Examples with PublicKeyVerify com.google.crypto.tink.PublicKeyVerify used on opensource projects

Search in sources :

Example 11 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class Ed25519PublicKeyManagerTest method testModifiedSignature.

@Test
public void testModifiedSignature() throws Exception {
    Ed25519PrivateKeyManager manager = new Ed25519PrivateKeyManager();
    KeyTemplate template = SignatureKeyTemplates.ED25519;
    MessageLite key = manager.newKey(template);
    Ed25519PrivateKey keyProto = (Ed25519PrivateKey) key;
    PublicKeySign signer = manager.getPrimitive(key);
    byte[] message = Random.randBytes(20);
    byte[] signature = signer.sign(message);
    Ed25519PublicKeyManager publicKeyManager = new Ed25519PublicKeyManager();
    PublicKeyVerify verifier = publicKeyManager.getPrimitive(keyProto.getPublicKey());
    try {
        verifier.verify(signature, message);
    } catch (GeneralSecurityException e) {
        fail("Did not expect GeneralSecurityException: " + e);
    }
    // Flip bits in message.
    for (int i = 0; i < message.length; i++) {
        byte[] copy = Arrays.copyOf(message, message.length);
        copy[i] = (byte) (copy[i] ^ 0xff);
        try {
            verifier.verify(signature, copy);
            fail("Expected GeneralSecurityException");
        } catch (GeneralSecurityException e) {
            assertExceptionContains(e, "Signature check failed.");
        }
    }
    // Flip bits in signature.
    // Flip the last byte.
    byte[] copySig = Arrays.copyOf(signature, signature.length);
    copySig[copySig.length - 1] = (byte) (copySig[copySig.length - 1] ^ 0xff);
    try {
        verifier.verify(copySig, message);
        fail("Expected GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "Signature check failed.");
    }
    // Flip other bytes.
    for (int i = 0; i < signature.length - 1; i++) {
        byte[] copy = Arrays.copyOf(signature, signature.length);
        copy[i] = (byte) (copy[i] ^ 0xff);
        try {
            verifier.verify(copy, message);
            fail("Expected GeneralSecurityException");
        } catch (GeneralSecurityException e) {
            assertExceptionContains(e, "Signature check failed.");
        }
    }
}
Also used : Ed25519PrivateKey(com.google.crypto.tink.proto.Ed25519PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) MessageLite(com.google.protobuf.MessageLite) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 12 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class EcdsaSignKeyManagerTest method testNewKeyWithVerifier.

private void testNewKeyWithVerifier(KeyTemplate keyTemplate) throws Exception {
    // Call newKey multiple times and make sure that it generates different keys.
    int numTests = 9;
    EcdsaPrivateKey[] privKeys = new EcdsaPrivateKey[numTests];
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    Set<String> keys = new TreeSet<String>();
    for (int j = 0; j < numTests / 3; j++) {
        privKeys[3 * j] = (EcdsaPrivateKey) signManager.newKey(EcdsaKeyFormat.parseFrom(keyTemplate.getValue()));
        keys.add(TestUtil.hexEncode(privKeys[3 * j].toByteArray()));
        privKeys[3 * j + 1] = (EcdsaPrivateKey) signManager.newKey(keyTemplate.getValue());
        keys.add(TestUtil.hexEncode(privKeys[3 * j + 1].toByteArray()));
        privKeys[3 * j + 2] = EcdsaPrivateKey.parseFrom(signManager.newKeyData(keyTemplate.getValue()).getValue());
        keys.add(TestUtil.hexEncode(privKeys[3 * j + 2].toByteArray()));
    }
    assertEquals(numTests, keys.size());
    // failure is 2^-64 which happens when a key has 8 leading zeros.
    for (int j = 0; j < numTests; j++) {
        int keySize = privKeys[j].getKeyValue().toByteArray().length;
        EcdsaKeyFormat ecdsaKeyFormat = EcdsaKeyFormat.parseFrom(keyTemplate.getValue());
        switch(ecdsaKeyFormat.getParams().getCurve()) {
            case NIST_P256:
                assertTrue(256 / 8 - 8 <= keySize);
                assertTrue(256 / 8 + 1 >= keySize);
                break;
            case NIST_P384:
                assertTrue(384 / 8 - 8 <= keySize);
                assertTrue(384 / 8 + 1 >= keySize);
                break;
            case NIST_P521:
                assertTrue(521 / 8 - 8 <= keySize);
                assertTrue(521 / 8 + 1 >= keySize);
                break;
            default:
                break;
        }
    }
    // Test whether signer works correctly with the corresponding verifier.
    EcdsaVerifyKeyManager verifyManager = new EcdsaVerifyKeyManager();
    for (int j = 0; j < numTests; j++) {
        PublicKeySign signer = signManager.getPrimitive(privKeys[j]);
        byte[] signature = signer.sign(msg);
        for (int k = 0; k < numTests; k++) {
            PublicKeyVerify verifier = verifyManager.getPrimitive(privKeys[k].getPublicKey());
            if (j == k) {
                // The same key
                try {
                    verifier.verify(signature, msg);
                } catch (GeneralSecurityException ex) {
                    fail("Valid signature, should not throw exception");
                }
            } else {
                // Different keys
                try {
                    verifier.verify(signature, msg);
                    fail("Invalid signature, should have thrown exception");
                } catch (GeneralSecurityException expected) {
                // Expected
                }
            }
        }
    }
}
Also used : EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) GeneralSecurityException(java.security.GeneralSecurityException) ByteString(com.google.protobuf.ByteString) ECPoint(java.security.spec.ECPoint) TreeSet(java.util.TreeSet) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) PublicKeySign(com.google.crypto.tink.PublicKeySign)

Example 13 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class EcdsaVerifyKeyManagerTest method testGetPrimitiveWithUnsupportedKey.

