Search in sources :

Example 6 with EcdsaPrivateKey

use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.

the class PublicKeySignFactoryTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
        // Signs with the primary private key.
        PublicKeySign signer = PublicKeySignFactory.getPrimitive(keysetHandle);
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        if (keys[i].getOutputPrefixType() != OutputPrefixType.RAW) {
            byte[] prefix = Arrays.copyOfRange(sig, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
            assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
        }
        // Verifying with the primary public key should work.
        PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[i].getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
        try {
            verifier.verify(sig, plaintext);
        } catch (GeneralSecurityException ex) {
            fail("Valid signature, should not throw exception");
        }
        // Verifying with a random public key should fail.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
        try {
            verifier.verify(sig, plaintext);
            fail("Invalid signature, should have thrown exception");
        } catch (GeneralSecurityException expected) {
        // Expected
        }
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 7 with EcdsaPrivateKey

use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.

the class EcdsaSignKeyManagerTest method testNewKeyWithVerifier.

private void testNewKeyWithVerifier(KeyTemplate keyTemplate) throws Exception {
    // Call newKey multiple times and make sure that it generates different keys.
    int numTests = 9;
    EcdsaPrivateKey[] privKeys = new EcdsaPrivateKey[numTests];
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    Set<String> keys = new TreeSet<String>();
    for (int j = 0; j < numTests / 3; j++) {
        privKeys[3 * j] = (EcdsaPrivateKey) signManager.newKey(EcdsaKeyFormat.parseFrom(keyTemplate.getValue()));
        keys.add(TestUtil.hexEncode(privKeys[3 * j].toByteArray()));
        privKeys[3 * j + 1] = (EcdsaPrivateKey) signManager.newKey(keyTemplate.getValue());
        keys.add(TestUtil.hexEncode(privKeys[3 * j + 1].toByteArray()));
        privKeys[3 * j + 2] = EcdsaPrivateKey.parseFrom(signManager.newKeyData(keyTemplate.getValue()).getValue());
        keys.add(TestUtil.hexEncode(privKeys[3 * j + 2].toByteArray()));
    }
    assertEquals(numTests, keys.size());
    // failure is 2^-64 which happens when a key has 8 leading zeros.
    for (int j = 0; j < numTests; j++) {
        int keySize = privKeys[j].getKeyValue().toByteArray().length;
        EcdsaKeyFormat ecdsaKeyFormat = EcdsaKeyFormat.parseFrom(keyTemplate.getValue());
        switch(ecdsaKeyFormat.getParams().getCurve()) {
            case NIST_P256:
                assertTrue(256 / 8 - 8 <= keySize);
                assertTrue(256 / 8 + 1 >= keySize);
                break;
            case NIST_P384:
                assertTrue(384 / 8 - 8 <= keySize);
                assertTrue(384 / 8 + 1 >= keySize);
                break;
            case NIST_P521:
                assertTrue(521 / 8 - 8 <= keySize);
                assertTrue(521 / 8 + 1 >= keySize);
                break;
            default:
                break;
        }
    }
    // Test whether signer works correctly with the corresponding verifier.
    EcdsaVerifyKeyManager verifyManager = new EcdsaVerifyKeyManager();
    for (int j = 0; j < numTests; j++) {
        PublicKeySign signer = signManager.getPrimitive(privKeys[j]);
        byte[] signature = signer.sign(msg);
        for (int k = 0; k < numTests; k++) {
            PublicKeyVerify verifier = verifyManager.getPrimitive(privKeys[k].getPublicKey());
            if (j == k) {
                // The same key
                try {
                    verifier.verify(signature, msg);
                } catch (GeneralSecurityException ex) {
                    fail("Valid signature, should not throw exception");
                }
            } else {
                // Different keys
                try {
                    verifier.verify(signature, msg);
                    fail("Invalid signature, should have thrown exception");
                } catch (GeneralSecurityException expected) {
                // Expected
                }
            }
        }
    }
}
Also used : EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) GeneralSecurityException(java.security.GeneralSecurityException) ByteString(com.google.protobuf.ByteString) ECPoint(java.security.spec.ECPoint) TreeSet(java.util.TreeSet) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) PublicKeySign(com.google.crypto.tink.PublicKeySign)

Example 8 with EcdsaPrivateKey

use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.

the class EcdsaSignKeyManagerTest method testNewKeyUnsupportedKeyFormat.

private void testNewKeyUnsupportedKeyFormat(HashAndCurveType hashAndCurve) throws Exception {
    HashType hashType = hashAndCurve.hashType;
    EllipticCurveType curveType = hashAndCurve.curveType;
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    EcdsaParams ecdsaParams = EcdsaParams.newBuilder().setHashType(hashType).setCurve(curveType).setEncoding(EcdsaSignatureEncoding.DER).build();
    EcdsaKeyFormat ecdsaFormat = EcdsaKeyFormat.newBuilder().setParams(ecdsaParams).build();
    try {
        EcdsaPrivateKey unusedPrivKey = (EcdsaPrivateKey) signManager.newKey(ecdsaFormat);
        fail("Unsupported key format, should have thrown exception: " + hashType + " " + curveType);
    } catch (GeneralSecurityException expected) {
    // Expected
    }
}
Also used : EcdsaParams(com.google.crypto.tink.proto.EcdsaParams) EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)

Aggregations

EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)8 GeneralSecurityException (java.security.GeneralSecurityException)8 PublicKeySign (com.google.crypto.tink.PublicKeySign)5 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)4 Test (org.junit.Test)4 KeysetHandle (com.google.crypto.tink.KeysetHandle)3 EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)2 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2 HashType (com.google.crypto.tink.proto.HashType)2 KeyData (com.google.crypto.tink.proto.KeyData)2 Key (com.google.crypto.tink.proto.Keyset.Key)2 ECPrivateKey (java.security.interfaces.ECPrivateKey)2 ECPoint (java.security.spec.ECPoint)2 EcdsaParams (com.google.crypto.tink.proto.EcdsaParams)1 EcdsaPublicKey (com.google.crypto.tink.proto.EcdsaPublicKey)1 EcdsaSignJce (com.google.crypto.tink.subtle.EcdsaSignJce)1 ByteString (com.google.protobuf.ByteString)1 KeyPair (java.security.KeyPair)1 ECPublicKey (java.security.interfaces.ECPublicKey)1 TreeSet (java.util.TreeSet)1