mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-13 11:19:04 +01:00
Merge branch '236-use-ed25519' into 'master'
Use Ed25519 for signatures See merge request akwizgran/briar!686
This commit is contained in:
akwizgran
@@ -22,10 +22,6 @@ public interface CryptoComponent {
|
||||
|
||||
KeyParser getSignatureKeyParser();
|
||||
|
||||
KeyPair generateEdKeyPair();
|
||||
|
||||
KeyParser getEdKeyParser();
|
||||
|
||||
KeyParser getMessageKeyParser();
|
||||
|
||||
/**
|
||||
@@ -53,7 +49,7 @@ public interface CryptoComponent {
|
||||
throws GeneralSecurityException;
|
||||
|
||||
/**
|
||||
* Signs the given byte[] with the given ECDSA private key.
|
||||
* Signs the given byte[] with the given private key.
|
||||
*
|
||||
* @param label a namespaced label indicating the purpose of this
|
||||
* signature, to prevent it from being repurposed or colliding with a
|
||||
@@ -62,18 +58,9 @@ public interface CryptoComponent {
|
||||
byte[] sign(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException;
|
||||
|
||||
/**
|
||||
* Signs the given byte[] with the given Ed25519 private key.
|
||||
*
|
||||
* @param label A label specific to this signature
|
||||
* to ensure that the signature cannot be repurposed
|
||||
*/
|
||||
byte[] signEd(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException;
|
||||
|
||||
/**
|
||||
* Verifies that the given signature is valid for the signed data
|
||||
* and the given ECDSA public key.
|
||||
* and the given public key.
|
||||
*
|
||||
* @param label a namespaced label indicating the purpose of this
|
||||
* signature, to prevent it from being repurposed or colliding with a
|
||||
@@ -83,17 +70,6 @@ public interface CryptoComponent {
|
||||
boolean verify(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException;
|
||||
|
||||
/**
|
||||
* Verifies that the given signature is valid for the signed data
|
||||
* and the given Ed25519 public key.
|
||||
*
|
||||
* @param label A label that was specific to this signature
|
||||
* to ensure that the signature cannot be repurposed
|
||||
* @return true if the signature was valid, false otherwise.
|
||||
*/
|
||||
boolean verifyEd(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException;
|
||||
|
||||
/**
|
||||
* Returns the hash of the given inputs. The inputs are unambiguously
|
||||
* combined by prefixing each input with its length.
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
package org.briarproject.bramble.api.crypto;
|
||||
|
||||
public interface CryptoConstants {
|
||||
|
||||
/**
|
||||
* The maximum length of an agreement public key in bytes.
|
||||
*/
|
||||
int MAX_AGREEMENT_PUBLIC_KEY_BYTES = 65;
|
||||
|
||||
/**
|
||||
* The maximum length of a signature public key in bytes.
|
||||
*/
|
||||
int MAX_SIGNATURE_PUBLIC_KEY_BYTES = 32;
|
||||
|
||||
/**
|
||||
* The maximum length of a signature in bytes.
|
||||
*/
|
||||
int MAX_SIGNATURE_BYTES = 64;
|
||||
}
|
||||
@@ -22,7 +22,7 @@ public class Author {
|
||||
/**
|
||||
* The current version of the author structure.
|
||||
*/
|
||||
public static final int FORMAT_VERSION = 0;
|
||||
public static final int FORMAT_VERSION = 1;
|
||||
|
||||
private final AuthorId id;
|
||||
private final int formatVersion;
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
package org.briarproject.bramble.api.identity;
|
||||
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_BYTES;
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES;
|
||||
|
||||
public interface AuthorConstants {
|
||||
|
||||
/**
|
||||
@@ -8,26 +11,14 @@ public interface AuthorConstants {
|
||||
int MAX_AUTHOR_NAME_LENGTH = 50;
|
||||
|
||||
/**
|
||||
* The maximum length of a public key in bytes.
|
||||
* <p>
|
||||
* Public keys use SEC1 format: 0x04 x y, where x and y are unsigned
|
||||
* big-endian integers.
|
||||
* <p>
|
||||
* For a 256-bit elliptic curve, the maximum length is 2 * 256 / 8 + 1.
|
||||
* The maximum length of a public key in bytes. This applies to the
|
||||
* signature algorithm used by the current {@link Author format version}.
|
||||
*/
|
||||
int MAX_PUBLIC_KEY_LENGTH = 65;
|
||||
int MAX_PUBLIC_KEY_LENGTH = MAX_SIGNATURE_PUBLIC_KEY_BYTES;
|
||||
|
||||
/**
|
||||
* The maximum length of a signature in bytes.
