def test_encrypt_decrypt(self): key_template = aead_key_templates.AES256_GCM keyset_handle = core.KeysetHandle.generate_new(key_template) remote_aead = keyset_handle.primitive(aead.Aead) env_aead = kms_envelope_aead.KmsEnvelopeAead(key_template, remote_aead) plaintext = b'helloworld' ciphertext = env_aead.encrypt(plaintext, b'') self.assertEqual(plaintext, env_aead.decrypt(ciphertext, b''))
def test_encrypt_decrypt_missing_ad(self): key_template = aead_key_templates.AES256_GCM keyset_handle = core.KeysetHandle.generate_new(key_template) remote_aead = keyset_handle.primitive(aead.Aead) env_aead = kms_envelope_aead.KmsEnvelopeAead(key_template, remote_aead) plaintext = b'helloworld' ciphertext = env_aead.encrypt(plaintext, b'envelope_ad') with self.assertRaises(tink_error.TinkError): plaintext = env_aead.decrypt(ciphertext, b'')
def test_corrupted_dek(self): key_template = aead_key_templates.AES256_GCM keyset_handle = core.KeysetHandle.generate_new(key_template) remote_aead = keyset_handle.primitive(aead.Aead) env_aead = kms_envelope_aead.KmsEnvelopeAead(key_template, remote_aead) plaintext = b'helloworld' ciphertext = bytearray(env_aead.encrypt(plaintext, b'some ad')) ciphertext[4] ^= 0x1 corrupted_ciphertext = bytes(ciphertext) with self.assertRaises(tink_error.TinkError): plaintext = env_aead.decrypt(corrupted_ciphertext, b'some ad')
def test_malformed_dek_length(self): key_template = aead.aead_key_templates.AES256_GCM keyset_handle = tink.new_keyset_handle(key_template) remote_aead = keyset_handle.primitive(aead.Aead) env_aead = kms_envelope_aead.KmsEnvelopeAead(key_template, remote_aead) plaintext = b'helloworld' ciphertext = bytearray(env_aead.encrypt(plaintext, b'some ad')) ciphertext[0:3] = [0xff, 0xff, 0xff, 0xff] corrupted_ciphertext = bytes(ciphertext) with self.assertRaises(core.TinkError): plaintext = env_aead.decrypt(corrupted_ciphertext, b'some ad') ciphertext[0:3] = [0, 0, 0, 0] corrupted_ciphertext = bytes(ciphertext) with self.assertRaises(core.TinkError): plaintext = env_aead.decrypt(corrupted_ciphertext, b'some ad')
def test_dek_extraction(self): key_template = aead.aead_key_templates.AES256_GCM keyset_handle = tink.new_keyset_handle(key_template) remote_aead = keyset_handle.primitive(aead.Aead) env_aead = kms_envelope_aead.KmsEnvelopeAead(key_template, remote_aead) plaintext = b'helloworld' ciphertext = bytearray(env_aead.encrypt(plaintext, b'some ad')) # Decrypt DEK dek_len = struct.unpack('>I', ciphertext[0:kms_envelope_aead.DEK_LEN_BYTES])[0] encrypted_dek_bytes = bytes(ciphertext[ kms_envelope_aead.DEK_LEN_BYTES:kms_envelope_aead.DEK_LEN_BYTES + dek_len]) dek_bytes = remote_aead.decrypt(encrypted_dek_bytes, b'') # Try to deserialize key key = aes_gcm_pb2.AesGcmKey() key.ParseFromString(dek_bytes) self.assertLen(key.key_value, 32)