archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 23:04:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8166597: Crypto support for the EdDSA Signature Algorithm

Browse source 
Reviewed-by: weijun, mullan, wetmore
This commit is contained in:
Anthony Scarpino 2020-05-18 09:42:52 -07:00
parent 02293daa64
commit fd28aad72d
47 changed files with 4697 additions and 155 deletions
Download patch file Download diff file Expand all files Collapse all files

47
src/java.base/share/classes/java/security/interfaces/EdECKey.java Normal file
View file

@ -0,0 +1,47 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.security.spec.NamedParameterSpec;
/**
* An interface for an elliptic curve public/private key as defined by
* <a href="https://tools.ietf.org/html/rfc8032">RFC 8032: Edwards-Curve
* Digital Signature Algorithm (EdDSA)</a>. These keys are distinct from the
* keys represented by {@code ECKey}, and they are intended for use with
* algorithms based on RFC 8032 such as the EdDSA {@code Signature} algorithm.
* This interface allows access to the algorithm parameters associated with
* the key.
*
* @since 15
*/
public interface EdECKey {
/**
* Returns the algorithm parameters associated with the key.
*
* @return the associated algorithm parameters.
*/
NamedParameterSpec getParams();
}

55
src/java.base/share/classes/java/security/interfaces/EdECPrivateKey.java Normal file
View file

@ -0,0 +1,55 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.security.PrivateKey;
import java.util.Optional;
/**
* An interface for an elliptic curve private key as defined by
* <a href="https://tools.ietf.org/html/rfc8032">RFC 8032: Edwards-Curve
* Digital Signature Algorithm (EdDSA)</a>. These keys are distinct from the
* keys represented by {@code ECPrivateKey}, and they are intended for use
* with algorithms based on RFC 8032 such as the EdDSA {@code Signature}
* algorithm.
* <p>
* An Edwards-Curve private key is a bit string. This interface only supports bit
* string lengths that are a multiple of 8, and the key is represented using
* a byte array.
*
* @since 15
*/
public interface EdECPrivateKey extends EdECKey, PrivateKey {
/**
* Get a copy of the byte array representing the private key. This method
* may return an empty {@code Optional} if the implementation is not
* willing to produce the private key value.
*
* @return an {@code Optional} containing the private key byte array.
* If the key is not available, then an empty {@code Optional}.
*/
Optional<byte[]> getBytes();
}

50
src/java.base/share/classes/java/security/interfaces/EdECPublicKey.java Normal file
View file

@ -0,0 +1,50 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.security.PublicKey;
import java.security.spec.EdECPoint;
/**
* An interface for an elliptic curve public key as defined by
* <a href="https://tools.ietf.org/html/rfc8032">RFC 8032: Edwards-Curve
* Digital Signature Algorithm (EdDSA)</a>. These keys are distinct from the
* keys represented by {@code ECPublicKey}, and they are intended for use with
* algorithms based on RFC 8032 such as the EdDSA {@code Signature} algorithm.
* <p>
* An Edwards-Curve public key is a point on the curve, which is represented using an
* EdECPoint.
*
* @since 15
*/
public interface EdECPublicKey extends EdECKey, PublicKey {
/**
* Get the point representing the public key.
*
* @return the {@code EdECPoint} representing the public key.
*/
EdECPoint getPoint();
}

110
src/java.base/share/classes/java/security/spec/EdDSAParameterSpec.java Normal file
View file

@ -0,0 +1,110 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.security.InvalidParameterException;
import java.util.Objects;
import java.util.Optional;
/**
* A class used to specify EdDSA signature and verification parameters. All
* algorithm modes in <a href="https://tools.ietf.org/html/rfc8032">RFC 8032:
* Edwards-Curve Digital Signature Algorithm (EdDSA)</a> can be specified using
* combinations of the settings in this class.
*
* <ul>
* <li>If prehash is true, then the mode is Ed25519ph or Ed448ph</li>
* <li>Otherwise, if a context is present, the mode is Ed25519ctx or Ed448</li>
* <li>Otherwise, the mode is Ed25519 or Ed448</li>
* </ul>
*
* @since 15
*/
public class EdDSAParameterSpec implements AlgorithmParameterSpec {
private final boolean prehash;
private final byte[] context;
/**
* Construct an {@code EdDSAParameterSpec} by specifying whether the prehash mode
* is used. No context is provided so this constructor specifies a mode
* in which the context is null. Note that this mode may be different
* than the mode in which an empty array is used as the context.
*
* @param prehash whether the prehash mode is specified.
*/
public EdDSAParameterSpec(boolean prehash) {
this.prehash = prehash;
this.context = null;
}
/**
* Construct an {@code EdDSAParameterSpec} by specifying a context and whether the
* prehash mode is used. The context may not be null, but it may be an
* empty array. The mode used when the context is an empty array may not be
* the same as the mode used when the context is absent.
*
* @param prehash whether the prehash mode is specified.
* @param context the context is copied and bound to the signature.
* @throws NullPointerException if context is null.
* @throws InvalidParameterException if context length is greater than 255.
*/
public EdDSAParameterSpec(boolean prehash, byte[] context) {
Objects.requireNonNull(context, "context may not be null");
if (context.length > 255) {
throw new InvalidParameterException("context length cannot be " +
"greater than 255");
}
this.prehash = prehash;
this.context = context.clone();
}
/**
* Get whether the prehash mode is specified.
*
* @return whether the prehash mode is specified.
*/
public boolean isPrehash() {
return prehash;
}
/**
* Get the context that the signature will use.
*
* @return {@code Optional} contains a copy of the context or empty
* if context is null.
*/
public Optional<byte[]> getContext() {
if (context == null) {
return Optional.empty();
} else {
return Optional.of(context.clone());
}
}
}

