1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/signature/signature_key_templates.h"
18
19 #include <string>
20
21 #include "gtest/gtest.h"
22 #include "openssl/bn.h"
23 #include "openssl/rsa.h"
24 #include "tink/core/key_manager_impl.h"
25 #include "tink/core/private_key_manager_impl.h"
26 #include "tink/internal/bn_util.h"
27 #include "tink/internal/ssl_unique_ptr.h"
28 #include "tink/signature/ecdsa_sign_key_manager.h"
29 #include "tink/signature/ecdsa_verify_key_manager.h"
30 #include "tink/signature/ed25519_sign_key_manager.h"
31 #include "tink/signature/ed25519_verify_key_manager.h"
32 #include "tink/signature/rsa_ssa_pkcs1_sign_key_manager.h"
33 #include "tink/signature/rsa_ssa_pss_sign_key_manager.h"
34 #include "tink/util/statusor.h"
35 #include "tink/util/test_matchers.h"
36 #include "proto/common.pb.h"
37 #include "proto/ecdsa.pb.h"
38 #include "proto/rsa_ssa_pkcs1.pb.h"
39 #include "proto/rsa_ssa_pss.pb.h"
40 #include "proto/tink.pb.h"
41
42 namespace crypto {
43 namespace tink {
44 namespace {
45
46 using ::crypto::tink::test::IsOk;
47 using google::crypto::tink::EcdsaKeyFormat;
48 using google::crypto::tink::EcdsaSignatureEncoding;
49 using google::crypto::tink::Ed25519KeyFormat;
50 using google::crypto::tink::EllipticCurveType;
51 using google::crypto::tink::HashType;
52 using google::crypto::tink::KeyTemplate;
53 using google::crypto::tink::OutputPrefixType;
54 using google::crypto::tink::RsaSsaPkcs1KeyFormat;
55 using google::crypto::tink::RsaSsaPssKeyFormat;
56
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithDerEncoding)57 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithDerEncoding) {
58 std::string type_url =
59 "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey";
60
61 { // Test EcdsaP256().
62 // Check that returned template is correct.
63 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP256();
64 EXPECT_EQ(type_url, key_template.type_url());
65 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
66 EcdsaKeyFormat key_format;
67 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
68 EXPECT_EQ(HashType::SHA256, key_format.params().hash_type());
69 EXPECT_EQ(EllipticCurveType::NIST_P256, key_format.params().curve());
70 EXPECT_EQ(EcdsaSignatureEncoding::DER, key_format.params().encoding());
71
72 // Check that reference to the same object is returned.
73 const KeyTemplate& key_template_2 = SignatureKeyTemplates::EcdsaP256();
74 EXPECT_EQ(&key_template, &key_template_2);
75
76 // Check that the key manager works with the template.
77 EcdsaSignKeyManager sign_key_type_manager;
78 EcdsaVerifyKeyManager verify_key_type_manager;
79 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
80 &sign_key_type_manager, &verify_key_type_manager);
81
82 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
83 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
84 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
85 }
86
87 { // Test EcdsaP256Raw().
88 // Check that returned template is correct.
89 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP256Raw();
90 EXPECT_EQ(type_url, key_template.type_url());
91 EXPECT_EQ(OutputPrefixType::RAW, key_template.output_prefix_type());
92 EcdsaKeyFormat key_format;
93 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
94 EXPECT_EQ(HashType::SHA256, key_format.params().hash_type());
95 EXPECT_EQ(EllipticCurveType::NIST_P256, key_format.params().curve());
96 EXPECT_EQ(EcdsaSignatureEncoding::IEEE_P1363,
97 key_format.params().encoding());
98
99 // Check that reference to the same object is returned.
100 const KeyTemplate& key_template_2 = SignatureKeyTemplates::EcdsaP256Raw();
101 EXPECT_EQ(&key_template, &key_template_2);
102
103 // Check that the key manager works with the template.
104 EcdsaSignKeyManager sign_key_type_manager;
105 EcdsaVerifyKeyManager verify_key_type_manager;
106 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
107 &sign_key_type_manager, &verify_key_type_manager);
108
109 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
110 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
111 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
112 }
113
114 { // Test EcdsaP384().
115 // Check that returned template is correct.
