예제 #1
0
 def test_keyset_info(self):
     keyset = tink_pb2.Keyset(primary_key_id=2)
     keyset.key.extend([
         helper.fake_key(value=b'v1',
                         type_url='t1',
                         key_id=1,
                         status=tink_pb2.ENABLED,
                         output_prefix_type=tink_pb2.TINK),
         helper.fake_key(value=b'v2',
                         type_url='t2',
                         key_id=2,
                         status=tink_pb2.DESTROYED,
                         output_prefix_type=tink_pb2.RAW)
     ])
     handle = _keyset_handle(keyset)
     expected_keyset_info = tink_pb2.KeysetInfo(primary_key_id=2)
     info1 = expected_keyset_info.key_info.add()
     info1.type_url = 't1'
     info1.status = tink_pb2.ENABLED
     info1.output_prefix_type = tink_pb2.TINK
     info1.key_id = 1
     info2 = expected_keyset_info.key_info.add()
     info2.type_url = 't2'
     info2.status = tink_pb2.DESTROYED
     info2.output_prefix_type = tink_pb2.RAW
     info2.key_id = 2
     self.assertEqual(expected_keyset_info, handle.keyset_info())
예제 #2
0
 def test_primitive_fails_on_empty_keyset(self):
     keyset = tink_pb2.Keyset()
     keyset.key.extend(
         [helper.fake_key(key_id=1, status=tink_pb2.DESTROYED)])
     keyset.primary_key_id = 1
     handle = _keyset_handle(keyset)
     with self.assertRaisesRegex(core.TinkError, 'empty keyset'):
         handle.primitive(aead.Aead)
예제 #3
0
 def test_primitive_fails_on_key_with_unknown_status(self):
     keyset = tink_pb2.Keyset()
     keyset.key.extend(
         [helper.fake_key(key_id=1234, status=tink_pb2.UNKNOWN_STATUS)])
     keyset.primary_key_id = 1234
     handle = _keyset_handle(keyset)
     with self.assertRaisesRegex(core.TinkError,
                                 'key 1234 has unknown status'):
         handle.primitive(aead.Aead)
예제 #4
0
 def read(self) -> tink_pb2.Keyset:
     if not self._serialized_keyset:
         raise tink_error.TinkError('No keyset found')
     try:
         keyset = tink_pb2.Keyset()
         keyset.ParseFromString(self._serialized_keyset)
         return keyset
     except message.DecodeError as e:
         raise tink_error.TinkError(e)
예제 #5
0
 def test_primitive_fails_on_key_without_keydata(self):
     keyset = tink_pb2.Keyset()
     key = helper.fake_key(key_id=123)
     key.ClearField('key_data')
     keyset.key.extend([key])
     keyset.primary_key_id = 123
     handle = _keyset_handle(keyset)
     with self.assertRaisesRegex(core.TinkError, 'key 123 has no key data'):
         handle.primitive(aead.Aead)
예제 #6
0
 def test_primitive_fails_on_multiple_primary_keys(self):
     keyset = tink_pb2.Keyset()
     keyset.key.extend(
         [helper.fake_key(key_id=12345),
          helper.fake_key(key_id=12345)])
     keyset.primary_key_id = 12345
     handle = _keyset_handle(keyset)
     with self.assertRaisesRegex(core.TinkError,
                                 'keyset contains multiple primary keys'):
         handle.primitive(aead.Aead)
예제 #7
0
 def test_write_read_with_unicode_chars(self):
     keyset = tink_pb2.Keyset()
     key = keyset.key.add()
     key.key_data.type_url = (
         u'\xe3\x82\xb3\xe3\x83\xb3\xe3\x83\x8b\xe3\x83\x81\xe3\x83\x8f')
     stream = io.StringIO()
     writer = core.JsonKeysetWriter(stream)
     writer.write(keyset)
     reader = core.JsonKeysetReader(stream.getvalue())
     self.assertEqual(keyset, reader.read())
예제 #8
0
 def test_primitive_fails_on_key_with_unknown_prefix(self):
     keyset = tink_pb2.Keyset()
     keyset.key.extend([
         helper.fake_key(key_id=12,
                         output_prefix_type=tink_pb2.UNKNOWN_PREFIX)
     ])
     keyset.primary_key_id = 12
     handle = _keyset_handle(keyset)
     with self.assertRaisesRegex(core.TinkError,
                                 'key 12 has unknown prefix'):
         handle.primitive(aead.Aead)
예제 #9
0
def example_keyset():
    keyset = tink_pb2.Keyset()
    keyset.primary_key_id = 42
    key = keyset.key.add()
    key.key_data.type_url = u'type.googleapis.com/google.crypto.tink.AesGcmKey'
