net.i2p.crypto.eddsa.EdDSAEngine

Direct Known Subclasses:: RedDSAEngine

public class EdDSAEngine
extends Signature

Signing and verification for EdDSA.

The EdDSA sign and verify algorithms do not interact well with the Java Signature API, as one or more update() methods must be called before sign() or verify(). Using the standard API, this implementation must copy and buffer all data passed in via update().

This implementation offers two ways to avoid this copying, but only if all data to be signed or verified is available in a single byte array.

Option 1:

Call initSign() or initVerify() as usual.
Call setParameter(ONE_SHOT_MODE)
Call update(byte[]) or update(byte[], int, int) exactly once
Call sign() or verify() as usual.
If doing additional one-shot signs or verifies with this object, you must call setParameter(ONE_SHOT_MODE) each time

Option 2:

Call initSign() or initVerify() as usual.
Call one of the signOneShot() or verifyOneShot() methods.
If doing additional one-shot signs or verifies with this object, just call signOneShot() or verifyOneShot() again.

Since:: 0.9.15
Author:: str4d

Field Summary

Fields
Modifier and Type	Field	Description
`protected MessageDigest`	`digest`
`static AlgorithmParameterSpec`	`ONE_SHOT_MODE`	To efficiently sign or verify data in one shot, pass this to setParameters() after initSign() or initVerify() but BEFORE THE FIRST AND ONLY update(data) or update(data, off, len).
`static String`	`SIGNATURE_ALGORITHM`

Fields inherited from class java.security.Signature

SIGN, state, UNINITIALIZED, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

Constructors
Constructor	Description
`EdDSAEngine()`	No specific EdDSA-internal hash requested, allows any EdDSA key.
`EdDSAEngine(MessageDigest digest)`	Specific EdDSA-internal hash requested, only matching keys will be allowed.

Method Summary

Modifier and Type	Method	Description
`protected void`	`digestInitSign(EdDSAPrivateKey privKey)`
`protected Object`	`engineGetParameter(String param)`	Deprecated.
`protected void`	`engineInitSign(PrivateKey privateKey)`
`protected void`	`engineInitVerify(PublicKey publicKey)`
`protected void`	`engineSetParameter(String param, Object value)`	Deprecated. replaced with this
`protected void`	`engineSetParameter(AlgorithmParameterSpec spec)`
`protected byte[]`	`engineSign()`
`protected void`	`engineUpdate(byte b)`
`protected void`	`engineUpdate(byte[] b, int off, int len)`
`protected boolean`	`engineVerify(byte[] sigBytes)`
`byte[]`	`signOneShot(byte[] data)`	To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data.
`byte[]`	`signOneShot(byte[] data, int off, int len)`	To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data.
`boolean`	`verifyOneShot(byte[] data, byte[] signature)`	To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data.
`boolean`	`verifyOneShot(byte[] data, byte[] signature, int sigoff, int siglen)`	To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data.
`boolean`	`verifyOneShot(byte[] data, int off, int len, byte[] signature)`	To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data.
`boolean`	`verifyOneShot(byte[] data, int off, int len, byte[] signature, int sigoff, int siglen)`	To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data.

Methods inherited from class java.security.Signature

clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, update, verify, verify

Methods inherited from class java.security.SignatureSpi

engineGetParameters, engineInitSign, engineSign, engineUpdate, engineVerify

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details
- SIGNATURE_ALGORITHM
  
  public static final String SIGNATURE_ALGORITHM
  
  See Also:
  
  Constant Field Values
- digest
  
  protected MessageDigest digest
- ONE_SHOT_MODE
  
  public static final AlgorithmParameterSpec ONE_SHOT_MODE
  
  To efficiently sign or verify data in one shot, pass this to setParameters() after initSign() or initVerify() but BEFORE THE FIRST AND ONLY update(data) or update(data, off, len). The data reference will be saved and then used in sign() or verify() without copying the data. Violate these rules and you will get a SignatureException.
  
  Since:
  
  0.9.25
Constructor Details
- EdDSAEngine
  
  public EdDSAEngine()
  
  No specific EdDSA-internal hash requested, allows any EdDSA key.
- EdDSAEngine
  
  public EdDSAEngine(MessageDigest digest)
  
  Specific EdDSA-internal hash requested, only matching keys will be allowed.
  
