1*e7b1675dSTing-Kang Chang# Copyright 2020 Google LLC 2*e7b1675dSTing-Kang Chang# 3*e7b1675dSTing-Kang Chang# Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang# you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang# You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang# 7*e7b1675dSTing-Kang Chang# http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang# 9*e7b1675dSTing-Kang Chang# Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang# distributed under the License is distributed on an "AS-IS" BASIS, 11*e7b1675dSTing-Kang Chang# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang# See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang# limitations under the License. 14*e7b1675dSTing-Kang Chang"""Testing service API implementations in Python.""" 15*e7b1675dSTing-Kang Chang 16*e7b1675dSTing-Kang Changimport io 17*e7b1675dSTing-Kang Chang 18*e7b1675dSTing-Kang Changimport grpc 19*e7b1675dSTing-Kang Changimport tink 20*e7b1675dSTing-Kang Changfrom tink import aead 21*e7b1675dSTing-Kang Changfrom tink import cleartext_keyset_handle 22*e7b1675dSTing-Kang Changfrom tink import daead 23*e7b1675dSTing-Kang Changfrom tink import hybrid 24*e7b1675dSTing-Kang Changfrom tink import jwt 25*e7b1675dSTing-Kang Changfrom tink import mac 26*e7b1675dSTing-Kang Changfrom tink import prf 27*e7b1675dSTing-Kang Changfrom tink import signature 28*e7b1675dSTing-Kang Changfrom tink import streaming_aead 29*e7b1675dSTing-Kang Changfrom tink.proto import tink_pb2 30*e7b1675dSTing-Kang Changfrom tink.testing import bytes_io 31*e7b1675dSTing-Kang Changfrom protos import testing_api_pb2 32*e7b1675dSTing-Kang Changfrom protos import testing_api_pb2_grpc 33*e7b1675dSTing-Kang Chang 34*e7b1675dSTing-Kang Chang 35*e7b1675dSTing-Kang Chang# All KeyTemplate (as Protobuf) defined in the Python API. 36*e7b1675dSTing-Kang Chang_KEY_TEMPLATE = { 37*e7b1675dSTing-Kang Chang 'AES128_EAX': 38*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES128_EAX, 39*e7b1675dSTing-Kang Chang 'AES128_EAX_RAW': 40*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES128_EAX_RAW, 41*e7b1675dSTing-Kang Chang 'AES256_EAX': 42*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES256_EAX, 43*e7b1675dSTing-Kang Chang 'AES256_EAX_RAW': 44*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES256_EAX_RAW, 45*e7b1675dSTing-Kang Chang 'AES128_GCM': 46*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES128_GCM, 47*e7b1675dSTing-Kang Chang 'AES128_GCM_RAW': 48*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES128_GCM_RAW, 49*e7b1675dSTing-Kang Chang 'AES256_GCM': 50*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES256_GCM, 51*e7b1675dSTing-Kang Chang 'AES256_GCM_RAW': 52*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES256_GCM_RAW, 53*e7b1675dSTing-Kang Chang 'AES128_GCM_SIV': 54*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES128_GCM_SIV, 55*e7b1675dSTing-Kang Chang 'AES128_GCM_SIV_RAW': 56*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES128_GCM_SIV_RAW, 57*e7b1675dSTing-Kang Chang 'AES256_GCM_SIV': 58*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES256_GCM_SIV, 59*e7b1675dSTing-Kang Chang 'AES256_GCM_SIV_RAW': 60*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES256_GCM_SIV_RAW, 61*e7b1675dSTing-Kang Chang 'AES128_CTR_HMAC_SHA256': 62*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES128_CTR_HMAC_SHA256, 63*e7b1675dSTing-Kang Chang 'AES128_CTR_HMAC_SHA256_RAW': 64*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES128_CTR_HMAC_SHA256_RAW, 65*e7b1675dSTing-Kang Chang 'AES256_CTR_HMAC_SHA256': 66*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES256_CTR_HMAC_SHA256, 67*e7b1675dSTing-Kang Chang 'AES256_CTR_HMAC_SHA256_RAW': 68*e7b1675dSTing-Kang Chang aead.aead_key_templates.AES256_CTR_HMAC_SHA256_RAW, 69*e7b1675dSTing-Kang Chang 'XCHACHA20_POLY1305': 70*e7b1675dSTing-Kang Chang aead.aead_key_templates.XCHACHA20_POLY1305, 71*e7b1675dSTing-Kang Chang 'XCHACHA20_POLY1305_RAW': 72*e7b1675dSTing-Kang Chang aead.aead_key_templates.XCHACHA20_POLY1305_RAW, 73*e7b1675dSTing-Kang Chang 'AES256_SIV': 74*e7b1675dSTing-Kang Chang daead.deterministic_aead_key_templates.AES256_SIV, 75*e7b1675dSTing-Kang Chang 'AES128_CTR_HMAC_SHA256_4KB': 76*e7b1675dSTing-Kang Chang streaming_aead.streaming_aead_key_templates.AES128_CTR_HMAC_SHA256_4KB, 77*e7b1675dSTing-Kang Chang 'AES128_CTR_HMAC_SHA256_1MB': 78*e7b1675dSTing-Kang Chang streaming_aead.streaming_aead_key_templates.AES128_CTR_HMAC_SHA256_1MB, 79*e7b1675dSTing-Kang Chang 'AES256_CTR_HMAC_SHA256_4KB': 80*e7b1675dSTing-Kang Chang streaming_aead.streaming_aead_key_templates.AES256_CTR_HMAC_SHA256_4KB, 81*e7b1675dSTing-Kang Chang 'AES256_CTR_HMAC_SHA256_1MB': 82*e7b1675dSTing-Kang Chang streaming_aead.streaming_aead_key_templates.AES256_CTR_HMAC_SHA256_1MB, 83*e7b1675dSTing-Kang Chang 'AES128_GCM_HKDF_4KB': 84*e7b1675dSTing-Kang Chang streaming_aead.streaming_aead_key_templates.AES128_GCM_HKDF_4KB, 85*e7b1675dSTing-Kang Chang 'AES128_GCM_HKDF_1MB': 86*e7b1675dSTing-Kang Chang streaming_aead.streaming_aead_key_templates.AES128_GCM_HKDF_1MB, 87*e7b1675dSTing-Kang Chang 'AES256_GCM_HKDF_4KB': 88*e7b1675dSTing-Kang Chang streaming_aead.streaming_aead_key_templates.AES256_GCM_HKDF_4KB, 89*e7b1675dSTing-Kang Chang 'AES256_GCM_HKDF_1MB': 90*e7b1675dSTing-Kang Chang streaming_aead.streaming_aead_key_templates.AES256_GCM_HKDF_1MB, 91*e7b1675dSTing-Kang Chang 'ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM': 92*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM, 93*e7b1675dSTing-Kang Chang 'ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM': 94*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 95*e7b1675dSTing-Kang Chang .ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM, 96*e7b1675dSTing-Kang Chang 'ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256': 97*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 98*e7b1675dSTing-Kang Chang .ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256, 99*e7b1675dSTing-Kang Chang 'ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256': 100*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 101*e7b1675dSTing-Kang Chang .ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256, 102*e7b1675dSTing-Kang Chang 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM': 103*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 104*e7b1675dSTing-Kang Chang .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM, 105*e7b1675dSTing-Kang Chang 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW': 106*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 107*e7b1675dSTing-Kang Chang .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW, 108*e7b1675dSTing-Kang Chang 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM': 109*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 110*e7b1675dSTing-Kang Chang .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM, 111*e7b1675dSTing-Kang Chang 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW': 112*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 113*e7b1675dSTing-Kang Chang .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW, 114*e7b1675dSTing-Kang Chang 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305': 115*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 116*e7b1675dSTing-Kang Chang .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305, 117*e7b1675dSTing-Kang Chang 'DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW': 118*e7b1675dSTing-Kang Chang hybrid.hybrid_key_templates 119*e7b1675dSTing-Kang Chang .DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW, 120*e7b1675dSTing-Kang Chang 'AES_CMAC': 121*e7b1675dSTing-Kang Chang mac.mac_key_templates.AES_CMAC, 122*e7b1675dSTing-Kang Chang 'HMAC_SHA256_128BITTAG': 123*e7b1675dSTing-Kang Chang mac.mac_key_templates.HMAC_SHA256_128BITTAG, 124*e7b1675dSTing-Kang Chang 'HMAC_SHA256_256BITTAG': 125*e7b1675dSTing-Kang Chang mac.mac_key_templates.HMAC_SHA256_256BITTAG, 126*e7b1675dSTing-Kang Chang 'HMAC_SHA512_256BITTAG': 127*e7b1675dSTing-Kang Chang mac.mac_key_templates.HMAC_SHA512_256BITTAG, 128*e7b1675dSTing-Kang Chang 'HMAC_SHA512_512BITTAG': 129*e7b1675dSTing-Kang Chang mac.mac_key_templates.HMAC_SHA512_512BITTAG, 130*e7b1675dSTing-Kang Chang 'ECDSA_P256': 131*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P256, 132*e7b1675dSTing-Kang Chang 'ECDSA_P256_RAW': 133*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P256_RAW, 134*e7b1675dSTing-Kang Chang 'ECDSA_P384': 135*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P384, 136*e7b1675dSTing-Kang Chang 'ECDSA_P384_SHA384': 137*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P384_SHA384, 138*e7b1675dSTing-Kang Chang 'ECDSA_P384_SHA512': 139*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P384_SHA512, 140*e7b1675dSTing-Kang Chang 'ECDSA_P521': 141*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P521, 142*e7b1675dSTing-Kang Chang 'ECDSA_P256_IEEE_P1363': 143*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P256_IEEE_P1363, 144*e7b1675dSTing-Kang Chang 'ECDSA_P384_IEEE_P1363': 145*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P384_IEEE_P1363, 146*e7b1675dSTing-Kang Chang 'ECDSA_P384_SHA384_IEEE_P1363': 147*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P384_SHA384_IEEE_P1363, 148*e7b1675dSTing-Kang Chang 'ECDSA_P521_IEEE_P1363': 149*e7b1675dSTing-Kang Chang signature.signature_key_templates.ECDSA_P521_IEEE_P1363, 150*e7b1675dSTing-Kang Chang 'ED25519': 151*e7b1675dSTing-Kang Chang signature.signature_key_templates.ED25519, 152*e7b1675dSTing-Kang Chang 'RSA_SSA_PKCS1_3072_SHA256_F4': 153*e7b1675dSTing-Kang Chang signature.signature_key_templates.RSA_SSA_PKCS1_3072_SHA256_F4, 154*e7b1675dSTing-Kang Chang 'RSA_SSA_PKCS1_4096_SHA512_F4': 155*e7b1675dSTing-Kang Chang signature.signature_key_templates.RSA_SSA_PKCS1_4096_SHA512_F4, 156*e7b1675dSTing-Kang Chang 'RSA_SSA_PSS_3072_SHA256_SHA256_32_F4': 157*e7b1675dSTing-Kang Chang signature.signature_key_templates.RSA_SSA_PSS_3072_SHA256_SHA256_32_F4, 158*e7b1675dSTing-Kang Chang 'RSA_SSA_PSS_4096_SHA512_SHA512_64_F4': 159*e7b1675dSTing-Kang Chang signature.signature_key_templates.RSA_SSA_PSS_4096_SHA512_SHA512_64_F4, 160*e7b1675dSTing-Kang Chang 'AES_CMAC_PRF': 161*e7b1675dSTing-Kang Chang prf.prf_key_templates.AES_CMAC, 162*e7b1675dSTing-Kang Chang 'HMAC_SHA256_PRF': 163*e7b1675dSTing-Kang Chang prf.prf_key_templates.HMAC_SHA256, 164*e7b1675dSTing-Kang Chang 'HMAC_SHA512_PRF': 165*e7b1675dSTing-Kang Chang prf.prf_key_templates.HMAC_SHA512, 166*e7b1675dSTing-Kang Chang 'HKDF_SHA256': 167*e7b1675dSTing-Kang Chang prf.prf_key_templates.HKDF_SHA256, 168*e7b1675dSTing-Kang Chang 'JWT_HS256': 169*e7b1675dSTing-Kang Chang jwt.jwt_hs256_template(), 170*e7b1675dSTing-Kang Chang 'JWT_HS256_RAW': 171*e7b1675dSTing-Kang Chang jwt.raw_jwt_hs256_template(), 172*e7b1675dSTing-Kang Chang 'JWT_HS384': 173*e7b1675dSTing-Kang Chang jwt.jwt_hs384_template(), 174*e7b1675dSTing-Kang Chang 'JWT_HS384_RAW': 175*e7b1675dSTing-Kang Chang jwt.raw_jwt_hs384_template(), 176*e7b1675dSTing-Kang Chang 'JWT_HS512': 177*e7b1675dSTing-Kang Chang jwt.jwt_hs512_template(), 178*e7b1675dSTing-Kang Chang 'JWT_HS512_RAW': 179*e7b1675dSTing-Kang