Package net.i2p.crypto.eddsa
Class EdDSAEngine
- java.lang.Object
-
- java.security.SignatureSpi
-
- java.security.Signature
-
- net.i2p.crypto.eddsa.EdDSAEngine
-
- Direct Known Subclasses:
RedDSAEngine
public class EdDSAEngine extends Signature
Signing and verification for EdDSA.The EdDSA sign and verify algorithms do not interact well with the Java Signature API, as one or more update() methods must be called before sign() or verify(). Using the standard API, this implementation must copy and buffer all data passed in via update().
This implementation offers two ways to avoid this copying, but only if all data to be signed or verified is available in a single byte array.
Option 1:
- Call initSign() or initVerify() as usual.
- Call setParameter(ONE_SHOT_MODE)
- Call update(byte[]) or update(byte[], int, int) exactly once
- Call sign() or verify() as usual.
- If doing additional one-shot signs or verifies with this object, you must call setParameter(ONE_SHOT_MODE) each time
Option 2:
- Call initSign() or initVerify() as usual.
- Call one of the signOneShot() or verifyOneShot() methods.
- If doing additional one-shot signs or verifies with this object, just call signOneShot() or verifyOneShot() again.
- Since:
- 0.9.15
- Author:
- str4d
-
-
Field Summary
Fields Modifier and Type Field Description protected MessageDigest
digest
static AlgorithmParameterSpec
ONE_SHOT_MODE
To efficiently sign or verify data in one shot, pass this to setParameters() after initSign() or initVerify() but BEFORE THE FIRST AND ONLY update(data) or update(data, off, len).static String
SIGNATURE_ALGORITHM
-
Fields inherited from class java.security.Signature
SIGN, state, UNINITIALIZED, VERIFY
-
Fields inherited from class java.security.SignatureSpi
appRandom
-
-
Constructor Summary
Constructors Constructor Description EdDSAEngine()
No specific EdDSA-internal hash requested, allows any EdDSA key.EdDSAEngine(MessageDigest digest)
Specific EdDSA-internal hash requested, only matching keys will be allowed.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected void
digestInitSign(EdDSAPrivateKey privKey)
protected Object
engineGetParameter(String param)
Deprecated.protected void
engineInitSign(PrivateKey privateKey)
protected void
engineInitVerify(PublicKey publicKey)
protected void
engineSetParameter(String param, Object value)
Deprecated.replaced with thisprotected void
engineSetParameter(AlgorithmParameterSpec spec)
protected byte[]
engineSign()
protected void
engineUpdate(byte b)
protected void
engineUpdate(byte[] b, int off, int len)
protected boolean
engineVerify(byte[] sigBytes)
byte[]
signOneShot(byte[] data)
To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data.byte[]
signOneShot(byte[] data, int off, int len)
To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data.boolean
verifyOneShot(byte[] data, byte[] signature)
To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data.boolean
verifyOneShot(byte[] data, byte[] signature, int sigoff, int siglen)
To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data.boolean
verifyOneShot(byte[] data, int off, int len, byte[] signature)
To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data.boolean
verifyOneShot(byte[] data, int off, int len, byte[] signature, int sigoff, int siglen)
To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data.-
Methods inherited from class java.security.Signature
clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, update, verify, verify
-
Methods inherited from class java.security.SignatureSpi
engineGetParameters, engineInitSign, engineSign, engineUpdate, engineVerify
-
-
-
-
Field Detail
-
SIGNATURE_ALGORITHM
public static final String SIGNATURE_ALGORITHM
- See Also:
- Constant Field Values
-
digest
protected MessageDigest digest
-
ONE_SHOT_MODE
public static final AlgorithmParameterSpec ONE_SHOT_MODE
To efficiently sign or verify data in one shot, pass this to setParameters() after initSign() or initVerify() but BEFORE THE FIRST AND ONLY update(data) or update(data, off, len). The data reference will be saved and then used in sign() or verify() without copying the data. Violate these rules and you will get a SignatureException.- Since:
- 0.9.25
-
-
Constructor Detail
-
EdDSAEngine
public EdDSAEngine()
No specific EdDSA-internal hash requested, allows any EdDSA key.
-
EdDSAEngine
public EdDSAEngine(MessageDigest digest)
Specific EdDSA-internal hash requested, only matching keys will be allowed.- Parameters:
digest
- the hash algorithm that keys must have to sign or verify.
