Class EdDSAEngine

Direct Known Subclasses:
RedDSAEngine

public class EdDSAEngine extends Signature
Signing and verification for EdDSA.

The EdDSA sign and verify algorithms do not interact well with the Java Signature API, as one or more update() methods must be called before sign() or verify(). Using the standard API, this implementation must copy and buffer all data passed in via update().

This implementation offers two ways to avoid this copying, but only if all data to be signed or verified is available in a single byte array.

Option 1:

  1. Call initSign() or initVerify() as usual.
  2. Call setParameter(ONE_SHOT_MODE)
  3. Call update(byte[]) or update(byte[], int, int) exactly once
  4. Call sign() or verify() as usual.
  5. If doing additional one-shot signs or verifies with this object, you must call setParameter(ONE_SHOT_MODE) each time

Option 2:

  1. Call initSign() or initVerify() as usual.
  2. Call one of the signOneShot() or verifyOneShot() methods.
  3. If doing additional one-shot signs or verifies with this object, just call signOneShot() or verifyOneShot() again.
Since:
0.9.15
Author:
str4d
  • Field Details

    • SIGNATURE_ALGORITHM

      public static final String SIGNATURE_ALGORITHM
      See Also:
    • digest

      protected MessageDigest digest
    • ONE_SHOT_MODE

      public static final AlgorithmParameterSpec ONE_SHOT_MODE
      To efficiently sign or verify data in one shot, pass this to setParameters() after initSign() or initVerify() but BEFORE THE FIRST AND ONLY update(data) or update(data, off, len). The data reference will be saved and then used in sign() or verify() without copying the data. Violate these rules and you will get a SignatureException.
      Since:
      0.9.25
  • Constructor Details

    • EdDSAEngine

      public EdDSAEngine()
      No specific EdDSA-internal hash requested, allows any EdDSA key.
    • EdDSAEngine

      public EdDSAEngine(MessageDigest digest)
      Specific EdDSA-internal hash requested, only matching keys will be allowed.
      Parameters:
      digest - the hash algorithm that keys must have to sign or verify.
  • Method Details

    • engineInitSign

      protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException
      Specified by:
      engineInitSign in class SignatureSpi
      Throws:
      InvalidKeyException
    • digestInitSign

      protected void digestInitSign(EdDSAPrivateKey privKey)
    • engineInitVerify

      protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException
      Specified by:
      engineInitVerify in class SignatureSpi
      Throws:
      InvalidKeyException
    • engineUpdate

      protected void engineUpdate(byte b) throws SignatureException
      Specified by:
      engineUpdate in class SignatureSpi
      Throws:
      SignatureException - if in one-shot mode
    • engineUpdate

      protected void engineUpdate(byte[] b, int off, int len) throws SignatureException
      Specified by:
      engineUpdate in class SignatureSpi
      Throws:
      SignatureException - if one-shot rules are violated
    • engineSign

      protected byte[] engineSign() throws SignatureException
      Specified by:
      engineSign in class SignatureSpi
      Throws:
      SignatureException
    • engineVerify

      protected boolean engineVerify(byte[] sigBytes) throws SignatureException
      Specified by:
      engineVerify in class SignatureSpi
      Throws:
      SignatureException
    • signOneShot

      public byte[] signOneShot(byte[] data) throws SignatureException
      To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
        setParameter(ONE_SHOT_MODE)
        update(data)
        sig = sign()
      
      Parameters:
      data - the message to be signed
      Returns:
      the signature
      Throws:
      SignatureException - if update() already called
      Since:
      0.9.25
      See Also:
    • signOneShot

      public byte[] signOneShot(byte[] data, int off, int len) throws SignatureException
      To efficiently sign all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
        setParameter(ONE_SHOT_MODE)
        update(data, off, len)
        sig = sign()
      
      Parameters:
      data - byte array containing the message to be signed
      off - the start of the message inside data
      len - the length of the message
      Returns:
      the signature
      Throws:
      SignatureException - if update() already called
      Since:
      0.9.25
      See Also:
    • verifyOneShot

      public boolean verifyOneShot(byte[] data, byte[] signature) throws SignatureException
      To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
        setParameter(ONE_SHOT_MODE)
        update(data)
        ok = verify(signature)
      
      Parameters:
      data - the message that was signed
      signature - of the message
      Returns:
      true if the signature is valid, false otherwise
      Throws:
      SignatureException - if update() already called
      Since:
      0.9.25
      See Also:
    • verifyOneShot

      public boolean verifyOneShot(byte[] data, int off, int len, byte[] signature) throws SignatureException
      To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
        setParameter(ONE_SHOT_MODE)
        update(data, off, len)
        ok = verify(signature)
      
      Parameters:
      data - byte array containing the message that was signed
      off - the start of the message inside data
      len - the length of the message
      signature - of the message
      Returns:
      true if the signature is valid, false otherwise
      Throws:
      SignatureException - if update() already called
      Since:
      0.9.25
      See Also:
    • verifyOneShot

      public boolean verifyOneShot(byte[] data, byte[] signature, int sigoff, int siglen) throws SignatureException
      To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
        setParameter(ONE_SHOT_MODE)
        update(data)
        ok = verify(signature, sigoff, siglen)
      
      Parameters:
      data - the message that was signed
      signature - byte array containing the signature
      sigoff - the start of the signature
      siglen - the length of the signature
      Returns:
      true if the signature is valid, false otherwise
      Throws:
      SignatureException - if update() already called
      Since:
      0.9.25
      See Also:
    • verifyOneShot

      public boolean verifyOneShot(byte[] data, int off, int len, byte[] signature, int sigoff, int siglen) throws SignatureException
      To efficiently verify all the data in one shot, if it is available, use this method, which will avoid copying the data. Same as:
        setParameter(ONE_SHOT_MODE)
        update(data, off, len)
        ok = verify(signature, sigoff, siglen)
      
      Parameters:
      data - byte array containing the message that was signed
      off - the start of the message inside data
      len - the length of the message
      signature - byte array containing the signature
      sigoff - the start of the signature
      siglen - the length of the signature
      Returns:
      true if the signature is valid, false otherwise
      Throws:
      SignatureException - if update() already called
      Since:
      0.9.25
      See Also:
    • engineSetParameter

      protected void engineSetParameter(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
      Overrides:
      engineSetParameter in class SignatureSpi
      Throws:
      InvalidAlgorithmParameterException - if spec is ONE_SHOT_MODE and update() already called
      Since:
      0.9.25
      See Also:
    • engineSetParameter

      @Deprecated protected void engineSetParameter(String param, Object value)
      Deprecated.
      replaced with this
      Specified by:
      engineSetParameter in class SignatureSpi
    • engineGetParameter

      @Deprecated protected Object engineGetParameter(String param)
      Deprecated.
      Specified by:
      engineGetParameter in class SignatureSpi