Chang jwt.raw_jwt_hs512_template(), 180*e7b1675dSTing-Kang Chang 'JWT_ES256': 181*e7b1675dSTing-Kang Chang jwt.jwt_es256_template(), 182*e7b1675dSTing-Kang Chang 'JWT_ES256_RAW': 183*e7b1675dSTing-Kang Chang jwt.raw_jwt_es256_template(), 184*e7b1675dSTing-Kang Chang 'JWT_ES384': 185*e7b1675dSTing-Kang Chang jwt.jwt_es384_template(), 186*e7b1675dSTing-Kang Chang 'JWT_ES384_RAW': 187*e7b1675dSTing-Kang Chang jwt.raw_jwt_es384_template(), 188*e7b1675dSTing-Kang Chang 'JWT_ES512': 189*e7b1675dSTing-Kang Chang jwt.jwt_es512_template(), 190*e7b1675dSTing-Kang Chang 'JWT_ES512_RAW': 191*e7b1675dSTing-Kang Chang jwt.raw_jwt_es512_template(), 192*e7b1675dSTing-Kang Chang 'JWT_RS256_2048_F4': 193*e7b1675dSTing-Kang Chang jwt.jwt_rs256_2048_f4_template(), 194*e7b1675dSTing-Kang Chang 'JWT_RS256_2048_F4_RAW': 195*e7b1675dSTing-Kang Chang jwt.raw_jwt_rs256_2048_f4_template(), 196*e7b1675dSTing-Kang Chang 'JWT_RS256_3072_F4': 197*e7b1675dSTing-Kang Chang jwt.jwt_rs256_3072_f4_template(), 198*e7b1675dSTing-Kang Chang 'JWT_RS256_3072_F4_RAW': 199*e7b1675dSTing-Kang Chang jwt.raw_jwt_rs256_3072_f4_template(), 200*e7b1675dSTing-Kang Chang 'JWT_RS384_3072_F4': 201*e7b1675dSTing-Kang Chang jwt.jwt_rs384_3072_f4_template(), 202*e7b1675dSTing-Kang Chang 'JWT_RS384_3072_F4_RAW': 203*e7b1675dSTing-Kang Chang jwt.raw_jwt_rs384_3072_f4_template(), 204*e7b1675dSTing-Kang Chang 'JWT_RS512_4096_F4': 205*e7b1675dSTing-Kang Chang jwt.jwt_rs512_4096_f4_template(), 206*e7b1675dSTing-Kang Chang 'JWT_RS512_4096_F4_RAW': 207*e7b1675dSTing-Kang Chang jwt.raw_jwt_rs512_4096_f4_template(), 208*e7b1675dSTing-Kang Chang 'JWT_PS256_2048_F4': 209*e7b1675dSTing-Kang Chang jwt.jwt_ps256_2048_f4_template(), 210*e7b1675dSTing-Kang Chang 'JWT_PS256_2048_F4_RAW': 211*e7b1675dSTing-Kang Chang jwt.raw_jwt_ps256_2048_f4_template(), 212*e7b1675dSTing-Kang Chang 'JWT_PS256_3072_F4': 213*e7b1675dSTing-Kang Chang jwt.jwt_ps256_3072_f4_template(), 214*e7b1675dSTing-Kang Chang 'JWT_PS256_3072_F4_RAW': 215*e7b1675dSTing-Kang Chang jwt.raw_jwt_ps256_3072_f4_template(), 216*e7b1675dSTing-Kang Chang 'JWT_PS384_3072_F4': 217*e7b1675dSTing-Kang Chang jwt.jwt_ps384_3072_f4_template(), 218*e7b1675dSTing-Kang Chang 'JWT_PS384_3072_F4_RAW': 219*e7b1675dSTing-Kang Chang jwt.raw_jwt_ps384_3072_f4_template(), 220*e7b1675dSTing-Kang Chang 'JWT_PS512_4096_F4': 221*e7b1675dSTing-Kang Chang jwt.jwt_ps512_4096_f4_template(), 222*e7b1675dSTing-Kang Chang 'JWT_PS512_4096_F4_RAW': 223*e7b1675dSTing-Kang Chang jwt.raw_jwt_ps512_4096_f4_template(), 224*e7b1675dSTing-Kang Chang} 225*e7b1675dSTing-Kang Chang 226*e7b1675dSTing-Kang Chang 227*e7b1675dSTing-Kang Changclass MetadataServicer(testing_api_pb2_grpc.MetadataServicer): 228*e7b1675dSTing-Kang Chang """A service with metadata about the server.""" 229*e7b1675dSTing-Kang Chang 230*e7b1675dSTing-Kang Chang def GetServerInfo( 231*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.ServerInfoRequest, 232*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.ServerInfoResponse: 233*e7b1675dSTing-Kang Chang """Returns information about the server.""" 234*e7b1675dSTing-Kang Chang return testing_api_pb2.ServerInfoResponse(language='python') 235*e7b1675dSTing-Kang Chang 236*e7b1675dSTing-Kang Chang 237*e7b1675dSTing-Kang Changclass KeysetServicer(testing_api_pb2_grpc.KeysetServicer): 238*e7b1675dSTing-Kang Chang """A service for testing Keyset operations.""" 239*e7b1675dSTing-Kang Chang 240*e7b1675dSTing-Kang Chang def GetTemplate( 241*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.KeysetTemplateRequest, 242*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.KeysetTemplateResponse: 243*e7b1675dSTing-Kang Chang """Returns the key template for the given template name.""" 244*e7b1675dSTing-Kang Chang if request.template_name not in _KEY_TEMPLATE: 245*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetTemplateResponse( 246*e7b1675dSTing-Kang Chang err='template %s not found' % request.template_name) 247*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetTemplateResponse( 248*e7b1675dSTing-Kang Chang key_template=_KEY_TEMPLATE[request.template_name].SerializeToString()) 249*e7b1675dSTing-Kang Chang 250*e7b1675dSTing-Kang Chang def Generate( 251*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.KeysetGenerateRequest, 252*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.KeysetGenerateResponse: 253*e7b1675dSTing-Kang Chang """Generates a keyset.""" 254*e7b1675dSTing-Kang Chang try: 255*e7b1675dSTing-Kang Chang template = tink_pb2.KeyTemplate() 256*e7b1675dSTing-Kang Chang template.ParseFromString(request.template) 257*e7b1675dSTing-Kang Chang keyset_handle = tink.new_keyset_handle(template) 258*e7b1675dSTing-Kang Chang keyset = io.BytesIO() 259*e7b1675dSTing-Kang Chang cleartext_keyset_handle.write( 260*e7b1675dSTing-Kang Chang tink.BinaryKeysetWriter(keyset), keyset_handle) 261*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetGenerateResponse(keyset=keyset.getvalue()) 262*e7b1675dSTing-Kang Chang except tink.TinkError as e: 263*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetGenerateResponse(err=str(e)) 264*e7b1675dSTing-Kang Chang 265*e7b1675dSTing-Kang Chang def Public( 266*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.KeysetPublicRequest, 267*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.KeysetPublicResponse: 268*e7b1675dSTing-Kang Chang """Generates a public-key keyset from a private-key keyset.""" 