aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/KeyUtils.java')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/KeyUtils.java29
1 files changed, 29 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
index cef0dd9a62e..47055a65618 100644
--- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
@@ -280,6 +280,25 @@ public class KeyUtils {
return Base64.getUrlEncoder().withoutPadding().encodeToString(toRawX25519PublicKeyBytes(publicKey));
}
+ // This sanity check is to avoid any DoS potential caused by passing in a very large key
+ // to a quadratic Base58 decoding routing. We don't do this for the encoding since we
+ // always control the input size for that case.
+ private static void verifyB58InputSmallEnoughToBeX25519Key(String key) {
+ if (key.length() > 64) { // a very wide margin...
+ throw new IllegalArgumentException("Input Base58 is too large to represent an X25519 key");
+ }
+ }
+
+ public static XECPublicKey fromBase58EncodedX25519PublicKey(String base58pk) {
+ verifyB58InputSmallEnoughToBeX25519Key(base58pk);
+ byte[] rawKeyBytes = Base58.codec().decode(base58pk);
+ return fromRawX25519PublicKey(rawKeyBytes);
+ }
+
+ public static String toBase58EncodedX25519PublicKey(XECPublicKey publicKey) {
+ return Base58.codec().encode(toRawX25519PublicKeyBytes(publicKey));
+ }
+
public static XECPrivateKey fromRawX25519PrivateKey(byte[] rawScalarBytes) {
try {
NamedParameterSpec paramSpec = new NamedParameterSpec("X25519");
@@ -309,6 +328,16 @@ public class KeyUtils {
return Base64.getUrlEncoder().withoutPadding().encodeToString(toRawX25519PrivateKeyBytes(privateKey));
}
+ public static XECPrivateKey fromBase58EncodedX25519PrivateKey(String base58pk) {
+ verifyB58InputSmallEnoughToBeX25519Key(base58pk);
+ byte[] rawKeyBytes = Base58.codec().decode(base58pk);
+ return fromRawX25519PrivateKey(rawKeyBytes);
+ }
+
+ public static String toBase58EncodedX25519PrivateKey(XECPrivateKey privateKey) {
+ return Base58.codec().encode(toRawX25519PrivateKeyBytes(privateKey));
+ }
+
// TODO unify with generateKeypair()?
public static KeyPair generateX25519KeyPair() {
try {