|
||||
* <p>
|
||||
* A signature is an ASN.1 DER sequence containing two integers, r and s.
|
||||
* The format is 0x30 len1 0x02 len2 r 0x02 len3 s, where len1 is
|
||||
* len(0x02 len2 r 0x02 len3 s) as a DER length, len2 is len(r) as a DER
|
||||
* length, len3 is len(s) as a DER length, and r and s are signed
|
||||
* big-endian integers of minimal length.
|
||||
* <p>
|
||||
* For a 256-bit elliptic curve, the lengths are one byte each, so the
|
||||
* maximum length is 2 * 256 / 8 + 8.
|
||||
* The maximum length of a signature in bytes. This applies to the
|
||||
* signature algorithm used by the current {@link Author format version}.
|
||||
*/
|
||||
int MAX_SIGNATURE_LENGTH = 72;
|
||||
int MAX_SIGNATURE_LENGTH = MAX_SIGNATURE_BYTES;
|
||||
}
|
||||
|
||||
@@ -46,7 +46,6 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
|
||||
private static final int AGREEMENT_KEY_PAIR_BITS = 256;
|
||||
private static final int SIGNATURE_KEY_PAIR_BITS = 256;
|
||||
private static final int ED_KEY_PAIR_BITS = 256;
|
||||
private static final int STORAGE_IV_BYTES = 24; // 196 bits
|
||||
private static final int PBKDF_SALT_BYTES = 32; // 256 bits
|
||||
private static final int PBKDF_FORMAT_SCRYPT = 0;
|
||||
@@ -54,11 +53,9 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
private final SecureRandom secureRandom;
|
||||
private final PasswordBasedKdf passwordBasedKdf;
|
||||
private final ECKeyPairGenerator agreementKeyPairGenerator;
|
||||
private final ECKeyPairGenerator signatureKeyPairGenerator;
|
||||
private final KeyPairGenerator signatureKeyPairGenerator;
|
||||
private final KeyParser agreementKeyParser, signatureKeyParser;
|
||||
private final MessageEncrypter messageEncrypter;
|
||||
private final KeyPairGenerator edKeyPairGenerator;
|
||||
private final KeyParser edKeyParser;
|
||||
|
||||
@Inject
|
||||
CryptoComponentImpl(SecureRandomProvider secureRandomProvider,
|
||||
@@ -87,16 +84,13 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
PARAMETERS, secureRandom);
|
||||
agreementKeyPairGenerator = new ECKeyPairGenerator();
|
||||
agreementKeyPairGenerator.init(params);
|
||||
signatureKeyPairGenerator = new ECKeyPairGenerator();
|
||||
signatureKeyPairGenerator.init(params);
|
||||
signatureKeyPairGenerator = new KeyPairGenerator();
|
||||
signatureKeyPairGenerator.initialize(SIGNATURE_KEY_PAIR_BITS,
|
||||
secureRandom);
|
||||
agreementKeyParser = new Sec1KeyParser(PARAMETERS,
|
||||
AGREEMENT_KEY_PAIR_BITS);
|
||||
signatureKeyParser = new Sec1KeyParser(PARAMETERS,
|
||||
SIGNATURE_KEY_PAIR_BITS);
|
||||
signatureKeyParser = new EdKeyParser();
|
||||
messageEncrypter = new MessageEncrypter(secureRandom);
|
||||
edKeyPairGenerator = new KeyPairGenerator();
|
||||
edKeyPairGenerator.initialize(ED_KEY_PAIR_BITS, secureRandom);
|
||||
edKeyParser = new EdKeyParser();
|
||||
}
|
||||
|
||||
// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
|
||||
@@ -155,21 +149,6 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
return secret;
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeyPair generateEdKeyPair() {
|
||||
java.security.KeyPair keyPair = edKeyPairGenerator.generateKeyPair();
|
||||
EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic();
|
||||
PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte());
|
||||
EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate();
|
||||
PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed());
|
||||
return new KeyPair(publicKey, privateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeyParser getEdKeyParser() {
|
||||
return edKeyParser;
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeyPair generateAgreementKeyPair() {
|
||||
AsymmetricCipherKeyPair keyPair =
|
||||
@@ -193,17 +172,11 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
|
||||
@Override
|
||||
public KeyPair generateSignatureKeyPair() {
|
||||
AsymmetricCipherKeyPair keyPair =
|
||||
signatureKeyPairGenerator.generateKeyPair();
|
||||
// Return a wrapper that uses the SEC 1 encoding