269*e7b1675dSTing-Kang Chang try: 270*e7b1675dSTing-Kang Chang private_keyset_handle = cleartext_keyset_handle.read( 271*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.private_keyset)) 272*e7b1675dSTing-Kang Chang public_keyset_handle = private_keyset_handle.public_keyset_handle() 273*e7b1675dSTing-Kang Chang public_keyset = io.BytesIO() 274*e7b1675dSTing-Kang Chang cleartext_keyset_handle.write( 275*e7b1675dSTing-Kang Chang tink.BinaryKeysetWriter(public_keyset), public_keyset_handle) 276*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetPublicResponse( 277*e7b1675dSTing-Kang Chang public_keyset=public_keyset.getvalue()) 278*e7b1675dSTing-Kang Chang except tink.TinkError as e: 279*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetPublicResponse(err=str(e)) 280*e7b1675dSTing-Kang Chang 281*e7b1675dSTing-Kang Chang def ToJson( 282*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.KeysetToJsonRequest, 283*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.KeysetToJsonResponse: 284*e7b1675dSTing-Kang Chang """Converts a keyset from binary to JSON format.""" 285*e7b1675dSTing-Kang Chang try: 286*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 287*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.keyset)) 288*e7b1675dSTing-Kang Chang json_keyset = io.StringIO() 289*e7b1675dSTing-Kang Chang cleartext_keyset_handle.write( 290*e7b1675dSTing-Kang Chang tink.JsonKeysetWriter(json_keyset), keyset_handle) 291*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetToJsonResponse( 292*e7b1675dSTing-Kang Chang json_keyset=json_keyset.getvalue()) 293*e7b1675dSTing-Kang Chang except tink.TinkError as e: 294*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetToJsonResponse(err=str(e)) 295*e7b1675dSTing-Kang Chang 296*e7b1675dSTing-Kang Chang def FromJson( 297*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.KeysetFromJsonRequest, 298*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.KeysetFromJsonResponse: 299*e7b1675dSTing-Kang Chang """Converts a keyset from JSON to binary format.""" 300*e7b1675dSTing-Kang Chang try: 301*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 302*e7b1675dSTing-Kang Chang tink.JsonKeysetReader(request.json_keyset)) 303*e7b1675dSTing-Kang Chang keyset = io.BytesIO() 304*e7b1675dSTing-Kang Chang cleartext_keyset_handle.write( 305*e7b1675dSTing-Kang Chang tink.BinaryKeysetWriter(keyset), keyset_handle) 306*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetFromJsonResponse(keyset=keyset.getvalue()) 307*e7b1675dSTing-Kang Chang except tink.TinkError as e: 308*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetFromJsonResponse(err=str(e)) 309*e7b1675dSTing-Kang Chang 310*e7b1675dSTing-Kang Chang def ReadEncrypted( 311*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.KeysetReadEncryptedRequest, 312*e7b1675dSTing-Kang Chang context: grpc.ServicerContext 313*e7b1675dSTing-Kang Chang ) -> testing_api_pb2.KeysetReadEncryptedResponse: 314*e7b1675dSTing-Kang Chang """Reads an encrypted keyset.""" 315*e7b1675dSTing-Kang Chang try: 316*e7b1675dSTing-Kang Chang master_keyset_handle = cleartext_keyset_handle.read( 317*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.master_keyset)) 318*e7b1675dSTing-Kang Chang master_aead = master_keyset_handle.primitive(aead.Aead) 319*e7b1675dSTing-Kang Chang 320*e7b1675dSTing-Kang Chang if request.keyset_reader_type == testing_api_pb2.KEYSET_READER_BINARY: 321*e7b1675dSTing-Kang Chang reader = tink.BinaryKeysetReader(request.encrypted_keyset) 322*e7b1675dSTing-Kang Chang elif request.keyset_reader_type == testing_api_pb2.KEYSET_READER_JSON: 323*e7b1675dSTing-Kang Chang reader = tink.JsonKeysetReader(request.encrypted_keyset.decode('utf8')) 324*e7b1675dSTing-Kang Chang else: 325*e7b1675dSTing-Kang Chang raise ValueError('unknown keyset reader type') 326*e7b1675dSTing-Kang Chang if request.HasField('associated_data'): 327*e7b1675dSTing-Kang Chang keyset_handle = tink.read_keyset_handle_with_associated_data( 328*e7b1675dSTing-Kang Chang reader, master_aead, request.associated_data.value) 329*e7b1675dSTing-Kang Chang else: 330*e7b1675dSTing-Kang Chang keyset_handle = tink.read_keyset_handle(reader, master_aead) 331*e7b1675dSTing-Kang Chang 332*e7b1675dSTing-Kang Chang keyset = io.BytesIO() 333*e7b1675dSTing-Kang Chang cleartext_keyset_handle.write( 334*e7b1675dSTing-Kang Chang tink.BinaryKeysetWriter(keyset), keyset_handle) 335*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetReadEncryptedResponse( 336*e7b1675dSTing-Kang Chang keyset=keyset.getvalue()) 337*e7b1675dSTing-Kang Chang except tink.TinkError as e: 338*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetReadEncryptedResponse(err=str(e)) 339*e7b1675dSTing-Kang Chang 340*e7b1675dSTing-Kang Chang def WriteEncrypted( 341*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.KeysetWriteEncryptedRequest, 342*e7b1675dSTing-Kang Chang context: grpc.ServicerContext 343*e7b1675dSTing-Kang Chang ) -> testing_api_pb2.KeysetWriteEncryptedResponse: 344*e7b1675dSTing-Kang Chang """Writes an encrypted keyset.""" 