| # Copyright 2020 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| """Various utility functions for the cross language tests. |
| """ |
| |
| from typing import Any, Iterable, List |
| |
| from tink import aead |
| from tink import daead |
| from tink import hybrid |
| from tink import jwt |
| from tink import mac |
| from tink import prf |
| from tink import signature |
| from tink import streaming_aead |
| |
| from tink.proto import tink_pb2 |
| import tink_config |
| |
| # All languages supported by cross-language tests. |
| ALL_LANGUAGES = ['cc', 'java', 'go', 'python'] |
| |
| |
| # For each KeyType, a list of Tinkey KeyTemplate names. |
| # TODO(juerg): Add missing key template names, and remove deprecated names. |
| # TODO(tholenst): Change this to a function |
| KEY_TEMPLATE_NAMES = { |
| 'AesEaxKey': [ |
| 'AES128_EAX', 'AES128_EAX_RAW', 'AES256_EAX', 'AES256_EAX_RAW' |
| ], |
| 'AesGcmKey': [ |
| 'AES128_GCM', 'AES128_GCM_RAW', 'AES256_GCM', 'AES256_GCM_RAW' |
| ], |
| 'AesGcmSivKey': [ |
| 'AES128_GCM_SIV', 'AES128_GCM_SIV_RAW', 'AES256_GCM_SIV', |
| 'AES256_GCM_SIV_RAW' |
| ], |
| 'AesCtrHmacAeadKey': [ |
| 'AES128_CTR_HMAC_SHA256', 'AES128_CTR_HMAC_SHA256_RAW', |
| 'AES256_CTR_HMAC_SHA256', 'AES256_CTR_HMAC_SHA256_RAW' |
| ], |
| 'ChaCha20Poly1305Key': ['CHACHA20_POLY1305', 'CHACHA20_POLY1305_RAW'], |
| 'XChaCha20Poly1305Key': ['XCHACHA20_POLY1305', 'XCHACHA20_POLY1305_RAW'], |
| 'KmsAeadKey': [], |
| 'KmsEnvelopeAeadKey': [], |
| 'AesSivKey': ['AES256_SIV'], |
| 'AesCtrHmacStreamingKey': [ |
| 'AES128_CTR_HMAC_SHA256_4KB', |
| 'AES128_CTR_HMAC_SHA256_1MB', |
| 'AES256_CTR_HMAC_SHA256_4KB', |
| 'AES256_CTR_HMAC_SHA256_1MB', |
| ], |
| 'AesGcmHkdfStreamingKey': [ |
| 'AES128_GCM_HKDF_4KB', |
| 'AES128_GCM_HKDF_1MB', |
| 'AES256_GCM_HKDF_4KB', |
| 'AES256_GCM_HKDF_1MB', |
| ], |
| 'EciesAeadHkdfPrivateKey': [ |
| 'ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM', |
| 'ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM', |
| 'ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256', |
| 'ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256', |
| ], |
| 'HpkePrivateKey': [ |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM', |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW', |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM', |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW', |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305', |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW', |
| ], |
| 'AesCmacKey': ['AES_CMAC'], |
| 'HmacKey': [ |
| 'HMAC_SHA256_128BITTAG', 'HMAC_SHA256_256BITTAG', |
| 'HMAC_SHA512_256BITTAG', 'HMAC_SHA512_512BITTAG' |
| ], |
| 'EcdsaPrivateKey': [ |
| 'ECDSA_P256', 'ECDSA_P256_RAW', 'ECDSA_P384', 'ECDSA_P384_SHA384', |
| 'ECDSA_P384_SHA512', 'ECDSA_P521', 'ECDSA_P256_IEEE_P1363', |
| 'ECDSA_P384_IEEE_P1363', 'ECDSA_P384_SHA384_IEEE_P1363', |
| 'ECDSA_P521_IEEE_P1363' |
| ], |
| 'Ed25519PrivateKey': ['ED25519'], |
| 'RsaSsaPkcs1PrivateKey': [ |
| 'RSA_SSA_PKCS1_3072_SHA256_F4', 'RSA_SSA_PKCS1_4096_SHA512_F4' |
| ], |
| 'RsaSsaPssPrivateKey': [ |
| 'RSA_SSA_PSS_3072_SHA256_SHA256_32_F4', |
| 'RSA_SSA_PSS_4096_SHA512_SHA512_64_F4' |
| ], |
| 'AesCmacPrfKey': ['AES_CMAC_PRF'], |
| 'HmacPrfKey': ['HMAC_SHA256_PRF', 'HMAC_SHA512_PRF'], |
| 'HkdfPrfKey': ['HKDF_SHA256'], |
| 'JwtHmacKey': [ |
