def test_hybrid_wrappers_are_correctly_registered(self):
dec1, dec1_key = _new_primitive_and_key(
hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM,
hybrid.HybridDecrypt, tink_pb2.RAW)
enc1, enc1_key = _public_primitive_and_key(dec1_key,
hybrid.HybridEncrypt,
tink_pb2.RAW)
dec2, dec2_key = _new_primitive_and_key(
hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM,
hybrid.HybridDecrypt, tink_pb2.RAW)
enc2, enc2_key = _public_primitive_and_key(dec2_key,
hybrid.HybridEncrypt,
tink_pb2.RAW)
dec_pset = core.PrimitiveSet(hybrid.HybridDecrypt)
dec_pset.add_primitive(dec1, dec1_key)
dec_pset.set_primary(dec_pset.add_primitive(dec2, dec2_key))
wrapped_dec = core.Registry.wrap(dec_pset, hybrid.HybridDecrypt)
enc_pset = core.PrimitiveSet(hybrid.HybridEncrypt)
enc_pset.add_primitive(enc1, enc1_key)
enc_pset.set_primary(enc_pset.add_primitive(enc2, enc2_key))
wrapped_enc = core.Registry.wrap(enc_pset, hybrid.HybridEncrypt)
self.assertEqual(
wrapped_dec.decrypt(enc1.encrypt(b'plaintext1', b'ad1'), b'ad1'),
b'plaintext1')
self.assertEqual(
wrapped_dec.decrypt(wrapped_enc.encrypt(b'plaintext2', b'ad2'),
b'ad2'), b'plaintext2')
def test_signature_wrapper_is_correctly_registered(self):
sig1, key1 = _new_primitive_and_key(
signature.signature_key_templates.ECDSA_P256,
signature.PublicKeySign, tink_pb2.TINK)
sig2, key2 = _new_primitive_and_key(
signature.signature_key_templates.ECDSA_P256,
signature.PublicKeySign, tink_pb2.TINK)
ver1, pubkey1 = _public_primitive_and_key(key1,
signature.PublicKeyVerify,
tink_pb2.TINK)
ver2, pubkey2 = _public_primitive_and_key(key2,
signature.PublicKeyVerify,
tink_pb2.TINK)
pset = core.PrimitiveSet(signature.PublicKeySign)
pset.add_primitive(sig1, key1)
pset.set_primary(pset.add_primitive(sig2, key2))
wrapped_sig = core.Registry.wrap(pset, signature.PublicKeySign)
pset_verify = core.new_primitive_set(signature.PublicKeyVerify)
pset_verify.add_primitive(ver1, pubkey1)
pset_verify.set_primary(pset_verify.add_primitive(ver2, pubkey2))
wrapped_ver = core.Registry.wrap(pset_verify,
signature.PublicKeyVerify)
sig = wrapped_sig.sign(b'data')
wrapped_ver.verify(sig, b'data')
def primitive(self, primitive_class: Type[P]) -> P:
"""Returns a wrapped primitive from this KeysetHandle.
Uses the KeyManager and the PrimitiveWrapper objects in the global
registry.Registry
to create the primitive. This function is the most common way of creating a
primitive.
Args:
primitive_class: The class of the primitive.
Returns:
The primitive.
Raises:
tink.TinkError if creation of the primitive fails, for example if
primitive_class cannot be used with this KeysetHandle.
"""
_validate_keyset(self._keyset)
input_primitive_class = core.Registry.input_primitive_class(
primitive_class)
pset = core.PrimitiveSet(input_primitive_class)
for key in self._keyset.key:
if key.status == tink_pb2.ENABLED:
primitive = core.Registry.primitive(key.key_data,
input_primitive_class)
entry = pset.add_primitive(primitive, key)
if key.key_id == self._keyset.primary_key_id:
pset.set_primary(entry)
return core.Registry.wrap(pset, primitive_class)
def test_aead_wrapper_is_correctly_registered(self):
aead1, key1 = _new_primitive_and_key(
aead.aead_key_templates.AES128_EAX, aead.Aead, tink_pb2.RAW)
aead2, key2 = _new_primitive_and_key(
aead.aead_key_templates.AES256_GCM, aead.Aead, tink_pb2.TINK)
pset = core.PrimitiveSet(aead.Aead)
pset.add_primitive(aead1, key1)
pset.set_primary(pset.add_primitive(aead2, key2))
wrapped_aead = core.Registry.wrap(pset, aead.Aead)
self.assertEqual(
wrapped_aead.decrypt(aead1.encrypt(b'plaintext1', b'ad1'), b'ad1'),
b'plaintext1')
self.assertEqual(
wrapped_aead.decrypt(wrapped_aead.encrypt(b'plaintext2', b'ad2'),
b'ad2'), b'plaintext2')
def test_mac_wrapper_is_correctly_registered(self):
mac1, key1 = _new_primitive_and_key(
mac.mac_key_templates.HMAC_SHA256_128BITTAG, mac.Mac, tink_pb2.RAW)
mac2, key2 = _new_primitive_and_key(
mac.mac_key_templates.HMAC_SHA256_256BITTAG, mac.Mac,
tink_pb2.TINK)
pset = core.PrimitiveSet(mac.Mac)
pset.add_primitive(mac1, key1)
pset.set_primary(pset.add_primitive(mac2, key2))
wrapped_mac = core.Registry.wrap(pset, mac.Mac)
self.assertIsNone(
wrapped_mac.verify_mac(mac1.compute_mac(b'data1'), b'data1'))
self.assertIsNone(
wrapped_mac.verify_mac(wrapped_mac.compute_mac(b'data2'),
b'data2'))
def test_deterministic_aead_wrapper_is_correctly_registered(self):
daead1, key1 = _new_primitive_and_key(
daead.deterministic_aead_key_templates.AES256_SIV,
daead.DeterministicAead, tink_pb2.RAW)
daead2, key2 = _new_primitive_and_key(
daead.deterministic_aead_key_templates.AES256_SIV,
daead.DeterministicAead, tink_pb2.TINK)
pset = core.PrimitiveSet(daead.DeterministicAead)
pset.add_primitive(daead1, key1)
pset.set_primary(pset.add_primitive(daead2, key2))
wrapped_daead = core.Registry.wrap(pset, daead.DeterministicAead)
self.assertEqual(
wrapped_daead.decrypt_deterministically(
daead1.encrypt_deterministically(b'plaintext1', b'ad1'),
b'ad1'), b'plaintext1')
self.assertEqual(
wrapped_daead.decrypt_deterministically(
wrapped_daead.encrypt_deterministically(b'plaintext2', b'ad2'),
b'ad2'), b'plaintext2')