Search in sources :

Example 6 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class SigUtil method validateEcdsaParams.

/**
 * Validates Ecdsa's parameters. The hash's strength must not be weaker than the curve's strength.
 *
 * @param params the Ecdsa's parameters protocol buffer.
 * @throws GeneralSecurityException iff it's invalid.
 */
public static void validateEcdsaParams(EcdsaParams params) throws GeneralSecurityException {
    EcdsaSignatureEncoding encoding = params.getEncoding();
    HashType hash = params.getHashType();
    EllipticCurveType curve = params.getCurve();
    switch(encoding) {
        case DER:
            break;
        // TODO(b/74249423): support other signature encodings.
        default:
            throw new GeneralSecurityException("unsupported signature encoding");
    }
    switch(curve) {
        case NIST_P256:
            // illusion.
            if (hash != HashType.SHA256) {
                throw new GeneralSecurityException(INVALID_PARAMS);
            }
            break;
        case NIST_P384:
        /* fall through */
        case NIST_P521:
            if (hash != HashType.SHA512) {
                throw new GeneralSecurityException(INVALID_PARAMS);
            }
            break;
        default:
            throw new GeneralSecurityException(INVALID_PARAMS);
    }
}
Also used : HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType)

Example 7 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class EciesAeadHkdfPrivateKeyManagerTest method testNewKey.

@Test
public void testNewKey() throws Exception {
    EllipticCurveType curve = EllipticCurveType.NIST_P384;
    HashType hashType = HashType.SHA256;
    EcPointFormat pointFormat = EcPointFormat.UNCOMPRESSED;
    KeyTemplate demKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
    byte[] salt = "some salt".getBytes("UTF-8");
    EciesAeadHkdfParams params = HybridKeyTemplates.createEciesAeadHkdfParams(curve, hashType, pointFormat, demKeyTemplate, salt);
    EciesAeadHkdfPrivateKeyManager manager = new EciesAeadHkdfPrivateKeyManager();
    EciesAeadHkdfPrivateKey keyProto = (EciesAeadHkdfPrivateKey) manager.newKey(EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build());
    assertEquals(params, keyProto.getPublicKey().getParams());
    Key primaryPriv = TestUtil.createKey(TestUtil.createKeyData(keyProto, EciesAeadHkdfPrivateKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 8, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    Key primaryPub = TestUtil.createKey(TestUtil.createKeyData(keyProto.getPublicKey(), EciesAeadHkdfPublicKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 42, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub));
    KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv));
    HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
    HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
    byte[] plaintext = Random.randBytes(20);
    byte[] contextInfo = Random.randBytes(20);
    byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
    assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) EciesAeadHkdfParams(com.google.crypto.tink.proto.EciesAeadHkdfParams) HybridDecrypt(com.google.crypto.tink.HybridDecrypt) HashType(com.google.crypto.tink.proto.HashType) EcPointFormat(com.google.crypto.tink.proto.EcPointFormat) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) HybridEncrypt(com.google.crypto.tink.HybridEncrypt) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) Test(org.junit.Test)

Example 8 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class SignatureKeyTemplatesTest method testCreateEcdsaKeyTemplate.

@Test
public void testCreateEcdsaKeyTemplate() throws Exception {
    // Intentionally using "weird" or invalid values for parameters,
    // to test that the function correctly puts them in the resulting template.
    HashType hashType = HashType.SHA512;
    EllipticCurveType curve = EllipticCurveType.NIST_P224;
    EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
    KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
    assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
    EcdsaKeyFormat format = EcdsaKeyFormat.parseFrom(template.getValue());
    assertEquals(hashType, format.getParams().getHashType());
    assertEquals(curve, format.getParams().getCurve());
    assertEquals(encoding, format.getParams().getEncoding());
}
Also used : EcdsaKeyFormat(com.google.crypto.tink.proto.EcdsaKeyFormat) HashType(com.google.crypto.tink.proto.HashType) EcdsaSignatureEncoding(com.google.crypto.tink.proto.EcdsaSignatureEncoding) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) KeyTemplate(com.google.crypto.tink.proto.KeyTemplate) Test(org.junit.Test)