345*e7b1675dSTing-Kang Chang try: 346*e7b1675dSTing-Kang Chang master_keyset_handle = cleartext_keyset_handle.read( 347*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.master_keyset)) 348*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 349*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.keyset)) 350*e7b1675dSTing-Kang Chang master_aead = master_keyset_handle.primitive(aead.Aead) 351*e7b1675dSTing-Kang Chang 352*e7b1675dSTing-Kang Chang if request.keyset_writer_type == testing_api_pb2.KEYSET_WRITER_BINARY: 353*e7b1675dSTing-Kang Chang encrypted_keyset = io.BytesIO() 354*e7b1675dSTing-Kang Chang writer = tink.BinaryKeysetWriter(encrypted_keyset) 355*e7b1675dSTing-Kang Chang if request.HasField('associated_data'): 356*e7b1675dSTing-Kang Chang keyset_handle.write_with_associated_data( 357*e7b1675dSTing-Kang Chang writer, master_aead, request.associated_data.value) 358*e7b1675dSTing-Kang Chang else: 359*e7b1675dSTing-Kang Chang keyset_handle.write(writer, master_aead) 360*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetWriteEncryptedResponse( 361*e7b1675dSTing-Kang Chang encrypted_keyset=encrypted_keyset.getvalue()) 362*e7b1675dSTing-Kang Chang elif request.keyset_writer_type == testing_api_pb2.KEYSET_WRITER_JSON: 363*e7b1675dSTing-Kang Chang encrypted_keyset = io.StringIO() 364*e7b1675dSTing-Kang Chang writer = tink.JsonKeysetWriter(encrypted_keyset) 365*e7b1675dSTing-Kang Chang if request.HasField('associated_data'): 366*e7b1675dSTing-Kang Chang keyset_handle.write_with_associated_data( 367*e7b1675dSTing-Kang Chang writer, master_aead, request.associated_data.value) 368*e7b1675dSTing-Kang Chang else: 369*e7b1675dSTing-Kang Chang keyset_handle.write(writer, master_aead) 370*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetWriteEncryptedResponse( 371*e7b1675dSTing-Kang Chang encrypted_keyset=encrypted_keyset.getvalue().encode('utf8')) 372*e7b1675dSTing-Kang Chang else: 373*e7b1675dSTing-Kang Chang raise ValueError('unknown keyset writer type') 374*e7b1675dSTing-Kang Chang except tink.TinkError as e: 375*e7b1675dSTing-Kang Chang return testing_api_pb2.KeysetWriteEncryptedResponse(err=str(e)) 376*e7b1675dSTing-Kang Chang 377*e7b1675dSTing-Kang Chang 378*e7b1675dSTing-Kang Changclass AeadServicer(testing_api_pb2_grpc.AeadServicer): 379*e7b1675dSTing-Kang Chang """A service for testing AEAD encryption.""" 380*e7b1675dSTing-Kang Chang 381*e7b1675dSTing-Kang Chang def Create(self, request: testing_api_pb2.CreationRequest, 382*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 383*e7b1675dSTing-Kang Chang """Creates an AEAD without using it.""" 384*e7b1675dSTing-Kang Chang try: 385*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 386*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 387*e7b1675dSTing-Kang Chang keyset_handle.primitive(aead.Aead) 388*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 389*e7b1675dSTing-Kang Chang except tink.TinkError as e: 390*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 391*e7b1675dSTing-Kang Chang 392*e7b1675dSTing-Kang Chang def Encrypt( 393*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.AeadEncryptRequest, 394*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.AeadEncryptResponse: 395*e7b1675dSTing-Kang Chang """Encrypts a message.""" 396*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 397*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 398*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(aead.Aead) 399*e7b1675dSTing-Kang Chang try: 400*e7b1675dSTing-Kang Chang ciphertext = p.encrypt(request.plaintext, request.associated_data) 401*e7b1675dSTing-Kang Chang return testing_api_pb2.AeadEncryptResponse(ciphertext=ciphertext) 402*e7b1675dSTing-Kang Chang except tink.TinkError as e: 403*e7b1675dSTing-Kang Chang return testing_api_pb2.AeadEncryptResponse(err=str(e)) 404*e7b1675dSTing-Kang Chang 405*e7b1675dSTing-Kang Chang def Decrypt( 406*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.AeadDecryptRequest, 407*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.AeadDecryptResponse: 408*e7b1675dSTing-Kang Chang """Decrypts a message.""" 409*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 410*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 411*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(aead.Aead) 412*e7b1675dSTing-Kang Chang try: 413*e7b1675dSTing-Kang Chang plaintext = p.decrypt(request.ciphertext, request.associated_data) 414*e7b1675dSTing-Kang Chang return testing_api_pb2.AeadDecryptResponse(plaintext=plaintext) 415*e7b1675dSTing-Kang Chang except tink.TinkError as e: 416*e7b1675dSTing-Kang Chang return testing_api_pb2.AeadDecryptResponse(err=str(e)) 417*e7b1675dSTing-Kang Chang 418*e7b1675dSTing-Kang Chang 419*e7b1675dSTing-Kang Changclass StreamingAeadServicer(testing_api_pb2_grpc.StreamingAeadServicer): 420*e7b1675dSTing-Kang Chang """A service for testing StreamingAEAD encryption.""" 421*e7b1675dSTing-Kang Chang 422*e7b1675dSTing-Kang Chang def Create(self, request: testing_api_pb2.CreationRequest, 423*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 424*e7b1675dSTing-Kang Chang """Creates a Streaming Aead without using it.""" 425*e7b1675dSTing-Kang Chang try: 426*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 427*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 428*e7b1675dSTing-Kang Chang keyset_handle.primitive(streaming_aead.StreamingAead) 429*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 430*e7b1675dSTing-Kang Chang except tink.TinkError as e: 431*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 432*e7b1675dSTing-Kang Chang 433*e7b1675dSTing-Kang Chang def Encrypt( 434*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.StreamingAeadEncryptRequest, 435*e7b1675dSTing-Kang Chang context: grpc.ServicerContext 436*e7b1675dSTing-Kang Chang ) -> testing_api_pb2.StreamingAeadEncryptResponse: 437*e7b1675dSTing-Kang Chang """Encrypts a message.""" 