def test_new_key_data_no_new_key_allowed(self):
self.reg.register_key_manager(DummyKeyManager('dummy_type_url'),
new_key_allowed=False)
key_template = tink_pb2.KeyTemplate(type_url='dummy_type_url')
with self.assertRaisesRegex(core.TinkError,
'does not allow for creation of new keys'):
self.reg.new_key_data(key_template)
def new_aes_siv_key_template(self, key_size):
key_format = aes_siv_pb2.AesSivKeyFormat()
key_format.key_size = key_size
key_template = tink_pb2.KeyTemplate()
key_template.type_url = 'type.googleapis.com/google.crypto.tink.AesSivKey'
key_template.value = key_format.SerializeToString()
return key_template.SerializeToString()
def test_new_key_data_wrong_type_url(self):
self.reg.register_key_manager(DummyKeyManager('dummy_type_url'))
unknown_key_template = tink_pb2.KeyTemplate(
type_url='unknown_type_url')
with self.assertRaisesRegex(core.TinkError,
'No manager for type unknown_type_url'):
self.reg.new_key_data(unknown_key_template)
def new_aes_eax_key_template(self, iv_size, key_size):
key_format = aes_eax_pb2.AesEaxKeyFormat()
key_format.params.iv_size = iv_size
key_format.key_size = key_size
key_template = tink_pb2.KeyTemplate()
key_template.type_url = (
'type.googleapis.com/google.crypto.tink.AesEaxKey')
key_template.value = key_format.SerializeToString()
return key_template
def new_hmac_key_template(self, hash_type, tag_size, key_size):
key_format = hmac_pb2.HmacKeyFormat()
key_format.params.hash = hash_type
key_format.params.tag_size = tag_size
key_format.key_size = key_size
key_template = tink_pb2.KeyTemplate()
key_template.type_url = 'type.googleapis.com/google.crypto.tink.HmacKey'
key_template.value = key_format.SerializeToString()
return key_template.SerializeToString()
def create_aes_siv_key_template(key_size: int) -> tink_pb2.KeyTemplate:
"""Creates an AES EAX KeyTemplate, and fills in its values."""
key_format = aes_siv_pb2.AesSivKeyFormat()
key_format.key_size = key_size
key_template = tink_pb2.KeyTemplate()
key_template.type_url = _AES_SIV_KEY_TYPE_URL
key_template.output_prefix_type = tink_pb2.TINK
key_template.value = key_format.SerializeToString()
return key_template
def new_ecdsa_key_template(hash_type, curve_type, encoding):
key_format = ecdsa_pb2.EcdsaKeyFormat()
key_format.params.hash_type = hash_type
key_format.params.curve = curve_type
key_format.params.encoding = encoding
key_template = tink_pb2.KeyTemplate()
key_template.type_url = (
'type.googleapis.com/google.crypto.tink.EcdsaPrivateKey')
key_template.value = key_format.SerializeToString()
return key_template
def test_new_key_data_on_public_key_manager_fails(self):
key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat()
key_template = tink_pb2.KeyTemplate()
key_template.type_url = (
'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey')
key_template.value = key_format.SerializeToString()
key_template.output_prefix_type = tink_pb2.TINK
with self.assertRaisesRegex(
tink_error.TinkError,
'Creating new keys is not supported for this key manager'):
key_manager = _hybrid_encrypt_key_manager()
key_manager.new_key_data(key_template)
def create_hmac_key_template(
key_size: int, tag_size: int,
hash_type: common_pb2.HashType) -> tink_pb2.KeyTemplate:
"""Creates a HMAC KeyTemplate, and fills in its values."""
key_format = hmac_pb2.HmacKeyFormat()
key_format.params.hash = hash_type
key_format.params.tag_size = tag_size
key_format.key_size = key_size
key_template = tink_pb2.KeyTemplate()
key_template.value = key_format.SerializeToString()
key_template.type_url = 'type.googleapis.com/google.crypto.tink.HmacKey'
key_template.output_prefix_type = tink_pb2.TINK
return key_template
def create_ecdsa_key_template(
hash_type: common_pb2.HashType, curve: common_pb2.EllipticCurveType,
encoding: ecdsa_pb2.EcdsaSignatureEncoding) -> tink_pb2.KeyTemplate:
"""Creates a KeyTemplate containing an EcdsaKeyFormat."""
params = ecdsa_pb2.EcdsaParams(hash_type=hash_type,
curve=curve,
encoding=encoding)
key_format = ecdsa_pb2.EcdsaKeyFormat(params=params)
key_template = tink_pb2.KeyTemplate(value=key_format.SerializeToString(),
type_url=_ECDSA_KEY_TYPE_URL,
output_prefix_type=tink_pb2.TINK)
return key_template
def new_ecdsa_key_template(hash_type, curve_type, encoding, public=True):
params = ecdsa_pb2.EcdsaParams(hash_type=hash_type,
curve=curve_type,
encoding=encoding)
key_format = ecdsa_pb2.EcdsaKeyFormat(params=params)
key_template = tink_pb2.KeyTemplate()
if public:
append = 'EcdsaPublicKey'
else:
append = 'EcdsaPrivateKey'
key_template.type_url = 'type.googleapis.com/google.crypto.tink.' + append
key_template.value = key_format.SerializeToString()
return key_template
def create_rsa_ssa_pkcs1_key_template(
hash_type: common_pb2.HashType, modulus_size: int,
public_exponent: int) -> tink_pb2.KeyTemplate:
"""Creates a KeyTemplate containing an RsaSsaPkcs1KeyFormat."""
params = rsa_ssa_pkcs1_pb2.RsaSsaPkcs1Params(hash_type=hash_type)
key_format = rsa_ssa_pkcs1_pb2.RsaSsaPkcs1KeyFormat(
params=params,
modulus_size_in_bits=modulus_size,
public_exponent=_num_to_bytes(public_exponent))
key_template = tink_pb2.KeyTemplate(value=key_format.SerializeToString(),
type_url=_RSA_PKCS1_KEY_TYPE_URL,
output_prefix_type=tink_pb2.TINK)
return key_template
def create_aes_ctr_hmac_aead_key_template(
aes_key_size: int, iv_size: int, hmac_key_size: int, tag_size: int,
hash_type: common_pb2.HashType) -> tink_pb2.KeyTemplate:
"""Creates an AES CTR HMAC AEAD KeyTemplate, and fills in its values."""
key_format = aes_ctr_hmac_aead_pb2.AesCtrHmacAeadKeyFormat()
key_format.aes_ctr_key_format.params.iv_size = iv_size
key_format.aes_ctr_key_format.key_size = aes_key_size
key_format.hmac_key_format.params.hash = hash_type
key_format.hmac_key_format.params.tag_size = tag_size
key_format.hmac_key_format.key_size = hmac_key_size
key_template = tink_pb2.KeyTemplate()
key_template.value = key_format.SerializeToString()
key_template.type_url = _AES_CTR_HMAC_AEAD_KEY_TYPE_URL
key_template.output_prefix_type = tink_pb2.TINK
return key_template
def create_aes_gcm_hkdf_streaming_key_template(
aes_key_size: int, hash_type: common_pb2.HashType,
derived_key_size: int,
ciphertext_segment_size: int) -> tink_pb2.KeyTemplate:
"""Creates an AES GCM HKDF Streaming KeyTemplate, and fills in its values."""
key_format = aes_gcm_hkdf_streaming_pb2.AesGcmHkdfStreamingKeyFormat()
key_format.key_size = aes_key_size
key_format.params.hkdf_hash_type = hash_type
key_format.params.derived_key_size = derived_key_size
key_format.params.ciphertext_segment_size = ciphertext_segment_size
key_template = tink_pb2.KeyTemplate()
key_template.value = key_format.SerializeToString()
key_template.type_url = _AES_GCM_HKDF_STREAMING_KEY_TYPE_URL
key_template.output_prefix_type = tink_pb2.RAW
return key_template
def create_rsa_ssa_pss_key_template(
sig_hash: common_pb2.HashType, mgf1_hash: common_pb2.HashType,
salt_length: int, modulus_size: int,
public_exponent: int) -> tink_pb2.KeyTemplate:
"""Creates a KeyTemplate containing an RsaSsaPssKeyFormat."""
params = rsa_ssa_pss_pb2.RsaSsaPssParams(sig_hash=sig_hash,
mgf1_hash=mgf1_hash,
salt_length=salt_length)
key_format = rsa_ssa_pss_pb2.RsaSsaPssKeyFormat(
params=params,
modulus_size_in_bits=modulus_size,
public_exponent=_num_to_bytes(public_exponent))
key_template = tink_pb2.KeyTemplate(value=key_format.SerializeToString(),
type_url=_RSA_PSS_KEY_TYPE_URL,
output_prefix_type=tink_pb2.TINK)
return key_template
def create_ecies_aead_hkdf_key_template(
curve_type: common_pb2.EllipticCurveType,
ec_point_format: common_pb2.EcPointFormat,
hash_type: common_pb2.HashType,
dem_key_template: tink_pb2.KeyTemplate) -> tink_pb2.KeyTemplate:
"""Creates a HMAC KeyTemplate, and fills in its values."""
key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat()
key_format.params.kem_params.curve_type = curve_type
key_format.params.kem_params.hkdf_hash_type = hash_type
key_format.params.dem_params.aead_dem.CopyFrom(dem_key_template)
key_format.params.ec_point_format = ec_point_format
key_template = tink_pb2.KeyTemplate()
key_template.type_url = (
'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey')
key_template.value = key_format.SerializeToString()
key_template.output_prefix_type = tink_pb2.TINK
return key_template
def create_aes_ctr_hmac_streaming_key_template(
aes_key_size: int, hkdf_hash_type: common_pb2.HashType,
derived_key_size: int, mac_hash_type: common_pb2.HashType,
tag_size: int, ciphertext_segment_size: int) -> tink_pb2.KeyTemplate:
"""Creates an AES CTR HMAC Streaming KeyTemplate, and fills in its values."""
