Search in sources :

Example 1 with EcdsaPrivateKey

use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.

the class EcdsaSignKeyManagerTest method testGetPublicKeyData.

/**
 * Tests that a public key is extracted properly from a private key.
 */
@Test
public void testGetPublicKeyData() throws Exception {
    KeysetHandle privateHandle = KeysetHandle.generateNew(SignatureKeyTemplates.ECDSA_P256);
    KeyData privateKeyData = TestUtil.getKeyset(privateHandle).getKey(0).getKeyData();
    EcdsaSignKeyManager privateManager = new EcdsaSignKeyManager();
    KeyData publicKeyData = privateManager.getPublicKeyData(privateKeyData.getValue());
    assertEquals(EcdsaVerifyKeyManager.TYPE_URL, publicKeyData.getTypeUrl());
    assertEquals(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, publicKeyData.getKeyMaterialType());
    EcdsaPrivateKey privateKey = EcdsaPrivateKey.parseFrom(privateKeyData.getValue());
    assertArrayEquals(privateKey.getPublicKey().toByteArray(), publicKeyData.getValue().toByteArray());
    EcdsaVerifyKeyManager publicManager = new EcdsaVerifyKeyManager();
    PublicKeySign signer = privateManager.getPrimitive(privateKeyData.getValue());
    PublicKeyVerify verifier = publicManager.getPrimitive(publicKeyData.getValue());
    byte[] message = Random.randBytes(20);
    try {
        verifier.verify(signer.sign(message), message);
    } catch (GeneralSecurityException e) {
        fail("Should not fail: " + e);
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) PublicKeySign(com.google.crypto.tink.PublicKeySign) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 2 with EcdsaPrivateKey

use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.

the class PublicKeyVerifyFactoryTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
        PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(keysetHandle);
        // Signature from any keys in the keyset should be valid.
        for (int k = 0; k < j; k++) {
            PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[k], EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), keys[k].getKeyId(), KeyStatusType.ENABLED, keys[k].getOutputPrefixType()))));
            byte[] plaintext = Random.randBytes(1211);
            byte[] sig = signer.sign(plaintext);
            try {
                verifier.verify(sig, plaintext);
            } catch (GeneralSecurityException ex) {
                fail("Valid signature, should not throw exception: " + k);
            }
        }
        // Signature from a random key should be invalid.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, keys[0].getOutputPrefixType()))));
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        try {
            verifier.verify(sig, plaintext);
            fail("Invalid signature, should have thrown exception");
        } catch (GeneralSecurityException expected) {
        // Expected
        }
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 3 with EcdsaPrivateKey

use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.

the class EcdsaSignKeyManagerTest method testGetPrimitiveWithUnsupportedKey.

private void testGetPrimitiveWithUnsupportedKey(HashAndCurveType hashAndCurve) throws Exception {
    HashType hashType = hashAndCurve.hashType;
    EllipticCurveType curveType = hashAndCurve.curveType;
    KeyPair keyPair = EllipticCurves.generateKeyPair(SigUtil.toCurveType(curveType));
    ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
    ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
    ECPoint w = pubKey.getW();
    EcdsaPublicKey ecdsaPubKey = TestUtil.createEcdsaPubKey(hashType, curveType, EcdsaSignatureEncoding.DER, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
    EcdsaPrivateKey ecdsaPrivKey = TestUtil.createEcdsaPrivKey(ecdsaPubKey, privKey.getS().toByteArray());
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    try {
        PublicKeySign unusedSigner = signManager.getPrimitive(ecdsaPrivKey);
        fail("Unsupported key, should have thrown exception: " + hashType + " " + curveType);
    } catch (GeneralSecurityException expected) {
    // Expected
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey) HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) ECPoint(java.security.spec.ECPoint) PublicKeySign(com.google.crypto.tink.PublicKeySign)

Example 4 with EcdsaPrivateKey

use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.

the class KeysetHandleTest method testGetPublicKeysetHandle.

/**
 * Tests a public keyset is extracted properly from a private keyset.
 */
@Test
public void testGetPublicKeysetHandle() throws Exception {
    KeysetHandle privateHandle = KeysetHandle.generateNew(SignatureKeyTemplates.ECDSA_P256);
    KeyData privateKeyData = privateHandle.getKeyset().getKey(0).getKeyData();
    EcdsaPrivateKey privateKey = EcdsaPrivateKey.parseFrom(privateKeyData.getValue());
    KeysetHandle publicHandle = privateHandle.getPublicKeysetHandle();
    assertEquals(1, publicHandle.getKeyset().getKeyCount());
    assertEquals(privateHandle.getKeyset().getPrimaryKeyId(), publicHandle.getKeyset().getPrimaryKeyId());
    KeyData publicKeyData = publicHandle.getKeyset().getKey(0).getKeyData();
    assertEquals(SignatureConfig.ECDSA_PUBLIC_KEY_TYPE_URL, publicKeyData.getTypeUrl());
    assertEquals(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, publicKeyData.getKeyMaterialType());
    assertArrayEquals(privateKey.getPublicKey().toByteArray(), publicKeyData.getValue().toByteArray());
    PublicKeySign signer = PublicKeySignFactory.getPrimitive(privateHandle);
    PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(publicHandle);
    byte[] message = Random.randBytes(20);
    try {
        verifier.verify(signer.sign(message), message);
    } catch (GeneralSecurityException e) {
        fail("Should not fail: " + e);
    }
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 5 with EcdsaPrivateKey

use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.

the class EcdsaSignKeyManager method getPrimitive.

/**
 * @param key {@code EcdsaPrivateKey} proto
 */
@Override
public PublicKeySign getPrimitive(MessageLite key) throws GeneralSecurityException {
    if (!(key instanceof EcdsaPrivateKey)) {
        throw new GeneralSecurityException("expected EcdsaPrivateKey proto");
    }
    EcdsaPrivateKey keyProto = (EcdsaPrivateKey) key;
    validateKey(keyProto);
    ECPrivateKey privateKey = EllipticCurves.getEcPrivateKey(SigUtil.toCurveType(keyProto.getPublicKey().getParams().getCurve()), keyProto.getKeyValue().toByteArray());
    return new EcdsaSignJce(privateKey, SigUtil.toEcdsaAlgo(keyProto.getPublicKey().getParams().getHashType()));
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) EcdsaSignJce(com.google.crypto.tink.subtle.EcdsaSignJce) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)

Aggregations

EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)8 GeneralSecurityException (java.security.GeneralSecurityException)8 PublicKeySign (com.google.crypto.tink.PublicKeySign)5 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)4 Test (org.junit.Test)4 KeysetHandle (com.google.crypto.tink.KeysetHandle)3 EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)2 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2 HashType (com.google.crypto.tink.proto.HashType)2 KeyData (com.google.crypto.tink.proto.KeyData)2 Key (com.google.crypto.tink.proto.Keyset.Key)2 ECPrivateKey (java.security.interfaces.ECPrivateKey)2 ECPoint (java.security.spec.ECPoint)2 EcdsaParams (com.google.crypto.tink.proto.EcdsaParams)1 EcdsaPublicKey (com.google.crypto.tink.proto.EcdsaPublicKey)1 EcdsaSignJce (com.google.crypto.tink.subtle.EcdsaSignJce)1 ByteString (com.google.protobuf.ByteString)1 KeyPair (java.security.KeyPair)1 ECPublicKey (java.security.interfaces.ECPublicKey)1 TreeSet (java.util.TreeSet)1