diff options
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/KeyUtils.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/KeyUtils.java | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java index cef0dd9a62e..47055a65618 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java @@ -280,6 +280,25 @@ public class KeyUtils { return Base64.getUrlEncoder().withoutPadding().encodeToString(toRawX25519PublicKeyBytes(publicKey)); } + // This sanity check is to avoid any DoS potential caused by passing in a very large key + // to a quadratic Base58 decoding routing. We don't do this for the encoding since we + // always control the input size for that case. + private static void verifyB58InputSmallEnoughToBeX25519Key(String key) { + if (key.length() > 64) { // a very wide margin... + throw new IllegalArgumentException("Input Base58 is too large to represent an X25519 key"); + } + } + + public static XECPublicKey fromBase58EncodedX25519PublicKey(String base58pk) { + verifyB58InputSmallEnoughToBeX25519Key(base58pk); + byte[] rawKeyBytes = Base58.codec().decode(base58pk); + return fromRawX25519PublicKey(rawKeyBytes); + } + + public static String toBase58EncodedX25519PublicKey(XECPublicKey publicKey) { + return Base58.codec().encode(toRawX25519PublicKeyBytes(publicKey)); + } + public static XECPrivateKey fromRawX25519PrivateKey(byte[] rawScalarBytes) { try { NamedParameterSpec paramSpec = new NamedParameterSpec("X25519"); @@ -309,6 +328,16 @@ public class KeyUtils { return Base64.getUrlEncoder().withoutPadding().encodeToString(toRawX25519PrivateKeyBytes(privateKey)); } + public static XECPrivateKey fromBase58EncodedX25519PrivateKey(String base58pk) { + verifyB58InputSmallEnoughToBeX25519Key(base58pk); + byte[] rawKeyBytes = Base58.codec().decode(base58pk); + return fromRawX25519PrivateKey(rawKeyBytes); + } + + public static String toBase58EncodedX25519PrivateKey(XECPrivateKey privateKey) { + return Base58.codec().encode(toRawX25519PrivateKeyBytes(privateKey)); + } + // TODO unify with generateKeypair()? public static KeyPair generateX25519KeyPair() { try { |