Example 1 with EcdsaSignatureEncoding
use of com.google.crypto.tink.proto.EcdsaSignatureEncoding in project tink by google.
the class SigUtil method validateEcdsaParams.
/**
* Validates Ecdsa's parameters. The hash's strength must not be weaker than the curve's strength.
*
* @param params the Ecdsa's parameters protocol buffer.
* @throws GeneralSecurityException iff it's invalid.
*/
public static void validateEcdsaParams(EcdsaParams params) throws GeneralSecurityException {
EcdsaSignatureEncoding encoding = params.getEncoding();
HashType hash = params.getHashType();
EllipticCurveType curve = params.getCurve();
switch(encoding) {
case DER:
break;
// TODO(b/74249423): support other signature encodings.
default:
throw new GeneralSecurityException("unsupported signature encoding");
}
switch(curve) {
case NIST_P256:
// illusion.
if (hash != HashType.SHA256) {
throw new GeneralSecurityException(INVALID_PARAMS);
}
break;
case NIST_P384:
/* fall through */
case NIST_P521:
if (hash != HashType.SHA512) {
throw new GeneralSecurityException(INVALID_PARAMS);
}
break;
default:
throw new GeneralSecurityException(INVALID_PARAMS);
}
}
Also used :
HashType(com.google.crypto.tink.proto.HashType)
GeneralSecurityException(java.security.GeneralSecurityException)
EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding)
EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)
Example 2 with EcdsaSignatureEncoding
use of com.google.crypto.tink.proto.EcdsaSignatureEncoding in project tink by google.
the class SignatureKeyTemplatesTest method testCreateEcdsaKeyTemplate.
@Test
public void testCreateEcdsaKeyTemplate() throws Exception {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
HashType hashType = HashType.SHA512;
EllipticCurveType curve = EllipticCurveType.NIST_P224;
EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
EcdsaKeyFormat format = EcdsaKeyFormat.parseFrom(template.getValue());
assertEquals(hashType, format.getParams().getHashType());
assertEquals(curve, format.getParams().getCurve());
assertEquals(encoding, format.getParams().getEncoding());
}
Also used :
EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat)
HashType(com.google.crypto.tink.proto.HashType)
EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding)
EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)
KeyTemplate(com.google.crypto.tink.proto.KeyTemplate)
Test(org.junit.Test)
Aggregations
EcdsaSignatureEncoding (com.google.crypto.tink.proto.EcdsaSignatureEncoding)2
EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)2
HashType (com.google.crypto.tink.proto.HashType)2
EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)1
KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)1
GeneralSecurityException (java.security.GeneralSecurityException)1
Test (org.junit.Test)1
