From ffbc2d3ec0d28945907451135102636f7953415b Mon Sep 17 00:00:00 2001
From: str4d <str4d@mail.i2p>
Date: Thu, 28 Jan 2016 06:01:24 +0000
Subject: [PATCH] Change key function to Curve25519

This is a backwards-incompatible change; it alters the key pair types used for
long-term signing as well as ephemeral key agreement. Old identities are now
worthless.
---
 .../crypto/EllipticCurveConstants.java            | 10 +++++-----
 .../org/briarproject/crypto/Sec1KeyParser.java    | 15 ++++++++-------
 .../crypto/EllipticCurveMultiplicationTest.java   |  4 ++--
 .../crypto/EllipticCurvePerformanceTest.java      |  9 +++++++++
 4 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/briar-core/src/org/briarproject/crypto/EllipticCurveConstants.java b/briar-core/src/org/briarproject/crypto/EllipticCurveConstants.java
index 76be537299..6cfaa3ae96 100644
--- a/briar-core/src/org/briarproject/crypto/EllipticCurveConstants.java
+++ b/briar-core/src/org/briarproject/crypto/EllipticCurveConstants.java
@@ -1,23 +1,23 @@
 package org.briarproject.crypto;
 
-import java.math.BigInteger;
-
-import org.spongycastle.asn1.teletrust.TeleTrusTNamedCurves;
 import org.spongycastle.asn1.x9.X9ECParameters;
+import org.spongycastle.crypto.ec.CustomNamedCurves;
 import org.spongycastle.crypto.params.ECDomainParameters;
 import org.spongycastle.math.ec.ECCurve;
 import org.spongycastle.math.ec.ECMultiplier;
 import org.spongycastle.math.ec.ECPoint;
 import org.spongycastle.math.ec.MontgomeryLadderMultiplier;
 
-/** Parameters for curve brainpoolp256r1 - see RFC 5639. */
+import java.math.BigInteger;
+
+/** Parameters for curve curve25519 - see draft-turner-thecurve25519function. */
 class EllipticCurveConstants {
 
 	static final ECDomainParameters PARAMETERS;
 
 	static {
 		// Start with the default implementation of the curve
-		X9ECParameters x9 = TeleTrusTNamedCurves.getByName("brainpoolp256r1");
+		X9ECParameters x9 = CustomNamedCurves.getByName("curve25519");
 		// Use a constant-time multiplier
 		ECMultiplier monty = new MontgomeryLadderMultiplier();
 		ECCurve curve = x9.getCurve().configure().setMultiplier(monty).create();
diff --git a/briar-core/src/org/briarproject/crypto/Sec1KeyParser.java b/briar-core/src/org/briarproject/crypto/Sec1KeyParser.java
index 99b3d2e727..0e3c6e08c0 100644
--- a/briar-core/src/org/briarproject/crypto/Sec1KeyParser.java
+++ b/briar-core/src/org/briarproject/crypto/Sec1KeyParser.java
@@ -1,11 +1,5 @@
 package org.briarproject.crypto;
 
-import static java.util.logging.Level.INFO;
-
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.util.logging.Logger;
-
 import org.briarproject.api.crypto.KeyParser;
 import org.briarproject.api.crypto.PrivateKey;
 import org.briarproject.api.crypto.PublicKey;
@@ -14,6 +8,13 @@ import org.spongycastle.crypto.params.ECPrivateKeyParameters;
 import org.spongycastle.crypto.params.ECPublicKeyParameters;
 import org.spongycastle.math.ec.ECCurve;
 import org.spongycastle.math.ec.ECPoint;
+import org.spongycastle.math.ec.custom.djb.Curve25519;
+
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.util.logging.Logger;
+
+import static java.util.logging.Level.INFO;
 
