Search in sources :

Example 1 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class SigUtil method validateEcdsaParams.

/**
 * Validates Ecdsa's parameters. The hash's strength must not be weaker than the curve's strength.
 *
 * @param params the Ecdsa's parameters protocol buffer.
 * @throws GeneralSecurityException iff it's invalid.
 */
public static void validateEcdsaParams(EcdsaParams params) throws GeneralSecurityException {
    EcdsaSignatureEncoding encoding = params.getEncoding();
    HashType hash = params.getHashType();
    EllipticCurveType curve = params.getCurve();
    switch(encoding) {
        case DER:
            break;
        // TODO(b/74249423): support other signature encodings.
        default:
            throw new GeneralSecurityException("unsupported signature encoding");
    }
    switch(curve) {
        case NIST_P256:
            // illusion.
            if (hash != HashType.SHA256) {
                throw new GeneralSecurityException(INVALID_PARAMS);
            }
            break;
        case NIST_P384:
        /* fall through */
        case NIST_P521:
            if (hash != HashType.SHA512) {
                throw new GeneralSecurityException(INVALID_PARAMS);
            }
            break;
        default:
            throw new GeneralSecurityException(INVALID_PARAMS);
    }
}
Also used : HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)

Example 2 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class EciesAeadHkdfPrivateKeyManagerTest method testNewKey.

@Test
public void testNewKey() throws Exception {
    EllipticCurveType curve = EllipticCurveType.NIST_P384;
    HashType hashType = HashType.SHA256;
    EcPointFormat pointFormat = EcPointFormat.UNCOMPRESSED;
    KeyTemplate demKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    byte[] salt = "some salt".getBytes("UTF-8");
    EciesAeadHkdfParams params = HybridKeyTemplates.createEciesAeadHkdfParams(curve, hashType, pointFormat, demKeyTemplate, salt);
    EciesAeadHkdfPrivateKeyManager manager = new EciesAeadHkdfPrivateKeyManager();
    EciesAeadHkdfPrivateKey keyProto = (EciesAeadHkdfPrivateKey) manager.newKey(EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build());
    assertEquals(params, keyProto.getPublicKey().getParams());
    Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(keyProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(keyProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub));
    KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv));
    HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
    HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
    byte[] plaintext = Random.randBytes(20);
    byte[] contextInfo = Random.randBytes(20);
    byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
    assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) EciesAeadHkdfParams(com.google.crypto.tink.proto.EciesAeadHkdfParams) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) HashType(com.google.crypto.tink.proto.HashType) EcPointFormat(com.google.crypto.tink.proto.EcPointFormat) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Example 3 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class SignatureKeyTemplatesTest method testCreateEcdsaKeyTemplate.

@Test
public void testCreateEcdsaKeyTemplate() throws Exception {
    // Intentionally using "weird" or invalid values for parameters,
    // to test that the function correctly puts them in the resulting template.
    HashType hashType = HashType.SHA512;
    EllipticCurveType curve = EllipticCurveType.NIST_P224;
    EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
    KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
    assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    EcdsaKeyFormat format = EcdsaKeyFormat.parseFrom(template.getValue());
    assertEquals(hashType, format.getParams().getHashType());
    assertEquals(curve, format.getParams().getCurve());
    assertEquals(encoding, format.getParams().getEncoding());
}
Also used : EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) HashType(com.google.crypto.tink.proto.HashType) EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Example 4 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class AeadKeyTemplatesTest method testCreateAesCtrHmacAeadKeyTemplate.

