diff --git a/core/src/main/java/ch/dissem/bitmessage/ports/AbstractCryptography.java b/core/src/main/java/ch/dissem/bitmessage/ports/AbstractCryptography.java index b02b12d..7668391 100644 --- a/core/src/main/java/ch/dissem/bitmessage/ports/AbstractCryptography.java +++ b/core/src/main/java/ch/dissem/bitmessage/ports/AbstractCryptography.java @@ -33,6 +33,7 @@ import java.io.IOException; import java.math.BigInteger; import java.security.GeneralSecurityException; import java.security.MessageDigest; +import java.security.Provider; import java.security.SecureRandom; import static ch.dissem.bitmessage.InternalContext.NETWORK_EXTRA_BYTES; @@ -49,10 +50,10 @@ public abstract class AbstractCryptography implements Cryptography, InternalCont private static final BigInteger TWO_POW_64 = TWO.pow(64); private static final BigInteger TWO_POW_16 = TWO.pow(16); - private final String provider; + protected final Provider provider; private InternalContext context; - protected AbstractCryptography(String provider) { + protected AbstractCryptography(Provider provider) { this.provider = provider; } @@ -137,7 +138,6 @@ public abstract class AbstractCryptography implements Cryptography, InternalCont if (extraBytes == 0) extraBytes = NETWORK_EXTRA_BYTES; BigInteger TTL = BigInteger.valueOf(object.getExpiresTime() - UnixTime.now()); - BigInteger numerator = TWO_POW_64; BigInteger powLength = BigInteger.valueOf(object.getPayloadBytesWithoutNonce().length + extraBytes); BigInteger denominator = BigInteger.valueOf(nonceTrialsPerByte) .multiply( @@ -145,7 +145,7 @@ public abstract class AbstractCryptography implements Cryptography, InternalCont powLength.multiply(TTL).divide(TWO_POW_16) ) ); - return Bytes.expand(numerator.divide(denominator).toByteArray(), 8); + return Bytes.expand(TWO_POW_64.divide(denominator).toByteArray(), 8); } private byte[] hash(String algorithm, byte[]... data) { diff --git a/cryptography-bc/src/main/java/ch/dissem/bitmessage/cryptography/bc/BouncyCryptography.java b/cryptography-bc/src/main/java/ch/dissem/bitmessage/cryptography/bc/BouncyCryptography.java index 377135c..632c30a 100644 --- a/cryptography-bc/src/main/java/ch/dissem/bitmessage/cryptography/bc/BouncyCryptography.java +++ b/cryptography-bc/src/main/java/ch/dissem/bitmessage/cryptography/bc/BouncyCryptography.java @@ -52,21 +52,16 @@ import java.util.Arrays; public class BouncyCryptography extends AbstractCryptography { private static final X9ECParameters EC_CURVE_PARAMETERS = CustomNamedCurves.getByName("secp256k1"); private static final String ALGORITHM_ECDSA = "ECDSA"; - private static final String PROVIDER = "BC"; - - static { - java.security.Security.addProvider(new BouncyCastleProvider()); - } public BouncyCryptography() { - super(PROVIDER); + super(new BouncyCastleProvider()); } @Override public byte[] crypt(boolean encrypt, byte[] data, byte[] key_e, byte[] initializationVector) { BufferedBlockCipher cipher = new PaddedBufferedBlockCipher( - new CBCBlockCipher(new AESEngine()), - new PKCS7Padding() + new CBCBlockCipher(new AESEngine()), + new PKCS7Padding() ); CipherParameters params = new ParametersWithIV(new KeyParameter(key_e), initializationVector); @@ -100,18 +95,18 @@ public class BouncyCryptography extends AbstractCryptography { public boolean isSignatureValid(byte[] data, byte[] signature, Pubkey pubkey) { try { ECParameterSpec spec = new ECParameterSpec( - EC_CURVE_PARAMETERS.getCurve(), - EC_CURVE_PARAMETERS.getG(), - EC_CURVE_PARAMETERS.getN(), - EC_CURVE_PARAMETERS.getH(), - EC_CURVE_PARAMETERS.getSeed() + EC_CURVE_PARAMETERS.getCurve(), + EC_CURVE_PARAMETERS.getG(), + EC_CURVE_PARAMETERS.getN(), + EC_CURVE_PARAMETERS.getH(), + EC_CURVE_PARAMETERS.getSeed() ); ECPoint Q = keyToPoint(pubkey.getSigningKey()); KeySpec keySpec = new