diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java index f4f065c97393dea173a93d788b9f757700405fcb..19a542f8af87478e94347595139f954a8cbbe8a3 100644 --- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java +++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java @@ -22,10 +22,6 @@ public interface CryptoComponent { KeyParser getSignatureKeyParser(); - KeyPair generateEdKeyPair(); - - KeyParser getEdKeyParser(); - KeyParser getMessageKeyParser(); /** @@ -53,7 +49,7 @@ public interface CryptoComponent { throws GeneralSecurityException; /** - * Signs the given byte[] with the given ECDSA private key. + * Signs the given byte[] with the given private key. * * @param label a namespaced label indicating the purpose of this * signature, to prevent it from being repurposed or colliding with a @@ -62,18 +58,9 @@ public interface CryptoComponent { byte[] sign(String label, byte[] toSign, byte[] privateKey) throws GeneralSecurityException; - /** - * Signs the given byte[] with the given Ed25519 private key. - * - * @param label A label specific to this signature - * to ensure that the signature cannot be repurposed - */ - byte[] signEd(String label, byte[] toSign, byte[] privateKey) - throws GeneralSecurityException; - /** * Verifies that the given signature is valid for the signed data - * and the given ECDSA public key. + * and the given public key. * * @param label a namespaced label indicating the purpose of this * signature, to prevent it from being repurposed or colliding with a @@ -83,17 +70,6 @@ public interface CryptoComponent { boolean verify(String label, byte[] signedData, byte[] publicKey, byte[] signature) throws GeneralSecurityException; - /** - * Verifies that the given signature is valid for the signed data - * and the given Ed25519 public key. - * - * @param label A label that was specific to this signature - * to ensure that the signature cannot be repurposed - * @return true if the signature was valid, false otherwise. - */ - boolean verifyEd(String label, byte[] signedData, byte[] publicKey, - byte[] signature) throws GeneralSecurityException; - /** * Returns the hash of the given inputs. The inputs are unambiguously * combined by prefixing each input with its length. diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoConstants.java b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoConstants.java new file mode 100644 index 0000000000000000000000000000000000000000..d221c85c5faabdd9232a92643ee75d1d24194514 --- /dev/null +++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoConstants.java @@ -0,0 +1,19 @@ +package org.briarproject.bramble.api.crypto; + +public interface CryptoConstants { + + /** + * The maximum length of an agreement public key in bytes. + */ + int MAX_AGREEMENT_PUBLIC_KEY_BYTES = 65; + + /** + * The maximum length of a signature public key in bytes. + */ + int MAX_SIGNATURE_PUBLIC_KEY_BYTES = 32; + + /** + * The maximum length of a signature in bytes. + */ + int MAX_SIGNATURE_BYTES = 64; +} diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java index 830a32643f2ca4b933e99f9a6239ca40292a8ef0..8a3682e6c5c37deb40b66f7e7b3d4a2351db04a0 100644 --- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java +++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java @@ -22,7 +22,7 @@ public class Author { /** * The current version of the author structure. */ - public static final int FORMAT_VERSION = 0; + public static final int FORMAT_VERSION = 1; private final AuthorId id; private final int formatVersion; diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorConstants.java b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorConstants.java index 0699f972dc894120d9ea3a088ab83b7463c222f9..6d2ad47ebd670ec9abc618fd6a8ca4c41989d2bf 100644 --- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorConstants.java +++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorConstants.java @@ -1,5 +1,8 @@ package org.briarproject.bramble.api.identity; +import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_BYTES; +import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES; + public interface AuthorConstants { /** @@ -8,26 +11,14 @@ public