Search in sources :

Example 21 with ECPublicKey

use of java.security.interfaces.ECPublicKey in project wycheproof by google.

the class EcdhTest method testModifiedPublicSpec.

/**
   * This is a similar test as testModifiedPublic. However, this test uses test vectors
   * ECPublicKeySpec
   */
@SuppressWarnings("InsecureCryptoUsage")
public void testModifiedPublicSpec(String algorithm) throws Exception {
    KeyAgreement ka;
    try {
        ka = KeyAgreement.getInstance(algorithm);
    } catch (NoSuchAlgorithmException ex) {
        System.out.println("testWrongOrder: " + algorithm + " not supported");
        return;
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(EcUtil.getNistP256Params());
    ECPrivateKey priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
    KeyFactory kf = KeyFactory.getInstance("EC");
    ECPublicKey validKey = (ECPublicKey) kf.generatePublic(EC_VALID_PUBLIC_KEY.getSpec());
    ka.init(priv);
    ka.doPhase(validKey, true);
    String expected = TestUtil.bytesToHex(ka.generateSecret());
    for (EcPublicKeyTestVector test : EC_MODIFIED_PUBLIC_KEYS) {
        ECPublicKeySpec spec = test.getSpec();
        if (spec == null) {
            // spec == null if one of these validity checks fails. Of course such a failure is OK.
            continue;
        }
        try {
            ECPublicKey modifiedKey = (ECPublicKey) kf.generatePublic(spec);
            ka.init(priv);
            ka.doPhase(modifiedKey, true);
            String shared = TestUtil.bytesToHex(ka.generateSecret());
            // The implementation did not notice that the public key was modified.
            // This is not nice, but at the moment we only fail the test if the
            // modification was essential for computing the shared secret.
            //
            // BouncyCastle v.1.53 fails this test, for ECDHC with modified order.
            // This implementation reduces the product s*h modulo the order given
            // in the public key. An attacker who can modify the order of the public key
            // and who can learn whether such a modification changes the shared secret is
            // able to learn the private key with a simple binary search.
            assertEquals("algorithm:" + algorithm + " test:" + test.comment, expected, shared);
        } catch (GeneralSecurityException ex) {
            // OK, since the public keys have been modified.
            System.out.println("testModifiedPublic:" + test.comment + " throws " + ex.toString());
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) ECPublicKey(java.security.interfaces.ECPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyPairGenerator(java.security.KeyPairGenerator) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory) ECPublicKeySpec(java.security.spec.ECPublicKeySpec)

Example 22 with ECPublicKey

use of java.security.interfaces.ECPublicKey in project wycheproof by google.

the class EcdhTest method testModifiedPublic.

/**
   * This test modifies the order of group in the public key. A severe bug would be an
   * implementation that leaks information whether the private key is larger than the order given in
   * the public key. Also a severe bug would be to reduce the private key modulo the order given in
   * the public key parameters.
   */
@SuppressWarnings("InsecureCryptoUsage")
public void testModifiedPublic(String algorithm) throws Exception {
    KeyAgreement ka;
    try {
        ka = KeyAgreement.getInstance(algorithm);
    } catch (NoSuchAlgorithmException ex) {
        System.out.println("testWrongOrder: " + algorithm + " not supported");
        return;
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(EcUtil.getNistP256Params());
    ECPrivateKey priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
    KeyFactory kf = KeyFactory.getInstance("EC");
    ECPublicKey validKey = (ECPublicKey) kf.generatePublic(EC_VALID_PUBLIC_KEY.getSpec());
    ka.init(priv);
    ka.doPhase(validKey, true);
    String expected = TestUtil.bytesToHex(ka.generateSecret());
    for (EcPublicKeyTestVector test : EC_MODIFIED_PUBLIC_KEYS) {
        try {
            X509EncodedKeySpec spec = test.getX509EncodedKeySpec();
            ECPublicKey modifiedKey = (ECPublicKey) kf.generatePublic(spec);
            ka.init(priv);
            ka.doPhase(modifiedKey, true);
            String shared = TestUtil.bytesToHex(ka.generateSecret());
            // The implementation did not notice that the public key was modified.
            // This is not nice, but at the moment we only fail the test if the
            // modification was essential for computing the shared secret.
            //
            // BouncyCastle v.1.53 fails this test, for ECDHC with modified order.
            // This implementation reduces the product s*h modulo the order given
            // in the public key. An attacker who can modify the order of the public key
            // and who can learn whether such a modification changes the shared secret is
            // able to learn the private key with a simple binary search.
            assertEquals("algorithm:" + algorithm + " test:" + test.comment, expected, shared);
        } catch (GeneralSecurityException ex) {
            // OK, since the public keys have been modified.
            System.out.println("testModifiedPublic:" + test.comment + " throws " + ex.toString());
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) ECPublicKey(java.security.interfaces.ECPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyPairGenerator(java.security.KeyPairGenerator) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory)

Example 23 with ECPublicKey

use of java.security.interfaces.ECPublicKey in project wycheproof by google.

the class EcdsaTest method testVectors.

