def test_new_key_data_no_new_key_allowed(self): self.reg.register_key_manager(DummyKeyManager('dummy_type_url'), new_key_allowed=False) key_template = tink_pb2.KeyTemplate(type_url='dummy_type_url') with self.assertRaisesRegex(core.TinkError, 'does not allow for creation of new keys'): self.reg.new_key_data(key_template)
def new_aes_siv_key_template(self, key_size): key_format = aes_siv_pb2.AesSivKeyFormat() key_format.key_size = key_size key_template = tink_pb2.KeyTemplate() key_template.type_url = 'type.googleapis.com/google.crypto.tink.AesSivKey' key_template.value = key_format.SerializeToString() return key_template.SerializeToString()
def test_new_key_data_wrong_type_url(self): self.reg.register_key_manager(DummyKeyManager('dummy_type_url')) unknown_key_template = tink_pb2.KeyTemplate( type_url='unknown_type_url') with self.assertRaisesRegex(core.TinkError, 'No manager for type unknown_type_url'): self.reg.new_key_data(unknown_key_template)
def new_aes_eax_key_template(self, iv_size, key_size): key_format = aes_eax_pb2.AesEaxKeyFormat() key_format.params.iv_size = iv_size key_format.key_size = key_size key_template = tink_pb2.KeyTemplate() key_template.type_url = ( 'type.googleapis.com/google.crypto.tink.AesEaxKey') key_template.value = key_format.SerializeToString() return key_template
def new_hmac_key_template(self, hash_type, tag_size, key_size): key_format = hmac_pb2.HmacKeyFormat() key_format.params.hash = hash_type key_format.params.tag_size = tag_size key_format.key_size = key_size key_template = tink_pb2.KeyTemplate() key_template.type_url = 'type.googleapis.com/google.crypto.tink.HmacKey' key_template.value = key_format.SerializeToString() return key_template.SerializeToString()
def create_aes_siv_key_template(key_size: int) -> tink_pb2.KeyTemplate: """Creates an AES EAX KeyTemplate, and fills in its values.""" key_format = aes_siv_pb2.AesSivKeyFormat() key_format.key_size = key_size key_template = tink_pb2.KeyTemplate() key_template.type_url = _AES_SIV_KEY_TYPE_URL key_template.output_prefix_type = tink_pb2.TINK key_template.value = key_format.SerializeToString() return key_template
def new_ecdsa_key_template(hash_type, curve_type, encoding): key_format = ecdsa_pb2.EcdsaKeyFormat() key_format.params.hash_type = hash_type key_format.params.curve = curve_type key_format.params.encoding = encoding key_template = tink_pb2.KeyTemplate() key_template.type_url = ( 'type.googleapis.com/google.crypto.tink.EcdsaPrivateKey') key_template.value = key_format.SerializeToString() return key_template
def test_new_key_data_on_public_key_manager_fails(self): key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat() key_template = tink_pb2.KeyTemplate() key_template.type_url = ( 'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey') key_template.value = key_format.SerializeToString() key_template.output_prefix_type = tink_pb2.TINK with self.assertRaisesRegex( tink_error.TinkError, 'Creating new keys is not supported for this key manager'): key_manager = _hybrid_encrypt_key_manager() key_manager.new_key_data(key_template)
def create_hmac_key_template( key_size: int, tag_size: int, hash_type: common_pb2.HashType) -> tink_pb2.KeyTemplate: """Creates a HMAC KeyTemplate, and fills in its values.""" key_format = hmac_pb2.HmacKeyFormat() key_format.params.hash = hash_type key_format.params.tag_size = tag_size key_format.key_size = key_size key_template = tink_pb2.KeyTemplate() key_template.value = key_format.SerializeToString() key_template.type_url = 'type.googleapis.com/google.crypto.tink.HmacKey' key_template.output_prefix_type = tink_pb2.TINK return key_template
