Search in sources :

Example 6 with EcdsaKeyFormat

use of com.google.crypto.tink.proto.EcdsaKeyFormat in project tink by google.

the class EcdsaSignKeyManagerTest method testNewKeyUnsupportedEncoding.

@Test
public void testNewKeyUnsupportedEncoding() throws Exception {
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    EcdsaParams ecdsaParams = EcdsaParams.newBuilder().setHashType(HashType.SHA256).setCurve(EllipticCurveType.NIST_P256).setEncoding(EcdsaSignatureEncoding.IEEE_P1363).build();
    EcdsaKeyFormat ecdsaFormat = EcdsaKeyFormat.newBuilder().setParams(ecdsaParams).build();
    try {
        signManager.newKey(ecdsaFormat);
        fail("Unsupported encoding, should have thrown exception");
    } catch (GeneralSecurityException expecpted) {
    // Raw encoding is not supported yet.
    }
}
Also used : EcdsaParams(com.google.crypto.tink.proto.EcdsaParams) EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) GeneralSecurityException(java.security.GeneralSecurityException) Test(org.junit.Test)

Example 7 with EcdsaKeyFormat

use of com.google.crypto.tink.proto.EcdsaKeyFormat in project tink by google.

the class EcdsaSignKeyManagerTest method testNewKeyWithVerifier.

private void testNewKeyWithVerifier(KeyTemplate keyTemplate) throws Exception {
    // Call newKey multiple times and make sure that it generates different keys.
    int numTests = 9;
    EcdsaPrivateKey[] privKeys = new EcdsaPrivateKey[numTests];
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    Set<String> keys = new TreeSet<String>();
    for (int j = 0; j < numTests / 3; j++) {
        privKeys[3 * j] = (EcdsaPrivateKey) signManager.newKey(EcdsaKeyFormat.parseFrom(keyTemplate.getValue()));
        keys.add(TestUtil.hexEncode(privKeys[3 * j].toByteArray()));
        privKeys[3 * j + 1] = (EcdsaPrivateKey) signManager.newKey(keyTemplate.getValue());
        keys.add(TestUtil.hexEncode(privKeys[3 * j + 1].toByteArray()));
        privKeys[3 * j + 2] = EcdsaPrivateKey.parseFrom(signManager.newKeyData(keyTemplate.getValue()).getValue());
        keys.add(TestUtil.hexEncode(privKeys[3 * j + 2].toByteArray()));
    }
    assertEquals(numTests, keys.size());
    // failure is 2^-64 which happens when a key has 8 leading zeros.
    for (int j = 0; j < numTests; j++) {
        int keySize = privKeys[j].getKeyValue().toByteArray().length;
        EcdsaKeyFormat ecdsaKeyFormat = EcdsaKeyFormat.parseFrom(keyTemplate.getValue());
        switch(ecdsaKeyFormat.getParams().getCurve()) {
            case NIST_P256:
                assertTrue(256 / 8 - 8 <= keySize);
                assertTrue(256 / 8 + 1 >= keySize);
                break;
            case NIST_P384:
                assertTrue(384 / 8 - 8 <= keySize);
                assertTrue(384 / 8 + 1 >= keySize);
                break;
            case NIST_P521:
                assertTrue(521 / 8 - 8 <= keySize);
                assertTrue(521 / 8 + 1 >= keySize);
                break;
            default:
                break;
        }
    }
    // Test whether signer works correctly with the corresponding verifier.
    EcdsaVerifyKeyManager verifyManager = new EcdsaVerifyKeyManager();
    for (int j = 0; j < numTests; j++) {
        PublicKeySign signer = signManager.getPrimitive(privKeys[j]);
        byte[] signature = signer.sign(msg);
        for (int k = 0; k < numTests; k++) {
            PublicKeyVerify verifier = verifyManager.getPrimitive(privKeys[k].getPublicKey());
            if (j == k) {
                // The same key
                try {
                    verifier.verify(signature, msg);
                } catch (GeneralSecurityException ex) {
                    fail("Valid signature, should not throw exception");
                }
            } else {
                // Different keys
                try {
                    verifier.verify(signature, msg);
                    fail("Invalid signature, should have thrown exception");
                } catch (GeneralSecurityException expected) {
                // Expected
                }
            }
        }
    }
}
Also used : EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) GeneralSecurityException(java.security.GeneralSecurityException) ByteString(com.google.protobuf.ByteString) ECPoint(java.security.spec.ECPoint) TreeSet(java.util.TreeSet) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) PublicKeySign(com.google.crypto.tink.PublicKeySign)

Example 8 with EcdsaKeyFormat

use of com.google.crypto.tink.proto.EcdsaKeyFormat in project tink by google.

the class EcdsaSignKeyManagerTest method testNewKeyUnsupportedKeyFormat.

private void testNewKeyUnsupportedKeyFormat(HashAndCurveType hashAndCurve) throws Exception {
    HashType hashType = hashAndCurve.hashType;
    EllipticCurveType curveType = hashAndCurve.curveType;
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    EcdsaParams ecdsaParams = EcdsaParams.newBuilder().setHashType(hashType).setCurve(curveType).setEncoding(EcdsaSignatureEncoding.DER).build();
    EcdsaKeyFormat ecdsaFormat = EcdsaKeyFormat.newBuilder().setParams(ecdsaParams).build();
    try {
        EcdsaPrivateKey unusedPrivKey = (EcdsaPrivateKey) signManager.newKey(ecdsaFormat);
        fail("Unsupported key format, should have thrown exception: " + hashType + " " + curveType);
    } catch (GeneralSecurityException expected) {
    // Expected
    }
}
Also used : EcdsaParams(com.google.crypto.tink.proto.EcdsaParams) EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)

Example 9 with EcdsaKeyFormat

use of com.google.crypto.tink.proto.EcdsaKeyFormat in project tink by google.

the class SignatureKeyTemplatesTest method testECDSA_P256.

@Test
public void testECDSA_P256() throws Exception {
    KeyTemplate template = SignatureKeyTemplates.ECDSA_P256;
    assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    EcdsaKeyFormat format = EcdsaKeyFormat.parseFrom(template.getValue());
    assertTrue(format.hasParams());
    assertEquals(HashType.SHA256, format.getParams().getHashType());
    assertEquals(EllipticCurveType.NIST_P256, format.getParams().getCurve());
    assertEquals(EcdsaSignatureEncoding.DER, format.getParams().getEncoding());
}
Also used : EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Aggregations

EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)9 Test (org.junit.Test)5 EcdsaParams (com.google.crypto.tink.proto.EcdsaParams)4 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)4 GeneralSecurityException (java.security.GeneralSecurityException)4 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)2 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2 HashType (com.google.crypto.tink.proto.HashType)2 ECPoint (java.security.spec.ECPoint)2 PublicKeySign (com.google.crypto.tink.PublicKeySign)1 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)1 EcdsaPublicKey (com.google.crypto.tink.proto.EcdsaPublicKey)1 EcdsaSignatureEncoding (com.google.crypto.tink.proto.EcdsaSignatureEncoding)1 ByteString (com.google.protobuf.ByteString)1 KeyPair (java.security.KeyPair)1 ECPrivateKey (java.security.interfaces.ECPrivateKey)1 ECPublicKey (java.security.interfaces.ECPublicKey)1 TreeSet (java.util.TreeSet)1