forked from I2P_Developers/i2p.i2p
Crypto: Keygen for RedDSA, allow RedDSA for unblinded keys (Enc LS2)
This commit is contained in:
@ -39,16 +39,18 @@ public final class Blinding {
|
|||||||
private Blinding() {}
|
private Blinding() {}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Only for SigType EdDSA_SHA512_Ed25519.
|
* Only for SigTypes EdDSA_SHA512_Ed25519 and RedDSA_SHA512_Ed25519.
|
||||||
*
|
*
|
||||||
* @param key must be SigType EdDSA_SHA512_Ed25519
|
* @param key must be SigType EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519
|
||||||
* @param alpha must be SigType RedDSA_SHA512_Ed25519
|
* @param alpha must be SigType RedDSA_SHA512_Ed25519
|
||||||
* @return SigType RedDSA_SHA512_Ed25519
|
* @return SigType RedDSA_SHA512_Ed25519
|
||||||
* @throws UnsupportedOperationException unless supported SigTypes
|
* @throws UnsupportedOperationException unless supported SigTypes
|
||||||
* @throws IllegalArgumentException on bad inputs
|
* @throws IllegalArgumentException on bad inputs
|
||||||
*/
|
*/
|
||||||
public static SigningPublicKey blind(SigningPublicKey key, SigningPrivateKey alpha) {
|
public static SigningPublicKey blind(SigningPublicKey key, SigningPrivateKey alpha) {
|
||||||
if (key.getType() != TYPE || alpha.getType() != TYPER)
|
SigType type = key.getType();
|
||||||
|
if ((type != TYPE && type != TYPER) ||
|
||||||
|
alpha.getType() != TYPER)
|
||||||
throw new UnsupportedOperationException();
|
throw new UnsupportedOperationException();
|
||||||
try {
|
try {
|
||||||
EdDSAPublicKey jk = SigUtil.toJavaEdDSAKey(key);
|
EdDSAPublicKey jk = SigUtil.toJavaEdDSAKey(key);
|
||||||
@ -61,16 +63,18 @@ public final class Blinding {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Only for SigType EdDSA_SHA512_Ed25519.
|
* Only for SigTypes EdDSA_SHA512_Ed25519 and RedDSA_SHA512_Ed25519.
|
||||||
*
|
*
|
||||||
* @param key must be SigType EdDSA_SHA512_Ed25519
|
* @param key must be SigType EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519
|
||||||
* @param alpha must be SigType RedDSA_SHA512_Ed25519
|
* @param alpha must be SigType RedDSA_SHA512_Ed25519
|
||||||
* @return SigType RedDSA_SHA512_Ed25519
|
* @return SigType RedDSA_SHA512_Ed25519
|
||||||
* @throws UnsupportedOperationException unless supported SigTypes
|
* @throws UnsupportedOperationException unless supported SigTypes
|
||||||
* @throws IllegalArgumentException on bad inputs
|
* @throws IllegalArgumentException on bad inputs
|
||||||
*/
|
*/
|
||||||
public static SigningPrivateKey blind(SigningPrivateKey key, SigningPrivateKey alpha) {
|
public static SigningPrivateKey blind(SigningPrivateKey key, SigningPrivateKey alpha) {
|
||||||
if (key.getType() != TYPE || alpha.getType() != TYPER)
|
SigType type = key.getType();
|
||||||
|
if ((type != TYPE && type != TYPER) ||
|
||||||
|
alpha.getType() != TYPER)
|
||||||
throw new UnsupportedOperationException();
|
throw new UnsupportedOperationException();
|
||||||
try {
|
try {
|
||||||
EdDSAPrivateKey jk = SigUtil.toJavaEdDSAKey(key);
|
EdDSAPrivateKey jk = SigUtil.toJavaEdDSAKey(key);
|
||||||
@ -122,9 +126,9 @@ public final class Blinding {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Generate alpha for the given time.
|
* Generate alpha for the given time.
