use of com.google.crypto.tink.proto.EllipticCurveType in project tink by google.
the class SigUtil method validateEcdsaParams.
/**
* Validates Ecdsa's parameters. The hash's strength must not be weaker than the curve's strength.
*
* @param params the Ecdsa's parameters protocol buffer.
* @throws GeneralSecurityException iff it's invalid.
*/
public static void validateEcdsaParams(EcdsaParams params) throws GeneralSecurityException {
EcdsaSignatureEncoding encoding = params.getEncoding();
HashType hash = params.getHashType();
EllipticCurveType curve = params.getCurve();
switch(encoding) {
case DER:
break;
// TODO(b/74249423): support other signature encodings.
default:
throw new GeneralSecurityException("unsupported signature encoding");
}
switch(curve) {
case NIST_P256:
// illusion.
if (hash != HashType.SHA256) {
throw new GeneralSecurityException(INVALID_PARAMS);
}
break;
case NIST_P384:
/* fall through */
case NIST_P521:
if (hash != HashType.SHA512) {
throw new GeneralSecurityException(INVALID_PARAMS);
}
break;
default:
throw new GeneralSecurityException(INVALID_PARAMS);
}
}
use of com.google.crypto.tink.proto.EllipticCurveType in project tink by google.
the class EciesAeadHkdfPrivateKeyManagerTest method testNewKey.
@Test
public void testNewKey() throws Exception {
EllipticCurveType curve = EllipticCurveType.NIST_P384;
HashType hashType = HashType.SHA256;
EcPointFormat pointFormat = EcPointFormat.UNCOMPRESSED;
KeyTemplate demKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
byte[] salt = "some salt".getBytes("UTF-8");
EciesAeadHkdfParams params = HybridKeyTemplates.createEciesAeadHkdfParams(curve, hashType, pointFormat, demKeyTemplate, salt);
EciesAeadHkdfPrivateKeyManager manager = new EciesAeadHkdfPrivateKeyManager();
EciesAeadHkdfPrivateKey keyProto = (EciesAeadHkdfPrivateKey) manager.newKey(EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build());
assertEquals(params, keyProto.getPublicKey().getParams());
Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(keyProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(keyProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub));
KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv));
HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
byte[] plaintext = Random.randBytes(20);
byte[] contextInfo = Random.randBytes(20);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
use of com.google.crypto.tink.proto.EllipticCurveType in project tink by google.
the class SignatureKeyTemplatesTest method testCreateEcdsaKeyTemplate.
@Test
public void testCreateEcdsaKeyTemplate() throws Exception {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
HashType hashType = HashType.SHA512;
EllipticCurveType curve = EllipticCurveType.NIST_P224;
EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
EcdsaKeyFormat format = EcdsaKeyFormat.parseFrom(template.getValue());
assertEquals(hashType, format.getParams().getHashType());
assertEquals(curve, format.getParams().getCurve());
assertEquals(encoding, format.getParams().getEncoding());
}
use of com.google.crypto.tink.proto.EllipticCurveType in project tink by google.
the class HybridEncryptFactoryTest method testBasicEncryption.
@Test
public void testBasicEncryption() throws Exception {
EllipticCurveType curve = EllipticCurveType.NIST_P384;
HashType hashType = HashType.SHA256;
EcPointFormat primaryPointFormat = EcPointFormat.UNCOMPRESSED;
EcPointFormat rawPointFormat = EcPointFormat.COMPRESSED;
KeyTemplate primaryDemKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
KeyTemplate rawDemKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
byte[] primarySalt = "some salt".getBytes("UTF-8");
byte[] rawSalt = "other salt".getBytes("UTF-8");
EciesAeadHkdfPrivateKey primaryPrivProto = TestUtil.generateEciesAeadHkdfPrivKey(curve, hashType, primaryPointFormat, primaryDemKeyTemplate, primarySalt);
Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(primaryPrivProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(primaryPrivProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
EciesAeadHkdfPrivateKey rawPrivProto = TestUtil.generateEciesAeadHkdfPrivKey(curve, hashType, rawPointFormat, rawDemKeyTemplate, rawSalt);
Key rawPriv = TestUtil.createKey(TestUtil.createKeyData(rawPrivProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 11, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key rawPub = TestUtil.createKey(TestUtil.createKeyData(rawPrivProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub, rawPub));
KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv, rawPriv));
HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
byte[] plaintext = Random.randBytes(20);
byte[] contextInfo = Random.randBytes(20);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
use of com.google.crypto.tink.proto.EllipticCurveType in project tink by google.
the class EcdsaSignKeyManagerTest method testGetPrimitiveWithUnsupportedKey.
private void testGetPrimitiveWithUnsupportedKey(HashAndCurveType hashAndCurve) throws Exception {
HashType hashType = hashAndCurve.hashType;
EllipticCurveType curveType = hashAndCurve.curveType;
KeyPair keyPair = EllipticCurves.generateKeyPair(SigUtil.toCurveType(curveType));
ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
ECPoint w = pubKey.getW();
EcdsaPublicKey ecdsaPubKey = TestUtil.createEcdsaPubKey(hashType, curveType, EcdsaSignatureEncoding.DER, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
EcdsaPrivateKey ecdsaPrivKey = TestUtil.createEcdsaPrivKey(ecdsaPubKey, privKey.getS().toByteArray());
EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
try {
PublicKeySign unusedSigner = signManager.getPrimitive(ecdsaPrivKey);
fail("Unsupported key, should have thrown exception: " + hashType + " " + curveType);
} catch (GeneralSecurityException expected) {
// Expected
}
}
Aggregations