116 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP384();
117 EXPECT_EQ(type_url, key_template.type_url());
118 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
119 EcdsaKeyFormat key_format;
120 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
121 EXPECT_EQ(HashType::SHA512, key_format.params().hash_type());
122 EXPECT_EQ(EllipticCurveType::NIST_P384, key_format.params().curve());
123 EXPECT_EQ(EcdsaSignatureEncoding::DER, key_format.params().encoding());
124
125 // Check that reference to the same object is returned.
126 const KeyTemplate& key_template_2 = SignatureKeyTemplates::EcdsaP384();
127 EXPECT_EQ(&key_template, &key_template_2);
128
129 // Check that the template works with the key manager.
130 EcdsaSignKeyManager sign_key_type_manager;
131 EcdsaVerifyKeyManager verify_key_type_manager;
132 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
133 &sign_key_type_manager, &verify_key_type_manager);
134 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
135 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
136 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
137 }
138
139 { // Test EcdsaP384Sha512().
140 // Check that returned template is correct.
141 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP384Sha512();
142 EXPECT_EQ(type_url, key_template.type_url());
143 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
144 EcdsaKeyFormat key_format;
145 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
146 EXPECT_EQ(HashType::SHA512, key_format.params().hash_type());
147 EXPECT_EQ(EllipticCurveType::NIST_P384, key_format.params().curve());
148 EXPECT_EQ(EcdsaSignatureEncoding::DER, key_format.params().encoding());
149
150 // Check that reference to the same object is returned.
151 const KeyTemplate& key_template2 = SignatureKeyTemplates::EcdsaP384Sha512();
152 EXPECT_EQ(&key_template, &key_template2);
153
154 // Check that the template works with the key manager.
155 EcdsaSignKeyManager sign_key_type_manager;
156 EcdsaVerifyKeyManager verify_key_type_manager;
157 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
158 &sign_key_type_manager, &verify_key_type_manager);
159 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
160 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
161 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
162 }
163
164 { // Test EcdsaP384Sha384().
165 // Check that returned template is correct.
166 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP384Sha384();
167 EXPECT_EQ(type_url, key_template.type_url());
168 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
169 EcdsaKeyFormat key_format;
170 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
171 EXPECT_EQ(HashType::SHA384, key_format.params().hash_type());
172 EXPECT_EQ(EllipticCurveType::NIST_P384, key_format.params().curve());
173 EXPECT_EQ(EcdsaSignatureEncoding::DER, key_format.params().encoding());
174
175 // Check that reference to the same object is returned.
176 const KeyTemplate& key_template2 = SignatureKeyTemplates::EcdsaP384Sha384();
177 EXPECT_EQ(&key_template, &key_template2);
178
179 // Check that the template works with the key manager.
180 EcdsaSignKeyManager sign_key_type_manager;
181 EcdsaVerifyKeyManager verify_key_type_manager;
182 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
183 &sign_key_type_manager, &verify_key_type_manager);
184 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
185 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
186 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
187 }
188
189 { // Test EcdsaP521().
190 // Check that returned template is correct.
191 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP521();
192 EXPECT_EQ(type_url, key_template.type_url());
193 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
194 EcdsaKeyFormat key_format;
195 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
196 EXPECT_EQ(HashType::SHA512, key_format.params().hash_type());
197 EXPECT_EQ(EllipticCurveType::NIST_P521, key_format.params().curve());
198 EXPECT_EQ(EcdsaSignatureEncoding::DER, key_format.params().encoding());
199
200 // Check that reference to the same object is returned.
201 const KeyTemplate& key_template_2 = SignatureKeyTemplates::EcdsaP521();
202 EXPECT_EQ(&key_template, &key_template_2);
203
204 // Check that the template works with the key manager.
205 EcdsaSignKeyManager sign_key_type_manager;
206 EcdsaVerifyKeyManager verify_key_type_manager;
207 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
208 &sign_key_type_manager, &verify_key_type_manager);
209 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
210 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
211 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
212 }
213 }
214
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithIeeeEncoding)215 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithIeeeEncoding) {
216 std::string type_url =
217 "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey";
218
219 { // Test EcdsaP256Ieee().
220 // Check that returned template is correct.
221 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP256Ieee();
222 EXPECT_EQ(type_url, key_template.type_url());
223 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
224 EcdsaKeyFormat key_format;
225 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
226 EXPECT_EQ(HashType::SHA256, key_format.params().hash_type());
227 EXPECT_EQ(EllipticCurveType::NIST_P256, key_format.params().curve());
228 EXPECT_EQ(EcdsaSignatureEncoding::IEEE_P1363,
229 key_format.params().encoding());
230
231 // Check that reference to the same object is returned.
232 const KeyTemplate& key_template_2 = SignatureKeyTemplates::EcdsaP256Ieee();
233 EXPECT_EQ(&key_template, &key_template_2);
234
235 // Check that the key manager works with the template.
236 EcdsaSignKeyManager sign_key_type_manager;
237 EcdsaVerifyKeyManager verify_key_type_manager;
238 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
239 &sign_key_type_manager, &verify_key_type_manager);
240 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
241 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
242 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
243 }
244
245 { // Test EcdsaP384Ieee().
246 // Check that returned template is correct.
247 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP384Ieee();
248 EXPECT_EQ(type_url, key_template.type_url());
249 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
250 EcdsaKeyFormat key_format;
251 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
252 EXPECT_EQ(HashType::SHA512, key_format.params().hash_type());
253 EXPECT_EQ(EllipticCurveType::NIST_P384, key_format.params().curve());
254 EXPECT_EQ(EcdsaSignatureEncoding::IEEE_P1363,
255 key_format.params().encoding());
256
257 // Check that reference to the same object is returned.
258 const KeyTemplate& key_template_2 = SignatureKeyTemplates::EcdsaP384Ieee();
259 EXPECT_EQ(&key_template, &key_template_2);
260
261 // Check that the template works with the key manager.
262 EcdsaSignKeyManager sign_key_type_manager;
263 EcdsaVerifyKeyManager verify_key_type_manager;
264 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
265 &sign_key_type_manager, &verify_key_type_manager);
266 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
267 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
268 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
269 }
270
271 { // Test EcdsaP521Ieee().
272 // Check that returned template is correct.
273 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP521Ieee();
274 EXPECT_EQ(type_url, key_template.type_url());
275 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
276 EcdsaKeyFormat key_format;
277 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
278 EXPECT_EQ(HashType::SHA512, key_format.params().hash_type());
279 EXPECT_EQ(EllipticCurveType::NIST_P521, key_format.params().curve());
280 EXPECT_EQ(EcdsaSignatureEncoding::IEEE_P1363,
281 key_format.params().encoding());
282
283 // Check that reference to the same object is returned.
284 const KeyTemplate& key_template_2 = SignatureKeyTemplates::EcdsaP521Ieee();
285 EXPECT_EQ(&key_template, &key_template_2);
286
287 // Check that the template works with the key manager.
288 EcdsaSignKeyManager sign_key_type_manager;
289 EcdsaVerifyKeyManager verify_key_type_manager;
290 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
291 &sign_key_type_manager, &verify_key_type_manager);
292 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
293 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
294 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
295 }
296 }
297
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithRsaSsaPkcs13072Sha256F4)298 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithRsaSsaPkcs13072Sha256F4) {
299 std::string type_url =
300 "type.googleapis.com/google.crypto.tink.RsaSsaPkcs1PrivateKey";
301
302 const KeyTemplate& key_template =
303 SignatureKeyTemplates::RsaSsaPkcs13072Sha256F4();
304 EXPECT_EQ(type_url, key_template.type_url());
305 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
306 RsaSsaPkcs1KeyFormat key_format;
307 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
308 EXPECT_EQ(HashType::SHA256, key_format.params().hash_type());
309 EXPECT_GE(key_format.modulus_size_in_bits(), 3072);
310 internal::SslUniquePtr<BIGNUM> e(BN_new());
311 BN_set_word(e.get(), RSA_F4);
312 util::StatusOr<internal::SslUniquePtr<BIGNUM>> resulting_bn =
313 internal::StringToBignum(key_format.public_exponent());
314 ASSERT_THAT(resulting_bn, IsOk());
315 EXPECT_EQ(BN_cmp(resulting_bn->get(), e.get()), 0);
316 // Check that reference to the same object is returned.
317 const KeyTemplate& key_template_2 =
318 SignatureKeyTemplates::RsaSsaPkcs13072Sha256F4();
319 EXPECT_EQ(&key_template, &key_template_2);
320
321 // Check that the key manager works with the template.
