def test_sign_verify_with_key_rotation(self, old_template, new_template):
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_template)
builder.set_primary_key(older_key_id)
private_handle1 = builder.keyset_handle()
sign1 = private_handle1.primitive(signature.PublicKeySign)
verify1 = private_handle1.public_keyset_handle().primitive(
signature.PublicKeyVerify)
newer_key_id = builder.add_new_key(new_template)
private_handle2 = builder.keyset_handle()
sign2 = private_handle2.primitive(signature.PublicKeySign)
verify2 = private_handle2.public_keyset_handle().primitive(
signature.PublicKeyVerify)
builder.set_primary_key(newer_key_id)
private_handle3 = builder.keyset_handle()
sign3 = private_handle3.primitive(signature.PublicKeySign)
verify3 = private_handle3.public_keyset_handle().primitive(
signature.PublicKeyVerify)
builder.disable_key(older_key_id)
private_handle4 = builder.keyset_handle()
sign4 = private_handle4.primitive(signature.PublicKeySign)
verify4 = private_handle4.public_keyset_handle().primitive(
signature.PublicKeyVerify)
self.assertNotEqual(older_key_id, newer_key_id)
# 1 signs with the older key. So 1, 2 and 3 can verify it, but not 4.
data_signature1 = sign1.sign(b'data')
verify1.verify(data_signature1, b'data')
verify2.verify(data_signature1, b'data')
verify3.verify(data_signature1, b'data')
with self.assertRaises(tink.TinkError):
verify4.verify(data_signature1, b'data')
# 2 signs with the older key. So 1, 2 and 3 can verify it, but not 4.
data_signature2 = sign2.sign(b'data')
verify1.verify(data_signature2, b'data')
verify2.verify(data_signature2, b'data')
verify3.verify(data_signature2, b'data')
with self.assertRaises(tink.TinkError):
verify4.verify(data_signature2, b'data')
# 3 signs with the newer key. So 2, 3 and 4 can verify it, but not 1.
data_signature3 = sign3.sign(b'data')
with self.assertRaises(tink.TinkError):
verify1.verify(data_signature3, b'data')
verify2.verify(data_signature3, b'data')
verify3.verify(data_signature3, b'data')
verify4.verify(data_signature3, b'data')
# 4 signs with the newer key. So 2, 3 and 4 can verify it, but not 1.
data_signature4 = sign4.sign(b'data')
with self.assertRaises(tink.TinkError):
verify1.verify(data_signature4, b'data')
verify2.verify(data_signature4, b'data')
verify3.verify(data_signature4, b'data')
verify4.verify(data_signature4, b'data')
def test_legacy_key_fails(self):
template = keyset_builder.legacy_template(jwt.raw_jwt_hs256_template())
builder = keyset_builder.new_keyset_builder()
key_id = builder.add_new_key(template)
builder.set_primary_key(key_id)
handle = builder.keyset_handle()
with self.assertRaises(tink.TinkError):
handle.primitive(jwt.JwtMac)
def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl,
new_key_tmpl):
# Do a key rotation from an old key generated from old_key_tmpl to a new
# key generated from new_key_tmpl. Encryption and decryption are done
# in languages enc_lang and dec_lang.
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_key_tmpl)
builder.set_primary_key(older_key_id)
sign1 = testing_servers.public_key_sign(enc_lang, builder.keyset())
verify1 = testing_servers.public_key_verify(dec_lang,
builder.public_keyset())
newer_key_id = builder.add_new_key(new_key_tmpl)
sign2 = testing_servers.public_key_sign(enc_lang, builder.keyset())
verify2 = testing_servers.public_key_verify(dec_lang,
builder.public_keyset())
builder.set_primary_key(newer_key_id)
sign3 = testing_servers.public_key_sign(enc_lang, builder.keyset())
verify3 = testing_servers.public_key_verify(dec_lang,
builder.public_keyset())
builder.disable_key(older_key_id)
sign4 = testing_servers.public_key_sign(enc_lang, builder.keyset())
verify4 = testing_servers.public_key_verify(dec_lang,
builder.public_keyset())
self.assertNotEqual(older_key_id, newer_key_id)
# 1 signs with the older key. So 1, 2 and 3 can verify it, but not 4.
data_signature1 = sign1.sign(b'data')
verify1.verify(data_signature1, b'data')
verify2.verify(data_signature1, b'data')
verify3.verify(data_signature1, b'data')
with self.assertRaises(tink.TinkError):
verify4.verify(data_signature1, b'data')
# 2 signs with the older key. So 1, 2 and 3 can verify it, but not 4.
data_signature2 = sign2.sign(b'data')
verify1.verify(data_signature2, b'data')
verify2.verify(data_signature2, b'data')
verify3.verify(data_signature2, b'data')
with self.assertRaises(tink.TinkError):
verify4.verify(data_signature2, b'data')
# 3 signs with the newer key. So 2, 3 and 4 can verify it, but not 1.
data_signature3 = sign3.sign(b'data')
with self.assertRaises(tink.TinkError):
verify1.verify(data_signature3, b'data')
verify2.verify(data_signature3, b'data')
verify3.verify(data_signature3, b'data')
verify4.verify(data_signature3, b'data')
# 4 signs with the newer key. So 2, 3 and 4 can verify it, but not 1.
data_signature4 = sign4.sign(b'data')
with self.assertRaises(tink.TinkError):
verify1.verify(data_signature4, b'data')
verify2.verify(data_signature4, b'data')
verify3.verify(data_signature4, b'data')
verify4.verify(data_signature4, b'data')
def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl, new_key_tmpl):