interface AuthorConstants { int MAX_AUTHOR_NAME_LENGTH = 50; /** - * The maximum length of a public key in bytes. - * <p> - * Public keys use SEC1 format: 0x04 x y, where x and y are unsigned - * big-endian integers. - * <p> - * For a 256-bit elliptic curve, the maximum length is 2 * 256 / 8 + 1. + * The maximum length of a public key in bytes. This applies to the + * signature algorithm used by the current {@link Author format version}. */ - int MAX_PUBLIC_KEY_LENGTH = 65; + int MAX_PUBLIC_KEY_LENGTH = MAX_SIGNATURE_PUBLIC_KEY_BYTES; /** - * The maximum length of a signature in bytes. - * <p> - * A signature is an ASN.1 DER sequence containing two integers, r and s. - * The format is 0x30 len1 0x02 len2 r 0x02 len3 s, where len1 is - * len(0x02 len2 r 0x02 len3 s) as a DER length, len2 is len(r) as a DER - * length, len3 is len(s) as a DER length, and r and s are signed - * big-endian integers of minimal length. - * <p> - * For a 256-bit elliptic curve, the lengths are one byte each, so the - * maximum length is 2 * 256 / 8 + 8. + * The maximum length of a signature in bytes. This applies to the + * signature algorithm used by the current {@link Author format version}. */ - int MAX_SIGNATURE_LENGTH = 72; + int MAX_SIGNATURE_LENGTH = MAX_SIGNATURE_BYTES; } diff --git a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java index 44e7f353c72a80a5ae4cb123573753e81d17f5b2..4a0a3e4a6f8741c1278be10b24702671e413cebf 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java @@ -46,7 +46,6 @@ class CryptoComponentImpl implements CryptoComponent { private static final int AGREEMENT_KEY_PAIR_BITS = 256; private static final int SIGNATURE_KEY_PAIR_BITS = 256; - private static final int ED_KEY_PAIR_BITS = 256; private static final int STORAGE_IV_BYTES = 24; // 196 bits private static final int PBKDF_SALT_BYTES = 32; // 256 bits private static final int PBKDF_FORMAT_SCRYPT = 0; @@ -54,11 +53,9 @@ class CryptoComponentImpl implements CryptoComponent { private final SecureRandom secureRandom; private final PasswordBasedKdf passwordBasedKdf; private final ECKeyPairGenerator agreementKeyPairGenerator; - private final ECKeyPairGenerator signatureKeyPairGenerator; + private final KeyPairGenerator signatureKeyPairGenerator; private final KeyParser agreementKeyParser, signatureKeyParser; private final MessageEncrypter messageEncrypter; - private final KeyPairGenerator edKeyPairGenerator; - private final KeyParser edKeyParser; @Inject CryptoComponentImpl(SecureRandomProvider secureRandomProvider, @@ -87,16 +84,13 @@ class CryptoComponentImpl implements CryptoComponent { PARAMETERS, secureRandom); agreementKeyPairGenerator = new ECKeyPairGenerator(); agreementKeyPairGenerator.init(params); - signatureKeyPairGenerator = new ECKeyPairGenerator(); - signatureKeyPairGenerator.init(params); + signatureKeyPairGenerator = new KeyPairGenerator(); + signatureKeyPairGenerator.initialize(SIGNATURE_KEY_PAIR_BITS, + secureRandom); agreementKeyParser = new Sec1KeyParser(PARAMETERS, AGREEMENT_KEY_PAIR_BITS); - signatureKeyParser = new Sec1KeyParser(PARAMETERS, - SIGNATURE_KEY_PAIR_BITS); + signatureKeyParser = new EdKeyParser(); messageEncrypter = new MessageEncrypter(secureRandom); - edKeyPairGenerator = new KeyPairGenerator(); - edKeyPairGenerator.initialize(ED_KEY_PAIR_BITS, secureRandom); - edKeyParser = new EdKeyParser(); } // Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html @@ -155,21 +149,6 @@ class CryptoComponentImpl implements CryptoComponent { return secret; } - @Override - public KeyPair generateEdKeyPair() { - java.security.KeyPair keyPair = edKeyPairGenerator.generateKeyPair(); - EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic(); - PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte()); - EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate(); - PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed()); - return new KeyPair(publicKey, privateKey); - } - - @Override - public KeyParser getEdKeyParser() { - return edKeyParser; - } - @Override public KeyPair generateAgreementKeyPair() { AsymmetricCipherKeyPair keyPair = @@ -193,17 +172,11 @@ class CryptoComponentImpl implements CryptoComponent { @Override public KeyPair generateSignatureKeyPair() { - AsymmetricCipherKeyPair keyPair = - signatureKeyPairGenerator.generateKeyPair(); - // Return a wrapper that uses the SEC 1 encoding - ECPublicKeyParameters ecPublicKey = - (ECPublicKeyParameters) keyPair.getPublic(); - PublicKey publicKey = new Sec1PublicKey(ecPublicKey - ); - ECPrivateKeyParameters ecPrivateKey = - (ECPrivateKeyParameters) keyPair.getPrivate(); - PrivateKey privateKey = new Sec1PrivateKey(ecPrivateKey, - SIGNATURE_KEY_PAIR_BITS); + java.security.KeyPair keyPair = signatureKeyPairGenerator.generateKeyPair(); + EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic(); + PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte()); + EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate(); + PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed()); return new KeyPair(publicKey, privateKey); } @@ -240,19 +213,8 @@ class CryptoComponentImpl implements CryptoComponent { @Override public byte[] sign(String label, byte[] toSign, byte[] privateKey) throws GeneralSecurityException { - return sign(new SignatureImpl(secureRandom), signatureKeyParser, label, - toSign, privateKey); - } - - @Override - public byte[] signEd(String label, byte[] toSign, byte[] privateKey) - throws GeneralSecurityException { - return sign(new EdSignature(), edKeyParser, label, toSign, privateKey); - } - - private byte[] sign(Signature sig, KeyParser keyParser, String label, - byte[] toSign, byte[] privateKey) throws GeneralSecurityException { - PrivateKey key = keyParser.parsePrivateKey(privateKey); + PrivateKey key = signatureKeyParser.parsePrivateKey(privateKey); + Signature sig = new EdSignature(); sig.initSign(key); updateSignature(sig, label, toSign); return sig.sign(); @@ -261,21 +223,8 @@ class CryptoComponentImpl implements CryptoComponent { @Override public boolean verify(String label, byte[] signedData, byte[] publicKey, byte[] signature) throws GeneralSecurityException { - return verify(new SignatureImpl(secureRandom), signatureKeyParser, - label, signedData, publicKey, signature); - } - - @Override - public boolean verifyEd(String label, byte[] signedData, byte[] publicKey, - byte[] signature) throws GeneralSecurityException { - return verify(new EdSignature(), edKeyParser, label, signedData, - publicKey, signature); - } - - private boolean verify(Signature sig, KeyParser keyParser, String label, - byte[] signedData, byte[] publicKey, byte[] signature) - throws GeneralSecurityException { - PublicKey key = keyParser.parsePublicKey(publicKey); + PublicKey key = signatureKeyParser.parsePublicKey(publicKey); + Signature sig = new EdSignature(); sig.initVerify(key); updateSignature(sig, label, signedData); return sig.verify(signature); diff --git a/bramble-core/src/main/java/org/briarproject/bramble/crypto/SignatureImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/crypto/SignatureImpl.java deleted file mode 100644 index 02ec2eabb0ecba3f61314c46f4a24ac74f7632f7..0000000000000000000000000000000000000000 --- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/SignatureImpl.java +++ /dev/null @@ -1,91 +0,0 @@ -package org.briarproject.bramble.crypto; - -import org.briarproject.bramble.api.crypto.PrivateKey; -import org.briarproject.bramble.api.crypto.PublicKey; -import org.briarproject.bramble.api.nullsafety.NotNullByDefault; -import org.spongycastle.crypto.Digest; -import org.spongycastle.crypto.digests.Blake2bDigest; -import org.spongycastle.crypto.params.ECPrivateKeyParameters; -import org.spongycastle.crypto.params.ECPublicKeyParameters; -import org.spongycastle.crypto.params.ParametersWithRandom; -import org.spongycastle.crypto.signers.DSADigestSigner; -import org.spongycastle.crypto.signers.DSAKCalculator; -import org.spongycastle.crypto.signers.ECDSASigner; -import org.spongycastle.crypto.signers.HMacDSAKCalculator; - -import java.security.GeneralSecurityException; -import java.security.SecureRandom; -import java.util.logging.Logger; - -import javax.annotation.concurrent.NotThreadSafe; - -import static java.util.logging.Level.INFO; - -@NotThreadSafe -@NotNullByDefault -class SignatureImpl implements Signature { - - private static final Logger LOG = - Logger.getLogger(SignatureImpl.class.getName()); - - private final SecureRandom secureRandom; - private final DSADigestSigner signer; - - SignatureImpl(SecureRandom secureRandom) { - this.secureRandom = secureRandom; - Digest digest = new Blake2bDigest(256); - DSAKCalculator calculator = new HMacDSAKCalculator(digest); - signer = new DSADigestSigner(new ECDSASigner(calculator), digest); - } - - @Override - public void initSign(PrivateKey k) throws GeneralSecurityException { - if (!