    key.key_data.key_material_type = tink_pb2.KeyData.SYMMETRIC
    key.key_data.value = b'GhCS/1+ejWpx68NfGt6ziYHd'
    key.output_prefix_type = tink_pb2.TINK
    key.key_id = 42
    key.status = tink_pb2.ENABLED
    return keyset
예제 #10
0
 def public_keyset_handle(self) -> 'KeysetHandle':
     """Returns a new KeysetHandle for the corresponding public keys."""
     public_keyset = tink_pb2.Keyset()
     for key in self._keyset.key:
         public_key = public_keyset.key.add()
         public_key.CopyFrom(key)
         public_key.key_data.CopyFrom(
             registry.Registry.public_key_data(key.key_data))
         _validate_key(public_key)
     public_keyset.primary_key_id = self._keyset.primary_key_id
     return self._create(public_keyset)
예제 #11
0
 def test_read(self):
     keyset = tink_pb2.Keyset()
     keyset.primary_key_id = 42
     key = keyset.key.add()
     key.key_data.type_url = 'type.googleapis.com/google.crypto.tink.AesGcmKey'
     key.key_data.key_material_type = tink_pb2.KeyData.SYMMETRIC
     key.key_data.value = b'GhCS/1+ejWpx68NfGt6ziYHd'
     key.output_prefix_type = tink_pb2.TINK
     key.key_id = 42
     key.status = tink_pb2.ENABLED
     reader = core.BinaryKeysetReader(keyset.SerializeToString())
     self.assertEqual(keyset, reader.read())
예제 #12
0
 def test_primitive_fails_on_wrong_primitive_class(self):
     keyset = tink_pb2.Keyset()
     key = keyset.key.add()
     key.key_data.CopyFrom(
         core.Registry.new_key_data(aead.aead_key_templates.AES128_EAX))
     key.output_prefix_type = tink_pb2.TINK
     key.key_id = 1
     key.status = tink_pb2.ENABLED
     keyset.primary_key_id = 1
     handle = _keyset_handle(keyset)
     with self.assertRaisesRegex(core.TinkError, 'Wrong primitive class'):
         handle.primitive(mac.Mac)
예제 #13
0
 def test_primitive_fails_without_primary_key_present(self):
     keyset = tink_pb2.Keyset()
     key = keyset.key.add()
     key.key_data.CopyFrom(
         core.Registry.new_key_data(aead.aead_key_templates.AES128_EAX))
     key.output_prefix_type = tink_pb2.TINK
     key.key_id = 2
     key.status = tink_pb2.ENABLED
     keyset.primary_key_id = 1
     handle = _keyset_handle(keyset)
     with self.assertRaisesRegex(
             core.TinkError, 'keyset does not contain a valid primary key'):
         handle.primitive(aead.Aead)
예제 #14
0
 def test_primitive_success(self):
     keyset = tink_pb2.Keyset()
     key = keyset.key.add()
     key.key_data.CopyFrom(
         core.Registry.new_key_data(aead.aead_key_templates.AES128_EAX))
     key.output_prefix_type = tink_pb2.TINK
     key.key_id = 1
     key.status = tink_pb2.ENABLED
     keyset.primary_key_id = 1
     handle = _keyset_handle(keyset)
     aead_primitive = handle.primitive(aead.Aead)
     self.assertEqual(
         aead_primitive.decrypt(aead_primitive.encrypt(b'message', b'aad'),
                                b'aad'), b'message')
예제 #15
0
    def generate_new(cls,
                     key_template: tink_pb2.KeyTemplate) -> 'KeysetHandle':
        """Return a new KeysetHandle.

    It contains a single fresh key generated according to key_template.

    Args:
      key_template: A tink_pb2.KeyTemplate object.

    Returns:
      A new KeysetHandle.
    """
        keyset = tink_pb2.Keyset()
        key_data = registry.Registry.new_key_data(key_template)
        key_id = _generate_unused_key_id(keyset)
        key = keyset.key.add()
        key.key_data.CopyFrom(key_data)
        key.status = tink_pb2.ENABLED
        key.key_id = key_id
        key.output_prefix_type = key_template.output_prefix_type
        keyset.primary_key_id = key_id
        return cls._create(keyset)
예제 #16
0
 def read(self) -> tink_pb2.Keyset:
     try:
         return json_format.Parse(self._serialized_keyset,
                                  tink_pb2.Keyset())
     except json_format.ParseError as e:
         raise tink_error.TinkError(e)
예제 #17
0
 def decrypt(self, plaintext: bytes, associated_data: bytes) -> bytes:
     return tink_pb2.Keyset(primary_key_id=42).SerializeToString()