# Do a key rotation from an old key generated from old_key_tmpl to a new
# key generated from new_key_tmpl. Encryption and decryption are done
# in languages enc_lang and dec_lang.
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_key_tmpl)
builder.set_primary_key(older_key_id)
dec1 = testing_servers.hybrid_decrypt(enc_lang, builder.keyset())
enc1 = testing_servers.hybrid_encrypt(dec_lang, builder.public_keyset())
newer_key_id = builder.add_new_key(new_key_tmpl)
dec2 = testing_servers.hybrid_decrypt(enc_lang, builder.keyset())
enc2 = testing_servers.hybrid_encrypt(dec_lang, builder.public_keyset())
builder.set_primary_key(newer_key_id)
dec3 = testing_servers.hybrid_decrypt(enc_lang, builder.keyset())
enc3 = testing_servers.hybrid_encrypt(dec_lang, builder.public_keyset())
builder.disable_key(older_key_id)
dec4 = testing_servers.hybrid_decrypt(enc_lang, builder.keyset())
enc4 = testing_servers.hybrid_encrypt(dec_lang, builder.public_keyset())
self.assertNotEqual(older_key_id, newer_key_id)
# p1 encrypts with the older key. So p1, p2 and p3 can decrypt it,
# but not p4.
ciphertext1 = enc1.encrypt(b'plaintext', b'context')
self.assertEqual(dec1.decrypt(ciphertext1, b'context'), b'plaintext')
self.assertEqual(dec2.decrypt(ciphertext1, b'context'), b'plaintext')
self.assertEqual(dec3.decrypt(ciphertext1, b'context'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = dec4.decrypt(ciphertext1, b'context')
# p2 encrypts with the older key. So p1, p2 and p3 can decrypt it,
# but not p4.
ciphertext2 = enc2.encrypt(b'plaintext', b'context')
self.assertEqual(dec1.decrypt(ciphertext2, b'context'), b'plaintext')
self.assertEqual(dec2.decrypt(ciphertext2, b'context'), b'plaintext')
self.assertEqual(dec3.decrypt(ciphertext2, b'context'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = dec4.decrypt(ciphertext2, b'context')
# p3 encrypts with the newer key. So p2, p3 and p4 can decrypt it,
# but not p1.
ciphertext3 = enc3.encrypt(b'plaintext', b'context')
with self.assertRaises(tink.TinkError):
_ = dec1.decrypt(ciphertext3, b'context')
self.assertEqual(dec2.decrypt(ciphertext3, b'context'), b'plaintext')
self.assertEqual(dec3.decrypt(ciphertext3, b'context'), b'plaintext')
self.assertEqual(dec4.decrypt(ciphertext3, b'context'), b'plaintext')
# p4 encrypts with the newer key. So p2, p3 and p4 can decrypt it,
# but not p1.
ciphertext4 = enc4.encrypt(b'plaintext', b'context')
with self.assertRaises(tink.TinkError):
_ = dec1.decrypt(ciphertext4, b'context')
self.assertEqual(dec2.decrypt(ciphertext4, b'context'), b'plaintext')
self.assertEqual(dec3.decrypt(ciphertext4, b'context'), b'plaintext')
self.assertEqual(dec4.decrypt(ciphertext4, b'context'), b'plaintext')
def test_legacy_key_fails(self):
template = _create_jwt_hmac_template(jwt_hmac_pb2.HS256, 32,
tink_pb2.LEGACY)
builder = keyset_builder.new_keyset_builder()
key_id = builder.add_new_key(template)
builder.set_primary_key(key_id)
handle = builder.keyset_handle()
with self.assertRaises(tink.TinkError):
handle.primitive(jwt.JwtMac)
def test_legacy_template_fails(self):
template = keyset_builder.legacy_template(jwt.jwt_es256_template())
builder = keyset_builder.new_keyset_builder()
key_id = builder.add_new_key(template)
builder.set_primary_key(key_id)
handle = builder.keyset_handle()
with self.assertRaises(tink.TinkError):
handle.primitive(jwt.JwtPublicKeySign)
with self.assertRaises(tink.TinkError):
handle.public_keyset_handle().primitive(jwt.JwtPublicKeyVerify)
def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl,
new_key_tmpl):
# Do a key rotation from an old key generated from old_key_tmpl to a new
# key generated from new_key_tmpl. Encryption and decryption are done
# in languages enc_lang and dec_lang.
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_key_tmpl)
builder.set_primary_key(older_key_id)
enc_aead1 = testing_servers.aead(enc_lang, builder.keyset())
dec_aead1 = testing_servers.aead(dec_lang, builder.keyset())
newer_key_id = builder.add_new_key(new_key_tmpl)
enc_aead2 = testing_servers.aead(enc_lang, builder.keyset())
dec_aead2 = testing_servers.aead(dec_lang, builder.keyset())
builder.set_primary_key(newer_key_id)
enc_aead3 = testing_servers.aead(enc_lang, builder.keyset())
dec_aead3 = testing_servers.aead(dec_lang, builder.keyset())
builder.disable_key(older_key_id)
enc_aead4 = testing_servers.aead(enc_lang, builder.keyset())
dec_aead4 = testing_servers.aead(dec_lang, builder.keyset())
self.assertNotEqual(older_key_id, newer_key_id)
# 1 encrypts with the older key. So 1, 2 and 3 can decrypt it, but not 4.
ciphertext1 = enc_aead1.encrypt(b'plaintext', b'ad')
self.assertEqual(dec_aead1.decrypt(ciphertext1, b'ad'), b'plaintext')
self.assertEqual(dec_aead2.decrypt(ciphertext1, b'ad'), b'plaintext')
self.assertEqual(dec_aead3.decrypt(ciphertext1, b'ad'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = dec_aead4.decrypt(ciphertext1, b'ad')
# 2 encrypts with the older key. So 1, 2 and 3 can decrypt it, but not 4.
ciphertext2 = enc_aead2.encrypt(b'plaintext', b'ad')
self.assertEqual(dec_aead1.decrypt(ciphertext2, b'ad'), b'plaintext')
self.assertEqual(dec_aead2.decrypt(ciphertext2, b'ad'), b'plaintext')
self.assertEqual(dec_aead3.decrypt(ciphertext2, b'ad'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = dec_aead4.decrypt(ciphertext2, b'ad')
# 3 encrypts with the newer key. So 2, 3 and 4 can decrypt it, but not 1.
ciphertext3 = enc_aead3.encrypt(b'plaintext', b'ad')
with self.assertRaises(tink.TinkError):
_ = dec_aead1.decrypt(ciphertext3, b'ad')
self.assertEqual(dec_aead2.decrypt(ciphertext3, b'ad'), b'plaintext')
self.assertEqual(dec_aead3.decrypt(ciphertext3, b'ad'), b'plaintext')
self.assertEqual(dec_aead4.decrypt(ciphertext3, b'ad'), b'plaintext')
# 4 encrypts with the newer key. So 2, 3 and 4 can decrypt it, but not 1.
ciphertext4 = enc_aead4.encrypt(b'plaintext', b'ad')
with self.assertRaises(tink.TinkError):
_ = dec_aead1.decrypt(ciphertext4, b'ad')
self.assertEqual(dec_aead2.decrypt(ciphertext4, b'ad'), b'plaintext')
self.assertEqual(dec_aead3.decrypt(ciphertext4, b'ad'), b'plaintext')
self.assertEqual(dec_aead4.decrypt(ciphertext4, b'ad'), b'plaintext')
def test_key_rotation(self, compute_lang, verify_lang, old_key_tmpl,
new_key_tmpl):
# Do a key rotation from an old key generated from old_key_tmpl to a new
# key generated from new_key_tmpl. MAC computation and verification are done
# in languages compute_lang and verify_lang.
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_key_tmpl)
builder.set_primary_key(older_key_id)
compute_mac1 = testing_servers.mac(compute_lang, builder.keyset())
verify_mac1 = testing_servers.mac(verify_lang, builder.keyset())
newer_key_id = builder.add_new_key(new_key_tmpl)
compute_mac2 = testing_servers.mac(compute_lang, builder.keyset())
verify_mac2 = testing_servers.mac(verify_lang, builder.keyset())
builder.set_primary_key(newer_key_id)
compute_mac3 = testing_servers.mac(compute_lang, builder.keyset())
verify_mac3 = testing_servers.mac(verify_lang, builder.keyset())
builder.disable_key(older_key_id)
compute_mac4 = testing_servers.mac(compute_lang, builder.keyset())
verify_mac4 = testing_servers.mac(verify_lang, builder.keyset())
self.assertNotEqual(older_key_id, newer_key_id)
# 1 uses the older key. So 1, 2 and 3 can verify the mac, but not 4.
mac_value1 = compute_mac1.compute_mac(b'plaintext')
verify_mac1.verify_mac(mac_value1, b'plaintext')
verify_mac2.verify_mac(mac_value1, b'plaintext')
verify_mac3.verify_mac(mac_value1, b'plaintext')
with self.assertRaises(tink.TinkError):
verify_mac4.verify_mac(mac_value1, b'plaintext')
# 2 uses the older key. So 1, 2 and 3 can verify the mac, but not 4.
mac_value2 = compute_mac2.compute_mac(b'plaintext')
verify_mac1.verify_mac(mac_value2, b'plaintext')
verify_mac2.verify_mac(mac_value2, b'plaintext')
verify_mac3.verify_mac(mac_value2, b'plaintext')
with self.assertRaises(tink.TinkError):
verify_mac4.verify_mac(mac_value2, b'plaintext')
# 3 uses the newer key. So 2, 3 and 4 can verify the mac, but not 1.
mac_value3 = compute_mac3.compute_mac(b'plaintext')
with self.assertRaises(tink.TinkError):
verify_mac1.verify_mac(mac_value3, b'plaintext')
verify_mac2.verify_mac(mac_value3, b'plaintext')
verify_mac3.verify_mac(mac_value3, b'plaintext')
verify_mac4.verify_mac(mac_value3, b'plaintext')
# 4 uses the newer key. So 2, 3 and 4 can verify the mac, but not 1.
mac_value4 = compute_mac4.compute_mac(b'plaintext')
with self.assertRaises(tink.TinkError):
verify_mac1.verify_mac(mac_value4, b'plaintext')
verify_mac2.verify_mac(mac_value4, b'plaintext')
verify_mac3.verify_mac(mac_value4, b'plaintext')
verify_mac4.verify_mac(mac_value4, b'plaintext')
def test_keyset_conversion(self):
builder1 = keyset_builder.new_keyset_builder()
new_key_id = builder1.add_new_key(aead.aead_key_templates.AES128_GCM)
builder1.set_primary_key(new_key_id)
keyset = builder1.keyset()
keyset_handle1 = builder1.keyset_handle()
p1 = keyset_handle1.primitive(aead.Aead)
builder2 = keyset_builder.from_keyset(keyset)
keyset_handle2 = builder2.keyset_handle()
p2 = keyset_handle2.primitive(aead.Aead)
ciphertext = p1.encrypt(b'plaintext', b'ad')
self.assertEqual(p2.decrypt(ciphertext, b'ad'), b'plaintext')
def test_legacy_non_primary_key_fails(self):
builder = keyset_builder.new_keyset_builder()
old_template = _create_jwt_ecdsa_template(jwt_ecdsa_pb2.ES256,
tink_pb2.LEGACY)
_ = builder.add_new_key(old_template)
current_key_id = builder.add_new_key(jwt.jwt_es256_template())
builder.set_primary_key(current_key_id)
handle = builder.keyset_handle()
with self.assertRaises(tink.TinkError):
handle.primitive(jwt.JwtPublicKeySign)
with self.assertRaises(tink.TinkError):
handle.public_keyset_handle().primitive(jwt.JwtPublicKeyVerify)
def test_operation_on_unknown_key_fails(self):
builder = keyset_builder.new_keyset_builder()
key_id = builder.add_new_key(aead.aead_key_templates.AES128_GCM)
unknown_key_id = key_id + 1
with self.assertRaises(tink.TinkError):
builder.set_primary_key(unknown_key_id)
with self.assertRaises(tink.TinkError):
builder.enable_key(unknown_key_id)
with self.assertRaises(tink.TinkError):
builder.disable_key(unknown_key_id)
with self.assertRaises(tink.TinkError):
builder.delete_key(unknown_key_id)
def test_key_rotation(self):
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(aead.aead_key_templates.AES128_GCM)
builder.set_primary_key(older_key_id)
p1 = builder.keyset_handle().primitive(aead.Aead)
newer_key_id = builder.add_new_key(aead.aead_key_templates.AES128_GCM)
p2 = builder.keyset_handle().primitive(aead.Aead)
builder.set_primary_key(newer_key_id)
p3 = builder.keyset_handle().primitive(aead.Aead)
builder.disable_key(older_key_id)
p4 = builder.keyset_handle().primitive(aead.Aead)
self.assertNotEqual(older_key_id, newer_key_id)
# p1 encrypts with the older key. So p1, p2 and p3 can decrypt it,
# but not p4.
ciphertext1 = p1.encrypt(b'plaintext', b'ad')
self.assertEqual(p1.decrypt(ciphertext1, b'ad'), b'plaintext')
self.assertEqual(p2.decrypt(ciphertext1, b'ad'), b'plaintext')
self.assertEqual(p3.decrypt(ciphertext1, b'ad'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = p4.decrypt(ciphertext1, b'ad')
# p2 encrypts with the older key. So p1, p2 and p3 can decrypt it,
# but not p4.
ciphertext2 = p2.encrypt(b'plaintext', b'ad')
self.assertEqual(p1.decrypt(ciphertext2, b'ad'), b'plaintext')
self.assertEqual(p2.decrypt(ciphertext2, b'ad'), b'plaintext')
self.assertEqual(p3.decrypt(ciphertext2, b'ad'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = p4.decrypt(ciphertext2, b'ad')
# p3 encrypts with the newer key. So p2, p3 and p4 can decrypt it,
# but not p1.
ciphertext3 = p3.encrypt(b'plaintext', b'ad')
with self.assertRaises(tink.TinkError):
_ = p1.decrypt(ciphertext3, b'ad')
self.assertEqual(p2.decrypt(ciphertext3, b'ad'), b'plaintext')
self.assertEqual(p3.decrypt(ciphertext3, b'ad'), b'plaintext')
self.assertEqual(p4.decrypt(ciphertext3, b'ad'), b'plaintext')
# p4 encrypts with the newer key. So p2, p3 and p4 can decrypt it,
# but not p1.
ciphertext4 = p4.encrypt(b'plaintext', b'ad')
with self.assertRaises(tink.TinkError):
_ = p1.decrypt(ciphertext4, b'ad')
self.assertEqual(p2.decrypt(ciphertext4, b'ad'), b'plaintext')
self.assertEqual(p3.decrypt(ciphertext4, b'ad'), b'plaintext')
self.assertEqual(p4.decrypt(ciphertext4, b'ad'), b'plaintext')
def test_asymmetric_keyset_conversion(self):
builder = keyset_builder.new_keyset_builder()
new_key_id = builder.add_new_key(
hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM)
builder.set_primary_key(new_key_id)
private_keyset = builder.keyset()
public_keyset = builder.public_keyset()
private_handle = keyset_builder.from_keyset(
private_keyset).keyset_handle()
dec = private_handle.primitive(hybrid.HybridDecrypt)
public_handle = keyset_builder.from_keyset(
public_keyset).keyset_handle()
enc = public_handle.primitive(hybrid.HybridEncrypt)
ciphertext = enc.encrypt(b'plaintext', b'context')
self.assertEqual(dec.decrypt(ciphertext, b'context'), b'plaintext')
def test_key_rotation(self, old_key_tmpl, new_key_tmpl):
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_key_tmpl)
builder.set_primary_key(older_key_id)
mac1 = builder.keyset_handle().primitive(mac.Mac)
newer_key_id = builder.add_new_key(new_key_tmpl)
mac2 = builder.keyset_handle().primitive(mac.Mac)
builder.set_primary_key(newer_key_id)
mac3 = builder.keyset_handle().primitive(mac.Mac)
builder.disable_key(older_key_id)
mac4 = builder.keyset_handle().primitive(mac.Mac)
self.assertNotEqual(older_key_id, newer_key_id)
# 1 uses the older key. So 1, 2 and 3 can verify the mac, but not 4.
mac_value1 = mac1.compute_mac(b'plaintext')
mac1.verify_mac(mac_value1, b'plaintext')
mac2.verify_mac(mac_value1, b'plaintext')
mac3.verify_mac(mac_value1, b'plaintext')
with self.assertRaises(tink.TinkError):
mac4.verify_mac(mac_value1, b'plaintext')
# 2 uses the older key. So 1, 2 and 3 can verify the mac, but not 4.
mac_value2 = mac2.compute_mac(b'plaintext')
mac1.verify_mac(mac_value2, b'plaintext')
mac2.verify_mac(mac_value2, b'plaintext')
mac3.verify_mac(mac_value2, b'plaintext')
with self.assertRaises(tink.TinkError):
mac4.verify_mac(mac_value2, b'plaintext')
# 3 uses the newer key. So 2, 3 and 4 can verify the mac, but not 1.
mac_value3 = mac3.compute_mac(b'plaintext')
with self.assertRaises(tink.TinkError):
mac1.verify_mac(mac_value3, b'plaintext')
mac2.verify_mac(mac_value3, b'plaintext')
mac3.verify_mac(mac_value3, b'plaintext')
mac4.verify_mac(mac_value3, b'plaintext')
# 4 uses the newer key. So 2, 3 and 4 can verify the mac, but not 1.
mac_value4 = mac4.compute_mac(b'plaintext')
with self.assertRaises(tink.TinkError):
mac1.verify_mac(mac_value4, b'plaintext')
mac2.verify_mac(mac_value4, b'plaintext')
mac3.verify_mac(mac_value4, b'plaintext')
mac4.verify_mac(mac_value4, b'plaintext')
def test_wrap_three_with_one_disabled(self):
builder = keyset_builder.new_keyset_builder()
id1 = builder.add_new_key(TEMPLATE)
id2 = builder.add_new_key(TEMPLATE)
disabled_id = builder.add_new_key(TEMPLATE)
builder.disable_key(disabled_id)
builder.set_primary_key(id1)
prf_set1 = builder.keyset_handle().primitive(prf.PrfSet)
builder.set_primary_key(id2)
prf_set2 = builder.keyset_handle().primitive(prf.PrfSet)
self.assertNotEqual(id1, id2)
self.assertEqual(prf_set1.primary_id(), id1)
self.assertEqual(prf_set2.primary_id(), id2)
output1 = prf_set1.primary().compute(b'input', output_length=31)
output2 = prf_set2.primary().compute(b'input', output_length=31)
self.assertNotEqual(output1, output2)
prfs = prf_set1.all()
self.assertLen(prfs, 2)
self.assertEqual(prfs[id1].compute(b'input', output_length=31),
output1)
self.assertEqual(prfs[id2].compute(b'input', output_length=31),
output2)
def gen_keyset(key_template_name: Text) -> bytes:
builder = keyset_builder.new_keyset_builder()
primary_key_id = builder.add_new_key(
supported_key_types.KEY_TEMPLATE[key_template_name])
builder.set_primary_key(primary_key_id)
return builder.keyset()
def test_add_new_key_new_id(self):
builder = keyset_builder.new_keyset_builder()
key_id1 = builder.add_new_key(aead.aead_key_templates.AES128_GCM)
key_id2 = builder.add_new_key(aead.aead_key_templates.AES128_GCM)
self.assertNotEqual(key_id1, key_id2)
def test_set_primary_success(self):
builder = keyset_builder.new_keyset_builder()
secondary_key_id = builder.add_new_key(
aead.aead_key_templates.AES128_GCM)
builder.set_primary_key(secondary_key_id)
def test_jwt_mac_from_keyset_without_primary_fails(self):
builder = keyset_builder.new_keyset_builder()
builder.add_new_key(jwt.jwt_es256_template())
with self.assertRaises(tink.TinkError):
builder.keyset_handle()
def test_key_rotation(self, old_key_tmpl, new_key_tmpl):
old_key_tmpl = jwt.jwt_es256_template()
new_key_tmpl = jwt.jwt_es384_template()
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_key_tmpl)
builder.set_primary_key(older_key_id)
handle1 = builder.keyset_handle()
sign1 = handle1.primitive(jwt.JwtPublicKeySign)
verify1 = handle1.public_keyset_handle().primitive(
jwt.JwtPublicKeyVerify)
newer_key_id = builder.add_new_key(new_key_tmpl)
handle2 = builder.keyset_handle()
sign2 = handle2.primitive(jwt.JwtPublicKeySign)
verify2 = handle2.public_keyset_handle().primitive(
jwt.JwtPublicKeyVerify)
builder.set_primary_key(newer_key_id)
handle3 = builder.keyset_handle()
sign3 = handle3.primitive(jwt.JwtPublicKeySign)
verify3 = handle3.public_keyset_handle().primitive(
jwt.JwtPublicKeyVerify)
builder.disable_key(older_key_id)
handle4 = builder.keyset_handle()
sign4 = handle4.primitive(jwt.JwtPublicKeySign)
verify4 = handle4.public_keyset_handle().primitive(
jwt.JwtPublicKeyVerify)
raw_jwt = jwt.new_raw_jwt(issuer='a', without_expiration=True)
validator = jwt.new_validator(expected_issuer='a',
allow_missing_expiration=True)
self.assertNotEqual(older_key_id, newer_key_id)
