예제 #1
0
    def test_hybrid_wrappers_are_correctly_registered(self):
        dec1, dec1_key = _new_primitive_and_key(
            hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM,
            hybrid.HybridDecrypt, tink_pb2.RAW)
        enc1, enc1_key = _public_primitive_and_key(dec1_key,
                                                   hybrid.HybridEncrypt,
                                                   tink_pb2.RAW)

        dec2, dec2_key = _new_primitive_and_key(
            hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM,
            hybrid.HybridDecrypt, tink_pb2.RAW)
        enc2, enc2_key = _public_primitive_and_key(dec2_key,
                                                   hybrid.HybridEncrypt,
                                                   tink_pb2.RAW)

        dec_pset = core.PrimitiveSet(hybrid.HybridDecrypt)
        dec_pset.add_primitive(dec1, dec1_key)
        dec_pset.set_primary(dec_pset.add_primitive(dec2, dec2_key))
        wrapped_dec = core.Registry.wrap(dec_pset, hybrid.HybridDecrypt)

        enc_pset = core.PrimitiveSet(hybrid.HybridEncrypt)
        enc_pset.add_primitive(enc1, enc1_key)
        enc_pset.set_primary(enc_pset.add_primitive(enc2, enc2_key))
        wrapped_enc = core.Registry.wrap(enc_pset, hybrid.HybridEncrypt)

        self.assertEqual(
            wrapped_dec.decrypt(enc1.encrypt(b'plaintext1', b'ad1'), b'ad1'),
            b'plaintext1')
        self.assertEqual(
            wrapped_dec.decrypt(wrapped_enc.encrypt(b'plaintext2', b'ad2'),
                                b'ad2'), b'plaintext2')
예제 #2
0
    def test_signature_wrapper_is_correctly_registered(self):
        sig1, key1 = _new_primitive_and_key(
            signature.signature_key_templates.ECDSA_P256,
            signature.PublicKeySign, tink_pb2.TINK)
        sig2, key2 = _new_primitive_and_key(
            signature.signature_key_templates.ECDSA_P256,
            signature.PublicKeySign, tink_pb2.TINK)

        ver1, pubkey1 = _public_primitive_and_key(key1,
                                                  signature.PublicKeyVerify,
                                                  tink_pb2.TINK)
        ver2, pubkey2 = _public_primitive_and_key(key2,
                                                  signature.PublicKeyVerify,
                                                  tink_pb2.TINK)

        pset = core.PrimitiveSet(signature.PublicKeySign)
        pset.add_primitive(sig1, key1)
        pset.set_primary(pset.add_primitive(sig2, key2))
        wrapped_sig = core.Registry.wrap(pset, signature.PublicKeySign)

        pset_verify = core.new_primitive_set(signature.PublicKeyVerify)
        pset_verify.add_primitive(ver1, pubkey1)
        pset_verify.set_primary(pset_verify.add_primitive(ver2, pubkey2))
        wrapped_ver = core.Registry.wrap(pset_verify,
                                         signature.PublicKeyVerify)

        sig = wrapped_sig.sign(b'data')
        wrapped_ver.verify(sig, b'data')
예제 #3
0
    def primitive(self, primitive_class: Type[P]) -> P:
        """Returns a wrapped primitive from this KeysetHandle.

    Uses the KeyManager and the PrimitiveWrapper objects in the global
    registry.Registry
    to create the primitive. This function is the most common way of creating a
    primitive.

    Args:
      primitive_class: The class of the primitive.

    Returns:
      The primitive.
    Raises:
      tink.TinkError if creation of the primitive fails, for example if
      primitive_class cannot be used with this KeysetHandle.
    """
        _validate_keyset(self._keyset)
        input_primitive_class = core.Registry.input_primitive_class(
            primitive_class)
        pset = core.PrimitiveSet(input_primitive_class)
        for key in self._keyset.key:
            if key.status == tink_pb2.ENABLED:
                primitive = core.Registry.primitive(key.key_data,
                                                    input_primitive_class)
                entry = pset.add_primitive(primitive, key)
                if key.key_id == self._keyset.primary_key_id:
                    pset.set_primary(entry)
        return core.Registry.wrap(pset, primitive_class)
예제 #4
0
    def test_aead_wrapper_is_correctly_registered(self):
        aead1, key1 = _new_primitive_and_key(
            aead.aead_key_templates.AES128_EAX, aead.Aead, tink_pb2.RAW)
        aead2, key2 = _new_primitive_and_key(
            aead.aead_key_templates.AES256_GCM, aead.Aead, tink_pb2.TINK)
        pset = core.PrimitiveSet(aead.Aead)
        pset.add_primitive(aead1, key1)
        pset.set_primary(pset.add_primitive(aead2, key2))
        wrapped_aead = core.Registry.wrap(pset, aead.Aead)

        self.assertEqual(
            wrapped_aead.decrypt(aead1.encrypt(b'plaintext1', b'ad1'), b'ad1'),
            b'plaintext1')
        self.assertEqual(
            wrapped_aead.decrypt(wrapped_aead.encrypt(b'plaintext2', b'ad2'),
                                 b'ad2'), b'plaintext2')
예제 #5
0
    def test_mac_wrapper_is_correctly_registered(self):
        mac1, key1 = _new_primitive_and_key(
            mac.mac_key_templates.HMAC_SHA256_128BITTAG, mac.Mac, tink_pb2.RAW)
        mac2, key2 = _new_primitive_and_key(
            mac.mac_key_templates.HMAC_SHA256_256BITTAG, mac.Mac,
            tink_pb2.TINK)
        pset = core.PrimitiveSet(mac.Mac)
        pset.add_primitive(mac1, key1)
        pset.set_primary(pset.add_primitive(mac2, key2))
        wrapped_mac = core.Registry.wrap(pset, mac.Mac)

        self.assertIsNone(
            wrapped_mac.verify_mac(mac1.compute_mac(b'data1'), b'data1'))
        self.assertIsNone(
            wrapped_mac.verify_mac(wrapped_mac.compute_mac(b'data2'),
                                   b'data2'))
예제 #6
0
    def test_deterministic_aead_wrapper_is_correctly_registered(self):
        daead1, key1 = _new_primitive_and_key(
            daead.deterministic_aead_key_templates.AES256_SIV,
            daead.DeterministicAead, tink_pb2.RAW)
        daead2, key2 = _new_primitive_and_key(
            daead.deterministic_aead_key_templates.AES256_SIV,
            daead.DeterministicAead, tink_pb2.TINK)
        pset = core.PrimitiveSet(daead.DeterministicAead)
        pset.add_primitive(daead1, key1)
        pset.set_primary(pset.add_primitive(daead2, key2))
        wrapped_daead = core.Registry.wrap(pset, daead.DeterministicAead)

        self.assertEqual(
            wrapped_daead.decrypt_deterministically(
                daead1.encrypt_deterministically(b'plaintext1', b'ad1'),
                b'ad1'), b'plaintext1')
        self.assertEqual(
            wrapped_daead.decrypt_deterministically(
                wrapped_daead.encrypt_deterministically(b'plaintext2', b'ad2'),
                b'ad2'), b'plaintext2')