|
||||
ECPublicKeyParameters ecPublicKey =
|
||||
(ECPublicKeyParameters) keyPair.getPublic();
|
||||
PublicKey publicKey = new Sec1PublicKey(ecPublicKey
|
||||
);
|
||||
ECPrivateKeyParameters ecPrivateKey =
|
||||
(ECPrivateKeyParameters) keyPair.getPrivate();
|
||||
PrivateKey privateKey = new Sec1PrivateKey(ecPrivateKey,
|
||||
SIGNATURE_KEY_PAIR_BITS);
|
||||
java.security.KeyPair keyPair = signatureKeyPairGenerator.generateKeyPair();
|
||||
EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic();
|
||||
PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte());
|
||||
EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate();
|
||||
PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed());
|
||||
return new KeyPair(publicKey, privateKey);
|
||||
}
|
||||
|
||||
@@ -240,19 +213,8 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
@Override
|
||||
public byte[] sign(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException {
|
||||
return sign(new SignatureImpl(secureRandom), signatureKeyParser, label,
|
||||
toSign, privateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] signEd(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException {
|
||||
return sign(new EdSignature(), edKeyParser, label, toSign, privateKey);
|
||||
}
|
||||
|
||||
private byte[] sign(Signature sig, KeyParser keyParser, String label,
|
||||
byte[] toSign, byte[] privateKey) throws GeneralSecurityException {
|
||||
PrivateKey key = keyParser.parsePrivateKey(privateKey);
|
||||
PrivateKey key = signatureKeyParser.parsePrivateKey(privateKey);
|
||||
Signature sig = new EdSignature();
|
||||
sig.initSign(key);
|
||||
updateSignature(sig, label, toSign);
|
||||
return sig.sign();
|
||||
@@ -261,21 +223,8 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
@Override
|
||||
public boolean verify(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException {
|
||||
return verify(new SignatureImpl(secureRandom), signatureKeyParser,
|
||||
label, signedData, publicKey, signature);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean verifyEd(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException {
|
||||
return verify(new EdSignature(), edKeyParser, label, signedData,
|
||||
publicKey, signature);
|
||||
}
|
||||
|
||||
private boolean verify(Signature sig, KeyParser keyParser, String label,
|
||||
byte[] signedData, byte[] publicKey, byte[] signature)
|
||||
throws GeneralSecurityException {
|
||||
PublicKey key = keyParser.parsePublicKey(publicKey);
|
||||
PublicKey key = signatureKeyParser.parsePublicKey(publicKey);
|
||||
Signature sig = new EdSignature();
|
||||
sig.initVerify(key);
|
||||
updateSignature(sig, label, signedData);
|
||||
return sig.verify(signature);
|
||||
|
||||
@@ -1,91 +0,0 @@
|
||||
package org.briarproject.bramble.crypto;
|
||||
|
||||
import org.briarproject.bramble.api.crypto.PrivateKey;
|
||||
import org.briarproject.bramble.api.crypto.PublicKey;
|
||||
import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
|
||||
import org.spongycastle.crypto.Digest;
|
||||
import org.spongycastle.crypto.digests.Blake2bDigest;
|
||||
import org.spongycastle.crypto.params.ECPrivateKeyParameters;
|
||||
import org.spongycastle.crypto.params.ECPublicKeyParameters;
|
||||
import org.spongycastle.crypto.params.ParametersWithRandom;
|
||||
import org.spongycastle.crypto.signers.DSADigestSigner;
|
||||
import org.spongycastle.crypto.signers.DSAKCalculator;
|
||||
import org.spongycastle.crypto.signers.ECDSASigner;
|
||||
import org.spongycastle.crypto.signers.HMacDSAKCalculator;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
import javax.annotation.concurrent.NotThreadSafe;
|
||||
|
||||
import static java.util.logging.Level.INFO;
|
||||
|
||||
@NotThreadSafe
|
||||
@NotNullByDefault
|
||||
class SignatureImpl implements Signature {
|
||||
|
||||
private static final Logger LOG =
|
||||
Logger.getLogger(SignatureImpl.class.getName());
|
||||
|
||||
private final SecureRandom secureRandom;
|
||||
private final DSADigestSigner signer;
