diff --git a/common/src/main/java/me/lucko/luckperms/common/webeditor/socket/CryptographyUtils.java b/common/src/main/java/me/lucko/luckperms/common/webeditor/socket/CryptographyUtils.java index 658c3b4da..9c74d4c34 100644 --- a/common/src/main/java/me/lucko/luckperms/common/webeditor/socket/CryptographyUtils.java +++ b/common/src/main/java/me/lucko/luckperms/common/webeditor/socket/CryptographyUtils.java @@ -32,6 +32,7 @@ import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; +import java.security.spec.ECGenParameterSpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; @@ -52,7 +53,7 @@ public final class CryptographyUtils { try { byte[] bytes = Base64.getDecoder().decode(base64String); X509EncodedKeySpec spec = new X509EncodedKeySpec(bytes); - KeyFactory rsa = KeyFactory.getInstance("RSA"); + KeyFactory rsa = KeyFactory.getInstance("EC"); return rsa.generatePublic(spec); } catch (Exception e) { throw new IllegalArgumentException("Exception parsing public key", e); @@ -66,8 +67,8 @@ public final class CryptographyUtils { */ public static KeyPair generateKeyPair() { try { - KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); - generator.initialize(4096); + KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); + generator.initialize(new ECGenParameterSpec("secp256r1")); return generator.generateKeyPair(); } catch (Exception e) { throw new RuntimeException("Exception generating keypair", e); @@ -83,7 +84,7 @@ public final class CryptographyUtils { */ public static String sign(PrivateKey privateKey, String msg) { try { - Signature sign = Signature.getInstance("SHA256withRSA"); + Signature sign = Signature.getInstance("SHA256withECDSAinP1363Format"); sign.initSign(privateKey); sign.update(msg.getBytes(StandardCharsets.UTF_8)); @@ -104,7 +105,7 @@ public final class CryptographyUtils { */ public static boolean verify(PublicKey publicKey, String msg, String signatureBase64) { try { - Signature sign = Signature.getInstance("SHA256withRSA"); + Signature sign = Signature.getInstance("SHA256withECDSAinP1363Format"); sign.initVerify(publicKey); sign.update(msg.getBytes(StandardCharsets.UTF_8)); diff --git a/common/src/main/java/me/lucko/luckperms/common/webeditor/socket/WebEditorSocket.java b/common/src/main/java/me/lucko/luckperms/common/webeditor/socket/WebEditorSocket.java index c8a6d8320..6e0d990e0 100644 --- a/common/src/main/java/me/lucko/luckperms/common/webeditor/socket/WebEditorSocket.java +++ b/common/src/main/java/me/lucko/luckperms/common/webeditor/socket/WebEditorSocket.java @@ -47,7 +47,7 @@ import java.util.concurrent.TimeoutException; public class WebEditorSocket { - private static final int PROTOCOL_VERSION = 1; + private static final int PROTOCOL_VERSION = 2; /** The plugin */ private final LuckPermsPlugin plugin; diff --git a/common/src/test/java/me/lucko/luckperms/common/webeditor/socket/CryptographyUtilsTest.java b/common/src/test/java/me/lucko/luckperms/common/webeditor/socket/CryptographyUtilsTest.java new file mode 100644 index 000000000..b01ad1383 --- /dev/null +++ b/common/src/test/java/me/lucko/luckperms/common/webeditor/socket/CryptographyUtilsTest.java @@ -0,0 +1,62 @@ +/* + * This file is part of LuckPerms, licensed under the MIT License. + * + * Copyright (c) lucko (Luck) + * Copyright (c) contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package me.lucko.luckperms.common.webeditor.socket; + +import org.junit.jupiter.api.Test; + +import java.security.KeyPair; +import java.security.PublicKey; + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class CryptographyUtilsTest { + + @Test + public void testKeypairGenerate() { + CryptographyUtils.generateKeyPair(); + } + + @Test + public void testSignVerify() { + KeyPair keyPair = CryptographyUtils.generateKeyPair(); + + String signature = CryptographyUtils.sign(keyPair.getPrivate(), "test"); + assertTrue(CryptographyUtils.verify(keyPair.getPublic(), "test", signature)); + + assertFalse(CryptographyUtils.verify(keyPair.getPublic(), "test", "bleh")); + assertFalse(CryptographyUtils.verify(keyPair.getPublic(), "test", "")); + assertFalse(CryptographyUtils.verify(keyPair.getPublic(), "test", null)); + } + + @Test + public void testParseAndVerify() { + // the base64 values are generated from javascript crypto.subtle + PublicKey publicKey = CryptographyUtils.parsePublicKey("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkF5EWzdsbmVOYprtfMleBZYASm7AXBQQCE29xR2hpGkjVi4Fra/KPazRShqyGvQXY24sINsxIPEd4XamDfFAaQ=="); + assertTrue(CryptographyUtils.verify(publicKey, "hello world", "XAZJMxOlR5Mcq7nJxU4oS1fYyViYH1FZxWOXwOC+LRXYF8KeP58k5KLTjc35L974t3RukwAqflul0HY64bJT3w==")); + } + +}