def _test_case(key_size=16, key_version=0):
key = aes_gcm_pb2.AesGcmKey()
key.version = key_version
key.key_value = _gen_key_value(key_size)
keyset = _gen_keyset(
'type.googleapis.com/google.crypto.tink.AesGcmKey',
key.SerializeToString(), tink_pb2.KeyData.SYMMETRIC)
return ('AesGcmKey(%d,%d)' % (key_size, key_version), keyset)
def test_new_key_data_aes_gcm(self):
key_template = aead.aead_key_templates.create_aes_gcm_key_template(
key_size=16)
key_manager = core.Registry.key_manager(key_template.type_url)
key_data = key_manager.new_key_data(key_template)
self.assertEqual(key_data.type_url, key_template.type_url)
self.assertEqual(key_data.key_material_type, tink_pb2.KeyData.SYMMETRIC)
key = aes_gcm_pb2.AesGcmKey()
key.ParseFromString(key_data.value)
self.assertEqual(key.version, 0)
self.assertLen(key.key_value, 16)
def test_new_key_data(self):
# AES EAX
key_template = self.new_aes_eax_key_template(12, 16)
key_data = self.key_manager_eax.new_key_data(key_template)
self.assertEqual(key_data.type_url, self.key_manager_eax.key_type())
self.assertEqual(key_data.key_material_type, tink_pb2.KeyData.SYMMETRIC)
key = aes_eax_pb2.AesEaxKey()
key.ParseFromString(key_data.value)
self.assertEqual(key.version, 0)
self.assertEqual(key.params.iv_size, 12)
self.assertLen(key.key_value, 16)
# AES GCM
key_template = self.new_aes_gcm_key_template(16)
key_data = self.key_manager_gcm.new_key_data(key_template)
self.assertEqual(key_data.type_url, self.key_manager_gcm.key_type())
self.assertEqual(key_data.key_material_type, tink_pb2.KeyData.SYMMETRIC)
key = aes_gcm_pb2.AesGcmKey()
key.ParseFromString(key_data.value)
self.assertEqual(key.version, 0)
self.assertLen(key.key_value, 16)
def test_dek_extraction(self):
key_template = aead.aead_key_templates.AES256_GCM
keyset_handle = tink.new_keyset_handle(key_template)
remote_aead = keyset_handle.primitive(aead.Aead)
env_aead = kms_envelope_aead.KmsEnvelopeAead(key_template, remote_aead)
plaintext = b'helloworld'
ciphertext = bytearray(env_aead.encrypt(plaintext, b'some ad'))
# Decrypt DEK
dek_len = struct.unpack('>I',
ciphertext[0:kms_envelope_aead.DEK_LEN_BYTES])[0]
encrypted_dek_bytes = bytes(ciphertext[
kms_envelope_aead.DEK_LEN_BYTES:kms_envelope_aead.DEK_LEN_BYTES +
dek_len])
dek_bytes = remote_aead.decrypt(encrypted_dek_bytes, b'')
# Try to deserialize key
key = aes_gcm_pb2.AesGcmKey()
key.ParseFromString(dek_bytes)
self.assertLen(key.key_value, 32)
