Use Ed25519 for signatures.

2026-02-12 18:59:06 +01:00 · 2018-02-01 16:56:50 +00:00
parent 7a1247e325
commit 6bf2cb69c5
13 changed files with 104 additions and 271 deletions
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
@@ -22,10 +22,6 @@ public interface CryptoComponent {

 	KeyParser getSignatureKeyParser();

-	KeyPair generateEdKeyPair();
-
-	KeyParser getEdKeyParser();
-
 	KeyParser getMessageKeyParser();

 	/**
@@ -53,7 +49,7 @@ public interface CryptoComponent {
 			throws GeneralSecurityException;

 	/**
-	 * Signs the given byte[] with the given ECDSA private key.
+	 * Signs the given byte[] with the given private key.
 	 *
 	 * @param label a namespaced label indicating the purpose of this
 	 * signature, to prevent it from being repurposed or colliding with a
@@ -62,18 +58,9 @@ public interface CryptoComponent {
 	byte[] sign(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException;

-	/**
-	 * Signs the given byte[] with the given Ed25519 private key.
-	 *
-	 * @param label A label specific to this signature
-	 *              to ensure that the signature cannot be repurposed
-	 */
-	byte[] signEd(String label, byte[] toSign, byte[] privateKey)
-			throws GeneralSecurityException;
-
 	/**
 	 * Verifies that the given signature is valid for the signed data
-	 * and the given ECDSA public key.
+	 * and the given public key.
 	 *
 	 * @param label a namespaced label indicating the purpose of this
 	 * signature, to prevent it from being repurposed or colliding with a
@@ -83,17 +70,6 @@ public interface CryptoComponent {
 	boolean verify(String label, byte[] signedData, byte[] publicKey,
 			byte[] signature) throws GeneralSecurityException;

-	/**
-	 * Verifies that the given signature is valid for the signed data
-	 * and the given Ed25519 public key.
-	 *
-	 * @param label A label that was specific to this signature
-	 *              to ensure that the signature cannot be repurposed
-	 * @return true if the signature was valid, false otherwise.
-	 */
-	boolean verifyEd(String label, byte[] signedData, byte[] publicKey,
-			byte[] signature) throws GeneralSecurityException;
-
 	/**
 	 * Returns the hash of the given inputs. The inputs are unambiguously
 	 * combined by prefixing each input with its length.
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoConstants.java
@@ -0,0 +1,19 @@
+package org.briarproject.bramble.api.crypto;
+
+public interface CryptoConstants {
+
+	/**
+	 * The maximum length of an agreement public key in bytes.
+	 */
+	int MAX_AGREEMENT_PUBLIC_KEY_BYTES = 65;
+
+	/**
+	 * The maximum length of a signature public key in bytes.
+	 */
+	int MAX_SIGNATURE_PUBLIC_KEY_BYTES = 32;
+
+	/**
+	 * The maximum length of a signature in bytes.
+	 */
+	int MAX_SIGNATURE_BYTES = 64;
+}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java
@@ -22,7 +22,7 @@ public class Author {
 	/**
 	 * The current version of the author structure.
 	 */
-	public static final int FORMAT_VERSION = 0;
+	public static final int FORMAT_VERSION = 1;

 	private final AuthorId id;
 	private final int formatVersion;
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorConstants.java
@@ -1,5 +1,8 @@
 package org.briarproject.bramble.api.identity;

+import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_BYTES;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES;
+
 public interface AuthorConstants {

 	/**
@@ -8,26 +11,14 @@ public interface AuthorConstants {
 	int MAX_AUTHOR_NAME_LENGTH = 50;

 	/**
-	 * The maximum length of a public key in bytes.
-	 * <p>
-	 * Public keys use SEC1 format: 0x04 x y, where x and y are unsigned
-	 * big-endian integers.
-	 * <p>
-	 * For a 256-bit elliptic curve, the maximum length is 2 * 256 / 8 + 1.
+	 * The maximum length of a public key in bytes. This applies to the
+	 * signature algorithm used by the current {@link Author format version}.
 	 */
-	int MAX_PUBLIC_KEY_LENGTH = 65;
+	int MAX_PUBLIC_KEY_LENGTH = MAX_SIGNATURE_PUBLIC_KEY_BYTES;

 	/**
-	 * The maximum length of a signature in bytes.
-	 * <p>
-	 * A signature is an ASN.1 DER sequence containing two integers, r and s.
-	 * The format is 0x30 len1 0x02 len2 r 0x02 len3 s, where len1 is
-	 * len(0x02 len2 r 0x02 len3 s) as a DER length, len2 is len(r) as a DER
-	 * length, len3 is len(s) as a DER length, and r and s are signed
-	 * big-endian integers of minimal length.
-	 * <p>
-	 * For a 256-bit elliptic curve, the lengths are one byte each, so the
-	 * maximum length is 2 * 256 / 8 + 8.
+	 * The maximum length of a signature in bytes. This applies to the
+	 * signature algorithm used by the current {@link Author format version}.
 	 */
-	int MAX_SIGNATURE_LENGTH = 72;
+	int MAX_SIGNATURE_LENGTH = MAX_SIGNATURE_BYTES;
 }