86
src/java.base/share/classes/java/security/spec/EdECPoint.java Normal file
View file

@ -0,0 +1,86 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.math.BigInteger;
import java.util.Objects;
/**
* An elliptic curve point used to specify keys as defined by
* <a href="https://tools.ietf.org/html/rfc8032">RFC 8032: Edwards-Curve
* Digital Signature Algorithm (EdDSA)</a>. These points are distinct from the
* points represented by {@code ECPoint}, and they are intended for use with
* algorithms based on RFC 8032 such as the EdDSA {@code Signature} algorithm.
* <p>
* An EdEC point is specified by its y-coordinate value and a boolean that
* indicates whether the x-coordinate is odd. The y-coordinate is an
* element of the field of integers modulo some value p that is determined by
* the algorithm parameters. This field element is represented by a
* {@code BigInteger}, and implementations that consume objects of this class
* may reject integer values which are not in the range [0, p).
*
* @since 15
*/
public final class EdECPoint {
private final boolean xOdd;
private final BigInteger y;
/**
* Construct an EdECPoint.
*
* @param xOdd whether the x-coordinate is odd.
* @param y the y-coordinate, represented using a {@code BigInteger}.
*
* @throws NullPointerException if {@code y} is null.
*/
public EdECPoint(boolean xOdd, BigInteger y) {
Objects.requireNonNull(y, "y must not be null");
this.xOdd = xOdd;
this.y = y;
}
/**
* Get whether the x-coordinate of the point is odd.
*
* @return a boolean indicating whether the x-coordinate is odd.
*/
public boolean isXOdd() {
return xOdd;
}
/**
* Get the y-coordinate of the point.
*
* @return the y-coordinate, represented using a {@code BigInteger}.
*/
public BigInteger getY() {
return y;
}
}

81
src/java.base/share/classes/java/security/spec/EdECPrivateKeySpec.java Normal file
View file

@ -0,0 +1,81 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.util.Objects;
/**
* A class representing elliptic curve private keys as defined in
* <a href="https://tools.ietf.org/html/rfc8032">RFC 8032: Edwards-Curve
* Digital Signature Algorithm (EdDSA)</a>, including the curve and other
* algorithm parameters. The private key is a bit string represented using
* a byte array. This class only supports bit string lengths that are a
* multiple of 8.
*
* @since 15
*/
public final class EdECPrivateKeySpec implements KeySpec {
private final NamedParameterSpec params;
private final byte[] bytes;
/**
* Construct a private key spec using the supplied parameters and
* bit string.
*
* @param params the algorithm parameters.
* @param bytes the key as a byte array. This array is copied
* to protect against subsequent modification.
*
* @throws NullPointerException if {@code params} or {@code bytes}
* is null.
*/
public EdECPrivateKeySpec(NamedParameterSpec params, byte[] bytes) {
Objects.requireNonNull(params, "params must not be null");
Objects.requireNonNull(bytes, "bytes must not be null");
this.params = params;
this.bytes = bytes.clone();
}
/**
* Get the algorithm parameters that define the curve and other settings.
*
* @return the algorithm parameters.
*/
public NamedParameterSpec getParams() {
return params;
}
/**
* Get the byte array representing the private key. A new copy of the array
* is returned each time this method is called.
*
* @return the private key as a byte array.
*/
public byte[] getBytes() {
return bytes.clone();
}
}

78
src/java.base/share/classes/java/security/spec/EdECPublicKeySpec.java Normal file
View file

@ -0,0 +1,78 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.util.Objects;
/**
* A class representing elliptic curve public keys as defined in
* <a href="https://tools.ietf.org/html/rfc8032">RFC 8032: Edwards-Curve
* Digital Signature Algorithm (EdDSA)</a>, including the curve and other
* algorithm parameters. The public key is a point on the curve, which is
* represented using an {@code EdECPoint}.
*
* @since 15
*/
public final class EdECPublicKeySpec implements KeySpec {
private final NamedParameterSpec params;
private final EdECPoint point;
/**
* Construct a public key spec using the supplied parameters and
* point.
*
* @param params the algorithm parameters.
* @param point the point representing the public key.
*
* @throws NullPointerException if {@code params} or {@code point}
* is null.
*/
public EdECPublicKeySpec(NamedParameterSpec params, EdECPoint point) {
Objects.requireNonNull(params, "params must not be null");
Objects.requireNonNull(point, "point must not be null");
this.params = params;
this.point = point;
}
/**
* Get the algorithm parameters that define the curve and other settings.
*
* @return the parameters.
*/
public NamedParameterSpec getParams() {
return params;
}
/**
* Get the point representing the public key.
*
* @return the {@code EdECPoint} representing the public key.
*/
public EdECPoint getPoint() {
return point;
}
}

18
src/java.base/share/classes/java/security/spec/NamedParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -52,6 +52,22 @@ public class NamedParameterSpec implements AlgorithmParameterSpec {
public static final NamedParameterSpec X448
= new NamedParameterSpec("X448");
/**
* The Ed25519 parameters
*
* @since 15
*/
public static final NamedParameterSpec ED25519
= new NamedParameterSpec("Ed25519");
/**
* The Ed448 parameters
*
* @since 15
*/
public static final NamedParameterSpec ED448
= new NamedParameterSpec("Ed448");
private String name;
/**