Search in sources :

Example 16 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class Ed25519PublicKeyManagerTest method testModifiedSignature.

@Test
public void testModifiedSignature() throws Exception {
    Ed25519PrivateKeyManager manager = new Ed25519PrivateKeyManager();
    KeyTemplate template = SignatureKeyTemplates.ED25519;
    MessageLite key = manager.newKey(template);
    Ed25519PrivateKey keyProto = (Ed25519PrivateKey) key;
    PublicKeySign signer = manager.getPrimitive(key);
    byte[] message = Random.randBytes(20);
    byte[] signature = signer.sign(message);
    Ed25519PublicKeyManager publicKeyManager = new Ed25519PublicKeyManager();
    PublicKeyVerify verifier = publicKeyManager.getPrimitive(keyProto.getPublicKey());
    try {
        verifier.verify(signature, message);
    } catch (GeneralSecurityException e) {
        fail("Did not expect GeneralSecurityException: " + e);
    }
    // Flip bits in message.
    for (int i = 0; i < message.length; i++) {
        byte[] copy = Arrays.copyOf(message, message.length);
        copy[i] = (byte) (copy[i] ^ 0xff);
        try {
            verifier.verify(signature, copy);
            fail("Expected GeneralSecurityException");
        } catch (GeneralSecurityException e) {
            assertExceptionContains(e, "Signature check failed.");
        }
    }
    // Flip bits in signature.
    // Flip the last byte.
    byte[] copySig = Arrays.copyOf(signature, signature.length);
    copySig[copySig.length - 1] = (byte) (copySig[copySig.length - 1] ^ 0xff);
    try {
        verifier.verify(copySig, message);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "Signature check failed.");
    }
    // Flip other bytes.
    for (int i = 0; i < signature.length - 1; i++) {
        byte[] copy = Arrays.copyOf(signature, signature.length);
        copy[i] = (byte) (copy[i] ^ 0xff);
        try {
            verifier.verify(copy, message);
            fail("Expected GeneralSecurityException");
        } catch (GeneralSecurityException e) {
            assertExceptionContains(e, "Signature check failed.");
        }
    }
}
Also used : Ed25519PrivateKey(com.google.crypto.tink.proto.Ed25519PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) MessageLite(com.google.protobuf.MessageLite) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 17 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class PublicKeySignCatalogueTest method testBasic.

@Test
public void testBasic() throws Exception {
    PublicKeySignCatalogue catalogue = new PublicKeySignCatalogue();
    // Check a single key type for signing, incl. case-insensitve primitive name.
    String keyType = "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey";
    {
        KeyManager<PublicKeySign> manager = catalogue.getKeyManager(keyType, "PublicKeySign", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<PublicKeySign> manager = catalogue.getKeyManager(keyType, "PUBLicKeYSigN", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<PublicKeySign> manager = catalogue.getKeyManager(keyType, "PUBLICKEYSIGN", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    // Check all entries from the current SignatureConfig.
    RegistryConfig config = SignatureConfig.TINK_1_0_0;
    int count = 0;
    for (KeyTypeEntry entry : config.getEntryList()) {
        if ("PublicKeySign".equals(entry.getPrimitiveName())) {
            count = count + 1;
            KeyManager<PublicKeySign> manager = catalogue.getKeyManager(entry.getTypeUrl(), "publickeysign", entry.getKeyManagerVersion());
            assertThat(manager.doesSupport(entry.getTypeUrl())).isTrue();
        }
    }
    assertEquals(2, count);
}
Also used : RegistryConfig(com.google.crypto.tink.proto.RegistryConfig) KeyTypeEntry(com.google.crypto.tink.proto.KeyTypeEntry) KeyManager(com.google.crypto.tink.KeyManager) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 18 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class EcdsaSignKeyManagerTest method testNewKeyWithVerifier.