|
||||
|
||||
SignatureImpl(SecureRandom secureRandom) {
|
||||
this.secureRandom = secureRandom;
|
||||
Digest digest = new Blake2bDigest(256);
|
||||
DSAKCalculator calculator = new HMacDSAKCalculator(digest);
|
||||
signer = new DSADigestSigner(new ECDSASigner(calculator), digest);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initSign(PrivateKey k) throws GeneralSecurityException {
|
||||
if (!(k instanceof Sec1PrivateKey))
|
||||
throw new IllegalArgumentException();
|
||||
ECPrivateKeyParameters priv = ((Sec1PrivateKey) k).getKey();
|
||||
signer.init(true, new ParametersWithRandom(priv, secureRandom));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initVerify(PublicKey k) throws GeneralSecurityException {
|
||||
if (!(k instanceof Sec1PublicKey))
|
||||
throw new IllegalArgumentException();
|
||||
ECPublicKeyParameters pub = ((Sec1PublicKey) k).getKey();
|
||||
signer.init(false, pub);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update(byte b) {
|
||||
signer.update(b);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update(byte[] b) {
|
||||
update(b, 0, b.length);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update(byte[] b, int off, int len) {
|
||||
signer.update(b, off, len);
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] sign() {
|
||||
long now = System.currentTimeMillis();
|
||||
byte[] signature = signer.generateSignature();
|
||||
long duration = System.currentTimeMillis() - now;
|
||||
if (LOG.isLoggable(INFO))
|
||||
LOG.info("Generating signature took " + duration + " ms");
|
||||
return signature;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean verify(byte[] signature) {
|
||||
long now = System.currentTimeMillis();
|
||||
boolean valid = signer.verifySignature(signature);
|
||||
long duration = System.currentTimeMillis() - now;
|
||||
if (LOG.isLoggable(INFO))
|
||||
LOG.info("Verifying signature took " + duration + " ms");
|
||||
return valid;
|
||||
}
|
||||
}
|
||||
@@ -1,25 +0,0 @@
|
||||
package org.briarproject.bramble.crypto;
|
||||
|
||||
import org.briarproject.bramble.api.crypto.KeyPair;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
public class EcdsaSignatureTest extends SignatureTest {
|
||||
|
||||
@Override
|
||||
protected KeyPair generateKeyPair() {
|
||||
return crypto.generateSignatureKeyPair();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected byte[] sign(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException {
|
||||
return crypto.sign(label, toSign, privateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean verify(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException {
|
||||
return crypto.verify(label, signedData, publicKey, signature);
|
||||
}
|
||||
}
|
||||
@@ -1,25 +1,169 @@
|
||||
package org.briarproject.bramble.crypto;
|
||||
|
||||
import org.briarproject.bramble.api.crypto.KeyPair;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
import static org.briarproject.bramble.util.StringUtils.fromHexString;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
public class EdSignatureTest extends SignatureTest {
|
||||
|
||||
// Test vectors from RFC 8032: secret key, public key, message, signature
|
||||
// https://tools.ietf.org/html/rfc8032#section-7.1
|
||||
private static final String[][] TEST_VECTORS = {{
|
||||
"9d61b19deffd5a60ba844af492ec2cc4" +
|
||||
"4449c5697b326919703bac031cae7f60",
|
||||
"d75a980182b10ab7d54bfed3c964073a" +
|
||||
"0ee172f3daa62325af021a68f707511a",
|
||||
"",
|
||||
"e5564300c360ac729086e2cc806e828a" +
|
||||
"84877f1eb8e5d974d873e06522490155" +
|
||||
"5fb8821590a33bacc61e39701cf9b46b" +
|
||||
"d25bf5f0595bbe24655141438e7a100b"
|
||||
}, {
|
||||
"4ccd089b28ff96da9db6c346ec114e0f" +
|
||||
"5b8a319f35aba624da8cf6ed4fb8a6fb",
|
||||
"3d4017c3e843895a92b70aa74d1b7ebc" +
|
||||
"9c982ccf2ec4968cc0cd55f12af4660c",
|
||||
"72",
|
||||
"92a009a9f0d4cab8720e820b5f642540" +
|
||||
"a2b27b5416503f8fb3762223ebdb69da" +
|
||||
"085ac1e43e15996e458f3613d0f11d8c" +
|
||||
