def test_new_keyset_handle_on_public_key_fails(self):
key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat()
key_template = tink_pb2.KeyTemplate()
key_template.type_url = (
'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey')
key_template.value = key_format.SerializeToString()
key_template.output_prefix_type = tink_pb2.TINK
with self.assertRaises(core.TinkError):
tink.new_keyset_handle(key_template)
def test_new_key_data_on_public_key_manager_fails(self):
key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat()
key_template = tink_pb2.KeyTemplate()
key_template.type_url = (
'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey')
key_template.value = key_format.SerializeToString()
key_template.output_prefix_type = tink_pb2.TINK
with self.assertRaisesRegex(tink_error.TinkError,
'Operation not supported for public keys'):
key_manager = _hybrid_encrypt_key_manager()
key_manager.new_key_data(key_template)
def test_ecies_p256_hkdf_hmac_sha256_aes128_gcm(self):
template = hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM
self.assertEqual(
'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey',
template.type_url)
self.assertEqual(tink_pb2.TINK, template.output_prefix_type)
key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat()
key_format.ParseFromString(template.value)
self.assertEqual(key_format.params.kem_params.curve_type,
common_pb2.NIST_P256)
self.assertEqual(key_format.params.dem_params.aead_dem,
aead.aead_key_templates.AES128_GCM)
def create_ecies_aead_hkdf_key_template(
curve_type: common_pb2.EllipticCurveType,
ec_point_format: common_pb2.EcPointFormat,
hash_type: common_pb2.HashType,
dem_key_template: tink_pb2.KeyTemplate) -> tink_pb2.KeyTemplate:
"""Creates an ECIES-AEAD-HKDF KeyTemplate, and fills in its values."""
key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat()
key_format.params.kem_params.curve_type = curve_type
key_format.params.kem_params.hkdf_hash_type = hash_type
key_format.params.dem_params.aead_dem.CopyFrom(dem_key_template)
key_format.params.ec_point_format = ec_point_format
key_template = tink_pb2.KeyTemplate()
key_template.type_url = (
'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey')
key_template.value = key_format.SerializeToString()
key_template.output_prefix_type = tink_pb2.TINK
return key_template
def test_create_aes_eax_key_template(self):
# Intentionally using 'weird' or invalid values for parameters,
# to test that the function correctly puts them in the resulting template.
template = hybrid.hybrid_key_templates.create_ecies_aead_hkdf_key_template(
curve_type=common_pb2.NIST_P521,
ec_point_format=common_pb2.DO_NOT_USE_CRUNCHY_UNCOMPRESSED,
hash_type=common_pb2.SHA1,
dem_key_template=aead.aead_key_templates.AES256_EAX)
self.assertEqual(
'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey',
template.type_url)
self.assertEqual(tink_pb2.TINK, template.output_prefix_type)
key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat()
key_format.ParseFromString(template.value)
self.assertEqual(key_format.params.kem_params.curve_type,
common_pb2.NIST_P521)
self.assertEqual(key_format.params.kem_params.hkdf_hash_type,
common_pb2.SHA1)
self.assertEqual(key_format.params.ec_point_format,
common_pb2.DO_NOT_USE_CRUNCHY_UNCOMPRESSED)
self.assertEqual(key_format.params.dem_params.aead_dem,
aead.aead_key_templates.AES256_EAX)
