ed25519 1.0.0-jruby → 1.1.0-jruby

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSASecurityProvider.java

@@ -0,0 +1,59 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * A security {@link Provider} that can be registered via {@link Security#addProvider(Provider)}
+ *
+ * @author str4d
+ */
+public class EdDSASecurityProvider extends Provider {
+    private static final long serialVersionUID = 1210027906682292307L;
+    public static final String PROVIDER_NAME = "EdDSA";
+
+    public EdDSASecurityProvider() {
+        super(PROVIDER_NAME, 0.2 /* should match POM major.minor version */, "str4d " + PROVIDER_NAME + " security provider wrapper");
+
+        AccessController.doPrivileged(new PrivilegedAction<Object>() {
+            @Override
+            public Object run() {
+                setup();
+                return null;
+            }
+        });
+    }
+
+    protected void setup() {
+        // See https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html
+        put("KeyFactory." + EdDSAKey.KEY_ALGORITHM, "net.i2p.crypto.eddsa.KeyFactory");
+        put("KeyPairGenerator." + EdDSAKey.KEY_ALGORITHM, "net.i2p.crypto.eddsa.KeyPairGenerator");
+        put("Signature." + EdDSAEngine.SIGNATURE_ALGORITHM, "net.i2p.crypto.eddsa.EdDSAEngine");
+
+        // OID Mappings
+        // See section "Mapping from OID to name".
+        // The Key* -> OID mappings correspond to the default algorithm in KeyPairGenerator.
+        //
+        // From draft-ieft-curdle-pkix-04:
+        //   id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }
+        put("Alg.Alias.KeyFactory.1.3.101.112", EdDSAKey.KEY_ALGORITHM);
+        put("Alg.Alias.KeyFactory.OID.1.3.101.112", EdDSAKey.KEY_ALGORITHM);
+        put("Alg.Alias.KeyPairGenerator.1.3.101.112", EdDSAKey.KEY_ALGORITHM);
+        put("Alg.Alias.KeyPairGenerator.OID.1.3.101.112", EdDSAKey.KEY_ALGORITHM);
+        put("Alg.Alias.Signature.1.3.101.112", EdDSAEngine.SIGNATURE_ALGORITHM);
+        put("Alg.Alias.Signature.OID.1.3.101.112", EdDSAEngine.SIGNATURE_ALGORITHM);
+    }
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyFactory.java

@@ -0,0 +1,75 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactorySpi;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+
+/**
+ * @author str4d
+ *
+ */
+public final class KeyFactory extends KeyFactorySpi {
+
+    protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
+            throws InvalidKeySpecException {
+        if (keySpec instanceof EdDSAPrivateKeySpec) {
+            return new EdDSAPrivateKey((EdDSAPrivateKeySpec) keySpec);
+        }
+        if (keySpec instanceof PKCS8EncodedKeySpec) {
+            return new EdDSAPrivateKey((PKCS8EncodedKeySpec) keySpec);
+        }
+        throw new InvalidKeySpecException("key spec not recognised: " + keySpec.getClass());
+    }
+
+    protected PublicKey engineGeneratePublic(KeySpec keySpec)
+            throws InvalidKeySpecException {
+        if (keySpec instanceof EdDSAPublicKeySpec) {
+            return new EdDSAPublicKey((EdDSAPublicKeySpec) keySpec);
+        }
+        if (keySpec instanceof X509EncodedKeySpec) {
+            return new EdDSAPublicKey((X509EncodedKeySpec) keySpec);
+        }
+        throw new InvalidKeySpecException("key spec not recognised: " + keySpec.getClass());
+    }
+
+    @SuppressWarnings("unchecked")
+    protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
+            throws InvalidKeySpecException {
+        if (keySpec.isAssignableFrom(EdDSAPublicKeySpec.class) && key instanceof EdDSAPublicKey) {
+            EdDSAPublicKey k = (EdDSAPublicKey) key;
+            if (k.getParams() != null) {
+                return (T) new EdDSAPublicKeySpec(k.getA(), k.getParams());
+            }
+        } else if (keySpec.isAssignableFrom(EdDSAPrivateKeySpec.class) && key instanceof EdDSAPrivateKey) {
+            EdDSAPrivateKey k = (EdDSAPrivateKey) key;
+            if (k.getParams() != null) {
+                return (T) new EdDSAPrivateKeySpec(k.getSeed(), k.getH(), k.geta(), k.getA(), k.getParams());
+            }
+        }
+        throw new InvalidKeySpecException("not implemented yet " + key + " " + keySpec);
+    }
+
+    protected Key engineTranslateKey(Key key) throws InvalidKeyException {
+        throw new InvalidKeyException("No other EdDSA key providers known");
+    }
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyPairGenerator.java

