', e)
return 1
# Decrypt data
with open(FLAGS.output_path, 'wb') as output_file:
plaintext = primitive.decrypt(data, context_info)
output_file.write(plaintext)
return 0
def main(argv):
if len(argv) != 5:
raise app.UsageError(
'Expected 4 arguments, got %d.\n'
'Usage: %s keyset-file plaintext-file contextinfo-file output-file'
% (len(argv) - 1, argv[0]))
keyset_filename = argv[1]
plaintext_filename = argv[2]
contextinfo_filename = argv[3]
output_filename = argv[4]
logging.info(
'Using keyset from file %s to HybridEncrypt file %s using context '
'info %s\n.The resulting output will be written to file %s',
keyset_filename, plaintext_filename, contextinfo_filename,
output_filename)
# Initialise Tink
try:
hybrid.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset into keyset_handle
try:
keyset_handle = read_keyset(keyset_filename)
except tink.TinkError as e:
logging.error('Error reading key: %s', e)
return 1
# Get the primitive
try:
cipher = keyset_handle.primitive(hybrid.HybridEncrypt)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
# Read the input files
with open(plaintext_filename, 'rb') as plaintext_file:
plaintext_data = plaintext_file.read()
with open(contextinfo_filename, 'rb') as contextinfo_file:
contextinfo_data = contextinfo_file.read()
try:
output_data = cipher.encrypt(plaintext_data, contextinfo_data)
except tink.TinkError as e:
logging.error('Error encrypting the input: %s', e)
return 1
with open(output_filename, 'wb') as output_file:
output_file.write(output_data)
logging.info('All done.')
def encrypt_with_cluster_key(self, cluster_public_key, secret,
openssl_executable):
if openssl_executable:
return self.encode_token_using_openssl(cluster_public_key, secret,
openssl_executable)
try:
# pylint: disable=g-import-not-at-top
import tink
from tink import hybrid
from tink import cleartext_keyset_handle
# pylint: enable=g-import-not-at-top
except ImportError:
raise exceptions.PersonalAuthError(
'Cannot load the Tink cryptography library. Either the '
'library is not installed, or site packages are not '
'enabled for the Google Cloud SDK. Please consult Cloud '
'Dataproc Personal Auth documentation on adding Tink to '
'Google Cloud SDK for further instructions.\n'
'https://cloud.google.com/dataproc/docs/concepts/iam/personal-auth'
)
hybrid.register()
context = b''
# Extract value of key corresponding to primary key.
public_key_value = json.loads(
cluster_public_key)['key'][0]['keyData']['value']
cluster_key_hash = hashlib.sha256(
(public_key_value + '\n').encode('utf-8')).hexdigest()
# Load public key and create keyset handle.
reader = tink.JsonKeysetReader(cluster_public_key)
kh_pub = cleartext_keyset_handle.read(reader)
# Create encrypter instance.
encrypter = kh_pub.primitive(hybrid.HybridEncrypt)
ciphertext = encrypter.encrypt(secret.encode('utf-8'), context)
encoded_token = base64.b64encode(ciphertext).decode('utf-8')
return '{}:{}'.format(cluster_key_hash, encoded_token)
def setUpModule():
hybrid.register()
testing_servers.start()
def setUpModule():
aead.register()
hybrid.register()
def setUpModule():
hybrid.register()
def register():
aead.register()
daead.register()
hybrid.register()
mac.register()
signature.register()
