Search in sources :

Example 1 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class TestUtil method createRsaSsaPssPubKey.

/**
 * Returns a {@code RsaSsaPssPublicKey} constructed from {@code modulus}, {@code exponent}, {@code
 * sigHash}, {@code mgf1Hash} and {@code saltLength}.
 */
public static RsaSsaPssPublicKey createRsaSsaPssPubKey(byte[] modulus, byte[] exponent, HashType sigHash, HashType mgf1Hash, int saltLength) throws Exception {
    final int version = 0;
    RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(sigHash).setMgf1Hash(mgf1Hash).setSaltLength(saltLength).build();
    return RsaSsaPssPublicKey.newBuilder().setVersion(version).setParams(params).setN(ByteString.copyFrom(modulus)).setE(ByteString.copyFrom(exponent)).build();
}
Also used : RsaSsaPssParams(com.google.crypto.tink.proto.RsaSsaPssParams) ECPoint(java.security.spec.ECPoint)

Example 2 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class RsaSsaPssSignKeyManagerTest method createPrimitive.

@Test
public void createPrimitive() throws Exception {
    if (TestUtil.isTsan()) {
        // factory.createKey is too slow in Tsan.
        return;
    }
    RsaSsaPssKeyFormat format = createKeyFormat(HashType.SHA512, HashType.SHA512, 64, 4096, RSAKeyGenParameterSpec.F4);
    RsaSsaPssPrivateKey key = factory.createKey(format);
    PublicKeySign signer = manager.getPrimitive(key, PublicKeySign.class);
    KeyFactory kf = EngineFactory.KEY_FACTORY.getInstance("RSA");
    BigInteger modulus = new BigInteger(1, key.getPublicKey().getN().toByteArray());
    BigInteger exponent = new BigInteger(1, key.getPublicKey().getE().toByteArray());
    RSAPublicKey publicKey = (RSAPublicKey) kf.generatePublic(new RSAPublicKeySpec(modulus, exponent));
    RsaSsaPssParams params = key.getPublicKey().getParams();
    PublicKeyVerify verifier = new RsaSsaPssVerifyJce(publicKey, SigUtil.toHashType(params.getSigHash()), SigUtil.toHashType(params.getMgf1Hash()), params.getSaltLength());
    byte[] message = Random.randBytes(135);
    verifier.verify(signer.sign(message), message);
}
Also used : RsaSsaPssPrivateKey(com.google.crypto.tink.proto.RsaSsaPssPrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) RsaSsaPssKeyFormat(com.google.crypto.tink.proto.RsaSsaPssKeyFormat) RsaSsaPssVerifyJce(com.google.crypto.tink.subtle.RsaSsaPssVerifyJce) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) BigInteger(java.math.BigInteger) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) RsaSsaPssParams(com.google.crypto.tink.proto.RsaSsaPssParams) PublicKeySign(com.google.crypto.tink.PublicKeySign) KeyFactory(java.security.KeyFactory) Test(org.junit.Test)

Example 3 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class RsaSsaPssSignKeyManager method keyFactory.

@Override
public KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey> keyFactory() {
    return new KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey>(RsaSsaPssKeyFormat.class) {

        @Override
        public void validateKeyFormat(RsaSsaPssKeyFormat format) throws GeneralSecurityException {
            SigUtil.validateRsaSsaPssParams(format.getParams());
            Validators.validateRsaModulusSize(format.getModulusSizeInBits());
            Validators.validateRsaPublicExponent(new BigInteger(1, format.getPublicExponent().toByteArray()));
        }

