diff options
author | Florian Dold <florian.dold@gmail.com> | 2013-11-19 11:15:52 +0000 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2013-11-19 11:15:52 +0000 |
commit | e1dbf0dae09d3ecddc992a5a7b04a82ca03dcd2a (patch) | |
tree | 2447f7f92541c738d13a7659c7ba791146defa27 /src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java | |
parent | 3d17385928f938d170230be1b334ff159355775d (diff) | |
download | gnunet-java-e1dbf0dae09d3ecddc992a5a7b04a82ca03dcd2a.tar.gz gnunet-java-e1dbf0dae09d3ecddc992a5a7b04a82ca03dcd2a.zip |
- crypto + crypto tests
Diffstat (limited to 'src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java')
-rw-r--r-- | src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java | 65 |
1 files changed, 64 insertions, 1 deletions
diff --git a/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java b/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java index 21aa647..2d1dbcb 100644 --- a/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java +++ b/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java | |||
@@ -1,3 +1,22 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2012, 2013 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
1 | package org.gnunet.util.crypto; | 20 | package org.gnunet.util.crypto; |
2 | 21 | ||
3 | import org.gnunet.construct.FixedSizeIntegerArray; | 22 | import org.gnunet.construct.FixedSizeIntegerArray; |
@@ -17,7 +36,21 @@ public class EddsaPrivateKey implements Message { | |||
17 | return sign(getPublicKey(), purpose, m); | 36 | return sign(getPublicKey(), purpose, m); |
18 | } | 37 | } |
19 | 38 | ||
39 | |||
40 | /** | ||
41 | * Sign the given data with this private key. Must include a purpose to mitigate | ||
42 | * replay / copy and paste attacks. | ||
43 | * | ||
44 | * @param publicKey public key corresponding to this private key, supplying this parameter | ||
45 | * leads to better performance as the public key does not have to be derived | ||
46 | * @param purpose purpose for the signature | ||
47 | * @param m data to sign | ||
48 | * @return the signature over both the data and the purpose | ||
49 | */ | ||
20 | public EddsaSignature sign(EddsaPublicKey publicKey, int purpose, byte[] m) { | 50 | public EddsaSignature sign(EddsaPublicKey publicKey, int purpose, byte[] m) { |
51 | if (!publicKey.asPoint().isOnCurve()) { | ||
52 | throw new AssertionError(); | ||
53 | } | ||
21 | MessageDigest sha512; | 54 | MessageDigest sha512; |
22 | try { | 55 | try { |
23 | sha512 = MessageDigest.getInstance("SHA-512"); | 56 | sha512 = MessageDigest.getInstance("SHA-512"); |
@@ -40,6 +73,12 @@ public class EddsaPrivateKey implements Message { | |||
40 | 73 | ||
41 | BigInteger S = r.add(Ed25519.Hint(buf.array()).multiply(a)).mod(Ed25519.l); | 74 | BigInteger S = r.add(Ed25519.Hint(buf.array()).multiply(a)).mod(Ed25519.l); |
42 | 75 | ||
76 | if (!R.isOnCurve()) { | ||
77 | throw new AssertionError(); | ||
78 | } | ||
79 | if (!publicKey.asPoint().isOnCurve()) { | ||
80 | throw new AssertionError(); | ||
81 | } | ||
43 | return new EddsaSignature(R, S); | 82 | return new EddsaSignature(R, S); |
44 | } | 83 | } |
45 | 84 | ||
@@ -55,6 +94,12 @@ public class EddsaPrivateKey implements Message { | |||
55 | } | 94 | } |
56 | 95 | ||
57 | 96 | ||
97 | /** | ||
98 | * Compute the coefficient that is used to derive the public key. | ||
99 | * See 'Daniel J. Bernstein et al, High-speed high-security signatures' for details. | ||
100 | * | ||
101 | * @return the public key coefficient | ||
102 | */ | ||
58 | private BigInteger computePublicKeyCoefficient() { | 103 | private BigInteger computePublicKeyCoefficient() { |
59 | MessageDigest sha512; | 104 | MessageDigest sha512; |
60 | try { | 105 | try { |
@@ -71,12 +116,30 @@ public class EddsaPrivateKey implements Message { | |||
71 | return a; | 116 | return a; |
72 | } | 117 | } |
73 | 118 | ||
119 | /** | ||
120 | * Get the public key for this private key. | ||
121 | * | ||
122 | * @return the public key for this private key | ||
123 | */ | ||
74 | public EddsaPublicKey getPublicKey() { | 124 | public EddsaPublicKey getPublicKey() { |
75 | BigInteger a = computePublicKeyCoefficient(); | 125 | BigInteger a = computePublicKeyCoefficient(); |
76 | Ed25519 A = Ed25519.B.scalarmult(a); | 126 | Ed25519 A = Ed25519.B.scalarmult(a); |
77 | return new EddsaPublicKey(A); | 127 | if (!A.isOnCurve()) { |
128 | throw new AssertionError(); | ||
129 | } | ||
130 | EddsaPublicKey publicKey = new EddsaPublicKey(A); | ||
131 | |||
132 | if (!A.equals(publicKey.asPoint())) { | ||
133 | throw new AssertionError(); | ||
134 | } | ||
135 | return publicKey; | ||
78 | } | 136 | } |
79 | 137 | ||
138 | /** | ||
139 | * Create a random private key. | ||
140 | * | ||
141 | * @return a random private key | ||
142 | */ | ||
80 | public static EddsaPrivateKey createRandom() { | 143 | public static EddsaPrivateKey createRandom() { |
81 | SecureRandom sr = new SecureRandom(); | 144 | SecureRandom sr = new SecureRandom(); |
82 | EddsaPrivateKey privateKey = new EddsaPrivateKey(); | 145 | EddsaPrivateKey privateKey = new EddsaPrivateKey(); |