def main(unused_argv): aead.register() daead.register() hybrid.register() mac.register() prf.register() signature.register() streaming_aead.register() jwt.register_jwt_mac() fake_kms.register_client() server = grpc.server(futures.ThreadPoolExecutor(max_workers=2)) testing_api_pb2_grpc.add_MetadataServicer_to_server( services.MetadataServicer(), server) testing_api_pb2_grpc.add_KeysetServicer_to_server( services.KeysetServicer(), server) testing_api_pb2_grpc.add_AeadServicer_to_server(services.AeadServicer(), server) testing_api_pb2_grpc.add_DeterministicAeadServicer_to_server( services.DeterministicAeadServicer(), server) testing_api_pb2_grpc.add_MacServicer_to_server(services.MacServicer(), server) testing_api_pb2_grpc.add_PrfSetServicer_to_server( services.PrfSetServicer(), server) testing_api_pb2_grpc.add_HybridServicer_to_server( services.HybridServicer(), server) testing_api_pb2_grpc.add_SignatureServicer_to_server( services.SignatureServicer(), server) testing_api_pb2_grpc.add_StreamingAeadServicer_to_server( services.StreamingAeadServicer(), server) testing_api_pb2_grpc.add_JwtServicer_to_server(jwt_service.JwtServicer(), server) server.add_secure_port('[::]:%d' % FLAGS.port, grpc.local_server_credentials()) server.start() server.wait_for_termination()
def setUpModule(): aead.register() daead.register() mac.register() hybrid.register() signature.register() testing_servers.start('key_generation_consistency')
def setUpModule(): aead.register() daead.register() mac.register() hybrid.register() signature.register() testing_servers.start()
def setUpClass(cls): super().setUpClass() aead.register() daead.register() mac.register() hybrid.register() signature.register()
def register(): aead.register() daead.register() hybrid.register() mac.register() prf.register() signature.register() streaming_aead.register()
def main(argv): if len(argv) != 5: raise app.UsageError( 'Expected 4 arguments, got %d.\n' 'Usage: %s keyset-file signature-file message-file output-file' % (len(argv) - 1, argv[0])) keyset_filename = argv[1] signature_filename = argv[2] message_filename = argv[3] output_filename = argv[4] logging.info( 'Using keyset from file %s to sign %s file.\n' 'The signature will be written to file %s\n', keyset_filename, message_filename, output_filename) # Initialise Tink try: signature.register() except tink.TinkError as e: logging.error('Error initialising Tink: %s', e) return 1 # Read the keyset into keyset_handle try: keyset_handle = read_keyset(keyset_filename) except tink.TinkError as e: logging.error('Error reading key: %s', e) return 1 # Get the primitive try: verify_primitive = keyset_handle.primitive(signature.PublicKeyVerify) except tink.TinkError as e: logging.error('Error creating primitive: %s', e) return 1 # Read the message with open(message_filename, 'rb') as message_file: message_data = message_file.read() # Read the signature with open(signature_filename, 'rb') as signature_file: signature_data = signature_file.read() result = b'valid' try: verify_primitive.verify(signature_data, message_data) except tink.TinkError as e: result = b'invalid' logging.error('Error verifiying the message: %s', e) with open(output_filename, 'wb') as output_file: output_file.write(result) logging.info('All done.')