        @Override
        public RsaSsaPssKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
            return RsaSsaPssKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override
        public RsaSsaPssPrivateKey createKey(RsaSsaPssKeyFormat format) throws GeneralSecurityException {
            RsaSsaPssParams params = format.getParams();
            Validators.validateRsaModulusSize(format.getModulusSizeInBits());
            Validators.validateSignatureHash(SigUtil.toHashType(params.getSigHash()));
            KeyPairGenerator keyGen = EngineFactory.KEY_PAIR_GENERATOR.getInstance("RSA");
            RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(format.getModulusSizeInBits(), new BigInteger(1, format.getPublicExponent().toByteArray()));
            keyGen.initialize(spec);
            KeyPair keyPair = keyGen.generateKeyPair();
            RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
            RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) keyPair.getPrivate();
            // Creates RsaSsaPssPublicKey.
            RsaSsaPssPublicKey pssPubKey = RsaSsaPssPublicKey.newBuilder().setVersion(getVersion()).setParams(params).setE(ByteString.copyFrom(pubKey.getPublicExponent().toByteArray())).setN(ByteString.copyFrom(pubKey.getModulus().toByteArray())).build();
            // Creates RsaSsaPssPrivateKey.
            return RsaSsaPssPrivateKey.newBuilder().setVersion(getVersion()).setPublicKey(pssPubKey).setD(ByteString.copyFrom(privKey.getPrivateExponent().toByteArray())).setP(ByteString.copyFrom(privKey.getPrimeP().toByteArray())).setQ(ByteString.copyFrom(privKey.getPrimeQ().toByteArray())).setDp(ByteString.copyFrom(privKey.getPrimeExponentP().toByteArray())).setDq(ByteString.copyFrom(privKey.getPrimeExponentQ().toByteArray())).setCrt(ByteString.copyFrom(privKey.getCrtCoefficient().toByteArray())).build();
        }

        @Override
        public Map<String, KeyFactory.KeyFormat<RsaSsaPssKeyFormat>> keyFormats() throws GeneralSecurityException {
            Map<String, KeyFactory.KeyFormat<RsaSsaPssKeyFormat>> result = new HashMap<>();
            result.put("RSA_SSA_PSS_3072_SHA256_F4", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_3072_SHA256_F4_RAW", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.RAW));
            // This is identical to RSA_SSA_PSS_3072_SHA256_F4. It is needed to maintain backward
            // compatibility with SignatureKeyTemplates.
            // TODO(b/185475349): remove this in Tink 2.0.0.
            result.put("RSA_SSA_PSS_3072_SHA256_SHA256_32_F4", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_4096_SHA512_F4", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_4096_SHA512_F4_RAW", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.RAW));
            // This is identical to RSA_SSA_PSS_4096_SHA512_F4. It is needed to maintain backward
            // compatibility with SignatureKeyTemplates.
            // TODO(b/185475349): remove this in Tink 2.0.0.
            result.put("RSA_SSA_PSS_4096_SHA512_SHA512_64_F4", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            return Collections.unmodifiableMap(result);
        }
    };
}
Also used : RsaSsaPssPublicKey(com.google.crypto.tink.proto.RsaSsaPssPublicKey) KeyPair(java.security.KeyPair) RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) HashMap(java.util.HashMap) ByteString(com.google.protobuf.ByteString) RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec) RsaSsaPssParams(com.google.crypto.tink.proto.RsaSsaPssParams) KeyPairGenerator(java.security.KeyPairGenerator) ByteString(com.google.protobuf.ByteString) RsaSsaPssKeyFormat(com.google.crypto.tink.proto.RsaSsaPssKeyFormat) RSAPublicKey(java.security.interfaces.RSAPublicKey) RsaSsaPssKeyFormat(com.google.crypto.tink.proto.RsaSsaPssKeyFormat) BigInteger(java.math.BigInteger)

Example 4 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class SignaturePemKeysetReader method convertRsaPublicKey.

