@Override protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { reset(); if (privateKey instanceof EdDSAPrivateKey) { EdDSAPrivateKey privKey = (EdDSAPrivateKey) privateKey; key = privKey; if (digest == null) { // Instantiate the digest from the key parameters try { digest = MessageDigest.getInstance(key.getParams().getHashAlgorithm()); } catch (NoSuchAlgorithmException e) { throw new InvalidKeyException("cannot get required digest " + key.getParams().getHashAlgorithm() + " for private key."); } } else if (!key.getParams().getHashAlgorithm().equals(digest.getAlgorithm())) throw new InvalidKeyException("Key hash algorithm does not match chosen digest"); digestInitSign(privKey); } else { throw new InvalidKeyException("cannot identify EdDSA private key: " + privateKey.getClass()); } }
@Override protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { reset(); if (publicKey instanceof EdDSAPublicKey) { key = (EdDSAPublicKey) publicKey; if (digest == null) { // Instantiate the digest from the key parameters try { digest = MessageDigest.getInstance(key.getParams().getHashAlgorithm()); } catch (NoSuchAlgorithmException e) { throw new InvalidKeyException("cannot get required digest " + key.getParams().getHashAlgorithm() + " for private key."); } } else if (!key.getParams().getHashAlgorithm().equals(digest.getAlgorithm())) throw new InvalidKeyException("Key hash algorithm does not match chosen digest"); } else if (publicKey.getClass().getName().equals("sun.security.x509.X509Key")) { // X509Certificate will sometimes contain an X509Key rather than the EdDSAPublicKey itself; the contained // key is valid but needs to be instanced as an EdDSAPublicKey before it can be used. EdDSAPublicKey parsedPublicKey; try { parsedPublicKey = new EdDSAPublicKey(new X509EncodedKeySpec(publicKey.getEncoded())); } catch (InvalidKeySpecException ex) { throw new InvalidKeyException("cannot handle X.509 EdDSA public key: " + publicKey.getAlgorithm()); } engineInitVerify(parsedPublicKey); } else { throw new InvalidKeyException("cannot identify EdDSA public key: " + publicKey.getClass()); } }
/** * @since 0.9.25 */ @Override public boolean equals(Object o) { if (o == this) return true; if (!(o instanceof EdDSAParameterSpec)) return false; EdDSAParameterSpec s = (EdDSAParameterSpec) o; return hashAlgo.equals(s.getHashAlgorithm()) && curve.equals(s.getCurve()) && B.equals(s.getB()); } }
/** * @param seed the private key * @param spec the parameter specification for this key * @throws IllegalArgumentException if seed length is wrong or hash algorithm is unsupported */ public EdDSAPrivateKeySpec(byte[] seed, EdDSAParameterSpec spec) { int bd8 = spec.getCurve().getField().getb() / 8; if (seed.length != bd8) throw new IllegalArgumentException("seed length is wrong"); this.spec = spec; this.seed = seed; try { MessageDigest hash = MessageDigest.getInstance(spec.getHashAlgorithm()); // H(k) h = hash.digest(seed); /*a = BigInteger.valueOf(2).pow(b-2); for (int i=3;i<(b-2);i++) { a = a.add(BigInteger.valueOf(2).pow(i).multiply(BigInteger.valueOf(Utils.bit(h,i)))); }*/ // Saves ~0.4ms per key when running signing tests. // TODO: are these bitflips the same for any hash function? h[0] &= 248; h[bd8 - 1] &= 63; h[bd8 - 1] |= 64; a = Arrays.copyOfRange(h, 0, bd8); A = spec.getB().scalarMultiply(a); } catch (NoSuchAlgorithmException e) { throw new IllegalArgumentException("Unsupported hash algorithm"); } }
@Test public void testSignResetsForReuse() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(TEST_SEED, spec); PrivateKey sKey = new EdDSAPrivateKey(privKey); sgr.initSign(sKey); // First usage sgr.update(new byte[] {0}); sgr.sign(); // Second usage sgr.update(TEST_MSG); assertThat("Second sign failed", sgr.sign(), is(equalTo(TEST_MSG_SIG))); }
@Test public void testVerifyResetsForReuse() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); PublicKey vKey = new EdDSAPublicKey(pubKey); sgr.initVerify(vKey); // First usage sgr.update(new byte[] {0}); sgr.verify(TEST_MSG_SIG); // Second usage sgr.update(TEST_MSG); assertThat("Second verify failed", sgr.verify(TEST_MSG_SIG), is(true)); }
@Test public void testSignOneShotMode() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(TEST_SEED, spec); PrivateKey sKey = new EdDSAPrivateKey(privKey); sgr.initSign(sKey); sgr.setParameter(EdDSAEngine.ONE_SHOT_MODE); sgr.update(TEST_MSG); assertThat("One-shot mode sign failed", sgr.sign(), is(equalTo(TEST_MSG_SIG))); }
@Test public void testSign() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); //Signature sgr = Signature.getInstance("EdDSA", "I2P"); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); for (Ed25519TestVectors.TestTuple testCase : Ed25519TestVectors.testCases) { EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(testCase.seed, spec); PrivateKey sKey = new EdDSAPrivateKey(privKey); sgr.initSign(sKey); sgr.update(testCase.message); assertThat("Test case " + testCase.caseNum + " failed", sgr.sign(), is(equalTo(testCase.sig))); } }
@Test public void testVerify() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); //Signature sgr = Signature.getInstance("EdDSA", "I2P"); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); for (Ed25519TestVectors.TestTuple testCase : Ed25519TestVectors.testCases) { EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(testCase.pk, spec); PublicKey vKey = new EdDSAPublicKey(pubKey); sgr.initVerify(vKey); sgr.update(testCase.message); assertThat("Test case " + testCase.caseNum + " failed", sgr.verify(testCase.sig), is(true)); } }
