Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Copyright 2019 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS-IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""A command-line utility for testing AEAD-primitives.
It requires 5 arguments:
keyset-file: name of the file with the keyset to be used for encryption
operation: the actual AEAD-operation, i.e. "encrypt" or "decrypt"
input-file: name of the file with input (plaintext for encryption, or
or ciphertext for decryption)
associated-data-file: name of the file containing associated data
output-file: name of the file for the resulting output
"""
from __future__ import absolute_import
from __future__ import division
from __future__ import google_type_annotations
from __future__ import print_function
# Special imports
from absl import app
from absl import flags
import tink
from pyglib import logging
FLAGS = flags.FLAGS
def read_keyset(keyset_filename):
"""Load a keyset from a file.
Args:
keyset_filename: A path to a keyset file
Returns:
A KeysetHandle of the file's keyset
Raises:
TinkError: if the file is not valid
IOError: if the file does not exist
"""
with open(keyset_filename, 'rb') as keyset_file:
text = keyset_file.read()
keyset = tink.KeysetHandle(tink.BinaryKeysetReader(text).read())
return keyset
def main(argv):
if len(argv) != 6:
raise app.UsageError(
'Expected 5 arguments, got %d.\n'
'Usage: %s keyset-file operation input-file associated-data-file' %
(len(argv) - 1, argv[0]))
keyset_filename = argv[1]
operation = argv[2]
input_filename = argv[3]
associated_data_filename = argv[4]
output_filename = argv[5]
logging.info(
'Using keyset from file %s to AEAD-%s file %s with associated data '
'from file %s.\nThe resulting output will be written to file %s',
keyset_filename, operation, input_filename, associated_data_filename,
output_filename)
# Initialise Tink
try:
tink.tink_config.register()
except tink.TinkError as e:
logging.error('Error initialising Tink: %s', e)
return 1
# Read the keyset
try:
keyset = read_keyset(keyset_filename)
except tink.TinkError as e:
logging.error('Error reading key: %s', e)
return 1
# Get the primitive
try:
cipher = keyset.primitive(tink.Aead)
except tink.TinkError as e:
logging.error('Error creating primitive: %s', e)
return 1
# Read the input files
with open(input_filename, 'rb') as input_file:
input_data = input_file.read()
with open(associated_data_filename, 'rb') as associated_data_file:
aad = associated_data_file.read()
# Compute the output
if operation.lower() == 'encrypt':
try:
output_data = cipher.encrypt(input_data, aad)
except tink.TinkError as e:
logging.error('Error encrypting the input: %s', e)
elif operation.lower() == 'decrypt':
try:
output_data = cipher.decrypt(input_data, aad)
except tink.TinkError as e:
logging.error('Error decrypting the input: %s', e)
else:
logging.error(
'Did not recognise operation %s.\n'
'Expected either "encrypt" or "decrypt"', operation)
return 1
with open(output_filename, 'wb') as output_file:
output_file.write(output_data)
logging.info('All done.')
if __name__ == '__main__':
app.run(main)