mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-13 11:19:04 +01:00
Use Ed25519 for signatures.
This commit is contained in:
akwizgran
@@ -46,7 +46,6 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
|
||||
private static final int AGREEMENT_KEY_PAIR_BITS = 256;
|
||||
private static final int SIGNATURE_KEY_PAIR_BITS = 256;
|
||||
private static final int ED_KEY_PAIR_BITS = 256;
|
||||
private static final int STORAGE_IV_BYTES = 24; // 196 bits
|
||||
private static final int PBKDF_SALT_BYTES = 32; // 256 bits
|
||||
private static final int PBKDF_FORMAT_SCRYPT = 0;
|
||||
@@ -54,11 +53,9 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
private final SecureRandom secureRandom;
|
||||
private final PasswordBasedKdf passwordBasedKdf;
|
||||
private final ECKeyPairGenerator agreementKeyPairGenerator;
|
||||
private final ECKeyPairGenerator signatureKeyPairGenerator;
|
||||
private final KeyPairGenerator signatureKeyPairGenerator;
|
||||
private final KeyParser agreementKeyParser, signatureKeyParser;
|
||||
private final MessageEncrypter messageEncrypter;
|
||||
private final KeyPairGenerator edKeyPairGenerator;
|
||||
private final KeyParser edKeyParser;
|
||||
|
||||
@Inject
|
||||
CryptoComponentImpl(SecureRandomProvider secureRandomProvider,
|
||||
@@ -87,16 +84,13 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
PARAMETERS, secureRandom);
|
||||
agreementKeyPairGenerator = new ECKeyPairGenerator();
|
||||
agreementKeyPairGenerator.init(params);
|
||||
signatureKeyPairGenerator = new ECKeyPairGenerator();
|
||||
signatureKeyPairGenerator.init(params);
|
||||
signatureKeyPairGenerator = new KeyPairGenerator();
|
||||
signatureKeyPairGenerator.initialize(SIGNATURE_KEY_PAIR_BITS,
|
||||
secureRandom);
|
||||
agreementKeyParser = new Sec1KeyParser(PARAMETERS,
|
||||
AGREEMENT_KEY_PAIR_BITS);
|
||||
signatureKeyParser = new Sec1KeyParser(PARAMETERS,
|
||||
SIGNATURE_KEY_PAIR_BITS);
|
||||
signatureKeyParser = new EdKeyParser();
|
||||
messageEncrypter = new MessageEncrypter(secureRandom);
|
||||
edKeyPairGenerator = new KeyPairGenerator();
|
||||
edKeyPairGenerator.initialize(ED_KEY_PAIR_BITS, secureRandom);
|
||||
edKeyParser = new EdKeyParser();
|
||||
}
|
||||
|
||||
// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
|
||||
@@ -155,21 +149,6 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
return secret;
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeyPair generateEdKeyPair() {
|
||||
java.security.KeyPair keyPair = edKeyPairGenerator.generateKeyPair();
|
||||
EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic();
|
||||
PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte());
|
||||
EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate();
|
||||
PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed());
|
||||
return new KeyPair(publicKey, privateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeyParser getEdKeyParser() {
|
||||
return edKeyParser;
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeyPair generateAgreementKeyPair() {
|
||||
AsymmetricCipherKeyPair keyPair =
|
||||
@@ -193,17 +172,11 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
|
||||
@Override
|
||||
public KeyPair generateSignatureKeyPair() {
|
||||
AsymmetricCipherKeyPair keyPair =
|
||||
signatureKeyPairGenerator.generateKeyPair();
|
||||
// Return a wrapper that uses the SEC 1 encoding
|
||||
ECPublicKeyParameters ecPublicKey =
|
||||
(ECPublicKeyParameters) keyPair.getPublic();
|
||||
PublicKey publicKey = new Sec1PublicKey(ecPublicKey
|
||||
);
|
||||
ECPrivateKeyParameters ecPrivateKey =
|
||||
(ECPrivateKeyParameters) keyPair.getPrivate();
|
||||
PrivateKey privateKey = new Sec1PrivateKey(ecPrivateKey,
|
||||
SIGNATURE_KEY_PAIR_BITS);
|
||||
java.security.KeyPair keyPair = signatureKeyPairGenerator.generateKeyPair();
|
||||
EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic();
|
||||
PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte());
|
||||
EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate();
|
||||
PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed());
|
||||
return new KeyPair(publicKey, privateKey);
|
||||
}
|
||||
|
||||
@@ -240,19 +213,8 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
@Override
|
||||
public byte[] sign(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException {
|
||||
return sign(new SignatureImpl(secureRandom), signatureKeyParser, label,
|
||||
toSign, privateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] signEd(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException {
|
||||
return sign(new EdSignature(), edKeyParser, label, toSign, privateKey);
|
||||
}
|
||||
|
||||
private byte[] sign(Signature sig, KeyParser keyParser, String label,
|
||||
byte[] toSign, byte[] privateKey) throws GeneralSecurityException {
|
||||
PrivateKey key = keyParser.parsePrivateKey(privateKey);
|
||||
PrivateKey key = signatureKeyParser.parsePrivateKey(privateKey);
|
||||
Signature sig = new EdSignature();
|
||||
sig.initSign(key);
|
||||
updateSignature(sig, label, toSign);
|
||||
return sig.sign();
|
||||
@@ -261,21 +223,8 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
@Override
|
||||
public boolean verify(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException {
|
||||
return verify(new SignatureImpl(secureRandom), signatureKeyParser,
|
||||
label, signedData, publicKey, signature);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean verifyEd(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException {
|
||||
return verify(new EdSignature(), edKeyParser, label, signedData,
|
||||
publicKey, signature);
|
||||
}
|
||||
|
||||
private boolean verify(Signature sig, KeyParser keyParser, String label,
|
||||
byte[] signedData, byte[] publicKey, byte[] signature)
|
||||
throws GeneralSecurityException {
|
||||
PublicKey key = keyParser.parsePublicKey(publicKey);
|
||||
PublicKey key = signatureKeyParser.parsePublicKey(publicKey);
|
||||
Signature sig = new EdSignature();
|
||||
sig.initVerify(key);
|
||||
updateSignature(sig, label, signedData);
|
||||
return sig.verify(signature);
|
||||
|
||||
@@ -1,91 +0,0 @@
|
||||
package org.briarproject.bramble.crypto;
|
||||
|
||||
import org.briarproject.bramble.api.crypto.PrivateKey;
|
||||
import org.briarproject.bramble.api.crypto.PublicKey;
|
||||
import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
|
||||
import org.spongycastle.crypto.Digest;
|
||||
import org.spongycastle.crypto.digests.Blake2bDigest;
|
||||
import org.spongycastle.crypto.params.ECPrivateKeyParameters;
|
||||
import org.spongycastle.crypto.params.ECPublicKeyParameters;
|
||||
import org.spongycastle.crypto.params.ParametersWithRandom;
|
||||
import org.spongycastle.crypto.signers.DSADigestSigner;
|
||||
import org.spongycastle.crypto.signers.DSAKCalculator;
|
||||
import org.spongycastle.crypto.signers.ECDSASigner;
|
||||
import org.spongycastle.crypto.signers.HMacDSAKCalculator;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
import javax.annotation.concurrent.NotThreadSafe;
|
||||
|
||||
import static java.util.logging.Level.INFO;
|
||||
|
||||
@NotThreadSafe
|
||||
@NotNullByDefault
|
||||
class SignatureImpl implements Signature {
|
||||
|
||||
private static final Logger LOG =
|
||||
Logger.getLogger(SignatureImpl.class.getName());
|
||||
|
||||
private final SecureRandom secureRandom;
|
||||
private final DSADigestSigner signer;
|
||||
|
||||
SignatureImpl(SecureRandom secureRandom) {
|
||||
this.secureRandom = secureRandom;
|
||||
Digest digest = new Blake2bDigest(256);
|
||||
DSAKCalculator calculator = new HMacDSAKCalculator(digest);
|
||||
signer = new DSADigestSigner(new ECDSASigner(calculator), digest);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initSign(PrivateKey k) throws GeneralSecurityException {
|
||||
if (!(k instanceof Sec1PrivateKey))
|
||||
throw new IllegalArgumentException();
|
||||
ECPrivateKeyParameters priv = ((Sec1PrivateKey) k).getKey();
|
||||
signer.init(true, new ParametersWithRandom(priv, secureRandom));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initVerify(PublicKey k) throws GeneralSecurityException {
|
||||
if (!(k instanceof Sec1PublicKey))
|
||||
throw new IllegalArgumentException();
|
||||
ECPublicKeyParameters pub = ((Sec1PublicKey) k).getKey();
|
||||
signer.init(false, pub);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update(byte b) {
|
||||
signer.update(b);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update(byte[] b) {
|
||||
update(b, 0, b.length);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update(byte[] b, int off, int len) {
|
||||
signer.update(b, off, len);
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] sign() {
|
||||
long now = System.currentTimeMillis();
|
||||
byte[] signature = signer.generateSignature();
|
||||
long duration = System.currentTimeMillis() - now;
|
||||
if (LOG.isLoggable(INFO))
|
||||
LOG.info("Generating signature took " + duration + " ms");
|
||||
return signature;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean verify(byte[] signature) {
|
||||
long now = System.currentTimeMillis();