def setUpModule(): signature.register()
def setUpModule(): signature.register() testing_servers.start()
def main(argv): del argv # Unused. # Initialise Tink try: signature.register() except tink.TinkError as e: logging.exception('Error initialising Tink: %s', e) return 1 # Read the keyset into a keyset_handle with open(FLAGS.keyset_path, 'rt') as keyset_file: try: text = keyset_file.read() keyset_handle = cleartext_keyset_handle.read( tink.JsonKeysetReader(text)) except tink.TinkError as e: logging.exception('Error reading key: %s', e) return 1 with open(FLAGS.data_path, 'rb') as data_file: data = data_file.read() if FLAGS.mode == 'sign': # Get the primitive try: cipher = keyset_handle.primitive(signature.PublicKeySign) except tink.TinkError as e: logging.exception('Error creating primitive: %s', e) return 1 # Sign data sig = cipher.sign(data) with open(FLAGS.signature_path, 'wb') as signature_file: signature_file.write(binascii.hexlify(sig)) return 0 # Get the primitive try: cipher = keyset_handle.primitive(signature.PublicKeyVerify) except tink.TinkError as e: logging.exception('Error creating primitive: %s', e) return 1 # Verify data with open(FLAGS.signature_path, 'rb') as signature_file: try: expected_signature = binascii.unhexlify( signature_file.read().strip()) except binascii.Error as e: logging.exception('Error reading expected code: %s', e) return 1 try: cipher.verify(expected_signature, data) logging.info('Signature verification succeeded.') return 0 except binascii.Error as e: logging.exception('Error reading expected signature: %s', e) except tink.TinkError as e: logging.info('Signature verification failed.') return 1
def register(): aead.register() daead.register() hybrid.register() mac.register() signature.register()
def main(argv): if len(argv) != 5: raise app.UsageError( 'Expected 4 arguments, got %d.\n' 'Usage: %s sign/verify keyset-file data-file signature-file' % (len(argv) - 1, argv[0])) mode = argv[1] keyset_filename = argv[2] data_filename = argv[3] signature_filename = argv[4] if mode not in ['sign', 'verify']: logging.error('Incorrect mode. Please select "sign" or "verify".') return 1 # Initialise Tink try: signature.register() except tink.TinkError as e: logging.error('Error initialising Tink: %s', e) return 1 # Read the keyset into a keyset_handle with open(keyset_filename, 'rt') as keyset_file: try: text = keyset_file.read() keyset_handle = cleartext_keyset_handle.read( tink.JsonKeysetReader(text)) except tink.TinkError as e: logging.error('Error reading key: %s', e) return 1 with open(data_filename, 'rb') as data_file: data = data_file.read() if mode == 'sign': # Get the primitive try: cipher = keyset_handle.primitive(signature.PublicKeySign) except tink.TinkError as e: logging.exception('Error creating primitive: %s', e) return 1 # Sign data sig = cipher.sign(data) with open(signature_filename, 'wb') as signature_file: signature_file.write(binascii.hexlify(sig)) return 0 # Get the primitive try: cipher = keyset_handle.primitive(signature.PublicKeyVerify) except tink.TinkError as e: logging.exception('Error creating primitive: %s', e) return 1 # Verify data with open(signature_filename, 'rb') as signature_file: try: expected_signature = binascii.unhexlify( signature_file.read().strip()) except binascii.Error as e: logging.exception('Error reading expected code: %s', e) return 1 try: cipher.verify(expected_signature, data) logging.info('Signature verification succeeded.') return 0 except binascii.Error as e: logging.exception('Error reading expected signature: %s', e) except tink.TinkError as e: logging.info('Signature verification failed.') return 1
def example(): """Sign and verify using digital signatures.""" # Register the signature key managers. This is needed to create # PublicKeySign and PublicKeyVerify primitives later. signature.register() # A private keyset created with # "tinkey create-keyset --key-template=ECDSA_P256 --out private_keyset.cfg". # Note that this keyset has the secret key information in cleartext. private_keyset = r"""{ "key": [{ "keyData": { "keyMaterialType": "ASYMMETRIC_PRIVATE", "typeUrl": "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey", "value": "EkwSBggDEAIYAhogEiSZ9u2nDtvZuDgWgGsVTIZ5/V08N4ycUspTX0RYRrkiIHpEwHxQd1bImkyMvV2bqtUbgMh5uPSTdnUEGrPXdt56GiEA3iUi+CRN71qy0fOCK66xAW/IvFyjOGtxjppRhSFUneo=" }, "keyId": 