@Test public void testVerifyOneShotMode() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); PublicKey vKey = new EdDSAPublicKey(pubKey); sgr.initVerify(vKey); sgr.setParameter(EdDSAEngine.ONE_SHOT_MODE); sgr.update(TEST_MSG); assertThat("One-shot mode verify failed", sgr.verify(TEST_MSG_SIG), is(true)); }
@Test public void testVerifyOneShotModeMultipleUpdates() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); PublicKey vKey = new EdDSAPublicKey(pubKey); sgr.initVerify(vKey); sgr.setParameter(EdDSAEngine.ONE_SHOT_MODE); sgr.update(TEST_MSG); exception.expect(SignatureException.class); exception.expectMessage("update() already called"); sgr.update(TEST_MSG); }
@Test public void testSignOneShotModeMultipleUpdates() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(TEST_SEED, spec); PrivateKey sKey = new EdDSAPrivateKey(privKey); sgr.initSign(sKey); sgr.setParameter(EdDSAEngine.ONE_SHOT_MODE); sgr.update(TEST_MSG); exception.expect(SignatureException.class); exception.expectMessage("update() already called"); sgr.update(TEST_MSG); }
/** * Checks that a wrong-length signature throws an IAE. */ @Test public void testVerifyWrongSigLength() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); //Signature sgr = Signature.getInstance("EdDSA", "I2P"); Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); PublicKey vKey = new EdDSAPublicKey(pubKey); sgr.initVerify(vKey); sgr.update(TEST_MSG); exception.expect(SignatureException.class); exception.expectMessage("signature length is wrong"); sgr.verify(new byte[] {0}); }
@Test public void testSignOneShot() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(TEST_SEED, spec); EdDSAEngine sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); PrivateKey sKey = new EdDSAPrivateKey(privKey); sgr.initSign(sKey); assertThat("signOneShot() failed", sgr.signOneShot(TEST_MSG), is(equalTo(TEST_MSG_SIG))); }
@Test public void testVerifyOneShot() throws Exception { EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519); EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); EdDSAEngine sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); PublicKey vKey = new EdDSAPublicKey(pubKey); sgr.initVerify(vKey); assertThat("verifyOneShot() failed", sgr.verifyOneShot(TEST_MSG, TEST_MSG_SIG), is(true)); } }
public static boolean compareEDDSAKeyParams(EdDSAParameterSpec s1, EdDSAParameterSpec s2) { if (Objects.equals(s1, s2)) { return true; } else if (s1 == null || s2 == null) { return false; // both null is covered by Objects#equals } else { return Objects.equals(s1.getHashAlgorithm(), s2.getHashAlgorithm()) && Objects.equals(s1.getCurve(), s2.getCurve()) && Objects.equals(s1.getB(), s2.getB()); } }
public static boolean compareEDDSAKeyParams(EdDSAParameterSpec s1, EdDSAParameterSpec s2) { if (Objects.equals(s1, s2)) { return true; } else if (s1 == null || s2 == null) { return false; // both null is covered by Objects#equals } else { return Objects.equals(s1.getHashAlgorithm(), s2.getHashAlgorithm()) && Objects.equals(s1.getCurve(), s2.getCurve()) && Objects.equals(s1.getB(), s2.getB()); } }
@Override public boolean equals(Object o) { if (o == this) return true; if (!(o instanceof EdDSAParameterSpec)) return false; EdDSAParameterSpec s = (EdDSAParameterSpec) o; return hashAlgo.equals(s.getHashAlgorithm()) && curve.equals(s.getCurve()) && B.equals(s.getB()); } }
@Override protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { reset(); if (privateKey instanceof EdDSAPrivateKey) { EdDSAPrivateKey privKey = (EdDSAPrivateKey) privateKey; key = privKey; if (digest == null) { // Instantiate the digest from the key parameters try { digest = MessageDigest.getInstance(key.getParams().getHashAlgorithm()); } catch (NoSuchAlgorithmException e) { throw new InvalidKeyException("cannot get required digest " + key.getParams().getHashAlgorithm() + " for private key."); } } else if (!key.getParams().getHashAlgorithm().equals(digest.getAlgorithm())) throw new InvalidKeyException("Key hash algorithm does not match chosen digest"); digestInitSign(privKey); } else { throw new InvalidKeyException("cannot identify EdDSA private key: " + privateKey.getClass()); } }
@Override protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { reset(); if (publicKey instanceof EdDSAPublicKey) { key = (EdDSAPublicKey) publicKey; if (digest == null) { // Instantiate the digest from the key parameters try { digest = MessageDigest.getInstance(key.getParams().getHashAlgorithm()); } catch (NoSuchAlgorithmException e) { throw new InvalidKeyException("cannot get required digest " + key.getParams().getHashAlgorithm() + " for private key."); } } else if (!key.getParams().getHashAlgorithm().equals(digest.getAlgorithm())) throw new InvalidKeyException("Key hash algorithm does not match chosen digest"); } else if (publicKey instanceof X509Key) { // X509Certificate will sometimes contain an X509Key rather than the EdDSAPublicKey itself; the contained // key is valid but needs to be instanced as an EdDSAPublicKey before it can be used. EdDSAPublicKey parsedPublicKey; try { parsedPublicKey = new EdDSAPublicKey(new X509EncodedKeySpec(publicKey.getEncoded())); } catch (InvalidKeySpecException ex) { throw new InvalidKeyException("cannot handle X.509 EdDSA public key: " + publicKey.getAlgorithm()); } engineInitVerify(parsedPublicKey); } else { throw new InvalidKeyException("cannot identify EdDSA public key: " + publicKey.getClass()); } }