use of com.google.crypto.tink.proto.HashType in project tink by google.
the class SigUtil method validateEcdsaParams.
/**
* Validates Ecdsa's parameters. The hash's strength must not be weaker than the curve's strength.
*
* @param params the Ecdsa's parameters protocol buffer.
* @throws GeneralSecurityException iff it's invalid.
*/
public static void validateEcdsaParams(EcdsaParams params) throws GeneralSecurityException {
EcdsaSignatureEncoding encoding = params.getEncoding();
HashType hash = params.getHashType();
EllipticCurveType curve = params.getCurve();
switch(encoding) {
case DER:
break;
// TODO(b/74249423): support other signature encodings.
default:
throw new GeneralSecurityException("unsupported signature encoding");
}
switch(curve) {
case NIST_P256:
// illusion.
if (hash != HashType.SHA256) {
throw new GeneralSecurityException(INVALID_PARAMS);
}
break;
case NIST_P384:
/* fall through */
case NIST_P521:
if (hash != HashType.SHA512) {
throw new GeneralSecurityException(INVALID_PARAMS);
}
break;
default:
throw new GeneralSecurityException(INVALID_PARAMS);
}
}
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class EciesAeadHkdfPrivateKeyManagerTest method testNewKey.
@Test
public void testNewKey() throws Exception {
EllipticCurveType curve = EllipticCurveType.NIST_P384;
HashType hashType = HashType.SHA256;
EcPointFormat pointFormat = EcPointFormat.UNCOMPRESSED;
KeyTemplate demKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
byte[] salt = "some salt".getBytes("UTF-8");
EciesAeadHkdfParams params = HybridKeyTemplates.createEciesAeadHkdfParams(curve, hashType, pointFormat, demKeyTemplate, salt);
EciesAeadHkdfPrivateKeyManager manager = new EciesAeadHkdfPrivateKeyManager();
EciesAeadHkdfPrivateKey keyProto = (EciesAeadHkdfPrivateKey) manager.newKey(EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build());
assertEquals(params, keyProto.getPublicKey().getParams());
Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(keyProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(keyProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub));
KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv));
HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
byte[] plaintext = Random.randBytes(20);
byte[] contextInfo = Random.randBytes(20);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class SignatureKeyTemplatesTest method testCreateEcdsaKeyTemplate.
@Test
public void testCreateEcdsaKeyTemplate() throws Exception {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
HashType hashType = HashType.SHA512;
EllipticCurveType curve = EllipticCurveType.NIST_P224;
EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
EcdsaKeyFormat format = EcdsaKeyFormat.parseFrom(template.getValue());
assertEquals(hashType, format.getParams().getHashType());
assertEquals(curve, format.getParams().getCurve());
assertEquals(encoding, format.getParams().getEncoding());
}
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class AeadKeyTemplatesTest method testCreateAesCtrHmacAeadKeyTemplate.
@Test
public void testCreateAesCtrHmacAeadKeyTemplate() throws Exception {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
int aesKeySize = 42;
int ivSize = 72;
int hmacKeySize = 24;
int tagSize = 27;
HashType hashType = HashType.SHA224;
KeyTemplate template = AeadKeyTemplates.createAesCtrHmacAeadKeyTemplate(aesKeySize, ivSize, hmacKeySize, tagSize, hashType);
assertEquals(AesCtrHmacAeadKeyManager.TYPE_URL, template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
AesCtrHmacAeadKeyFormat format = AesCtrHmacAeadKeyFormat.parseFrom(template.getValue());
assertTrue(format.hasAesCtrKeyFormat());
assertTrue(format.getAesCtrKeyFormat().hasParams());
assertEquals(aesKeySize, format.getAesCtrKeyFormat().getKeySize());
assertEquals(ivSize, format.getAesCtrKeyFormat().getParams().getIvSize());
assertTrue(format.hasHmacKeyFormat());
assertTrue(format.getHmacKeyFormat().hasParams());
assertEquals(hmacKeySize, format.getHmacKeyFormat().getKeySize());
assertEquals(tagSize, format.getHmacKeyFormat().getParams().getTagSize());
assertEquals(hashType, format.getHmacKeyFormat().getParams().getHash());
}
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class HybridEncryptFactoryTest method testBasicEncryption.
@Test
public void testBasicEncryption() throws Exception {
EllipticCurveType curve = EllipticCurveType.NIST_P384;
HashType hashType = HashType.SHA256;
EcPointFormat primaryPointFormat = EcPointFormat.UNCOMPRESSED;
EcPointFormat rawPointFormat = EcPointFormat.COMPRESSED;
KeyTemplate primaryDemKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
KeyTemplate rawDemKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
byte[] primarySalt = "some salt".getBytes("UTF-8");
byte[] rawSalt = "other salt".getBytes("UTF-8");
EciesAeadHkdfPrivateKey primaryPrivProto = TestUtil.generateEciesAeadHkdfPrivKey(curve, hashType, primaryPointFormat, primaryDemKeyTemplate, primarySalt);
Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(primaryPrivProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(primaryPrivProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
EciesAeadHkdfPrivateKey rawPrivProto = TestUtil.generateEciesAeadHkdfPrivKey(curve, hashType, rawPointFormat, rawDemKeyTemplate, rawSalt);
Key rawPriv = TestUtil.createKey(TestUtil.createKeyData(rawPrivProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 11, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key rawPub = TestUtil.createKey(TestUtil.createKeyData(rawPrivProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub, rawPub));
KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv, rawPriv));
HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
byte[] plaintext = Random.randBytes(20);
byte[] contextInfo = Random.randBytes(20);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
Aggregations