def setUpModule():
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
testing_servers.start('key_generation_consistency')
def setUpModule():
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
testing_servers.start()
def main(unused_argv):
aead.register()
daead.register()
hybrid.register()
mac.register()
prf.register()
signature.register()
streaming_aead.register()
jwt.register_jwt_mac()
fake_kms.register_client()
server = grpc.server(futures.ThreadPoolExecutor(max_workers=2))
testing_api_pb2_grpc.add_MetadataServicer_to_server(
services.MetadataServicer(), server)
testing_api_pb2_grpc.add_KeysetServicer_to_server(
services.KeysetServicer(), server)
testing_api_pb2_grpc.add_AeadServicer_to_server(services.AeadServicer(),
server)
testing_api_pb2_grpc.add_DeterministicAeadServicer_to_server(
services.DeterministicAeadServicer(), server)
testing_api_pb2_grpc.add_MacServicer_to_server(services.MacServicer(),
server)
testing_api_pb2_grpc.add_PrfSetServicer_to_server(
services.PrfSetServicer(), server)
testing_api_pb2_grpc.add_HybridServicer_to_server(
services.HybridServicer(), server)
testing_api_pb2_grpc.add_SignatureServicer_to_server(
services.SignatureServicer(), server)
testing_api_pb2_grpc.add_StreamingAeadServicer_to_server(
services.StreamingAeadServicer(), server)
testing_api_pb2_grpc.add_JwtServicer_to_server(jwt_service.JwtServicer(),
server)
server.add_secure_port('[::]:%d' % FLAGS.port,
grpc.local_server_credentials())
server.start()
server.wait_for_termination()
def setUpModule():
global KEYSET, MAC
jwt.register_jwt_mac()
mac.register()
testing_servers.start('jwt')
KEYSET = _keyset()
MAC = _mac()
def setUpClass(cls):
super().setUpClass()
aead.register()
daead.register()
mac.register()
hybrid.register()
signature.register()
def register():
aead.register()
daead.register()
hybrid.register()
mac.register()
prf.register()
signature.register()
streaming_aead.register()
def main(argv):
del argv # Unused.
# Initialise Tink.
try:
mac.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset into a keyset_handle.
with open(FLAGS.keyset_path, 'rt') as keyset_file:
try:
text = keyset_file.read()
keyset_handle = cleartext_keyset_handle.read(
tink.JsonKeysetReader(text))
except tink.TinkError as e:
logging.error('Error reading key: %s', e)
return 1
# Get the primitive.
try:
cipher = keyset_handle.primitive(mac.Mac)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
with open(FLAGS.data_path, 'rb') as data_file:
data = data_file.read()
if FLAGS.mode == 'compute':
# Compute the MAC.
code = cipher.compute_mac(data)
with open(FLAGS.mac_path, 'wb') as mac_file:
mac_file.write(binascii.hexlify(code))
return 0
with open(FLAGS.mac_path, 'rb') as mac_file:
try:
expected_mac = binascii.unhexlify(mac_file.read().strip())
except binascii.Error as e:
logging.exception('Error reading expected code: %s', e)
return 1
try:
cipher.verify_mac(expected_mac, data)
logging.info('MAC verification succeeded.')
return 0
except tink.TinkError as e:
logging.info('MAC verification failed.')
return 1
def setUpModule():
mac.register()
raw,
OAEP(mgf=MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None)))
def decrypt(self, raw):
return self.private_key.decrypt(
base64.b64decode(raw),
OAEP(mgf=MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None)).decode('utf-8').strip()
tink_config.register()
aead.register()
mac.register()
class AESCipher(object):
def __init__(self, encoded_key):
if (encoded_key == None):
self.keyset_handle = tink.new_keyset_handle(
aead.aead_key_templates.AES256_GCM)
else:
reader = tink.BinaryKeysetReader(base64.b64decode(encoded_key))
self.keyset_handle = cleartext_keyset_handle.read(reader)
self.key = self.keyset_handle.keyset_info()
self.aead_primitive = self.keyset_handle.primitive(aead.Aead)
def printKeyInfo(self):
stream = io.StringIO()
def setUpModule():
mac.register()
testing_servers.start('mac')
def main(argv):
if len(argv) != 5:
raise app.UsageError(
'Expected 4 arguments, got %d.\n'
'Usage: %s compute/verify keyset-file data-file mac-file' %
(len(argv) - 1, argv[0]))
mode = argv[1]
if mode not in ('compute', 'verify'):
raise app.UsageError(
'Incorrect mode. Please select compute or verify.')
keyset_filename = argv[2]
data_filename = argv[3]
mac_filename = argv[4]
# Initialise Tink.
try:
mac.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset into a keyset_handle.
