From e1dbf0dae09d3ecddc992a5a7b04a82ca03dcd2a Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 19 Nov 2013 11:15:52 +0000 Subject: - crypto + crypto tests --- .../org/gnunet/util/crypto/EddsaPrivateKey.java | 65 +++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) (limited to 'src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java') diff --git a/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java b/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java index 21aa647..2d1dbcb 100644 --- a/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java +++ b/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java @@ -1,3 +1,22 @@ +/* + This file is part of GNUnet. + (C) 2012, 2013 Christian Grothoff (and other contributing authors) + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + */ package org.gnunet.util.crypto; import org.gnunet.construct.FixedSizeIntegerArray; @@ -17,7 +36,21 @@ public class EddsaPrivateKey implements Message { return sign(getPublicKey(), purpose, m); } + + /** + * Sign the given data with this private key. Must include a purpose to mitigate + * replay / copy and paste attacks. + * + * @param publicKey public key corresponding to this private key, supplying this parameter + * leads to better performance as the public key does not have to be derived + * @param purpose purpose for the signature + * @param m data to sign + * @return the signature over both the data and the purpose + */ public EddsaSignature sign(EddsaPublicKey publicKey, int purpose, byte[] m) { + if (!publicKey.asPoint().isOnCurve()) { + throw new AssertionError(); + } MessageDigest sha512; try { sha512 = MessageDigest.getInstance("SHA-512"); @@ -40,6 +73,12 @@ public class EddsaPrivateKey implements Message { BigInteger S = r.add(Ed25519.Hint(buf.array()).multiply(a)).mod(Ed25519.l); + if (!R.isOnCurve()) { + throw new AssertionError(); + } + if (!publicKey.asPoint().isOnCurve()) { + throw new AssertionError(); + } return new EddsaSignature(R, S); } @@ -55,6 +94,12 @@ public class EddsaPrivateKey implements Message { } + /** + * Compute the coefficient that is used to derive the public key. + * See 'Daniel J. Bernstein et al, High-speed high-security signatures' for details. + * + * @return the public key coefficient + */ private BigInteger computePublicKeyCoefficient() { MessageDigest sha512; try { @@ -71,12 +116,30 @@ public class EddsaPrivateKey implements Message { return a; } + /** + * Get the public key for this private key. + * + * @return the public key for this private key + */ public EddsaPublicKey getPublicKey() { BigInteger a = computePublicKeyCoefficient(); Ed25519 A = Ed25519.B.scalarmult(a); - return new EddsaPublicKey(A); + if (!A.isOnCurve()) { + throw new AssertionError(); + } + EddsaPublicKey publicKey = new EddsaPublicKey(A); + + if (!A.equals(publicKey.asPoint())) { + throw new AssertionError(); + } + return publicKey; } + /** + * Create a random private key. + * + * @return a random private key + */ public static EddsaPrivateKey createRandom() { SecureRandom sr = new SecureRandom(); EddsaPrivateKey privateKey = new EddsaPrivateKey(); -- cgit v1.2.3