Search in sources :

Example 1 with ArgonResult

use of com.quorum.tessera.argon2.ArgonResult in project tessera by ConsenSys.

the class KeyEncryptorImpl method encryptPrivateKey.

@Override
public PrivateKeyData encryptPrivateKey(final PrivateKey privateKey, final char[] password, final ArgonOptions argonOptions) {
    LOGGER.info("Encrypting a private key");
    LOGGER.debug("Encrypting private key {} using password {}", privateKey, password);
    final byte[] salt = new byte[KeyEncryptor.SALTLENGTH];
    this.secureRandom.nextBytes(salt);
    LOGGER.debug("Generated the random salt {}", Arrays.toString(salt));
    final ArgonResult argonResult;
    if (argonOptions == null) {
        argonResult = this.argon2.hash(password, salt);
    } else {
        argonResult = this.argon2.hash(new com.quorum.tessera.argon2.ArgonOptions(argonOptions.getAlgorithm(), argonOptions.getIterations(), argonOptions.getMemory(), argonOptions.getParallelism()), password, salt);
    }
    final Nonce nonce = this.encryptor.randomNonce();
    LOGGER.debug("Generated the random nonce {}", nonce);
    final byte[] encryptedKey = this.encryptor.sealAfterPrecomputation(privateKey.getKeyBytes(), nonce, SharedKey.from(argonResult.getHash()));
    LOGGER.info("Private key encrypted");
    final String snonce = this.encoder.encodeToString(nonce.getNonceBytes());
    final String asalt = this.encoder.encodeToString(salt);
    final String sbox = this.encoder.encodeToString(encryptedKey);
    return new PrivateKeyData(null, snonce, asalt, sbox, new ArgonOptions(argonResult.getOptions().getAlgorithm(), argonResult.getOptions().getIterations(), argonResult.getOptions().getMemory(), argonResult.getOptions().getParallelism()));
}
Also used : Nonce(com.quorum.tessera.encryption.Nonce) ArgonOptions(com.quorum.tessera.config.ArgonOptions) ArgonResult(com.quorum.tessera.argon2.ArgonResult) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData)

Example 2 with ArgonResult

use of com.quorum.tessera.argon2.ArgonResult in project tessera by ConsenSys.

the class KeyEncryptorImpl method decryptPrivateKey.

@Override
public PrivateKey decryptPrivateKey(final PrivateKeyData privateKey, final char[] password) {
    LOGGER.info("Decrypting private key");
    LOGGER.debug("Decrypting private key {} using password {}", privateKey.getValue(), password);
    final byte[] salt = this.decoder.decode(privateKey.getAsalt());
    final ArgonResult argonResult = this.argon2.hash(new com.quorum.tessera.argon2.ArgonOptions(privateKey.getArgonOptions().getAlgorithm(), privateKey.getArgonOptions().getIterations(), privateKey.getArgonOptions().getMemory(), privateKey.getArgonOptions().getParallelism()), password, salt);
    final byte[] originalKey = this.encryptor.openAfterPrecomputation(this.decoder.decode(privateKey.getSbox()), new Nonce(this.decoder.decode(privateKey.getSnonce())), SharedKey.from(argonResult.getHash()));
    PrivateKey outcome = PrivateKey.from(originalKey);
    LOGGER.info("Decrypted private key");
    LOGGER.debug("Decrypted private key {}", outcome.encodeToBase64());
    return outcome;
}
Also used : Nonce(com.quorum.tessera.encryption.Nonce) ArgonResult(com.quorum.tessera.argon2.ArgonResult) PrivateKey(com.quorum.tessera.encryption.PrivateKey)

Example 3 with ArgonResult

use of com.quorum.tessera.argon2.ArgonResult in project tessera by ConsenSys.

the class KeyEncryptorTest method providingArgonOptionsEncryptsKey.

@Test
public void providingArgonOptionsEncryptsKey() {
    final PrivateKey key = PrivateKey.from(new byte[] { 1, 2, 3, 4, 5 });
    final char[] password = "pass".toCharArray();
    final ArgonResult result = new ArgonResult(new com.quorum.tessera.argon2.ArgonOptions("i", 5, 6, 7), new byte[] {}, new byte[] {});
    doReturn(result).when(argon2).hash(any(com.quorum.tessera.argon2.ArgonOptions.class), eq(password), any(byte[].class));
    doReturn(new Nonce(new byte[] {})).when(encryptor).randomNonce();
    doReturn(new byte[] {}).when(encryptor).sealAfterPrecomputation(any(byte[].class), any(Nonce.class), any(SharedKey.class));
    final PrivateKeyData privateKey = this.keyEncryptor.encryptPrivateKey(key, password, new ArgonOptions("i", 5, 6, 7));
    final ArgonOptions aopts = privateKey.getArgonOptions();
    assertThat(privateKey.getSbox()).isNotNull();
    assertThat(privateKey.getAsalt()).isNotNull();
    assertThat(privateKey.getSnonce()).isNotNull();
    assertThat(aopts).isNotNull();
    assertThat(aopts.getIterations()).isNotNull().isEqualTo(5);
    assertThat(aopts.getMemory()).isNotNull().isEqualTo(6);
    assertThat(aopts.getParallelism()).isNotNull().isEqualTo(7);
    assertThat(aopts.getAlgorithm()).isNotNull();
    verify(argon2).hash(any(com.quorum.tessera.argon2.ArgonOptions.class), eq(password), any(byte[].class));
    verify(encryptor).randomNonce();
    verify(encryptor).sealAfterPrecomputation(any(byte[].class), any(Nonce.class), any(SharedKey.class));
}
Also used : Nonce(com.quorum.tessera.encryption.Nonce) ArgonOptions(com.quorum.tessera.config.ArgonOptions) PrivateKey(com.quorum.tessera.encryption.PrivateKey) ArgonResult(com.quorum.tessera.argon2.ArgonResult) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) SharedKey(com.quorum.tessera.encryption.SharedKey) Test(org.junit.Test)