Example 9 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class EcdsaSignKeyManagerTest method testGetPrimitiveWithUnsupportedKey.

private void testGetPrimitiveWithUnsupportedKey(HashAndCurveType hashAndCurve) throws Exception {
    HashType hashType = hashAndCurve.hashType;
    EllipticCurveType curveType = hashAndCurve.curveType;
    KeyPair keyPair = EllipticCurves.generateKeyPair(SigUtil.toCurveType(curveType));
    ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
    ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
    ECPoint w = pubKey.getW();
    EcdsaPublicKey ecdsaPubKey = TestUtil.createEcdsaPubKey(hashType, curveType, EcdsaSignatureEncoding.DER, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
    EcdsaPrivateKey ecdsaPrivKey = TestUtil.createEcdsaPrivKey(ecdsaPubKey, privKey.getS().toByteArray());
    EcdsaSignKeyManager signManager = new EcdsaSignKeyManager();
    try {
        PublicKeySign unusedSigner = signManager.getPrimitive(ecdsaPrivKey);
        fail("Unsupported key, should have thrown exception: " + hashType + " " + curveType);
    } catch (GeneralSecurityException expected) {
    // Expected
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey) HashType(com.google.crypto.tink.proto.HashType) GeneralSecurityException(java.security.GeneralSecurityException) EllipticCurveType(com.google.crypto.tink.proto.EllipticCurveType) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) ECPoint(java.security.spec.ECPoint) PublicKeySign(com.google.crypto.tink.PublicKeySign)

Example 10 with HashType

use of com.google.crypto.tink.proto.HashType in project tink by google.

the class HmacKeyManager method getPrimitive.

/**
 * @param key {@code HmacKey} proto
 */
@Override
public Mac getPrimitive(MessageLite key) throws GeneralSecurityException {
    if (!(key instanceof HmacKey)) {
        throw new GeneralSecurityException("expected HmacKey proto");
    }
    HmacKey keyProto = (HmacKey) key;
    validate(keyProto);
    HashType hash = keyProto.getParams().getHash();
    byte[] keyValue = keyProto.getKeyValue().toByteArray();
    SecretKeySpec keySpec = new SecretKeySpec(keyValue, "HMAC");
    int tagSize = keyProto.getParams().getTagSize();
    switch(hash) {
        case SHA1:
            return new MacJce("HMACSHA1", keySpec, tagSize);
        case SHA256:
            return new MacJce("HMACSHA256", keySpec, tagSize);
        case SHA512:
            return new MacJce("HMACSHA512", keySpec, tagSize);
        default:
            throw new GeneralSecurityException("unknown hash");
    }
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) GeneralSecurityException(java.security.GeneralSecurityException) HashType(com.google.crypto.tink.proto.HashType) MacJce(com.google.crypto.tink.subtle.MacJce) HmacKey(com.google.crypto.tink.proto.HmacKey)

Aggregations

HashType (com.google.crypto.tink.proto.HashType)18 EllipticCurveType (com.google.crypto.tink.proto.EllipticCurveType)13 Test (org.junit.Test)13 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)11 EcPointFormat (com.google.crypto.tink.proto.EcPointFormat)5 GeneralSecurityException (java.security.GeneralSecurityException)5 HybridDecrypt (com.google.crypto.tink.HybridDecrypt)4 HybridEncrypt (com.google.crypto.tink.HybridEncrypt)4 EcdsaSignatureEncoding (com.google.crypto.tink.proto.EcdsaSignatureEncoding)4 EciesAeadHkdfPrivateKey (com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)4 Key (com.google.crypto.tink.proto.Keyset.Key)4 KeysetHandle (com.google.crypto.tink.KeysetHandle)3 EcdsaKeyFormat (com.google.crypto.tink.proto.EcdsaKeyFormat)3 KeyPair (java.security.KeyPair)3 ECPrivateKey (java.security.interfaces.ECPrivateKey)3 ECPublicKey (java.security.interfaces.ECPublicKey)3 ECPoint (java.security.spec.ECPoint)3 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)2 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)2 KeyPairGenerator (java.security.KeyPairGenerator)2