def test_keyset_info(self):
keyset = tink_pb2.Keyset(primary_key_id=2)
keyset.key.extend([
helper.fake_key(value=b'v1',
type_url='t1',
key_id=1,
status=tink_pb2.ENABLED,
output_prefix_type=tink_pb2.TINK),
helper.fake_key(value=b'v2',
type_url='t2',
key_id=2,
status=tink_pb2.DESTROYED,
output_prefix_type=tink_pb2.RAW)
])
handle = core.KeysetHandle(keyset)
expected_keyset_info = tink_pb2.KeysetInfo(primary_key_id=2)
info1 = expected_keyset_info.key_info.add()
info1.type_url = 't1'
info1.status = tink_pb2.ENABLED
info1.output_prefix_type = tink_pb2.TINK
info1.key_id = 1
info2 = expected_keyset_info.key_info.add()
info2.type_url = 't2'
info2.status = tink_pb2.DESTROYED
info2.output_prefix_type = tink_pb2.RAW
info2.key_id = 2
self.assertEqual(expected_keyset_info, handle.keyset_info())
def test_primitive_fails_on_multiple_primary_keys(self):
keyset = tink_pb2.Keyset()
keyset.key.extend(
[helper.fake_key(key_id=12345),
helper.fake_key(key_id=12345)])
keyset.primary_key_id = 12345
handle = core.KeysetHandle(keyset)
with self.assertRaisesRegex(core.TinkError,
'keyset contains multiple primary keys'):
handle.primitive(aead.Aead)
def new_primitives_and_keys(key_id, output_prefix_type):
fake_dec_key = helper.fake_key(
key_material_type=tink_pb2.KeyData.ASYMMETRIC_PRIVATE,
key_id=key_id,
output_prefix_type=output_prefix_type)
fake_enc_key = helper.fake_key(
key_material_type=tink_pb2.KeyData.ASYMMETRIC_PUBLIC,
key_id=key_id,
output_prefix_type=output_prefix_type)
fake_hybrid_decrypt = helper.FakeHybridDecrypt(
'fakeHybrid {}'.format(key_id))
fake_hybrid_encrypt = helper.FakeHybridEncrypt(
'fakeHybrid {}'.format(key_id))
return fake_hybrid_decrypt, fake_hybrid_encrypt, fake_dec_key, fake_enc_key
def test_add_invalid_key_fails(self):
primitive_set = core.new_primitive_set(mac.Mac)
key = helper.fake_key()
key.ClearField('output_prefix_type')
with self.assertRaisesRegex(core.TinkError,
'invalid OutputPrefixType'):
primitive_set.add_primitive(helper.FakeMac(), key)
def new_primitive_key_pair(key_id, output_prefix_type):
fake_key = helper.fake_key(
key_id=key_id,
key_material_type=tink_pb2.KeyData.ASYMMETRIC_PRIVATE,
output_prefix_type=output_prefix_type)
fake_sign = helper.FakePublicKeyVerify('fakePublicKeySign {}'.format(key_id))
return fake_sign, fake_key,
def test_list_of_entries_can_be_modified(self):
primitive_set = core.new_primitive_set(mac.Mac)
key = helper.fake_key(key_id=1)
primitive_set.add_primitive(helper.FakeMac('FakeMac'), key)
entries = primitive_set.primitive(key)
entries.append('Something')
self.assertLen(primitive_set.primitive(key), 1)
def test_primitive_fails_on_empty_keyset(self):
keyset = tink_pb2.Keyset()
keyset.key.extend([helper.fake_key(key_id=1, status=tink_pb2.DESTROYED)])
keyset.primary_key_id = 1
handle = _keyset_handle(keyset)
with self.assertRaisesRegex(core.TinkError, 'empty keyset'):
handle.primitive(aead.Aead)
def test_primitive_fails_on_key_with_unknown_status(self):
keyset = tink_pb2.Keyset()
keyset.key.extend(
[helper.fake_key(key_id=1234, status=tink_pb2.UNKNOWN_STATUS)])
keyset.primary_key_id = 1234
handle = _keyset_handle(keyset)
with self.assertRaisesRegex(core.TinkError, 'key 1234 has unknown status'):
handle.primitive(aead.Aead)
def _mac_set(mac_list):
"""Converts a List of Mac in a PrimitiveSet and sets the last primary."""
