Example 6 with HashType
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class SigUtil method validateEcdsaParams.
/**
* Validates Ecdsa's parameters. The hash's strength must not be weaker than the curve's strength.
*
* @param params the Ecdsa's parameters protocol buffer.
* @throws GeneralSecurityException iff it's invalid.
*/
public static void validateEcdsaParams(EcdsaParams params) throws GeneralSecurityException {
EcdsaSignatureEncoding encoding = params.getEncoding();
HashType hash = params.getHashType();
EllipticCurveType curve = params.getCurve();
switch(encoding) {
case DER:
break;
// TODO(b/74249423): support other signature encodings.
default:
throw new GeneralSecurityException("unsupported signature encoding");
}
switch(curve) {
case NIST_P256:
// illusion.
if (hash != HashType.SHA256) {
throw new GeneralSecurityException(INVALID_PARAMS);
}
break;
case NIST_P384:
/* fall through */
case NIST_P521:
if (hash != HashType.SHA512) {
throw new GeneralSecurityException(INVALID_PARAMS);
}
break;
default:
throw new GeneralSecurityException(INVALID_PARAMS);
}
}
Also used :
HashType(com.google.crypto.tink.proto.HashType)
GeneralSecurityException(java.security.GeneralSecurityException)
EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding)
EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)
Example 7 with HashType
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class EciesAeadHkdfPrivateKeyManagerTest method testNewKey.
@Test
public void testNewKey() throws Exception {
EllipticCurveType curve = EllipticCurveType.NIST_P384;
HashType hashType = HashType.SHA256;
EcPointFormat pointFormat = EcPointFormat.UNCOMPRESSED;
KeyTemplate demKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
byte[] salt = "some salt".getBytes("UTF-8");
EciesAeadHkdfParams params = HybridKeyTemplates.createEciesAeadHkdfParams(curve, hashType, pointFormat, demKeyTemplate, salt);
EciesAeadHkdfPrivateKeyManager manager = new EciesAeadHkdfPrivateKeyManager();
EciesAeadHkdfPrivateKey keyProto = (EciesAeadHkdfPrivateKey) manager.newKey(EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build());
assertEquals(params, keyProto.getPublicKey().getParams());
Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(keyProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(keyProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub));
KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv));
HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
byte[] plaintext = Random.randBytes(20);
byte[] contextInfo = Random.randBytes(20);
byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
EciesAeadHkdfParams(com.google.crypto.tink.proto.EciesAeadHkdfParams)
HybridDecrypt(com.google.crypto.tink.HybridDecrypt)
HashType(com.google.crypto.tink.proto.HashType)
EcPointFormat(com.google.crypto.tink.proto.EcPointFormat)
EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)
EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)
HybridEncrypt(com.google.crypto.tink.HybridEncrypt)
KeyTemplate(com.google.crypto.tink.proto.KeyTemplate)
EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)
Key(com.google.crypto.tink.proto.Keyset.Key)
Test(org.junit.Test)
Example 8 with HashType
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class SignatureKeyTemplatesTest method testCreateEcdsaKeyTemplate.
@Test
public void testCreateEcdsaKeyTemplate() throws Exception {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
HashType hashType = HashType.SHA512;
EllipticCurveType curve = EllipticCurveType.NIST_P224;
EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
EcdsaKeyFormat format = EcdsaKeyFormat.parseFrom(template.getValue());
assertEquals(hashType, format.getParams().getHashType());
assertEquals(curve, format.getParams().getCurve());
assertEquals(encoding, format.getParams().getEncoding());
}
Also used :
EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat)
HashType(com.google.crypto.tink.proto.HashType)
EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding)
EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)
KeyTemplate(com.google.crypto.tink.proto.KeyTemplate)
Test(org.junit.Test)
Example 9 with HashType
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class EcdsaSignKeyManagerTest method testGetPrimitiveWithUnsupportedKey.
private void testGetPrimitiveWithUnsupportedKey(HashAndCurveType hashAndCurve) throws Exception {
HashType hashType = hashAndCurve.hashType;
EllipticCurveType curveType = hashAndCurve.curveType;
KeyPair keyPair = EllipticCurves.generateKeyPair(SigUtil.toCurveType(curveType));
ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
ECPoint w = pubKey.getW();
EcdsaPublicKey ecdsaPubKey = TestUtil.createEcdsaPubKey(hashType, curveType, EcdsaSignatureEncoding.DER, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
EcdsaPrivateKey ecdsaPrivKey = TestUtil.createEcdsaPrivKey(ecdsaPubKey, privKey.getS().toByteArray());
EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
try {
PublicKeySign unusedSigner = signManager.getPrimitive(ecdsaPrivKey);
fail("Unsupported key, should have thrown exception: " + hashType + " " + curveType);
} catch (GeneralSecurityException expected) {
// Expected
}
}
Also used :
ECPrivateKey(java.security.interfaces.ECPrivateKey)
KeyPair(java.security.KeyPair)
ECPublicKey(java.security.interfaces.ECPublicKey)
EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey)
HashType(com.google.crypto.tink.proto.HashType)
GeneralSecurityException(java.security.GeneralSecurityException)
EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)
EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)
ECPoint(java.security.spec.ECPoint)
PublicKeySign(com.google.crypto.tink.PublicKeySign)
Example 10 with HashType
use of com.google.crypto.tink.proto.HashType in project tink by google.
the class HmacKeyManager method getPrimitive.
/**
* @param key {@code HmacKey} proto
*/
@Override
public Mac getPrimitive(MessageLite key) throws GeneralSecurityException {
if (!(key instanceof HmacKey)) {
throw new GeneralSecurityException("expected HmacKey proto");
}
HmacKey keyProto = (HmacKey) key;
validate(keyProto);
HashType hash = keyProto.getParams().getHash();
byte[] keyValue = keyProto.getKeyValue().toByteArray();
SecretKeySpec keySpec = new SecretKeySpec(keyValue, "HMAC");
int tagSize = keyProto.getParams().getTagSize();
switch(hash) {
case SHA1:
return new MacJce("HMACSHA1", keySpec, tagSize);
case SHA256:
return new MacJce("HMACSHA256", keySpec, tagSize);
case SHA512:
return new MacJce("HMACSHA512", keySpec, tagSize);
default:
throw new GeneralSecurityException("unknown hash");
}
}
Also used :
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
GeneralSecurityException(java.security.GeneralSecurityException)
HashType(com.google.crypto.tink.proto.HashType)
MacJce(com.google.crypto.tink.subtle.MacJce)
HmacKey(com.google.crypto.tink.proto.HmacKey)
Aggregations
HashType (com.google.crypto.tink.proto.HashType)18
EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)13
Test (org.junit.Test)13
KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)11
EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)5
GeneralSecurityException (java.security.GeneralSecurityException)5
HybridDecrypt (com.google.crypto.tink.HybridDecrypt)4
HybridEncrypt (com.google.crypto.tink.HybridEncrypt)4
EcdsaSignatureEncoding (com.google.crypto.tink.proto.EcdsaSignatureEncoding)4
EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)4
Key (com.google.crypto.tink.proto.Keyset.Key)4
KeysetHandle (com.google.crypto.tink.KeysetHandle)3
EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)3
KeyPair (java.security.KeyPair)3
ECPrivateKey (java.security.interfaces.ECPrivateKey)3
ECPublicKey (java.security.interfaces.ECPublicKey)3
ECPoint (java.security.spec.ECPoint)3
PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)2
EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)2
KeyPairGenerator (java.security.KeyPairGenerator)2
