Example 1 with ArgonOptions
use of com.quorum.tessera.config.ArgonOptions in project tessera by ConsenSys.
the class KeyEncryptorImpl method encryptPrivateKey.
@Override
public PrivateKeyData encryptPrivateKey(final PrivateKey privateKey, final char[] password, final ArgonOptions argonOptions) {
LOGGER.info("Encrypting a private key");
LOGGER.debug("Encrypting private key {} using password {}", privateKey, password);
final byte[] salt = new byte[KeyEncryptor.SALTLENGTH];
this.secureRandom.nextBytes(salt);
LOGGER.debug("Generated the random salt {}", Arrays.toString(salt));
final ArgonResult argonResult;
if (argonOptions == null) {
argonResult = this.argon2.hash(password, salt);
} else {
argonResult = this.argon2.hash(new com.quorum.tessera.argon2.ArgonOptions(argonOptions.getAlgorithm(), argonOptions.getIterations(), argonOptions.getMemory(), argonOptions.getParallelism()), password, salt);
}
final Nonce nonce = this.encryptor.randomNonce();
LOGGER.debug("Generated the random nonce {}", nonce);
final byte[] encryptedKey = this.encryptor.sealAfterPrecomputation(privateKey.getKeyBytes(), nonce, SharedKey.from(argonResult.getHash()));
LOGGER.info("Private key encrypted");
final String snonce = this.encoder.encodeToString(nonce.getNonceBytes());
final String asalt = this.encoder.encodeToString(salt);
final String sbox = this.encoder.encodeToString(encryptedKey);
return new PrivateKeyData(null, snonce, asalt, sbox, new ArgonOptions(argonResult.getOptions().getAlgorithm(), argonResult.getOptions().getIterations(), argonResult.getOptions().getMemory(), argonResult.getOptions().getParallelism()));
}
Also used :
Nonce(com.quorum.tessera.encryption.Nonce)
ArgonOptions(com.quorum.tessera.config.ArgonOptions)
ArgonResult(com.quorum.tessera.argon2.ArgonResult)
PrivateKeyData(com.quorum.tessera.config.PrivateKeyData)
Example 2 with ArgonOptions
use of com.quorum.tessera.config.ArgonOptions in project tessera by ConsenSys.
the class KeyEncryptorTest method providingArgonOptionsEncryptsKey.
@Test
public void providingArgonOptionsEncryptsKey() {
final PrivateKey key = PrivateKey.from(new byte[] { 1, 2, 3, 4, 5 });
final char[] password = "pass".toCharArray();
final ArgonResult result = new ArgonResult(new com.quorum.tessera.argon2.ArgonOptions("i", 5, 6, 7), new byte[] {}, new byte[] {});
doReturn(result).when(argon2).hash(any(com.quorum.tessera.argon2.ArgonOptions.class), eq(password), any(byte[].class));
doReturn(new Nonce(new byte[] {})).when(encryptor).randomNonce();
doReturn(new byte[] {}).when(encryptor).sealAfterPrecomputation(any(byte[].class), any(Nonce.class), any(SharedKey.class));
final PrivateKeyData privateKey = this.keyEncryptor.encryptPrivateKey(key, password, new ArgonOptions("i", 5, 6, 7));
final ArgonOptions aopts = privateKey.getArgonOptions();
assertThat(privateKey.getSbox()).isNotNull();
assertThat(privateKey.getAsalt()).isNotNull();
assertThat(privateKey.getSnonce()).isNotNull();
assertThat(aopts).isNotNull();
assertThat(aopts.getIterations()).isNotNull().isEqualTo(5);
assertThat(aopts.getMemory()).isNotNull().isEqualTo(6);
assertThat(aopts.getParallelism()).isNotNull().isEqualTo(7);
assertThat(aopts.getAlgorithm()).isNotNull();
verify(argon2).hash(any(com.quorum.tessera.argon2.ArgonOptions.class), eq(password), any(byte[].class));
verify(encryptor).randomNonce();
verify(encryptor).sealAfterPrecomputation(any(byte[].class), any(Nonce.class), any(SharedKey.class));
}
Also used :
Nonce(com.quorum.tessera.encryption.Nonce)
ArgonOptions(com.quorum.tessera.config.ArgonOptions)
PrivateKey(com.quorum.tessera.encryption.PrivateKey)
ArgonResult(com.quorum.tessera.argon2.ArgonResult)
PrivateKeyData(com.quorum.tessera.config.PrivateKeyData)
SharedKey(com.quorum.tessera.encryption.SharedKey)
Test(org.junit.Test)
Example 3 with ArgonOptions
use of com.quorum.tessera.config.ArgonOptions in project tessera by ConsenSys.
the class AzureVaultKeyGeneratorTest method encryptionIsNotUsedWhenSavingToVault.