| 'JWT_HS256', 'JWT_HS256_RAW', 'JWT_HS384', 'JWT_HS384_RAW', 'JWT_HS512', |
| 'JWT_HS512_RAW' |
| ], |
| 'JwtEcdsaPrivateKey': [ |
| 'JWT_ES256', 'JWT_ES256_RAW', 'JWT_ES384', 'JWT_ES384_RAW', 'JWT_ES512', |
| 'JWT_ES512_RAW' |
| ], |
| 'JwtRsaSsaPkcs1PrivateKey': [ |
| 'JWT_RS256_2048_F4', 'JWT_RS256_2048_F4_RAW', 'JWT_RS256_3072_F4', |
| 'JWT_RS256_3072_F4_RAW', 'JWT_RS384_3072_F4', 'JWT_RS384_3072_F4_RAW', |
| 'JWT_RS512_4096_F4', 'JWT_RS512_4096_F4_RAW' |
| ], |
| 'JwtRsaSsaPssPrivateKey': [ |
| 'JWT_PS256_2048_F4', 'JWT_PS256_2048_F4_RAW', 'JWT_PS256_3072_F4', |
| 'JWT_PS256_3072_F4_RAW', 'JWT_PS384_3072_F4', 'JWT_PS384_3072_F4_RAW', |
| 'JWT_PS512_4096_F4', 'JWT_PS512_4096_F4_RAW' |
| ], |
| } |
| |
| # KeyTemplate (as Protobuf) for each KeyTemplate name. |
| KEY_TEMPLATE = { |
| 'AES128_EAX': |
| aead.aead_key_templates.AES128_EAX, |
| 'AES128_EAX_RAW': |
| aead.aead_key_templates.AES128_EAX_RAW, |
| 'AES256_EAX': |
| aead.aead_key_templates.AES256_EAX, |
| 'AES256_EAX_RAW': |
| aead.aead_key_templates.AES256_EAX_RAW, |
| 'AES128_GCM': |
| aead.aead_key_templates.AES128_GCM, |
| 'AES128_GCM_RAW': |
| aead.aead_key_templates.AES128_GCM_RAW, |
| 'AES256_GCM': |
| aead.aead_key_templates.AES256_GCM, |
| 'AES256_GCM_RAW': |
| aead.aead_key_templates.AES256_GCM_RAW, |
| 'AES128_GCM_SIV': |
| aead.aead_key_templates.AES128_GCM_SIV, |
| 'AES128_GCM_SIV_RAW': |
| aead.aead_key_templates.AES128_GCM_SIV_RAW, |
| 'AES256_GCM_SIV': |
| aead.aead_key_templates.AES256_GCM_SIV, |
| 'AES256_GCM_SIV_RAW': |
| aead.aead_key_templates.AES256_GCM_SIV_RAW, |
| 'AES128_CTR_HMAC_SHA256': |
| aead.aead_key_templates.AES128_CTR_HMAC_SHA256, |
| 'AES128_CTR_HMAC_SHA256_RAW': |
| aead.aead_key_templates.AES128_CTR_HMAC_SHA256_RAW, |
| 'AES256_CTR_HMAC_SHA256': |
| aead.aead_key_templates.AES256_CTR_HMAC_SHA256, |
| 'AES256_CTR_HMAC_SHA256_RAW': |
| aead.aead_key_templates.AES256_CTR_HMAC_SHA256_RAW, |
| 'CHACHA20_POLY1305': |
| tink_pb2.KeyTemplate( |
| type_url=('type.googleapis.com/google.crypto.tink.' + |
| 'ChaCha20Poly1305Key'), |
| output_prefix_type=tink_pb2.TINK), |
| 'CHACHA20_POLY1305_RAW': |
| tink_pb2.KeyTemplate( |
| type_url=('type.googleapis.com/google.crypto.tink.' + |
| 'ChaCha20Poly1305Key'), |
| output_prefix_type=tink_pb2.RAW), |
| 'XCHACHA20_POLY1305': |
| aead.aead_key_templates.XCHACHA20_POLY1305, |
| 'XCHACHA20_POLY1305_RAW': |
| aead.aead_key_templates.XCHACHA20_POLY1305_RAW, |
| 'AES256_SIV': |
| daead.deterministic_aead_key_templates.AES256_SIV, |
| 'AES128_CTR_HMAC_SHA256_4KB': |
| streaming_aead.streaming_aead_key_templates.AES128_CTR_HMAC_SHA256_4KB, |
| 'AES128_CTR_HMAC_SHA256_1MB': |
| streaming_aead.streaming_aead_key_templates.AES128_CTR_HMAC_SHA256_1MB, |
| 'AES256_CTR_HMAC_SHA256_4KB': |
| streaming_aead.streaming_aead_key_templates.AES256_CTR_HMAC_SHA256_4KB, |
| 'AES256_CTR_HMAC_SHA256_1MB': |
| streaming_aead.streaming_aead_key_templates.AES256_CTR_HMAC_SHA256_1MB, |
| 'AES128_GCM_HKDF_4KB': |
| streaming_aead.streaming_aead_key_templates.AES128_GCM_HKDF_4KB, |
| 'AES128_GCM_HKDF_1MB': |
| streaming_aead.streaming_aead_key_templates.AES128_GCM_HKDF_1MB, |
| 'AES256_GCM_HKDF_4KB': |
| streaming_aead.streaming_aead_key_templates.AES256_GCM_HKDF_4KB, |
| 'AES256_GCM_HKDF_1MB': |
| streaming_aead.streaming_aead_key_templates.AES256_GCM_HKDF_1MB, |
| 'ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM': |
| hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM, |
| 'ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM': |
| hybrid.hybrid_key_templates |
| .ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM, |
| 'ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256': |
| hybrid.hybrid_key_templates |
| .ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256, |
| 'ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256': |
| hybrid.hybrid_key_templates |
| .ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256, |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM': |
| hybrid.hybrid_key_templates |
| .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM, |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW': |
| hybrid.hybrid_key_templates |
| .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW, |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM': |
| hybrid.hybrid_key_templates |
| .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM, |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW': |
| hybrid.hybrid_key_templates |
| .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW, |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305': |
| hybrid.hybrid_key_templates |
| .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305, |
| 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW': |
| hybrid.hybrid_key_templates |
| .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW, |
| 'AES_CMAC': |
| mac.mac_key_templates.AES_CMAC, |
| 'HMAC_SHA256_128BITTAG': |
| mac.mac_key_templates.HMAC_SHA256_128BITTAG, |
| 'HMAC_SHA256_256BITTAG': |
| mac.mac_key_templates.HMAC_SHA256_256BITTAG, |
| 'HMAC_SHA512_256BITTAG': |
| mac.mac_key_templates.HMAC_SHA512_256BITTAG, |
| 'HMAC_SHA512_512BITTAG': |
| mac.mac_key_templates.HMAC_SHA512_512BITTAG, |
| 'ECDSA_P256': |
| signature.signature_key_templates.ECDSA_P256, |
| 'ECDSA_P256_RAW': |
| signature.signature_key_templates.ECDSA_P256_RAW, |
| 'ECDSA_P384': |
| signature.signature_key_templates.ECDSA_P384, |
| 'ECDSA_P384_SHA384': |
| signature.signature_key_templates.ECDSA_P384_SHA384, |
| 'ECDSA_P384_SHA512': |
| signature.signature_key_templates.ECDSA_P384_SHA512, |
| 'ECDSA_P521': |
| signature.signature_key_templates.ECDSA_P521, |
| 'ECDSA_P256_IEEE_P1363': |
| signature.signature_key_templates.ECDSA_P256_IEEE_P1363, |
| 'ECDSA_P384_IEEE_P1363': |
| signature.signature_key_templates.ECDSA_P384_IEEE_P1363, |
| 'ECDSA_P384_SHA384_IEEE_P1363': |
| signature.signature_key_templates.ECDSA_P384_SHA384_IEEE_P1363, |
| 'ECDSA_P521_IEEE_P1363': |
| signature.signature_key_templates.ECDSA_P521_IEEE_P1363, |
| 'ED25519': |
| signature.signature_key_templates.ED25519, |
| 'RSA_SSA_PKCS1_3072_SHA256_F4': |
| signature.signature_key_templates.RSA_SSA_PKCS1_3072_SHA256_F4, |
| 'RSA_SSA_PKCS1_4096_SHA512_F4': |
| signature.signature_key_templates.RSA_SSA_PKCS1_4096_SHA512_F4, |
| 'RSA_SSA_PSS_3072_SHA256_SHA256_32_F4': |
| signature.signature_key_templates.RSA_SSA_PSS_3072_SHA256_SHA256_32_F4, |
| 'RSA_SSA_PSS_4096_SHA512_SHA512_64_F4': |
| signature.signature_key_templates.RSA_SSA_PSS_4096_SHA512_SHA512_64_F4, |
| 'AES_CMAC_PRF': |
| prf.prf_key_templates.AES_CMAC, |
| 'HMAC_SHA256_PRF': |
| prf.prf_key_templates.HMAC_SHA256, |
| 'HMAC_SHA512_PRF': |
| prf.prf_key_templates.HMAC_SHA512, |
| 'HKDF_SHA256': |
