Search in sources :

Example 1 with EcdsaSignatureEncoding

use of com.google.crypto.tink.proto.EcdsaSignatureEncoding in project tink by google.

the class SigUtil method validateEcdsaParams.

/**
 * Validates Ecdsa's parameters. The hash's strength must not be weaker than the curve's strength.
 *
 * @param params the Ecdsa's parameters protocol buffer.
 * @throws GeneralSecurityException iff it's invalid.
 */
public static void validateEcdsaParams(EcdsaParams params) throws GeneralSecurityException {
    EcdsaSignatureEncoding encoding = params.getEncoding();
    HashType hash = params.getHashType();
    EllipticCurveType curve = params.getCurve();
    switch(encoding) {
        case DER:
            break;
        // TODO(b/74249423): support other signature encodings.
        default:
            throw new GeneralSecurityException("unsupported signature encoding");
    }
    switch(curve) {
        case NIST_P256:
            // illusion.
            if (hash != HashType.SHA256) {
                throw new GeneralSecurityException(INVALID_PARAMS);
            }
            break;
        case NIST_P384:
        /* fall through */
        case NIST_P521:
            if (hash != HashType.SHA512) {
                throw new GeneralSecurityException(INVALID_PARAMS);
            }
            break;
        default:
            throw new GeneralSecurityException(INVALID_PARAMS);
    }
}
Also used : HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)

Example 2 with EcdsaSignatureEncoding

use of com.google.crypto.tink.proto.EcdsaSignatureEncoding in project tink by google.

the class SignatureKeyTemplatesTest method testCreateEcdsaKeyTemplate.

@Test
public void testCreateEcdsaKeyTemplate() throws Exception {
    // Intentionally using "weird" or invalid values for parameters,
    // to test that the function correctly puts them in the resulting template.
    HashType hashType = HashType.SHA512;
    EllipticCurveType curve = EllipticCurveType.NIST_P224;
    EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
    KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
    assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    EcdsaKeyFormat format = EcdsaKeyFormat.parseFrom(template.getValue());
    assertEquals(hashType, format.getParams().getHashType());
    assertEquals(curve, format.getParams().getCurve());
    assertEquals(encoding, format.getParams().getEncoding());
}
Also used : EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) HashType(com.google.crypto.tink.proto.HashType) EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Aggregations

EcdsaSignatureEncoding (com.google.crypto.tink.proto.EcdsaSignatureEncoding)2 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2 HashType (com.google.crypto.tink.proto.HashType)2 EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)1 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)1 GeneralSecurityException (java.security.GeneralSecurityException)1 Test (org.junit.Test)1