mac_set = core.new_primitive_set(mac.Mac)
for i, primitive in enumerate(mac_list):
mac_set.set_primary(
mac_set.add_primitive(
primitive,
helper.fake_key(key_id=i, output_prefix_type=tink_pb2.RAW)))
return mac_set
def test_primitive_fails_on_key_with_unknown_prefix(self):
keyset = tink_pb2.Keyset()
keyset.key.extend([
helper.fake_key(key_id=12, output_prefix_type=tink_pb2.UNKNOWN_PREFIX)
])
keyset.primary_key_id = 12
handle = _keyset_handle(keyset)
with self.assertRaisesRegex(core.TinkError, 'key 12 has unknown prefix'):
handle.primitive(aead.Aead)
def test_primitive_fails_on_key_without_keydata(self):
keyset = tink_pb2.Keyset()
key = helper.fake_key(key_id=123)
key.ClearField('key_data')
keyset.key.extend([key])
keyset.primary_key_id = 123
handle = core.KeysetHandle(keyset)
with self.assertRaisesRegex(core.TinkError, 'key 123 has no key data'):
handle.primitive(aead.Aead)
def test_same_key_id_and_prefix_type(self):
primitive_set = core.new_primitive_set(mac.Mac)
key1 = helper.fake_key(key_id=1, status=tink_pb2.ENABLED)
fake_mac1 = helper.FakeMac('FakeMac1')
primitive_set.add_primitive(fake_mac1, key1)
key2 = helper.fake_key(key_id=1, status=tink_pb2.DISABLED)
fake_mac2 = helper.FakeMac('FakeMac2')
primitive_set.add_primitive(fake_mac2, key2)
expected_ident = crypto_format.output_prefix(key1)
entries = primitive_set.primitive(key1)
self.assertLen(entries, 2)
self.assertEqual(fake_mac1, entries[0].primitive)
self.assertEqual(fake_mac2, entries[1].primitive)
self.assertEqual(tink_pb2.ENABLED, entries[0].status)
self.assertEqual(tink_pb2.DISABLED, entries[1].status)
self.assertEqual(expected_ident, entries[0].identifier)
self.assertEqual(expected_ident, entries[1].identifier)
self.assertLen(primitive_set.primitive(key2), 2)
def test_primary_returns_primary(self):
primitive_set = core.new_primitive_set(mac.Mac)
key = helper.fake_key(key_id=1)
fake_mac = helper.FakeMac('FakeMac')
entry = primitive_set.add_primitive(fake_mac, key)
primitive_set.set_primary(entry)
entry = primitive_set.primary()
self.assertEqual(fake_mac, entry.primitive)
self.assertEqual(tink_pb2.ENABLED, entry.status)
self.assertEqual(crypto_format.output_prefix(key), entry.identifier)
def test_raw_primitives(self):
primitive_set = core.new_primitive_set(mac.Mac)
primitive_set.add_primitive(helper.FakeMac('FakeMac1'),
helper.fake_key(key_id=1))
key2 = helper.fake_key(key_id=1, output_prefix_type=tink_pb2.RAW)
fake_mac2 = helper.FakeMac('FakeMac2')
primitive_set.add_primitive(fake_mac2, key2)
key3 = helper.fake_key(key_id=3,
status=tink_pb2.DISABLED,
output_prefix_type=tink_pb2.RAW)
fake_mac3 = helper.FakeMac('FakeMac3')
primitive_set.add_primitive(fake_mac3, key3)
entries = primitive_set.raw_primitives()
self.assertLen(entries, 2)
self.assertEqual(fake_mac2, entries[0].primitive)
self.assertEqual(tink_pb2.ENABLED, entries[0].status)
self.assertEqual(crypto_format.RAW_PREFIX, entries[0].identifier)
self.assertEqual(fake_mac3, entries[1].primitive)
self.assertEqual(tink_pb2.DISABLED, entries[1].status)
self.assertEqual(crypto_format.RAW_PREFIX, entries[1].identifier)
def test_primitive_from_identifier_returns_entry(self):
primitive_set = core.new_primitive_set(mac.Mac)
key = helper.fake_key(key_id=1)
fake_mac = helper.FakeMac('FakeMac')
primitive_set.add_primitive(fake_mac, key)
ident = crypto_format.output_prefix(key)
entries = primitive_set.primitive_from_identifier(ident)
self.assertLen(entries, 1)
entry = entries[0]
self.assertEqual(fake_mac, entry.primitive)
self.assertEqual(tink_pb2.ENABLED, entry.status)
self.assertEqual(ident, entry.identifier)
def test_same_key_id_but_different_prefix_type(self):
primitive_set = core.new_primitive_set(mac.Mac)
key1 = helper.fake_key(key_id=1, output_prefix_type=tink_pb2.TINK)
fake_mac1 = helper.FakeMac('FakeMac1')
primitive_set.add_primitive(fake_mac1, key1)
key2 = helper.fake_key(key_id=1, output_prefix_type=tink_pb2.LEGACY)
fake_mac2 = helper.FakeMac('FakeMac2')
primitive_set.add_primitive(fake_mac2, key2)
entries1 = primitive_set.primitive(key1)
self.assertLen(entries1, 1)
self.assertEqual(fake_mac1, entries1[0].primitive)
self.assertEqual(tink_pb2.ENABLED, entries1[0].status)
self.assertEqual(crypto_format.output_prefix(key1),
entries1[0].identifier)
entries2 = primitive_set.primitive(key2)
self.assertLen(entries2, 1)
self.assertEqual(fake_mac2, entries2[0].primitive)
self.assertEqual(tink_pb2.ENABLED, entries2[0].status)
self.assertEqual(crypto_format.output_prefix(key2),
entries2[0].identifier)
def new_primitive_key_pair(self, key_id, output_prefix_type):
fake_key = helper.fake_key(key_id=key_id,
output_prefix_type=output_prefix_type)
fake_aead = helper.FakeAead('fakeAead {}'.format(key_id))
return fake_aead, fake_key
def new_primitive_key_pair(self, key_id, output_prefix_type):
fake_key = helper.fake_key(
key_id=key_id, output_prefix_type=output_prefix_type)
fake_mac = helper.FakeMac('fakeMac {}'.format(key_id))
return fake_mac, fake_key
def test_add_wrong_primitive_fails(self):
primitive_set = core.new_primitive_set(aead.Aead)
with self.assertRaisesRegex(core.TinkError,
'The primitive is not an instance of '):
primitive_set.add_primitive(helper.FakeMac(), helper.fake_key())
def test_primary_returns_none(self):
primitive_set = core.new_primitive_set(mac.Mac)
primitive_set.add_primitive(helper.FakeMac('FakeMac'),
helper.fake_key(key_id=1))
self.assertEqual(primitive_set.primary(), None)
def test_unknown_key_returns_empty_list(self):
primitive_set = core.new_primitive_set(mac.Mac)
unknown_key = helper.fake_key(key_id=1)
self.assertEqual(primitive_set.primitive(unknown_key), [])
