Some updates to tests and argument checks

peacekeeper · peacekeeper · commit a280999f4b5b · 2025-03-05T18:54:29.000+01:00
diff --git a/src/main/java/com/danubetech/keyformats/PrivateKeyBytes.java b/src/main/java/com/danubetech/keyformats/PrivateKeyBytes.java
@@ -181,7 +181,7 @@ public static byte[] bytes_to_X25519PrivateKey(byte[] privateKeyBytes) {
 	public static byte[] P_256PrivateKey_to_bytes(ECPrivateKey privateKey) {
 
 		byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
-		if (s.length != 32) throw new IllegalArgumentException("Invalid 's' value (not 32 bytes): private key, length=" + s.length);
+		if (s.length != 32) throw new IllegalArgumentException("Invalid key size (not 32 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");
 
 		return s;
 	}
@@ -211,7 +211,7 @@ public static ECPrivateKey bytes_to_P_256PrivateKey(byte[] privateKeyBytes) {
 	public static byte[] P_384PrivateKey_to_bytes(ECPrivateKey privateKey) {
 
 		byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
-		if (s.length != 48) throw new IllegalArgumentException("Invalid 's' value (not 48 bytes): private key, length=" + s.length);
+		if (s.length != 48) throw new IllegalArgumentException("Invalid key size (not 48 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");
 
 		return s;
 	}
@@ -241,7 +241,7 @@ public static ECPrivateKey bytes_to_P_384PrivateKey(byte[] privateKeyBytes) {
 	public static byte[] P_521PrivateKey_to_bytes(ECPrivateKey privateKey) {
 
 		byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
-		if (s.length != 64 && s.length != 65 && s.length != 66) throw new IllegalArgumentException("Invalid 's' value (not 64 or 65 or 66 bytes): private key, length=" + s.length);
+		if (s.length != 64 && s.length != 65 && s.length != 66) throw new IllegalArgumentException("Invalid key size (not 64 or 65 or 66 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");
 
 		return s;
 	}
diff --git a/src/main/java/com/danubetech/keyformats/PublicKeyBytes.java b/src/main/java/com/danubetech/keyformats/PublicKeyBytes.java
@@ -166,7 +166,9 @@ public static byte[] bytes_to_X25519PublicKey(byte[] publicKeyBytes) {
 
 	public static byte[] P_256PublicKey_to_bytes(ECPublicKey publicKey) {
 
-		return EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+		byte[] point = EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+		if (point.length != 33) throw new IllegalArgumentException("Invalid key size (not 33 bytes): " + Hex.encodeHexString(point) + ", length=" + point.length);
+		return point;
 	}
 
 	public static ECPublicKey bytes_to_P_256PublicKey(byte[] publicKeyBytes) {
@@ -198,7 +200,9 @@ public static ECPublicKey bytes_to_P_256PublicKey(byte[] publicKeyBytes) {
 
 	public static byte[] P_384PublicKey_to_bytes(ECPublicKey publicKey) {
 
-		return EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+		byte[] point = EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+		if (point.length != 49) throw new IllegalArgumentException("Invalid key size (not 49 bytes): " + Hex.encodeHexString(point) + ", length=" + point.length);
+		return point;
 	}
 
 	public static ECPublicKey bytes_to_P_384PublicKey(byte[] publicKeyBytes) {
@@ -230,12 +234,14 @@ public static ECPublicKey bytes_to_P_384PublicKey(byte[] publicKeyBytes) {
 
 	public static byte[] P_521PublicKey_to_bytes(ECPublicKey publicKey) {
 
-		return EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+		byte[] point = EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+		if (point.length != 65 && point.length != 66 && point.length != 67) throw new IllegalArgumentException("Invalid key size (not 65 or 66 or 67 bytes): " + Hex.encodeHexString(point) + ", length=" + point.length);
+		return point;
 	}
 
 	public static ECPublicKey bytes_to_P_521PublicKey(byte[] publicKeyBytes) {
 
-		if (publicKeyBytes.length != 65 && publicKeyBytes.length != 66 && publicKeyBytes.length != 67) throw new IllegalArgumentException("Expected 64 or 65 or 66 bytes instead of " + publicKeyBytes.length);
+		if (publicKeyBytes.length != 65 && publicKeyBytes.length != 66 && publicKeyBytes.length != 67) throw new IllegalArgumentException("Expected 65 or 66 or 67 bytes instead of " + publicKeyBytes.length);
 
