use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.
the class EcdsaSignKeyManagerTest method testGetPublicKeyData.
/**
* Tests that a public key is extracted properly from a private key.
*/
@Test
public void testGetPublicKeyData() throws Exception {
KeysetHandle privateHandle = KeysetHandle.generateNew(SignatureKeyTemplates.ECDSA_P256);
KeyData privateKeyData = TestUtil.getKeyset(privateHandle).getKey(0).getKeyData();
EcdsaSignKeyManager privateManager = new EcdsaSignKeyManager();
KeyData publicKeyData = privateManager.getPublicKeyData(privateKeyData.getValue());
assertEquals(EcdsaVerifyKeyManager.TYPE_URL, publicKeyData.getTypeUrl());
assertEquals(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, publicKeyData.getKeyMaterialType());
EcdsaPrivateKey privateKey = EcdsaPrivateKey.parseFrom(privateKeyData.getValue());
assertArrayEquals(privateKey.getPublicKey().toByteArray(), publicKeyData.getValue().toByteArray());
EcdsaVerifyKeyManager publicManager = new EcdsaVerifyKeyManager();
PublicKeySign signer = privateManager.getPrimitive(privateKeyData.getValue());
PublicKeyVerify verifier = publicManager.getPrimitive(publicKeyData.getValue());
byte[] message = Random.randBytes(20);
try {
verifier.verify(signer.sign(message), message);
} catch (GeneralSecurityException e) {
fail("Should not fail: " + e);
}
}
use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.
the class PublicKeyVerifyFactoryTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
int j = keys.length;
for (int i = 0; i < j; i++) {
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(keysetHandle);
// Signature from any keys in the keyset should be valid.
for (int k = 0; k < j; k++) {
PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[k], EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), keys[k].getKeyId(), KeyStatusType.ENABLED, keys[k].getOutputPrefixType()))));
byte[] plaintext = Random.randBytes(1211);
byte[] sig = signer.sign(plaintext);
try {
verifier.verify(sig, plaintext);
} catch (GeneralSecurityException ex) {
fail("Valid signature, should not throw exception: " + k);
}
}
// Signature from a random key should be invalid.
EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, keys[0].getOutputPrefixType()))));
byte[] plaintext = Random.randBytes(1211);
byte[] sig = signer.sign(plaintext);
try {
verifier.verify(sig, plaintext);
fail("Invalid signature, should have thrown exception");
} catch (GeneralSecurityException expected) {
// Expected
}
}
}
use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.
the class EcdsaSignKeyManagerTest method testGetPrimitiveWithUnsupportedKey.
private void testGetPrimitiveWithUnsupportedKey(HashAndCurveType hashAndCurve) throws Exception {
HashType hashType = hashAndCurve.hashType;
EllipticCurveType curveType = hashAndCurve.curveType;
KeyPair keyPair = EllipticCurves.generateKeyPair(SigUtil.toCurveType(curveType));
ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
ECPoint w = pubKey.getW();
EcdsaPublicKey ecdsaPubKey = TestUtil.createEcdsaPubKey(hashType, curveType, EcdsaSignatureEncoding.DER, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
EcdsaPrivateKey ecdsaPrivKey = TestUtil.createEcdsaPrivKey(ecdsaPubKey, privKey.getS().toByteArray());
EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
try {
PublicKeySign unusedSigner = signManager.getPrimitive(ecdsaPrivKey);
fail("Unsupported key, should have thrown exception: " + hashType + " " + curveType);
} catch (GeneralSecurityException expected) {
// Expected
}
}
use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.
the class KeysetHandleTest method testGetPublicKeysetHandle.
/**
* Tests a public keyset is extracted properly from a private keyset.
*/
@Test
public void testGetPublicKeysetHandle() throws Exception {
KeysetHandle privateHandle = KeysetHandle.generateNew(SignatureKeyTemplates.ECDSA_P256);
KeyData privateKeyData = privateHandle.getKeyset().getKey(0).getKeyData();
EcdsaPrivateKey privateKey = EcdsaPrivateKey.parseFrom(privateKeyData.getValue());
KeysetHandle publicHandle = privateHandle.getPublicKeysetHandle();
assertEquals(1, publicHandle.getKeyset().getKeyCount());
assertEquals(privateHandle.getKeyset().getPrimaryKeyId(), publicHandle.getKeyset().getPrimaryKeyId());
KeyData publicKeyData = publicHandle.getKeyset().getKey(0).getKeyData();
assertEquals(SignatureConfig.ECDSA_PUBLIC_KEY_TYPE_URL, publicKeyData.getTypeUrl());
assertEquals(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, publicKeyData.getKeyMaterialType());
assertArrayEquals(privateKey.getPublicKey().toByteArray(), publicKeyData.getValue().toByteArray());
PublicKeySign signer = PublicKeySignFactory.getPrimitive(privateHandle);
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(publicHandle);
byte[] message = Random.randBytes(20);
try {
verifier.verify(signer.sign(message), message);
} catch (GeneralSecurityException e) {
fail("Should not fail: " + e);
}
}
use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.
the class EcdsaSignKeyManager method getPrimitive.
/**
* @param key {@code EcdsaPrivateKey} proto
*/
@Override
public PublicKeySign getPrimitive(MessageLite key) throws GeneralSecurityException {
if (!(key instanceof EcdsaPrivateKey)) {
throw new GeneralSecurityException("expected EcdsaPrivateKey proto");
}
EcdsaPrivateKey keyProto = (EcdsaPrivateKey) key;
validateKey(keyProto);
ECPrivateKey privateKey = EllipticCurves.getEcPrivateKey(SigUtil.toCurveType(keyProto.getPublicKey().getParams().getCurve()), keyProto.getKeyValue().toByteArray());
return new EcdsaSignJce(privateKey, SigUtil.toEcdsaAlgo(keyProto.getPublicKey().getParams().getHashType()));
}
Aggregations