# 1 uses the older key. So 1, 2 and 3 can verify the signature, but not 4.
compact1 = sign1.sign_and_encode(raw_jwt)
self.assertEqual(
verify1.verify_and_decode(compact1, validator).issuer(), 'a')
self.assertEqual(
verify2.verify_and_decode(compact1, validator).issuer(), 'a')
self.assertEqual(
verify3.verify_and_decode(compact1, validator).issuer(), 'a')
with self.assertRaises(tink.TinkError):
verify4.verify_and_decode(compact1, validator)
# 2 uses the older key. So 1, 2 and 3 can verify the signature, but not 4.
compact2 = sign2.sign_and_encode(raw_jwt)
self.assertEqual(
verify1.verify_and_decode(compact2, validator).issuer(), 'a')
self.assertEqual(
verify2.verify_and_decode(compact2, validator).issuer(), 'a')
self.assertEqual(
verify3.verify_and_decode(compact2, validator).issuer(), 'a')
with self.assertRaises(tink.TinkError):
verify4.verify_and_decode(compact2, validator)
# 3 uses the newer key. So 2, 3 and 4 can verify the signature, but not 1.
compact3 = sign3.sign_and_encode(raw_jwt)
with self.assertRaises(tink.TinkError):
verify1.verify_and_decode(compact3, validator)
self.assertEqual(
verify2.verify_and_decode(compact3, validator).issuer(), 'a')
self.assertEqual(
verify3.verify_and_decode(compact3, validator).issuer(), 'a')
self.assertEqual(
verify4.verify_and_decode(compact3, validator).issuer(), 'a')
# 4 uses the newer key. So 2, 3 and 4 can verify the signature, but not 1.
compact4 = sign4.sign_and_encode(raw_jwt)
with self.assertRaises(tink.TinkError):
verify1.verify_and_decode(compact4, validator)
self.assertEqual(
verify2.verify_and_decode(compact4, validator).issuer(), 'a')
self.assertEqual(
verify3.verify_and_decode(compact4, validator).issuer(), 'a')
self.assertEqual(
verify4.verify_and_decode(compact4, validator).issuer(), 'a')
def test_key_rotation(self):
old_key_tmpl = jwt.jwt_hs256_template()
new_key_tmpl = jwt.jwt_hs384_template()
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_key_tmpl)
builder.set_primary_key(older_key_id)
jwtmac1 = builder.keyset_handle().primitive(jwt.JwtMac)
newer_key_id = builder.add_new_key(new_key_tmpl)
jwtmac2 = builder.keyset_handle().primitive(jwt.JwtMac)
builder.set_primary_key(newer_key_id)
jwtmac3 = builder.keyset_handle().primitive(jwt.JwtMac)
builder.disable_key(older_key_id)
jwtmac4 = builder.keyset_handle().primitive(jwt.JwtMac)
raw_jwt = jwt.new_raw_jwt(issuer='a')
validator = jwt.JwtValidator()
self.assertNotEqual(older_key_id, newer_key_id)
# 1 uses the older key. So 1, 2 and 3 can verify the mac, but not 4.
compact1 = jwtmac1.compute_mac_and_encode(raw_jwt)
self.assertEqual(
jwtmac1.verify_mac_and_decode(compact1, validator).issuer(), 'a')
self.assertEqual(
jwtmac2.verify_mac_and_decode(compact1, validator).issuer(), 'a')
self.assertEqual(
jwtmac3.verify_mac_and_decode(compact1, validator).issuer(), 'a')
with self.assertRaises(tink.TinkError):
jwtmac4.verify_mac_and_decode(compact1, validator)
# 2 uses the older key. So 1, 2 and 3 can verify the mac, but not 4.
compact2 = jwtmac2.compute_mac_and_encode(raw_jwt)
self.assertEqual(
jwtmac1.verify_mac_and_decode(compact2, validator).issuer(), 'a')
self.assertEqual(
jwtmac2.verify_mac_and_decode(compact2, validator).issuer(), 'a')
self.assertEqual(
jwtmac3.verify_mac_and_decode(compact2, validator).issuer(), 'a')
with self.assertRaises(tink.TinkError):
jwtmac4.verify_mac_and_decode(compact2, validator)
# 3 uses the newer key. So 2, 3 and 4 can verify the mac, but not 1.
compact3 = jwtmac3.compute_mac_and_encode(raw_jwt)
with self.assertRaises(tink.TinkError):
jwtmac1.verify_mac_and_decode(compact3, validator)
self.assertEqual(
jwtmac2.verify_mac_and_decode(compact3, validator).issuer(), 'a')
self.assertEqual(
jwtmac3.verify_mac_and_decode(compact3, validator).issuer(), 'a')
self.assertEqual(
jwtmac4.verify_mac_and_decode(compact3, validator).issuer(), 'a')