438*e7b1675dSTing-Kang Chang try: 439*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 440*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 441*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(streaming_aead.StreamingAead) 442*e7b1675dSTing-Kang Chang ciphertext_destination = bytes_io.BytesIOWithValueAfterClose() 443*e7b1675dSTing-Kang Chang with p.new_encrypting_stream(ciphertext_destination, 444*e7b1675dSTing-Kang Chang request.associated_data) as plaintext_stream: 445*e7b1675dSTing-Kang Chang plaintext_stream.write(request.plaintext) 446*e7b1675dSTing-Kang Chang return testing_api_pb2.StreamingAeadEncryptResponse( 447*e7b1675dSTing-Kang Chang ciphertext=ciphertext_destination.value_after_close()) 448*e7b1675dSTing-Kang Chang except tink.TinkError as e: 449*e7b1675dSTing-Kang Chang return testing_api_pb2.StreamingAeadEncryptResponse(err=str(e)) 450*e7b1675dSTing-Kang Chang 451*e7b1675dSTing-Kang Chang def Decrypt( 452*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.StreamingAeadDecryptRequest, 453*e7b1675dSTing-Kang Chang context: grpc.ServicerContext 454*e7b1675dSTing-Kang Chang ) -> testing_api_pb2.StreamingAeadDecryptResponse: 455*e7b1675dSTing-Kang Chang """Decrypts a message.""" 456*e7b1675dSTing-Kang Chang try: 457*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 458*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 459*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(streaming_aead.StreamingAead) 460*e7b1675dSTing-Kang Chang stream = io.BytesIO(request.ciphertext) 461*e7b1675dSTing-Kang Chang with p.new_decrypting_stream(stream, request.associated_data) as s: 462*e7b1675dSTing-Kang Chang plaintext = s.read() 463*e7b1675dSTing-Kang Chang return testing_api_pb2.StreamingAeadDecryptResponse(plaintext=plaintext) 464*e7b1675dSTing-Kang Chang except tink.TinkError as e: 465*e7b1675dSTing-Kang Chang return testing_api_pb2.StreamingAeadDecryptResponse(err=str(e)) 466*e7b1675dSTing-Kang Chang 467*e7b1675dSTing-Kang Chang 468*e7b1675dSTing-Kang Changclass DeterministicAeadServicer(testing_api_pb2_grpc.DeterministicAeadServicer): 469*e7b1675dSTing-Kang Chang """A service for testing Deterministic AEAD encryption.""" 470*e7b1675dSTing-Kang Chang 471*e7b1675dSTing-Kang Chang def Create(self, request: testing_api_pb2.CreationRequest, 472*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 473*e7b1675dSTing-Kang Chang """Creates a Deterministic AEAD without using it.""" 474*e7b1675dSTing-Kang Chang try: 475*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 476*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 477*e7b1675dSTing-Kang Chang keyset_handle.primitive(daead.DeterministicAead) 478*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 479*e7b1675dSTing-Kang Chang except tink.TinkError as e: 480*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 481*e7b1675dSTing-Kang Chang 482*e7b1675dSTing-Kang Chang def EncryptDeterministically( 483*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.DeterministicAeadEncryptRequest, 484*e7b1675dSTing-Kang Chang context: grpc.ServicerContext 485*e7b1675dSTing-Kang Chang ) -> testing_api_pb2.DeterministicAeadEncryptResponse: 486*e7b1675dSTing-Kang Chang """Encrypts a message.""" 487*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 488*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 489*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(daead.DeterministicAead) 490*e7b1675dSTing-Kang Chang try: 491*e7b1675dSTing-Kang Chang ciphertext = p.encrypt_deterministically(request.plaintext, 492*e7b1675dSTing-Kang Chang request.associated_data) 493*e7b1675dSTing-Kang Chang return testing_api_pb2.DeterministicAeadEncryptResponse( 494*e7b1675dSTing-Kang Chang ciphertext=ciphertext) 495*e7b1675dSTing-Kang Chang except tink.TinkError as e: 496*e7b1675dSTing-Kang Chang return testing_api_pb2.DeterministicAeadEncryptResponse(err=str(e)) 497*e7b1675dSTing-Kang Chang 498*e7b1675dSTing-Kang Chang def DecryptDeterministically( 499*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.DeterministicAeadDecryptRequest, 500*e7b1675dSTing-Kang Chang context: grpc.ServicerContext 501*e7b1675dSTing-Kang Chang ) -> testing_api_pb2.DeterministicAeadDecryptResponse: 502*e7b1675dSTing-Kang Chang """Decrypts a message.""" 503*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 504*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 505*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(daead.DeterministicAead) 506*e7b1675dSTing-Kang Chang try: 507*e7b1675dSTing-Kang Chang plaintext = p.decrypt_deterministically(request.ciphertext, 508*e7b1675dSTing-Kang Chang request.associated_data) 509*e7b1675dSTing-Kang Chang return testing_api_pb2.DeterministicAeadDecryptResponse( 510*e7b1675dSTing-Kang Chang plaintext=plaintext) 511*e7b1675dSTing-Kang Chang except tink.TinkError as e: 512*e7b1675dSTing-Kang Chang return testing_api_pb2.DeterministicAeadDecryptResponse(err=str(e)) 513*e7b1675dSTing-Kang Chang 514*e7b1675dSTing-Kang Chang 515*e7b1675dSTing-Kang Changclass MacServicer(testing_api_pb2_grpc.MacServicer): 516*e7b1675dSTing-Kang Chang """A service for testing MACs.""" 517*e7b1675dSTing-Kang Chang 518*e7b1675dSTing-Kang Chang def Create(self, request: testing_api_pb2.CreationRequest, 519*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 520*e7b1675dSTing-Kang Chang """Creates a MAC without using it.""" 521*e7b1675dSTing-Kang Chang try: 522*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 523*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 524*e7b1675dSTing-Kang Chang keyset_handle.primitive(mac.Mac) 525*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 526*e7b1675dSTing-Kang Chang except tink.TinkError as e: 527*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 528*e7b1675dSTing-Kang Chang 529*e7b1675dSTing-Kang Chang def ComputeMac( 530*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.ComputeMacRequest, 531*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.ComputeMacResponse: 