use of com.google.crypto.tink.PublicKeySign in project tink by google.
the class RsaSsaPkcs1VerifyKeyManagerTest method createPrimitive.
@Test
public void createPrimitive() throws Exception {
if (TestUtil.isTsan()) {
// factory.createKey is too slow in Tsan.
return;
}
RsaSsaPkcs1KeyFormat keyFormat = RsaSsaPkcs1KeyFormat.newBuilder().setParams(RsaSsaPkcs1Params.newBuilder().setHashType(HashType.SHA256)).setModulusSizeInBits(3072).setPublicExponent(ByteString.copyFrom(RSAKeyGenParameterSpec.F4.toByteArray())).build();
RsaSsaPkcs1PrivateKey privateKey = factory.createKey(keyFormat);
RsaSsaPkcs1PublicKey publicKey = signManager.getPublicKey(privateKey);
PublicKeySign signer = signManager.getPrimitive(privateKey, PublicKeySign.class);
PublicKeyVerify verifier = verifyManager.getPrimitive(publicKey, PublicKeyVerify.class);
byte[] message = Random.randBytes(135);
verifier.verify(signer.sign(message), message);
}
use of com.google.crypto.tink.PublicKeySign in project tink by google.
the class RsaSsaPssVerifyKeyManagerTest method createPrimitive_anotherKey_throws.
@Test
public void createPrimitive_anotherKey_throws() throws Exception {
if (TestUtil.isTsan()) {
// factory.createKey is too slow in Tsan.
return;
}
RsaSsaPssKeyFormat keyFormat = RsaSsaPssKeyFormat.newBuilder().setParams(RsaSsaPssParams.newBuilder().setSigHash(HashType.SHA256).setMgf1Hash(HashType.SHA256).setSaltLength(32)).setModulusSizeInBits(3072).setPublicExponent(ByteString.copyFrom(RSAKeyGenParameterSpec.F4.toByteArray())).build();
RsaSsaPssPrivateKey privateKey = factory.createKey(keyFormat);
// Create a different key.
RsaSsaPssPublicKey publicKey = signManager.getPublicKey(factory.createKey(keyFormat));
PublicKeySign signer = signManager.getPrimitive(privateKey, PublicKeySign.class);
PublicKeyVerify verifier = verifyManager.getPrimitive(publicKey, PublicKeyVerify.class);
byte[] message = Random.randBytes(135);
byte[] signature = signer.sign(message);
assertThrows(GeneralSecurityException.class, () -> verifier.verify(signature, message));
}
use of com.google.crypto.tink.PublicKeySign in project tink by google.
the class SenderIntermediateCertFactory method create.
/**
* Creates the certificate.
*
* <p>This will return a serialized JSONObject in the following format:
*
* <pre>
* {
* // {
* // // A string that identifies this cert
* // "keyValue": "ZXBoZW1lcmFsUHVibGljS2V5"
* // // string (UTC milliseconds since epoch)
* // "expiration": "1520836260646",
* // }
* "signedKey": "... serialized JSON shown in comment above ...",
* "signatures": ["signature1", "signature2", ...],
* }
* </pre>
*/
public String create() throws GeneralSecurityException {
String signedKey = jsonEncodeSignedKey(intermediateSigningKey, expiration);
byte[] toSignBytes = PaymentMethodTokenUtil.toLengthValue(// The order of the parameters matters.
senderId, protocolVersion, signedKey);
ArrayList<String> signatures = new ArrayList<>();
for (PublicKeySign signer : signers) {
byte[] signature = signer.sign(toSignBytes);
signatures.add(Base64.encode(signature));
}
return jsonEncodeCertificate(signedKey, signatures);
}
use of com.google.crypto.tink.PublicKeySign in project tink by google.
the class Ed25519PrivateKeyManagerTest method testDeriveKeySignVerify.
@Test
public void testDeriveKeySignVerify() throws Exception {
byte[] keyMaterial = Random.randBytes(100);
Ed25519PrivateKey key = factory.deriveKey(Ed25519KeyFormat.newBuilder().setVersion(0).build(), new ByteArrayInputStream(keyMaterial));
PublicKeySign signer = manager.getPrimitive(key, PublicKeySign.class);
PublicKeyVerify verifier = new Ed25519Verify(key.getPublicKey().getKeyValue().toByteArray());
byte[] message = Random.randBytes(135);
verifier.verify(signer.sign(message), message);
}
use of com.google.crypto.tink.PublicKeySign in project tink by google.
the class PublicKeySignFactoryTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
int j = keys.length;
for (int i = 0; i < j; i++) {
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
// Signs with the primary private key.
PublicKeySign signer = PublicKeySignFactory.getPrimitive(keysetHandle);
byte[] plaintext = Random.randBytes(1211);
byte[] sig = signer.sign(plaintext);
if (keys[i].getOutputPrefixType() != OutputPrefixType.RAW) {
byte[] prefix = Arrays.copyOfRange(sig, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
}
// Verifying with the primary public key should work.
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[i].getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
try {
verifier.verify(sig, plaintext);
} catch (GeneralSecurityException ex) {
fail("Valid signature, should not throw exception");
}
// Verifying with a random public key should fail.
EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
final PublicKeyVerify verifier2 = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
assertThrows(GeneralSecurityException.class, () -> verifier2.verify(sig, plaintext));
}
}
Aggregations