Exemplo n.º 1
0
def setUpModule():
    aead.register()
    daead.register()
    mac.register()
    hybrid.register()
    signature.register()
    testing_servers.start('key_generation_consistency')
Exemplo n.º 2
0
def register():
    aead.register()
    daead.register()
    hybrid.register()
    cc_tink_config.register()
    _register_key_managers()
    _register_primitive_wrappers()
Exemplo n.º 3
0
def main(unused_argv):
    aead.register()
    daead.register()
    hybrid.register()
    mac.register()
    prf.register()
    signature.register()
    streaming_aead.register()
    jwt.register_jwt_mac()
    fake_kms.register_client()
    server = grpc.server(futures.ThreadPoolExecutor(max_workers=2))
    testing_api_pb2_grpc.add_MetadataServicer_to_server(
        services.MetadataServicer(), server)
    testing_api_pb2_grpc.add_KeysetServicer_to_server(
        services.KeysetServicer(), server)
    testing_api_pb2_grpc.add_AeadServicer_to_server(services.AeadServicer(),
                                                    server)
    testing_api_pb2_grpc.add_DeterministicAeadServicer_to_server(
        services.DeterministicAeadServicer(), server)
    testing_api_pb2_grpc.add_MacServicer_to_server(services.MacServicer(),
                                                   server)
    testing_api_pb2_grpc.add_PrfSetServicer_to_server(
        services.PrfSetServicer(), server)
    testing_api_pb2_grpc.add_HybridServicer_to_server(
        services.HybridServicer(), server)
    testing_api_pb2_grpc.add_SignatureServicer_to_server(
        services.SignatureServicer(), server)
    testing_api_pb2_grpc.add_StreamingAeadServicer_to_server(
        services.StreamingAeadServicer(), server)
    testing_api_pb2_grpc.add_JwtServicer_to_server(jwt_service.JwtServicer(),
                                                   server)
    server.add_secure_port('[::]:%d' % FLAGS.port,
                           grpc.local_server_credentials())
    server.start()
    server.wait_for_termination()
Exemplo n.º 4
0
def setUpModule():
    aead.register()
    daead.register()
    mac.register()
    hybrid.register()
    signature.register()
    testing_servers.start()
Exemplo n.º 5
0
 def setUpClass(cls):
     super().setUpClass()
     aead.register()
     daead.register()
     mac.register()
     hybrid.register()
     signature.register()
Exemplo n.º 6
0
def main(argv):
  del argv

  context_info = b'' if not FLAGS.context_info else bytes(
      FLAGS.context_info, 'utf-8')

  # Initialise Tink.
  try:
    hybrid.register()
  except tink.TinkError:
    logging.exception('Error initialising Tink.')
    return 1

  # Read the keyset into a keyset_handle.
  with open(FLAGS.keyset_path, 'rt') as keyset_file:
    text = keyset_file.read()
    try:
      keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(text))
    except tink.TinkError:
      logging.exception('Error reading key.')
      return 1

  # Get the primitive.
  try:
    primitive = keyset_handle.primitive(hybrid.HybridDecrypt)
  except tink.TinkError:
    logging.exception(
        'Error creating hybrid decrypt primitive from keyset.')
    return 1

  with open(FLAGS.input_path, 'rb') as input_file:
    with open(FLAGS.output_path, 'wb') as output_file:
      data = input_file.read()
      plaintext = primitive.decrypt(data, context_info)
      output_file.write(plaintext)
Exemplo n.º 7
0
def register():
    aead.register()
    daead.register()
    hybrid.register()
    mac.register()
    prf.register()
    signature.register()
    streaming_aead.register()
Exemplo n.º 8
0
def main(argv):
  del argv  # Unused

  mode = FLAGS.mode
  if mode not in ('encrypt', 'decrypt'):
    logging.error('Incorrect mode. Please select "encrypt" or "decrypt".')
    return 1
  context_info = b'' if not FLAGS.context_info else bytes(
      FLAGS.context_info, 'utf-8')

  # Initialise Tink
  try:
    hybrid.register()
  except tink.TinkError as e:
    logging.exception('Error initialising Tink: %s', e)
    return 1

  # Read the keyset into a keyset_handle
  with open(FLAGS.keyset_path, 'rt') as keyset_file:
    try:
      text = keyset_file.read()
      keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(text))
    except tink.TinkError as e:
      logging.exception('Error reading key: %s', e)
      return 1

  with open(FLAGS.input_path, 'rb') as input_file:
    data = input_file.read()

  if mode == 'encrypt':
    # Get the primitive
    try:
      primitive = keyset_handle.primitive(hybrid.HybridEncrypt)
    except tink.TinkError as e:
      logging.exception(
          'Error creating hybrid encrypt primitive from keyset: %s', e)
      return 1
    # Encrypt data
    with open(FLAGS.output_path, 'wb') as output_file:
      ciphertext = primitive.encrypt(data, context_info)
      output_file.write(ciphertext)
      return 0

