Fixed SecurityException for some Android versions.
At the same time removed necessity to register a cryptography provider which means SpongyCryptography can be used on the Oracle JVM as well - but this is something vor Jabit 3.0.
This commit is contained in:
parent
5043e9ed03
commit
ad97cd0633
@ -33,6 +33,7 @@ import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.Provider;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import static ch.dissem.bitmessage.InternalContext.NETWORK_EXTRA_BYTES;
|
||||
@ -49,10 +50,10 @@ public abstract class AbstractCryptography implements Cryptography, InternalCont
|
||||
private static final BigInteger TWO_POW_64 = TWO.pow(64);
|
||||
private static final BigInteger TWO_POW_16 = TWO.pow(16);
|
||||
|
||||
private final String provider;
|
||||
protected final Provider provider;
|
||||
private InternalContext context;
|
||||
|
||||
protected AbstractCryptography(String provider) {
|
||||
protected AbstractCryptography(Provider provider) {
|
||||
this.provider = provider;
|
||||
}
|
||||
|
||||
@ -137,7 +138,6 @@ public abstract class AbstractCryptography implements Cryptography, InternalCont
|
||||
if (extraBytes == 0) extraBytes = NETWORK_EXTRA_BYTES;
|
||||
|
||||
BigInteger TTL = BigInteger.valueOf(object.getExpiresTime() - UnixTime.now());
|
||||
BigInteger numerator = TWO_POW_64;
|
||||
BigInteger powLength = BigInteger.valueOf(object.getPayloadBytesWithoutNonce().length + extraBytes);
|
||||
BigInteger denominator = BigInteger.valueOf(nonceTrialsPerByte)
|
||||
.multiply(
|
||||
@ -145,7 +145,7 @@ public abstract class AbstractCryptography implements Cryptography, InternalCont
|
||||
powLength.multiply(TTL).divide(TWO_POW_16)
|
||||
)
|
||||
);
|
||||
return Bytes.expand(numerator.divide(denominator).toByteArray(), 8);
|
||||
return Bytes.expand(TWO_POW_64.divide(denominator).toByteArray(), 8);
|
||||
}
|
||||
|
||||
private byte[] hash(String algorithm, byte[]... data) {
|
||||
|
@ -52,14 +52,9 @@ import java.util.Arrays;
|
||||
public class BouncyCryptography extends AbstractCryptography {
|
||||
private static final X9ECParameters EC_CURVE_PARAMETERS = CustomNamedCurves.getByName("secp256k1");
|
||||
private static final String ALGORITHM_ECDSA = "ECDSA";
|
||||
private static final String PROVIDER = "BC";
|
||||
|
||||
static {
|
||||
java.security.Security.addProvider(new BouncyCastleProvider());
|
||||
}
|
||||
|
||||
public BouncyCryptography() {
|
||||
super(PROVIDER);
|
||||
super(new BouncyCastleProvider());
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -109,9 +104,9 @@ public class BouncyCryptography extends AbstractCryptography {
|
||||
|
||||
ECPoint Q = keyToPoint(pubkey.getSigningKey());
|
||||
KeySpec keySpec = new ECPublicKeySpec(Q, spec);
|
||||
PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, PROVIDER).generatePublic(keySpec);
|
||||
PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider).generatePublic(keySpec);
|
||||
|
||||
Signature sig = Signature.getInstance(ALGORITHM_ECDSA, PROVIDER);
|
||||
Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider);
|
||||
sig.initVerify(publicKey);
|
||||
sig.update(data);
|
||||
return sig.verify(signature);
|
||||
@ -133,10 +128,10 @@ public class BouncyCryptography extends AbstractCryptography {
|
||||
|
||||
BigInteger d = keyToBigInt(privateKey.getPrivateSigningKey());
|
||||
KeySpec keySpec = new ECPrivateKeySpec(d, spec);
|
||||
java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, PROVIDER)
|
||||
java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider)
|
||||
.generatePrivate(keySpec);
|
||||
|
||||
Signature sig = Signature.getInstance(ALGORITHM_ECDSA, PROVIDER);
|
||||
Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider);
|
||||
sig.initSign(privKey);
|
||||
sig.update(data);
|
||||
return sig.sign();
|
||||
|
@ -14,4 +14,5 @@ dependencies {
|
||||
compile project(':core')
|
||||
compile 'com.madgag.spongycastle:prov:1.52.0.0'
|
||||
