def test_raw_template(self):
template = aead.aead_key_templates.AES128_GCM
raw_template = keyset_builder.raw_template(template)
self.assertEqual(raw_template.output_prefix_type, tink_pb2.RAW)
self.assertEqual(raw_template.type_url, template.type_url)
self.assertEqual(raw_template.value, template.value)
# check that generating raw_template did not change template.
self.assertNotEqual(template.output_prefix_type, tink_pb2.RAW)
def mac_key_templates() -> Iterable[Tuple[Text, tink_pb2.KeyTemplate]]:
"""Yields (mac_key_template_name, mac_key_template) tuples."""
for key_type in supported_key_types.MAC_KEY_TYPES:
for name in supported_key_types.KEY_TEMPLATE_NAMES[key_type]:
template = supported_key_types.KEY_TEMPLATE[name]
yield (name, template)
yield (name + '-raw', keyset_builder.raw_template(template))
yield (name + '-legacy', keyset_builder.legacy_template(template))
for p in unsupported_aeads:
with self.assertRaises(
tink.TinkError,
msg='Language %s supports AEAD encrypt with %s unexpectedly'
% (p.lang, key_template_name)):
p.encrypt(b'plaintext', b'associated_data')
# If the implementations work fine for keysets with single keys, then key
# rotation should work if the primitive wrapper is implemented correctly.
# These wrappers do not depend on the key type, so it should be fine to always
# test with the same key type. Since the AEAD wrapper needs to treat keys
# with output prefix RAW differently, we also include such a template for that.
KEY_ROTATION_TEMPLATES = [
aead.aead_key_templates.AES128_CTR_HMAC_SHA256,
keyset_builder.raw_template(aead.aead_key_templates.AES128_CTR_HMAC_SHA256)
]
def key_rotation_test_cases(
) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]:
for enc_lang in SUPPORTED_LANGUAGES:
for dec_lang in SUPPORTED_LANGUAGES:
for old_key_tmpl in KEY_ROTATION_TEMPLATES:
for new_key_tmpl in KEY_ROTATION_TEMPLATES:
yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl)
class AeadKeyRotationTest(parameterized.TestCase):
@parameterized.parameters(key_rotation_test_cases())
def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl,
for enc in unsupported_encs:
with self.assertRaises(
tink.TinkError,
msg='Language %s supports hybrid encrypt with %s unexpectedly' % (
enc.lang, key_template_name)):
enc.encrypt(b'plaintext', b'context_info')
# If the implementations work fine for keysets with single keys, then key
# rotation should work if the primitive wrapper is implemented correctly.
# These wrappers do not depend on the key type, so it should be fine to always
# test with the same key type. But since the wrapper needs to treat keys
# with output prefix RAW differently, we also include such a template for that.
KEY_ROTATION_TEMPLATES = [
hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM,
keyset_builder.raw_template(
hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM)
]
def key_rotation_test_cases(
) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]:
for enc_lang in SUPPORTED_LANGUAGES:
for dec_lang in SUPPORTED_LANGUAGES:
for old_key_tmpl in KEY_ROTATION_TEMPLATES:
for new_key_tmpl in KEY_ROTATION_TEMPLATES:
yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl)
class HybridEncryptionKeyRotationTest(parameterized.TestCase):
@parameterized.parameters(key_rotation_test_cases())
from absl.testing import parameterized
import tink
from tink import signature
from tink.proto import tink_pb2
from tink.testing import keyset_builder
from util import supported_key_types
from util import testing_servers
SUPPORTED_LANGUAGES = (
testing_servers.SUPPORTED_LANGUAGES_BY_PRIMITIVE['signature'])
TEMPLATE = signature.signature_key_templates.ECDSA_P256
KEY_ROTATION_TEMPLATES = [
TEMPLATE,
keyset_builder.raw_template(TEMPLATE),
keyset_builder.legacy_template(TEMPLATE)
]
def key_rotation_test_cases(
) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]:
for enc_lang in SUPPORTED_LANGUAGES:
for dec_lang in SUPPORTED_LANGUAGES:
for old_key_tmpl in KEY_ROTATION_TEMPLATES:
for new_key_tmpl in KEY_ROTATION_TEMPLATES:
yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl)
def setUpModule():
signature.register()
tink.TinkError,
msg=
'Language %s supports signature sign with %s unexpectedly'
% (signer.lang, key_template_name)):
_ = signer.sign(message)
# If the implementations work fine for keysets with single keys, then key
# rotation should work if the primitive wrapper is implemented correctly.
# The wrapper does not depend on the key type, so it should be fine to always
# test with the same key type. The wrapper needs to treat keys with output
# prefix RAW and LEGACY differently, so we also test templates with these
# prefixes.
KEY_ROTATION_TEMPLATES = [
signature.signature_key_templates.ECDSA_P256,
keyset_builder.raw_template(signature.signature_key_templates.ECDSA_P256),
keyset_builder.legacy_template(
signature.signature_key_templates.ECDSA_P256)
]
def key_rotation_test_cases(
) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]:
for enc_lang in SUPPORTED_LANGUAGES:
for dec_lang in SUPPORTED_LANGUAGES:
for old_key_tmpl in KEY_ROTATION_TEMPLATES:
for new_key_tmpl in KEY_ROTATION_TEMPLATES:
yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl)
class SignatureKeyRotationTest(parameterized.TestCase):
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Tests for tink.python.tink.aead_wrapper."""