"387b2eaeb4302aeeb00d291612bb0c00"
|
||||
}, {
|
||||
"c5aa8df43f9f837bedb7442f31dcb7b1" +
|
||||
"66d38535076f094b85ce3a2e0b4458f7",
|
||||
"fc51cd8e6218a1a38da47ed00230f058" +
|
||||
"0816ed13ba3303ac5deb911548908025",
|
||||
"af82",
|
||||
"6291d657deec24024827e69c3abe01a3" +
|
||||
"0ce548a284743a445e3680d7db5ac3ac" +
|
||||
"18ff9b538d16f290ae67f760984dc659" +
|
||||
"4a7c15e9716ed28dc027beceea1ec40a"
|
||||
}, {
|
||||
"f5e5767cf153319517630f226876b86c" +
|
||||
"8160cc583bc013744c6bf255f5cc0ee5",
|
||||
"278117fc144c72340f67d0f2316e8386" +
|
||||
"ceffbf2b2428c9c51fef7c597f1d426e",
|
||||
"08b8b2b733424243760fe426a4b54908" +
|
||||
"632110a66c2f6591eabd3345e3e4eb98" +
|
||||
"fa6e264bf09efe12ee50f8f54e9f77b1" +
|
||||
"e355f6c50544e23fb1433ddf73be84d8" +
|
||||
"79de7c0046dc4996d9e773f4bc9efe57" +
|
||||
"38829adb26c81b37c93a1b270b20329d" +
|
||||
"658675fc6ea534e0810a4432826bf58c" +
|
||||
"941efb65d57a338bbd2e26640f89ffbc" +
|
||||
"1a858efcb8550ee3a5e1998bd177e93a" +
|
||||
"7363c344fe6b199ee5d02e82d522c4fe" +
|
||||
"ba15452f80288a821a579116ec6dad2b" +
|
||||
"3b310da903401aa62100ab5d1a36553e" +
|
||||
"06203b33890cc9b832f79ef80560ccb9" +
|
||||
"a39ce767967ed628c6ad573cb116dbef" +
|
||||
"efd75499da96bd68a8a97b928a8bbc10" +
|
||||
"3b6621fcde2beca1231d206be6cd9ec7" +
|
||||
"aff6f6c94fcd7204ed3455c68c83f4a4" +
|
||||
"1da4af2b74ef5c53f1d8ac70bdcb7ed1" +
|
||||
"85ce81bd84359d44254d95629e9855a9" +
|
||||
"4a7c1958d1f8ada5d0532ed8a5aa3fb2" +
|
||||
"d17ba70eb6248e594e1a2297acbbb39d" +
|
||||
"502f1a8c6eb6f1ce22b3de1a1f40cc24" +
|
||||
"554119a831a9aad6079cad88425de6bd" +
|
||||
"e1a9187ebb6092cf67bf2b13fd65f270" +
|
||||
"88d78b7e883c8759d2c4f5c65adb7553" +
|
||||
"878ad575f9fad878e80a0c9ba63bcbcc" +
|
||||
"2732e69485bbc9c90bfbd62481d9089b" +
|
||||
"eccf80cfe2df16a2cf65bd92dd597b07" +
|
||||
"07e0917af48bbb75fed413d238f5555a" +
|
||||
"7a569d80c3414a8d0859dc65a46128ba" +
|
||||
"b27af87a71314f318c782b23ebfe808b" +
|
||||
"82b0ce26401d2e22f04d83d1255dc51a" +
|
||||
"ddd3b75a2b1ae0784504df543af8969b" +
|
||||
"e3ea7082ff7fc9888c144da2af58429e" +
|
||||
"c96031dbcad3dad9af0dcbaaaf268cb8" +
|
||||
"fcffead94f3c7ca495e056a9b47acdb7" +
|
||||
"51fb73e666c6c655ade8297297d07ad1" +
|
||||
"ba5e43f1bca32301651339e22904cc8c" +
|
||||
"42f58c30c04aafdb038dda0847dd988d" +
|
||||
"cda6f3bfd15c4b4c4525004aa06eeff8" +
|
||||
"ca61783aacec57fb3d1f92b0fe2fd1a8" +
|
||||
"5f6724517b65e614ad6808d6f6ee34df" +
|
||||
"f7310fdc82aebfd904b01e1dc54b2927" +
|
||||
"094b2db68d6f903b68401adebf5a7e08" +
|
||||
"d78ff4ef5d63653a65040cf9bfd4aca7" +
|
||||
"984a74d37145986780fc0b16ac451649" +
|
||||
"de6188a7dbdf191f64b5fc5e2ab47b57" +
|
||||
"f7f7276cd419c17a3ca8e1b939ae49e4" +
|
||||
"88acba6b965610b5480109c8b17b80e1" +
|
||||
"b7b750dfc7598d5d5011fd2dcc5600a3" +
|
||||
"2ef5b52a1ecc820e308aa342721aac09" +
|
||||
"43bf6686b64b2579376504ccc493d97e" +
|
||||
"6aed3fb0f9cd71a43dd497f01f17c0e2" +
|
||||
"cb3797aa2a2f256656168e6c496afc5f" +
|
||||
"b93246f6b1116398a346f1a641f3b041" +
|
||||
"e989f7914f90cc2c7fff357876e506b5" +
|
||||
"0d334ba77c225bc307ba537152f3f161" +
|
||||
"0e4eafe595f6d9d90d11faa933a15ef1" +
|
||||
"369546868a7f3a45a96768d40fd9d034" +
|
||||
"12c091c6315cf4fde7cb68606937380d" +
|
||||
"b2eaaa707b4c4185c32eddcdd306705e" +
|
||||
"4dc1ffc872eeee475a64dfac86aba41c" +
|
||||
"0618983f8741c5ef68d3a101e8a3b8ca" +
|
||||
"c60c905c15fc910840b94c00a0b9d0",
|
||||
"0aab4c900501b3e24d7cdf4663326a3a" +
|
||||
"87df5e4843b2cbdb67cbf6e460fec350" +
|
||||
"aa5371b1508f9f4528ecea23c436d94b" +
|
||||
"5e8fcd4f681e30a6ac00a9704a188a03"
|
||||
}, {
|
||||
"833fe62409237b9d62ec77587520911e" +
|
||||
"9a759cec1d19755b7da901b96dca3d42",
|
||||
"ec172b93ad5e563bf4932c70e1245034" +
|
||||
"c35467ef2efd4d64ebf819683467e2bf",
|
||||
"ddaf35a193617abacc417349ae204131" +
|
||||
"12e6fa4e89a97ea20a9eeee64b55d39a" +
|
||||
"2192992a274fc1a836ba3c23a3feebbd" +
|
||||
"454d4423643ce80e2a9ac94fa54ca49f",
|
||||
"dc2a4459e7369633a52b1bf277839a00" +
|
||||
"201009a3efbf3ecb69bea2186c26b589" +