611814836, "outputPrefixType": "TINK", "status": "ENABLED" }], "primaryKeyId": 611814836 }""" # The corresponding public keyset created with # "tinkey create-public-keyset --in private_keyset.cfg" public_keyset = r"""{ "key": [{ "keyData": { "keyMaterialType": "ASYMMETRIC_PUBLIC", "typeUrl": "type.googleapis.com/google.crypto.tink.EcdsaPublicKey", "value": "EgYIAxACGAIaIBIkmfbtpw7b2bg4FoBrFUyGef1dPDeMnFLKU19EWEa5IiB6RMB8UHdWyJpMjL1dm6rVG4DIebj0k3Z1BBqz13beeg==" }, "keyId": 611814836, "outputPrefixType": "TINK", "status": "ENABLED" }], "primaryKeyId": 611814836 }""" # Create a keyset handle from the cleartext keyset in the previous # step. The keyset handle provides abstract access to the underlying keyset to # limit the exposure of accessing the raw key material. WARNING: In practice # it is unlikely you will want to use a cleartext_keyset_handle, as it implies # that your key material is passed in cleartext which is a security risk. private_keyset_handle = cleartext_keyset_handle.read( tink.JsonKeysetReader(private_keyset)) # Retrieve the PublicKeySign primitive we want to use from the keyset # handle. sign_primitive = private_keyset_handle.primitive(signature.PublicKeySign) # Use the primitive to sign a message. In this case the primary key of the # keyset will be used (which is also the only key in this example). sig = sign_primitive.sign(b'msg') # Create a keyset handle from the keyset containing the public key. Note that # we could have also created `kh_public` directly using # `kh_priv.public_keyset_handle()`. public_keyset_handle = cleartext_keyset_handle.read( tink.JsonKeysetReader(public_keyset)) # Retrieve the PublicKeyVerify primitive we want to use from the keyset # handle. verify_primitive = public_keyset_handle.primitive( signature.PublicKeyVerify) # Use the primitive to verify that `sig` is valid signature for the message. # Verify finds the correct key in the keyset. If no key is found or # verification fails, it raises an error. verify_primitive.verify(sig, b'msg')
def main(argv): if len(argv) not in (4, 5): raise app.UsageError( 'Expected 3 or 4 arguments, got %d.\n Usage: %s sign/verify keyset-file' ' data-file [expected-signature-file]' % (len(argv) - 1, argv[0])) mode = argv[1] keyset_filename = argv[2] data_filename = argv[3] if mode not in ['sign', 'verify']: logging.error('Incorrect mode. Please select "sign" or "verify".') return 1 # Initialise Tink. try: signature.register() except tink.TinkError as e: logging.error('Error initialising Tink: %s', e) return 1 # Read the keyset into a keyset_handle. with open(keyset_filename, 'rt') as keyset_file: try: text = keyset_file.read() keyset_handle = cleartext_keyset_handle.read( tink.JsonKeysetReader(text)) except tink.TinkError as e: logging.error('Error reading key: %s', e) return 1 # Get the primitive. try: if mode == 'sign': cipher = keyset_handle.primitive(signature.PublicKeySign) else: cipher = keyset_handle.primitive(signature.PublicKeyVerify) except tink.TinkError as e: logging.error('Error creating primitive: %s', e) return 1 with open(data_filename, 'rb') as data_file: data = data_file.read() # Compute the signature. if mode == 'sign': if len(argv) != 4: logging.error('Invalid number of parameters for signing.' 'Expected 3 arguments, got %d.\n Usage: %s sign ' 'keyset-file data-file') return 1 code = cipher.sign(data) logging.info('Signature output is %s', binascii.hexlify(code).decode('utf-8')) return 0 if mode == 'verify': if len(argv) != 5: logging.error('Invalid number of parameters for verification.' 'Expected 4 arguments, got %d.\n Usage: %s verify ' 'keyset-file data-file [expected-signature-file]') return 1 expected_code_filename = argv[4] with open(expected_code_filename, 'rb') as expected_code_file: expected_code_hex = expected_code_file.read().strip() logging.info( 'Using keyset from file %s to verify file %s against expected signature on %s', keyset_filename, data_filename, expected_code_hex.decode('utf-8')) try: expected_signature = binascii.unhexlify(expected_code_hex) except binascii.Error as e: logging.error('Error reading expected signature: %s', e) return 1 try: cipher.verify(expected_signature, data) logging.info('Signature outputs matched. Success!') return 0 except tink.TinkError as e: logging.info('Signature outputs did not match!') return 1