Example 26 with PublicKeySign
use of com.google.crypto.tink.PublicKeySign in project tink by google.
the class PublicKeySignWrapperTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
int j = keys.length;
for (int i = 0; i < j; i++) {
PrimitiveSet<PublicKeySign> primitives = TestUtil.createPrimitiveSet(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]), PublicKeySign.class);
// Signs with the primary private key.
PublicKeySign signer = new PublicKeySignWrapper().wrap(primitives);
byte[] plaintext = Random.randBytes(1211);
byte[] sig = signer.sign(plaintext);
if (keys[i].getOutputPrefixType() != OutputPrefixType.RAW) {
byte[] prefix = Arrays.copyOfRange(sig, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
}
// Verifying with the primary public key should work.
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[i].getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
try {
verifier.verify(sig, plaintext);
} catch (GeneralSecurityException ex) {
fail("Valid signature, should not throw exception");
}
// Verifying with a random public key should fail.
EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
final PublicKeyVerify verifier2 = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
assertThrows(GeneralSecurityException.class, () -> verifier2.verify(sig, plaintext));
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify)
EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)
EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)
Key(com.google.crypto.tink.proto.Keyset.Key)
PublicKeySign(com.google.crypto.tink.PublicKeySign)
Test(org.junit.Test)
Example 27 with PublicKeySign
use of com.google.crypto.tink.PublicKeySign in project tink by google.
the class RsaSsaPkcs1SignKeyManagerTest method createPrimitive.
@Test
public void createPrimitive() throws Exception {
if (TestUtil.isTsan()) {
// factory.createKey is too slow in Tsan.
return;
}
RsaSsaPkcs1KeyFormat format = createKeyFormat(HashType.SHA256, 3072, RSAKeyGenParameterSpec.F4);
RsaSsaPkcs1PrivateKey key = factory.createKey(format);
PublicKeySign signer = manager.getPrimitive(key, PublicKeySign.class);
KeyFactory kf = EngineFactory.KEY_FACTORY.getInstance("RSA");
BigInteger modulus = new BigInteger(1, key.getPublicKey().getN().toByteArray());
BigInteger exponent = new BigInteger(1, key.getPublicKey().getE().toByteArray());
RSAPublicKey publicKey = (RSAPublicKey) kf.generatePublic(new RSAPublicKeySpec(modulus, exponent));
PublicKeyVerify verifier = new RsaSsaPkcs1VerifyJce(publicKey, SigUtil.toHashType(key.getPublicKey().getParams().getHashType()));
byte[] message = Random.randBytes(135);
verifier.verify(signer.sign(message), message);
}
Also used :
RsaSsaPkcs1PrivateKey(com.google.crypto.tink.proto.RsaSsaPkcs1PrivateKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify)
BigInteger(java.math.BigInteger)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
PublicKeySign(com.google.crypto.tink.PublicKeySign)
KeyFactory(java.security.KeyFactory)
RsaSsaPkcs1KeyFormat(com.google.crypto.tink.proto.RsaSsaPkcs1KeyFormat)
RsaSsaPkcs1VerifyJce(com.google.crypto.tink.subtle.RsaSsaPkcs1VerifyJce)
Test(org.junit.Test)
Example 28 with PublicKeySign
use of com.google.crypto.tink.PublicKeySign in project tink by google.
the class CreatePublicKeysetCommandTest method assertSignature.
private void assertSignature(KeysetReader privateReader, KeysetReader publicReader) throws Exception {
byte[] message = Random.randBytes(10);
KeysetHandle privateHandle = CleartextKeysetHandle.read(privateReader);
PublicKeySign signer = privateHandle.getPrimitive(PublicKeySign.class);
KeysetHandle publicHandle = CleartextKeysetHandle.read(publicReader);
PublicKeyVerify verifier = publicHandle.getPrimitive(PublicKeyVerify.class);
verifier.verify(signer.sign(message), message);
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle)
PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify)
PublicKeySign(com.google.crypto.tink.PublicKeySign)
Aggregations
PublicKeySign (com.google.crypto.tink.PublicKeySign)28
PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)23
Test (org.junit.Test)21
GeneralSecurityException (java.security.GeneralSecurityException)14
KeysetHandle (com.google.crypto.tink.KeysetHandle)10
EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)9
Ed25519PrivateKey (com.google.crypto.tink.proto.Ed25519PrivateKey)7
Key (com.google.crypto.tink.proto.Keyset.Key)6
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3
RsaSsaPkcs1KeyFormat (com.google.crypto.tink.proto.RsaSsaPkcs1KeyFormat)3
RsaSsaPkcs1PrivateKey (com.google.crypto.tink.proto.RsaSsaPkcs1PrivateKey)3
RsaSsaPssKeyFormat (com.google.crypto.tink.proto.RsaSsaPssKeyFormat)3
RsaSsaPssPrivateKey (com.google.crypto.tink.proto.RsaSsaPssPrivateKey)3
Ed25519Verify (com.google.crypto.tink.subtle.Ed25519Verify)3
Ed25519PublicKey (com.google.crypto.tink.proto.Ed25519PublicKey)2
KeyData (com.google.crypto.tink.proto.KeyData)2
KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)2
RsaSsaPkcs1PublicKey (com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey)2
RsaSsaPssPublicKey (com.google.crypto.tink.proto.RsaSsaPssPublicKey)2
MessageLite (com.google.protobuf.MessageLite)2