@Test
public void testGetPrimitiveWithUnsupportedKey() throws Exception {
    HashAndCurveType[] hashAndCurves = { new HashAndCurveType(HashType.SHA1, EllipticCurveType.NIST_P256), new HashAndCurveType(HashType.SHA1, EllipticCurveType.NIST_P384), new HashAndCurveType(HashType.SHA1, EllipticCurveType.NIST_P521), new HashAndCurveType(HashType.SHA256, EllipticCurveType.NIST_P384), new HashAndCurveType(HashType.SHA256, EllipticCurveType.NIST_P521), new HashAndCurveType(HashType.SHA512, EllipticCurveType.NIST_P256) };
    for (int i = 0; i < hashAndCurves.length; i++) {
        HashType hashType = hashAndCurves[i].hashType;
        EllipticCurveType curveType = hashAndCurves[i].curveType;
        ECParameterSpec ecParams = EllipticCurves.getCurveSpec(SigUtil.toCurveType(curveType));
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
        keyGen.initialize(ecParams);
        KeyPair keyPair = keyGen.generateKeyPair();
        ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
        ECPrivateKey unusedPrivKey = (ECPrivateKey) keyPair.getPrivate();
        // Create PublicKeyVerify.
        ECPoint w = pubKey.getW();
        try {
            PublicKeyVerify unusedVerifier = createVerifier(hashType, curveType, EcdsaSignatureEncoding.DER, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
            fail("Unsupported key, should have thrown exception: " + hashType + " " + curveType);
        } catch (GeneralSecurityException expected) {
        // Expected
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) KeyPairGenerator(java.security.KeyPairGenerator) ECPoint(java.security.spec.ECPoint) ECPoint(java.security.spec.ECPoint) ECPublicKey(java.security.interfaces.ECPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) Test(org.junit.Test)

Example 14 with PublicKeyVerify

use of com.google.crypto.tink.PublicKeyVerify in project tink by google.

the class EcdsaVerifyKeyManagerTest method testGetPrimitiveWithJCE.

@Test
public void testGetPrimitiveWithJCE() throws Exception {
    HashAndCurveType[] hashAndCurves = { new HashAndCurveType(HashType.SHA256, EllipticCurveType.NIST_P256), new HashAndCurveType(HashType.SHA512, EllipticCurveType.NIST_P384), new HashAndCurveType(HashType.SHA512, EllipticCurveType.NIST_P521) };
    for (int i = 0; i < hashAndCurves.length; i++) {
        HashType hashType = hashAndCurves[i].hashType;
        EllipticCurveType curveType = hashAndCurves[i].curveType;
        ECParameterSpec ecParams = EllipticCurves.getCurveSpec(SigUtil.toCurveType(curveType));
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
        keyGen.initialize(ecParams);
        KeyPair keyPair = keyGen.generateKeyPair();
        ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
        ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
        // Sign with JCE's Signature.
        Signature signer = Signature.getInstance(SigUtil.toEcdsaAlgo(hashType));
        signer.initSign(privKey);
        byte[] msg = Random.randBytes(1231);
        signer.update(msg);
        byte[] signature = signer.sign();
        // Create PublicKeyVerify.
        ECPoint w = pubKey.getW();
        PublicKeyVerify verifier = createVerifier(hashType, curveType, EcdsaSignatureEncoding.DER, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
        try {
            verifier.verify(signature, msg);
        } catch (GeneralSecurityException e) {
            fail("Valid signature, should not throw exception");
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) KeyPairGenerator(java.security.KeyPairGenerator) ECPoint(java.security.spec.ECPoint) ECPoint(java.security.spec.ECPoint) ECPublicKey(java.security.interfaces.ECPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec) Signature(java.security.Signature) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) Test(org.junit.Test)

Aggregations

PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)14 GeneralSecurityException (java.security.GeneralSecurityException)12 Test (org.junit.Test)11 PublicKeySign (com.google.crypto.tink.PublicKeySign)8 KeysetHandle (com.google.crypto.tink.KeysetHandle)5 ECPoint (java.security.spec.ECPoint)5 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)4 Ed25519PrivateKey (com.google.crypto.tink.proto.Ed25519PrivateKey)3 KeyPair (java.security.KeyPair)3 KeyPairGenerator (java.security.KeyPairGenerator)3 ECPrivateKey (java.security.interfaces.ECPrivateKey)3 ECPublicKey (java.security.interfaces.ECPublicKey)3 ECParameterSpec (java.security.spec.ECParameterSpec)3 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2 HashType (com.google.crypto.tink.proto.HashType)2 KeyData (com.google.crypto.tink.proto.KeyData)2 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)2 Key (com.google.crypto.tink.proto.Keyset.Key)2 MessageLite (com.google.protobuf.MessageLite)2 KeyManager (com.google.crypto.tink.KeyManager)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial