Examples with RsaSsaPssPublicKey com.google.crypto.tink.proto.RsaSsaPssPublicKey used on opensource projects

Example 6 with RsaSsaPssPublicKey

use of com.google.crypto.tink.proto.RsaSsaPssPublicKey in project tink by google.

the class RsaSsaPssSignKeyManagerTest method createCorruptedModulusPrimitive_throws.

@Test
public void createCorruptedModulusPrimitive_throws() throws Exception {
    RsaSsaPssKeyFormat format = createKeyFormat(HashType.SHA512, HashType.SHA512, 64, 4096, RSAKeyGenParameterSpec.F4);
    RsaSsaPssPrivateKey originalKey = factory.createKey(format);
    byte[] originalN = originalKey.getPublicKey().getN().toByteArray();
    originalN[0] = (byte) (originalN[0] ^ 0x01);
    ByteString corruptedN = ByteString.copyFrom(originalN);
    RsaSsaPssPublicKey corruptedPub = RsaSsaPssPublicKey.newBuilder().setVersion(originalKey.getPublicKey().getVersion()).setN(corruptedN).setE(originalKey.getPublicKey().getE()).build();
    RsaSsaPssPrivateKey corruptedKey = RsaSsaPssPrivateKey.newBuilder().setVersion(originalKey.getVersion()).setPublicKey(corruptedPub).setD(originalKey.getD()).setP(originalKey.getP()).setQ(originalKey.getQ()).setDp(originalKey.getDp()).setDq(originalKey.getDq()).setCrt(originalKey.getCrt()).build();
    assertThrows(GeneralSecurityException.class, () -> manager.getPrimitive(corruptedKey, PublicKeySign.class));
}

Example 7 with RsaSsaPssPublicKey

use of com.google.crypto.tink.proto.RsaSsaPssPublicKey in project tink by google.

the class RsaSsaPssSignKeyManager method keyFactory.

@Override
public KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey> keyFactory() {
    return new KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey>(RsaSsaPssKeyFormat.class) {

        @Override
        public void validateKeyFormat(RsaSsaPssKeyFormat format) throws GeneralSecurityException {
            SigUtil.validateRsaSsaPssParams(format.getParams());
            Validators.validateRsaModulusSize(format.getModulusSizeInBits());
            Validators.validateRsaPublicExponent(new BigInteger(1, format.getPublicExponent().toByteArray()));
        }

        @Override
        public RsaSsaPssKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
            return RsaSsaPssKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override
        public RsaSsaPssPrivateKey createKey(RsaSsaPssKeyFormat format) throws GeneralSecurityException {
            RsaSsaPssParams params = format.getParams();
            Validators.validateRsaModulusSize(format.getModulusSizeInBits());
            Validators.validateSignatureHash(SigUtil.toHashType(params.getSigHash()));
            KeyPairGenerator keyGen = EngineFactory.KEY_PAIR_GENERATOR.getInstance("RSA");
            RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(format.getModulusSizeInBits(), new BigInteger(1, format.getPublicExponent().toByteArray()));
            keyGen.initialize(spec);
            KeyPair keyPair = keyGen.generateKeyPair();
            RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
            RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) keyPair.getPrivate();
            // Creates RsaSsaPssPublicKey.
            RsaSsaPssPublicKey pssPubKey = RsaSsaPssPublicKey.newBuilder().setVersion(getVersion()).setParams(params).setE(ByteString.copyFrom(pubKey.getPublicExponent().toByteArray())).setN(ByteString.copyFrom(pubKey.getModulus().toByteArray())).build();
            // Creates RsaSsaPssPrivateKey.
            return RsaSsaPssPrivateKey.newBuilder().setVersion(getVersion()).setPublicKey(pssPubKey).setD(ByteString.copyFrom(privKey.getPrivateExponent().toByteArray())).setP(ByteString.copyFrom(privKey.getPrimeP().toByteArray())).setQ(ByteString.copyFrom(privKey.getPrimeQ().toByteArray())).setDp(ByteString.copyFrom(privKey.getPrimeExponentP().toByteArray())).setDq(ByteString.copyFrom(privKey.getPrimeExponentQ().toByteArray())).setCrt(ByteString.copyFrom(privKey.getCrtCoefficient().toByteArray())).build();
        }

