Merge pull request Azure#42 from tiffanyachen/dev

Correcting implementation of EC keys to take in a hashed digest rather than the raw data

azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EcKey.java

@@ -1,25 +1,17 @@
 package com.microsoft.azure.keyvault.cryptography;
 
 import java.io.IOException;
-import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
 import java.security.Provider;
-import java.security.PublicKey;
 import java.security.Security;
-import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.ECGenParameterSpec;
 import java.security.spec.ECParameterSpec;
-import java.security.spec.ECPoint;
-import java.security.spec.ECPrivateKeySpec;
-import java.security.spec.ECPublicKeySpec;
 import java.security.spec.EllipticCurve;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Arrays;
@@ -39,9 +31,8 @@
 import com.microsoft.azure.keyvault.cryptography.algorithms.Es256;
 import com.microsoft.azure.keyvault.cryptography.algorithms.Es384;
 import com.microsoft.azure.keyvault.cryptography.algorithms.Es512;
-import com.microsoft.azure.keyvault.webkey.JsonWebKeyCurveName;
 import com.microsoft.azure.keyvault.webkey.JsonWebKey;
-import com.microsoft.azure.keyvault.webkey.JsonWebKeyType;
+import com.microsoft.azure.keyvault.webkey.JsonWebKeyCurveName;
 
 
 public class EcKey implements IKey {
@@ -365,7 +356,7 @@ public ListenableFuture<Pair<byte[], String>> signAsync(byte[] digest, String al
         }
 
 		Ecdsa algo = (Ecdsa) baseAlgorithm;
-		ISignatureTransform signer = algo.createSignatureTransform(_keyPair, algo.getName(), _provider);
+		ISignatureTransform signer = algo.createSignatureTransform(_keyPair, _provider);
 
 		try {
 			return Futures.immediateFuture(Pair.of(signer.sign(digest), algorithm));
@@ -394,7 +385,7 @@ public ListenableFuture<Boolean> verifyAsync(byte[] digest, byte[] signature, St
 
         Ecdsa algo = (Ecdsa) baseAlgorithm;
 
-        ISignatureTransform signer = algo.createSignatureTransform(_keyPair, algo.getName(), _provider);
+        ISignatureTransform signer = algo.createSignatureTransform(_keyPair, _provider);
 
         try {
 			return Futures.immediateFuture(signer.verify(digest, signature));

azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Ecdsa.java

@@ -9,39 +9,42 @@
 import com.microsoft.azure.keyvault.cryptography.ISignatureTransform;
 
 public abstract class Ecdsa extends AsymmetricSignatureAlgorithm {
-		
-	protected Ecdsa(String name) {
-		super(name);
+
+	protected Ecdsa() {
+		super("NONEwithEDCSA");
 	}
 
-	public ISignatureTransform createSignatureTransform(KeyPair key, String algorithm, Provider provider) {
-		return new EcdsaSignatureTransform(key, algorithm, provider);
+	public ISignatureTransform createSignatureTransform(KeyPair key, Provider provider) {
+		return new EcdsaSignatureTransform(key, provider);
 	}
 
+	abstract void checkDigestLength(byte[] digest);
 
-	static class EcdsaSignatureTransform implements ISignatureTransform {
-
+
+	class EcdsaSignatureTransform implements ISignatureTransform {
+	    private final String ALGORITHM = "NONEwithECDSA";
 		private final KeyPair _keyPair;
-		private final String _algorithm;
+
 		private final Provider _provider;
 
-		public EcdsaSignatureTransform(KeyPair keyPair, String algorithm, Provider provider) {
+		public EcdsaSignatureTransform(KeyPair keyPair, Provider provider) {
 			_keyPair = keyPair;
-			_algorithm = algorithm;
 			_provider = provider;
 		}
 
 		@Override
-		public byte[] sign(byte[] digest) throws GeneralSecurityException {			
-			Signature signature = Signature.getInstance(_algorithm, _provider);
+		public byte[] sign(byte[] digest) throws GeneralSecurityException {
+		    checkDigestLength(digest);
+			Signature signature = Signature.getInstance(ALGORITHM, _provider);
 			signature.initSign(_keyPair.getPrivate());
 			signature.update(digest);
 			return signature.sign();
 		}
 
