def test_generate_keyset_write_read_encrypted(self): keyset_servicer = services.KeysetServicer() template = aead.aead_key_templates.AES128_GCM.SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) master_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(master_response.WhichOneof('result'), 'keyset') master_keyset = master_response.keyset keyset_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(keyset_response.WhichOneof('result'), 'keyset') keyset = keyset_response.keyset write_encrypted_request = testing_api_pb2.KeysetWriteEncryptedRequest( keyset=keyset, master_keyset=master_keyset) write_encrypted_response = keyset_servicer.WriteEncrypted( write_encrypted_request, self._ctx) self.assertEqual(write_encrypted_response.WhichOneof('result'), 'encrypted_keyset') encrypted_keyset = write_encrypted_response.encrypted_keyset read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest( encrypted_keyset=encrypted_keyset, master_keyset=master_keyset) read_encrypted_response = keyset_servicer.ReadEncrypted( read_encrypted_request, self._ctx) self.assertEqual(read_encrypted_response.WhichOneof('result'), 'keyset') self.assertEqual(read_encrypted_response.keyset, keyset)
def keyset_write_encrypted(stub: testing_api_pb2_grpc.KeysetStub, keyset: bytes, master_keyset: bytes, associated_data: Optional[bytes]) -> bytes: """Writes an encrypted keyset.""" request = testing_api_pb2.KeysetWriteEncryptedRequest( keyset=keyset, master_keyset=master_keyset) if associated_data is not None: request.associated_data.value = associated_data response = stub.WriteEncrypted(request) if response.err: raise tink.TinkError(response.err) return response.encrypted_keyset
def test_keyset_write_encrypted_fails_when_keyset_is_invalid(self): keyset_servicer = services.KeysetServicer() template = aead.aead_key_templates.AES128_GCM.SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) master_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(master_response.WhichOneof('result'), 'keyset') master_keyset = master_response.keyset write_encrypted_request = testing_api_pb2.KeysetWriteEncryptedRequest( keyset=b'invalid', master_keyset=master_keyset) write_encrypted_response = keyset_servicer.WriteEncrypted( write_encrypted_request, self._ctx) self.assertEqual(write_encrypted_response.WhichOneof('result'), 'err')
def test_generate_keyset_write_read_encrypted_with_associated_data(self): keyset_servicer = services.KeysetServicer() template = aead.aead_key_templates.AES128_GCM.SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) master_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(master_response.WhichOneof('result'), 'keyset') master_keyset = master_response.keyset keyset_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(keyset_response.WhichOneof('result'), 'keyset') keyset = keyset_response.keyset associated_data = b'associated_data' write_encrypted_request = testing_api_pb2.KeysetWriteEncryptedRequest( keyset=keyset, master_keyset=master_keyset, associated_data=testing_api_pb2.BytesValue(value=associated_data), keyset_writer_type=testing_api_pb2.KEYSET_WRITER_BINARY) write_encrypted_response = keyset_servicer.WriteEncrypted( write_encrypted_request, self._ctx) self.assertEqual(write_encrypted_response.WhichOneof('result'), 'encrypted_keyset') encrypted_keyset = write_encrypted_response.encrypted_keyset read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest( encrypted_keyset=encrypted_keyset, master_keyset=master_keyset, associated_data=testing_api_pb2.BytesValue(value=associated_data), keyset_reader_type=testing_api_pb2.KEYSET_READER_BINARY) read_encrypted_response = keyset_servicer.ReadEncrypted( read_encrypted_request, self._ctx) self.assertEqual(read_encrypted_response.WhichOneof('result'), 'keyset') self.assertEqual(read_encrypted_response.keyset, keyset) # Using the wrong associated_data fails read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest( encrypted_keyset=encrypted_keyset, master_keyset=master_keyset, associated_data=testing_api_pb2.BytesValue(value=b'wrong ad'), keyset_reader_type=testing_api_pb2.KEYSET_READER_BINARY) read_encrypted_response = keyset_servicer.ReadEncrypted( read_encrypted_request, self._ctx) self.assertEqual(read_encrypted_response.WhichOneof('result'), 'err')