- crypto + crypto tests

1 files changed, 64 insertions, 1 deletions

diff --git a/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java b/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java
index 21aa647..2d1dbcb 100644
--- a/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java
+++ b/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java
@@ -1,3 +1,22 @@
+/*
+ This file is part of GNUnet.
+  (C) 2012, 2013 Christian Grothoff (and other contributing authors)
+
+  GNUnet is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published
+  by the Free Software Foundation; either version 3, or (at your
+  option) any later version.
+
+  GNUnet is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with GNUnet; see the file COPYING.  If not, write to the
+  Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+  Boston, MA 02111-1307, USA.
+ */
 package org.gnunet.util.crypto;
 
 import org.gnunet.construct.FixedSizeIntegerArray;
@@ -17,7 +36,21 @@ public class EddsaPrivateKey implements Message {
         return sign(getPublicKey(), purpose, m);
     }
 
+
+    /**
+     * Sign the given data with this private key.  Must include a purpose to mitigate
+     * replay / copy and paste attacks.
+     *
+     * @param publicKey public key corresponding to this private key, supplying this parameter
+     *                  leads to better performance as the public key does not have to be derived
+     * @param purpose purpose for the signature
+     * @param m data to sign
+     * @return the signature over both the data and the purpose
+     */
     public EddsaSignature sign(EddsaPublicKey publicKey, int purpose, byte[] m) {
+        if (!publicKey.asPoint().isOnCurve()) {
+            throw new AssertionError();
+        }
         MessageDigest sha512;
         try {
             sha512 = MessageDigest.getInstance("SHA-512");
@@ -40,6 +73,12 @@ public class EddsaPrivateKey implements Message {
 
         BigInteger S = r.add(Ed25519.Hint(buf.array()).multiply(a)).mod(Ed25519.l);
 
+        if (!R.isOnCurve()) {
+            throw new AssertionError();
+        }
+        if (!publicKey.asPoint().isOnCurve()) {
+            throw new AssertionError();
+        }
         return new EddsaSignature(R, S);
     }
 
@@ -55,6 +94,12 @@ public class EddsaPrivateKey implements Message {
     }
 
 
+    /**
+     * Compute the coefficient that is used to derive the public key.
+     * See 'Daniel J. Bernstein et al, High-speed high-security signatures' for details.
+     *
+     * @return the public key coefficient
+     */
     private BigInteger computePublicKeyCoefficient() {
         MessageDigest sha512;
         try {
@@ -71,12 +116,30 @@ public class EddsaPrivateKey implements Message {
         return a;
     }
 
+    /**
+     * Get the public key for this private key.
+     *
+     * @return the public key for this private key
+     */
     public EddsaPublicKey getPublicKey() {
         BigInteger a = computePublicKeyCoefficient();
         Ed25519 A = Ed25519.B.scalarmult(a);
-        return new EddsaPublicKey(A);
+        if (!A.isOnCurve()) {
+            throw new AssertionError();
+        }
+        EddsaPublicKey publicKey = new EddsaPublicKey(A);
+
+        if (!A.equals(publicKey.asPoint())) {
+            throw new AssertionError();
+        }
+        return publicKey;
     }
 
+    /**
+     * Create a random private key.
+     *
+     * @return a random private key
+     */
     public static EddsaPrivateKey createRandom() {
         SecureRandom sr = new SecureRandom();
         EddsaPrivateKey privateKey = new EddsaPrivateKey();