(k instanceof Sec1PrivateKey)) - throw new IllegalArgumentException(); - ECPrivateKeyParameters priv = ((Sec1PrivateKey) k).getKey(); - signer.init(true, new ParametersWithRandom(priv, secureRandom)); - } - - @Override - public void initVerify(PublicKey k) throws GeneralSecurityException { - if (!(k instanceof Sec1PublicKey)) - throw new IllegalArgumentException(); - ECPublicKeyParameters pub = ((Sec1PublicKey) k).getKey(); - signer.init(false, pub); - } - - @Override - public void update(byte b) { - signer.update(b); - } - - @Override - public void update(byte[] b) { - update(b, 0, b.length); - } - - @Override - public void update(byte[] b, int off, int len) { - signer.update(b, off, len); - } - - @Override - public byte[] sign() { - long now = System.currentTimeMillis(); - byte[] signature = signer.generateSignature(); - long duration = System.currentTimeMillis() - now; - if (LOG.isLoggable(INFO)) - LOG.info("Generating signature took " + duration + " ms"); - return signature; - } - - @Override - public boolean verify(byte[] signature) { - long now = System.currentTimeMillis(); - boolean valid = signer.verifySignature(signature); - long duration = System.currentTimeMillis() - now; - if (LOG.isLoggable(INFO)) - LOG.info("Verifying signature took " + duration + " ms"); - return valid; - } -} diff --git a/bramble-core/src/test/java/org/briarproject/bramble/crypto/EcdsaSignatureTest.java b/bramble-core/src/test/java/org/briarproject/bramble/crypto/EcdsaSignatureTest.java deleted file mode 100644 index 1d1c960cd1d9279cbd577e9b22141a09b4a33f14..0000000000000000000000000000000000000000 --- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/EcdsaSignatureTest.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.briarproject.bramble.crypto; - -import org.briarproject.bramble.api.crypto.KeyPair; - -import java.security.GeneralSecurityException; - -public class EcdsaSignatureTest extends SignatureTest { - - @Override - protected KeyPair generateKeyPair() { - return crypto.generateSignatureKeyPair(); - } - - @Override - protected byte[] sign(String label, byte[] toSign, byte[] privateKey) - throws GeneralSecurityException { - return crypto.sign(label, toSign, privateKey); - } - - @Override - protected boolean verify(String label, byte[] signedData, byte[] publicKey, - byte[] signature) throws GeneralSecurityException { - return crypto.verify(label, signedData, publicKey, signature); - } -} diff --git a/bramble-core/src/test/java/org/briarproject/bramble/crypto/EdSignatureTest.java b/bramble-core/src/test/java/org/briarproject/bramble/crypto/EdSignatureTest.java index fcbd73e1560c364b04656278303fd7ca2d7e653f..3fb5c3a9c4a83f85df988e9fc4a0b9bb22e0b8ae 100644 --- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/EdSignatureTest.java +++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/EdSignatureTest.java @@ -133,19 +133,19 @@ public class EdSignatureTest extends SignatureTest { @Override protected KeyPair generateKeyPair() { - return crypto.generateEdKeyPair(); + return crypto.generateSignatureKeyPair(); } @Override protected byte[] sign(String label, byte[] toSign, byte[] privateKey) throws GeneralSecurityException { - return crypto.signEd(label, toSign, privateKey); + return crypto.sign(label, toSign, privateKey); } @Override protected boolean verify(String label, byte[] signedData, byte[] publicKey, byte[] signature) throws GeneralSecurityException { - return crypto.verifyEd(label, signedData, publicKey, signature); + return crypto.verify(label, signedData, publicKey, signature); } @Test diff --git a/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyEncodingAndParsingTest.java