Move to bouncy castle 1.50 and use RFC6979 deterministic ECDSA

tamasblummer · tamasblummer · commit 0cd6a5db3ef5 · 2014-01-04T18:26:29.000+01:00
signatures
diff --git a/api/src/main/java/com/bitsofproof/supernode/common/ECKeyPair.java b/api/src/main/java/com/bitsofproof/supernode/common/ECKeyPair.java
@@ -21,19 +21,20 @@
 import java.security.SecureRandom;
 
 import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.DERSequenceGenerator;
 import org.bouncycastle.asn1.DLSequence;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.signers.ECDSASigner;
-import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
 import org.bouncycastle.util.Arrays;
 
 import com.bitsofproof.supernode.api.Address;
@@ -79,15 +80,7 @@ public static ECKeyPair createNew (boolean compressed)
 		ECKeyPair k = new ECKeyPair ();
 		k.priv = privParams.getD ();
 		k.compressed = compressed;
-		if ( compressed )
-		{
-			ECPoint q = pubParams.getQ ();
-			k.pub = new ECPoint.Fp (domain.getCurve (), q.getX (), q.getY (), true).getEncoded ();
-		}
-		else
-		{
-			k.pub = pubParams.getQ ().getEncoded ();
-		}
+		k.pub = pubParams.getQ ().getEncoded (compressed);
 		return k;
 	}
 
@@ -144,30 +137,14 @@ public ECKeyPair (byte[] p, boolean compressed) throws ValidationException
 		}
 		this.priv = new BigInteger (1, p).mod (curve.getN ());
 		this.compressed = compressed;
-		if ( compressed )
-		{
-			ECPoint q = curve.getG ().multiply (priv);
-			pub = new ECPoint.Fp (domain.getCurve (), q.getX (), q.getY (), true).getEncoded ();
-		}
-		else
-		{
-			pub = curve.getG ().multiply (priv).getEncoded ();
-		}
+		pub = curve.getG ().multiply (priv).getEncoded (compressed);
 	}
 
 	public ECKeyPair (BigInteger priv, boolean compressed)
 	{
 		this.priv = priv;
 		this.compressed = compressed;
-		if ( compressed )
-		{
-			ECPoint q = curve.getG ().multiply (priv);
-			pub = new ECPoint.Fp (domain.getCurve (), q.getX (), q.getY (), true).getEncoded ();
-		}
-		else
-		{
-			pub = curve.getG ().multiply (priv).getEncoded ();
-		}
+		pub = curve.getG ().multiply (priv).getEncoded (compressed);
 	}
 
 	@Override
@@ -177,15 +154,15 @@ public byte[] sign (byte[] hash) throws ValidationException
 		{
 			throw new ValidationException ("Need private key to sign");
 		}
-		ECDSASigner signer = new ECDSASigner ();
+		ECDSASigner signer = new ECDSASigner (new HMacDSAKCalculator (new SHA256Digest ()));
 		signer.init (true, new ECPrivateKeyParameters (priv, domain));
 		BigInteger[] signature = signer.generateSignature (hash);
 		ByteArrayOutputStream s = new ByteArrayOutputStream ();
 		try
 		{
 			DERSequenceGenerator seq = new DERSequenceGenerator (s);
-			seq.addObject (new DERInteger (signature[0]));
-			seq.addObject (new DERInteger (signature[1]));
+			seq.addObject (new ASN1Integer (signature[0]));
+			seq.addObject (new ASN1Integer (signature[1]));
 			seq.close ();
 			return s.toByteArray ();
 		}
@@ -210,8 +187,8 @@ public static boolean verify (byte[] hash, byte[] signature, byte[] pub)
 			signer.init (false, new ECPublicKeyParameters (curve.getCurve ().decodePoint (pub), domain));
 
 			DLSequence seq = (DLSequence) asn1.readObject ();
-			BigInteger r = ((DERInteger) seq.getObjectAt (0)).getPositiveValue ();
-			BigInteger s = ((DERInteger) seq.getObjectAt (1)).getPositiveValue ();
+			BigInteger r = ((ASN1Integer) seq.getObjectAt (0)).getPositiveValue ();
+			BigInteger s = ((ASN1Integer) seq.getObjectAt (1)).getPositiveValue ();
 			return signer.verifySignature (hash, r, s);
 		}
 		catch ( Exception e )
@@ -231,6 +208,12 @@ public static boolean verify (byte[] hash, byte[] signature, byte[] pub)
 		}
 	}
 