322 RsaSsaPkcs1SignKeyManager key_type_manager;
323 auto key_manager = internal::MakeKeyManager<PublicKeySign>(&key_type_manager);
324 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
325 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
326 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
327 }
328
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithRsaSsaPkcs14096Sha512F4)329 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithRsaSsaPkcs14096Sha512F4) {
330 std::string type_url =
331 "type.googleapis.com/google.crypto.tink.RsaSsaPkcs1PrivateKey";
332 const KeyTemplate& key_template =
333 SignatureKeyTemplates::RsaSsaPkcs14096Sha512F4();
334 EXPECT_EQ(type_url, key_template.type_url());
335 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
336 RsaSsaPkcs1KeyFormat key_format;
337 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
338 EXPECT_EQ(HashType::SHA512, key_format.params().hash_type());
339 EXPECT_GE(key_format.modulus_size_in_bits(), 4096);
340 internal::SslUniquePtr<BIGNUM> e(BN_new());
341 BN_set_word(e.get(), RSA_F4);
342 util::StatusOr<internal::SslUniquePtr<BIGNUM>> resulting_bn =
343 internal::StringToBignum(key_format.public_exponent());
344 ASSERT_THAT(resulting_bn, IsOk());
345 EXPECT_EQ(BN_cmp(resulting_bn->get(), e.get()), 0);
346 // Check that reference to the same object is returned.
347 const KeyTemplate& key_template_2 =
348 SignatureKeyTemplates::RsaSsaPkcs14096Sha512F4();
349 EXPECT_EQ(&key_template, &key_template_2);
350
351 // Check that the key manager works with the template.
352 RsaSsaPkcs1SignKeyManager key_type_manager;
353 auto key_manager = internal::MakeKeyManager<PublicKeySign>(&key_type_manager);
354 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
355 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
356 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
357 }
358
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithRsaSsaPss3072Sha256Sha256F4)359 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithRsaSsaPss3072Sha256Sha256F4) {
360 std::string type_url =
361 "type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey";
362 const KeyTemplate& key_template =
363 SignatureKeyTemplates::RsaSsaPss3072Sha256Sha256F4();
364 EXPECT_EQ(type_url, key_template.type_url());
365 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
366 RsaSsaPssKeyFormat key_format;
367 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
368 EXPECT_EQ(HashType::SHA256, key_format.params().sig_hash());
369 EXPECT_EQ(HashType::SHA256, key_format.params().mgf1_hash());
370 EXPECT_EQ(32, key_format.params().salt_length());
371 EXPECT_GE(key_format.modulus_size_in_bits(), 3072);
372 internal::SslUniquePtr<BIGNUM> e(BN_new());
373 BN_set_word(e.get(), RSA_F4);
374 util::StatusOr<internal::SslUniquePtr<BIGNUM>> resulting_bn =
375 internal::StringToBignum(key_format.public_exponent());
376 ASSERT_THAT(resulting_bn, IsOk());
377 EXPECT_EQ(BN_cmp(resulting_bn->get(), e.get()), 0);
378
379 // Check that reference to the same object is returned.
380 const KeyTemplate& key_template_2 =
381 SignatureKeyTemplates::RsaSsaPss3072Sha256Sha256F4();
382 EXPECT_EQ(&key_template, &key_template_2);
383
384 // Check that the key manager works with the template.
385 RsaSsaPssSignKeyManager key_type_manager;
386 auto key_manager = internal::MakeKeyManager<PublicKeySign>(&key_type_manager);
387 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
388 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
389 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
390 }
391
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithRsaSsaPss4096Sha384Sha384F4)392 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithRsaSsaPss4096Sha384Sha384F4) {
393 std::string type_url =
394 "type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey";
395 const KeyTemplate& key_template =
396 SignatureKeyTemplates::RsaSsaPss4096Sha384Sha384F4();
397 EXPECT_EQ(type_url, key_template.type_url());
398 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
399 RsaSsaPssKeyFormat key_format;
400 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
401 EXPECT_EQ(HashType::SHA384, key_format.params().sig_hash());
402 EXPECT_EQ(HashType::SHA384, key_format.params().mgf1_hash());
403 EXPECT_EQ(48, key_format.params().salt_length());
404 EXPECT_GE(key_format.modulus_size_in_bits(), 4096);
405 internal::SslUniquePtr<BIGNUM> e(BN_new());
406 BN_set_word(e.get(), RSA_F4);
407 util::StatusOr<internal::SslUniquePtr<BIGNUM>> resulting_bn =
408 internal::StringToBignum(key_format.public_exponent());
409 ASSERT_THAT(resulting_bn, IsOk());
410 EXPECT_EQ(BN_cmp(resulting_bn->get(), e.get()), 0);
411
412 // Check that reference to the same object is returned.
