use of com.google.crypto.tink.PublicKeyVerify in project tink by google.
the class EcdsaVerifyKeyManagerTest method testGetPrimitiveWithUnsupportedEncoding.
@Test
public void testGetPrimitiveWithUnsupportedEncoding() throws Exception {
ECParameterSpec ecParams = EllipticCurves.getCurveSpec(SigUtil.toCurveType(EllipticCurveType.NIST_P256));
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
keyGen.initialize(ecParams);
KeyPair keyPair = keyGen.generateKeyPair();
ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey unusedPrivKey = (ECPrivateKey) keyPair.getPrivate();
// Create PublicKeyVerify.
ECPoint w = pubKey.getW();
try {
PublicKeyVerify unusedVerifier = createVerifier(HashType.SHA256, EllipticCurveType.NIST_P256, EcdsaSignatureEncoding.IEEE_P1363, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
fail("Unsupported encoding, should have thrown exception.");
} catch (GeneralSecurityException expected) {
// Expected
}
}
use of com.google.crypto.tink.PublicKeyVerify in project tink by google.
the class PublicKeyVerifyFactoryTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
int j = keys.length;
for (int i = 0; i < j; i++) {
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(keysetHandle);
// Signature from any keys in the keyset should be valid.
for (int k = 0; k < j; k++) {
PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[k], EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), keys[k].getKeyId(), KeyStatusType.ENABLED, keys[k].getOutputPrefixType()))));
byte[] plaintext = Random.randBytes(1211);
byte[] sig = signer.sign(plaintext);
try {
verifier.verify(sig, plaintext);
} catch (GeneralSecurityException ex) {
fail("Valid signature, should not throw exception: " + k);
}
}
// Signature from a random key should be invalid.
EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, keys[0].getOutputPrefixType()))));
byte[] plaintext = Random.randBytes(1211);
byte[] sig = signer.sign(plaintext);
try {
verifier.verify(sig, plaintext);
fail("Invalid signature, should have thrown exception");
} catch (GeneralSecurityException expected) {
// Expected
}
}
}
use of com.google.crypto.tink.PublicKeyVerify in project tink by google.
the class CreatePublicKeysetCommandTest method assertSignature.
private void assertSignature(KeysetReader privateReader, KeysetReader publicReader) throws Exception {
byte[] message = Random.randBytes(10);
PublicKeySign signer = PublicKeySignFactory.getPrimitive(CleartextKeysetHandle.read(privateReader));
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(CleartextKeysetHandle.read(publicReader));
verifier.verify(signer.sign(message), message);
}
use of com.google.crypto.tink.PublicKeyVerify in project tink by google.
the class PublicKeySignFactoryTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
int j = keys.length;
for (int i = 0; i < j; i++) {
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
// Signs with the primary private key.
PublicKeySign signer = PublicKeySignFactory.getPrimitive(keysetHandle);
byte[] plaintext = Random.randBytes(1211);
byte[] sig = signer.sign(plaintext);
if (keys[i].getOutputPrefixType() != OutputPrefixType.RAW) {
byte[] prefix = Arrays.copyOfRange(sig, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
}
// Verifying with the primary public key should work.
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[i].getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
try {
verifier.verify(sig, plaintext);
} catch (GeneralSecurityException ex) {
fail("Valid signature, should not throw exception");
}
// Verifying with a random public key should fail.
EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
try {
verifier.verify(sig, plaintext);
fail("Invalid signature, should have thrown exception");
} catch (GeneralSecurityException expected) {
// Expected
}
}
}
use of com.google.crypto.tink.PublicKeyVerify in project tink by google.
the class PublicKeyVerifyCatalogueTest method testBasic.
@Test
public void testBasic() throws Exception {
PublicKeyVerifyCatalogue catalogue = new PublicKeyVerifyCatalogue();
// Check a single key type for verifying, incl. case-insensitve primitive name.
String keyType = "type.googleapis.com/google.crypto.tink.Ed25519PublicKey";
{
KeyManager<PublicKeyVerify> manager = catalogue.getKeyManager(keyType, "PublicKeyVerify", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
{
KeyManager<PublicKeyVerify> manager = catalogue.getKeyManager(keyType, "PUBLicKeYVerIFY", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
{
KeyManager<PublicKeyVerify> manager = catalogue.getKeyManager(keyType, "PUBLICKEYVERIFY", 0);
assertThat(manager.doesSupport(keyType)).isTrue();
}
// Check all entries from the current SignatureConfig.
RegistryConfig config = SignatureConfig.TINK_1_0_0;
int count = 0;
for (KeyTypeEntry entry : config.getEntryList()) {
if ("PublicKeyVerify".equals(entry.getPrimitiveName())) {
count = count + 1;
KeyManager<PublicKeyVerify> manager = catalogue.getKeyManager(entry.getTypeUrl(), "publickeyverify", entry.getKeyManagerVersion());
assertThat(manager.doesSupport(entry.getTypeUrl())).isTrue();
}
}
assertEquals(2, count);
}
Aggregations