testCompile 'junit:junit:4.12'
|
||||
testCompile 'org.mockito:mockito-core:1.10.19'
|
||||
}
|
||||
|
@ -52,14 +52,9 @@ import java.util.Arrays;
|
||||
public class SpongyCryptography extends AbstractCryptography {
|
||||
private static final X9ECParameters EC_CURVE_PARAMETERS = CustomNamedCurves.getByName("secp256k1");
|
||||
private static final String ALGORITHM_ECDSA = "ECDSA";
|
||||
private static final String PROVIDER = "SC";
|
||||
|
||||
static {
|
||||
java.security.Security.addProvider(new BouncyCastleProvider());
|
||||
}
|
||||
|
||||
public SpongyCryptography() {
|
||||
super(PROVIDER);
|
||||
super(new BouncyCastleProvider());
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -109,9 +104,9 @@ public class SpongyCryptography extends AbstractCryptography {
|
||||
|
||||
ECPoint Q = keyToPoint(pubkey.getSigningKey());
|
||||
KeySpec keySpec = new ECPublicKeySpec(Q, spec);
|
||||
PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, PROVIDER).generatePublic(keySpec);
|
||||
PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider).generatePublic(keySpec);
|
||||
|
||||
Signature sig = Signature.getInstance(ALGORITHM_ECDSA, PROVIDER);
|
||||
Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider);
|
||||
sig.initVerify(publicKey);
|
||||
sig.update(data);
|
||||
return sig.verify(signature);
|
||||
@ -133,10 +128,10 @@ public class SpongyCryptography extends AbstractCryptography {
|
||||
|
||||
BigInteger d = keyToBigInt(privateKey.getPrivateSigningKey());
|
||||
KeySpec keySpec = new ECPrivateKeySpec(d, spec);
|
||||
java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, PROVIDER)
|
||||
java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider)
|
||||
.generatePrivate(keySpec);
|
||||
|
||||
Signature sig = Signature.getInstance(ALGORITHM_ECDSA, PROVIDER);
|
||||
Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider);
|
||||
sig.initSign(privKey);
|
||||
sig.update(data);
|
||||
return sig.sign();
|
||||
|
@ -0,0 +1,157 @@
|
||||
package ch.dissem.bitmessage.security;
|
||||
|
||||
import ch.dissem.bitmessage.InternalContext;
|
||||
import ch.dissem.bitmessage.cryptography.sc.SpongyCryptography;
|
||||
import ch.dissem.bitmessage.entity.ObjectMessage;
|
||||
import ch.dissem.bitmessage.entity.payload.GenericPayload;
|
||||
import ch.dissem.bitmessage.entity.valueobject.PrivateKey;
|
||||
import ch.dissem.bitmessage.exception.InsufficientProofOfWorkException;
|
||||
import ch.dissem.bitmessage.ports.MultiThreadedPOWEngine;
|
||||
import ch.dissem.bitmessage.ports.ProofOfWorkEngine;
|
||||
import ch.dissem.bitmessage.utils.CallbackWaiter;
|
||||
import ch.dissem.bitmessage.utils.Singleton;
|
||||
import ch.dissem.bitmessage.utils.UnixTime;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
|
||||
import static ch.dissem.bitmessage.utils.UnixTime.DAY;
|
||||
import static ch.dissem.bitmessage.utils.UnixTime.MINUTE;
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* @author Christian Basler
|
||||
*/
|
||||
public class CryptographyTest {
|
||||
public static final byte[] TEST_VALUE = "teststring".getBytes();
|
||||
public static final byte[] TEST_SHA1 = DatatypeConverter.parseHexBinary(""
|
||||
+ "b8473b86d4c2072ca9b08bd28e373e8253e865c4");
|
||||
public static final byte[] TEST_SHA512 = DatatypeConverter.parseHexBinary(""
|
||||
+ "6253b39071e5df8b5098f59202d414c37a17d6a38a875ef5f8c7d89b0212b028"
|
||||
+ "692d3d2090ce03ae1de66c862fa8a561e57ed9eb7935ce627344f742c0931d72");
|
||||
public static final byte[] TEST_RIPEMD160 = DatatypeConverter.parseHexBinary(""
|
||||
+ "cd566972b5e50104011a92b59fa8e0b1234851ae");
|
||||
|
||||
private static SpongyCryptography crypto;
|
||||
|
||||
@BeforeClass
|
||||
public static void setUp() {
|
||||
crypto = new SpongyCryptography();
|
||||
Singleton.initialize(crypto);
|
||||
InternalContext ctx = mock(InternalContext.class);
|
||||
when(ctx.getProofOfWorkEngine()).thenReturn(new MultiThreadedPOWEngine());
|
||||