532*e7b1675dSTing-Kang Chang """Computes a MAC.""" 533*e7b1675dSTing-Kang Chang try: 534*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 535*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 536*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(mac.Mac) 537*e7b1675dSTing-Kang Chang mac_value = p.compute_mac(request.data) 538*e7b1675dSTing-Kang Chang return testing_api_pb2.ComputeMacResponse(mac_value=mac_value) 539*e7b1675dSTing-Kang Chang except tink.TinkError as e: 540*e7b1675dSTing-Kang Chang return testing_api_pb2.ComputeMacResponse(err=str(e)) 541*e7b1675dSTing-Kang Chang 542*e7b1675dSTing-Kang Chang def VerifyMac( 543*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.VerifyMacRequest, 544*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.VerifyMacResponse: 545*e7b1675dSTing-Kang Chang """Verifies a MAC value.""" 546*e7b1675dSTing-Kang Chang try: 547*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 548*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 549*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(mac.Mac) 550*e7b1675dSTing-Kang Chang p.verify_mac(request.mac_value, request.data) 551*e7b1675dSTing-Kang Chang return testing_api_pb2.VerifyMacResponse() 552*e7b1675dSTing-Kang Chang except tink.TinkError as e: 553*e7b1675dSTing-Kang Chang return testing_api_pb2.VerifyMacResponse(err=str(e)) 554*e7b1675dSTing-Kang Chang 555*e7b1675dSTing-Kang Chang 556*e7b1675dSTing-Kang Changclass HybridServicer(testing_api_pb2_grpc.HybridServicer): 557*e7b1675dSTing-Kang Chang """A service for testing hybrid encryption and decryption.""" 558*e7b1675dSTing-Kang Chang 559*e7b1675dSTing-Kang Chang def CreateHybridEncrypt( 560*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.CreationRequest, 561*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 562*e7b1675dSTing-Kang Chang """Creates a HybridEncrypt without using it.""" 563*e7b1675dSTing-Kang Chang try: 564*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 565*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 566*e7b1675dSTing-Kang Chang keyset_handle.primitive(hybrid.HybridEncrypt) 567*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 568*e7b1675dSTing-Kang Chang except tink.TinkError as e: 569*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 570*e7b1675dSTing-Kang Chang 571*e7b1675dSTing-Kang Chang def CreateHybridDecrypt( 572*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.CreationRequest, 573*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 574*e7b1675dSTing-Kang Chang """Creates a HybridDecrypt without using it.""" 575*e7b1675dSTing-Kang Chang try: 576*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 577*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 578*e7b1675dSTing-Kang Chang keyset_handle.primitive(hybrid.HybridDecrypt) 579*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 580*e7b1675dSTing-Kang Chang except tink.TinkError as e: 581*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 582*e7b1675dSTing-Kang Chang 583*e7b1675dSTing-Kang Chang def Encrypt( 584*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.HybridEncryptRequest, 585*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.HybridEncryptResponse: 586*e7b1675dSTing-Kang Chang """Encrypts a message.""" 587*e7b1675dSTing-Kang Chang try: 588*e7b1675dSTing-Kang Chang public_keyset_handle = cleartext_keyset_handle.read( 589*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader( 590*e7b1675dSTing-Kang Chang request.public_annotated_keyset.serialized_keyset)) 591*e7b1675dSTing-Kang Chang p = public_keyset_handle.primitive(hybrid.HybridEncrypt) 592*e7b1675dSTing-Kang Chang ciphertext = p.encrypt(request.plaintext, request.context_info) 593*e7b1675dSTing-Kang Chang return testing_api_pb2.HybridEncryptResponse(ciphertext=ciphertext) 594*e7b1675dSTing-Kang Chang except tink.TinkError as e: 595*e7b1675dSTing-Kang Chang return testing_api_pb2.HybridEncryptResponse(err=str(e)) 596*e7b1675dSTing-Kang Chang 597*e7b1675dSTing-Kang Chang def Decrypt( 598*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.HybridDecryptRequest, 599*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.HybridDecryptResponse: 600*e7b1675dSTing-Kang Chang """Decrypts a message.""" 601*e7b1675dSTing-Kang Chang try: 602*e7b1675dSTing-Kang Chang private_keyset_handle = cleartext_keyset_handle.read( 603*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader( 604*e7b1675dSTing-Kang Chang request.private_annotated_keyset.serialized_keyset)) 605*e7b1675dSTing-Kang Chang p = private_keyset_handle.primitive(hybrid.HybridDecrypt) 606*e7b1675dSTing-Kang Chang plaintext = p.decrypt(request.ciphertext, request.context_info) 607*e7b1675dSTing-Kang Chang return testing_api_pb2.HybridDecryptResponse(plaintext=plaintext) 608*e7b1675dSTing-Kang Chang except tink.TinkError as e: 609*e7b1675dSTing-Kang Chang return testing_api_pb2.HybridDecryptResponse(err=str(e)) 610*e7b1675dSTing-Kang Chang 611*e7b1675dSTing-Kang Chang 612*e7b1675dSTing-Kang Changclass SignatureServicer(testing_api_pb2_grpc.SignatureServicer): 613*e7b1675dSTing-Kang Chang """A service for testing signatures.""" 