        @Override
        public Map<String, KeyFactory.KeyFormat<RsaSsaPssKeyFormat>> keyFormats() throws GeneralSecurityException {
            Map<String, KeyFactory.KeyFormat<RsaSsaPssKeyFormat>> result = new HashMap<>();
            result.put("RSA_SSA_PSS_3072_SHA256_F4", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_3072_SHA256_F4_RAW", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.RAW));
            // This is identical to RSA_SSA_PSS_3072_SHA256_F4. It is needed to maintain backward
            // compatibility with SignatureKeyTemplates.
            // TODO(b/185475349): remove this in Tink 2.0.0.
            result.put("RSA_SSA_PSS_3072_SHA256_SHA256_32_F4", new KeyFormat<>(createKeyFormat(HashType.SHA256, HashType.SHA256, /*saltLength=*/
            32, /*modulusSize=*/
            3072, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_4096_SHA512_F4", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            result.put("RSA_SSA_PSS_4096_SHA512_F4_RAW", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.RAW));
            // This is identical to RSA_SSA_PSS_4096_SHA512_F4. It is needed to maintain backward
            // compatibility with SignatureKeyTemplates.
            // TODO(b/185475349): remove this in Tink 2.0.0.
            result.put("RSA_SSA_PSS_4096_SHA512_SHA512_64_F4", new KeyFormat<>(createKeyFormat(HashType.SHA512, HashType.SHA512, /*saltLength=*/
            64, /*modulusSize=*/
            4096, RSAKeyGenParameterSpec.F4), KeyTemplate.OutputPrefixType.TINK));
            return Collections.unmodifiableMap(result);
        }
    };
}

Example 8 with RsaSsaPssPublicKey

use of com.google.crypto.tink.proto.RsaSsaPssPublicKey in project tink by google.

the class SignaturePemKeysetReader method convertRsaPublicKey.

private static KeyData convertRsaPublicKey(PemKeyType pemKeyType, RSAPublicKey key) throws IOException {
    if (pemKeyType.algorithm.equals("RSASSA-PKCS1-v1_5")) {
        RsaSsaPkcs1Params params = RsaSsaPkcs1Params.newBuilder().setHashType(getHashType(pemKeyType)).build();
        RsaSsaPkcs1PublicKey pkcs1PubKey = RsaSsaPkcs1PublicKey.newBuilder().setVersion(new RsaSsaPkcs1VerifyKeyManager().getVersion()).setParams(params).setE(SigUtil.toUnsignedIntByteString(key.getPublicExponent())).setN(SigUtil.toUnsignedIntByteString(key.getModulus())).build();
        return KeyData.newBuilder().setTypeUrl(new RsaSsaPkcs1VerifyKeyManager().getKeyType()).setValue(pkcs1PubKey.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
    } else if (pemKeyType.algorithm.equals("RSASSA-PSS")) {
        RsaSsaPssParams params = RsaSsaPssParams.newBuilder().setSigHash(getHashType(pemKeyType)).setMgf1Hash(getHashType(pemKeyType)).setSaltLength(getDigestSizeInBytes(pemKeyType)).build();
        RsaSsaPssPublicKey pssPubKey = RsaSsaPssPublicKey.newBuilder().setVersion(new RsaSsaPssVerifyKeyManager().getVersion()).setParams(params).setE(SigUtil.toUnsignedIntByteString(key.getPublicExponent())).setN(SigUtil.toUnsignedIntByteString(key.getModulus())).build();
        return KeyData.newBuilder().setTypeUrl(new RsaSsaPssVerifyKeyManager().getKeyType()).setValue(pssPubKey.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
    }
    throw new IOException("unsupported RSA signature algorithm: " + pemKeyType.algorithm);
}

Example 9 with RsaSsaPssPublicKey

use of com.google.crypto.tink.proto.RsaSsaPssPublicKey in project tink by google.

the class SignaturePemKeysetReaderTest method read_onePEM_oneRSAPublicKey_oneECPublicKey_eCPublicKeyShouldBeIgnored.

@Test
public void read_onePEM_oneRSAPublicKey_oneECPublicKey_eCPublicKeyShouldBeIgnored() throws Exception {
    String pem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90Xf/NN1lRGBofJQzJf\n" + "lHvo6GAf25GGQGaMmD9T1ZP71CCbJ69lGIS/6akFBg6ECEHGM2EZ4WFLCdr5byUq\n" + "GCf4mY4WuOn+AcwzwAoDz9ASIFcQOoPclO7JYdfo2SOaumumdb5S/7FkKJ70TGYW\n" + "j9aTOYWsCcaojbjGDY/JEXz3BSRIngcgOvXBmV1JokcJ/LsrJD263WE9iUknZDhB\n" + "K7y4ChjHNqL8yJcw/D8xLNiJtIyuxiZ00p/lOVUInr8C/a2C1UGCgEGuXZAEGAdO\n" + "NVez52n5TLvQP3hRd4MTi7YvfhezRcA4aXyIDOv+TYi4p+OVTYQ+FMbkgoWBm5bq\n" + "wQIDAQAB\n" + "-----END PUBLIC KEY-----\n" + "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7BiT5K5pivl4Qfrt9hRhRREMUzj/\n" + "8suEJ7GlMxZfvdcpbi/GhYPuJi8Gn2H1NaMJZcLZo5MLPKyyGT5u3u1VBQ==\n" + "-----END PUBLIC KEY-----\n";
    KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.RSA_PSS_2048_SHA256).build();
    Keyset ks = keysetReader.read();
    Keyset.Key key = ks.getKey(0);
    KeyData keyData = key.getKeyData();
    RsaSsaPssPublicKey publicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPublicKey publicKey = (RSAPublicKey) PemKeyType.RSA_PSS_2048_SHA256.readKey(new BufferedReader(new StringReader(pem)));
    assertThat(ks.getKeyCount()).isEqualTo(1);
    assertThat(ks.getPrimaryKeyId()).isEqualTo(key.getKeyId());
    assertThat(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(publicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getSaltLength()).isEqualTo(32);
    assertThat(publicKeyProto.getN().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getModulus()).toByteArray());
    assertThat(publicKeyProto.getE().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getPublicExponent()).toByteArray());
}