 /**
  * A key parser that uses the encoding defined in "SEC 1: Elliptic Curve
@@ -32,7 +33,7 @@ class Sec1KeyParser implements KeyParser {
 	Sec1KeyParser(ECDomainParameters params, int keyBits) {
 		this.params = params;
 		this.keyBits = keyBits;
-		modulus = ((ECCurve.Fp) params.getCurve()).getQ();
+		modulus = ((Curve25519) params.getCurve()).getQ();
 		bytesPerInt = (keyBits + 7) / 8;
 		publicKeyBytes = 1 + 2 * bytesPerInt;
 		privateKeyBytes = bytesPerInt;
diff --git a/briar-tests/src/org/briarproject/crypto/EllipticCurveMultiplicationTest.java b/briar-tests/src/org/briarproject/crypto/EllipticCurveMultiplicationTest.java
index 6ee9690895..ebb99932a1 100644
--- a/briar-tests/src/org/briarproject/crypto/EllipticCurveMultiplicationTest.java
+++ b/briar-tests/src/org/briarproject/crypto/EllipticCurveMultiplicationTest.java
@@ -2,10 +2,10 @@ package org.briarproject.crypto;
 
 import org.briarproject.BriarTestCase;
 import org.junit.Test;
-import org.spongycastle.asn1.teletrust.TeleTrusTNamedCurves;
 import org.spongycastle.asn1.x9.X9ECParameters;
 import org.spongycastle.crypto.AsymmetricCipherKeyPair;
 import org.spongycastle.crypto.agreement.ECDHCBasicAgreement;
+import org.spongycastle.crypto.ec.CustomNamedCurves;
 import org.spongycastle.crypto.generators.ECKeyPairGenerator;
 import org.spongycastle.crypto.params.ECDomainParameters;
 import org.spongycastle.crypto.params.ECKeyGenerationParameters;
@@ -26,7 +26,7 @@ public class EllipticCurveMultiplicationTest extends BriarTestCase {
 	public void testMultiplierProducesSameResultsAsDefault() throws Exception {
 		// Instantiate the default implementation of the curve
 		X9ECParameters defaultX9Parameters =
-				TeleTrusTNamedCurves.getByName("brainpoolp256r1");
+				CustomNamedCurves.getByName("curve25519");
 		ECCurve defaultCurve = defaultX9Parameters.getCurve();
 		ECPoint defaultG = defaultX9Parameters.getG();
 		BigInteger defaultN = defaultX9Parameters.getN();
diff --git a/briar-tests/src/org/briarproject/crypto/EllipticCurvePerformanceTest.java b/briar-tests/src/org/briarproject/crypto/EllipticCurvePerformanceTest.java
index 7f18689e84..a31d862c07 100644
--- a/briar-tests/src/org/briarproject/crypto/EllipticCurvePerformanceTest.java
+++ b/briar-tests/src/org/briarproject/crypto/EllipticCurvePerformanceTest.java
@@ -6,6 +6,7 @@ import org.spongycastle.asn1.x9.X9ECParameters;
 import org.spongycastle.crypto.AsymmetricCipherKeyPair;
 import org.spongycastle.crypto.Digest;
 import org.spongycastle.crypto.agreement.ECDHCBasicAgreement;
+import org.spongycastle.crypto.ec.CustomNamedCurves;
 import org.spongycastle.crypto.generators.ECKeyPairGenerator;
 import org.spongycastle.crypto.params.ECDomainParameters;
 import org.spongycastle.crypto.params.ECKeyGenerationParameters;
@@ -37,6 +38,8 @@ public class EllipticCurvePerformanceTest {
 			"secp256k1", "secp256r1", "secp384r1", "secp521r1");
 	private static final List<String> BRAINPOOL_NAMES = Arrays.asList(
 			"brainpoolp256r1", "brainpoolp384r1", "brainpoolp512r1");
+	private static final List<String> CUSTOM_NAMES = Arrays.asList(
+			"curve25519", "secp256k1", "secp256r1", "secp384r1", "secp521r1");
 
 	public static void main(String[] args) {
 		for (String name : SEC_NAMES) {
@@ -51,6 +54,12 @@ public class EllipticCurvePerformanceTest {
 			runTest(name + " default", params);
 			runTest(name + " constant", constantTime(params));
 		}
+		for (String name : CUSTOM_NAMES) {
+			ECDomainParameters params =
+					convertParams(CustomNamedCurves.getByName(name));
+			runTest(name + " default", params);
+			runTest(name + " constant", constantTime(params));
+		}
 		runTest("ours", EllipticCurveConstants.PARAMETERS);
 	}
 
-- 
GitLab