def test_generate_keyset_write_read_encrypted(self):
keyset_servicer = services.KeysetServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
master_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(master_response.WhichOneof('result'), 'keyset')
master_keyset = master_response.keyset
keyset_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(keyset_response.WhichOneof('result'), 'keyset')
keyset = keyset_response.keyset
write_encrypted_request = testing_api_pb2.KeysetWriteEncryptedRequest(
keyset=keyset, master_keyset=master_keyset)
write_encrypted_response = keyset_servicer.WriteEncrypted(
write_encrypted_request, self._ctx)
self.assertEqual(write_encrypted_response.WhichOneof('result'),
'encrypted_keyset')
encrypted_keyset = write_encrypted_response.encrypted_keyset
read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=encrypted_keyset, master_keyset=master_keyset)
read_encrypted_response = keyset_servicer.ReadEncrypted(
read_encrypted_request, self._ctx)
self.assertEqual(read_encrypted_response.WhichOneof('result'),
'keyset')
self.assertEqual(read_encrypted_response.keyset, keyset)
def test_generate_keyset_write_read_encrypted_with_associated_data(self):
keyset_servicer = services.KeysetServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
master_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(master_response.WhichOneof('result'), 'keyset')
master_keyset = master_response.keyset
keyset_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(keyset_response.WhichOneof('result'), 'keyset')
keyset = keyset_response.keyset
associated_data = b'associated_data'
write_encrypted_request = testing_api_pb2.KeysetWriteEncryptedRequest(
keyset=keyset,
master_keyset=master_keyset,
associated_data=testing_api_pb2.BytesValue(value=associated_data),
keyset_writer_type=testing_api_pb2.KEYSET_WRITER_BINARY)
write_encrypted_response = keyset_servicer.WriteEncrypted(
write_encrypted_request, self._ctx)
self.assertEqual(write_encrypted_response.WhichOneof('result'),
'encrypted_keyset')
encrypted_keyset = write_encrypted_response.encrypted_keyset
read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=encrypted_keyset,
master_keyset=master_keyset,
associated_data=testing_api_pb2.BytesValue(value=associated_data),
keyset_reader_type=testing_api_pb2.KEYSET_READER_BINARY)
read_encrypted_response = keyset_servicer.ReadEncrypted(
read_encrypted_request, self._ctx)
self.assertEqual(read_encrypted_response.WhichOneof('result'),
'keyset')
self.assertEqual(read_encrypted_response.keyset, keyset)
# Using the wrong associated_data fails
read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=encrypted_keyset,
master_keyset=master_keyset,
associated_data=testing_api_pb2.BytesValue(value=b'wrong ad'),
keyset_reader_type=testing_api_pb2.KEYSET_READER_BINARY)
read_encrypted_response = keyset_servicer.ReadEncrypted(
read_encrypted_request, self._ctx)
self.assertEqual(read_encrypted_response.WhichOneof('result'), 'err')
def keyset_read_encrypted(stub: testing_api_pb2_grpc.KeysetStub,
encrypted_keyset: bytes, master_keyset: bytes,
associated_data: Optional[bytes]) -> bytes:
"""Reads an encrypted keyset."""
request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=encrypted_keyset, master_keyset=master_keyset)
if associated_data is not None:
request.associated_data.value = associated_data
response = stub.ReadEncrypted(request)
if response.err:
raise tink.TinkError(response.err)
return response.keyset
def test_keyset_read_encrypted_fails_when_encrypted_keyset_is_invalid(
self):
keyset_servicer = services.KeysetServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
master_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(master_response.WhichOneof('result'), 'keyset')
master_keyset = master_response.keyset
read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=b'invalid', master_keyset=master_keyset)
read_encrypted_response = keyset_servicer.ReadEncrypted(
read_encrypted_request, self._ctx)
self.assertEqual(read_encrypted_response.WhichOneof('result'), 'err')