Example 10 with RsaSsaPssPublicKey

use of com.google.crypto.tink.proto.RsaSsaPssPublicKey in project tink by google.

the class SignaturePemKeysetReaderTest method read_twoPEMs_oneRSAPublicKey_oneECPublicKey_shouldWork.

@Test
public void read_twoPEMs_oneRSAPublicKey_oneECPublicKey_shouldWork() throws Exception {
    String rsaPem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90Xf/NN1lRGBofJQzJf\n" + "lHvo6GAf25GGQGaMmD9T1ZP71CCbJ69lGIS/6akFBg6ECEHGM2EZ4WFLCdr5byUq\n" + "GCf4mY4WuOn+AcwzwAoDz9ASIFcQOoPclO7JYdfo2SOaumumdb5S/7FkKJ70TGYW\n" + "j9aTOYWsCcaojbjGDY/JEXz3BSRIngcgOvXBmV1JokcJ/LsrJD263WE9iUknZDhB\n" + "K7y4ChjHNqL8yJcw/D8xLNiJtIyuxiZ00p/lOVUInr8C/a2C1UGCgEGuXZAEGAdO\n" + "NVez52n5TLvQP3hRd4MTi7YvfhezRcA4aXyIDOv+TYi4p+OVTYQ+FMbkgoWBm5bq\n" + "wQIDAQAB\n" + "-----END PUBLIC KEY-----\n";
    String ecPem = "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7BiT5K5pivl4Qfrt9hRhRREMUzj/\n" + "8suEJ7GlMxZfvdcpbi/GhYPuJi8Gn2H1NaMJZcLZo5MLPKyyGT5u3u1VBQ==\n" + "-----END PUBLIC KEY-----\n";
    KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(rsaPem, PemKeyType.RSA_PSS_2048_SHA256).addPem(ecPem, PemKeyType.ECDSA_P256_SHA256).build();
    Keyset ks = keysetReader.read();
    assertThat(ks.getKeyCount()).isEqualTo(2);
    Keyset.Key firstKey = ks.getKey(0);
    assertThat(ks.getPrimaryKeyId()).isEqualTo(firstKey.getKeyId());
    KeyData keyData = firstKey.getKeyData();
    RsaSsaPssPublicKey rsaPublicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPublicKey rsaPublicKey = (RSAPublicKey) PemKeyType.RSA_PSS_2048_SHA256.readKey(new BufferedReader(new StringReader(rsaPem)));
    assertThat(firstKey.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(firstKey.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(rsaPublicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
    assertThat(rsaPublicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
    assertThat(rsaPublicKeyProto.getParams().getSaltLength()).isEqualTo(32);
    assertThat(rsaPublicKeyProto.getN().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(rsaPublicKey.getModulus()).toByteArray());
    assertThat(rsaPublicKeyProto.getE().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(rsaPublicKey.getPublicExponent()).toByteArray());
    Keyset.Key secondKey = ks.getKey(1);
    keyData = secondKey.getKeyData();
    EcdsaPublicKey ecPublicKeyProto = EcdsaPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    ECPublicKey ecPublicKey = (ECPublicKey) PemKeyType.ECDSA_P256_SHA256.readKey(new BufferedReader(new StringReader(ecPem)));
    assertThat(secondKey.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(secondKey.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new EcdsaVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(ecPublicKeyProto.getParams().getHashType()).isEqualTo(HashType.SHA256);
    assertThat(ecPublicKeyProto.getParams().getCurve()).isEqualTo(EllipticCurveType.NIST_P256);
    assertThat(ecPublicKeyProto.getParams().getEncoding()).isEqualTo(EcdsaSignatureEncoding.DER);
    assertThat(ecPublicKeyProto.getX().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(ecPublicKey.getW().getAffineX()).toByteArray());
    assertThat(ecPublicKeyProto.getY().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(ecPublicKey.getW().getAffineY()).toByteArray());
}