@@ -0,0 +1,97 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGeneratorSpi;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Hashtable;
+
+import net.i2p.crypto.eddsa.spec.EdDSAGenParameterSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAParameterSpec;
+import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+
+/**
+ *  Default keysize is 256 (Ed25519)
+ */
+public final class KeyPairGenerator extends KeyPairGeneratorSpi {
+    private static final int DEFAULT_KEYSIZE = 256;
+    private EdDSAParameterSpec edParams;
+    private SecureRandom random;
+    private boolean initialized;
+
+    private static final Hashtable<Integer, AlgorithmParameterSpec> edParameters;
+
+    static {
+        edParameters = new Hashtable<Integer, AlgorithmParameterSpec>();
+
+        edParameters.put(Integer.valueOf(256), new EdDSAGenParameterSpec(EdDSANamedCurveTable.ED_25519));
+    }
+
+    public void initialize(int keysize, SecureRandom random) {
+        AlgorithmParameterSpec edParams = edParameters.get(Integer.valueOf(keysize));
+        if (edParams == null)
+            throw new InvalidParameterException("unknown key type.");
+        try {
+            initialize(edParams, random);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new InvalidParameterException("key type not configurable.");
+        }
+    }
+
+    @Override
+    public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException {
+        if (params instanceof EdDSAParameterSpec) {
+            edParams = (EdDSAParameterSpec) params;
+        } else if (params instanceof EdDSAGenParameterSpec) {
+            edParams = createNamedCurveSpec(((EdDSAGenParameterSpec) params).getName());
+        } else
+            throw new InvalidAlgorithmParameterException("parameter object not a EdDSAParameterSpec");
+
+        this.random = random;
+        initialized = true;
+    }
+
+    public KeyPair generateKeyPair() {
+        if (!initialized)
+            initialize(DEFAULT_KEYSIZE, new SecureRandom());
+
+        byte[] seed = new byte[edParams.getCurve().getField().getb()/8];
+        random.nextBytes(seed);
+
+        EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(seed, edParams);
+        EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(privKey.getA(), edParams);
+
+        return new KeyPair(new EdDSAPublicKey(pubKey), new EdDSAPrivateKey(privKey));
+    }
+
+    /**
+     * Create an EdDSANamedCurveSpec from the provided curve name. The current
+     * implementation fetches the pre-created curve spec from a table.
+     * @param curveName the EdDSA named curve.
+     * @return the specification for the named curve.
+     * @throws InvalidAlgorithmParameterException if the named curve is unknown.
+     */
+    protected EdDSANamedCurveSpec createNamedCurveSpec(String curveName) throws InvalidAlgorithmParameterException {
+        EdDSANamedCurveSpec spec = EdDSANamedCurveTable.getByName(curveName);
+        if (spec == null) {
+            throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+        }
+        return spec;
+    }
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/Utils.java

@@ -0,0 +1,103 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa;
+
+/**
+ * Basic utilities for EdDSA.
+ * Not for external use, not maintained as a public API.
+ *
+ * @author str4d
+ *
+ */
+public class Utils {
+    /**
+     * Constant-time byte comparison.
+     * @param b a byte
+     * @param c a byte
+     * @return 1 if b and c are equal, 0 otherwise.
+     */
+    public static int equal(int b, int c) {
+        int result = 0;
+        int xor = b ^ c;
+        for (int i = 0; i < 8; i++) {
+            result |= xor >> i;
+        }
+        return (result ^ 0x01) & 0x01;
+    }
+
+    /**
+     * Constant-time byte[] comparison.
+     * @param b a byte[]
+     * @param c a byte[]
+     * @return 1 if b and c are equal, 0 otherwise.
+     */
+    public static int equal(byte[] b, byte[] c) {
+        int result = 0;
+        for (int i = 0; i < 32; i++) {
+            result |= b[i] ^ c[i];
+        }
+
+        return equal(result, 0);
+    }
+
+    /**
+     * Constant-time determine if byte is negative.
+     * @param b the byte to check.
+     * @return 1 if the byte is negative, 0 otherwise.
+     */
+    public static int negative(int b) {
+        return (b >> 8) & 1;
+    }
+
+    /**
+     * Get the i'th bit of a byte array.
+     * @param h the byte array.
+     * @param i the bit index.
+     * @return 0 or 1, the value of the i'th bit in h
+     */
+    public static int bit(byte[] h, int i) {
+        return (h[i >> 3] >> (i & 7)) & 1;
+    }
+
+    /**
+     * Converts a hex string to bytes.
+     * @param s the hex string to be converted.
+     * @return the byte[]
+     */
+    public static byte[] hexToBytes(String s) {
+        int len = s.length();
+        byte[] data = new byte[len / 2];
+        for (int i = 0; i < len; i += 2) {
+            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+                    + Character.digit(s.charAt(i+1), 16));
+        }
+        return data;
+    }
+
+    /**
+     * Converts bytes to a hex string.
+     * @param raw the byte[] to be converted.
+     * @return the hex representation as a string.
+     */
+    public static String bytesToHex(byte[] raw) {
+        if ( raw == null ) {
+            return null;
+        }
+        final StringBuilder hex = new StringBuilder(2 * raw.length);
+        for (final byte b : raw) {
+            hex.append(Character.forDigit((b & 0xF0) >> 4, 16))
+            .append(Character.forDigit((b & 0x0F), 16));
+        }
+        return hex.toString();
+    }
+
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Constants.java

