Add initial vault operations

This implementation aims to be compatible with libsodium ristretto255 signcryption and XChaCha20-Poly1305. This relates to #5 with an enhanced implementation of #1.
o1c-dev · Dec 7, 2020 · 567a420 · 567a420
1 parent 8e24013
commit 567a420
Show file tree

Hide file tree

Showing 6 changed files with 536 additions and 0 deletions.
diff --git a/java15/src/test/java/dev/o1c/spi/VaultTest.java b/java15/src/test/java/dev/o1c/spi/VaultTest.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2020 Matt Sicker
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package dev.o1c.spi;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+
+import java.nio.charset.StandardCharsets;
+import java.security.Security;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+class VaultTest {
+
+    @BeforeAll
+    static void beforeAll() {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    @AfterAll
+    static void afterAll() {
+        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+    }
+
+    @Test
+    void smokeTest() {
+        var vault = new Vault();
+        var alice = vault.generateKeyPair();
+        var aliceId = "Alice".getBytes(StandardCharsets.UTF_8);
+        var bob = vault.generateKeyPair();
+        var bobId = "Robert".getBytes(StandardCharsets.UTF_8);
+        var context = getClass().getName().getBytes(StandardCharsets.UTF_8);
+        var msg = "Ristretto is traditionally a short shot of espresso coffee made with the normal amount of ground coffee " +
+                "but extracted with about half the amount of water in the same amount of time by using a finer grind. " +
+                "This produces a concentrated shot of coffee per volume. Just pulling a normal shot short will produce a " +
+                "weaker shot and is not a Ristretto as some believe.";
+        var data = msg.getBytes(StandardCharsets.UTF_8);
+        var sealedData = vault.seal(alice.getPrivate(), aliceId, bob.getPublic(), bobId, context, data);
+        var actual = vault.unseal(alice.getPublic(), aliceId, bob.getPrivate(), bobId, context, sealedData);
+        assertArrayEquals(data, actual);
+    }
+
+    @Test
+    @Disabled("needs test vectors")
+    void compatTest() {
+        var vault = new Vault();
+        var aliceKey = ByteOps.fromHex("TODO");
+        var alice = vault.parsePrivateKey(aliceKey);
+        var aliceId = "TODO".getBytes(StandardCharsets.UTF_8);
+        var bobKey = ByteOps.fromHex("TODO");
+        var bob = vault.parsePrivateKey(bobKey);
+        var bobId = "TODO".getBytes(StandardCharsets.UTF_8);
+        var context = "TODO".getBytes(StandardCharsets.UTF_8);
+        var msg = "Ristretto is traditionally a short shot of espresso coffee made with the normal amount of ground coffee " +
+                "but extracted with about half the amount of water in the same amount of time by using a finer grind. " +
+                "This produces a concentrated shot of coffee per volume. Just pulling a normal shot short will produce a " +
+                "weaker shot and is not a Ristretto as some believe.";
+        var sealed = ByteOps.fromHex("TODO");
+        var unsealed = vault.unseal(alice.getPublic(), aliceId, bob.getPrivate(), bobId, context, sealed);
+        assertEquals(msg, new String(unsealed, StandardCharsets.UTF_8));
+    }
+}
diff --git a/java15/src/test/java/dev/o1c/spi/XChaCha20Poly1305Test.java b/java15/src/test/java/dev/o1c/spi/XChaCha20Poly1305Test.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2020 Matt Sicker
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package dev.o1c.spi;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class XChaCha20Poly1305Test {
+    @Test
+    void subkeyDerivation() {
+        var key = ByteOps.fromHex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
+        var nonce = ByteOps.fromHex("000000090000004a0000000031415927");
+        var expectedKey = ByteOps.fromHex("82413b4227b27bfed30e42508a877d73a0f9e4d58a74a853c12ec41326d3ecdc");
+        var actualKey = XChaCha20Poly1305.calculateSubKey(key, nonce);
+        assertArrayEquals(expectedKey, actualKey);
+    }
+}
diff --git a/java8/pom.xml b/java8/pom.xml
@@ -38,6 +38,10 @@
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15on</artifactId>
     </dependency>
+    <dependency>
+      <groupId>cafe.cryptography</groupId>
+      <artifactId>curve25519-elisabeth</artifactId>
+    </dependency>
     <dependency>
       <groupId>net.i2p.crypto</groupId>
       <artifactId>eddsa</artifactId>