from absl.testing import absltest
from absl.testing import parameterized
import tink
from tink import aead
from tink.testing import keyset_builder
AEAD_TEMPLATE = aead.aead_key_templates.AES128_EAX
RAW_AEAD_TEMPLATE = keyset_builder.raw_template(AEAD_TEMPLATE)
def setUpModule():
aead.register()
class AeadWrapperTest(parameterized.TestCase):
@parameterized.parameters([AEAD_TEMPLATE, RAW_AEAD_TEMPLATE])
def test_encrypt_decrypt(self, template):
keyset_handle = tink.new_keyset_handle(template)
primitive = keyset_handle.primitive(aead.Aead)
ciphertext = primitive.encrypt(b'plaintext', b'associated_data')
self.assertEqual(primitive.decrypt(ciphertext, b'associated_data'),
b'plaintext')
with self.assertRaises(
tink.TinkError,
msg='Language %s supports compute_mac with %s unexpectedly'
% (p.lang, key_template_name)):
p.compute_mac(data)
# If the implementations work fine for keysets with single keys, then key
# rotation should work if the primitive wrapper is implemented correctly.
# These wrappers do not depend on the key type, so it should be fine to always
# test with the same key type. The wrapper needs to treat keys with output
# prefix RAW and LEGACY differently, so we also test templates with these
# prefixes.
KEY_ROTATION_TEMPLATES = [
mac.mac_key_templates.HMAC_SHA512_512BITTAG,
keyset_builder.raw_template(mac.mac_key_templates.HMAC_SHA512_512BITTAG),
keyset_builder.legacy_template(mac.mac_key_templates.HMAC_SHA512_512BITTAG)
]
def key_rotation_test_cases(
) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]:
for compute_lang in SUPPORTED_LANGUAGES:
for verify_lang in SUPPORTED_LANGUAGES:
for old_key_tmpl in KEY_ROTATION_TEMPLATES:
for new_key_tmpl in KEY_ROTATION_TEMPLATES:
yield (compute_lang, verify_lang, old_key_tmpl,
new_key_tmpl)
class MacKeyRotationTest(parameterized.TestCase):
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Tests for tink.python.tink._mac_wrapper."""
from absl.testing import absltest
from absl.testing import parameterized
import tink
from tink import mac
from tink.testing import keyset_builder
MAC_TEMPLATE = mac.mac_key_templates.HMAC_SHA256_128BITTAG
RAW_MAC_TEMPLATE = keyset_builder.raw_template(MAC_TEMPLATE)
LEGACY_MAC_TEMPLATE = keyset_builder.legacy_template(MAC_TEMPLATE)
def setUpModule():
mac.register()
class MacWrapperTest(parameterized.TestCase):
@parameterized.parameters([MAC_TEMPLATE,
RAW_MAC_TEMPLATE,
LEGACY_MAC_TEMPLATE])
def test_compute_verify_mac(self, template):
keyset_handle = tink.new_keyset_handle(template)
primitive = keyset_handle.primitive(mac.Mac)
for p in unsupported_daeads:
with self.assertRaises(
tink.TinkError,
msg='Language %s supports encrypt_deterministically with %s '
'unexpectedly' % (p.lang, key_template_name)):
p.encrypt_deterministically(b'plaintext', b'associated_data')
# If the implementations work fine for keysets with single keys, then key
# rotation should work if the primitive wrapper is implemented correctly.
# These wrappers do not depend on the key type, so it should be fine to always
# test with the same key type. But since the wrapper needs to treat keys
# with output prefix RAW differently, we also include such a template for that.
KEY_ROTATION_TEMPLATES = [
daead.deterministic_aead_key_templates.AES256_SIV,
keyset_builder.raw_template(
daead.deterministic_aead_key_templates.AES256_SIV)
]
def key_rotation_test_cases():
for enc_lang in SUPPORTED_LANGUAGES:
for dec_lang in SUPPORTED_LANGUAGES:
for old_key_tmpl in KEY_ROTATION_TEMPLATES:
for new_key_tmpl in KEY_ROTATION_TEMPLATES:
yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl)
class DaeadKeyRotationTest(parameterized.TestCase):
@parameterized.parameters(key_rotation_test_cases())
def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl,
new_key_tmpl):
from absl.testing import absltest
from absl.testing import parameterized
import tink
from tink import hybrid
from tink.proto import tink_pb2
from tink.testing import keyset_builder
from util import supported_key_types
from util import testing_servers
SUPPORTED_LANGUAGES = testing_servers.SUPPORTED_LANGUAGES_BY_PRIMITIVE[
'hybrid']
TEMPLATE = hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM
KEY_ROTATION_TEMPLATES = [TEMPLATE, keyset_builder.raw_template(TEMPLATE)]
def key_rotation_test_cases(
) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]:
for enc_lang in SUPPORTED_LANGUAGES:
for dec_lang in SUPPORTED_LANGUAGES:
for old_key_tmpl in KEY_ROTATION_TEMPLATES:
for new_key_tmpl in KEY_ROTATION_TEMPLATES:
yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl)
def setUpModule():
hybrid.register()
testing_servers.start('hybrid')