key_format = aes_ctr_hmac_streaming_pb2.AesCtrHmacStreamingKeyFormat()
key_format.key_size = aes_key_size
key_format.params.ciphertext_segment_size = ciphertext_segment_size
key_format.params.derived_key_size = derived_key_size
key_format.params.hkdf_hash_type = hkdf_hash_type
key_format.params.hmac_params.hash = mac_hash_type
key_format.params.hmac_params.tag_size = tag_size
key_template = tink_pb2.KeyTemplate()
key_template.value = key_format.SerializeToString()
key_template.type_url = _AES_CTR_HMAC_STREAMING_KEY_TYPE_URL
key_template.output_prefix_type = tink_pb2.RAW
return key_template
def test_new_key_data_success(self):
self.reg.register_key_manager(DummyKeyManager('dummy_type_url'))
key_template = tink_pb2.KeyTemplate(type_url='dummy_type_url')
key_data = self.reg.new_key_data(key_template)
self.assertEqual(key_data.type_url, 'dummy_type_url')
key_format.aes_ctr_key_format.key_size = aes_key_size
key_format.hmac_key_format.params.hash = hash_type
key_format.hmac_key_format.params.tag_size = tag_size
key_format.hmac_key_format.key_size = hmac_key_size
key_template = tink_pb2.KeyTemplate()
key_template.value = key_format.SerializeToString()
key_template.type_url = _AES_CTR_HMAC_AEAD_KEY_TYPE_URL
key_template.output_prefix_type = tink_pb2.TINK
return key_template
AES128_EAX = create_aes_eax_key_template(key_size=16, iv_size=16)
AES256_EAX = create_aes_eax_key_template(key_size=32, iv_size=16)
AES128_GCM = create_aes_gcm_key_template(key_size=16)
AES256_GCM = create_aes_gcm_key_template(key_size=32)
AES128_CTR_HMAC_SHA256 = create_aes_ctr_hmac_aead_key_template(
aes_key_size=16,
iv_size=16,
hmac_key_size=32,
tag_size=16,
hash_type=common_pb2.SHA256)
AES256_CTR_HMAC_SHA256 = create_aes_ctr_hmac_aead_key_template(
aes_key_size=32,
iv_size=16,
hmac_key_size=32,
tag_size=32,
hash_type=common_pb2.SHA256)
XCHACHA20_POLY1305 = tink_pb2.KeyTemplate(
type_url=_XCHACHA20_POLY1305_KEY_TYPE_URL,
output_prefix_type=tink_pb2.TINK)
ECDSA_P256 = create_ecdsa_key_template(common_pb2.SHA256, common_pb2.NIST_P256,
ecdsa_pb2.DER)
ECDSA_P384 = create_ecdsa_key_template(common_pb2.SHA512, common_pb2.NIST_P384,
ecdsa_pb2.DER)
ECDSA_P521 = create_ecdsa_key_template(common_pb2.SHA512, common_pb2.NIST_P521,
ecdsa_pb2.DER)
ECDSA_P256_IEEE_P1363 = create_ecdsa_key_template(common_pb2.SHA256,
common_pb2.NIST_P256,
ecdsa_pb2.IEEE_P1363)
ECDSA_P384_IEEE_P1363 = create_ecdsa_key_template(common_pb2.SHA512,
common_pb2.NIST_P384,
ecdsa_pb2.IEEE_P1363)
ECDSA_P521_IEEE_P1363 = create_ecdsa_key_template(common_pb2.SHA512,
common_pb2.NIST_P521,
ecdsa_pb2.IEEE_P1363)
ED25519 = tink_pb2.KeyTemplate(type_url=_ED25519_KEY_TYPE_URL,
output_prefix_type=tink_pb2.TINK)
RSA_SSA_PKCS1_3072_SHA256_F4 = create_rsa_ssa_pkcs1_key_template(
common_pb2.SHA256, 3072, _RSA_F4)
RSA_SSA_PKCS1_4096_SHA512_F4 = create_rsa_ssa_pkcs1_key_template(
common_pb2.SHA512, 4096, _RSA_F4)
RSA_SSA_PSS_3072_SHA256_SHA256_32_F4 = create_rsa_ssa_pss_key_template(
common_pb2.SHA256, common_pb2.SHA256, 32, 3072, _RSA_F4)
RSA_SSA_PSS_4096_SHA512_SHA512_64_F4 = create_rsa_ssa_pss_key_template(
common_pb2.SHA512, common_pb2.SHA512, 64, 4096, _RSA_F4)