b/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyEncodingAndParsingTest.java index a7136e5cd59714b530e78c6b344704ba1ea73ece..1f2cad4dc7cda8344aaea99f1f72b699f3e2cc1a 100644 --- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyEncodingAndParsingTest.java +++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyEncodingAndParsingTest.java @@ -6,13 +6,14 @@ import org.briarproject.bramble.api.crypto.PrivateKey; import org.briarproject.bramble.api.crypto.PublicKey; import org.briarproject.bramble.test.BrambleTestCase; import org.briarproject.bramble.test.TestSecureRandomProvider; -import org.briarproject.bramble.test.TestUtils; import org.junit.Test; import java.security.GeneralSecurityException; -import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH; -import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH; +import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES; +import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_BYTES; +import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES; +import static org.briarproject.bramble.test.TestUtils.getRandomBytes; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertTrue; @@ -28,7 +29,7 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase { KeyPair keyPair = crypto.generateSignatureKeyPair(); // Check the length of the public key byte[] publicKey = keyPair.getPublic().getEncoded(); - assertTrue(publicKey.length <= MAX_PUBLIC_KEY_LENGTH); + assertTrue(publicKey.length <= MAX_AGREEMENT_PUBLIC_KEY_BYTES); } } @@ -45,7 +46,8 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase { aPub = parser.parsePublicKey(aPub.getEncoded()); aPub = parser.parsePublicKey(aPub.getEncoded()); // Derive the shared secret again - it should be the same - byte[] secret1 = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub); + byte[] secret1 = + crypto.performRawKeyAgreement(bPair.getPrivate(), aPub); assertArrayEquals(secret, secret1); } @@ -62,7 +64,8 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase { bPriv = parser.parsePrivateKey(bPriv.getEncoded()); bPriv = parser.parsePrivateKey(bPriv.getEncoded()); // Derive the shared secret again - it should be the same - byte[] secret1 = crypto.performRawKeyAgreement(bPriv, aPair.getPublic()); + byte[] secret1 = + crypto.performRawKeyAgreement(bPriv, aPair.getPublic()); assertArrayEquals(secret, secret1); } @@ -76,12 +79,12 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase { // Parse some random byte arrays - expect GeneralSecurityException for (int i = 0; i < 1000; i++) { try { - parser.parsePublicKey(TestUtils.getRandomBytes(pubLength)); + parser.parsePublicKey(getRandomBytes(pubLength)); } catch (GeneralSecurityException expected) { // Expected } try { - parser.parsePrivateKey(TestUtils.getRandomBytes(privLength)); + parser.parsePrivateKey(getRandomBytes(privLength)); } catch (GeneralSecurityException expected) { // Expected } @@ -95,7 +98,7 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase { KeyPair keyPair = crypto.generateSignatureKeyPair(); // Check the length of the public key byte[] publicKey = keyPair.getPublic().getEncoded(); - assertTrue(publicKey.length <= MAX_PUBLIC_KEY_LENGTH); + assertTrue(publicKey.length <= MAX_SIGNATURE_PUBLIC_KEY_BYTES); } } @@ -106,44 +109,53 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase { KeyPair keyPair = crypto.generateSignatureKeyPair(); byte[] key = keyPair.getPrivate().getEncoded(); // Sign some random data and check the length of the signature - byte[] toBeSigned = TestUtils.getRandomBytes(1234); + byte[] toBeSigned = getRandomBytes(1234); byte[] signature = crypto.sign("label", toBeSigned, key); - assertTrue(signature.length <= MAX_SIGNATURE_LENGTH); + assertTrue(signature.length <= MAX_SIGNATURE_BYTES); } } @Test public void testSignaturePublicKeyEncodingAndParsing() throws Exception { KeyParser parser = crypto.getSignatureKeyParser(); - // Generate two key pairs - KeyPair aPair = crypto.generateSignatureKeyPair(); - KeyPair bPair = crypto.generateSignatureKeyPair(); - // Derive the shared secret - PublicKey aPub = aPair.getPublic(); - byte[] secret = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub); + // Generate a key pair