def test_write_read(self): keyset = example_keyset() stream = io.BytesIO() writer = core.BinaryKeysetWriter(stream) writer.write(keyset) reader = core.BinaryKeysetReader(stream.getvalue()) self.assertEqual(keyset, reader.read())
def test_write(self):
handle = cleartext_keyset_handle.CleartextKeysetHandle.generate_new(
mac.mac_key_templates.HMAC_SHA256_128BITTAG)
output_stream = io.BytesIO()
writer = core.BinaryKeysetWriter(output_stream)
handle.write(writer)
reader = core.BinaryKeysetReader(output_stream.getvalue())
handle2 = cleartext_keyset_handle.CleartextKeysetHandle.read(reader)
# Check that handle2 has the same primitive as handle.
handle2.primitive(mac.Mac).verify_mac(
handle.primitive(mac.Mac).compute_mac(b'data'), b'data')
def test_read_encrypted(self):
encrypted_keyset = tink_pb2.EncryptedKeyset()
encrypted_keyset.encrypted_keyset = b'c29tZSBjaXBoZXJ0ZXh0IHdpdGgga2V5c2V0'
encrypted_keyset.keyset_info.primary_key_id = 42
key_info = encrypted_keyset.keyset_info.key_info.add()
key_info.type_url = 'type.googleapis.com/google.crypto.tink.AesGcmKey'
key_info.output_prefix_type = tink_pb2.TINK
key_info.key_id = 42
key_info.status = tink_pb2.ENABLED
reader = core.BinaryKeysetReader(encrypted_keyset.SerializeToString())
self.assertEqual(encrypted_keyset, reader.read_encrypted())
def test_read_no_secret(self):
private_handle = core.new_keyset_handle(
hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM)
public_handle = private_handle.public_keyset_handle()
output_stream_pub = io.BytesIO()
writer = core.BinaryKeysetWriter(output_stream_pub)
writer.write(public_handle._keyset)
output_stream_priv = io.BytesIO()
writer = core.BinaryKeysetWriter(output_stream_priv)
writer.write(private_handle._keyset)
reader = core.BinaryKeysetReader(output_stream_pub.getvalue())
core.read_no_secret_keyset_handle(reader)
with self.assertRaisesRegex(core.TinkError,
'keyset contains secret key material'):
reader = core.BinaryKeysetReader(output_stream_priv.getvalue())
core.read_no_secret_keyset_handle(reader)
def test_read(self):
keyset = tink_pb2.Keyset()
keyset.primary_key_id = 42
key = keyset.key.add()
key.key_data.type_url = 'type.googleapis.com/google.crypto.tink.AesGcmKey'
key.key_data.key_material_type = tink_pb2.KeyData.SYMMETRIC
key.key_data.value = b'GhCS/1+ejWpx68NfGt6ziYHd'
key.output_prefix_type = tink_pb2.TINK
key.key_id = 42
key.status = tink_pb2.ENABLED
reader = core.BinaryKeysetReader(keyset.SerializeToString())
self.assertEqual(keyset, reader.read())
def test_write_encrypted(self):
handle = core.new_keyset_handle(mac.mac_key_templates.HMAC_SHA256_128BITTAG)
# Encrypt the keyset with Aead.
master_key_aead = _master_key_aead()
output_stream = io.BytesIO()
writer = core.BinaryKeysetWriter(output_stream)
handle.write(writer, master_key_aead)
reader = core.BinaryKeysetReader(output_stream.getvalue())
handle2 = core.read_keyset_handle(reader, master_key_aead)
# Check that handle2 has the same primitive as handle.
handle2.primitive(mac.Mac).verify_mac(
handle.primitive(mac.Mac).compute_mac(b'data'), b'data')
def test_read_empty_keyset_fails(self):
with self.assertRaisesRegex(core.TinkError, 'No keyset found'):
core.read_keyset_handle(core.BinaryKeysetReader(b''),
_master_key_aead())
def test_read_empty_keyset_fails(self):
with self.assertRaisesRegex(core.TinkError, 'No keyset found'):
cleartext_keyset_handle.CleartextKeysetHandle.read(
core.BinaryKeysetReader(b''))
def test_read_none(self):
with self.assertRaisesRegex(core.TinkError, 'No keyset found'):
reader = core.BinaryKeysetReader(None)
reader.read()
def test_read_encrypted_invalid(self):
with self.assertRaisesRegex(core.TinkError, 'Wrong wire type'):
reader = core.BinaryKeysetReader(b'some weird data')
reader.read_encrypted()
def test_read_encrypted_empty(self):
with self.assertRaisesRegex(core.TinkError, 'No keyset found'):
reader = core.BinaryKeysetReader('')
reader.read_encrypted()