def create_ecdsa_key_template( hash_type: common_pb2.HashType, curve: common_pb2.EllipticCurveType, encoding: ecdsa_pb2.EcdsaSignatureEncoding) -> tink_pb2.KeyTemplate: """Creates a KeyTemplate containing an EcdsaKeyFormat.""" params = ecdsa_pb2.EcdsaParams(hash_type=hash_type, curve=curve, encoding=encoding) key_format = ecdsa_pb2.EcdsaKeyFormat(params=params) key_template = tink_pb2.KeyTemplate(value=key_format.SerializeToString(), type_url=_ECDSA_KEY_TYPE_URL, output_prefix_type=tink_pb2.TINK) return key_template
def new_ecdsa_key_template(hash_type, curve_type, encoding, public=True): params = ecdsa_pb2.EcdsaParams(hash_type=hash_type, curve=curve_type, encoding=encoding) key_format = ecdsa_pb2.EcdsaKeyFormat(params=params) key_template = tink_pb2.KeyTemplate() if public: append = 'EcdsaPublicKey' else: append = 'EcdsaPrivateKey' key_template.type_url = 'type.googleapis.com/google.crypto.tink.' + append key_template.value = key_format.SerializeToString() return key_template
def create_rsa_ssa_pkcs1_key_template( hash_type: common_pb2.HashType, modulus_size: int, public_exponent: int) -> tink_pb2.KeyTemplate: """Creates a KeyTemplate containing an RsaSsaPkcs1KeyFormat.""" params = rsa_ssa_pkcs1_pb2.RsaSsaPkcs1Params(hash_type=hash_type) key_format = rsa_ssa_pkcs1_pb2.RsaSsaPkcs1KeyFormat( params=params, modulus_size_in_bits=modulus_size, public_exponent=_num_to_bytes(public_exponent)) key_template = tink_pb2.KeyTemplate(value=key_format.SerializeToString(), type_url=_RSA_PKCS1_KEY_TYPE_URL, output_prefix_type=tink_pb2.TINK) return key_template
def create_aes_ctr_hmac_aead_key_template( aes_key_size: int, iv_size: int, hmac_key_size: int, tag_size: int, hash_type: common_pb2.HashType) -> tink_pb2.KeyTemplate: """Creates an AES CTR HMAC AEAD KeyTemplate, and fills in its values.""" key_format = aes_ctr_hmac_aead_pb2.AesCtrHmacAeadKeyFormat() key_format.aes_ctr_key_format.params.iv_size = iv_size key_format.aes_ctr_key_format.key_size = aes_key_size key_format.hmac_key_format.params.hash = hash_type key_format.hmac_key_format.params.tag_size = tag_size key_format.hmac_key_format.key_size = hmac_key_size key_template = tink_pb2.KeyTemplate() key_template.value = key_format.SerializeToString() key_template.type_url = _AES_CTR_HMAC_AEAD_KEY_TYPE_URL key_template.output_prefix_type = tink_pb2.TINK return key_template
def create_aes_gcm_hkdf_streaming_key_template( aes_key_size: int, hash_type: common_pb2.HashType, derived_key_size: int, ciphertext_segment_size: int) -> tink_pb2.KeyTemplate: """Creates an AES GCM HKDF Streaming KeyTemplate, and fills in its values.""" key_format = aes_gcm_hkdf_streaming_pb2.AesGcmHkdfStreamingKeyFormat() key_format.key_size = aes_key_size key_format.params.hkdf_hash_type = hash_type key_format.params.derived_key_size = derived_key_size key_format.params.ciphertext_segment_size = ciphertext_segment_size key_template = tink_pb2.KeyTemplate() key_template.value = key_format.SerializeToString() key_template.type_url = _AES_GCM_HKDF_STREAMING_KEY_TYPE_URL key_template.output_prefix_type = tink_pb2.RAW return key_template
def create_rsa_ssa_pss_key_template( sig_hash: common_pb2.HashType, mgf1_hash: common_pb2.HashType, salt_length: int, modulus_size: int, public_exponent: int) -> tink_pb2.KeyTemplate: """Creates a KeyTemplate containing an RsaSsaPssKeyFormat.""" params = rsa_ssa_pss_pb2.RsaSsaPssParams(sig_hash=sig_hash, mgf1_hash=mgf1_hash, salt_length=salt_length) key_format = rsa_ssa_pss_pb2.RsaSsaPssKeyFormat( params=params, modulus_size_in_bits=modulus_size, public_exponent=_num_to_bytes(public_exponent)) key_template = tink_pb2.KeyTemplate(value=key_format.SerializeToString(), type_url=_RSA_PSS_KEY_TYPE_URL, output_prefix_type=tink_pb2.TINK) return key_template