|
||||
boolean valid = signer.verifySignature(signature);
|
||||
long duration = System.currentTimeMillis() - now;
|
||||
if (LOG.isLoggable(INFO))
|
||||
LOG.info("Verifying signature took " + duration + " ms");
|
||||
return valid;
|
||||
}
|
||||
}
|
||||
@@ -1,25 +0,0 @@
|
||||
package org.briarproject.bramble.crypto;
|
||||
|
||||
import org.briarproject.bramble.api.crypto.KeyPair;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
public class EcdsaSignatureTest extends SignatureTest {
|
||||
|
||||
@Override
|
||||
protected KeyPair generateKeyPair() {
|
||||
return crypto.generateSignatureKeyPair();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected byte[] sign(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException {
|
||||
return crypto.sign(label, toSign, privateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean verify(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException {
|
||||
return crypto.verify(label, signedData, publicKey, signature);
|
||||
}
|
||||
}
|
||||
@@ -133,19 +133,19 @@ public class EdSignatureTest extends SignatureTest {
|
||||
|
||||
@Override
|
||||
protected KeyPair generateKeyPair() {
|
||||
return crypto.generateEdKeyPair();
|
||||
return crypto.generateSignatureKeyPair();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected byte[] sign(String label, byte[] toSign, byte[] privateKey)
|
||||
throws GeneralSecurityException {
|
||||
return crypto.signEd(label, toSign, privateKey);
|
||||
return crypto.sign(label, toSign, privateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean verify(String label, byte[] signedData, byte[] publicKey,
|
||||
byte[] signature) throws GeneralSecurityException {
|
||||
return crypto.verifyEd(label, signedData, publicKey, signature);
|
||||
return crypto.verify(label, signedData, publicKey, signature);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -6,13 +6,14 @@ import org.briarproject.bramble.api.crypto.PrivateKey;
|
||||
import org.briarproject.bramble.api.crypto.PublicKey;
|
||||
import org.briarproject.bramble.test.BrambleTestCase;
|
||||
import org.briarproject.bramble.test.TestSecureRandomProvider;
|
||||
import org.briarproject.bramble.test.TestUtils;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
|
||||
import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_BYTES;
|
||||
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES;
|
||||
import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
@@ -28,7 +29,7 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
// Check the length of the public key
|
||||
byte[] publicKey = keyPair.getPublic().getEncoded();
|
||||
assertTrue(publicKey.length <= MAX_PUBLIC_KEY_LENGTH);
|
||||
assertTrue(publicKey.length <= MAX_AGREEMENT_PUBLIC_KEY_BYTES);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,7 +46,8 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
aPub = parser.parsePublicKey(aPub.getEncoded());
|
||||
aPub = parser.parsePublicKey(aPub.getEncoded());
|
||||
// Derive the shared secret again - it should be the same
|
||||
byte[] secret1 = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub);
|
||||
byte[] secret1 =
|
||||
crypto.performRawKeyAgreement(bPair.getPrivate(), aPub);
|
||||
assertArrayEquals(secret, secret1);
|
||||
}
|
||||
|
||||
@@ -62,7 +64,8 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
bPriv = parser.parsePrivateKey(bPriv.getEncoded());
|
||||
bPriv = parser.parsePrivateKey(bPriv.getEncoded());
|
||||
// Derive the shared secret again - it should be the same
|
||||
byte[] secret1 = crypto.performRawKeyAgreement(bPriv, aPair.getPublic());
|
||||
byte[] secret1 =
|
||||
crypto.performRawKeyAgreement(bPriv, aPair.getPublic());
|
||||
assertArrayEquals(secret, secret1);
|
||||
}
|
||||
|
||||
@@ -76,12 +79,12 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
// Parse some random byte arrays - expect GeneralSecurityException
|
||||
for (int i = 0; i < 1000; i++) {
|
||||
try {
|
||||
parser.parsePublicKey(TestUtils.getRandomBytes(pubLength));
|
||||
parser.parsePublicKey(getRandomBytes(pubLength));
|
||||
} catch (GeneralSecurityException expected) {
|
||||
// Expected
|
||||
}
|
||||
try {
|
||||
parser.parsePrivateKey(TestUtils.getRandomBytes(privLength));
|
||||
parser.parsePrivateKey(getRandomBytes(privLength));
|
||||
} catch (GeneralSecurityException expected) {
|
||||
// Expected
|
||||
}
|
||||
@@ -95,7 +98,7 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
// Check the length of the public key
|
||||
byte[] publicKey = keyPair.getPublic().getEncoded();
|
||||
assertTrue(publicKey.length <= MAX_PUBLIC_KEY_LENGTH);
|
||||
assertTrue(publicKey.length <= MAX_SIGNATURE_PUBLIC_KEY_BYTES);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -106,44 +109,53 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
byte[] key = keyPair.getPrivate().getEncoded();
|
||||
// Sign some random data and check the length of the signature
|
||||
byte[] toBeSigned = TestUtils.getRandomBytes(1234);
|
||||
byte[] toBeSigned = getRandomBytes(1234);
|
||||
byte[] signature = crypto.sign("label", toBeSigned, key);
|
||||
assertTrue(signature.length <= MAX_SIGNATURE_LENGTH);
|
||||
assertTrue(signature.length <= MAX_SIGNATURE_BYTES);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignaturePublicKeyEncodingAndParsing() throws Exception {
|
||||
KeyParser parser = crypto.getSignatureKeyParser();
|
||||
// Generate two key pairs
|
||||
KeyPair aPair = crypto.generateSignatureKeyPair();
|
||||
KeyPair bPair = crypto.generateSignatureKeyPair();
|
||||
// Derive the shared secret
|
||||
PublicKey aPub = aPair.getPublic();
|
||||
byte[] secret = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub);
|
||||
// Generate a key pair and sign some data
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
PublicKey publicKey = keyPair.getPublic();
|
||||
PrivateKey privateKey = keyPair.getPrivate();
|
||||
byte[] message = getRandomBytes(123);
|
||||
byte[] signature = crypto.sign("test", message,
|
||||
privateKey.getEncoded());
|
||||
// Verify the signature
|
||||
assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
|
||||
signature));
|
||||
// Encode and parse the public key - no exceptions should be thrown
|
||||
aPub = parser.parsePublicKey(aPub.getEncoded());
|
||||
aPub = parser.parsePublicKey(aPub.getEncoded());
|
||||
// Derive the shared secret again - it should be the same
|
||||
byte[] secret1 = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub);
|
||||
assertArrayEquals(secret, secret1);
|
||||
publicKey = parser.parsePublicKey(publicKey.getEncoded());
|
||||
// Verify the signature again
|
||||
assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
|
||||
signature));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignaturePrivateKeyEncodingAndParsing() throws Exception {
|
||||
KeyParser parser = crypto.getSignatureKeyParser();
|
||||
// Generate two key pairs
|
||||
KeyPair aPair = crypto.generateSignatureKeyPair();
|
||||
KeyPair bPair = crypto.generateSignatureKeyPair();
|
||||
// Derive the shared secret
|
||||
PrivateKey bPriv = bPair.getPrivate();
|
||||
byte[] secret = crypto.performRawKeyAgreement(bPriv, aPair.getPublic());
|
||||
// Generate a key pair and sign some data
|
||||
KeyPair keyPair = crypto.generateSignatureKeyPair();
|
||||
PublicKey publicKey = keyPair.getPublic();
|
||||
PrivateKey privateKey = keyPair.getPrivate();
|
||||
byte[] message = getRandomBytes(123);
|
||||
byte[] signature = crypto.sign("test", message,
|
||||
privateKey.getEncoded());
|
||||
// Verify the signature
|
||||
assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
|
||||
signature));
|
||||
// Encode and parse the private key - no exceptions should be thrown
|
||||
bPriv = parser.parsePrivateKey(bPriv.getEncoded());
|
||||
bPriv = parser.parsePrivateKey(bPriv.getEncoded());
|
||||
// Derive the shared secret again - it should be the same
|
||||
byte[] secret1 = crypto.performRawKeyAgreement(bPriv, aPair.getPublic());
|
||||
assertArrayEquals(secret, secret1);
|
||||
privateKey = parser.parsePrivateKey(privateKey.getEncoded());
|
||||
// Sign the data again - the signatures should be the same
|
||||
byte[] signature1 = crypto.sign("test", message,
|
||||
privateKey.getEncoded());
|
||||
assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
|
||||
signature1));
|
||||
assertArrayEquals(signature, signature1);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -156,12 +168,12 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
|
||||
// Parse some random byte arrays - expect GeneralSecurityException
|
||||
for (int i = 0; i < 1000; i++) {
|
||||
try {
|
||||
parser.parsePublicKey(TestUtils.getRandomBytes(pubLength));
|
||||
parser.parsePublicKey(getRandomBytes(pubLength));
|
||||
} catch (GeneralSecurityException expected) {
|
||||
// Expected
|
||||
}
|
||||
try {
|
||||
parser.parsePrivateKey(TestUtils.getRandomBytes(privLength));
|
||||
parser.parsePrivateKey(getRandomBytes(privLength));
|
||||
} catch (GeneralSecurityException expected) {
|
||||
// Expected
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user