Example 4 with ArgonResult

use of com.quorum.tessera.argon2.ArgonResult in project tessera by ConsenSys.

the class KeyEncryptorTest method encryptingKeyReturnsCorrectJson.

@Test
public void encryptingKeyReturnsCorrectJson() {
    final PrivateKey key = PrivateKey.from(new byte[] { 1, 2, 3, 4, 5 });
    final char[] password = "pass".toCharArray();
    final ArgonResult result = new ArgonResult(new com.quorum.tessera.argon2.ArgonOptions("i", 1, 1, 1), new byte[] {}, new byte[] {});
    doReturn(result).when(argon2).hash(eq(password), any(byte[].class));
    doReturn(new Nonce(new byte[] {})).when(encryptor).randomNonce();
    doReturn(new byte[] {}).when(encryptor).sealAfterPrecomputation(any(byte[].class), any(Nonce.class), any(SharedKey.class));
    final PrivateKeyData privateKey = this.keyEncryptor.encryptPrivateKey(key, password, null);
    final ArgonOptions aopts = privateKey.getArgonOptions();
    assertThat(privateKey.getSbox()).isNotNull();
    assertThat(privateKey.getAsalt()).isNotNull();
    assertThat(privateKey.getSnonce()).isNotNull();
    assertThat(aopts).isNotNull();
    assertThat(aopts.getMemory()).isNotNull();
    assertThat(aopts.getParallelism()).isNotNull();
    assertThat(aopts.getIterations()).isNotNull();
    assertThat(aopts.getAlgorithm()).isNotNull();
    verify(argon2).hash(eq(password), any(byte[].class));
    verify(encryptor).randomNonce();
    verify(encryptor).sealAfterPrecomputation(any(byte[].class), any(Nonce.class), any(SharedKey.class));
}
Also used : Nonce(com.quorum.tessera.encryption.Nonce) ArgonOptions(com.quorum.tessera.config.ArgonOptions) PrivateKey(com.quorum.tessera.encryption.PrivateKey) ArgonResult(com.quorum.tessera.argon2.ArgonResult) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) SharedKey(com.quorum.tessera.encryption.SharedKey) Test(org.junit.Test)

Example 5 with ArgonResult

use of com.quorum.tessera.argon2.ArgonResult in project tessera by ConsenSys.

the class KeyEncryptorTest method correntJsonGivesDecryptedKey.

@Test
public void correntJsonGivesDecryptedKey() {
    final char[] password = "pass".toCharArray();
    final ArgonOptions argonOptions = new ArgonOptions("i", 1, 1, 1);
    final PrivateKeyData lockedPrivateKey = new PrivateKeyData("", "", "uZAfjmMwEepP8kzZCnmH6g==", "", argonOptions);
    doReturn(new byte[] { 1, 2, 3 }).when(this.encryptor).openAfterPrecomputation(any(byte[].class), any(Nonce.class), any(SharedKey.class));
    doReturn(new ArgonResult(null, new byte[] {}, new byte[] { 4, 5, 6 })).when(this.argon2).hash(any(com.quorum.tessera.argon2.ArgonOptions.class), eq(password), any(byte[].class));
    final PrivateKey key = this.keyEncryptor.decryptPrivateKey(lockedPrivateKey, password);
    assertThat(key.getKeyBytes()).isEqualTo(new byte[] { 1, 2, 3 });
    verify(this.encryptor).openAfterPrecomputation(any(byte[].class), any(Nonce.class), any(SharedKey.class));
    verify(this.argon2).hash(any(com.quorum.tessera.argon2.ArgonOptions.class), eq(password), any(byte[].class));
}
Also used : Nonce(com.quorum.tessera.encryption.Nonce) ArgonOptions(com.quorum.tessera.config.ArgonOptions) ArgonResult(com.quorum.tessera.argon2.ArgonResult) PrivateKey(com.quorum.tessera.encryption.PrivateKey) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) SharedKey(com.quorum.tessera.encryption.SharedKey) Test(org.junit.Test)

Aggregations

ArgonResult (com.quorum.tessera.argon2.ArgonResult)5 Nonce (com.quorum.tessera.encryption.Nonce)5 ArgonOptions (com.quorum.tessera.config.ArgonOptions)4 PrivateKeyData (com.quorum.tessera.config.PrivateKeyData)4 PrivateKey (com.quorum.tessera.encryption.PrivateKey)4 SharedKey (com.quorum.tessera.encryption.SharedKey)3 Test (org.junit.Test)3