 		ECNamedCurveParameterSpec ecNamedCurveParameterSpec = ECNamedCurveTable.getParameterSpec("secp521r1");
 		org.bouncycastle.math.ec.ECPoint bcEcPoint = ecNamedCurveParameterSpec.getCurve().decodePoint(publicKeyBytes);
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/Ed25519_EdDSA_LibIndySigner.java b/src/main/java/com/danubetech/keyformats/crypto/impl/Ed25519_EdDSA_LibIndySigner.java
@@ -20,6 +20,8 @@ public Ed25519_EdDSA_LibIndySigner(byte[] privateKey, Wallet wallet, String sign
 
         this.wallet = wallet;
         this.signerVk = signerVk;
+
+        if (privateKey.length != 64) throw new IllegalArgumentException("Expected 32 bytes instead of " + privateKey.length);
     }
 
     @Override
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/Ed25519_EdDSA_PrivateKeySigner.java b/src/main/java/com/danubetech/keyformats/crypto/impl/Ed25519_EdDSA_PrivateKeySigner.java
@@ -11,6 +11,8 @@ public class Ed25519_EdDSA_PrivateKeySigner extends PrivateKeySigner<byte[]> {
     public Ed25519_EdDSA_PrivateKeySigner(byte[] privateKey) {
 
         super(privateKey, JWSAlgorithm.EdDSA);
+
+        if (privateKey.length != 64) throw new IllegalArgumentException("Expected 32 bytes instead of " + privateKey.length);
     }
 
     @Override
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/Ed25519_EdDSA_PublicKeyVerifier.java b/src/main/java/com/danubetech/keyformats/crypto/impl/Ed25519_EdDSA_PublicKeyVerifier.java
@@ -11,6 +11,8 @@ public class Ed25519_EdDSA_PublicKeyVerifier extends PublicKeyVerifier<byte[]> {
     public Ed25519_EdDSA_PublicKeyVerifier(byte[] publicKey) {
 
         super(publicKey, JWSAlgorithm.EdDSA);
+
+        if (publicKey.length != 32) throw new IllegalArgumentException("Expected 32 bytes instead of " + publicKey.length);
     }
 
     @Override
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/P_256_ES256_PrivateKeySigner.java b/src/main/java/com/danubetech/keyformats/crypto/impl/P_256_ES256_PrivateKeySigner.java
@@ -3,6 +3,7 @@
 import com.danubetech.keyformats.crypto.PrivateKeySigner;
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import com.danubetech.keyformats.util.ASNUtil;
+import com.danubetech.keyformats.util.ByteArrayUtil;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -14,6 +15,9 @@ public class P_256_ES256_PrivateKeySigner extends PrivateKeySigner<ECPrivateKey>
     public P_256_ES256_PrivateKeySigner(ECPrivateKey privateKey) {
 
         super(privateKey, JWSAlgorithm.ES256);
+
+        byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
+        if (s.length != 32) throw new IllegalArgumentException("Invalid key size (not 32 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");
     }
 
