def test_raw_template(self): template = aead.aead_key_templates.AES128_GCM raw_template = keyset_builder.raw_template(template) self.assertEqual(raw_template.output_prefix_type, tink_pb2.RAW) self.assertEqual(raw_template.type_url, template.type_url) self.assertEqual(raw_template.value, template.value) # check that generating raw_template did not change template. self.assertNotEqual(template.output_prefix_type, tink_pb2.RAW)
def mac_key_templates() -> Iterable[Tuple[Text, tink_pb2.KeyTemplate]]: """Yields (mac_key_template_name, mac_key_template) tuples.""" for key_type in supported_key_types.MAC_KEY_TYPES: for name in supported_key_types.KEY_TEMPLATE_NAMES[key_type]: template = supported_key_types.KEY_TEMPLATE[name] yield (name, template) yield (name + '-raw', keyset_builder.raw_template(template)) yield (name + '-legacy', keyset_builder.legacy_template(template))
for p in unsupported_aeads: with self.assertRaises( tink.TinkError, msg='Language %s supports AEAD encrypt with %s unexpectedly' % (p.lang, key_template_name)): p.encrypt(b'plaintext', b'associated_data') # If the implementations work fine for keysets with single keys, then key # rotation should work if the primitive wrapper is implemented correctly. # These wrappers do not depend on the key type, so it should be fine to always # test with the same key type. Since the AEAD wrapper needs to treat keys # with output prefix RAW differently, we also include such a template for that. KEY_ROTATION_TEMPLATES = [ aead.aead_key_templates.AES128_CTR_HMAC_SHA256, keyset_builder.raw_template(aead.aead_key_templates.AES128_CTR_HMAC_SHA256) ] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for enc_lang in SUPPORTED_LANGUAGES: for dec_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl) class AeadKeyRotationTest(parameterized.TestCase): @parameterized.parameters(key_rotation_test_cases()) def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl,
for enc in unsupported_encs: with self.assertRaises( tink.TinkError, msg='Language %s supports hybrid encrypt with %s unexpectedly' % ( enc.lang, key_template_name)): enc.encrypt(b'plaintext', b'context_info') # If the implementations work fine for keysets with single keys, then key # rotation should work if the primitive wrapper is implemented correctly. # These wrappers do not depend on the key type, so it should be fine to always # test with the same key type. But since the wrapper needs to treat keys # with output prefix RAW differently, we also include such a template for that. KEY_ROTATION_TEMPLATES = [ hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM, keyset_builder.raw_template( hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM) ] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for enc_lang in SUPPORTED_LANGUAGES: for dec_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl) class HybridEncryptionKeyRotationTest(parameterized.TestCase): @parameterized.parameters(key_rotation_test_cases())
from absl.testing import parameterized import tink from tink import signature from tink.proto import tink_pb2 from tink.testing import keyset_builder from util import supported_key_types from util import testing_servers SUPPORTED_LANGUAGES = ( testing_servers.SUPPORTED_LANGUAGES_BY_PRIMITIVE['signature']) TEMPLATE = signature.signature_key_templates.ECDSA_P256 KEY_ROTATION_TEMPLATES = [ TEMPLATE, keyset_builder.raw_template(TEMPLATE), keyset_builder.legacy_template(TEMPLATE) ] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for enc_lang in SUPPORTED_LANGUAGES: for dec_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl) def setUpModule(): signature.register()
tink.TinkError, msg= 'Language %s supports signature sign with %s unexpectedly' % (signer.lang, key_template_name)): _ = signer.sign(message) # If the implementations work fine for keysets with single keys, then key # rotation should work if the primitive wrapper is implemented correctly. # The wrapper does not depend on the key type, so it should be fine to always # test with the same key type. The wrapper needs to treat keys with output # prefix RAW and LEGACY differently, so we also test templates with these # prefixes. KEY_ROTATION_TEMPLATES = [ signature.signature_key_templates.ECDSA_P256, keyset_builder.raw_template(signature.signature_key_templates.ECDSA_P256), keyset_builder.legacy_template( signature.signature_key_templates.ECDSA_P256) ] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for enc_lang in SUPPORTED_LANGUAGES: for dec_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl) class SignatureKeyRotationTest(parameterized.TestCase):
# distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Tests for tink.python.tink.aead_wrapper.""" from absl.testing import absltest from absl.testing import parameterized import tink from tink import aead from tink.testing import keyset_builder AEAD_TEMPLATE = aead.aead_key_templates.AES128_EAX RAW_AEAD_TEMPLATE = keyset_builder.raw_template(AEAD_TEMPLATE) def setUpModule(): aead.register() class AeadWrapperTest(parameterized.TestCase): @parameterized.parameters([AEAD_TEMPLATE, RAW_AEAD_TEMPLATE]) def test_encrypt_decrypt(self, template): keyset_handle = tink.new_keyset_handle(template) primitive = keyset_handle.primitive(aead.Aead) ciphertext = primitive.encrypt(b'plaintext', b'associated_data') self.assertEqual(primitive.decrypt(ciphertext, b'associated_data'), b'plaintext')
with self.assertRaises( tink.TinkError, msg='Language %s supports compute_mac with %s unexpectedly' % (p.lang, key_template_name)): p.compute_mac(data) # If the implementations work fine for keysets with single keys, then key # rotation should work if the primitive wrapper is implemented correctly. # These wrappers do not depend on the key type, so it should be fine to always # test with the same key type. The wrapper needs to treat keys with output # prefix RAW and LEGACY differently, so we also test templates with these # prefixes. KEY_ROTATION_TEMPLATES = [ mac.mac_key_templates.HMAC_SHA512_512BITTAG, keyset_builder.raw_template(mac.mac_key_templates.HMAC_SHA512_512BITTAG), keyset_builder.legacy_template(mac.mac_key_templates.HMAC_SHA512_512BITTAG) ] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for compute_lang in SUPPORTED_LANGUAGES: for verify_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (compute_lang, verify_lang, old_key_tmpl, new_key_tmpl) class MacKeyRotationTest(parameterized.TestCase):
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Tests for tink.python.tink._mac_wrapper.""" from absl.testing import absltest from absl.testing import parameterized import tink from tink import mac from tink.testing import keyset_builder MAC_TEMPLATE = mac.mac_key_templates.HMAC_SHA256_128BITTAG RAW_MAC_TEMPLATE = keyset_builder.raw_template(MAC_TEMPLATE) LEGACY_MAC_TEMPLATE = keyset_builder.legacy_template(MAC_TEMPLATE) def setUpModule(): mac.register() class MacWrapperTest(parameterized.TestCase): @parameterized.parameters([MAC_TEMPLATE, RAW_MAC_TEMPLATE, LEGACY_MAC_TEMPLATE]) def test_compute_verify_mac(self, template): keyset_handle = tink.new_keyset_handle(template) primitive = keyset_handle.primitive(mac.Mac)
for p in unsupported_daeads: with self.assertRaises( tink.TinkError, msg='Language %s supports encrypt_deterministically with %s ' 'unexpectedly' % (p.lang, key_template_name)): p.encrypt_deterministically(b'plaintext', b'associated_data') # If the implementations work fine for keysets with single keys, then key # rotation should work if the primitive wrapper is implemented correctly. # These wrappers do not depend on the key type, so it should be fine to always # test with the same key type. But since the wrapper needs to treat keys # with output prefix RAW differently, we also include such a template for that. KEY_ROTATION_TEMPLATES = [ daead.deterministic_aead_key_templates.AES256_SIV, keyset_builder.raw_template( daead.deterministic_aead_key_templates.AES256_SIV) ] def key_rotation_test_cases(): for enc_lang in SUPPORTED_LANGUAGES: for dec_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl) class DaeadKeyRotationTest(parameterized.TestCase): @parameterized.parameters(key_rotation_test_cases()) def test_key_rotation(self, enc_lang, dec_lang, old_key_tmpl, new_key_tmpl):
from absl.testing import absltest from absl.testing import parameterized import tink from tink import hybrid from tink.proto import tink_pb2 from tink.testing import keyset_builder from util import supported_key_types from util import testing_servers SUPPORTED_LANGUAGES = testing_servers.SUPPORTED_LANGUAGES_BY_PRIMITIVE[ 'hybrid'] TEMPLATE = hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM KEY_ROTATION_TEMPLATES = [TEMPLATE, keyset_builder.raw_template(TEMPLATE)] def key_rotation_test_cases( ) -> Iterable[Tuple[Text, Text, tink_pb2.KeyTemplate, tink_pb2.KeyTemplate]]: for enc_lang in SUPPORTED_LANGUAGES: for dec_lang in SUPPORTED_LANGUAGES: for old_key_tmpl in KEY_ROTATION_TEMPLATES: for new_key_tmpl in KEY_ROTATION_TEMPLATES: yield (enc_lang, dec_lang, old_key_tmpl, new_key_tmpl) def setUpModule(): hybrid.register() testing_servers.start('hybrid')