def register():
aead.register()
daead.register()
hybrid.register()
cc_tink_config.register()
_register_key_managers()
_register_primitive_wrappers()
def setUpClass(cls):
super().setUpClass()
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
def setUpModule():
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
testing_servers.start()
def main(unused_argv):
aead.register()
daead.register()
hybrid.register()
mac.register()
prf.register()
signature.register()
streaming_aead.register()
jwt.register_jwt_mac()
fake_kms.register_client()
server = grpc.server(futures.ThreadPoolExecutor(max_workers=2))
testing_api_pb2_grpc.add_MetadataServicer_to_server(
services.MetadataServicer(), server)
testing_api_pb2_grpc.add_KeysetServicer_to_server(
services.KeysetServicer(), server)
testing_api_pb2_grpc.add_AeadServicer_to_server(services.AeadServicer(),
server)
testing_api_pb2_grpc.add_DeterministicAeadServicer_to_server(
services.DeterministicAeadServicer(), server)
testing_api_pb2_grpc.add_MacServicer_to_server(services.MacServicer(),
server)
testing_api_pb2_grpc.add_PrfSetServicer_to_server(
services.PrfSetServicer(), server)
testing_api_pb2_grpc.add_HybridServicer_to_server(
services.HybridServicer(), server)
testing_api_pb2_grpc.add_SignatureServicer_to_server(
services.SignatureServicer(), server)
testing_api_pb2_grpc.add_StreamingAeadServicer_to_server(
services.StreamingAeadServicer(), server)
testing_api_pb2_grpc.add_JwtServicer_to_server(jwt_service.JwtServicer(),
server)
server.add_secure_port('[::]:%d' % FLAGS.port,
grpc.local_server_credentials())
server.start()
server.wait_for_termination()
def setUpModule():
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
testing_servers.start('key_generation_consistency')
def register():
aead.register()
daead.register()
hybrid.register()
mac.register()
prf.register()
signature.register()
streaming_aead.register()
def main(argv):
if len(argv) != 5 and len(argv) != 6:
raise app.UsageError(
'Expected 4 or 5 arguments, got %d.\n'
'Usage: %s encrypt/decrypt key-file input-file output-file '
'[associated-data]' % (len(argv) - 1, argv[0]))
mode = argv[1]
key_file_path = argv[2]
input_file_path = argv[3]
output_file_path = argv[4]
associated_data = b'' if len(argv) == 5 else bytes(argv[5], 'utf-8')
# Initialise Tink
try:
daead.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset into a keyset_handle
with open(key_file_path, 'rt') as keyset_file:
try:
text = keyset_file.read()
keyset_handle = cleartext_keyset_handle.read(
tink.JsonKeysetReader(text))
except tink.TinkError as e:
logging.exception('Error reading key: %s', e)
return 1
# Get the primitive
try:
cipher = keyset_handle.primitive(daead.DeterministicAead)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
with open(input_file_path, 'rb') as input_file:
input_data = input_file.read()
if mode == 'decrypt':
output_data = cipher.decrypt_deterministically(
input_data, associated_data)
elif mode == 'encrypt':
output_data = cipher.encrypt_deterministically(
input_data, associated_data)
else:
logging.error(
'Error mode not supported. Please choose "encrypt" or "decrypt".'
)
return 1
with open(output_file_path, 'wb') as output_file:
output_file.write(output_data)
def encryption_machine(msg):
# Register all deterministic AEAD primitives
daead.register()
# Get the secret key from the file
keyset = open('keys.txt', 'rb').read()
reader = tink.BinaryKeysetReader(keyset)
secret_key = tink.cleartext_keyset_handle.read(reader)
associated_data = b'context'
# Get the primitive
daead_primitive = secret_key.primitive(daead.DeterministicAead)
secret_key = daead_primitive
# Use the primitive.
cipherText = secret_key.encrypt_deterministically(msg.encode("utf-8"), associated_data)
return cipherText
def getKey():
#if the json does not exists yet i.e no private key has been created
if not os.path.exists("./" + secret_key):
#daead is used to encrypt using AES SIV
daead.register()
keyset_handle = tink.new_keyset_handle(
daead.deterministic_aead_key_templates.AES256_SIV)
addKey(keyset_handle)
#else i.e if a private key already exists in a json file
else:
keyset_handle = readKey()
return keyset_handle
def example():
"""Encrypt and decrypt using deterministic AEAD."""
# Register the deterministic AEAD key manager. This is needed to create a
# DeterministicAead primitive later.
daead.register()
# A keyset created with "tinkey create-keyset --key-template=AES256_SIV". Note
# that this keyset has the secret key information in cleartext.
keyset = r"""{
"key": [{
"keyData": {
"keyMaterialType":
"SYMMETRIC",
"typeUrl":
"type.googleapis.com/google.crypto.tink.AesSivKey",
"value":
"EkAl9HCMmKTN1p3V186uhZpJQ+tivyc4IKyE+opg6SsEbWQ/WesWHzwCRrlgRuxdaggvgMzwWhjPnkk9gptBnGLK"
},
"keyId": 1919301694,
"outputPrefixType": "TINK",
"status": "ENABLED"
}],
"primaryKeyId": 1919301694
}"""
# Create a keyset handle from the cleartext keyset in the previous
# step. The keyset handle provides abstract access to the underlying keyset to
# limit the exposure of accessing the raw key material. WARNING: In practice
# it is unlikely you will want to use a cleartext_keyset_handle, as it implies
# that your key material is passed in cleartext which is a security risk.
keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(keyset))
# Retrieve the DeterministicAead primitive we want to use from the keyset
# handle.
primitive = keyset_handle.primitive(daead.DeterministicAead)
# Use the primitive to encrypt a message. In this case the primary key of the
# keyset will be used (which is also the only key in this example).
ciphertext = primitive.encrypt_deterministically(b'msg',
b'associated_data')
# Use the primitive to decrypt the message. Decrypt finds the correct key in
# the keyset and decrypts the ciphertext. If no key is found or decryption
# fails, it raises an error.
output = primitive.decrypt_deterministically(ciphertext,
b'associated_data')
# [END deterministic-aead-basic-example]
assert output == b'msg'
def main(argv):
del argv # Unused.