 		@Override
 		public boolean verify(byte[] digest, byte[] signature) throws GeneralSecurityException {
-			Signature verify = Signature.getInstance(_algorithm, _provider);
+			Signature verify = Signature.getInstance(ALGORITHM, _provider);
+	         checkDigestLength(digest);
 			verify.initVerify(_keyPair.getPublic());
 			verify.update(digest);
 			return verify.verify(signature);

azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Ecdsa256.java

@@ -1,19 +1,12 @@
 package com.microsoft.azure.keyvault.cryptography.algorithms;
 
-import java.security.KeyPair;
-import java.security.Provider;
-
-import com.microsoft.azure.keyvault.cryptography.ISignatureTransform;
-
 public class Ecdsa256 extends Ecdsa {
-	public final static String ALGORITHM_NAME = "NONEwithECDSA";
-
-	public Ecdsa256() {
-		super(ALGORITHM_NAME);
-	}
-
-	protected ISignatureTransform createSignatureTransform(KeyPair key, Provider provider) {
-		return createSignatureTransform(key, ALGORITHM_NAME, provider);
-	}
+    public final static String ALGORITHM_NAME = "NONEwithECDSA";
 
+    @Override
+    public void checkDigestLength(byte[] digest) {
+        if (digest.length != 32) {
+            throw new IllegalArgumentException("Invalid digest length.");
+        }
+    }
 }

azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256.java

@@ -1,18 +1,12 @@
 package com.microsoft.azure.keyvault.cryptography.algorithms;
 
-import java.security.KeyPair;
-import java.security.Provider;
-
-import com.microsoft.azure.keyvault.cryptography.ISignatureTransform;
-
 public class Es256 extends Ecdsa {
-	public final static String ALGORITHM_NAME = "SHA256withECDSA";
-
-	public Es256() {
-		super(ALGORITHM_NAME);
-	}
+    public final static String ALGORITHM_NAME = "SHA256withECDSA";
 
-	protected ISignatureTransform createSignatureTransform(KeyPair key, Provider provider) {
-		return createSignatureTransform(key, ALGORITHM_NAME, provider);
-	}
+    @Override
+    public void checkDigestLength(byte[] digest) {
+        if (digest.length != 32) {
+            throw new IllegalArgumentException("Invalid digest length.");
+        }
+    }
 }

azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es384.java

@@ -1,18 +1,13 @@
 package com.microsoft.azure.keyvault.cryptography.algorithms;
 
-import java.security.KeyPair;
-import java.security.Provider;
+public class Es384 extends Ecdsa {
 
-import com.microsoft.azure.keyvault.cryptography.ISignatureTransform;
+    public final static String ALGORITHM_NAME = "SHA384withECDSA";
 
-public class Es384 extends Ecdsa {
-	public final static String ALGORITHM_NAME = "SHA384withECDSA";
-
-	public Es384() {
-		super(ALGORITHM_NAME);
-	}
-
-	protected ISignatureTransform createSignatureTransform(KeyPair key, Provider provider) {
-		return createSignatureTransform(key, ALGORITHM_NAME, provider);
-	}
+    @Override
+    public void checkDigestLength(byte[] digest) {
+        if (digest.length != 48) {
+            throw new IllegalArgumentException("Invalid digest length.");
+        }
+    }
 }

azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es512.java

@@ -1,18 +1,13 @@
 package com.microsoft.azure.keyvault.cryptography.algorithms;
 
-import java.security.KeyPair;
-import java.security.Provider;
-
-import com.microsoft.azure.keyvault.cryptography.ISignatureTransform;
-
 public class Es512 extends Ecdsa {
-	public final static String ALGORITHM_NAME = "SHA512withECDSA";
-	
-	public Es512() {
-		super(ALGORITHM_NAME);
-	}
-	
-	protected ISignatureTransform createSignatureTransform(KeyPair key, Provider provider) {
-		return createSignatureTransform(key, ALGORITHM_NAME, provider);
-	}
+    
+    public final static String ALGORITHM_NAME = "SHA512withECDSA";
+
+    @Override
+    public void checkDigestLength(byte[] digest) {
+        if (digest.length != 64) {
+            throw new IllegalArgumentException("Invalid digest length.");
+        }
+    }
 }