Class Crypto

java.lang.Object
org.drasyl.crypto.Crypto

public class Crypto extends Object
Util class that provides cryptography functions for drasyl.
  • Field Details

    • INSTANCE

      public static final Crypto INSTANCE
    • CSPRNG

      public static final SecureRandom CSPRNG
    • PK_LONG_TIME_KEY_LENGTH

      public static final short PK_LONG_TIME_KEY_LENGTH
      See Also:
    • SK_LONG_TIME_KEY_LENGTH

      public static final short SK_LONG_TIME_KEY_LENGTH
      See Also:
    • PK_CURVE_25519_KEY_LENGTH

      public static final short PK_CURVE_25519_KEY_LENGTH
      See Also:
    • SK_CURVE_25519_KEY_LENGTH

      public static final short SK_CURVE_25519_KEY_LENGTH
      See Also:
  • Method Details

    • compare

      public static int compare(Key k1, Key k2)
      Compares two keys k1 and k2 to allow to form a total order on the keys. This is especially important in asynchronous environments to make deterministic decisions.
      Parameters:
      k1 - first key
      k2 - second key
      Returns:
      -1 if the first key is smaller than, 0 if equals to, 1 if greater than the second key
    • randomString

      public static String randomString(int entropy)
      Generates a secure random HEX String with the given entropy of bytes.

      Recommendation:

      • 4 byte for small sets
      • 8 bytes for unique internal strings, e.g. hash tables
      • 16 bytes for global uniqueness, e.g. auth token
      • 24 bytes for cryptographic operations, e.g. nonce's

      You can also use the following probability table for the "Birthday problem", as a starting point for a suitable entropy size: Birthday problem probability table

      Parameters:
      entropy - entropy in bytes
      Returns:
      a secure random HEX String
    • randomBytes

      public static byte[] randomBytes(int entropy)
      Generates a secure random bytes with the given entropy.

      Recommendation:

      • 4 byte for small sets
      • 8 bytes for unique internal strings, e.g. hash tables
      • 16 bytes for global uniqueness, e.g. auth token
      • 24 bytes for cryptographic operations, e.g. nonce's

      You can also use the following probability table for the "Birthday problem", as a starting point for a suitable entropy size: Birthday problem probability table

      Parameters:
      entropy - entropy in bytes
      Returns:
      a secure random bytes
    • randomNumber

      public static int randomNumber(int bound)
      Generates a random number with the static SecureRandom of this class. Avoids overhead of generating a new instance of SecureRandom.
      Parameters:
      bound - the upper bound (exclusive). Must be positive.
      Returns:
      the next pseudorandom, uniformly distributed int value between zero (inclusive) and bound (exclusive) from this random number generator's sequence
    • getSodium

      public DrasylSodiumWrapper getSodium()
      Is only for internal usage.
      Returns:
      returns the DrasylSodiumWrapper instance.
    • sha256

      public byte[] sha256(byte[] input) throws CryptoException
      Generates a SHA-256 hash of the given input.
      Parameters:
      input - the input to hash
      Returns:
      SHA-256 hash of the input
      Throws:
      CryptoException
    • generateLongTimeKeyPair

      public KeyPair<IdentityPublicKey,IdentitySecretKey> generateLongTimeKeyPair() throws CryptoException
      Generates a new ed25519 key pair for signing and on-demand encryption. This key pair can be used as identity of a node.
      Returns:
      new ed25519 key pair
      Throws:
      CryptoException - if any error occurs during key generation
    • convertLongTimeKeyPairToKeyAgreementKeyPair

      public KeyPair<KeyAgreementPublicKey,KeyAgreementSecretKey> convertLongTimeKeyPairToKeyAgreementKeyPair(KeyPair<IdentityPublicKey,IdentitySecretKey> keyPair) throws CryptoException
      Converts the given ed25519 long time keyPair into a curve25519 key pair for (on-demand) key agreement.
      Parameters:
      keyPair - the ed25519 long time key pair
      Returns:
      ed25519 key pair as curve25519
      Throws:
      CryptoException - if any error occurs during conversion
      NullPointerException - if keyPar or a key within the pair is null
    • convertIdentityKeyToKeyAgreementKey

      public KeyAgreementPublicKey convertIdentityKeyToKeyAgreementKey(IdentityPublicKey publicKey) throws CryptoException
      Converts the given ed25519 long time publicKey into a curve25519 key for (on-demand) key agreement.
      Parameters:
      publicKey - the ed25519 public key
      Returns:
      ed25519 public key as curve25519
      Throws:
      CryptoException - if any error occurs during conversion
    • generateEphemeralKeyPair

      public KeyPair<KeyAgreementPublicKey,KeyAgreementSecretKey> generateEphemeralKeyPair() throws CryptoException
      Generates a new curve25519 key pair for key exchange. This key should only be used for one session and never be re-used.
      Returns:
      new curve25519 key pair
      Throws:
      CryptoException - if any error occurs during key generation
    • generateSessionKeyPair

      public <P extends PublicKey, S extends SecretKey> SessionPair generateSessionKeyPair(KeyPair<P,S> myKeyPair, PublicKey receiverPublicKey) throws CryptoException
      Generates session key pair from the myKeyPair and receiverKeyPair.
      Parameters:
      myKeyPair - my own curve25519 key pair (long time or ephemeral)
      receiverPublicKey - the receiver public key (long time or ephemeral)
      Returns:
      a session key for sending and receiving messages
      Throws:
      CryptoException - if any error occurs during generation
    • encrypt

      public byte[] encrypt(byte[] message, byte[] authTag, Nonce nonce, SessionPair sessionPair) throws CryptoException
      Encrypts the given message, by adding authTag as an authentication tag, using the given (hopefully fresh) nonce and encrypting with the tx part of the sessionPair.
      Parameters:
      message - the message to encrypt
      authTag - some authentication tag
      nonce - the fresh nonce
      sessionPair - the session pair
      Returns:
      encrypted message
      Throws:
      CryptoException - if any error occurs during encryption
      NullPointerException - if message or authTag is null
    • decrypt

      public byte[] decrypt(byte[] cipher, byte[] authTag, Nonce nonce, SessionPair sessionPair) throws CryptoException
      Decrypt the given cipher, by verify the authTag as an authentication tag, uses the given nonce and decrypting with the rx part of the sessionPair.
      Parameters:
      cipher - the cipher text to decrypt
      authTag - some authentication tag
      nonce - the fresh nonce
      sessionPair - the session pair
      Returns:
      decrypted message
      Throws:
      CryptoException - if any error occurs during decryption
      NullPointerException - if message or authTag is null
    • sign

      public byte[] sign(byte[] message, IdentitySecretKey secretKey) throws CryptoException
      Creates a signature for the given message with the given secretKey in detached mode (signature is not appended to message, rather it is standalone).
      Parameters:
      message - the message to sign
      secretKey - the secret key to sign
      Returns:
      the signature of the message
      Throws:
      CryptoException - if any error occurs during signing
    • verifySignature

      public boolean verifySignature(byte[] signature, byte[] message, IdentityPublicKey publicKey)
      Verifies that signature is valid for the message.
      Parameters:
      signature - the signature of the message
      message - the message
      publicKey - the public key that signed the message
      Returns:
      true if the signature is valid for the message