def create_ecies_aead_hkdf_key_template( curve_type: common_pb2.EllipticCurveType, ec_point_format: common_pb2.EcPointFormat, hash_type: common_pb2.HashType, dem_key_template: tink_pb2.KeyTemplate) -> tink_pb2.KeyTemplate: """Creates a HMAC KeyTemplate, and fills in its values.""" key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat() key_format.params.kem_params.curve_type = curve_type key_format.params.kem_params.hkdf_hash_type = hash_type key_format.params.dem_params.aead_dem.CopyFrom(dem_key_template) key_format.params.ec_point_format = ec_point_format key_template = tink_pb2.KeyTemplate() key_template.type_url = ( 'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey') key_template.value = key_format.SerializeToString() key_template.output_prefix_type = tink_pb2.TINK return key_template
def create_aes_ctr_hmac_streaming_key_template( aes_key_size: int, hkdf_hash_type: common_pb2.HashType, derived_key_size: int, mac_hash_type: common_pb2.HashType, tag_size: int, ciphertext_segment_size: int) -> tink_pb2.KeyTemplate: """Creates an AES CTR HMAC Streaming KeyTemplate, and fills in its values.""" key_format = aes_ctr_hmac_streaming_pb2.AesCtrHmacStreamingKeyFormat() key_format.key_size = aes_key_size key_format.params.ciphertext_segment_size = ciphertext_segment_size key_format.params.derived_key_size = derived_key_size key_format.params.hkdf_hash_type = hkdf_hash_type key_format.params.hmac_params.hash = mac_hash_type key_format.params.hmac_params.tag_size = tag_size key_template = tink_pb2.KeyTemplate() key_template.value = key_format.SerializeToString() key_template.type_url = _AES_CTR_HMAC_STREAMING_KEY_TYPE_URL key_template.output_prefix_type = tink_pb2.RAW return key_template
def test_new_key_data_success(self): self.reg.register_key_manager(DummyKeyManager('dummy_type_url')) key_template = tink_pb2.KeyTemplate(type_url='dummy_type_url') key_data = self.reg.new_key_data(key_template) self.assertEqual(key_data.type_url, 'dummy_type_url')
key_format.aes_ctr_key_format.key_size = aes_key_size key_format.hmac_key_format.params.hash = hash_type key_format.hmac_key_format.params.tag_size = tag_size key_format.hmac_key_format.key_size = hmac_key_size key_template = tink_pb2.KeyTemplate() key_template.value = key_format.SerializeToString() key_template.type_url = _AES_CTR_HMAC_AEAD_KEY_TYPE_URL key_template.output_prefix_type = tink_pb2.TINK return key_template AES128_EAX = create_aes_eax_key_template(key_size=16, iv_size=16) AES256_EAX = create_aes_eax_key_template(key_size=32, iv_size=16) AES128_GCM = create_aes_gcm_key_template(key_size=16) AES256_GCM = create_aes_gcm_key_template(key_size=32) AES128_CTR_HMAC_SHA256 = create_aes_ctr_hmac_aead_key_template( aes_key_size=16, iv_size=16, hmac_key_size=32, tag_size=16, hash_type=common_pb2.SHA256) AES256_CTR_HMAC_SHA256 = create_aes_ctr_hmac_aead_key_template( aes_key_size=32, iv_size=16, hmac_key_size=32, tag_size=32, hash_type=common_pb2.SHA256) XCHACHA20_POLY1305 = tink_pb2.KeyTemplate( type_url=_XCHACHA20_POLY1305_KEY_TYPE_URL, output_prefix_type=tink_pb2.TINK)
ECDSA_P256 = create_ecdsa_key_template(common_pb2.SHA256, common_pb2.NIST_P256, ecdsa_pb2.DER) ECDSA_P384 = create_ecdsa_key_template(common_pb2.SHA512, common_pb2.NIST_P384, ecdsa_pb2.DER) ECDSA_P521 = create_ecdsa_key_template(common_pb2.SHA512, common_pb2.NIST_P521, ecdsa_pb2.DER) ECDSA_P256_IEEE_P1363 = create_ecdsa_key_template(common_pb2.SHA256, common_pb2.NIST_P256, ecdsa_pb2.IEEE_P1363) ECDSA_P384_IEEE_P1363 = create_ecdsa_key_template(common_pb2.SHA512, common_pb2.NIST_P384, ecdsa_pb2.IEEE_P1363) ECDSA_P521_IEEE_P1363 = create_ecdsa_key_template(common_pb2.SHA512, common_pb2.NIST_P521, ecdsa_pb2.IEEE_P1363) ED25519 = tink_pb2.KeyTemplate(type_url=_ED25519_KEY_TYPE_URL, output_prefix_type=tink_pb2.TINK) RSA_SSA_PKCS1_3072_SHA256_F4 = create_rsa_ssa_pkcs1_key_template( common_pb2.SHA256, 3072, _RSA_F4) RSA_SSA_PKCS1_4096_SHA512_F4 = create_rsa_ssa_pkcs1_key_template( common_pb2.SHA512, 4096, _RSA_F4) RSA_SSA_PSS_3072_SHA256_SHA256_32_F4 = create_rsa_ssa_pss_key_template( common_pb2.SHA256, common_pb2.SHA256, 32, 3072, _RSA_F4) RSA_SSA_PSS_4096_SHA512_SHA512_64_F4 = create_rsa_ssa_pss_key_template( common_pb2.SHA512, common_pb2.SHA512, 64, 4096, _RSA_F4)