+	@Override
+	public String toString ()
+	{
+		return serializeWIF (this);
+	}
+
 	public static String serializeWIF (Key key)
 	{
 		return ByteUtils.toBase58 (bytesWIF (key));
diff --git a/api/src/test/java/com/bitsofproof/supernode/api/RFC6979Test.java b/api/src/test/java/com/bitsofproof/supernode/api/RFC6979Test.java
@@ -0,0 +1,62 @@
+package com.bitsofproof.supernode.api;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Security;
+import java.util.Arrays;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.bitsofproof.supernode.common.ByteUtils;
+import com.bitsofproof.supernode.common.ECKeyPair;
+import com.bitsofproof.supernode.common.ValidationException;
+
+public class RFC6979Test
+{
+	static BouncyCastleProvider provider;
+
+	@BeforeClass
+	public static void init ()
+	{
+		Security.addProvider (provider = new BouncyCastleProvider ());
+	}
+
+	private static final String TESTS = "RFC6979.json";
+
+	private JSONArray readArray (String resource) throws IOException, JSONException
+	{
+		InputStream input = this.getClass ().getResource ("/" + resource).openStream ();
+		StringBuffer content = new StringBuffer ();
+		byte[] buffer = new byte[1024];
+		int len;
+		while ( (len = input.read (buffer)) > 0 )
+		{
+			byte[] s = new byte[len];
+			System.arraycopy (buffer, 0, s, 0, len);
+			content.append (new String (buffer, "UTF-8"));
+		}
+		return new JSONArray (content.toString ());
+	}
+
+	@Test
+	public void rfc6979 () throws IOException, JSONException, ValidationException
+	{
+		JSONArray tests = readArray (TESTS);
+		for ( int i = 0; i < tests.length (); ++i )
+		{
+			JSONObject test = tests.getJSONObject (i);
+			ECKeyPair key = ECKeyPair.parseWIF (test.getString ("key"));
+			byte[] message = test.getString ("message").getBytes ();
+			byte[] expectedSignature = ByteUtils.fromHex (test.getString ("expectedSignature"));
+			byte[] signature = key.sign (message);
+			assertTrue (Arrays.equals (expectedSignature, signature));
+		}
+	}
+}
diff --git a/api/src/test/resources/RFC6979.json b/api/src/test/resources/RFC6979.json
@@ -0,0 +1,22 @@
+[
+	{
+		"key": "L24GFtCcK6E8dUNGkRK7iCUcfi3JJmVQq8NPG9LzcXS594YkuFoK", 
+		"message":"Satoshi Nakamoto", 
+		"expectedSignature":"304502202eb53dd34d8c0014371ddf3c57b60cbdde5c525abd6384b6453192fac9ec180a022100fe5b29c65d400d7e48a0f9e3e450069fa87400288e78e1e9932ad44f6c03f23f"
+	},
+	{
+		"key": "L1MuyFhSGEJYXZWHRLt2Ggnou5BzCMy7165eFTB2qPPU93B4fRjV", 
+		"message":"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks", 
+		"expectedSignature":"30460221009d4adeca74eaea3a81f0c55c54478f6d5c652196b4d7c02d69bbf30504d9e95b02210080bc27ba00a4c75919b477b2a61d56de851a521d2ff6782b631c542e76e7d346"
+	},
+	{
+		"key": "KxiYEU4ti9G4pLb832rrjGnkvHpAt8Dqx7ZBq3NA66pQN3hpRFSx",
+		"message":"Satoshi Nakamoto",
+		"expectedSignature":"304402203db5f02f6d96090852a31d16e44077a4ee879402a01bb9019238ec5269b976010220558817ff1534dc47f21b766fc014369158e4a471ae42b986eaaf659f81abe3ee"
+	},
+	{
+		"key": "L3wadShuDYpTR1sHVsbPSE695YX1Fh5wfDvE4ztZtyyYjidSUJmX",
+		"message":"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks",
+		"expectedSignature":"30450220290a41120f7d06d86d4d6914ea718d91111e58700b28072a951e59a2a8b1f983022100dee6880df00d72bc847929219a85d4edad83bd2ac45907371af920f3cac20bd7"
+	}
+]
diff --git a/pom.xml b/pom.xml
@@ -49,7 +49,7 @@
 		<springframework.version>3.1.2.RELEASE</springframework.version>
 		<slf4j.version>1.6.6</slf4j.version>
 		<java.compiler.version>1.7</java.compiler.version>
-		<bouncycastle.version>1.48</bouncycastle.version>
+		<bouncycastle.version>1.50</bouncycastle.version>
 		<protobuf.version>2.4.1</protobuf.version>
 		<json.version>20090211</json.version>
 		<commons-cli.version>1.2</commons-cli.version>
diff --git a/server/src/main/java/com/bitsofproof/supernode/main/Main.java b/server/src/main/java/com/bitsofproof/supernode/main/Main.java
@@ -35,7 +35,7 @@ protected interface App
 
 	public static void main (String[] args) throws Exception
 	{
-		log.info ("bitsofproof supernode (c) 2013 bits of proof zrt.");
+		log.info ("bitsofproof supernode (c) 2013-2014 bits of proof zrt.");
 		Security.addProvider (new BouncyCastleProvider ());
 		log.trace ("Spring context setup");
 

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ protected interface App`
`35`	`35`
`36`	`36`	`public static void main (String[] args) throws Exception`
`37`	`37`	`{`
`38`		`- log.info ("bitsofproof supernode (c) 2013 bits of proof zrt.");`
	`38`	`+ log.info ("bitsofproof supernode (c) 2013-2014 bits of proof zrt.");`
`39`	`39`	`Security.addProvider (new BouncyCastleProvider ());`
`40`	`40`	`log.trace ("Spring context setup");`
`41`	`41`