private void testNewKeyWithVerifier(KeyTemplate keyTemplate) throws Exception {
    // Call newKey multiple times and make sure that it generates different keys.
    int numTests = 9;
    EcdsaPrivateKey[] privKeys = new EcdsaPrivateKey[numTests];
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    Set<String> keys = new TreeSet<String>();
    for (int j = 0; j < numTests / 3; j++) {
        privKeys[3 * j] = (EcdsaPrivateKey) signManager.newKey(EcdsaKeyFormat.parseFrom(keyTemplate.getValue()));
        keys.add(TestUtil.hexEncode(privKeys[3 * j].toByteArray()));
        privKeys[3 * j + 1] = (EcdsaPrivateKey) signManager.newKey(keyTemplate.getValue());
        keys.add(TestUtil.hexEncode(privKeys[3 * j + 1].toByteArray()));
        privKeys[3 * j + 2] = EcdsaPrivateKey.parseFrom(signManager.newKeyData(keyTemplate.getValue()).getValue());
        keys.add(TestUtil.hexEncode(privKeys[3 * j + 2].toByteArray()));
    }
    assertEquals(numTests, keys.size());
    // failure is 2^-64 which happens when a key has 8 leading zeros.
    for (int j = 0; j < numTests; j++) {
        int keySize = privKeys[j].getKeyValue().toByteArray().length;
        EcdsaKeyFormat ecdsaKeyFormat = EcdsaKeyFormat.parseFrom(keyTemplate.getValue());
        switch(ecdsaKeyFormat.getParams().getCurve()) {
            case NIST_P256:
                assertTrue(256 / 8 - 8 <= keySize);
                assertTrue(256 / 8 + 1 >= keySize);
                break;
            case NIST_P384:
                assertTrue(384 / 8 - 8 <= keySize);
                assertTrue(384 / 8 + 1 >= keySize);
                break;
            case NIST_P521:
                assertTrue(521 / 8 - 8 <= keySize);
                assertTrue(521 / 8 + 1 >= keySize);
                break;
            default:
                break;
        }
    }
    // Test whether signer works correctly with the corresponding verifier.
    EcdsaVerifyKeyManager verifyManager = new EcdsaVerifyKeyManager();
    for (int j = 0; j < numTests; j++) {
        PublicKeySign signer = signManager.getPrimitive(privKeys[j]);
        byte[] signature = signer.sign(msg);
        for (int k = 0; k < numTests; k++) {
            PublicKeyVerify verifier = verifyManager.getPrimitive(privKeys[k].getPublicKey());
            if (j == k) {
                // The same key
                try {
                    verifier.verify(signature, msg);
                } catch (GeneralSecurityException ex) {
                    fail("Valid signature, should not throw exception");
                }
            } else {
                // Different keys
                try {
                    verifier.verify(signature, msg);
                    fail("Invalid signature, should have thrown exception");
                } catch (GeneralSecurityException expected) {
                // Expected
                }
            }
        }
    }
}
Also used : EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) GeneralSecurityException(java.security.GeneralSecurityException) ByteString(com.google.protobuf.ByteString) ECPoint(java.security.spec.ECPoint) TreeSet(java.util.TreeSet) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) PublicKeySign(com.google.crypto.tink.PublicKeySign)

Example 19 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class Ed25519PublicKeyManagerTest method createPrimitive_anotherKey_throws.

@Test
public void createPrimitive_anotherKey_throws() throws Exception {
    Ed25519PrivateKey privateKey = createPrivateKey();
    // Create a different key.
    Ed25519PublicKey publicKey = signManager.getPublicKey(createPrivateKey());
    PublicKeySign signer = signManager.getPrimitive(privateKey, PublicKeySign.class);
    PublicKeyVerify verifier = verifyManager.getPrimitive(publicKey, PublicKeyVerify.class);
    byte[] message = Random.randBytes(135);
    byte[] signature = signer.sign(message);
    assertThrows(GeneralSecurityException.class, () -> verifier.verify(signature, message));
}
Also used : Ed25519PrivateKey(com.google.crypto.tink.proto.Ed25519PrivateKey) Ed25519PublicKey(com.google.crypto.tink.proto.Ed25519PublicKey) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 20 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class PublicKeySignIntegrationTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
        // Signs with the primary private key.
        PublicKeySign signer = keysetHandle.getPrimitive(PublicKeySign.class);
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        if (keys[i].getOutputPrefixType() != OutputPrefixType.RAW) {
            byte[] prefix = Arrays.copyOfRange(sig, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
            assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
        }
        // Verifying with the primary public key should work.
        PublicKeyVerify verifier = TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[i].getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))).getPrimitive(PublicKeyVerify.class);
        try {
            verifier.verify(sig, plaintext);
        } catch (GeneralSecurityException ex) {
            fail("Valid signature, should not throw exception");
        }
        // Verifying with a random public key should fail.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        final PublicKeyVerify verifier2 = TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))).getPrimitive(PublicKeyVerify.class);
        assertThrows(GeneralSecurityException.class, () -> verifier2.verify(sig, plaintext));
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Aggregations

PublicKeySign (com.google.crypto.tink.PublicKeySign)28 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)23 Test (org.junit.Test)21 GeneralSecurityException (java.security.GeneralSecurityException)14 KeysetHandle (com.google.crypto.tink.KeysetHandle)10 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)9 Ed25519PrivateKey (com.google.crypto.tink.proto.Ed25519PrivateKey)7 Key (com.google.crypto.tink.proto.Keyset.Key)6 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3 RsaSsaPkcs1KeyFormat (com.google.crypto.tink.proto.RsaSsaPkcs1KeyFormat)3 RsaSsaPkcs1PrivateKey (com.google.crypto.tink.proto.RsaSsaPkcs1PrivateKey)3 RsaSsaPssKeyFormat (com.google.crypto.tink.proto.RsaSsaPssKeyFormat)3 RsaSsaPssPrivateKey (com.google.crypto.tink.proto.RsaSsaPssPrivateKey)3 Ed25519Verify (com.google.crypto.tink.subtle.Ed25519Verify)3 Ed25519PublicKey (com.google.crypto.tink.proto.Ed25519PublicKey)2 KeyData (com.google.crypto.tink.proto.KeyData)2 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)2 RsaSsaPkcs1PublicKey (com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey)2 RsaSsaPssPublicKey (com.google.crypto.tink.proto.RsaSsaPssPublicKey)2 MessageLite (com.google.protobuf.MessageLite)2