|
||||
"09351fc9ac90b3ecfdfbc7c66431e030" +
|
||||
"3dca179c138ac17ad9bef1177331a704"
|
||||
}};
|
||||
|
||||
@Override
|
||||
protected KeyPair generateKeyPair() {
|
||||
return crypto.generateEdKeyPair();
|
||||
return crypto.generateSignatureKeyPair();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected byte[] sign(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException {
|
||||
return crypto.signEd(label, toSign, privateKey);
|
||||
return crypto.sign(label, toSign, privateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean verify(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException {
|
||||
return crypto.verifyEd(label, signedData, publicKey, signature);
|
||||
return crypto.verify(label, signedData, publicKey, signature);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRfc8032TestVectors() throws Exception {
|
||||
for (String[] vector : TEST_VECTORS) {
|
||||
byte[] privateKeyBytes = fromHexString(vector[0]);
|
||||
byte[] publicKeyBytes = fromHexString(vector[1]);
|
||||
byte[] messageBytes = fromHexString(vector[2]);
|
||||
byte[] signatureBytes = fromHexString(vector[3]);
|
||||
|
||||
EdSignature signature = new EdSignature();
|
||||
signature.initSign(new EdPrivateKey(privateKeyBytes));
|
||||
signature.update(messageBytes);
|
||||
assertArrayEquals(signatureBytes, signature.sign());
|
||||
|
||||
signature.initVerify(new EdPublicKey(publicKeyBytes));
|
||||
signature.update(messageBytes);
|
||||
assertTrue(signature.verify(signatureBytes));
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -6,13 +6,14 @@ import org.briarproject.bramble.api.crypto.PrivateKey;
|
||||
import org.briarproject.bramble.api.crypto.PublicKey;
|
||||
import org.briarproject.bramble.test.BrambleTestCase;
|
||||
import org.briarproject.bramble.test.TestSecureRandomProvider;
|
||||
import org.briarproject.bramble.test.TestUtils;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_BYTES;
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES;
|
||||
import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
@@ -28,7 +29,7 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
// Check the length of the public key
|
||||
byte[] publicKey = keyPair.getPublic().getEncoded();
|
||||
assertTrue(publicKey.length <= MAX_PUBLIC_KEY_LENGTH);
|
||||
assertTrue(publicKey.length <= MAX_AGREEMENT_PUBLIC_KEY_BYTES);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,7 +46,8 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
aPub = parser.parsePublicKey(aPub.getEncoded());
|
||||
aPub = parser.parsePublicKey(aPub.getEncoded());
|
||||
// Derive the shared secret again - it should be the same
|
||||
byte[] secret1 = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub);
|
||||
byte[] secret1 =
|
||||
crypto.performRawKeyAgreement(bPair.getPrivate(), aPub);
|
||||
assertArrayEquals(secret, secret1);
|
||||
}
|
||||
|
||||
@@ -62,7 +64,8 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
bPriv = parser.parsePrivateKey(bPriv.getEncoded());
|
||||
bPriv = parser.parsePrivateKey(bPriv.getEncoded());
|
||||
// Derive the shared secret again - it should be the same
|
||||
byte[] secret1 = crypto.performRawKeyAgreement(bPriv, aPair.getPublic());
|
||||
byte[] secret1 =
|
||||
crypto.performRawKeyAgreement(bPriv, aPair.getPublic());
|
||||
assertArrayEquals(secret, secret1);
|
||||
}
|
||||
|
||||
@@ -76,12 +79,12 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
// Parse some random byte arrays - expect GeneralSecurityException
|
||||
for (int i = 0; i < 1000; i++) {
|
||||
try {
|
||||
parser.parsePublicKey(TestUtils.getRandomBytes(pubLength));
|
||||
parser.parsePublicKey(getRandomBytes(pubLength));
|
||||
} catch (GeneralSecurityException expected) {
|
||||
// Expected
|
||||
}
|
||||
try {
|
||||
parser.parsePrivateKey(TestUtils.getRandomBytes(privLength));
|
||||
parser.parsePrivateKey(getRandomBytes(privLength));
|
||||
} catch (GeneralSecurityException expected) {
|
||||
// Expected
|
||||
}
|
||||