     @Override
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/P_256_ES256_PublicKeyVerifier.java b/src/main/java/com/danubetech/keyformats/crypto/impl/P_256_ES256_PublicKeyVerifier.java
@@ -3,6 +3,8 @@
 import com.danubetech.keyformats.crypto.PublicKeyVerifier;
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import com.danubetech.keyformats.util.ASNUtil;
+import org.apache.commons.codec.binary.Hex;
+import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -14,6 +16,9 @@ public class P_256_ES256_PublicKeyVerifier extends PublicKeyVerifier<ECPublicKey
     public P_256_ES256_PublicKeyVerifier(ECPublicKey publicKey) {
 
         super(publicKey, JWSAlgorithm.ES256);
+
+        byte[] point = EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+        if (point.length != 33) throw new IllegalArgumentException("Invalid key size (not 33 bytes): " + Hex.encodeHexString(point) + ", length=" + point.length);
     }
 
     @Override
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/P_384_ES384_PrivateKeySigner.java b/src/main/java/com/danubetech/keyformats/crypto/impl/P_384_ES384_PrivateKeySigner.java
@@ -3,6 +3,7 @@
 import com.danubetech.keyformats.crypto.PrivateKeySigner;
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import com.danubetech.keyformats.util.ASNUtil;
+import com.danubetech.keyformats.util.ByteArrayUtil;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -14,6 +15,9 @@ public class P_384_ES384_PrivateKeySigner extends PrivateKeySigner<ECPrivateKey>
     public P_384_ES384_PrivateKeySigner(ECPrivateKey privateKey) {
 
         super(privateKey, JWSAlgorithm.ES384);
+
+        byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
+        if (s.length != 48) throw new IllegalArgumentException("Invalid key size (not 48 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");
     }
 
     @Override
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/P_384_ES384_PublicKeyVerifier.java b/src/main/java/com/danubetech/keyformats/crypto/impl/P_384_ES384_PublicKeyVerifier.java
@@ -3,6 +3,8 @@
 import com.danubetech.keyformats.crypto.PublicKeyVerifier;
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import com.danubetech.keyformats.util.ASNUtil;
+import org.apache.commons.codec.binary.Hex;
+import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -14,6 +16,9 @@ public class P_384_ES384_PublicKeyVerifier extends PublicKeyVerifier<ECPublicKey
     public P_384_ES384_PublicKeyVerifier(ECPublicKey publicKey) {
 
         super(publicKey, JWSAlgorithm.ES384);
+
+        byte[] point = EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+        if (point.length != 49) throw new IllegalArgumentException("Invalid key size (not 49 bytes): " + Hex.encodeHexString(point) + ", length=" + point.length);
     }
 
     @Override
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/P_521_ES512_PrivateKeySigner.java b/src/main/java/com/danubetech/keyformats/crypto/impl/P_521_ES512_PrivateKeySigner.java
@@ -3,6 +3,7 @@
 import com.danubetech.keyformats.crypto.PrivateKeySigner;
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import com.danubetech.keyformats.util.ASNUtil;
+import com.danubetech.keyformats.util.ByteArrayUtil;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -14,6 +15,9 @@ public class P_521_ES512_PrivateKeySigner extends PrivateKeySigner<ECPrivateKey>
     public P_521_ES512_PrivateKeySigner(ECPrivateKey privateKey) {
 
         super(privateKey, JWSAlgorithm.ES512);
+
+        byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
+        if (s.length != 64 && s.length != 65 && s.length != 66) throw new IllegalArgumentException("Invalid key size (not 64 or 65 or 66 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");
     }
 
     @Override
diff --git a/src/main/java/com/danubetech/keyformats/crypto/impl/P_521_ES512_PublicKeyVerifier.java b/src/main/java/com/danubetech/keyformats/crypto/impl/P_521_ES512_PublicKeyVerifier.java
@@ -3,6 +3,8 @@
 import com.danubetech.keyformats.crypto.PublicKeyVerifier;
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import com.danubetech.keyformats.util.ASNUtil;
+import org.apache.commons.codec.binary.Hex;
+import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -14,6 +16,9 @@ public class P_521_ES512_PublicKeyVerifier extends PublicKeyVerifier<ECPublicKey
     public P_521_ES512_PublicKeyVerifier(ECPublicKey publicKey) {
 
         super(publicKey, JWSAlgorithm.ES512);
+
+        byte[] point = EC5Util.convertPoint(publicKey.getParams(), publicKey.getW()).getEncoded(true);
+        if (point.length != 65 && point.length != 66 && point.length != 67) throw new IllegalArgumentException("Invalid key size (not 65 or 66 or 67 bytes): " + Hex.encodeHexString(point) + ", length=" + point.length);
     }
 