|
||||||
* Only for SigType EdDSA_SHA512_Ed25519.
|
* Only for SigType EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519.
|
||||||
*
|
*
|
||||||
* @param dest spk must be SigType EdDSA_SHA512_Ed25519
|
* @param dest spk must be SigType EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519
|
||||||
* @param secret may be null or zero-length
|
* @param secret may be null or zero-length
|
||||||
* @param now for what time?
|
* @param now for what time?
|
||||||
* @return SigType RedDSA_SHA512_Ed25519
|
* @return SigType RedDSA_SHA512_Ed25519
|
||||||
|
|||||||
@ -35,6 +35,7 @@ import com.southernstorm.noise.crypto.x25519.Curve25519;
|
|||||||
import net.i2p.I2PAppContext;
|
import net.i2p.I2PAppContext;
|
||||||
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
|
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
|
||||||
import net.i2p.crypto.eddsa.EdDSAPublicKey;
|
import net.i2p.crypto.eddsa.EdDSAPublicKey;
|
||||||
|
import net.i2p.crypto.eddsa.RedKeyPairGenerator;
|
||||||
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
|
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
|
||||||
import net.i2p.crypto.provider.I2PProvider;
|
import net.i2p.crypto.provider.I2PProvider;
|
||||||
import net.i2p.data.Hash;
|
import net.i2p.data.Hash;
|
||||||
@ -289,7 +290,11 @@ public final class KeyGenerator {
|
|||||||
return generateSigningKeys();
|
return generateSigningKeys();
|
||||||
java.security.KeyPair kp;
|
java.security.KeyPair kp;
|
||||||
if (type.getBaseAlgorithm() == SigAlgo.EdDSA) {
|
if (type.getBaseAlgorithm() == SigAlgo.EdDSA) {
|
||||||
net.i2p.crypto.eddsa.KeyPairGenerator kpg = new net.i2p.crypto.eddsa.KeyPairGenerator();
|
net.i2p.crypto.eddsa.KeyPairGenerator kpg;
|
||||||
|
if (type == SigType.RedDSA_SHA512_Ed25519)
|
||||||
|
kpg = new RedKeyPairGenerator();
|
||||||
|
else
|
||||||
|
kpg = new net.i2p.crypto.eddsa.KeyPairGenerator();
|
||||||
kpg.initialize(type.getParams(), _context.random());
|
kpg.initialize(type.getParams(), _context.random());
|
||||||
kp = kpg.generateKeyPair();
|
kp = kpg.generateKeyPair();
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -673,7 +673,8 @@ public class SU3File {
|
|||||||
for (SigType t : EnumSet.allOf(SigType.class)) {
|
for (SigType t : EnumSet.allOf(SigType.class)) {
|
||||||
if (!t.isAvailable())
|
if (!t.isAvailable())
|
||||||
continue;
|
continue;
|
||||||
if (t == SigType.EdDSA_SHA512_Ed25519)
|
if (t == SigType.EdDSA_SHA512_Ed25519 ||
|
||||||
|
t == SigType.RedDSA_SHA512_Ed25519)
|
||||||
continue; // not supported by keytool, and does double hashing right now
|
continue; // not supported by keytool, and does double hashing right now
|
||||||
buf.append(" ").append(t).append("\t(code: ").append(t.getCode()).append(')');
|
buf.append(" ").append(t).append("\t(code: ").append(t.getCode()).append(')');
|
||||||
if (t.getCode() == DEFAULT_SIG_CODE)
|
if (t.getCode() == DEFAULT_SIG_CODE)
|
||||||
|
|||||||
@ -71,7 +71,7 @@ public class EdDSAPrivateKey implements EdDSAKey, PrivateKey {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the public key in its canonical encoding.
|
* Returns the private key in its canonical encoding.