@@ -95,7 +98,7 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
// Check the length of the public key
|
||||
byte[] publicKey = keyPair.getPublic().getEncoded();
|
||||
assertTrue(publicKey.length <= MAX_PUBLIC_KEY_LENGTH);
|
||||
assertTrue(publicKey.length <= MAX_SIGNATURE_PUBLIC_KEY_BYTES);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -106,44 +109,53 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
byte[] key = keyPair.getPrivate().getEncoded();
|
||||
// Sign some random data and check the length of the signature
|
||||
byte[] toBeSigned = TestUtils.getRandomBytes(1234);
|
||||
byte[] toBeSigned = getRandomBytes(1234);
|
||||
byte[] signature = crypto.sign("label", toBeSigned, key);
|
||||
assertTrue(signature.length <= MAX_SIGNATURE_LENGTH);
|
||||
assertTrue(signature.length <= MAX_SIGNATURE_BYTES);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignaturePublicKeyEncodingAndParsing() throws Exception {
|
||||
KeyParser parser = crypto.getSignatureKeyParser();
|
||||
// Generate two key pairs
|
||||
KeyPair aPair = crypto.generateSignatureKeyPair();
|
||||
KeyPair bPair = crypto.generateSignatureKeyPair();
|
||||
// Derive the shared secret
|
||||
PublicKey aPub = aPair.getPublic();
|
||||
byte[] secret = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub);
|
||||
// Generate a key pair and sign some data
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
PublicKey publicKey = keyPair.getPublic();
|
||||
PrivateKey privateKey = keyPair.getPrivate();
|
||||
byte[] message = getRandomBytes(123);
|
||||
byte[] signature = crypto.sign("test", message,
|
||||
privateKey.getEncoded());
|
||||
// Verify the signature
|
||||
assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
|
||||
signature));
|
||||
// Encode and parse the public key - no exceptions should be thrown
|
||||
aPub = parser.parsePublicKey(aPub.getEncoded());
|
||||
aPub = parser.parsePublicKey(aPub.getEncoded());
|
||||
// Derive the shared secret again - it should be the same
|
||||
byte[] secret1 = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub);
|
||||
assertArrayEquals(secret, secret1);
|
||||
publicKey = parser.parsePublicKey(publicKey.getEncoded());
|
||||
// Verify the signature again
|
||||
assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
|
||||
signature));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignaturePrivateKeyEncodingAndParsing() throws Exception {
|
||||
KeyParser parser = crypto.getSignatureKeyParser();
|
||||
// Generate two key pairs
|
||||
KeyPair aPair = crypto.generateSignatureKeyPair();
|
||||
KeyPair bPair = crypto.generateSignatureKeyPair();
|
||||
// Derive the shared secret
|
||||
PrivateKey bPriv = bPair.getPrivate();
|
||||
byte[] secret = crypto.performRawKeyAgreement(bPriv, aPair.getPublic());
|
||||
// Generate a key pair and sign some data
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
PublicKey publicKey = keyPair.getPublic();
|
||||
PrivateKey privateKey = keyPair.getPrivate();
|
||||
byte[] message = getRandomBytes(123);
|
||||
byte[] signature = crypto.sign("test", message,
|
||||
privateKey.getEncoded());
|
||||
// Verify the signature
|
||||
assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
|
||||
signature));
|
||||
// Encode and parse the private key - no exceptions should be thrown
|
||||
bPriv = parser.parsePrivateKey(bPriv.getEncoded());
|
||||
bPriv = parser.parsePrivateKey(bPriv.getEncoded());
|
||||
// Derive the shared secret again - it should be the same
|
||||
byte[] secret1 = crypto.performRawKeyAgreement(bPriv, aPair.getPublic());
|
||||
assertArrayEquals(secret, secret1);
|
||||
privateKey = parser.parsePrivateKey(privateKey.getEncoded());
|
||||
// Sign the data again - the signatures should be the same
|
||||
byte[] signature1 = crypto.sign("test", message,
|
||||
privateKey.getEncoded());
|
||||
assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
|
||||
signature1));
|
||||
assertArrayEquals(signature, signature1);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -156,12 +168,12 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