-
-
Method Detail
-
engineInitSign
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException
- Specified by:
engineInitSign
in classSignatureSpi
- Throws:
InvalidKeyException
-
digestInitSign
protected void digestInitSign(EdDSAPrivateKey privKey)
-
engineInitVerify
protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException
- Specified by:
engineInitVerify
in classSignatureSpi
- Throws:
InvalidKeyException
-
engineUpdate
protected void engineUpdate(byte b) throws SignatureException
- Specified by:
engineUpdate
in classSignatureSpi
- Throws:
SignatureException
- if in one-shot mode
-
engineUpdate
protected void engineUpdate(byte[] b, int off, int len) throws SignatureException
- Specified by:
engineUpdate
in classSignatureSpi
- Throws:
SignatureException
- if one-shot rules are violated
-
engineSign
protected byte[] engineSign() throws SignatureException
- Specified by:
engineSign
in classSignatureSpi
- Throws:
SignatureException
-
engineVerify
protected boolean engineVerify(byte[] sigBytes) throws SignatureException
- Specified by:
engineVerify
in classSignatureSpi
- Throws:
SignatureException
-
signOneShot
public byte[] signOneShot(byte[] data) throws SignatureException
To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:setParameter(ONE_SHOT_MODE) update(data) sig = sign()
- Parameters:
data
- the message to be signed- Returns:
- the signature
- Throws:
SignatureException
- if update() already called- Since:
- 0.9.25
- See Also:
ONE_SHOT_MODE
-
signOneShot
public byte[] signOneShot(byte[] data, int off, int len) throws SignatureException
To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:setParameter(ONE_SHOT_MODE) update(data, off, len) sig = sign()
- Parameters:
data
- byte array containing the message to be signedoff
- the start of the message inside datalen
- the length of the message- Returns:
- the signature
- Throws:
SignatureException
- if update() already called- Since:
- 0.9.25
- See Also:
ONE_SHOT_MODE
-
verifyOneShot
public boolean verifyOneShot(byte[] data, byte[] signature) throws SignatureException
To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:setParameter(ONE_SHOT_MODE) update(data) ok = verify(signature)
- Parameters:
data
- the message that was signedsignature
- of the message- Returns:
- true if the signature is valid, false otherwise
- Throws:
SignatureException
- if update() already called- Since:
- 0.9.25
- See Also:
ONE_SHOT_MODE
-
verifyOneShot
public boolean verifyOneShot(byte[] data, int off, int len, byte[] signature) throws SignatureException
To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:setParameter(ONE_SHOT_MODE) update(data, off, len) ok = verify(signature)
- Parameters:
data
- byte array containing the message that was signedoff
- the start of the message inside datalen
- the length of the messagesignature
- of the message- Returns:
- true if the signature is valid, false otherwise
- Throws:
SignatureException
- if update() already called- Since:
- 0.9.25
- See Also:
ONE_SHOT_MODE
-
verifyOneShot
public boolean verifyOneShot(byte[] data, byte[] signature, int sigoff, int siglen) throws SignatureException
To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:setParameter(ONE_SHOT_MODE) update(data) ok = verify(signature, sigoff, siglen)
- Parameters:
data
- the message that was signedsignature
- byte array containing the signaturesigoff
- the start of the signaturesiglen
- the length of the signature- Returns:
- true if the signature is valid, false otherwise
- Throws:
SignatureException
- if update() already called- Since:
- 0.9.25
- See Also:
ONE_SHOT_MODE
-
verifyOneShot
public boolean verifyOneShot(byte[] data, int off, int len, byte[] signature, int sigoff, int siglen) throws SignatureException
To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:setParameter(ONE_SHOT_MODE) update(data, off, len) ok = verify(signature, sigoff, siglen)
- Parameters:
data
- byte array containing the message that was signedoff
- the start of the message inside datalen
- the length of the messagesignature
- byte array containing the signaturesigoff
- the start of the signaturesiglen
- the length of the signature- Returns:
- true if the signature is valid, false otherwise
- Throws:
SignatureException
- if update() already called- Since:
- 0.9.25
- See Also:
ONE_SHOT_MODE
-
engineSetParameter
protected void engineSetParameter(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
- Overrides:
engineSetParameter
in classSignatureSpi
- Throws:
InvalidAlgorithmParameterException
- if spec is ONE_SHOT_MODE and update() already called- Since:
- 0.9.25
- See Also:
ONE_SHOT_MODE
-
engineSetParameter
protected void engineSetParameter(String param, Object value)
Deprecated.replaced with this- Specified by:
engineSetParameter
in classSignatureSpi
-
engineGetParameter
protected Object engineGetParameter(String param)
Deprecated.- Specified by:
engineGetParameter
in classSignatureSpi
-
-