def test_generate_new_key_id_is_randomized(self): handle1 = core.new_keyset_handle( mac.mac_key_templates.HMAC_SHA256_128BITTAG) handle2 = core.new_keyset_handle( mac.mac_key_templates.HMAC_SHA256_128BITTAG) self.assertNotEqual(handle1.keyset_info().key_info[0].key_id, handle2.keyset_info().key_info[0].key_id)
def test_write_raises_error_when_decrypt_not_possible(self): handle = core.new_keyset_handle( mac.mac_key_templates.HMAC_SHA256_128BITTAG) writer = core.BinaryKeysetWriter(io.BytesIO()) with self.assertRaisesRegex(core.TinkError, 'invalid keyset, corrupted key material'): handle.write(writer, BadAead1())
def test_generate_new(self): keyset_info = core.new_keyset_handle( mac.mac_key_templates.HMAC_SHA256_128BITTAG).keyset_info() self.assertLen(keyset_info.key_info, 1) key_info = keyset_info.key_info[0] self.assertEqual(key_info.status, tink_pb2.ENABLED) self.assertEqual( key_info.output_prefix_type, mac.mac_key_templates.HMAC_SHA256_128BITTAG.output_prefix_type) self.assertEqual(keyset_info.primary_key_id, key_info.key_id)
def test_write_encrypted(self): handle = core.new_keyset_handle( mac.mac_key_templates.HMAC_SHA256_128BITTAG) # Encrypt the keyset with Aead. master_key_aead = _master_key_aead() output_stream = io.BytesIO() writer = core.BinaryKeysetWriter(output_stream) handle.write(writer, master_key_aead) reader = core.BinaryKeysetReader(output_stream.getvalue()) handle2 = core.read_keyset_handle(reader, master_key_aead) # Check that handle2 has the same primitive as handle. handle2.primitive(mac.Mac).verify_mac( handle.primitive(mac.Mac).compute_mac(b'data'), b'data')
def test_write_no_secret(self): private_handle = core.new_keyset_handle( hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM) public_handle = private_handle.public_keyset_handle() output_stream = io.BytesIO() writer = core.BinaryKeysetWriter(output_stream) public_handle.write_no_secret(writer) with self.assertRaisesRegex(core.TinkError, 'keyset contains secret key material'): private_handle.write_no_secret(writer)
def test_public_keyset_handle(self): private_handle = core.new_keyset_handle( hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM) public_handle = private_handle.public_keyset_handle() hybrid_dec = private_handle.primitive(hybrid.HybridDecrypt) hybrid_enc = public_handle.primitive(hybrid.HybridEncrypt) self.assertEqual(public_handle.keyset_info().primary_key_id, private_handle.keyset_info().primary_key_id) self.assertLen(public_handle.keyset_info().key_info, 1) self.assertEqual( public_handle.keyset_info().key_info[0].type_url, 'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey') ciphertext = hybrid_enc.encrypt(b'some plaintext', b'some context info') self.assertEqual(hybrid_dec.decrypt(ciphertext, b'some context info'), b'some plaintext')
def test_read_no_secret(self): private_handle = core.new_keyset_handle( hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM) public_handle = private_handle.public_keyset_handle() output_stream_pub = io.BytesIO() writer = core.BinaryKeysetWriter(output_stream_pub) writer.write(public_handle._keyset) output_stream_priv = io.BytesIO() writer = core.BinaryKeysetWriter(output_stream_priv) writer.write(private_handle._keyset) reader = core.BinaryKeysetReader(output_stream_pub.getvalue()) core.read_no_secret_keyset_handle(reader) with self.assertRaisesRegex(core.TinkError, 'keyset contains secret key material'): reader = core.BinaryKeysetReader(output_stream_priv.getvalue()) core.read_no_secret_keyset_handle(reader)
def test_write_raises_error_when_decrypt_to_wrong_keyset(self): handle = core.new_keyset_handle( mac.mac_key_templates.HMAC_SHA256_128BITTAG) writer = core.BinaryKeysetWriter(io.BytesIO()) with self.assertRaisesRegex(core.TinkError, 'cannot encrypt keyset:'): handle.write(writer, BadAead2())
def test_write_raises_error_when_encrypt_failed(self): handle = core.new_keyset_handle( mac.mac_key_templates.HMAC_SHA256_128BITTAG) writer = core.BinaryKeysetWriter(io.BytesIO()) with self.assertRaisesRegex(core.TinkError, 'encrypt failed'): handle.write(writer, FaultyAead())