ECPublicKeySpec(Q, spec); - PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, PROVIDER).generatePublic(keySpec); + PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider).generatePublic(keySpec); - Signature sig = Signature.getInstance(ALGORITHM_ECDSA, PROVIDER); + Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider); sig.initVerify(publicKey); sig.update(data); return sig.verify(signature); @@ -124,19 +119,19 @@ public class BouncyCryptography extends AbstractCryptography { public byte[] getSignature(byte[] data, PrivateKey privateKey) { try { ECParameterSpec spec = new ECParameterSpec( - EC_CURVE_PARAMETERS.getCurve(), - EC_CURVE_PARAMETERS.getG(), - EC_CURVE_PARAMETERS.getN(), - EC_CURVE_PARAMETERS.getH(), - EC_CURVE_PARAMETERS.getSeed() + EC_CURVE_PARAMETERS.getCurve(), + EC_CURVE_PARAMETERS.getG(), + EC_CURVE_PARAMETERS.getN(), + EC_CURVE_PARAMETERS.getH(), + EC_CURVE_PARAMETERS.getSeed() ); BigInteger d = keyToBigInt(privateKey.getPrivateSigningKey()); KeySpec keySpec = new ECPrivateKeySpec(d, spec); - java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, PROVIDER) - .generatePrivate(keySpec); + java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider) + .generatePrivate(keySpec); - Signature sig = Signature.getInstance(ALGORITHM_ECDSA, PROVIDER); + Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider); sig.initSign(privKey); sig.update(data); return sig.sign(); @@ -153,8 +148,8 @@ public class BouncyCryptography extends AbstractCryptography { @Override public byte[] createPoint(byte[] x, byte[] y) { return EC_CURVE_PARAMETERS.getCurve().createPoint( - new BigInteger(1, x), - new BigInteger(1, y) + new BigInteger(1, x), + new BigInteger(1, y) ).getEncoded(false); } } diff --git a/cryptography-sc/build.gradle b/cryptography-sc/build.gradle index a052c2e..cbfae46 100644 --- a/cryptography-sc/build.gradle +++ b/cryptography-sc/build.gradle @@ -14,4 +14,5 @@ dependencies { compile project(':core') compile 'com.madgag.spongycastle:prov:1.52.0.0' testCompile 'junit:junit:4.12' + testCompile 'org.mockito:mockito-core:1.10.19' } diff --git a/cryptography-sc/src/main/java/ch/dissem/bitmessage/cryptography/sc/SpongyCryptography.java b/cryptography-sc/src/main/java/ch/dissem/bitmessage/cryptography/sc/SpongyCryptography.java index b90e1c8..b9234cd 100644 --- a/cryptography-sc/src/main/java/ch/dissem/bitmessage/cryptography/sc/SpongyCryptography.java +++ b/cryptography-sc/src/main/java/ch/dissem/bitmessage/cryptography/sc/SpongyCryptography.java @@ -52,21 +52,16 @@ import java.util.Arrays; public class SpongyCryptography extends AbstractCryptography { private static final X9ECParameters EC_CURVE_PARAMETERS = CustomNamedCurves.getByName("secp256k1"); private static final String ALGORITHM_ECDSA = "ECDSA"; - private static final String PROVIDER = "SC"; - - static { - java.security.Security.addProvider(new BouncyCastleProvider()); - } public SpongyCryptography() { - super(PROVIDER); + super(new BouncyCastleProvider()); } @Override public byte[] crypt(boolean encrypt, byte[] data, byte[] key_e, byte[] initializationVector) { BufferedBlockCipher cipher = new PaddedBufferedBlockCipher( - new CBCBlockCipher(new AESEngine()), - new PKCS7Padding() + new CBCBlockCipher(new AESEngine()), + new PKCS7Padding() ); CipherParameters params = new ParametersWithIV(new KeyParameter(key_e), initializationVector); @@ -100,18 +95,18 @@ public class SpongyCryptography extends AbstractCryptography { public boolean isSignatureValid(byte[] data, byte[] signature, Pubkey pubkey) { try { ECParameterSpec spec = new ECParameterSpec( - EC_CURVE_PARAMETERS.getCurve(), - EC_CURVE_PARAMETERS.getG(), - EC_CURVE_PARAMETERS.getN(), - EC_CURVE_PARAMETERS.getH(), - EC_CURVE_PARAMETERS.getSeed() + EC_CURVE_PARAMETERS.getCurve(), + EC_CURVE_PARAMETERS.getG(), + EC_CURVE_PARAMETERS.getN(), + EC_CURVE_PARAMETERS.getH(), + EC_CURVE_PARAMETERS.getSeed() ); ECPoint