  # Get the primitive
  try:
    primitive = keyset_handle.primitive(hybrid.HybridDecrypt)
  except tink.TinkError as e:
    logging.exception(
        'Error creating hybrid encrypt primitive from keyset: %s', e)
    return 1
  # Decrypt data
  with open(FLAGS.output_path, 'wb') as output_file:
    plaintext = primitive.decrypt(data, context_info)
    output_file.write(plaintext)

  return 0
Exemplo n.º 9
0
def main(argv):
    if len(argv) != 5:
        raise app.UsageError(
            'Expected 4 arguments, got %d.\n'
            'Usage: %s keyset-file plaintext-file contextinfo-file output-file'
            % (len(argv) - 1, argv[0]))

    keyset_filename = argv[1]
    plaintext_filename = argv[2]
    contextinfo_filename = argv[3]
    output_filename = argv[4]

    logging.info(
        'Using keyset from file %s to HybridEncrypt file %s using context '
        'info %s\n.The resulting output will be written to file %s',
        keyset_filename, plaintext_filename, contextinfo_filename,
        output_filename)

    # Initialise Tink
    try:
        hybrid.register()
    except tink.TinkError as e:
        logging.error('Error initialising Tink: %s', e)
        return 1

    # Read the keyset into keyset_handle
    try:
        keyset_handle = read_keyset(keyset_filename)
    except tink.TinkError as e:
        logging.error('Error reading key: %s', e)
        return 1

    # Get the primitive
    try:
        cipher = keyset_handle.primitive(hybrid.HybridEncrypt)
    except tink.TinkError as e:
        logging.error('Error creating primitive: %s', e)
        return 1

    # Read the input files
    with open(plaintext_filename, 'rb') as plaintext_file:
        plaintext_data = plaintext_file.read()
    with open(contextinfo_filename, 'rb') as contextinfo_file:
        contextinfo_data = contextinfo_file.read()

    try:
        output_data = cipher.encrypt(plaintext_data, contextinfo_data)
    except tink.TinkError as e:
        logging.error('Error encrypting the input: %s', e)
        return 1

    with open(output_filename, 'wb') as output_file:
        output_file.write(output_data)

    logging.info('All done.')
    def encrypt_with_cluster_key(self, cluster_public_key, secret,
                                 openssl_executable):
        if openssl_executable:
            return self.encode_token_using_openssl(cluster_public_key, secret,
                                                   openssl_executable)
        try:
            # pylint: disable=g-import-not-at-top
            import tink
            from tink import hybrid
            from tink import cleartext_keyset_handle
            # pylint: enable=g-import-not-at-top
        except ImportError:
            raise exceptions.PersonalAuthError(
                'Cannot load the Tink cryptography library. Either the '
                'library is not installed, or site packages are not '
                'enabled for the Google Cloud SDK. Please consult Cloud '
                'Dataproc Personal Auth documentation on adding Tink to '
                'Google Cloud SDK for further instructions.\n'
                'https://cloud.google.com/dataproc/docs/concepts/iam/personal-auth'
            )

        hybrid.register()
        context = b''

        # Extract value of key corresponding to primary key.
        public_key_value = json.loads(
            cluster_public_key)['key'][0]['keyData']['value']
        cluster_key_hash = hashlib.sha256(
            (public_key_value + '\n').encode('utf-8')).hexdigest()

        # Load public key and create keyset handle.
        reader = tink.JsonKeysetReader(cluster_public_key)
        kh_pub = cleartext_keyset_handle.read(reader)

        # Create encrypter instance.
        encrypter = kh_pub.primitive(hybrid.HybridEncrypt)
        ciphertext = encrypter.encrypt(secret.encode('utf-8'), context)

        encoded_token = base64.b64encode(ciphertext).decode('utf-8')
        return '{}:{}'.format(cluster_key_hash, encoded_token)
Exemplo n.º 11
0
def setUpModule():
    hybrid.register()
    testing_servers.start()
Exemplo n.º 12
0
def setUpModule():
    aead.register()
    hybrid.register()
Exemplo n.º 13
0
def setUpModule():
    hybrid.register()
Exemplo n.º 14
0
def register():
    aead.register()
    daead.register()
    hybrid.register()
    mac.register()
    signature.register()