Example 1 with EncryptorException
use of com.quorum.tessera.encryption.EncryptorException in project tessera by ConsenSys.
the class CliKeyPasswordResolverTest method lockedKeyWithInvalidPasswordRequestsPassword.
@Test
public void lockedKeyWithInvalidPasswordRequestsPassword() {
when(passwordReader.readPasswordFromConsole()).thenReturn("a".toCharArray());
final char[] validPassword = "a".toCharArray();
final char[] invalidPassword = "invalidPassword".toCharArray();
byte[] privateKeyBytes = Base64.getDecoder().decode("w+itzh2vfuGjiGYEVJtqpiJVUmI5vGUK4CzMErxa+GY=");
final PrivateKey unlockedKey = PrivateKey.from(privateKeyBytes);
final KeyDataConfig privKeyDataConfig = new KeyDataConfig(new PrivateKeyData("Wl+xSyXVuuqzpvznOS7dOobhcn4C5auxkFRi7yLtgtA=", "yb7M8aRJzgxoJM2NecAPcmSVWDW1tRjv", "MIqkFlgR2BWEpx2U0rObGg==", "Gtvp1t6XZEiFVyaE/LHiP1+yvOIBBoiOL+bKeqcKgpiNt4j1oDDoqCC47UJpmQRC", new ArgonOptions("i", 10, 1048576, 4)), PrivateKeyType.LOCKED);
KeyEncryptor keyEncryptor = mock(KeyEncryptor.class);
when(keyEncryptor.decryptPrivateKey(any(PrivateKeyData.class), eq(invalidPassword))).thenThrow(new EncryptorException("decrypt failed"));
when(keyEncryptor.decryptPrivateKey(any(PrivateKeyData.class), eq(validPassword))).thenReturn(unlockedKey);
KeyData keyPair = new KeyData();
keyPair.setPublicKey("public");
keyPair.setConfig(privKeyDataConfig);
this.cliKeyPasswordResolver.getSingleKeyPassword(0, keyPair, keyEncryptor);
assertThat(systemOutRule.getLog()).containsOnlyOnce("Password for key[0] missing or invalid.\nAttempt 1 of 2. Enter a password for the key");
}
Also used :
PrivateKey(com.quorum.tessera.encryption.PrivateKey)
EncryptorException(com.quorum.tessera.encryption.EncryptorException)
KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor)
Test(org.junit.Test)
Example 2 with EncryptorException
use of com.quorum.tessera.encryption.EncryptorException in project tessera by ConsenSys.
the class CliKeyPasswordResolverTest method lockedKeyWithEmptyPasswordRequestsPassword.
@Test
public void lockedKeyWithEmptyPasswordRequestsPassword() {
when(passwordReader.readPasswordFromConsole()).thenReturn("a".toCharArray());
final KeyDataConfig privKeyDataConfig = mock(KeyDataConfig.class);
when(privKeyDataConfig.getType()).thenReturn(PrivateKeyType.LOCKED);
PrivateKeyData privateKeyData = mock(PrivateKeyData.class);
when(privKeyDataConfig.getPrivateKeyData()).thenReturn(privateKeyData);
KeyData keyPair = new KeyData();
keyPair.setPassword(new char[0]);
keyPair.setPublicKey("public");
keyPair.setConfig(privKeyDataConfig);
when(keyEncryptor.decryptPrivateKey(any(), any())).thenThrow(new EncryptorException(""));
this.cliKeyPasswordResolver.getSingleKeyPassword(0, keyPair, keyEncryptor);
assertThat(systemOutRule.getLog()).containsOnlyOnce("Password for key[0] missing or invalid.\nAttempt 1 of 2. Enter a password for the key");
}
Also used :
EncryptorException(com.quorum.tessera.encryption.EncryptorException)
Test(org.junit.Test)
Example 3 with EncryptorException
use of com.quorum.tessera.encryption.EncryptorException in project tessera by ConsenSys.
the class EncodedPayloadManagerImpl method searchForRecipientKey.