and sign some data + KeyPair keyPair = crypto.generateSignatureKeyPair(); + PublicKey publicKey = keyPair.getPublic(); + PrivateKey privateKey = keyPair.getPrivate(); + byte[] message = getRandomBytes(123); + byte[] signature = crypto.sign("test", message, + privateKey.getEncoded()); + // Verify the signature + assertTrue(crypto.verify("test", message, publicKey.getEncoded(), + signature)); // Encode and parse the public key - no exceptions should be thrown - aPub = parser.parsePublicKey(aPub.getEncoded()); - aPub = parser.parsePublicKey(aPub.getEncoded()); - // Derive the shared secret again - it should be the same - byte[] secret1 = crypto.performRawKeyAgreement(bPair.getPrivate(), aPub); - assertArrayEquals(secret, secret1); + publicKey = parser.parsePublicKey(publicKey.getEncoded()); + // Verify the signature again + assertTrue(crypto.verify("test", message, publicKey.getEncoded(), + signature)); } @Test public void testSignaturePrivateKeyEncodingAndParsing() throws Exception { KeyParser parser = crypto.getSignatureKeyParser(); - // Generate two key pairs - KeyPair aPair = crypto.generateSignatureKeyPair(); - KeyPair bPair = crypto.generateSignatureKeyPair(); - // Derive the shared secret - PrivateKey bPriv = bPair.getPrivate(); - byte[] secret = crypto.performRawKeyAgreement(bPriv, aPair.getPublic()); + // Generate a key pair and sign some data + KeyPair keyPair = crypto.generateSignatureKeyPair(); + PublicKey publicKey = keyPair.getPublic(); + PrivateKey privateKey = keyPair.getPrivate(); + byte[] message = getRandomBytes(123); + byte[] signature = crypto.sign("test", message, + privateKey.getEncoded()); + // Verify the signature + assertTrue(crypto.verify("test", message, publicKey.getEncoded(), + signature)); // Encode and parse the private key - no exceptions should be thrown - bPriv = parser.parsePrivateKey(bPriv.getEncoded()); - bPriv = parser.parsePrivateKey(bPriv.getEncoded()); - // Derive the shared secret again - it should be the same - byte[] secret1 = crypto.performRawKeyAgreement(bPriv, aPair.getPublic()); - assertArrayEquals(secret, secret1); + privateKey = parser.parsePrivateKey(privateKey.getEncoded()); + // Sign the data again - the signatures should be the same + byte[] signature1 = crypto.sign("test", message, + privateKey.getEncoded()); + assertTrue(crypto.verify("test", message, publicKey.getEncoded(), + signature1)); + assertArrayEquals(signature, signature1); } @Test @@ -156,12 +168,12 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase { // Parse some random byte arrays - expect GeneralSecurityException for (int i = 0; i < 1000; i++) { try { - parser.parsePublicKey(TestUtils.getRandomBytes(pubLength)); + parser.parsePublicKey(getRandomBytes(pubLength)); } catch (GeneralSecurityException expected) { // Expected } try { - parser.parsePrivateKey(TestUtils.getRandomBytes(privLength)); + parser.parsePrivateKey(getRandomBytes(privLength)); } catch (GeneralSecurityException expected) { // Expected } diff --git a/briar-core/src/main/java/org/briarproject/briar/introduction/IntroductionValidator.java b/briar-core/src/main/java/org/briarproject/briar/introduction/IntroductionValidator.java index 705a36f00a6e4dc1b9179656d595dd8343aaeebf..9fc526e49c24a709cc2a43d9abaea0b5973c944d 100644 --- a/briar-core/src/main/java/org/briarproject/briar/introduction/IntroductionValidator.java +++ b/briar-core/src/main/java/org/briarproject/briar/introduction/IntroductionValidator.java @@ -15,6 +15,7 @@ import org.briarproject.briar.client.BdfQueueMessageValidator; import javax.annotation.concurrent.Immutable; +import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES; import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH; import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH; import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH; @@ -133,7 +134,7 @@ class IntroductionValidator extends BdfQueueMessageValidator { // parse ephemeral public key pubkey = message.getRaw(4); - checkLength(pubkey, 1, MAX_PUBLIC_KEY_LENGTH); + checkLength(pubkey, 1, MAX_AGREEMENT_PUBLIC_KEY_BYTES); // parse transport properties tp = message.getDictionary(5); diff --git