ed-precompiled_ed25519 1.4.0

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyFactory.java

@@ -0,0 +1,75 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactorySpi;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+
+/**
+ * @author str4d
+ *
+ */
+public final class KeyFactory extends KeyFactorySpi {
+
+    protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
+            throws InvalidKeySpecException {
+        if (keySpec instanceof EdDSAPrivateKeySpec) {
+            return new EdDSAPrivateKey((EdDSAPrivateKeySpec) keySpec);
+        }
+        if (keySpec instanceof PKCS8EncodedKeySpec) {
+            return new EdDSAPrivateKey((PKCS8EncodedKeySpec) keySpec);
+        }
+        throw new InvalidKeySpecException("key spec not recognised: " + keySpec.getClass());
+    }
+
+    protected PublicKey engineGeneratePublic(KeySpec keySpec)
+            throws InvalidKeySpecException {
+        if (keySpec instanceof EdDSAPublicKeySpec) {
+            return new EdDSAPublicKey((EdDSAPublicKeySpec) keySpec);
+        }
+        if (keySpec instanceof X509EncodedKeySpec) {
+            return new EdDSAPublicKey((X509EncodedKeySpec) keySpec);
+        }
+        throw new InvalidKeySpecException("key spec not recognised: " + keySpec.getClass());
+    }
+
+    @SuppressWarnings("unchecked")
+    protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
+            throws InvalidKeySpecException {
+        if (keySpec.isAssignableFrom(EdDSAPublicKeySpec.class) && key instanceof EdDSAPublicKey) {
+            EdDSAPublicKey k = (EdDSAPublicKey) key;
+            if (k.getParams() != null) {
+                return (T) new EdDSAPublicKeySpec(k.getA(), k.getParams());
+            }
+        } else if (keySpec.isAssignableFrom(EdDSAPrivateKeySpec.class) && key instanceof EdDSAPrivateKey) {
+            EdDSAPrivateKey k = (EdDSAPrivateKey) key;
+            if (k.getParams() != null) {
+                return (T) new EdDSAPrivateKeySpec(k.getSeed(), k.getH(), k.geta(), k.getA(), k.getParams());
+            }
+        }
+        throw new InvalidKeySpecException("not implemented yet " + key + " " + keySpec);
+    }
+
+    protected Key engineTranslateKey(Key key) throws InvalidKeyException {
+        throw new InvalidKeyException("No other EdDSA key providers known");
+    }
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyPairGenerator.java

@@ -0,0 +1,97 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGeneratorSpi;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Hashtable;
+
+import net.i2p.crypto.eddsa.spec.EdDSAGenParameterSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAParameterSpec;
+import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+
+/**
+ *  Default keysize is 256 (Ed25519)
+ */
+public final class KeyPairGenerator extends KeyPairGeneratorSpi {
+    private static final int DEFAULT_KEYSIZE = 256;
+    private EdDSAParameterSpec edParams;
+    private SecureRandom random;
+    private boolean initialized;
+
+    private static final Hashtable<Integer, AlgorithmParameterSpec> edParameters;
+
+    static {
+        edParameters = new Hashtable<Integer, AlgorithmParameterSpec>();
+
+        edParameters.put(Integer.valueOf(256), new EdDSAGenParameterSpec(EdDSANamedCurveTable.ED_25519));
+    }
+
+    public void initialize(int keysize, SecureRandom random) {
+        AlgorithmParameterSpec edParams = edParameters.get(Integer.valueOf(keysize));
+        if (edParams == null)
+            throw new InvalidParameterException("unknown key type.");
+        try {
+            initialize(edParams, random);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new InvalidParameterException("key type not configurable.");
+        }
+    }
+
+    @Override
+    public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException {
+        if (params instanceof EdDSAParameterSpec) {
+            edParams = (EdDSAParameterSpec) params;
+        } else if (params instanceof EdDSAGenParameterSpec) {
+            edParams = createNamedCurveSpec(((EdDSAGenParameterSpec) params).getName());
+        } else
+            throw new InvalidAlgorithmParameterException("parameter object not a EdDSAParameterSpec");
+
+        this.random = random;
+        initialized = true;
+    }
+
+    public KeyPair generateKeyPair() {
+        if (!initialized)
+            initialize(DEFAULT_KEYSIZE, new SecureRandom());
+
+        byte[] seed = new byte[edParams.getCurve().getField().getb()/8];
+        random.nextBytes(seed);
+
+        EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(seed, edParams);
+        EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(privKey.getA(), edParams);
+
+        return new KeyPair(new EdDSAPublicKey(pubKey), new EdDSAPrivateKey(privKey));
+    }
+
+    /**
+     * Create an EdDSANamedCurveSpec from the provided curve name. The current
+     * implementation fetches the pre-created curve spec from a table.
+     * @param curveName the EdDSA named curve.
+     * @return the specification for the named curve.
+     * @throws InvalidAlgorithmParameterException if the named curve is unknown.
+     */
+    protected EdDSANamedCurveSpec createNamedCurveSpec(String curveName) throws InvalidAlgorithmParameterException {
+        EdDSANamedCurveSpec spec = EdDSANamedCurveTable.getByName(curveName);
+        if (spec == null) {
+            throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+        }
+        return spec;
+    }
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/Utils.java