@Test
public void testCreateAesCtrHmacAeadKeyTemplate() throws Exception {
    // Intentionally using "weird" or invalid values for parameters,
    // to test that the function correctly puts them in the resulting template.
    int aesKeySize = 42;
    int ivSize = 72;
    int hmacKeySize = 24;
    int tagSize = 27;
    HashType hashType = HashType.SHA224;
    KeyTemplate template = AeadKeyTemplates.createAesCtrHmacAeadKeyTemplate(aesKeySize, ivSize, hmacKeySize, tagSize, hashType);
    assertEquals(AesCtrHmacAeadKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    AesCtrHmacAeadKeyFormat format = AesCtrHmacAeadKeyFormat.parseFrom(template.getValue());
    assertTrue(format.hasAesCtrKeyFormat());
    assertTrue(format.getAesCtrKeyFormat().hasParams());
    assertEquals(aesKeySize, format.getAesCtrKeyFormat().getKeySize());
    assertEquals(ivSize, format.getAesCtrKeyFormat().getParams().getIvSize());
    assertTrue(format.hasHmacKeyFormat());
    assertTrue(format.getHmacKeyFormat().hasParams());
    assertEquals(hmacKeySize, format.getHmacKeyFormat().getKeySize());
    assertEquals(tagSize, format.getHmacKeyFormat().getParams().getTagSize());
    assertEquals(hashType, format.getHmacKeyFormat().getParams().getHash());
}
Also used : HashType(com.google.crypto.tink.proto.HashType) AesCtrHmacAeadKeyFormat(com.google.crypto.tink.proto.AesCtrHmacAeadKeyFormat) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Example 5 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class HybridEncryptFactoryTest method testBasicEncryption.

@Test
public void testBasicEncryption() throws Exception {
    EllipticCurveType curve = EllipticCurveType.NIST_P384;
    HashType hashType = HashType.SHA256;
    EcPointFormat primaryPointFormat = EcPointFormat.UNCOMPRESSED;
    EcPointFormat rawPointFormat = EcPointFormat.COMPRESSED;
    KeyTemplate primaryDemKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    KeyTemplate rawDemKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    byte[] primarySalt = "some salt".getBytes("UTF-8");
    byte[] rawSalt = "other salt".getBytes("UTF-8");
    EciesAeadHkdfPrivateKey primaryPrivProto = TestUtil.generateEciesAeadHkdfPrivKey(curve, hashType, primaryPointFormat, primaryDemKeyTemplate, primarySalt);
    Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(primaryPrivProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(primaryPrivProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EciesAeadHkdfPrivateKey rawPrivProto = TestUtil.generateEciesAeadHkdfPrivKey(curve, hashType, rawPointFormat, rawDemKeyTemplate, rawSalt);
    Key rawPriv = TestUtil.createKey(TestUtil.createKeyData(rawPrivProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 11, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key rawPub = TestUtil.createKey(TestUtil.createKeyData(rawPrivProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 43, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub, rawPub));
    KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv, rawPriv));
    HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
    HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
    byte[] plaintext = Random.randBytes(20);
    byte[] contextInfo = Random.randBytes(20);
    byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
    assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) HashType(com.google.crypto.tink.proto.HashType) EcPointFormat(com.google.crypto.tink.proto.EcPointFormat) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Aggregations

HashType (com.google.crypto.tink.proto.HashType)14 Test (org.junit.Test)10 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)9 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)8 GeneralSecurityException (java.security.GeneralSecurityException)6 EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)3 KeyPair (java.security.KeyPair)3 ECPrivateKey (java.security.interfaces.ECPrivateKey)3 ECPublicKey (java.security.interfaces.ECPublicKey)3 ECPoint (java.security.spec.ECPoint)3 HybridDecrypt (com.google.crypto.tink.HybridDecrypt)2 HybridEncrypt (com.google.crypto.tink.HybridEncrypt)2 KeysetHandle (com.google.crypto.tink.KeysetHandle)2 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)2 EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)2 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)2 EcdsaSignatureEncoding (com.google.crypto.tink.proto.EcdsaSignatureEncoding)2 EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)2 Key (com.google.crypto.tink.proto.Keyset.Key)2 KeyPairGenerator (java.security.KeyPairGenerator)2