def mac_key_templates() -> Iterable[Tuple[Text, tink_pb2.KeyTemplate]]: """Yields (mac_key_template_name, mac_key_template) tuples.""" for key_type in supported_key_types.MAC_KEY_TYPES: for name in supported_key_types.KEY_TEMPLATE_NAMES[key_type]: template = supported_key_types.KEY_TEMPLATE[name] yield (name, template) yield (name + '-raw', keyset_builder.raw_template(template)) yield (name + '-legacy', keyset_builder.legacy_template(template))
def test_legacy_template(self): template = aead.aead_key_templates.AES128_GCM legacy_template = keyset_builder.legacy_template(template) self.assertEqual(legacy_template.output_prefix_type, tink_pb2.LEGACY) self.assertEqual(legacy_template.type_url, template.type_url) self.assertEqual(legacy_template.value, template.value) # check that generating legacy_template did not change template. self.assertNotEqual(template.output_prefix_type, tink_pb2.LEGACY)
def test_legacy_key_fails(self): template = keyset_builder.legacy_template(jwt.raw_jwt_hs256_template()) builder = keyset_builder.new_keyset_builder() key_id = builder.add_new_key(template) builder.set_primary_key(key_id) handle = builder.keyset_handle() with self.assertRaises(tink.TinkError): handle.primitive(jwt.JwtMac)
def test_legacy_template_fails(self): template = keyset_builder.legacy_template(jwt.jwt_es256_template()) builder = keyset_builder.new_keyset_builder() key_id = builder.add_new_key(template) builder.set_primary_key(key_id) handle = builder.keyset_handle() with self.assertRaises(tink.TinkError): handle.primitive(jwt.JwtPublicKeySign) with self.assertRaises(tink.TinkError): handle.public_keyset_handle().primitive(jwt.JwtPublicKeyVerify)
import tink from tink import signature from tink.proto import tink_pb2 from tink.testing import keyset_builder from util import supported_key_types from util import testing_servers SUPPORTED_LANGUAGES = ( testing_servers.SUPPORTED_LANGUAGES_BY_PRIMITIVE['signature']) TEMPLATE = signature.signature_key_templates.ECDSA_P256 KEY_ROTATION_TEMPLATES = [ TEMPLATE, keyset_builder.raw_template(TEMPLATE), keyset_builder.legacy_template(TEMPLATE) ] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for enc_lang in SUPPORTED_LANGUAGES: for dec_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl) def setUpModule(): signature.register() testing_servers.start('signature')
msg= 'Language %s supports signature sign with %s unexpectedly' % (signer.lang, key_template_name)): _ = signer.sign(message) # If the implementations work fine for keysets with single keys, then key # rotation should work if the primitive wrapper is implemented correctly. # The wrapper does not depend on the key type, so it should be fine to always # test with the same key type. The wrapper needs to treat keys with output # prefix RAW and LEGACY differently, so we also test templates with these # prefixes. KEY_ROTATION_TEMPLATES = [ signature.signature_key_templates.ECDSA_P256, keyset_builder.raw_template(signature.signature_key_templates.ECDSA_P256), keyset_builder.legacy_template( signature.signature_key_templates.ECDSA_P256) ] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for enc_lang in SUPPORTED_LANGUAGES: for dec_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl) class SignatureKeyRotationTest(parameterized.TestCase): @parameterized.parameters(key_rotation_test_cases()) def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Tests for tink.python.tink.public_key_sign_wrapper.""" from absl.testing import absltest from absl.testing import parameterized import tink from tink import signature from tink.testing import keyset_builder TEMPLATE = signature.signature_key_templates.ECDSA_P256 LEGACY_TEMPLATE = keyset_builder.legacy_template(TEMPLATE) RAW_TEMPLATE = keyset_builder.raw_template(TEMPLATE) def setUpModule(): signature.register() class SignatureWrapperTest(parameterized.TestCase): @parameterized.parameters([TEMPLATE, LEGACY_TEMPLATE, RAW_TEMPLATE]) def test_sign_verify(self, template): private_handle = tink.new_keyset_handle(template) public_handle = private_handle.public_keyset_handle() sign_primitive = private_handle.primitive(signature.PublicKeySign) verify_primitive = public_handle.primitive(signature.PublicKeyVerify)
tink.TinkError, msg='Language %s supports compute_mac with %s unexpectedly' % (p.lang, key_template_name)): p.compute_mac(data) # If the implementations work fine for keysets with single keys, then key # rotation should work if the primitive wrapper is implemented correctly. # These wrappers do not depend on the key type, so it should be fine to always # test with the same key type. The wrapper needs to treat keys with output # prefix RAW and LEGACY differently, so we also test templates with these # prefixes. KEY_ROTATION_TEMPLATES = [ mac.mac_key_templates.HMAC_SHA512_512BITTAG, keyset_builder.raw_template(mac.mac_key_templates.HMAC_SHA512_512BITTAG), keyset_builder.legacy_template(mac.mac_key_templates.HMAC_SHA512_512BITTAG) ] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for compute_lang in SUPPORTED_LANGUAGES: for verify_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (compute_lang, verify_lang, old_key_tmpl, new_key_tmpl) class MacKeyRotationTest(parameterized.TestCase): @parameterized.parameters(key_rotation_test_cases())
def tearDownModule(): testing_servers.stop() # maps from key_template_name to (key_template, key_type) _ADDITIONAL_KEY_TEMPLATES = { # We additionally test a RAW and a LEGACY template, because LEGACY keys # require tags with a special format, and RAW don't. # We test one key template for each, because this is handled by the # primitive wrapper which is independent of the particular key template # used. 'HMAC_SHA256_128BITTAG_RAW': (keyset_builder.raw_template(mac.mac_key_templates.HMAC_SHA256_128BITTAG), 'HmacKey'), 'HMAC_SHA256_128BITTAG_LEGACY': (keyset_builder.legacy_template( mac.mac_key_templates.HMAC_SHA256_128BITTAG), 'HmacKey') } def mac_key_template_names() -> Iterable[str]: for key_type in supported_key_types.MAC_KEY_TYPES: for key_template_name in supported_key_types.KEY_TEMPLATE_NAMES[ key_type]: yield key_template_name for key_template_name in _ADDITIONAL_KEY_TEMPLATES: yield key_template_name class MacTest(parameterized.TestCase): @parameterized.parameters(mac_key_template_names()) def test_compute_verify_mac(self, key_template_name):