@@ -0,0 +1,103 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa;
+
+/**
+ * Basic utilities for EdDSA.
+ * Not for external use, not maintained as a public API.
+ *
+ * @author str4d
+ *
+ */
+public class Utils {
+    /**
+     * Constant-time byte comparison.
+     * @param b a byte
+     * @param c a byte
+     * @return 1 if b and c are equal, 0 otherwise.
+     */
+    public static int equal(int b, int c) {
+        int result = 0;
+        int xor = b ^ c;
+        for (int i = 0; i < 8; i++) {
+            result |= xor >> i;
+        }
+        return (result ^ 0x01) & 0x01;
+    }
+
+    /**
+     * Constant-time byte[] comparison.
+     * @param b a byte[]
+     * @param c a byte[]
+     * @return 1 if b and c are equal, 0 otherwise.
+     */
+    public static int equal(byte[] b, byte[] c) {
+        int result = 0;
+        for (int i = 0; i < 32; i++) {
+            result |= b[i] ^ c[i];
+        }
+
+        return equal(result, 0);
+    }
+
+    /**
+     * Constant-time determine if byte is negative.
+     * @param b the byte to check.
+     * @return 1 if the byte is negative, 0 otherwise.
+     */
+    public static int negative(int b) {
+        return (b >> 8) & 1;
+    }
+
+    /**
+     * Get the i'th bit of a byte array.
+     * @param h the byte array.
+     * @param i the bit index.
+     * @return 0 or 1, the value of the i'th bit in h
+     */
+    public static int bit(byte[] h, int i) {
+        return (h[i >> 3] >> (i & 7)) & 1;
+    }
+
+    /**
+     * Converts a hex string to bytes.
+     * @param s the hex string to be converted.
+     * @return the byte[]
+     */
+    public static byte[] hexToBytes(String s) {
+        int len = s.length();
+        byte[] data = new byte[len / 2];
+        for (int i = 0; i < len; i += 2) {
+            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+                    + Character.digit(s.charAt(i+1), 16));
+        }
+        return data;
+    }
+
+    /**
+     * Converts bytes to a hex string.
+     * @param raw the byte[] to be converted.
+     * @return the hex representation as a string.
+     */
+    public static String bytesToHex(byte[] raw) {
+        if ( raw == null ) {
+            return null;
+        }
+        final StringBuilder hex = new StringBuilder(2 * raw.length);
+        for (final byte b : raw) {
+            hex.append(Character.forDigit((b & 0xF0) >> 4, 16))
+            .append(Character.forDigit((b & 0x0F), 16));
+        }
+        return hex.toString();
+    }
+
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Constants.java