|
||||||
*<p>
|
*<p>
|
||||||
* This implements the following specs:
|
* This implements the following specs:
|
||||||
*<ul><li>
|
*<ul><li>
|
||||||
|
|||||||
@ -21,11 +21,11 @@ import net.i2p.util.RandomSource;
|
|||||||
*
|
*
|
||||||
* @since 0.9.15
|
* @since 0.9.15
|
||||||
*/
|
*/
|
||||||
public final class KeyPairGenerator extends KeyPairGeneratorSpi {
|
public class KeyPairGenerator extends KeyPairGeneratorSpi {
|
||||||
private static final int DEFAULT_KEYSIZE = 256;
|
protected static final int DEFAULT_KEYSIZE = 256;
|
||||||
private EdDSAParameterSpec edParams;
|
protected EdDSAParameterSpec edParams;
|
||||||
private SecureRandom random;
|
protected SecureRandom random;
|
||||||
private boolean initialized;
|
protected boolean initialized;
|
||||||
|
|
||||||
private static final Hashtable<Integer, AlgorithmParameterSpec> edParameters;
|
private static final Hashtable<Integer, AlgorithmParameterSpec> edParameters;
|
||||||
|
|
||||||
|
|||||||
31
core/java/src/net/i2p/crypto/eddsa/RedKeyPairGenerator.java
Normal file
31
core/java/src/net/i2p/crypto/eddsa/RedKeyPairGenerator.java
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
package net.i2p.crypto.eddsa;
|
||||||
|
|
||||||
|
import java.security.KeyPair;
|
||||||
|
|
||||||
|
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
|
||||||
|
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
|
||||||
|
import net.i2p.util.RandomSource;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Default keysize is 256 (Ed25519)
|
||||||
|
*
|
||||||
|
* @since 0.9.39
|
||||||
|
*/
|
||||||
|
public final class RedKeyPairGenerator extends KeyPairGenerator {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public KeyPair generateKeyPair() {
|
||||||
|
if (!initialized)
|
||||||
|
initialize(DEFAULT_KEYSIZE, RandomSource.getInstance());
|
||||||
|
|
||||||
|
// 64 bytes
|
||||||
|
byte[] seed = new byte[edParams.getCurve().getField().getb()/4];
|
||||||
|
random.nextBytes(seed);
|
||||||
|
byte[] b = EdDSABlinding.reduce(seed);
|
||||||
|
|
||||||
|
EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(b, null, edParams);
|
||||||
|
EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(privKey.getA(), edParams);
|
||||||
|
|
||||||
|
return new KeyPair(new EdDSAPublicKey(pubKey), new EdDSAPrivateKey(privKey));
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -82,7 +82,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
/**
|
/**
|
||||||
* Overridden to set the blinded key
|
* Overridden to set the blinded key
|
||||||
*
|
*
|
||||||
* @param dest non-null, must be EdDSA_SHA512_Ed25519
|
* @param dest non-null, must be EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519
|
||||||
* @throws IllegalStateException if already signed
|
* @throws IllegalStateException if already signed
|
||||||
* @throws IllegalArgumentException if not EdDSA
|
* @throws IllegalArgumentException if not EdDSA
|
||||||
*/
|
*/
|
||||||
@ -90,7 +90,9 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
public void setDestination(Destination dest) {
|
public void setDestination(Destination dest) {
|
||||||
super.setDestination(dest);
|
super.setDestination(dest);
|
||||||
SigningPublicKey spk = dest.getSigningPublicKey();
|
SigningPublicKey spk = dest.getSigningPublicKey();
|
||||||
if (spk.getType() != SigType.EdDSA_SHA512_Ed25519)
|
SigType type = spk.getType();
|
||||||
|
if (type != SigType.EdDSA_SHA512_Ed25519 &&
|
||||||
|
type != SigType.RedDSA_SHA512_Ed25519)
|
||||||
throw new IllegalArgumentException();
|
throw new IllegalArgumentException();
|
||||||
SigningPublicKey bpk = blind();
|
SigningPublicKey bpk = blind();
|
||||||
if (_signingKey == null)
|
if (_signingKey == null)
|
||||||
|
|||||||
Reference in New Issue
Block a user