How to use the tink.python.core.tink_error.TinkError function in tink

To help you get started, we’ve selected a few tink examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github google / tink / python / signature / View on Github external
def verify(self, signature: bytes, data: bytes):
    """Verifies that signature is a digital signature for data.

      signature: The signature bytes to be checked.
      data: The data bytes to be checked.

      tink_error.TinkError if the verification fails.
    if len(signature) <= crypto_format.NON_RAW_PREFIX_SIZE:
      # This also rejects raw signatures with size of 4 bytes or fewer.
      # We're not aware of any schemes that output signatures that small.
      raise tink_error.TinkError('signature too short')

    key_id = signature[:crypto_format.NON_RAW_PREFIX_SIZE]
    raw_sig = signature[crypto_format.NON_RAW_PREFIX_SIZE:]

    for entry in self._primitive_set.primitive_from_identifier(key_id):
        if entry.output_prefix_type == tink_pb2.LEGACY:
                                 data + crypto_format.LEGACY_START_BYTE)
          entry.primitive.verify(raw_sig, data)
        # Signature is valid, we can return
      except tink_error.TinkError as err:'signature prefix matches a key, but cannot verify: %s',
github google / tink / python / core / View on Github external
def _decrypt(encrypted_keyset: tink_pb2.EncryptedKeyset,
             master_key_aead: aead.Aead) -> tink_pb2.Keyset:
  """Decrypts an EncryptedKeyset and returns a Keyset."""
    keyset = tink_pb2.Keyset.FromString(
        master_key_aead.decrypt(encrypted_keyset.encrypted_keyset, b''))
    # Check emptiness here too, in case the encrypted keys unwrapped to nothing?
    return keyset
  except message.DecodeError:
    raise tink_error.TinkError('invalid keyset, corrupted key material')
github google / tink / python / core / View on Github external
"""Raises tink_error.TinkError if keyset is not valid."""
  for key in keyset.key:
    if key.status != tink_pb2.DESTROYED:
  num_non_destroyed_keys = sum(
      1 for key in keyset.key if key.status != tink_pb2.DESTROYED)
  num_non_public_key_material = sum(
      1 for key in keyset.key
      if key.key_data.key_material_type != tink_pb2.KeyData.ASYMMETRIC_PUBLIC)
  num_primary_keys = sum(
      1 for key in keyset.key
      if key.status == tink_pb2.ENABLED and key.key_id == keyset.primary_key_id)
  if num_non_destroyed_keys == 0:
    raise tink_error.TinkError('empty keyset')
  if num_primary_keys > 1:
    raise tink_error.TinkError('keyset contains multiple primary keys')
  if num_primary_keys == 0 and num_non_public_key_material > 0:
    raise tink_error.TinkError('keyset does not contain a valid primary key')
github google / tink / python / core / View on Github external
def _validate_key(key: tink_pb2.Keyset.Key):
  """Raises tink_error.TinkError if key is not valid."""
  if not key.HasField('key_data'):
    raise tink_error.TinkError('key {} has no key data'.format(key.key_id))
  if key.output_prefix_type == tink_pb2.UNKNOWN_PREFIX:
    raise tink_error.TinkError('key {} has unknown prefix'.format(key.key_id))
  if key.status == tink_pb2.UNKNOWN_STATUS:
    raise tink_error.TinkError('key {} has unknown status'.format(key.key_id))
github google / tink / python / core / View on Github external
def _assert_enough_key_material(keyset: tink_pb2.Keyset):
  if not keyset or not keyset.key:
    raise tink_error.TinkError('empty keyset')
github google / tink / python / core / View on Github external
def write(self, keyset: tink_pb2.Keyset) -> None:
    if not isinstance(keyset, tink_pb2.Keyset):
      raise tink_error.TinkError('invalid keyset.')
github google / tink / python / streaming_aead / View on Github external
      b: The buffer to write.

    if not isinstance(b, (bytes, memoryview, bytearray)):
      raise TypeError('a bytes-like object is required, not {}'.format(

    # One call to OutputStreamAdapter.write() may call next() multiple times
    # on the C++ EncryptingStream, but will perform a partial write if there is
    # a temporary write error. Permanent write errors will bubble up as
    # exceptions.
    written = self._output_stream_adapter.write(b)
    if written < 0:
      raise tink_error.TinkError('Number of written bytes was negative')

    self._bytes_written += written

    if written < len(b):
      raise io.BlockingIOError(errno.EAGAIN,
                               'Write could not complete without blocking.',
    elif written > len(b):
      raise tink_error.TinkError(
          'Number of written bytes was greater than length of bytes given')

    return written