def _test_case(key_size=16, key_version=0): key = aes_gcm_pb2.AesGcmKey() key.version = key_version key.key_value = _gen_key_value(key_size) keyset = _gen_keyset( 'type.googleapis.com/google.crypto.tink.AesGcmKey', key.SerializeToString(), tink_pb2.KeyData.SYMMETRIC) return ('AesGcmKey(%d,%d)' % (key_size, key_version), keyset)
def test_new_key_data_aes_gcm(self): key_template = aead.aead_key_templates.create_aes_gcm_key_template( key_size=16) key_manager = core.Registry.key_manager(key_template.type_url) key_data = key_manager.new_key_data(key_template) self.assertEqual(key_data.type_url, key_template.type_url) self.assertEqual(key_data.key_material_type, tink_pb2.KeyData.SYMMETRIC) key = aes_gcm_pb2.AesGcmKey() key.ParseFromString(key_data.value) self.assertEqual(key.version, 0) self.assertLen(key.key_value, 16)
def test_new_key_data(self): # AES EAX key_template = self.new_aes_eax_key_template(12, 16) key_data = self.key_manager_eax.new_key_data(key_template) self.assertEqual(key_data.type_url, self.key_manager_eax.key_type()) self.assertEqual(key_data.key_material_type, tink_pb2.KeyData.SYMMETRIC) key = aes_eax_pb2.AesEaxKey() key.ParseFromString(key_data.value) self.assertEqual(key.version, 0) self.assertEqual(key.params.iv_size, 12) self.assertLen(key.key_value, 16) # AES GCM key_template = self.new_aes_gcm_key_template(16) key_data = self.key_manager_gcm.new_key_data(key_template) self.assertEqual(key_data.type_url, self.key_manager_gcm.key_type()) self.assertEqual(key_data.key_material_type, tink_pb2.KeyData.SYMMETRIC) key = aes_gcm_pb2.AesGcmKey() key.ParseFromString(key_data.value) self.assertEqual(key.version, 0) self.assertLen(key.key_value, 16)
def test_dek_extraction(self): key_template = aead.aead_key_templates.AES256_GCM keyset_handle = tink.new_keyset_handle(key_template) remote_aead = keyset_handle.primitive(aead.Aead) env_aead = kms_envelope_aead.KmsEnvelopeAead(key_template, remote_aead) plaintext = b'helloworld' ciphertext = bytearray(env_aead.encrypt(plaintext, b'some ad')) # Decrypt DEK dek_len = struct.unpack('>I', ciphertext[0:kms_envelope_aead.DEK_LEN_BYTES])[0] encrypted_dek_bytes = bytes(ciphertext[ kms_envelope_aead.DEK_LEN_BYTES:kms_envelope_aead.DEK_LEN_BYTES + dek_len]) dek_bytes = remote_aead.decrypt(encrypted_dek_bytes, b'') # Try to deserialize key key = aes_gcm_pb2.AesGcmKey() key.ParseFromString(dek_bytes) self.assertLen(key.key_value, 32)