# 4 uses the newer key. So 2, 3 and 4 can verify the mac, but not 1.
compact4 = jwtmac4.compute_mac_and_encode(raw_jwt)
with self.assertRaises(tink.TinkError):
jwtmac1.verify_mac_and_decode(compact4, validator)
self.assertEqual(
jwtmac2.verify_mac_and_decode(compact4, validator).issuer(), 'a')
self.assertEqual(
jwtmac3.verify_mac_and_decode(compact4, validator).issuer(), 'a')
self.assertEqual(
jwtmac4.verify_mac_and_decode(compact4, validator).issuer(), 'a')
def gen_keyset_with_2_prfs() -> bytes:
builder = keyset_builder.new_keyset_builder()
builder.add_new_key(prf.prf_key_templates.HMAC_SHA256)
primary_key_id = builder.add_new_key(prf.prf_key_templates.HKDF_SHA256)
builder.set_primary_key(primary_key_id)
return builder.keyset()
def test_encrypt_decrypt_with_key_rotation(self, old_template,
new_template):
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(old_template)
builder.set_primary_key(older_key_id)
private_handle1 = builder.keyset_handle()
dec1 = private_handle1.primitive(hybrid.HybridDecrypt)
enc1 = private_handle1.public_keyset_handle().primitive(
hybrid.HybridEncrypt)
newer_key_id = builder.add_new_key(new_template)
private_handle2 = builder.keyset_handle()
dec2 = private_handle2.primitive(hybrid.HybridDecrypt)
enc2 = private_handle2.public_keyset_handle().primitive(
hybrid.HybridEncrypt)
builder.set_primary_key(newer_key_id)
private_handle3 = builder.keyset_handle()
dec3 = private_handle3.primitive(hybrid.HybridDecrypt)
enc3 = private_handle3.public_keyset_handle().primitive(
hybrid.HybridEncrypt)
builder.disable_key(older_key_id)
private_handle4 = builder.keyset_handle()
dec4 = private_handle4.primitive(hybrid.HybridDecrypt)
enc4 = private_handle4.public_keyset_handle().primitive(
hybrid.HybridEncrypt)
self.assertNotEqual(older_key_id, newer_key_id)
# p1 encrypts with the older key. So p1, p2 and p3 can decrypt it,
# but not p4.
ciphertext1 = enc1.encrypt(b'plaintext', b'context')
self.assertEqual(dec1.decrypt(ciphertext1, b'context'), b'plaintext')
self.assertEqual(dec2.decrypt(ciphertext1, b'context'), b'plaintext')
self.assertEqual(dec3.decrypt(ciphertext1, b'context'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = dec4.decrypt(ciphertext1, b'context')
# p2 encrypts with the older key. So p1, p2 and p3 can decrypt it,
# but not p4.
ciphertext2 = enc2.encrypt(b'plaintext', b'context')
self.assertEqual(dec1.decrypt(ciphertext2, b'context'), b'plaintext')
self.assertEqual(dec2.decrypt(ciphertext2, b'context'), b'plaintext')
self.assertEqual(dec3.decrypt(ciphertext2, b'context'), b'plaintext')
with self.assertRaises(tink.TinkError):
_ = dec4.decrypt(ciphertext2, b'context')
# p3 encrypts with the newer key. So p2, p3 and p4 can decrypt it,
# but not p1.
ciphertext3 = enc3.encrypt(b'plaintext', b'context')
with self.assertRaises(tink.TinkError):
_ = dec1.decrypt(ciphertext3, b'context')
self.assertEqual(dec2.decrypt(ciphertext3, b'context'), b'plaintext')
self.assertEqual(dec3.decrypt(ciphertext3, b'context'), b'plaintext')
self.assertEqual(dec4.decrypt(ciphertext3, b'context'), b'plaintext')
# p4 encrypts with the newer key. So p2, p3 and p4 can decrypt it,
# but not p1.
ciphertext4 = enc4.encrypt(b'plaintext', b'context')
with self.assertRaises(tink.TinkError):
_ = dec1.decrypt(ciphertext4, b'context')
self.assertEqual(dec2.decrypt(ciphertext4, b'context'), b'plaintext')
self.assertEqual(dec3.decrypt(ciphertext4, b'context'), b'plaintext')
self.assertEqual(dec4.decrypt(ciphertext4, b'context'), b'plaintext')
def test_key_rotation(self, enc_lang, dec_lang):
# Do a key rotation from an old key to a new key.
# Encryption and decryption are done in languages enc_lang and dec_lang.
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(
streaming_aead.streaming_aead_key_templates.AES128_GCM_HKDF_4KB)
builder.set_primary_key(older_key_id)
enc1 = testing_servers.streaming_aead(enc_lang, builder.keyset())
dec1 = testing_servers.streaming_aead(dec_lang, builder.keyset())
newer_key_id = builder.add_new_key(
streaming_aead.streaming_aead_key_templates.AES256_GCM_HKDF_4KB)
enc2 = testing_servers.streaming_aead(enc_lang, builder.keyset())
dec2 = testing_servers.streaming_aead(dec_lang, builder.keyset())
builder.set_primary_key(newer_key_id)
enc3 = testing_servers.streaming_aead(enc_lang, builder.keyset())
dec3 = testing_servers.streaming_aead(dec_lang, builder.keyset())
builder.disable_key(older_key_id)
enc4 = testing_servers.streaming_aead(enc_lang, builder.keyset())
dec4 = testing_servers.streaming_aead(dec_lang, builder.keyset())
self.assertNotEqual(older_key_id, newer_key_id)
# 1 encrypts with the older key. So 1, 2 and 3 can decrypt it, but not 4.
plaintext = LONG_PLAINTEXT
ad = b'associated_data'
ciphertext1 = enc1.new_encrypting_stream(io.BytesIO(plaintext), ad).read()
self.assertEqual(
dec1.new_decrypting_stream(io.BytesIO(ciphertext1), ad).read(),
plaintext)
self.assertEqual(
dec2.new_decrypting_stream(io.BytesIO(ciphertext1), ad).read(),
plaintext)
self.assertEqual(
dec3.new_decrypting_stream(io.BytesIO(ciphertext1), ad).read(),
plaintext)
with self.assertRaises(tink.TinkError):
_ = dec4.new_decrypting_stream(io.BytesIO(ciphertext1), ad).read()
