Examples with RsaSsaPssParams com.google.crypto.tink.proto.RsaSsaPssParams used on opensource projects

Example 1 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class TestUtil method createRsaSsaPssPubKey.

/**
 * Returns a {@code RsaSsaPssPublicKey} constructed from {@code modulus}, {@code exponent}, {@code
 * sigHash}, {@code mgf1Hash} and {@code saltLength}.
 */
public static RsaSsaPssPublicKey createRsaSsaPssPubKey(byte[] modulus, byte[] exponent, HashType sigHash, HashType mgf1Hash, int saltLength) throws Exception {
    final int version = 0;
    RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(sigHash).setMgf1Hash(mgf1Hash).setSaltLength(saltLength).build();
    return RsaSsaPssPublicKey.newBuilder().setVersion(version).setParams(params).setN(ByteString.copyFrom(modulus)).setE(ByteString.copyFrom(exponent)).build();
}

Example 2 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class RsaSsaPssSignKeyManagerTest method createPrimitive.

@Test
public void createPrimitive() throws Exception {
    if (TestUtil.isTsan()) {
        // factory.createKey is too slow in Tsan.
        return;
    }
    RsaSsaPssKeyFormat format = createKeyFormat(HashType.SHA512, HashType.SHA512, 64, 4096, RSAKeyGenParameterSpec.F4);
    RsaSsaPssPrivateKey key = factory.createKey(format);
    PublicKeySign signer = manager.getPrimitive(key, PublicKeySign.class);
    KeyFactory kf = EngineFactory.KEY_FACTORY.getInstance("RSA");
    BigInteger modulus = new BigInteger(1, key.getPublicKey().getN().toByteArray());
    BigInteger exponent = new BigInteger(1, key.getPublicKey().getE().toByteArray());
    RSAPublicKey publicKey = (RSAPublicKey) kf.generatePublic(new RSAPublicKeySpec(modulus, exponent));
    RsaSsaPssParams params = key.getPublicKey().getParams();
    PublicKeyVerify verifier = new RsaSsaPssVerifyJce(publicKey, SigUtil.toHashType(params.getSigHash()), SigUtil.toHashType(params.getMgf1Hash()), params.getSaltLength());
    byte[] message = Random.randBytes(135);
    verifier.verify(signer.sign(message), message);
}

Example 3 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class RsaSsaPssSignKeyManager method keyFactory.

@Override
public KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey> keyFactory() {
    return new KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey>(RsaSsaPssKeyFormat.class) {

        @Override
        public void validateKeyFormat(RsaSsaPssKeyFormat format) throws GeneralSecurityException {
            SigUtil.validateRsaSsaPssParams(format.getParams());
            Validators.validateRsaModulusSize(format.getModulusSizeInBits());
            Validators.validateRsaPublicExponent(new BigInteger(1, format.getPublicExponent().toByteArray()));
        }

        @Override
        public RsaSsaPssKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
            return RsaSsaPssKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override
        public RsaSsaPssPrivateKey createKey(RsaSsaPssKeyFormat format) throws GeneralSecurityException {
            RsaSsaPssParams params = format.getParams();
            Validators.validateRsaModulusSize(format.getModulusSizeInBits());
            Validators.validateSignatureHash(SigUtil.toHashType(params.getSigHash()));
            KeyPairGenerator keyGen = EngineFactory.KEY_PAIR_GENERATOR.getInstance("RSA");
            RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(format.getModulusSizeInBits(), new BigInteger(1, format.getPublicExponent().toByteArray()));
            keyGen.initialize(spec);
            KeyPair keyPair = keyGen.generateKeyPair();
            RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
            RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) keyPair.getPrivate();
            // Creates RsaSsaPssPublicKey.
            RsaSsaPssPublicKey pssPubKey = RsaSsaPssPublicKey.newBuilder().setVersion(getVersion()).setParams(params).setE(ByteString.copyFrom(pubKey.getPublicExponent().toByteArray())).setN(ByteString.copyFrom(pubKey.getModulus().toByteArray())).build();
            // Creates RsaSsaPssPrivateKey.
            return RsaSsaPssPrivateKey.newBuilder().setVersion(getVersion()).setPublicKey(pssPubKey).setD(ByteString.copyFrom(privKey.getPrivateExponent().toByteArray())).setP(ByteString.copyFrom(privKey.getPrimeP().toByteArray())).setQ(ByteString.copyFrom(privKey.getPrimeQ().toByteArray())).setDp(ByteString.copyFrom(privKey.getPrimeExponentP().toByteArray())).setDq(ByteString.copyFrom(privKey.getPrimeExponentQ().toByteArray())).setCrt(ByteString.copyFrom(privKey.getCrtCoefficient().toByteArray())).build();
        }