associated_data = b'' if not FLAGS.associated_data else bytes(
FLAGS.associated_data, 'utf-8')
# Initialise Tink
try:
daead.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset into a keyset_handle
with open(FLAGS.keyset_path, 'rt') as keyset_file:
try:
text = keyset_file.read()
keyset_handle = cleartext_keyset_handle.read(
tink.JsonKeysetReader(text))
except tink.TinkError as e:
logging.exception('Error reading key: %s', e)
return 1
# Get the primitive
try:
cipher = keyset_handle.primitive(daead.DeterministicAead)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
with open(FLAGS.input_path, 'rb') as input_file:
input_data = input_file.read()
if FLAGS.mode == 'decrypt':
output_data = cipher.decrypt_deterministically(
input_data, associated_data)
elif FLAGS.mode == 'encrypt':
output_data = cipher.encrypt_deterministically(
input_data, associated_data)
else:
logging.error(
'Error mode not supported. Please choose "encrypt" or "decrypt".'
)
return 1
with open(FLAGS.output_path, 'wb') as output_file:
output_file.write(output_data)
def encryption_machine(keyset_handle, plaintext='', salt='', data=''):
daead.register() #register the aead deterministic primitives
daead_primitive = keyset_handle.primitive(
daead.DeterministicAead) #get the primitive
#if register : create a salt for the user, if login : use the salt in parameters
if salt == '':
salt = get_random_bytes(32)
#hash the password using pyscript
passwd = plaintext.encode('utf-8')
#hashed_password = pyscrypt.hash(passwd, salt, 2048, 8, 1, 32)
hashed_password = scrypt(passwd, salt, 16, N=2**14, r=8, p=1)
#encrypt our data
ciphertext = daead_primitive.encrypt_deterministically(
hashed_password, data.encode())
#get the ciphertext and the salt in hexa format to store them easily after
ciphertext = ciphertext.hex()
salt = salt.hex()
return (str(ciphertext), str(salt))
def main(argv):
if len(argv) != 6:
raise app.UsageError(
'Expected 5 arguments, got %d.\n'
'Usage: %s keyset-file operation input-file associated-data-file'
'output-file' % (len(argv) - 1, argv[0]))
keyset_filename = argv[1]
operation = argv[2]
input_filename = argv[3]
associated_data_filename = argv[4]
output_filename = argv[5]
logging.info(
'Using keyset from file %s to DAEAD-%s file %s with associated data '
'from file %s.\nThe resulting output will be written to file %s',
keyset_filename, operation, input_filename, associated_data_filename,
output_filename)
# Initialise Tink
try:
daead.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset into keyset_handle
try:
keyset_handle = read_keyset(keyset_filename)
except tink.TinkError as e:
logging.error('Error reading key: %s', e)
return 1
# Get the primitive
try:
cipher = keyset_handle.primitive(daead.DeterministicAead)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
# Read the input files
with open(input_filename, 'rb') as input_file:
input_data = input_file.read()
with open(associated_data_filename, 'rb') as associated_data_file:
aad = associated_data_file.read()
# Compute the output
if operation.lower() == 'encryptdeterministically':
try:
output_data = cipher.encrypt_deterministically(input_data, aad)
except tink.TinkError as e:
logging.error('Error encrypting the input: %s', e)
return 1
elif operation.lower() == 'decryptdeterministically':
try:
output_data = cipher.decrypt_deterministically(input_data, aad)
except tink.TinkError as e:
logging.error('Error decrypting the input: %s', e)
return 1
else:
logging.error(
'Did not recognise operation %s.\n'
'Expected either "encrypt" or "decrypt"', operation)
return 1
with open(output_filename, 'wb') as output_file:
output_file.write(output_data)
logging.info('All done.')
def register():
aead.register()
daead.register()
hybrid.register()
mac.register()
signature.register()
def setUpModule():
aead.register()
mac.register()
daead.register()
prf.register()
testing_servers.start('key_version')
def setUpModule():
daead.register()
testing_servers.start('deterministic_aead')
def setUpModule():
daead.register()
testing_servers.start()
def setUpModule():
daead.register()
!pip3 install tink
import hashlib
import os
import bcrypt
from tink import daead
from tink import cleartext_keyset_handle
from tink import _keyset_writer
import tink
import scrypt
# This part need to be run only once -------------------------------------------------
# generate secret key
daead.register()
keytemplate = daead.deterministic_aead_key_templates.AES256_SIV
secret_key = tink.new_keyset_handle(keytemplate)
# write the key in a file
keyset = open('keys.txt', 'wb')
cleartext_keyset_handle.write(_keyset_writer.BinaryKeysetWriter(keyset), secret_key)
keyset.close()
# add values to the database
user = "******"
pwd = "goodpassword"
save_to_database(user, pwd)
#--------------------------------------------------------------------------------------