614*e7b1675dSTing-Kang Chang 615*e7b1675dSTing-Kang Chang def CreatePublicKeySign( 616*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.CreationRequest, 617*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 618*e7b1675dSTing-Kang Chang """Creates a PublicKeySign without using it.""" 619*e7b1675dSTing-Kang Chang try: 620*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 621*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 622*e7b1675dSTing-Kang Chang keyset_handle.primitive(signature.PublicKeySign) 623*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 624*e7b1675dSTing-Kang Chang except tink.TinkError as e: 625*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 626*e7b1675dSTing-Kang Chang 627*e7b1675dSTing-Kang Chang def CreatePublicKeyVerify( 628*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.CreationRequest, 629*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 630*e7b1675dSTing-Kang Chang """Creates a PublicKeyVerify without using it.""" 631*e7b1675dSTing-Kang Chang try: 632*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 633*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 634*e7b1675dSTing-Kang Chang keyset_handle.primitive(signature.PublicKeyVerify) 635*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 636*e7b1675dSTing-Kang Chang except tink.TinkError as e: 637*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 638*e7b1675dSTing-Kang Chang 639*e7b1675dSTing-Kang Chang def Sign( 640*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.SignatureSignRequest, 641*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.SignatureSignResponse: 642*e7b1675dSTing-Kang Chang """Signs a message.""" 643*e7b1675dSTing-Kang Chang try: 644*e7b1675dSTing-Kang Chang private_keyset_handle = cleartext_keyset_handle.read( 645*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader( 646*e7b1675dSTing-Kang Chang request.private_annotated_keyset.serialized_keyset)) 647*e7b1675dSTing-Kang Chang p = private_keyset_handle.primitive(signature.PublicKeySign) 648*e7b1675dSTing-Kang Chang signature_value = p.sign(request.data) 649*e7b1675dSTing-Kang Chang return testing_api_pb2.SignatureSignResponse(signature=signature_value) 650*e7b1675dSTing-Kang Chang except tink.TinkError as e: 651*e7b1675dSTing-Kang Chang return testing_api_pb2.SignatureSignResponse(err=str(e)) 652*e7b1675dSTing-Kang Chang 653*e7b1675dSTing-Kang Chang def Verify( 654*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.SignatureVerifyRequest, 655*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.SignatureVerifyResponse: 656*e7b1675dSTing-Kang Chang """Verifies a signature.""" 657*e7b1675dSTing-Kang Chang try: 658*e7b1675dSTing-Kang Chang public_keyset_handle = cleartext_keyset_handle.read( 659*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader( 660*e7b1675dSTing-Kang Chang request.public_annotated_keyset.serialized_keyset)) 661*e7b1675dSTing-Kang Chang p = public_keyset_handle.primitive(signature.PublicKeyVerify) 662*e7b1675dSTing-Kang Chang p.verify(request.signature, request.data) 663*e7b1675dSTing-Kang Chang return testing_api_pb2.SignatureVerifyResponse() 664*e7b1675dSTing-Kang Chang except tink.TinkError as e: 665*e7b1675dSTing-Kang Chang return testing_api_pb2.SignatureVerifyResponse(err=str(e)) 666*e7b1675dSTing-Kang Chang 667*e7b1675dSTing-Kang Chang 668*e7b1675dSTing-Kang Changclass PrfSetServicer(testing_api_pb2_grpc.PrfSetServicer): 669*e7b1675dSTing-Kang Chang """A service for testing PrfSet.""" 670*e7b1675dSTing-Kang Chang 671*e7b1675dSTing-Kang Chang def Create(self, request: testing_api_pb2.CreationRequest, 672*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.CreationResponse: 673*e7b1675dSTing-Kang Chang """Creates a PrfSet without using it.""" 674*e7b1675dSTing-Kang Chang try: 675*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 676*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 677*e7b1675dSTing-Kang Chang keyset_handle.primitive(prf.PrfSet) 678*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse() 679*e7b1675dSTing-Kang Chang except tink.TinkError as e: 680*e7b1675dSTing-Kang Chang return testing_api_pb2.CreationResponse(err=str(e)) 681*e7b1675dSTing-Kang Chang 682*e7b1675dSTing-Kang Chang def KeyIds( 683*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.PrfSetKeyIdsRequest, 684*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.PrfSetKeyIdsResponse: 685*e7b1675dSTing-Kang Chang """Returns all key IDs and the primary key ID.""" 686*e7b1675dSTing-Kang Chang try: 687*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 688*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 689*e7b1675dSTing-Kang Chang p = keyset_handle.primitive(prf.PrfSet) 690*e7b1675dSTing-Kang Chang prfs = p.all() 691*e7b1675dSTing-Kang Chang response = testing_api_pb2.PrfSetKeyIdsResponse() 692*e7b1675dSTing-Kang Chang response.output.primary_key_id = p.primary_id() 693*e7b1675dSTing-Kang Chang response.output.key_id.extend(prfs.keys()) 694*e7b1675dSTing-Kang Chang return response 695*e7b1675dSTing-Kang Chang except tink.TinkError as e: 696*e7b1675dSTing-Kang Chang return testing_api_pb2.PrfSetKeyIdsResponse(err=str(e)) 697*e7b1675dSTing-Kang Chang 698*e7b1675dSTing-Kang Chang def Compute( 699*e7b1675dSTing-Kang Chang self, request: testing_api_pb2.PrfSetComputeRequest, 700*e7b1675dSTing-Kang Chang context: grpc.ServicerContext) -> testing_api_pb2.PrfSetComputeResponse: 701*e7b1675dSTing-Kang Chang """Computes the output of one PRF.""" 702*e7b1675dSTing-Kang Chang try: 703*e7b1675dSTing-Kang Chang keyset_handle = cleartext_keyset_handle.read( 704*e7b1675dSTing-Kang Chang tink.BinaryKeysetReader(request.annotated_keyset.serialized_keyset)) 705*e7b1675dSTing-Kang Chang f = keyset_handle.primitive(prf.PrfSet).all()[request.key_id] 706*e7b1675dSTing-Kang Chang return testing_api_pb2.PrfSetComputeResponse( 707*e7b1675dSTing-Kang Chang output=f.compute(request.input_data, request.output_length)) 708*e7b1675dSTing-Kang Chang except tink.TinkError as e: 709*e7b1675dSTing-Kang Chang return testing_api_pb2.PrfSetComputeResponse(err=str(e)) 710