@@ -0,0 +1,23 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa.math;
+
+import net.i2p.crypto.eddsa.Utils;
+
+final class Constants {
+    public static final byte[] ZERO = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] ONE = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] TWO = Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] FOUR = Utils.hexToBytes("0400000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] FIVE = Utils.hexToBytes("0500000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] EIGHT = Utils.hexToBytes("0800000000000000000000000000000000000000000000000000000000000000");
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Curve.java

@@ -0,0 +1,100 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa.math;
+
+import java.io.Serializable;
+
+/**
+ * A twisted Edwards curve.
+ * Points on the curve satisfy $-x^2 + y^2 = 1 + d x^2y^2$
+ * @author str4d
+ *
+ */
+public class Curve implements Serializable {
+    private static final long serialVersionUID = 4578920872509827L;
+    private final Field f;
+    private final FieldElement d;
+    private final FieldElement d2;
+    private final FieldElement I;
+
+    private final GroupElement zeroP2;
+    private final GroupElement zeroP3;
+    private final GroupElement zeroPrecomp;
+
+    public Curve(Field f, byte[] d, FieldElement I) {
+        this.f = f;
+        this.d = f.fromByteArray(d);
+        this.d2 = this.d.add(this.d);
+        this.I = I;
+
+        FieldElement zero = f.ZERO;
+        FieldElement one = f.ONE;
+        zeroP2 = GroupElement.p2(this, zero, one, one);
+        zeroP3 = GroupElement.p3(this, zero, one, one, zero);
+        zeroPrecomp = GroupElement.precomp(this, one, one, zero);
+    }
+
+    public Field getField() {
+        return f;
+    }
+
+    public FieldElement getD() {
+        return d;
+    }
+
+    public FieldElement get2D() {
+        return d2;
+    }
+
+    public FieldElement getI() {
+        return I;
+    }
+
+    public GroupElement getZero(GroupElement.Representation repr) {
+        switch (repr) {
+        case P2:
+            return zeroP2;
+        case P3:
+            return zeroP3;
+        case PRECOMP:
+            return zeroPrecomp;
+        default:
+            return null;
+        }
+    }
+
+    public GroupElement createPoint(byte[] P, boolean precompute) {
+        GroupElement ge = new GroupElement(this, P);
+        if (precompute)
+            ge.precompute(true);
+        return ge;
+    }
+
+    @Override
+    public int hashCode() {
+        return f.hashCode() ^
+               d.hashCode() ^
+               I.hashCode();
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (o == this)
+            return true;
+        if (!(o instanceof Curve))
+            return false;
+        Curve c = (Curve) o;
+        return f.equals(c.getField()) &&
+               d.equals(c.getD()) &&
+               I.equals(c.getI());
+    }
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Encoding.java

@@ -0,0 +1,54 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa.math;
+
+/**
+ * Common interface for all $(b-1)$-bit encodings of elements
+ * of EdDSA finite fields.
+ * @author str4d
+ *
+ */
+public abstract class Encoding {
+    protected Field f;
+
+    public synchronized void setField(Field f) {
+        if (this.f != null)
+            throw new IllegalStateException("already set");
+        this.f = f;
+    }
+
+    /**
+     * Encode a FieldElement in its $(b-1)$-bit encoding.
+     * @param x the FieldElement to encode
+     * @return the $(b-1)$-bit encoding of this FieldElement.
+     */
+    public abstract byte[] encode(FieldElement x);
+
+    /**
+     * Decode a FieldElement from its $(b-1)$-bit encoding.
+     * The highest bit is masked out.
+     * @param in the $(b-1)$-bit encoding of a FieldElement.
+     * @return the FieldElement represented by 'val'.
+     */
+    public abstract FieldElement decode(byte[] in);
+
+    /**
+     * From the Ed25519 paper:<br>
+     * $x$ is negative if the $(b-1)$-bit encoding of $x$ is lexicographically larger
+     * than the $(b-1)$-bit encoding of -x. If $q$ is an odd prime and the encoding
+     * is the little-endian representation of $\{0, 1,\dots, q-1\}$ then the negative
+     * elements of $F_q$ are $\{1, 3, 5,\dots, q-2\}$.
+     * @param x the FieldElement to check
+     * @return true if negative
+     */
+    public abstract boolean isNegative(FieldElement x);
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Field.java