private static KeyData convertRsaPublicKey(PemKeyType pemKeyType, RSAPublicKey key) throws IOException {
    if (pemKeyType.algorithm.equals("RSASSA-PKCS1-v1_5")) {
        RsaSsaPkcs1Params params = RsaSsaPkcs1Params.newBuilder().setHashType(getHashType(pemKeyType)).build();
        RsaSsaPkcs1PublicKey pkcs1PubKey = RsaSsaPkcs1PublicKey.newBuilder().setVersion(new RsaSsaPkcs1VerifyKeyManager().getVersion()).setParams(params).setE(SigUtil.toUnsignedIntByteString(key.getPublicExponent())).setN(SigUtil.toUnsignedIntByteString(key.getModulus())).build();
        return KeyData.newBuilder().setTypeUrl(new RsaSsaPkcs1VerifyKeyManager().getKeyType()).setValue(pkcs1PubKey.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
    } else if (pemKeyType.algorithm.equals("RSASSA-PSS")) {
        RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(getHashType(pemKeyType)).setMgf1Hash(getHashType(pemKeyType)).setSaltLength(getDigestSizeInBytes(pemKeyType)).build();
        RsaSsaPssPublicKey pssPubKey = RsaSsaPssPublicKey.newBuilder().setVersion(new RsaSsaPssVerifyKeyManager().getVersion()).setParams(params).setE(SigUtil.toUnsignedIntByteString(key.getPublicExponent())).setN(SigUtil.toUnsignedIntByteString(key.getModulus())).build();
        return KeyData.newBuilder().setTypeUrl(new RsaSsaPssVerifyKeyManager().getKeyType()).setValue(pssPubKey.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
    }
    throw new IOException("unsupported RSA signature algorithm: " + pemKeyType.algorithm);
}
Also used : RsaSsaPssPublicKey(com.google.crypto.tink.proto.RsaSsaPssPublicKey) RsaSsaPkcs1PublicKey(com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey) RsaSsaPkcs1Params(com.google.crypto.tink.proto.RsaSsaPkcs1Params) RsaSsaPssParams(com.google.crypto.tink.proto.RsaSsaPssParams) IOException(java.io.IOException)

Example 5 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class SignatureKeyTemplates method createRsaSsaPssKeyTemplate.

/**
 * @return a {@link KeyTemplate} containing a {@link RsaSsaPssKeyFormat} with some specified
 *     parameters.
 */
public static KeyTemplate createRsaSsaPssKeyTemplate(HashType sigHash, HashType mgf1Hash, int saltLength, int modulusSize, BigInteger publicExponent) {
    RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(sigHash).setMgf1Hash(mgf1Hash).setSaltLength(saltLength).build();
    RsaSsaPssKeyFormat format = RsaSsaPssKeyFormat.newBuilder().setParams(params).setModulusSizeInBits(modulusSize).setPublicExponent(ByteString.copyFrom(publicExponent.toByteArray())).build();
    return KeyTemplate.newBuilder().setValue(format.toByteString()).setTypeUrl(new RsaSsaPssSignKeyManager().getKeyType()).setOutputPrefixType(OutputPrefixType.TINK).build();
}
Also used : RsaSsaPssKeyFormat(com.google.crypto.tink.proto.RsaSsaPssKeyFormat) RsaSsaPssParams(com.google.crypto.tink.proto.RsaSsaPssParams)

Aggregations

RsaSsaPssParams (com.google.crypto.tink.proto.RsaSsaPssParams)5 RsaSsaPssKeyFormat (com.google.crypto.tink.proto.RsaSsaPssKeyFormat)3 RsaSsaPssPublicKey (com.google.crypto.tink.proto.RsaSsaPssPublicKey)2 BigInteger (java.math.BigInteger)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 PublicKeySign (com.google.crypto.tink.PublicKeySign)1 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)1 RsaSsaPkcs1Params (com.google.crypto.tink.proto.RsaSsaPkcs1Params)1 RsaSsaPkcs1PublicKey (com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey)1 RsaSsaPssPrivateKey (com.google.crypto.tink.proto.RsaSsaPssPrivateKey)1 RsaSsaPssVerifyJce (com.google.crypto.tink.subtle.RsaSsaPssVerifyJce)1 ByteString (com.google.protobuf.ByteString)1 IOException (java.io.IOException)1 KeyFactory (java.security.KeyFactory)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 RSAPrivateCrtKey (java.security.interfaces.RSAPrivateCrtKey)1 ECPoint (java.security.spec.ECPoint)1 RSAKeyGenParameterSpec (java.security.spec.RSAKeyGenParameterSpec)1 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)1