// Parse some random byte arrays - expect GeneralSecurityException
|
||||
for (int i = 0; i < 1000; i++) {
|
||||
try {
|
||||
parser.parsePublicKey(TestUtils.getRandomBytes(pubLength));
|
||||
parser.parsePublicKey(getRandomBytes(pubLength));
|
||||
} catch (GeneralSecurityException expected) {
|
||||
// Expected
|
||||
}
|
||||
try {
|
||||
parser.parsePrivateKey(TestUtils.getRandomBytes(privLength));
|
||||
parser.parsePrivateKey(getRandomBytes(privLength));
|
||||
} catch (GeneralSecurityException expected) {
|
||||
// Expected
|
||||
}
|
||||
|
||||
@@ -15,6 +15,7 @@ import org.briarproject.briar.client.BdfQueueMessageValidator;
|
||||
|
||||
import javax.annotation.concurrent.Immutable;
|
||||
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
|
||||
@@ -133,7 +134,7 @@ class IntroductionValidator extends BdfQueueMessageValidator {
|
||||
|
||||
// parse ephemeral public key
|
||||
pubkey = message.getRaw(4);
|
||||
checkLength(pubkey, 1, MAX_PUBLIC_KEY_LENGTH);
|
||||
checkLength(pubkey, 1, MAX_AGREEMENT_PUBLIC_KEY_BYTES);
|
||||
|
||||
// parse transport properties
|
||||
tp = message.getDictionary(5);
|
||||
|
||||
@@ -36,7 +36,7 @@ import org.junit.Test;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
|
||||
import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
|
||||
import static org.briarproject.bramble.test.TestUtils.getAuthor;
|
||||
@@ -215,7 +215,7 @@ public class IntroduceeManagerTest extends BriarTestCase {
|
||||
// turn request message into a response
|
||||
msg.put(ACCEPT, true);
|
||||
msg.put(TIME, time);
|
||||
msg.put(E_PUBLIC_KEY, getRandomBytes(MAX_PUBLIC_KEY_LENGTH));
|
||||
msg.put(E_PUBLIC_KEY, getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES));
|
||||
msg.put(TRANSPORT, new BdfDictionary());
|
||||
|
||||
context.checking(new Expectations() {{
|
||||
@@ -308,7 +308,7 @@ public class IntroduceeManagerTest extends BriarTestCase {
|
||||
|
||||
byte[] publicKeyBytes = introducee2.getAuthor().getPublicKey();
|
||||
BdfDictionary tp = BdfDictionary.of(new BdfEntry("fake", "fake"));
|
||||
byte[] ePublicKeyBytes = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
|
||||
byte[] ePublicKeyBytes = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
|
||||
byte[] mac = getRandomBytes(MAC_LENGTH);
|
||||
SecretKey macKey = getSecretKey();
|
||||
|
||||
|
||||
@@ -730,7 +730,7 @@ public class IntroductionIntegrationTest
|
||||
@Test
|
||||
public void testModifiedEphemeralPublicKey() throws Exception {
|
||||
testModifiedResponse(response -> {
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
KeyPair keyPair = crypto.generateAgreementKeyPair();
|
||||
response.put(E_PUBLIC_KEY, keyPair.getPublic().getEncoded());
|
||||
return true;
|
||||
});
|
||||
|
||||
@@ -20,6 +20,7 @@ import org.briarproject.briar.test.BriarTestCase;
|
||||
import org.jmock.Mockery;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
|
||||
@@ -164,7 +165,7 @@ public class IntroductionValidatorTest extends BriarTestCase {
|
||||
byte[] groupId = getRandomId();
|
||||
byte[] sessionId = getRandomId();
|
||||
long time = clock.currentTimeMillis();
|
||||
byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
|
||||
byte[] publicKey = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
|
||||
String transportId =
|
||||
getRandomString(TransportId.MAX_TRANSPORT_ID_LENGTH);
|
||||
BdfDictionary tProps = BdfDictionary.of(
|
||||
@@ -255,7 +256,7 @@ public class IntroductionValidatorTest extends BriarTestCase {
|
||||
byte[] groupId = getRandomId();
|
||||
byte[] sessionId = getRandomId();
|
||||
long time = clock.currentTimeMillis();
|
||||
byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
|
||||
byte[] publicKey = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
|
||||
String transportId =
|
||||
getRandomString(TransportId.MAX_TRANSPORT_ID_LENGTH);
|
||||
BdfDictionary tProps = BdfDictionary.of(
|
||||
|
||||
Reference in New Issue
Block a user