@@ -0,0 +1,99 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa.math;
+
+import java.io.Serializable;
+
+/**
+ * An EdDSA finite field. Includes several pre-computed values.
+ * @author str4d
+ *
+ */
+public class Field implements Serializable {
+    private static final long serialVersionUID = 8746587465875676L;
+
+    public final FieldElement ZERO;
+    public final FieldElement ONE;
+    public final FieldElement TWO;
+    public final FieldElement FOUR;
+    public final FieldElement FIVE;
+    public final FieldElement EIGHT;
+
+    private final int b;
+    private final FieldElement q;
+    /**
+     * q-2
+     */
+    private final FieldElement qm2;
+    /**
+     * (q-5) / 8
+     */
+    private final FieldElement qm5d8;
+    private final Encoding enc;
+
+    public Field(int b, byte[] q, Encoding enc) {
+        this.b = b;
+        this.enc = enc;
+        this.enc.setField(this);
+
+        this.q = fromByteArray(q);
+
+        // Set up constants
+        ZERO = fromByteArray(Constants.ZERO);
+        ONE = fromByteArray(Constants.ONE);
+        TWO = fromByteArray(Constants.TWO);
+        FOUR = fromByteArray(Constants.FOUR);
+        FIVE = fromByteArray(Constants.FIVE);
+        EIGHT = fromByteArray(Constants.EIGHT);
+
+        // Precompute values
+        qm2 = this.q.subtract(TWO);
+        qm5d8 = this.q.subtract(FIVE).divide(EIGHT);
+    }
+
+    public FieldElement fromByteArray(byte[] x) {
+        return enc.decode(x);
+    }
+
+    public int getb() {
+        return b;
+    }
+
+    public FieldElement getQ() {
+        return q;
+    }
+
+    public FieldElement getQm2() {
+        return qm2;
+    }
+
+    public FieldElement getQm5d8() {
+        return qm5d8;
+    }
+
+    public Encoding getEncoding(){
+        return enc;
+    }
+
+    @Override
+    public int hashCode() {
+        return q.hashCode();
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (!(obj instanceof Field))
+            return false;
+        Field f = (Field) obj;
+        return b == f.b && q.equals(f.q);
+    }
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/FieldElement.java

@@ -0,0 +1,76 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa.math;
+
+import java.io.Serializable;
+
+/**
+ * Note: concrete subclasses must implement hashCode() and equals()
+ */
+public abstract class FieldElement implements Serializable {
+    private static final long serialVersionUID = 1239527465875676L;
+
+    protected final Field f;
+
+    public FieldElement(Field f) {
+        if (null == f) {
+            throw new IllegalArgumentException("field cannot be null");
+        }
+        this.f = f;
+    }
+
+    /**
+     * Encode a FieldElement in its $(b-1)$-bit encoding.
+     * @return the $(b-1)$-bit encoding of this FieldElement.
+     */
+    public byte[] toByteArray() {
+        return f.getEncoding().encode(this);
+    }
+
+    public abstract boolean isNonZero();
+
+    public boolean isNegative() {
+        return f.getEncoding().isNegative(this);
+    }
+
+    public abstract FieldElement add(FieldElement val);
+
+    public FieldElement addOne() {
+        return add(f.ONE);
+    }
+
+    public abstract FieldElement subtract(FieldElement val);
+
+    public FieldElement subtractOne() {
+        return subtract(f.ONE);
+    }
+
+    public abstract FieldElement negate();
+
+    public FieldElement divide(FieldElement val) {
+        return multiply(val.invert());
+    }
+
+    public abstract FieldElement multiply(FieldElement val);
+
+    public abstract FieldElement square();
+
+    public abstract FieldElement squareAndDouble();
+
+    public abstract FieldElement invert();
+
+    public abstract FieldElement pow22523();
+
+    public abstract FieldElement cmov(FieldElement val, final int b);
+
+    // Note: concrete subclasses must implement hashCode() and equals()
+}