413 const KeyTemplate& key_template_2 =
414 SignatureKeyTemplates::RsaSsaPss4096Sha384Sha384F4();
415 EXPECT_EQ(&key_template, &key_template_2);
416
417 // Check that the key manager works with the template.
418 RsaSsaPssSignKeyManager key_type_manager;
419 auto key_manager = internal::MakeKeyManager<PublicKeySign>(&key_type_manager);
420 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
421 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
422 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
423 }
424
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithRsaSsaPss4096Sha512Sha512F4)425 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithRsaSsaPss4096Sha512Sha512F4) {
426 std::string type_url =
427 "type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey";
428 const KeyTemplate& key_template =
429 SignatureKeyTemplates::RsaSsaPss4096Sha512Sha512F4();
430 EXPECT_EQ(type_url, key_template.type_url());
431 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
432 RsaSsaPssKeyFormat key_format;
433 EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
434 EXPECT_EQ(HashType::SHA512, key_format.params().sig_hash());
435 EXPECT_EQ(HashType::SHA512, key_format.params().mgf1_hash());
436 EXPECT_EQ(64, key_format.params().salt_length());
437 EXPECT_GE(key_format.modulus_size_in_bits(), 4096);
438 internal::SslUniquePtr<BIGNUM> e(BN_new());
439 BN_set_word(e.get(), RSA_F4);
440
441 util::StatusOr<internal::SslUniquePtr<BIGNUM>> resulting_bn =
442 internal::StringToBignum(key_format.public_exponent());
443 ASSERT_THAT(resulting_bn, IsOk());
444 EXPECT_EQ(BN_cmp(resulting_bn->get(), e.get()), 0);
445
446 // Check that reference to the same object is returned.
447 const KeyTemplate& key_template_2 =
448 SignatureKeyTemplates::RsaSsaPss4096Sha512Sha512F4();
449 EXPECT_EQ(&key_template, &key_template_2);
450
451 // Check that the key manager works with the template.
452 RsaSsaPssSignKeyManager key_type_manager;
453 auto key_manager = internal::MakeKeyManager<PublicKeySign>(&key_type_manager);
454 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
455 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
456 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
457 }
458
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithEd25519)459 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithEd25519) {
460 std::string type_url =
461 "type.googleapis.com/google.crypto.tink.Ed25519PrivateKey";
462 const KeyTemplate& key_template = SignatureKeyTemplates::Ed25519();
463 EXPECT_EQ(type_url, key_template.type_url());
464 EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
465
466 // Check that reference to the same object is returned.
467 const KeyTemplate& key_template_2 = SignatureKeyTemplates::Ed25519();
468 EXPECT_EQ(&key_template, &key_template_2);
469
470 // Check that the key manager works with the template.
471 Ed25519SignKeyManager sign_key_type_manager;
472 Ed25519VerifyKeyManager verify_key_type_manager;
473 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
474 &sign_key_type_manager, &verify_key_type_manager);
475
476 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
477 Ed25519KeyFormat key_format;
478 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
479 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
480 }
481
TEST(SignatureKeyTemplatesTest,KeyTemplatesWithEd25519WithRawOutput)482 TEST(SignatureKeyTemplatesTest, KeyTemplatesWithEd25519WithRawOutput) {
483 std::string type_url =
484 "type.googleapis.com/google.crypto.tink.Ed25519PrivateKey";
485 const KeyTemplate& key_template =
486 SignatureKeyTemplates::Ed25519WithRawOutput();
487 EXPECT_EQ(type_url, key_template.type_url());
488 EXPECT_EQ(OutputPrefixType::RAW, key_template.output_prefix_type());
489
490 // Check that reference to the same object is returned.
491 const KeyTemplate& key_template_2 =
492 SignatureKeyTemplates::Ed25519WithRawOutput();
493 EXPECT_EQ(&key_template, &key_template_2);
494
495 // Check that the key manager works with the template.
496 Ed25519SignKeyManager sign_key_type_manager;
497 Ed25519VerifyKeyManager verify_key_type_manager;
498 auto key_manager = internal::MakePrivateKeyManager<PublicKeySign>(
499 &sign_key_type_manager, &verify_key_type_manager);
500
501 EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
502 Ed25519KeyFormat key_format;
503 auto new_key_result = key_manager->get_key_factory().NewKey(key_format);
504 EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
505 }
506
507 } // namespace
508 } // namespace tink
509 } // namespace crypto
510