crypto.setContext(ctx);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRipemd160() {
|
||||
assertArrayEquals(TEST_RIPEMD160, crypto.ripemd160(TEST_VALUE));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSha1() {
|
||||
assertArrayEquals(TEST_SHA1, crypto.sha1(TEST_VALUE));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSha512() {
|
||||
assertArrayEquals(TEST_SHA512, crypto.sha512(TEST_VALUE));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testChaining() {
|
||||
assertArrayEquals(TEST_SHA512, crypto.sha512("test".getBytes(), "string".getBytes()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void ensureDoubleHashYieldsSameResultAsHashOfHash() {
|
||||
assertArrayEquals(crypto.sha512(TEST_SHA512), crypto.doubleSha512(TEST_VALUE));
|
||||
}
|
||||
|
||||
@Test(expected = IOException.class)
|
||||
public void ensureExceptionForInsufficientProofOfWork() throws IOException {
|
||||
ObjectMessage objectMessage = new ObjectMessage.Builder()
|
||||
.nonce(new byte[8])
|
||||
.expiresTime(UnixTime.now(+28 * DAY))
|
||||
.objectType(0)
|
||||
.payload(GenericPayload.read(0, 1, new ByteArrayInputStream(new byte[0]), 0))
|
||||
.build();
|
||||
crypto.checkProofOfWork(objectMessage, 1000, 1000);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoProofOfWork() throws Exception {
|
||||
ObjectMessage objectMessage = new ObjectMessage.Builder()
|
||||
.nonce(new byte[8])
|
||||
.expiresTime(UnixTime.now(+2 * MINUTE))
|
||||
.objectType(0)
|
||||
.payload(GenericPayload.read(0, 1, new ByteArrayInputStream(new byte[0]), 0))
|
||||
.build();
|
||||
final CallbackWaiter<byte[]> waiter = new CallbackWaiter<>();
|
||||
crypto.doProofOfWork(objectMessage, 1000, 1000,
|
||||
new ProofOfWorkEngine.Callback() {
|
||||
@Override
|
||||
public void onNonceCalculated(byte[] initialHash, byte[] nonce) {
|
||||
waiter.setValue(nonce);
|
||||
}
|
||||
});
|
||||
objectMessage.setNonce(waiter.waitForValue());
|
||||
try {
|
||||
crypto.checkProofOfWork(objectMessage, 1000, 1000);
|
||||
} catch (InsufficientProofOfWorkException e) {
|
||||
fail(e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void ensureEncryptionAndDecryptionWorks() {
|
||||
byte[] data = crypto.randomBytes(100);
|
||||
byte[] key_e = crypto.randomBytes(32);
|
||||
byte[] iv = crypto.randomBytes(16);
|
||||
byte[] encrypted = crypto.crypt(true, data, key_e, iv);
|
||||
byte[] decrypted = crypto.crypt(false, encrypted, key_e, iv);
|
||||
assertArrayEquals(data, decrypted);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void ensureDecryptionFailsWithInvalidCypherText() {
|
||||
byte[] data = crypto.randomBytes(128);
|
||||
byte[] key_e = crypto.randomBytes(32);
|
||||
byte[] iv = crypto.randomBytes(16);
|
||||
crypto.crypt(false, data, key_e, iv);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMultiplication() {
|
||||
byte[] a = crypto.randomBytes(PrivateKey.PRIVATE_KEY_SIZE);
|
||||
byte[] A = crypto.createPublicKey(a);
|
||||
|
||||
byte[] b = crypto.randomBytes(PrivateKey.PRIVATE_KEY_SIZE);
|
||||
byte[] B = crypto.createPublicKey(b);
|
||||
|
||||
assertArrayEquals(crypto.multiply(A, b), crypto.multiply(B, a));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void ensureSignatureIsValid() {
|
||||
byte[] data = crypto.randomBytes(100);
|
||||
PrivateKey privateKey = new PrivateKey(false, 1, 1000, 1000);
|
||||
byte[] signature = crypto.getSignature(data, privateKey);
|
||||
assertThat(crypto.isSignatureValid(data, signature, privateKey.getPubkey()), is(true));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void ensureSignatureIsInvalidForTemperedData() {
|
||||
byte[] data = crypto.randomBytes(100);
|
||||
PrivateKey privateKey = new PrivateKey(false, 1, 1000, 1000);
|
||||
byte[] signature = crypto.getSignature(data, privateKey);
|
||||
data[0]++;
|
||||
assertThat(crypto.isSignatureValid(data, signature, privateKey.getPubkey()), is(false));
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user