0.5.3 incompatible but better asymmetric keys id (both encryption and signing)
This commit is contained in:
parent
6431d4896a
commit
134f619037
@ -6,6 +6,12 @@ Cryptographic API works exactly the same and compiles to any platform supported
|
|||||||
|
|
||||||
All primitives meant to send over the network or store are `kotlinx.serialization` compatible, serializers included.
|
All primitives meant to send over the network or store are `kotlinx.serialization` compatible, serializers included.
|
||||||
|
|
||||||
|
# Important notes on upgrade
|
||||||
|
|
||||||
|
Since version __0.5.*__ key identity calculation for asymmetric keys is updated
|
||||||
|
to make it more safe for theoretic future attack on blake2b hashing. Key.id values
|
||||||
|
are incompatible with older. Sorry for inconvenience.
|
||||||
|
|
||||||
# Usage
|
# Usage
|
||||||
|
|
||||||
```kotlin
|
```kotlin
|
||||||
|
|||||||
@ -5,7 +5,7 @@ plugins {
|
|||||||
}
|
}
|
||||||
|
|
||||||
group = "net.sergeych"
|
group = "net.sergeych"
|
||||||
version = "0.4.3"
|
version = "0.5.3"
|
||||||
|
|
||||||
repositories {
|
repositories {
|
||||||
mavenCentral()
|
mavenCentral()
|
||||||
|
|||||||
@ -23,7 +23,7 @@ import kotlinx.serialization.Serializable
|
|||||||
* password, see above.
|
* password, see above.
|
||||||
*/
|
*/
|
||||||
@Serializable
|
@Serializable
|
||||||
data class KeyId(val id: BinaryId, val kdp: PBKD.Params?=null ) {
|
data class KeyId(val id: BinaryId, val kdp: PBKD.Params? = null) {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Binary array representation of the [id], not including the [kdp]. Used in [SafeKeyExchange]
|
* Binary array representation of the [id], not including the [kdp]. Used in [SafeKeyExchange]
|
||||||
@ -31,7 +31,7 @@ data class KeyId(val id: BinaryId, val kdp: PBKD.Params?=null ) {
|
|||||||
*/
|
*/
|
||||||
val binaryTag: UByteArray by lazy { id.id }
|
val binaryTag: UByteArray by lazy { id.id }
|
||||||
|
|
||||||
val keymagic: KeysmagicNumber by lazy { KeysmagicNumber.entries[id.magic]}
|
val keymagic: KeysmagicNumber by lazy { KeysmagicNumber.entries[id.magic] }
|
||||||
|
|
||||||
override fun equals(other: Any?): Boolean {
|
override fun equals(other: Any?): Boolean {
|
||||||
if (this === other) return true
|
if (this === other) return true
|
||||||
@ -45,6 +45,17 @@ data class KeyId(val id: BinaryId, val kdp: PBKD.Params?=null ) {
|
|||||||
|
|
||||||
override fun toString() = id.toString()
|
override fun toString() = id.toString()
|
||||||
|
|
||||||
constructor(magicNumber: KeysmagicNumber, keyData: UByteArray, kdp: PBKD.Params?=null)
|
constructor(
|
||||||
: this(BinaryId.createFromUBytes(magicNumber.ordinal, blake2b3l(keyData)), kdp)
|
magicNumber: KeysmagicNumber,
|
||||||
|
keyData: UByteArray,
|
||||||
|
kdp: PBKD.Params? = null,
|
||||||
|
donNotHash: Boolean = false,
|
||||||
|
)
|
||||||
|
: this(
|
||||||
|
BinaryId.createFromUBytes(
|
||||||
|
magicNumber.ordinal,
|
||||||
|
if (donNotHash) keyData else blake2b3l(keyData)
|
||||||
|
),
|
||||||
|
kdp
|
||||||
|
)
|
||||||
}
|
}
|
||||||
@ -69,4 +69,6 @@ class PublicKey(override val keyBytes: UByteArray) : UniversalKey(), EncryptingK
|
|||||||
randomFill: IntRange? = null,
|
randomFill: IntRange? = null,
|
||||||
): Asymmetric.Message =
|
): Asymmetric.Message =
|
||||||
Asymmetric.createMessage(senderKey, this, WithFill.encode(plainData, randomFill))
|
Asymmetric.createMessage(senderKey, this, WithFill.encode(plainData, randomFill))
|
||||||
|
|
||||||
|
override val id by lazy { KeyId(magic, keyBytes, null, true) }
|
||||||
}
|
}
|
||||||
@ -13,7 +13,7 @@ sealed class UniversalKey: KeyInstance {
|
|||||||
open val magic: KeysmagicNumber = KeysmagicNumber.Unknown
|
open val magic: KeysmagicNumber = KeysmagicNumber.Unknown
|
||||||
|
|
||||||
|
|
||||||
override val id by lazy { KeyId(magic, keyBytes) }
|
override val id by lazy { KeyId(magic, keyBytes, null) }
|
||||||
|
|
||||||
// Important: id can be overridden, so we use it, not magic:
|
// Important: id can be overridden, so we use it, not magic:
|
||||||
open val label by lazy { id.keymagic.label }
|
open val label by lazy { id.keymagic.label }
|
||||||
|
|||||||
@ -24,4 +24,6 @@ class VerifyingPublicKey(override val keyBytes: UByteArray) : UniversalKey(), Ve
|
|||||||
|
|
||||||
@Transient
|
@Transient
|
||||||
override val magic: KeysmagicNumber = KeysmagicNumber.defaultVerifying
|
override val magic: KeysmagicNumber = KeysmagicNumber.defaultVerifying
|
||||||
|
|
||||||
|
override val id by lazy { KeyId(magic, keyBytes, null, true) }
|
||||||
}
|
}
|
||||||
@ -159,6 +159,11 @@ class KeysTest {
|
|||||||
val x2 = pk1.encryptMessage(plain, sk1).encoded
|
val x2 = pk1.encryptMessage(plain, sk1).encoded
|
||||||
|
|
||||||
assertFalse { x1 contentEquals x2 }
|
assertFalse { x1 contentEquals x2 }
|
||||||
|
|
||||||
|
// public key ID should use key bytes instead
|
||||||
|
assertContentEquals(pk1.keyBytes, pk1.id.binaryTag.take(32).toUByteArray())
|
||||||
|
assertContentEquals(pk1.keyBytes, sk1.id.binaryTag.take(32).toUByteArray())
|
||||||
|
|
||||||
}
|
}
|
||||||
@Test
|
@Test
|
||||||
fun asymmetricKeySerializationTest() = runTest {
|
fun asymmetricKeySerializationTest() = runTest {
|
||||||
@ -261,5 +266,11 @@ class KeysTest {
|
|||||||
val dk2 = unpack<VerifyingPublicKey>(s2)
|
val dk2 = unpack<VerifyingPublicKey>(s2)
|
||||||
assertEquals(k, dk1)
|
assertEquals(k, dk1)
|
||||||
assertEquals(k.verifyingKey, dk2)
|
assertEquals(k.verifyingKey, dk2)
|
||||||
|
|
||||||
|
// id for public/shared keys should be of the key itself to increase safety.
|
||||||
|
// not hashed!
|
||||||
|
assertContentEquals(k.verifyingKey.keyBytes, dk2.id.binaryTag.take(32).toUByteArray())
|
||||||
|
assertContentEquals(k.verifyingKey.keyBytes, dk1.id.binaryTag.take(32).toUByteArray())
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user