# 2 encrypts with the older key. So 1, 2 and 3 can decrypt it, but not 4.
ciphertext2 = enc2.new_encrypting_stream(io.BytesIO(plaintext), ad).read()
self.assertEqual(
dec1.new_decrypting_stream(io.BytesIO(ciphertext2), ad).read(),
plaintext)
self.assertEqual(
dec2.new_decrypting_stream(io.BytesIO(ciphertext2), ad).read(),
plaintext)
self.assertEqual(
dec3.new_decrypting_stream(io.BytesIO(ciphertext2), ad).read(),
plaintext)
with self.assertRaises(tink.TinkError):
_ = dec4.new_decrypting_stream(io.BytesIO(ciphertext2), ad).read()
# 3 encrypts with the newer key. So 2, 3 and 4 can decrypt it, but not 1.
ciphertext3 = enc3.new_encrypting_stream(io.BytesIO(plaintext), ad).read()
with self.assertRaises(tink.TinkError):
_ = dec1.new_decrypting_stream(io.BytesIO(ciphertext3), ad).read()
self.assertEqual(
dec2.new_decrypting_stream(io.BytesIO(ciphertext3), ad).read(),
plaintext)
self.assertEqual(
dec3.new_decrypting_stream(io.BytesIO(ciphertext3), ad).read(),
plaintext)
self.assertEqual(
dec4.new_decrypting_stream(io.BytesIO(ciphertext3), ad).read(),
plaintext)
# 4 encrypts with the newer key. So 2, 3 and 4 can decrypt it, but not 1.
ciphertext4 = enc4.new_encrypting_stream(io.BytesIO(plaintext), ad).read()
with self.assertRaises(tink.TinkError):
_ = dec1.new_decrypting_stream(io.BytesIO(ciphertext4), ad).read()
self.assertEqual(
dec2.new_decrypting_stream(io.BytesIO(ciphertext4), ad).read(),
plaintext)
self.assertEqual(
dec3.new_decrypting_stream(io.BytesIO(ciphertext4), ad).read(),
plaintext)
self.assertEqual(
dec4.new_decrypting_stream(io.BytesIO(ciphertext4), ad).read(),
plaintext)
def test_encrypt_decrypt_with_key_rotation(self, input_stream_factory):
builder = keyset_builder.new_keyset_builder()
older_key_id = builder.add_new_key(TEMPLATE)
builder.set_primary_key(older_key_id)
p1 = builder.keyset_handle().primitive(streaming_aead.StreamingAead)
newer_key_id = builder.add_new_key(TEMPLATE)
p2 = builder.keyset_handle().primitive(streaming_aead.StreamingAead)
builder.set_primary_key(newer_key_id)
p3 = builder.keyset_handle().primitive(streaming_aead.StreamingAead)
builder.disable_key(older_key_id)
p4 = builder.keyset_handle().primitive(streaming_aead.StreamingAead)
self.assertNotEqual(older_key_id, newer_key_id)
# p1 encrypts with the older key. So p1, p2 and p3 can decrypt it,
# but not p4.
plaintext1 = b' '.join(b'%d' % i for i in range(100 * 101))
ciphertext1 = _encrypt(p1, plaintext1, b'aad1')
with p1.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext1)),
b'aad1') as ds:
self.assertEqual(ds.read(), plaintext1)
with p2.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext1)),
b'aad1') as ds:
self.assertEqual(ds.read(), plaintext1)
with p3.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext1)),
b'aad1') as ds:
self.assertEqual(ds.read(), plaintext1)
with p4.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext1)),
b'aad1') as ds:
with self.assertRaises(tink.TinkError):
ds.read()
# p2 encrypts with the older key. So p1, p2 and p3 can decrypt it,
# but not p4.
plaintext2 = b' '.join(b'%d' % i for i in range(100 * 102))
ciphertext2 = _encrypt(p2, plaintext2, b'aad2')
with p1.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext2)),
b'aad2') as ds:
self.assertEqual(ds.read(), plaintext2)
with p2.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext2)),
b'aad2') as ds:
self.assertEqual(ds.read(), plaintext2)
with p3.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext2)),
b'aad2') as ds:
self.assertEqual(ds.read(), plaintext2)
with p4.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext2)),
b'aad2') as ds:
with self.assertRaises(tink.TinkError):
ds.read()
# p3 encrypts with the newer key. So p2, p3 and p4 can decrypt it,
# but not p1.
plaintext3 = b' '.join(b'%d' % i for i in range(100 * 103))
ciphertext3 = _encrypt(p3, plaintext3, b'aad3')
with p1.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext3)),
b'aad3') as ds:
with self.assertRaises(tink.TinkError):
ds.read()
with p2.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext3)),
b'aad3') as ds:
self.assertEqual(ds.read(), plaintext3)
with p3.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext3)),
b'aad3') as ds:
self.assertEqual(ds.read(), plaintext3)
with p4.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext3)),
b'aad3') as ds:
self.assertEqual(ds.read(), plaintext3)
# p4 encrypts with the newer key. So p2, p3 and p4 can decrypt it,
# but not p1.
plaintext4 = b' '.join(b'%d' % i for i in range(100 * 104))
ciphertext4 = _encrypt(p4, plaintext4, b'aad4')
with p1.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext4)),
b'aad4') as ds:
with self.assertRaises(tink.TinkError):
ds.read()
with p2.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext4)),
b'aad4') as ds:
self.assertEqual(ds.read(), plaintext4)
with p3.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext4)),
b'aad4') as ds:
self.assertEqual(ds.read(), plaintext4)
with p4.new_decrypting_stream(
cast(BinaryIO, input_stream_factory(ciphertext4)),
b'aad4') as ds:
self.assertEqual(ds.read(), plaintext4)