private Optional<PublicKey> searchForRecipientKey(final EncodedPayload payload) {
final MessageHash customPayloadHash = new MessageHash(payloadDigest.digest(payload.getCipherText()));
for (final PublicKey potentialMatchingKey : enclave.getPublicKeys()) {
try {
LOGGER.debug("Attempting to decrypt {} using key {}", customPayloadHash, potentialMatchingKey.encodeToBase64());
enclave.unencryptTransaction(payload, potentialMatchingKey);
LOGGER.debug("Succeeded decrypting {} using key {}", customPayloadHash, potentialMatchingKey.encodeToBase64());
return Optional.of(potentialMatchingKey);
} catch (EnclaveException | IndexOutOfBoundsException | EncryptorException ex) {
LOGGER.debug("Attempted payload decryption using wrong key, discarding.");
}
}
return Optional.empty();
}
Also used :
EncryptorException(com.quorum.tessera.encryption.EncryptorException)
PublicKey(com.quorum.tessera.encryption.PublicKey)
MessageHash(com.quorum.tessera.data.MessageHash)
Example 4 with EncryptorException
use of com.quorum.tessera.encryption.EncryptorException in project tessera by ConsenSys.
the class EllipticalCurveEncryptor method computeSharedKey.
@Override
public SharedKey computeSharedKey(PublicKey publicKey, PrivateKey privateKey) {
try {
KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
java.security.PrivateKey privKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKey.getKeyBytes()));
keyAgreement.init(privKey);
LOGGER.info("Encode public key {}", publicKey.encodeToBase64());
X509EncodedKeySpec encodedKeySpec = new X509EncodedKeySpec(publicKey.getKeyBytes());
java.security.PublicKey pubKey = keyFactory.generatePublic(encodedKeySpec);
keyAgreement.doPhase(pubKey, true);
byte[] secret = keyAgreement.generateSecret();
// for now ensure the secret is 32 bytes long (not sure if the keyAgreement secret length may
// vary
MessageDigest sha3256 = new SHA3.Digest256();
final byte[] digest = sha3256.digest(secret);
return SharedKey.from(digest);
} catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) {
LOGGER.error("unable to generate shared secret", e);
throw new EncryptorException("unable to generate shared secret");
}
}
Also used :
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
java.security(java.security)
EncryptorException(com.quorum.tessera.encryption.EncryptorException)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
Example 5 with EncryptorException
use of com.quorum.tessera.encryption.EncryptorException in project tessera by ConsenSys.
the class EllipticalCurveEncryptor method sealAfterPrecomputation.
@Override
public byte[] sealAfterPrecomputation(byte[] message, Nonce nonce, SharedKey sharedKey) {
try {
Cipher cipher = Cipher.getInstance(this.symmetricCipher);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(sharedKey.getKeyBytes(), "AES"), // does this mean that only 16 bytes from the nonce are being used?
new GCMParameterSpec(128, nonce.getNonceBytes()));
return cipher.doFinal(message);
} catch (GeneralSecurityException e) {
LOGGER.error("unable to perform symmetric encryption", e);
throw new EncryptorException("unable to perform symmetric encryption");
}
}
Also used :
EncryptorException(com.quorum.tessera.encryption.EncryptorException)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)
Aggregations
EncryptorException (com.quorum.tessera.encryption.EncryptorException)9
Test (org.junit.Test)4
PrivateKeyData (com.quorum.tessera.config.PrivateKeyData)3
KeyDataConfig (com.quorum.tessera.config.KeyDataConfig)2
PrivateKey (com.quorum.tessera.encryption.PrivateKey)2
GCMParameterSpec (javax.crypto.spec.GCMParameterSpec)2
SecretKeySpec (javax.crypto.spec.SecretKeySpec)2
ValidBase64 (com.quorum.tessera.config.constraints.ValidBase64)1
KeyEncryptor (com.quorum.tessera.config.keys.KeyEncryptor)1
MessageHash (com.quorum.tessera.data.MessageHash)1
PublicKey (com.quorum.tessera.encryption.PublicKey)1
NotNull (jakarta.validation.constraints.NotNull)1
Pattern (jakarta.validation.constraints.Pattern)1
Size (jakarta.validation.constraints.Size)1
java.security (java.security)1
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)1