@@ -0,0 +1,23 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa.math;
+
+import net.i2p.crypto.eddsa.Utils;
+
+final class Constants {
+    public static final byte[] ZERO = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] ONE = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] TWO = Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] FOUR = Utils.hexToBytes("0400000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] FIVE = Utils.hexToBytes("0500000000000000000000000000000000000000000000000000000000000000");
+    public static final byte[] EIGHT = Utils.hexToBytes("0800000000000000000000000000000000000000000000000000000000000000");
+}

data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Curve.java

@@ -0,0 +1,100 @@
+/**
+ * EdDSA-Java by str4d
+ *
+ * To the extent possible under law, the person who associated CC0 with
+ * EdDSA-Java has waived all copyright and related or neighboring rights
+ * to EdDSA-Java.
+ *
+ * You should have received a copy of the CC0 legalcode along with this
+ * work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ */
+package net.i2p.crypto.eddsa.math;
+
+import java.io.Serializable;
+
+/**
+ * A twisted Edwards curve.
+ * Points on the curve satisfy $-x^2 + y^2 = 1 + d x^2y^2$
+ * @author str4d
+ *
+ */
+public class Curve implements Serializable {
+    private static final long serialVersionUID = 4578920872509827L;
+    private final Field f;
+    private final FieldElement d;
+    private final FieldElement d2;
+    private final FieldElement I;
+
+    private final GroupElement zeroP2;
+    private final GroupElement zeroP3;
+    private final GroupElement zeroPrecomp;
+
+    public Curve(Field f, byte[] d, FieldElement I) {
+        this.f = f;
+        this.d = f.fromByteArray(d);
+        this.d2 = this.d.add(this.d);
+        this.I = I;
+
+        FieldElement zero = f.ZERO;
+        FieldElement one = f.ONE;
+        zeroP2 = GroupElement.p2(this, zero, one, one);
+        zeroP3 = GroupElement.p3(this, zero, one, one, zero);
+        zeroPrecomp = GroupElement.precomp(this, one, one, zero);
+    }
+
+    public Field getField() {
+        return f;
+    }
+
+    public FieldElement getD() {
+        return d;
+    }
+
+    public FieldElement get2D() {
+        return d2;
+    }
+
+    public FieldElement getI() {
+        return I;
+    }
+
+    public GroupElement getZero(GroupElement.Representation repr) {
+        switch (repr) {
+        case P2:
+            return zeroP2;
+        case P3:
+            return zeroP3;
+        case PRECOMP:
+            return zeroPrecomp;
+        default:
+            return null;
+        }
+    }
+
+    public GroupElement createPoint(byte[] P, boolean precompute) {
+        GroupElement ge = new GroupElement(this, P);
+        if (precompute)
+            ge.precompute(true);
+        return ge;
+    }
+
+    @Override
+    public int hashCode() {
+        return f.hashCode() ^
+               d.hashCode() ^
+               I.hashCode();
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (o == this)
+            return true;
+        if (!(o instanceof Curve))
+            return false;
+        Curve c = (Curve) o;
+        return f.equals(c.getField()) &&
+               d.equals(c.getD()) &&
+               I.equals(c.getI());
+    }
+}