Q = keyToPoint(pubkey.getSigningKey()); KeySpec keySpec = new ECPublicKeySpec(Q, spec); - PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, PROVIDER).generatePublic(keySpec); + PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider).generatePublic(keySpec); - Signature sig = Signature.getInstance(ALGORITHM_ECDSA, PROVIDER); + Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider); sig.initVerify(publicKey); sig.update(data); return sig.verify(signature); @@ -124,19 +119,19 @@ public class SpongyCryptography extends AbstractCryptography { public byte[] getSignature(byte[] data, PrivateKey privateKey) { try { ECParameterSpec spec = new ECParameterSpec( - EC_CURVE_PARAMETERS.getCurve(), - EC_CURVE_PARAMETERS.getG(), - EC_CURVE_PARAMETERS.getN(), - EC_CURVE_PARAMETERS.getH(), - EC_CURVE_PARAMETERS.getSeed() + EC_CURVE_PARAMETERS.getCurve(), + EC_CURVE_PARAMETERS.getG(), + EC_CURVE_PARAMETERS.getN(), + EC_CURVE_PARAMETERS.getH(), + EC_CURVE_PARAMETERS.getSeed() ); BigInteger d = keyToBigInt(privateKey.getPrivateSigningKey()); KeySpec keySpec = new ECPrivateKeySpec(d, spec); - java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, PROVIDER) - .generatePrivate(keySpec); + java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider) + .generatePrivate(keySpec); - Signature sig = Signature.getInstance(ALGORITHM_ECDSA, PROVIDER); + Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider); sig.initSign(privKey); sig.update(data); return sig.sign(); @@ -153,8 +148,8 @@ public class SpongyCryptography extends AbstractCryptography { @Override public byte[] createPoint(byte[] x, byte[] y) { return EC_CURVE_PARAMETERS.getCurve().createPoint( - new BigInteger(1, x), - new BigInteger(1, y) + new BigInteger(1, x), + new BigInteger(1, y) ).getEncoded(false); } } diff --git a/cryptography-sc/src/test/java/ch/dissem/bitmessage/security/CryptographyTest.java b/cryptography-sc/src/test/java/ch/dissem/bitmessage/security/CryptographyTest.java new file mode 100644 index 0000000..dc3cdea --- /dev/null +++ b/cryptography-sc/src/test/java/ch/dissem/bitmessage/security/CryptographyTest.java @@ -0,0 +1,157 @@ +package ch.dissem.bitmessage.security; + +import ch.dissem.bitmessage.InternalContext; +import ch.dissem.bitmessage.cryptography.sc.SpongyCryptography; +import ch.dissem.bitmessage.entity.ObjectMessage; +import ch.dissem.bitmessage.entity.payload.GenericPayload; +import ch.dissem.bitmessage.entity.valueobject.PrivateKey; +import ch.dissem.bitmessage.exception.InsufficientProofOfWorkException; +import ch.dissem.bitmessage.ports.MultiThreadedPOWEngine; +import ch.dissem.bitmessage.ports.ProofOfWorkEngine; +import ch.dissem.bitmessage.utils.CallbackWaiter; +import ch.dissem.bitmessage.utils.Singleton; +import ch.dissem.bitmessage.utils.UnixTime; +import org.junit.BeforeClass; +import org.junit.Test; + +import javax.xml.bind.DatatypeConverter; +import java.io.ByteArrayInputStream; +import java.io.IOException; + +import static ch.dissem.bitmessage.utils.UnixTime.DAY; +import static ch.dissem.bitmessage.utils.UnixTime.MINUTE; +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.*; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +/** + * @author Christian Basler + */ +public class CryptographyTest { + public static final byte[] TEST_VALUE = "teststring".getBytes(); + public static final byte[] TEST_SHA1 = DatatypeConverter.parseHexBinary("" + + "b8473b86d4c2072ca9b08bd28e373e8253e865c4"); + public static final byte[] TEST_SHA512 = DatatypeConverter.parseHexBinary("" + + "6253b39071e5df8b5098f59202d414c37a17d6a38a875ef5f8c7d89b0212b028" + + "692d3d2090ce03ae1de66c862fa8a561e57ed9eb7935ce627344f742c0931d72"); + public static final byte[] TEST_RIPEMD160 = DatatypeConverter.parseHexBinary("" + + "cd566972b5e50104011a92b59fa8e0b1234851ae"); + + private static SpongyCryptography crypto; + + @BeforeClass + public static void setUp() { + crypto = new SpongyCryptography(); + Singleton.initialize(crypto); + InternalContext ctx = mock(InternalContext.class); + when(ctx.getProofOfWorkEngine()).thenReturn(new MultiThreadedPOWEngine()); + crypto.setContext(ctx); + } + + @Test + public void testRipemd160() { + assertArrayEquals(TEST_RIPEMD160, crypto.ripemd160(TEST_VALUE)); + } + + @Test + public void testSha1() { + assertArrayEquals(TEST_SHA1, crypto.sha1(TEST_VALUE)); + } + + @Test + public void testSha512() { + assertArrayEquals(TEST_SHA512, crypto.sha512(TEST_VALUE)); + } + + @Test + public void testChaining() { + assertArrayEquals(TEST_SHA512, crypto.sha512("test".getBytes(), "string".getBytes())); + } + + @Test + public void ensureDoubleHashYieldsSameResultAsHashOfHash() { + assertArrayEquals(crypto.sha512(TEST_SHA512), crypto.doubleSha512(TEST_VALUE)); + } + + @Test(expected = IOException.class) + public void ensureExceptionForInsufficientProofOfWork() throws IOException { + ObjectMessage objectMessage = new ObjectMessage.Builder() + .nonce(new byte[8]) + .expiresTime(UnixTime.now(+28 * DAY)) + .objectType(0) + .payload(GenericPayload.read(0, 1, new ByteArrayInputStream(new byte[0]), 0)) + .build(); + crypto.checkProofOfWork(objectMessage, 1000, 1000); + } + + @Test + public void testDoProofOfWork() throws Exception { + ObjectMessage objectMessage = new ObjectMessage.Builder() + .nonce(new byte[8]) + .expiresTime(UnixTime.now(+2 * MINUTE)) + .objectType(0) + .payload(GenericPayload.read(0, 1, new ByteArrayInputStream(new byte[0]), 0)) + .build(); + final CallbackWaiter waiter = new CallbackWaiter<>(); + crypto.doProofOfWork(objectMessage, 1000, 1000, + new ProofOfWorkEngine.Callback() { + @Override + public void onNonceCalculated(byte[] initialHash, byte[] nonce) { + waiter.setValue(nonce); + } + }); + objectMessage.setNonce(waiter.waitForValue()); + try { + crypto.checkProofOfWork(objectMessage, 1000, 1000); + } catch (InsufficientProofOfWorkException e) { + fail(e.getMessage()); + } + } + + @Test + public void ensureEncryptionAndDecryptionWorks() { + byte[] data = crypto.randomBytes(100); + byte[] key_e = crypto.randomBytes(32); + byte[] iv = crypto.randomBytes(16); + byte[] encrypted = crypto.crypt(true, data, key_e, iv); + byte[] decrypted = crypto.crypt(false, encrypted, key_e, iv); + assertArrayEquals(data, decrypted); + } + + @Test(expected = IllegalArgumentException.class) + public void ensureDecryptionFailsWithInvalidCypherText() { + byte[] data = crypto.randomBytes(128); + byte[] key_e = crypto.randomBytes(32); + byte[] iv = crypto.randomBytes(16); + crypto.crypt(false, data, key_e, iv); + } + + @Test + public void testMultiplication() { + byte[] a = crypto.randomBytes(PrivateKey.PRIVATE_KEY_SIZE); + byte[] A = crypto.createPublicKey(a); + + byte[] b = crypto.randomBytes(PrivateKey.PRIVATE_KEY_SIZE); + byte[] B = crypto.createPublicKey(b); + + assertArrayEquals(crypto.multiply(A, b), crypto.multiply(B, a)); + } + + @Test + public void ensureSignatureIsValid() { + byte[] data = crypto.randomBytes(100); + PrivateKey privateKey = new PrivateKey(false, 1, 1000, 1000); + byte[] signature = crypto.getSignature(data, privateKey); + assertThat(crypto.isSignatureValid(data, signature, privateKey.getPubkey()), is(true)); + } + + @Test + public void ensureSignatureIsInvalidForTemperedData() { + byte[] data = crypto.randomBytes(100); + PrivateKey privateKey = new PrivateKey(false, 1, 1000, 1000); + byte[] signature = crypto.getSignature(data, privateKey); + data[0]++; + assertThat(crypto.isSignatureValid(data, signature, privateKey.getPubkey()), is(false)); + } +}