use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.
the class PublicKeySignFactoryTest method testMultipleKeys.
@Test
public void testMultipleKeys() throws Exception {
EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
Key[] keys = new Key[] { tink, legacy, raw, crunchy };
EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
int j = keys.length;
for (int i = 0; i < j; i++) {
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
// Signs with the primary private key.
PublicKeySign signer = PublicKeySignFactory.getPrimitive(keysetHandle);
byte[] plaintext = Random.randBytes(1211);
byte[] sig = signer.sign(plaintext);
if (keys[i].getOutputPrefixType() != OutputPrefixType.RAW) {
byte[] prefix = Arrays.copyOfRange(sig, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
}
// Verifying with the primary public key should work.
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[i].getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
try {
verifier.verify(sig, plaintext);
} catch (GeneralSecurityException ex) {
fail("Valid signature, should not throw exception");
}
// Verifying with a random public key should fail.
EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
try {
verifier.verify(sig, plaintext);
fail("Invalid signature, should have thrown exception");
} catch (GeneralSecurityException expected) {
// Expected
}
}
}
use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.
the class EcdsaSignKeyManagerTest method testNewKeyWithVerifier.
private void testNewKeyWithVerifier(KeyTemplate keyTemplate) throws Exception {
// Call newKey multiple times and make sure that it generates different keys.
int numTests = 9;
EcdsaPrivateKey[] privKeys = new EcdsaPrivateKey[numTests];
EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
Set<String> keys = new TreeSet<String>();
for (int j = 0; j < numTests / 3; j++) {
privKeys[3 * j] = (EcdsaPrivateKey) signManager.newKey(EcdsaKeyFormat.parseFrom(keyTemplate.getValue()));
keys.add(TestUtil.hexEncode(privKeys[3 * j].toByteArray()));
privKeys[3 * j + 1] = (EcdsaPrivateKey) signManager.newKey(keyTemplate.getValue());
keys.add(TestUtil.hexEncode(privKeys[3 * j + 1].toByteArray()));
privKeys[3 * j + 2] = EcdsaPrivateKey.parseFrom(signManager.newKeyData(keyTemplate.getValue()).getValue());
keys.add(TestUtil.hexEncode(privKeys[3 * j + 2].toByteArray()));
}
assertEquals(numTests, keys.size());
// failure is 2^-64 which happens when a key has 8 leading zeros.
for (int j = 0; j < numTests; j++) {
int keySize = privKeys[j].getKeyValue().toByteArray().length;
EcdsaKeyFormat ecdsaKeyFormat = EcdsaKeyFormat.parseFrom(keyTemplate.getValue());
switch(ecdsaKeyFormat.getParams().getCurve()) {
case NIST_P256:
assertTrue(256 / 8 - 8 <= keySize);
assertTrue(256 / 8 + 1 >= keySize);
break;
case NIST_P384:
assertTrue(384 / 8 - 8 <= keySize);
assertTrue(384 / 8 + 1 >= keySize);
break;
case NIST_P521:
assertTrue(521 / 8 - 8 <= keySize);
assertTrue(521 / 8 + 1 >= keySize);
break;
default:
break;
}
}
// Test whether signer works correctly with the corresponding verifier.
EcdsaVerifyKeyManager verifyManager = new EcdsaVerifyKeyManager();
for (int j = 0; j < numTests; j++) {
PublicKeySign signer = signManager.getPrimitive(privKeys[j]);
byte[] signature = signer.sign(msg);
for (int k = 0; k < numTests; k++) {
PublicKeyVerify verifier = verifyManager.getPrimitive(privKeys[k].getPublicKey());
if (j == k) {
// The same key
try {
verifier.verify(signature, msg);
} catch (GeneralSecurityException ex) {
fail("Valid signature, should not throw exception");
}
} else {
// Different keys
try {
verifier.verify(signature, msg);
fail("Invalid signature, should have thrown exception");
} catch (GeneralSecurityException expected) {
// Expected
}
}
}
}
}
use of com.google.crypto.tink.proto.EcdsaPrivateKey in project tink by google.
the class EcdsaSignKeyManagerTest method testNewKeyUnsupportedKeyFormat.
private void testNewKeyUnsupportedKeyFormat(HashAndCurveType hashAndCurve) throws Exception {
HashType hashType = hashAndCurve.hashType;
EllipticCurveType curveType = hashAndCurve.curveType;
EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
EcdsaParams ecdsaParams = EcdsaParams.newBuilder().setHashType(hashType).setCurve(curveType).setEncoding(EcdsaSignatureEncoding.DER).build();
EcdsaKeyFormat ecdsaFormat = EcdsaKeyFormat.newBuilder().setParams(ecdsaParams).build();
try {
EcdsaPrivateKey unusedPrivKey = (EcdsaPrivateKey) signManager.newKey(ecdsaFormat);
fail("Unsupported key format, should have thrown exception: " + hashType + " " + curveType);
} catch (GeneralSecurityException expected) {
// Expected
}
}
Aggregations