public void testVectors(String[] signatures, ECPublicKeySpec pubSpec, String message, String algorithm, String signatureType, boolean isValidDER, boolean isValidBER) throws Exception {
    byte[] messageBytes = message.getBytes("UTF-8");
    Signature verifier = Signature.getInstance(algorithm);
    KeyFactory kf = KeyFactory.getInstance("EC");
    ECPublicKey pub = (ECPublicKey) kf.generatePublic(pubSpec);
    int errors = 0;
    for (String signature : signatures) {
        byte[] signatureBytes = TestUtil.hexToBytes(signature);
        verifier.initVerify(pub);
        verifier.update(messageBytes);
        boolean verified = false;
        try {
            verified = verifier.verify(signatureBytes);
        } catch (SignatureException ex) {
            // verify can throw SignatureExceptions if the signature is malformed.
            // We don't flag these cases and simply consider the signature as invalid.
            verified = false;
        }
        if (!verified && isValidDER) {
            System.out.println(signatureType + " was not verified:" + signature);
            errors++;
        }
        if (verified && !isValidBER) {
            System.out.println(signatureType + " was verified:" + signature);
            errors++;
        }
    }
    assertEquals(0, errors);
}
Also used : ECPublicKey(java.security.interfaces.ECPublicKey) Signature(java.security.Signature) SignatureException(java.security.SignatureException) KeyFactory(java.security.KeyFactory) ECPoint(java.security.spec.ECPoint)

Example 24 with ECPublicKey

use of java.security.interfaces.ECPublicKey in project wycheproof by google.

the class EcdsaTest method testBasic.

/**
   * This test checks the basic functionality of ECDSA. It can also be used to generate simple test
   * vectors.
   */
public void testBasic() throws Exception {
    String algorithm = "SHA256WithECDSA";
    String hashAlgorithm = "SHA-256";
    String message = "Hello";
    String curve = "secp256r1";
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
    keyGen.initialize(ecSpec);
    KeyPair keyPair = keyGen.generateKeyPair();
    ECPublicKey pub = (ECPublicKey) keyPair.getPublic();
    ECPrivateKey priv = (ECPrivateKey) keyPair.getPrivate();
    byte[] messageBytes = message.getBytes("UTF-8");
    Signature signer = Signature.getInstance(algorithm);
    Signature verifier = Signature.getInstance(algorithm);
    signer.initSign(priv);
    signer.update(messageBytes);
    byte[] signature = signer.sign();
    verifier.initVerify(pub);
    verifier.update(messageBytes);
    assertTrue(verifier.verify(signature));
    // Extract some parameters.
    byte[] rawHash = MessageDigest.getInstance(hashAlgorithm).digest(messageBytes);
    ECParameterSpec params = priv.getParams();
    // Print keys and signature, so that it can be used to generate new test vectors.
    System.out.println("Message:" + message);
    System.out.println("Hash:" + TestUtil.bytesToHex(rawHash));
    System.out.println("Curve:" + curve);
    System.out.println("Order:" + params.getOrder().toString());
    System.out.println("Private key:");
    System.out.println("S:" + priv.getS().toString());
    System.out.println("encoded:" + TestUtil.bytesToHex(priv.getEncoded()));
    System.out.println("Public key:");
    ECPoint w = pub.getW();
    System.out.println("X:" + w.getAffineX().toString());
    System.out.println("Y:" + w.getAffineY().toString());
    System.out.println("encoded:" + TestUtil.bytesToHex(pub.getEncoded()));
    System.out.println("Signature:" + TestUtil.bytesToHex(signature));
    System.out.println("r:" + extractR(signature).toString());
    System.out.println("s:" + extractS(signature).toString());
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec) Signature(java.security.Signature) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) ECPoint(java.security.spec.ECPoint)

Example 25 with ECPublicKey

use of java.security.interfaces.ECPublicKey in project wycheproof by google.

the class EciesTest method testKeyGeneration.

/**
   * BouncyCastle has a key generation algorithm "ECIES". This test checks that the result are
   * ECKeys in both cases.
   */
public void testKeyGeneration() throws Exception {
    ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
    KeyPairGenerator kf = KeyPairGenerator.getInstance("ECIES");
    kf.initialize(ecSpec);
    KeyPair keyPair = kf.generateKeyPair();
    ECPrivateKey priv = (ECPrivateKey) keyPair.getPrivate();
    ECPublicKey pub = (ECPublicKey) keyPair.getPublic();
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator)

Aggregations

ECPublicKey (java.security.interfaces.ECPublicKey)35 RSAPublicKey (java.security.interfaces.RSAPublicKey)14 PublicKey (java.security.PublicKey)13 KeyFactory (java.security.KeyFactory)11 KeyPairGenerator (java.security.KeyPairGenerator)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 ECPrivateKey (java.security.interfaces.ECPrivateKey)8 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 PrivateKey (java.security.PrivateKey)7 X509Certificate (java.security.cert.X509Certificate)7 ECParameterSpec (java.security.spec.ECParameterSpec)7 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)7 NonNull (android.annotation.NonNull)5 ExportResult (android.security.keymaster.ExportResult)5 ByteArrayInputStream (java.io.ByteArrayInputStream)5 KeyPair (java.security.KeyPair)5 NoSuchProviderException (java.security.NoSuchProviderException)5 ProviderException (java.security.ProviderException)5 Certificate (java.security.cert.Certificate)5 CertificateFactory (java.security.cert.CertificateFactory)5