  Parameters:
  
  digest - the hash algorithm that keys must have to sign or verify.
Method Details
- engineInitSign
  
  protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException
  
  Specified by:
  
  engineInitSign in class SignatureSpi
  
  Throws:
  
  InvalidKeyException
- digestInitSign
  
  protected void digestInitSign(EdDSAPrivateKey privKey)
- engineInitVerify
  
  protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException
  
  Specified by:
  
  engineInitVerify in class SignatureSpi
  
  Throws:
  
  InvalidKeyException
- engineUpdate
  
  protected void engineUpdate(byte b) throws SignatureException
  
  Specified by:
  
  engineUpdate in class SignatureSpi
  
  Throws:
  
  SignatureException - if in one-shot mode
- engineUpdate
  
  protected void engineUpdate(byte[] b, int off, int len) throws SignatureException
  
  Specified by:
  
  engineUpdate in class SignatureSpi
  
  Throws:
  
  SignatureException - if one-shot rules are violated
- engineSign
  
  protected byte[] engineSign() throws SignatureException
  
  Specified by:
  
  engineSign in class SignatureSpi
  
  Throws:
  
  SignatureException
- engineVerify
  
  protected boolean engineVerify(byte[] sigBytes) throws SignatureException
  
  Specified by:
  
  engineVerify in class SignatureSpi
  
  Throws:
  
  SignatureException
- signOneShot
  
  public byte[] signOneShot(byte[] data) throws SignatureException
  To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
  setParameter(ONE_SHOT_MODE) update(data) sig = sign()
  Parameters:
  
  data - the message to be signed
  
  Returns:
  
  the signature
  
  Throws:
  
  SignatureException - if update() already called
  
  Since:
  
  0.9.25
  
  See Also:
  
  ONE_SHOT_MODE
- signOneShot
  
  public byte[] signOneShot(byte[] data, int off, int len) throws SignatureException
  To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
  setParameter(ONE_SHOT_MODE) update(data, off, len) sig = sign()
  Parameters:
  
  data - byte array containing the message to be signed
  
  off - the start of the message inside data
  
  len - the length of the message
  
  Returns:
  
  the signature
  
  Throws:
  
  SignatureException - if update() already called
  
  Since:
  
  0.9.25
  
  See Also:
  
  ONE_SHOT_MODE
- verifyOneShot
  
  public boolean verifyOneShot(byte[] data, byte[] signature) throws SignatureException
  To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
  setParameter(ONE_SHOT_MODE) update(data) ok = verify(signature)
  Parameters:
  
  data - the message that was signed
  
  signature - of the message
  
  Returns:
  
  true if the signature is valid, false otherwise
  
  Throws:
  
  SignatureException - if update() already called
  
  Since:
  
  0.9.25
  
  See Also:
  
  ONE_SHOT_MODE
- verifyOneShot
  
  public boolean verifyOneShot(byte[] data, int off, int len, byte[] signature) throws SignatureException
  To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
  setParameter(ONE_SHOT_MODE) update(data, off, len) ok = verify(signature)
  Parameters:
  
  data - byte array containing the message that was signed
  
  off - the start of the message inside data
  
  len - the length of the message
  
  signature - of the message
  
  Returns:
  
  true if the signature is valid, false otherwise
  
  Throws:
  
  SignatureException - if update() already called
  
  Since:
  
  0.9.25
  
  See Also:
  
  ONE_SHOT_MODE
- verifyOneShot
  
  public boolean verifyOneShot(byte[] data, byte[] signature, int sigoff, int siglen) throws SignatureException
  To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
  setParameter(ONE_SHOT_MODE) update(data) ok = verify(signature, sigoff, siglen)
  Parameters:
  
  data - the message that was signed
  
  signature - byte array containing the signature
  
  sigoff - the start of the signature
  
  siglen - the length of the signature
  
  Returns:
  
  true if the signature is valid, false otherwise
  
  Throws:
  
  SignatureException - if update() already called
  
  Since:
  
  0.9.25
  
  See Also:
  
  ONE_SHOT_MODE
- verifyOneShot
  
  public boolean verifyOneShot(byte[] data, int off, int len, byte[] signature, int sigoff, int siglen) throws SignatureException
  To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
  setParameter(ONE_SHOT_MODE) update(data, off, len) ok = verify(signature, sigoff, siglen)
  Parameters:
  
  data - byte array containing the message that was signed
  
  off - the start of the message inside data
  
  len - the length of the message
  
  signature - byte array containing the signature
  
  sigoff - the start of the signature
  
  siglen - the length of the signature
  
  Returns:
  
  true if the signature is valid, false otherwise
  
  Throws:
  
  SignatureException - if update() already called
  
  Since:
  
  0.9.25
  
  See Also:
  
  ONE_SHOT_MODE
- engineSetParameter
  
  protected void engineSetParameter(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
  
  Overrides:
  
  engineSetParameter in class SignatureSpi
  
  Throws:
  
  InvalidAlgorithmParameterException - if spec is ONE_SHOT_MODE and update() already called
  
  Since:
  
  0.9.25
  
  See Also:
  
  ONE_SHOT_MODE
- engineSetParameter
  
  protected void engineSetParameter(String param, Object value)
  
  Deprecated.
  replaced with this
  
  Specified by:
  
  engineSetParameter in class SignatureSpi
- engineGetParameter
  
  protected Object engineGetParameter(String param)
  
  Deprecated.
  
  Specified by:
  
  engineGetParameter in class SignatureSpi

Class EdDSAEngine