| prf.prf_key_templates.HKDF_SHA256, |
| 'JWT_HS256': |
| jwt.jwt_hs256_template(), |
| 'JWT_HS256_RAW': |
| jwt.raw_jwt_hs256_template(), |
| 'JWT_HS384': |
| jwt.jwt_hs384_template(), |
| 'JWT_HS384_RAW': |
| jwt.raw_jwt_hs384_template(), |
| 'JWT_HS512': |
| jwt.jwt_hs512_template(), |
| 'JWT_HS512_RAW': |
| jwt.raw_jwt_hs512_template(), |
| 'JWT_ES256': |
| jwt.jwt_es256_template(), |
| 'JWT_ES256_RAW': |
| jwt.raw_jwt_es256_template(), |
| 'JWT_ES384': |
| jwt.jwt_es384_template(), |
| 'JWT_ES384_RAW': |
| jwt.raw_jwt_es384_template(), |
| 'JWT_ES512': |
| jwt.jwt_es512_template(), |
| 'JWT_ES512_RAW': |
| jwt.raw_jwt_es512_template(), |
| 'JWT_RS256_2048_F4': |
| jwt.jwt_rs256_2048_f4_template(), |
| 'JWT_RS256_2048_F4_RAW': |
| jwt.raw_jwt_rs256_2048_f4_template(), |
| 'JWT_RS256_3072_F4': |
| jwt.jwt_rs256_3072_f4_template(), |
| 'JWT_RS256_3072_F4_RAW': |
| jwt.raw_jwt_rs256_3072_f4_template(), |
| 'JWT_RS384_3072_F4': |
| jwt.jwt_rs384_3072_f4_template(), |
| 'JWT_RS384_3072_F4_RAW': |
| jwt.raw_jwt_rs384_3072_f4_template(), |
| 'JWT_RS512_4096_F4': |
| jwt.jwt_rs512_4096_f4_template(), |
| 'JWT_RS512_4096_F4_RAW': |
| jwt.raw_jwt_rs512_4096_f4_template(), |
| 'JWT_PS256_2048_F4': |
| jwt.jwt_ps256_2048_f4_template(), |
| 'JWT_PS256_2048_F4_RAW': |
| jwt.raw_jwt_ps256_2048_f4_template(), |
| 'JWT_PS256_3072_F4': |
| jwt.jwt_ps256_3072_f4_template(), |
| 'JWT_PS256_3072_F4_RAW': |
| jwt.raw_jwt_ps256_3072_f4_template(), |
| 'JWT_PS384_3072_F4': |
| jwt.jwt_ps384_3072_f4_template(), |
| 'JWT_PS384_3072_F4_RAW': |
| jwt.raw_jwt_ps384_3072_f4_template(), |
| 'JWT_PS512_4096_F4': |
| jwt.jwt_ps512_4096_f4_template(), |
| 'JWT_PS512_4096_F4_RAW': |
| jwt.raw_jwt_ps512_4096_f4_template(), |
| } |
| |
| |
| # Key template names for which the list of supported languages is different from |
| # the list of supported languages of the whole key type. |
| _CUSTOM_SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME = { |
| # currently empty. |
| } |
| |
| |
| def _supported_languages_by_template( |
| template_name: str, key_type: str) -> List[str]: |
| if template_name in _CUSTOM_SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME: |
| return _CUSTOM_SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME[template_name] |
| return tink_config.supported_languages_for_key_type(key_type) |
| |
| |
| def _all_key_template_names_with_key_type(): |
| for key_type, template_names in KEY_TEMPLATE_NAMES.items(): |
| for template_name in template_names: |
| yield (template_name, key_type) |
| |
| |
| def tinkey_template_names_for(primitive_class: Any) -> Iterable[str]: |
| """Returns all the key template names for the given primitive type.""" |
| for key_type in tink_config.key_types_for_primitive(primitive_class): |
| for template_name in KEY_TEMPLATE_NAMES[key_type]: |
| yield template_name |
| |
| |
| SUPPORTED_LANGUAGES_BY_TEMPLATE_NAME = { |
| name: _supported_languages_by_template(name, template) |
| for name, template in _all_key_template_names_with_key_type() |
| } |
| |
| |
| def key_types_in_keyset(keyset: bytes) -> List[str]: |
| """Returns a list containing all key types in a keyset, in order.""" |
| parsed_keyset = tink_pb2.Keyset.FromString(keyset) |
| type_urls = [k.key_data.type_url for k in parsed_keyset.key] |
| return [tink_config.key_type_from_type_url(t) for t in type_urls] |