        @Override
        public Map<String, KeyFactory.KeyFormat<RsaSsaPssKeyFormat>> keyFormats() throws GeneralSecurityException {
            Map<String, KeyFactory.KeyFormat<RsaSsaPssKeyFormat>> result = new HashMap<>();
            result.put("RSA_SSA_PSS_3072_SHA256_F4", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_3072_SHA256_F4_RAW", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.RAW));
            // This is identical to RSA_SSA_PSS_3072_SHA256_F4. It is needed to maintain backward
            // compatibility with SignatureKeyTemplates.
            // TODO(b/185475349): remove this in Tink 2.0.0.
            result.put("RSA_SSA_PSS_3072_SHA256_SHA256_32_F4", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_4096_SHA512_F4", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_4096_SHA512_F4_RAW", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.RAW));
            // This is identical to RSA_SSA_PSS_4096_SHA512_F4. It is needed to maintain backward
            // compatibility with SignatureKeyTemplates.
            // TODO(b/185475349): remove this in Tink 2.0.0.
            result.put("RSA_SSA_PSS_4096_SHA512_SHA512_64_F4", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            return Collections.unmodifiableMap(result);
        }
    };
}

Example 4 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class SignaturePemKeysetReader method convertRsaPublicKey.

private static KeyData convertRsaPublicKey(PemKeyType pemKeyType, RSAPublicKey key) throws IOException {
    if (pemKeyType.algorithm.equals("RSASSA-PKCS1-v1_5")) {
        RsaSsaPkcs1Params params = RsaSsaPkcs1Params.newBuilder().setHashType(getHashType(pemKeyType)).build();
        RsaSsaPkcs1PublicKey pkcs1PubKey = RsaSsaPkcs1PublicKey.newBuilder().setVersion(new RsaSsaPkcs1VerifyKeyManager().getVersion()).setParams(params).setE(SigUtil.toUnsignedIntByteString(key.getPublicExponent())).setN(SigUtil.toUnsignedIntByteString(key.getModulus())).build();
        return KeyData.newBuilder().setTypeUrl(new RsaSsaPkcs1VerifyKeyManager().getKeyType()).setValue(pkcs1PubKey.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
    } else if (pemKeyType.algorithm.equals("RSASSA-PSS")) {
        RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(getHashType(pemKeyType)).setMgf1Hash(getHashType(pemKeyType)).setSaltLength(getDigestSizeInBytes(pemKeyType)).build();
        RsaSsaPssPublicKey pssPubKey = RsaSsaPssPublicKey.newBuilder().setVersion(new RsaSsaPssVerifyKeyManager().getVersion()).setParams(params).setE(SigUtil.toUnsignedIntByteString(key.getPublicExponent())).setN(SigUtil.toUnsignedIntByteString(key.getModulus())).build();
        return KeyData.newBuilder().setTypeUrl(new RsaSsaPssVerifyKeyManager().getKeyType()).setValue(pssPubKey.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
    }
    throw new IOException("unsupported RSA signature algorithm: " + pemKeyType.algorithm);
}

Example 5 with RsaSsaPssParams

use of com.google.crypto.tink.proto.RsaSsaPssParams in project tink by google.

the class SignatureKeyTemplates method createRsaSsaPssKeyTemplate.

/**
 * @return a {@link KeyTemplate} containing a {@link RsaSsaPssKeyFormat} with some specified
 *     parameters.
 */
public static KeyTemplate createRsaSsaPssKeyTemplate(HashType sigHash, HashType mgf1Hash, int saltLength, int modulusSize, BigInteger publicExponent) {
    RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(sigHash).setMgf1Hash(mgf1Hash).setSaltLength(saltLength).build();
    RsaSsaPssKeyFormat format = RsaSsaPssKeyFormat.newBuilder().setParams(params).setModulusSizeInBits(modulusSize).setPublicExponent(ByteString.copyFrom(publicExponent.toByteArray())).build();
    return KeyTemplate.newBuilder().setValue(format.toByteString()).setTypeUrl(new RsaSsaPssSignKeyManager().getKeyType()).setOutputPrefixType(OutputPrefixType.TINK).build();
}