with open(keyset_filename, 'rt') as keyset_file:
try:
text = keyset_file.read()
keyset_handle = cleartext_keyset_handle.read(
tink.JsonKeysetReader(text))
except tink.TinkError as e:
logging.error('Error reading key: %s', e)
return 1
# Get the primitive.
try:
cipher = keyset_handle.primitive(mac.Mac)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
with open(data_filename, 'rb') as data_file:
data = data_file.read()
if mode == 'compute':
# Compute the MAC.
code = cipher.compute_mac(data)
with open(mac_filename, 'wb') as mac_file:
mac_file.write(binascii.hexlify(code))
return 0
with open(mac_filename, 'rb') as mac_file:
try:
expected_mac = binascii.unhexlify(mac_file.read().strip())
except binascii.Error as e:
logging.exception('Error reading expected code: %s', e)
return 1
try:
cipher.verify_mac(expected_mac, data)
logging.info('MAC verification succeeded.')
return 0
except tink.TinkError as e:
logging.info('MAC verification failed.')
return 1
def setUpModule():
aead.register()
mac.register()
daead.register()
prf.register()
testing_servers.start('key_version')
def register():
aead.register()
daead.register()
hybrid.register()
mac.register()
signature.register()
def main(argv):
if len(argv) not in (3, 4):
raise app.UsageError(
'Expected 2 or 3 arguments, got %d.\n'
'Usage: %s keyset-file data-file [expected-code-file]' %
(len(argv) - 1, argv[0]))
keyset_filename = argv[1]
data_filename = argv[2]
expected_code_filename = argv[3] if len(argv) == 4 else None
if expected_code_filename is not None:
with open(expected_code_filename, 'rb') as expected_code_file:
expected_code_hex = expected_code_file.read().strip()
logging.info(
'Using keyset from file %s to verify file %s against expected code %s',
keyset_filename, data_filename, expected_code_hex.decode('utf-8'))
else:
expected_code_hex = None
logging.info('Using keyset from file %s to verify file %s',
keyset_filename, data_filename)
# Initialise Tink.
try:
mac.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset into a keyset_handle.
with open(keyset_filename, 'rt') as keyset_file:
try:
text = keyset_file.read()
keyset_handle = cleartext_keyset_handle.read(
tink.JsonKeysetReader(text))
except tink.TinkError as e:
logging.error('Error reading key: %s', e)
return 1
# Get the primitive.
try:
cipher = keyset_handle.primitive(mac.Mac)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
# Compute the MAC.
with open(data_filename, 'rb') as data_file:
data = data_file.read()
if expected_code_hex is None:
code = cipher.compute_mac(data)
logging.info('MAC output is %s',
binascii.hexlify(code).decode('utf-8'))
return 0
try:
expected_code = binascii.unhexlify(expected_code_hex)
except binascii.Error as e:
logging.error('Error reading expected code: %s', e)
return 1
try:
cipher.verify_mac(expected_code, data)
logging.info('MAC outputs matched. Success!')
return 0
except tink.TinkError as e:
logging.info('MAC outputs did not match!')
code = binascii.hexlify(cipher.compute_mac(data)).decode('utf-8')
logging.info('Actual MAC output is %s', code)
return 1
def main(argv):
if len(argv) not in (5, 6):
raise app.UsageError(
'Expected 5 or 6 arguments, got %d.\n'
'Usage: %s keyset-file operation input-file associated-data-file' %
(len(argv) - 1, argv[0]))
keyset_filename = argv[1]
operation = argv[2]
data_filename = argv[3]
mac_filename = argv[4]
if len(argv) == 6:
result_filename = argv[5]
logging.info(
'Using keyset from file %s to %s MAC on file %s.\n The resulting output'
'will be written to file %s', keyset_filename, operation,
data_filename, mac_filename)
# Initialise Tink
try:
mac.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset into keyset_handle
try:
keyset_handle = read_keyset(keyset_filename)
except tink.TinkError as e:
logging.error('Error reading key: %s', e)
return 1
# Get the primitive
try:
mac_primitive = keyset_handle.primitive(mac.Mac)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
# Read the input files
with open(data_filename, 'rb') as input_file:
input_data = input_file.read()
# Compute the output
if operation.lower() == 'compute':
try:
tag = mac_primitive.compute_mac(input_data)
except tink.TinkError as e:
logging.error('Error computing MAC on the input: %s', e)
# Write MAC to file
with open(mac_filename, 'wb') as mac_file:
mac_file.write(tag)
elif operation.lower() == 'verify':
# Read MAC from file
with open(mac_filename, 'rb') as mac_file:
tag = mac_file.read()
# Check for valid MAC
try:
mac_primitive.verify_mac(tag, input_data)
result = b'valid'
except tink.TinkError as e:
logging.error('Error verifying MAC of the input: %s', e)
result = b'invalid'
with open(result_filename, 'wb') as result_file:
result_file.write(result)
else:
logging.error(
'Did not recognise operation %s.\n'
'Expected either "compute" or "verify"', operation)
return 1
logging.info('All done.')
