use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.
the class TestUtil method createRsaSsaPssPubKey.
/**
* Returns a {@code RsaSsaPssPublicKey} constructed from {@code modulus}, {@code exponent}, {@code
* sigHash}, {@code mgf1Hash} and {@code saltLength}.
*/
public static RsaSsaPssPublicKey createRsaSsaPssPubKey(byte[] modulus, byte[] exponent, HashType sigHash, HashType mgf1Hash, int saltLength) throws Exception {
final int version = 0;
RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(sigHash).setMgf1Hash(mgf1Hash).setSaltLength(saltLength).build();
return RsaSsaPssPublicKey.newBuilder().setVersion(version).setParams(params).setN(ByteString.copyFrom(modulus)).setE(ByteString.copyFrom(exponent)).build();
}
use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.
the class RsaSsaPssSignKeyManagerTest method createPrimitive.
@Test
public void createPrimitive() throws Exception {
if (TestUtil.isTsan()) {
// factory.createKey is too slow in Tsan.
return;
}
RsaSsaPssKeyFormat format = createKeyFormat(HashType.SHA512, HashType.SHA512, 64, 4096, RSAKeyGenParameterSpec.F4);
RsaSsaPssPrivateKey key = factory.createKey(format);
PublicKeySign signer = manager.getPrimitive(key, PublicKeySign.class);
KeyFactory kf = EngineFactory.KEY_FACTORY.getInstance("RSA");
BigInteger modulus = new BigInteger(1, key.getPublicKey().getN().toByteArray());
BigInteger exponent = new BigInteger(1, key.getPublicKey().getE().toByteArray());
RSAPublicKey publicKey = (RSAPublicKey) kf.generatePublic(new RSAPublicKeySpec(modulus, exponent));
RsaSsaPssParams params = key.getPublicKey().getParams();
PublicKeyVerify verifier = new RsaSsaPssVerifyJce(publicKey, SigUtil.toHashType(params.getSigHash()), SigUtil.toHashType(params.getMgf1Hash()), params.getSaltLength());
byte[] message = Random.randBytes(135);
verifier.verify(signer.sign(message), message);
}
use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.
the class RsaSsaPssSignKeyManager method keyFactory.
@Override
public KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey> keyFactory() {
return new KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey>(RsaSsaPssKeyFormat.class) {
@Override
public void validateKeyFormat(RsaSsaPssKeyFormat format) throws GeneralSecurityException {
SigUtil.validateRsaSsaPssParams(format.getParams());
Validators.validateRsaModulusSize(format.getModulusSizeInBits());
Validators.validateRsaPublicExponent(new BigInteger(1, format.getPublicExponent().toByteArray()));
}
@Override
public RsaSsaPssKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
return RsaSsaPssKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
}
@Override
public RsaSsaPssPrivateKey createKey(RsaSsaPssKeyFormat format) throws GeneralSecurityException {
RsaSsaPssParams params = format.getParams();
Validators.validateRsaModulusSize(format.getModulusSizeInBits());
Validators.validateSignatureHash(SigUtil.toHashType(params.getSigHash()));
KeyPairGenerator keyGen = EngineFactory.KEY_PAIR_GENERATOR.getInstance("RSA");
RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(format.getModulusSizeInBits(), new BigInteger(1, format.getPublicExponent().toByteArray()));
keyGen.initialize(spec);
KeyPair keyPair = keyGen.generateKeyPair();
RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) keyPair.getPrivate();
// Creates RsaSsaPssPublicKey.
RsaSsaPssPublicKey pssPubKey = RsaSsaPssPublicKey.newBuilder().setVersion(getVersion()).setParams(params).setE(ByteString.copyFrom(pubKey.getPublicExponent().toByteArray())).setN(ByteString.copyFrom(pubKey.getModulus().toByteArray())).build();
// Creates RsaSsaPssPrivateKey.
return RsaSsaPssPrivateKey.newBuilder().setVersion(getVersion()).setPublicKey(pssPubKey).setD(ByteString.copyFrom(privKey.getPrivateExponent().toByteArray())).setP(ByteString.copyFrom(privKey.getPrimeP().toByteArray())).setQ(ByteString.copyFrom(privKey.getPrimeQ().toByteArray())).setDp(ByteString.copyFrom(privKey.getPrimeExponentP().toByteArray())).setDq(ByteString.copyFrom(privKey.getPrimeExponentQ().toByteArray())).setCrt(ByteString.copyFrom(privKey.getCrtCoefficient().toByteArray())).build();
}
@Override
public Map<String, KeyFactory.KeyFormat<RsaSsaPssKeyFormat>> keyFormats() throws GeneralSecurityException {
Map<String, KeyFactory.KeyFormat<RsaSsaPssKeyFormat>> result = new HashMap<>();
result.put("RSA_SSA_PSS_3072_SHA256_F4", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
32, /*modulusSize=*/
3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
result.put("RSA_SSA_PSS_3072_SHA256_F4_RAW", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
32, /*modulusSize=*/
3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.RAW));
// This is identical to RSA_SSA_PSS_3072_SHA256_F4. It is needed to maintain backward
// compatibility with SignatureKeyTemplates.
// TODO(b/185475349): remove this in Tink 2.0.0.
result.put("RSA_SSA_PSS_3072_SHA256_SHA256_32_F4", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
32, /*modulusSize=*/
3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
result.put("RSA_SSA_PSS_4096_SHA512_F4", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
64, /*modulusSize=*/
4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
result.put("RSA_SSA_PSS_4096_SHA512_F4_RAW", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
64, /*modulusSize=*/
4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.RAW));
// This is identical to RSA_SSA_PSS_4096_SHA512_F4. It is needed to maintain backward
// compatibility with SignatureKeyTemplates.
// TODO(b/185475349): remove this in Tink 2.0.0.
result.put("RSA_SSA_PSS_4096_SHA512_SHA512_64_F4", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
64, /*modulusSize=*/
4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
return Collections.unmodifiableMap(result);
}
};
}
use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.
the class SignaturePemKeysetReader method convertRsaPublicKey.
private static KeyData convertRsaPublicKey(PemKeyType pemKeyType, RSAPublicKey key) throws IOException {
if (pemKeyType.algorithm.equals("RSASSA-PKCS1-v1_5")) {
RsaSsaPkcs1Params params = RsaSsaPkcs1Params.newBuilder().setHashType(getHashType(pemKeyType)).build();
RsaSsaPkcs1PublicKey pkcs1PubKey = RsaSsaPkcs1PublicKey.newBuilder().setVersion(new RsaSsaPkcs1VerifyKeyManager().getVersion()).setParams(params).setE(SigUtil.toUnsignedIntByteString(key.getPublicExponent())).setN(SigUtil.toUnsignedIntByteString(key.getModulus())).build();
return KeyData.newBuilder().setTypeUrl(new RsaSsaPkcs1VerifyKeyManager().getKeyType()).setValue(pkcs1PubKey.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
} else if (pemKeyType.algorithm.equals("RSASSA-PSS")) {
RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(getHashType(pemKeyType)).setMgf1Hash(getHashType(pemKeyType)).setSaltLength(getDigestSizeInBytes(pemKeyType)).build();
RsaSsaPssPublicKey pssPubKey = RsaSsaPssPublicKey.newBuilder().setVersion(new RsaSsaPssVerifyKeyManager().getVersion()).setParams(params).setE(SigUtil.toUnsignedIntByteString(key.getPublicExponent())).setN(SigUtil.toUnsignedIntByteString(key.getModulus())).build();
return KeyData.newBuilder().setTypeUrl(new RsaSsaPssVerifyKeyManager().getKeyType()).setValue(pssPubKey.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
}
throw new IOException("unsupported RSA signature algorithm: " + pemKeyType.algorithm);
}
use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.
the class SignatureKeyTemplates method createRsaSsaPssKeyTemplate.
/**
* @return a {@link KeyTemplate} containing a {@link RsaSsaPssKeyFormat} with some specified
* parameters.
*/
public static KeyTemplate createRsaSsaPssKeyTemplate(HashType sigHash, HashType mgf1Hash, int saltLength, int modulusSize, BigInteger publicExponent) {
RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(sigHash).setMgf1Hash(mgf1Hash).setSaltLength(saltLength).build();
RsaSsaPssKeyFormat format = RsaSsaPssKeyFormat.newBuilder().setParams(params).setModulusSizeInBits(modulusSize).setPublicExponent(ByteString.copyFrom(publicExponent.toByteArray())).build();
return KeyTemplate.newBuilder().setValue(format.toByteString()).setTypeUrl(new RsaSsaPssSignKeyManager().getKeyType()).setOutputPrefixType(OutputPrefixType.TINK).build();
}
Aggregations