@Test
public void encryptionIsNotUsedWhenSavingToVault() {
final ArgonOptions argonOptions = mock(ArgonOptions.class);
azureVaultKeyGenerator.generate("vaultId", argonOptions, null);
verifyNoMoreInteractions(argonOptions);
}
Also used :
ArgonOptions(com.quorum.tessera.config.ArgonOptions)
Test(org.junit.Test)
Example 4 with ArgonOptions
use of com.quorum.tessera.config.ArgonOptions in project tessera by ConsenSys.
the class FileKeyGeneratorTest method generateFromKeyDataLockedPrivateKey.
@Test
public void generateFromKeyDataLockedPrivateKey() throws IOException {
when(passwordReader.requestUserPassword()).thenReturn("PASSWORD".toCharArray());
final Path tempFolder = Files.createTempDirectory(UUID.randomUUID().toString());
final String keyFilesName = tempFolder.resolve(UUID.randomUUID().toString()).toString();
doReturn(keyPair).when(encryptor).generateNewKeys();
final ArgonOptions argonOptions = new ArgonOptions("id", 1, 1, 1);
final PrivateKeyData encryptedPrivateKey = new PrivateKeyData(null, null, null, null, argonOptions);
doReturn(encryptedPrivateKey).when(keyEncryptor).encryptPrivateKey(any(PrivateKey.class), any(), eq(null));
final PrivateKeyData encryptedKey = new PrivateKeyData(null, "snonce", "salt", "sbox", argonOptions);
doReturn(encryptedKey).when(keyEncryptor).encryptPrivateKey(any(PrivateKey.class), any(), eq(null));
final FilesystemKeyPair generated = generator.generate(keyFilesName, null, null);
final KeyDataConfig pkd = generated.getInlineKeypair().getPrivateKeyConfig();
assertThat(generated.getPublicKey()).isEqualTo("cHVibGljS2V5");
assertThat(pkd.getSbox()).isEqualTo("sbox");
assertThat(pkd.getSnonce()).isEqualTo("snonce");
assertThat(pkd.getAsalt()).isEqualTo("salt");
assertThat(pkd.getType()).isEqualTo(PrivateKeyType.LOCKED);
verify(keyEncryptor).encryptPrivateKey(any(PrivateKey.class), any(), eq(null));
verify(encryptor).generateNewKeys();
}
Also used :
Path(java.nio.file.Path)
KeyDataConfig(com.quorum.tessera.config.KeyDataConfig)
ArgonOptions(com.quorum.tessera.config.ArgonOptions)
PrivateKey(com.quorum.tessera.encryption.PrivateKey)
PrivateKeyData(com.quorum.tessera.config.PrivateKeyData)
FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair)
Test(org.junit.Test)
Example 5 with ArgonOptions
use of com.quorum.tessera.config.ArgonOptions in project tessera by ConsenSys.
the class ArgonOptionsConverterTest method fileContainsValidArgonJsonConfig.
@Test
public void fileContainsValidArgonJsonConfig() throws Exception {
final String algorithm = "id";
final Integer iterations = 10;
final Integer memory = 10;
final Integer parallelism = 10;
final String config = String.format("{\"variant\": \"%s\", \"iterations\":%s, \"memory\":%s, \"parallelism\":%s}", algorithm, iterations, memory, parallelism);
final Path argonPath = Files.createTempFile(UUID.randomUUID().toString(), "");
argonPath.toFile().deleteOnExit();
Files.write(argonPath, config.getBytes());
final ArgonOptions result = argonOptionsConverter.convert(argonPath.toString());
final ArgonOptions expected = new ArgonOptions();
expected.setAlgorithm(algorithm);
expected.setIterations(iterations);
expected.setMemory(memory);
expected.setParallelism(parallelism);
assertThat(result).isEqualToComparingFieldByField(expected);
}
Also used :
Path(java.nio.file.Path)
ArgonOptions(com.quorum.tessera.config.ArgonOptions)
Test(org.junit.Test)
Aggregations
ArgonOptions (com.quorum.tessera.config.ArgonOptions)10
Test (org.junit.Test)9
PrivateKeyData (com.quorum.tessera.config.PrivateKeyData)7
PrivateKey (com.quorum.tessera.encryption.PrivateKey)6
ArgonResult (com.quorum.tessera.argon2.ArgonResult)4
Nonce (com.quorum.tessera.encryption.Nonce)4
SharedKey (com.quorum.tessera.encryption.SharedKey)3
Path (java.nio.file.Path)3
KeyDataConfig (com.quorum.tessera.config.KeyDataConfig)1
FilesystemKeyPair (com.quorum.tessera.config.keypairs.FilesystemKeyPair)1
Assertions.catchThrowable (org.assertj.core.api.Assertions.catchThrowable)1
