Changeset 17270b15


Ignore:
Timestamp:
Feb 20, 2019 3:00:54 PM (18 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
7fbe1ce
Parents:
e34b646
Message:

Crypto: RedDSAEngine and generateAlpha() for Encrypted LS2

Location:
core/java/src/net/i2p/crypto
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/Blinding.java

    re34b646 r17270b15  
    22
    33import java.security.GeneralSecurityException;
     4import java.text.SimpleDateFormat;
     5import java.util.Locale;
     6import java.util.TimeZone;
    47
     8import net.i2p.I2PAppContext;
    59import net.i2p.crypto.eddsa.EdDSABlinding;
    610import net.i2p.crypto.eddsa.EdDSAPrivateKey;
    711import net.i2p.crypto.eddsa.EdDSAPublicKey;
     12import net.i2p.data.DataHelper;
     13import net.i2p.data.Destination;
    814import net.i2p.data.Hash;
    915import net.i2p.data.SigningPrivateKey;
     
    2127    private static final SigType TYPE = SigType.EdDSA_SHA512_Ed25519;
    2228    private static final SigType TYPER = SigType.RedDSA_SHA512_Ed25519;
     29    private static final String INFO = "i2pblinding1";
     30
     31    // following copied from RouterKeyGenerator
     32    private static final String FORMAT = "yyyyMMdd";
     33    private static final int LENGTH = FORMAT.length();
     34    private static final SimpleDateFormat _fmt = new SimpleDateFormat(FORMAT, Locale.US);
     35    static {
     36        _fmt.setTimeZone(TimeZone.getTimeZone("GMT"));
     37    }
    2338
    2439    private Blinding() {}
     
    90105    }
    91106
     107    /**
     108     *  Only for SigType EdDSA_SHA512_Ed25519.
     109     *
     110     *  @param dest spk must be SigType EdDSA_SHA512_Ed25519
     111     *  @param secret may be null or zero-length
     112     *  @return SigType RedDSA_SHA512_Ed25519
     113     *  @throws UnsupportedOperationException unless supported SigTypes
     114     *  @throws IllegalArgumentException on bad inputs
     115     *  @since 0.9.39
     116     */
     117    public static SigningPrivateKey generateAlpha(I2PAppContext ctx, Destination dest, String secret) {
     118        long now = ctx.clock().now();
     119        String modVal;
     120        synchronized(_fmt) {
     121            modVal = _fmt.format(now);
     122        }
     123        if (modVal.length() != LENGTH)
     124            throw new IllegalStateException();
     125        byte[] mod = DataHelper.getASCII(modVal);
     126        byte[] data;
     127        if (secret != null && secret.length() > 0) {
     128            data = new byte[LENGTH + secret.length()];
     129            System.arraycopy(mod, 0, data, 0, LENGTH);
     130            System.arraycopy(DataHelper.getASCII(secret), 0, data, LENGTH, secret.length());
     131        } else {
     132            data = mod;
     133        }
     134        HKDF hkdf = new HKDF(ctx);
     135        byte[] out = new byte[64];
     136        hkdf.calculate(dest.getHash().getData(), data, INFO, out, out, 32);
     137        byte[] b = EdDSABlinding.reduce(out);
     138        return new SigningPrivateKey(TYPER, b);
     139    }
     140
    92141/******
    93142    public static void main(String args[]) throws Exception {
  • core/java/src/net/i2p/crypto/DSAEngine.java

    re34b646 r17270b15  
    4545import net.i2p.crypto.eddsa.EdDSAEngine;
    4646import net.i2p.crypto.eddsa.EdDSAKey;
     47import net.i2p.crypto.eddsa.RedDSAEngine;
    4748import net.i2p.data.Hash;
    4849import net.i2p.data.Signature;
     
    521522        if (type.getBaseAlgorithm() == SigAlgo.EdDSA) {
    522523            // take advantage of one-shot mode
    523             EdDSAEngine jsig = new EdDSAEngine(type.getDigestInstance());
     524            MessageDigest md = type.getDigestInstance();
     525            EdDSAEngine jsig = (type == SigType.RedDSA_SHA512_Ed25519) ? new RedDSAEngine(md) : new EdDSAEngine(md);
    524526            jsig.initVerify(pubKey);
    525527            rv = jsig.verifyOneShot(data, offset, len, sigbytes);
     
    574576            // take advantage of one-shot mode
    575577            // Ignore algo, EdDSAKey includes a hash specification.
    576             EdDSAEngine jsig = new EdDSAEngine();
     578            EdDSAEngine jsig = (type == SigType.RedDSA_SHA512_Ed25519) ? new RedDSAEngine() : new EdDSAEngine();
    577579            jsig.initVerify(pubKey);
    578580            rv = jsig.verifyOneShot(hash.getData(), sigbytes);
     
    622624        if (type.getBaseAlgorithm() == SigAlgo.EdDSA) {
    623625            // take advantage of one-shot mode
    624             EdDSAEngine jsig = new EdDSAEngine(type.getDigestInstance());
     626            MessageDigest md = type.getDigestInstance();
     627            EdDSAEngine jsig = (type == SigType.RedDSA_SHA512_Ed25519) ? new RedDSAEngine(md) : new EdDSAEngine(md);
    625628            jsig.initSign(privKey);
    626629            sigbytes = jsig.signOneShot(data, offset, len);
     
    670673            // take advantage of one-shot mode
    671674            // Ignore algo, EdDSAKey includes a hash specification.
    672             EdDSAEngine jsig = new EdDSAEngine();
     675            EdDSAEngine jsig = (type == SigType.RedDSA_SHA512_Ed25519) ? new RedDSAEngine() : new EdDSAEngine();
    673676            jsig.initSign(privKey);
    674677            sigbytes = jsig.signOneShot(hash.getData());
  • core/java/src/net/i2p/crypto/eddsa/EdDSAEngine.java

    re34b646 r17270b15  
    5656 *
    5757 */
    58 public final class EdDSAEngine extends Signature {
     58public class EdDSAEngine extends Signature {
    5959    public static final String SIGNATURE_ALGORITHM = "NONEwithEdDSA";
    6060
    61     private MessageDigest digest;
     61    protected MessageDigest digest;
    6262    private ByteArrayOutputStream baos;
    6363    private EdDSAKey key;
     
    130130    }
    131131
    132     private void digestInitSign(EdDSAPrivateKey privKey) {
     132    protected void digestInitSign(EdDSAPrivateKey privKey) {
    133133        // Preparing for hash
    134134        // r = H(h_b,...,h_2b-1,M)
Note: See TracChangeset for help on using the changeset viewer.