a/briar-core/src/test/java/org/briarproject/briar/introduction/IntroduceeManagerTest.java b/briar-core/src/test/java/org/briarproject/briar/introduction/IntroduceeManagerTest.java index 72d178a7f72631184a33c3ab1758c75448688f7a..6617924ac12317fd5655bb27313ecf4c45c461ae 100644 --- a/briar-core/src/test/java/org/briarproject/briar/introduction/IntroduceeManagerTest.java +++ b/briar-core/src/test/java/org/briarproject/briar/introduction/IntroduceeManagerTest.java @@ -36,7 +36,7 @@ import org.junit.Test; import java.security.GeneralSecurityException; import java.security.SecureRandom; -import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH; +import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES; import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH; import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH; import static org.briarproject.bramble.test.TestUtils.getAuthor; @@ -215,7 +215,7 @@ public class IntroduceeManagerTest extends BriarTestCase { // turn request message into a response msg.put(ACCEPT, true); msg.put(TIME, time); - msg.put(E_PUBLIC_KEY, getRandomBytes(MAX_PUBLIC_KEY_LENGTH)); + msg.put(E_PUBLIC_KEY, getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES)); msg.put(TRANSPORT, new BdfDictionary()); context.checking(new Expectations() {{ @@ -308,7 +308,7 @@ public class IntroduceeManagerTest extends BriarTestCase { byte[] publicKeyBytes = introducee2.getAuthor().getPublicKey(); BdfDictionary tp = BdfDictionary.of(new BdfEntry("fake", "fake")); - byte[] ePublicKeyBytes = getRandomBytes(MAX_PUBLIC_KEY_LENGTH); + byte[] ePublicKeyBytes = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES); byte[] mac = getRandomBytes(MAC_LENGTH); SecretKey macKey = getSecretKey(); diff --git a/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionIntegrationTest.java b/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionIntegrationTest.java index ff4f28bb7b254015b896c422bb17564a2bdf2395..0cfa068f816b87d1ab51e545fce12c0288712c32 100644 --- a/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionIntegrationTest.java +++ b/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionIntegrationTest.java @@ -730,7 +730,7 @@ public class IntroductionIntegrationTest @Test public void testModifiedEphemeralPublicKey() throws Exception { testModifiedResponse(response -> { - KeyPair keyPair = crypto.generateSignatureKeyPair(); + KeyPair keyPair = crypto.generateAgreementKeyPair(); response.put(E_PUBLIC_KEY, keyPair.getPublic().getEncoded()); return true; }); diff --git a/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionValidatorTest.java b/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionValidatorTest.java index afe880100fcc380d8f360420e6ae927738b2ce12..bd786802f079c3585c006283d4f95723b1e8bf58 100644 --- a/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionValidatorTest.java +++ b/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionValidatorTest.java @@ -20,6 +20,7 @@ import org.briarproject.briar.test.BriarTestCase; import org.jmock.Mockery; import org.junit.Test; +import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES; import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH; import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH; import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH; @@ -164,7 +165,7 @@ public class IntroductionValidatorTest extends BriarTestCase { byte[] groupId = getRandomId(); byte[] sessionId = getRandomId(); long time = clock.currentTimeMillis(); - byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH); + byte[] publicKey = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES); String transportId = getRandomString(TransportId.MAX_TRANSPORT_ID_LENGTH); BdfDictionary tProps = BdfDictionary.of( @@ -255,7 +256,7 @@ public class IntroductionValidatorTest extends BriarTestCase { byte[] groupId = getRandomId(); byte[] sessionId = getRandomId(); long time = clock.currentTimeMillis(); - byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH); + byte[] publicKey = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES); String transportId = getRandomString(TransportId.MAX_TRANSPORT_ID_LENGTH); BdfDictionary tProps = BdfDictionary.of(