def test_decrypt_wrong_associated_data_fails(self):
primitive, key = self.new_primitive_key_pair(1234, tink_pb2.TINK)
pset = primitive_set.new_primitive_set(aead.Aead)
entry = pset.add_primitive(primitive, key)
pset.set_primary(entry)
wrapped_aead = aead_wrapper.AeadWrapper().wrap(pset)
ciphertext = wrapped_aead.encrypt(b'plaintext', b'associated_data')
with self.assertRaisesRegex(tink_error.TinkError, 'Decryption failed'):
wrapped_aead.decrypt(ciphertext, b'wrong_associated_data')
def test_encrypt_decrypt(self):
primitive, key = self.new_primitive_key_pair(1234, tink_pb2.TINK)
pset = primitive_set.new_primitive_set(aead.Aead)
entry = pset.add_primitive(primitive, key)
pset.set_primary(entry)
wrapped_aead = aead_wrapper.AeadWrapper().wrap(pset)
plaintext = b'plaintext'
associated_data = b'associated_data'
ciphertext = wrapped_aead.encrypt(plaintext, associated_data)
self.assertEqual(
wrapped_aead.decrypt(ciphertext, associated_data), plaintext)
def test_decrypt_unknown_ciphertext_fails(self):
unknown_primitive = helper.FakeAead('unknownFakeAead')
unknown_ciphertext = unknown_primitive.encrypt(b'plaintext',
b'associated_data')
pset = primitive_set.new_primitive_set(aead.Aead)
primitive, raw_key = self.new_primitive_key_pair(1234, tink_pb2.RAW)
new_primitive, new_key = self.new_primitive_key_pair(5678, tink_pb2.TINK)
pset.add_primitive(primitive, raw_key)
new_entry = pset.add_primitive(new_primitive, new_key)
pset.set_primary(new_entry)
wrapped_aead = aead_wrapper.AeadWrapper().wrap(pset)
with self.assertRaisesRegex(tink_error.TinkError, 'Decryption failed'):
wrapped_aead.decrypt(unknown_ciphertext, b'associated_data')
def test_encrypt_decrypt_with_key_rotation_from_raw(self):
primitive, raw_key = self.new_primitive_key_pair(1234, tink_pb2.RAW)
old_raw_ciphertext = primitive.encrypt(b'plaintext', b'associated_data')
pset = primitive_set.new_primitive_set(aead.Aead)
pset.add_primitive(primitive, raw_key)
new_primitive, new_key = self.new_primitive_key_pair(5678, tink_pb2.TINK)
new_entry = pset.add_primitive(new_primitive, new_key)
pset.set_primary(new_entry)
wrapped_aead = aead_wrapper.AeadWrapper().wrap(pset)
new_ciphertext = wrapped_aead.encrypt(b'new_plaintext',
b'new_associated_data')
self.assertEqual(
wrapped_aead.decrypt(old_raw_ciphertext, b'associated_data'),
b'plaintext')
self.assertEqual(
wrapped_aead.decrypt(new_ciphertext, b'new_associated_data'),
b'new_plaintext')
def test_encrypt_decrypt_two_raw_keys(self):
primitive1, raw_key1 = self.new_primitive_key_pair(1234, tink_pb2.RAW)
primitive2, raw_key2 = self.new_primitive_key_pair(5678, tink_pb2.RAW)
raw_ciphertext1 = primitive1.encrypt(b'plaintext1', b'associated_data1')
raw_ciphertext2 = primitive2.encrypt(b'plaintext2', b'associated_data2')
pset = primitive_set.new_primitive_set(aead.Aead)
pset.add_primitive(primitive1, raw_key1)
pset.set_primary(
pset.add_primitive(primitive2, raw_key2))
wrapped_aead = aead_wrapper.AeadWrapper().wrap(pset)
self.assertEqual(
wrapped_aead.decrypt(raw_ciphertext1, b'associated_data1'),
b'plaintext1')
self.assertEqual(
wrapped_aead.decrypt(raw_ciphertext2, b'associated_data2'),
b'plaintext2')
self.assertEqual(
wrapped_aead.decrypt(
wrapped_aead.encrypt(b'plaintext', b'associated_data'),
b'associated_data'),
b'plaintext')