     @Override

Original file line number	Diff line number	Diff line change
`@@ -181,7 +181,7 @@ public static byte[] bytes_to_X25519PrivateKey(byte[] privateKeyBytes) {`
`181`	`181`	`public static byte[] P_256PrivateKey_to_bytes(ECPrivateKey privateKey) {`
`182`	`182`
`183`	`183`	`byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());`
`184`		`- if (s.length != 32) throw new IllegalArgumentException("Invalid 's' value (not 32 bytes): private key, length=" + s.length);`
	`184`	`+ if (s.length != 32) throw new IllegalArgumentException("Invalid key size (not 32 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");`
`185`	`185`
`186`	`186`	`return s;`
`187`	`187`	`}`
`@@ -211,7 +211,7 @@ public static ECPrivateKey bytes_to_P_256PrivateKey(byte[] privateKeyBytes) {`
`211`	`211`	`public static byte[] P_384PrivateKey_to_bytes(ECPrivateKey privateKey) {`
`212`	`212`
`213`	`213`	`byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());`
`214`		`- if (s.length != 48) throw new IllegalArgumentException("Invalid 's' value (not 48 bytes): private key, length=" + s.length);`
	`214`	`+ if (s.length != 48) throw new IllegalArgumentException("Invalid key size (not 48 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");`
`215`	`215`
`216`	`216`	`return s;`
`217`	`217`	`}`
`@@ -241,7 +241,7 @@ public static ECPrivateKey bytes_to_P_384PrivateKey(byte[] privateKeyBytes) {`
`241`	`241`	`public static byte[] P_521PrivateKey_to_bytes(ECPrivateKey privateKey) {`
`242`	`242`
`243`	`243`	`byte[] s = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());`
`244`		`- if (s.length != 64 && s.length != 65 && s.length != 66) throw new IllegalArgumentException("Invalid 's' value (not 64 or 65 or 66 bytes): private key, length=" + s.length);`
	`244`	`+ if (s.length != 64 && s.length != 65 && s.length != 66) throw new IllegalArgumentException("Invalid key size (not 64 or 65 or 66 bytes): private key, length=" + s.length + " (" + privateKey.getS().bitLength() + " bits)");`
`245`	`245`
`246`	`246`	`return s;`
`247`	`247`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,8 @@ public Ed25519_EdDSA_LibIndySigner(byte[] privateKey, Wallet wallet, String sign`
`20`	`20`
`21`	`21`	`this.wallet = wallet;`
`22`	`22`	`this.signerVk = signerVk;`
	`23`	`+`
	`24`	`+ if (privateKey.length != 64) throw new IllegalArgumentException("Expected 32 bytes instead of " + privateKey.length);`
`23`	`25`	`}`
`24`	`26`
`25`	`27`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@ public class Ed25519_EdDSA_PrivateKeySigner extends PrivateKeySigner<byte[]> {`
`11`	`11`	`public Ed25519_EdDSA_PrivateKeySigner(byte[] privateKey) {`
`12`	`12`
`13`	`13`	`super(privateKey, JWSAlgorithm.EdDSA);`
	`14`	`+`
	`15`	`+ if (privateKey.length != 64) throw new IllegalArgumentException("Expected 32 bytes instead of " + privateKey.length);`
`14`	`16`	`}`
`15`	`17`
`16`	`18`	`@Override`