Examples with PublicKeyVerify com.google.crypto.tink.PublicKeyVerify used on opensource projects

Search in sources :

Example 6 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class EcdsaVerifyKeyManagerTest method testGetPrimitiveWithUnsupportedEncoding.

@Test
public void testGetPrimitiveWithUnsupportedEncoding() throws Exception {
    ECParameterSpec ecParams = EllipticCurves.getCurveSpec(SigUtil.toCurveType(EllipticCurveType.NIST_P256));
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(ecParams);
    KeyPair keyPair = keyGen.generateKeyPair();
    ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
    ECPrivateKey unusedPrivKey = (ECPrivateKey) keyPair.getPrivate();
    // Create PublicKeyVerify.
    ECPoint w = pubKey.getW();
    try {
        PublicKeyVerify unusedVerifier = createVerifier(HashType.SHA256, EllipticCurveType.NIST_P256, EcdsaSignatureEncoding.IEEE_P1363, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
        fail("Unsupported encoding, should have thrown exception.");
    } catch (GeneralSecurityException expected) {
    // Expected
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) KeyPairGenerator(java.security.KeyPairGenerator) ECPoint(java.security.spec.ECPoint) Test(org.junit.Test)

Example 7 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class PublicKeyVerifyFactoryTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
        PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(keysetHandle);
        // Signature from any keys in the keyset should be valid.
        for (int k = 0; k < j; k++) {
            PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[k], EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), keys[k].getKeyId(), KeyStatusType.ENABLED, keys[k].getOutputPrefixType()))));
            byte[] plaintext = Random.randBytes(1211);
            byte[] sig = signer.sign(plaintext);
            try {
                verifier.verify(sig, plaintext);
            } catch (GeneralSecurityException ex) {
                fail("Valid signature, should not throw exception: " + k);
            }
        }
        // Signature from a random key should be invalid.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, keys[0].getOutputPrefixType()))));
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        try {
            verifier.verify(sig, plaintext);
            fail("Invalid signature, should have thrown exception");
        } catch (GeneralSecurityException expected) {
        // Expected
        }
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 8 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class CreatePublicKeysetCommandTest method assertSignature.

private void assertSignature(KeysetReader privateReader, KeysetReader publicReader) throws Exception {
    byte[] message = Random.randBytes(10);
    PublicKeySign signer = PublicKeySignFactory.getPrimitive(CleartextKeysetHandle.read(privateReader));
    PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(CleartextKeysetHandle.read(publicReader));
    verifier.verify(signer.sign(message), message);
}
Also used : PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) PublicKeySign(com.google.crypto.tink.PublicKeySign)

Example 9 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class PublicKeySignFactoryTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
        // Signs with the primary private key.
        PublicKeySign signer = PublicKeySignFactory.getPrimitive(keysetHandle);
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        if (keys[i].getOutputPrefixType() != OutputPrefixType.RAW) {
            byte[] prefix = Arrays.copyOfRange(sig, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
            assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
        }
        // Verifying with the primary public key should work.
        PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[i].getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
        try {
            verifier.verify(sig, plaintext);
        } catch (GeneralSecurityException ex) {
            fail("Valid signature, should not throw exception");
        }
        // Verifying with a random public key should fail.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
        try {
            verifier.verify(sig, plaintext);
            fail("Invalid signature, should have thrown exception");
        } catch (GeneralSecurityException expected) {
        // Expected
        }
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 10 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class PublicKeyVerifyCatalogueTest method testBasic.

@Test
public void testBasic() throws Exception {
    PublicKeyVerifyCatalogue catalogue = new PublicKeyVerifyCatalogue();
    // Check a single key type for verifying, incl. case-insensitve primitive name.
    String keyType = "type.googleapis.com/google.crypto.tink.Ed25519PublicKey";
    {
        KeyManager<PublicKeyVerify> manager = catalogue.getKeyManager(keyType, "PublicKeyVerify", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<PublicKeyVerify> manager = catalogue.getKeyManager(keyType, "PUBLicKeYVerIFY", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    {
        KeyManager<PublicKeyVerify> manager = catalogue.getKeyManager(keyType, "PUBLICKEYVERIFY", 0);
        assertThat(manager.doesSupport(keyType)).isTrue();
    }
    // Check all entries from the current SignatureConfig.
    RegistryConfig config = SignatureConfig.TINK_1_0_0;
    int count = 0;
    for (KeyTypeEntry entry : config.getEntryList()) {
        if ("PublicKeyVerify".equals(entry.getPrimitiveName())) {
            count = count + 1;
            KeyManager<PublicKeyVerify> manager = catalogue.getKeyManager(entry.getTypeUrl(), "publickeyverify", entry.getKeyManagerVersion());
            assertThat(manager.doesSupport(entry.getTypeUrl())).isTrue();
        }
    }
    assertEquals(2, count);
}
Also used : RegistryConfig(com.google.crypto.tink.proto.RegistryConfig) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) KeyTypeEntry(com.google.crypto.tink.proto.KeyTypeEntry) KeyManager(com.google.crypto.tink.KeyManager) Test(org.junit.Test)

Aggregations

PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)14 GeneralSecurityException (java.security.GeneralSecurityException)12 Test (org.junit.Test)11 PublicKeySign (com.google.crypto.tink.PublicKeySign)8 KeysetHandle (com.google.crypto.tink.KeysetHandle)5 ECPoint (java.security.spec.ECPoint)5 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)4 Ed25519PrivateKey (com.google.crypto.tink.proto.Ed25519PrivateKey)3 KeyPair (java.security.KeyPair)3 KeyPairGenerator (java.security.KeyPairGenerator)3 ECPrivateKey (java.security.interfaces.ECPrivateKey)3 ECPublicKey (java.security.interfaces.ECPublicKey)3 ECParameterSpec (java.security.spec.ECParameterSpec)3 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2 HashType (com.google.crypto.tink.proto.HashType)2 KeyData (com.google.crypto.tink.proto.KeyData)2 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)2 Key (com.google.crypto.tink.proto.Keyset.Key)2 MessageLite (com.google.protobuf.MessageLite)2 KeyManager (com.google.crypto.tink.KeyManager)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial