def test_aes256_gcm_hkdf_4kb(self): template = streaming_aead_key_templates.AES256_GCM_HKDF_4KB self.assertEqual( 'type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey', template.type_url) self.assertEqual(tink_pb2.RAW, template.output_prefix_type) key_format = aes_gcm_hkdf_streaming_pb2.AesGcmHkdfStreamingKeyFormat() key_format.ParseFromString(template.value) self.assertEqual(32, key_format.key_size) self.assertEqual(common_pb2.HashType.SHA256, key_format.params.hkdf_hash_type) self.assertEqual(32, key_format.params.derived_key_size) self.assertEqual(4096, key_format.params.ciphertext_segment_size)
def create_aes_gcm_hkdf_streaming_key_template( aes_key_size: int, hash_type: common_pb2.HashType, derived_key_size: int, ciphertext_segment_size: int) -> tink_pb2.KeyTemplate: """Creates an AES GCM HKDF Streaming KeyTemplate, and fills in its values.""" key_format = aes_gcm_hkdf_streaming_pb2.AesGcmHkdfStreamingKeyFormat() key_format.key_size = aes_key_size key_format.params.hkdf_hash_type = hash_type key_format.params.derived_key_size = derived_key_size key_format.params.ciphertext_segment_size = ciphertext_segment_size key_template = tink_pb2.KeyTemplate() key_template.value = key_format.SerializeToString() key_template.type_url = _AES_GCM_HKDF_STREAMING_KEY_TYPE_URL key_template.output_prefix_type = tink_pb2.RAW return key_template
def test_create_aes_gcm_hkdf_streaming_key_template(self): # Intentionally using 'weird' or invalid values for parameters, # to test that the function correctly puts them in the resulting template. template = streaming_aead.streaming_aead_key_templates.create_aes_gcm_hkdf_streaming_key_template( aes_key_size=42, hash_type=common_pb2.HashType.SHA1, derived_key_size=76, ciphertext_segment_size=64, ) self.assertEqual( 'type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey', template.type_url) self.assertEqual(tink_pb2.RAW, template.output_prefix_type) key_format = aes_gcm_hkdf_streaming_pb2.AesGcmHkdfStreamingKeyFormat() key_format.ParseFromString(template.value) self.assertEqual(42, key_format.key_size) self.assertEqual(common_pb2.HashType.SHA1, key_format.params.hkdf_hash_type) self.assertEqual(76, key_format.params.derived_key_size) self.assertEqual(64, key_format.params.ciphertext_segment_size)