Packages

c

com.digitalasset.canton.crypto

SynchronizerCryptoPureApi

final class SynchronizerCryptoPureApi extends CryptoPureApi

Wraps the CryptoPureApi to include static synchronizer parameters, ensuring that during signature verification and decryption (both asymmetric and symmetric), the static synchronizer parameters are explicitly checked. This is crucial because a malicious counter participant could potentially use a downgraded scheme. For other methods, such as key generation, signing, or encryption by this (honest) participant, we rely on the synchronizer handshake to ensure that only supported schemes within the synchronizer are used.

TODO(#20714): decryption checks come in a separate PR

Linear Supertypes
CryptoPureApi, PasswordBasedEncryptionOps, RandomOps, HashOps, HmacOps, SigningOps, EncryptionOps, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. SynchronizerCryptoPureApi
  2. CryptoPureApi
  3. PasswordBasedEncryptionOps
  4. RandomOps
  5. HashOps
  6. HmacOps
  7. SigningOps
  8. EncryptionOps
  9. AnyRef
  10. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new SynchronizerCryptoPureApi(staticSynchronizerParameters: StaticSynchronizerParameters, pureCrypto: CryptoPureApi)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def build(purpose: HashPurpose, algorithm: HashAlgorithm = defaultHashAlgorithm): HashBuilder

    Creates a HashBuilder for computing a hash with the given purpose.

    Creates a HashBuilder for computing a hash with the given purpose. For different purposes purpose1 and purpose2, all implementations must ensure that it is computationally infeasible to find a sequence bs of com.google.protobuf.ByteStrings such that bs.foldLeft(hashBuilder(purpose1))((b, hb) => hb.add(b)).finish and bs.foldLeft(hashBuilder(purpose2))((b, hb) => hb.add(b)).finish yield the same hash.

    Definition Classes
    HashOps
  6. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @IntrinsicCandidate() @native()
  7. def createSymmetricKey(bytes: SecureRandomness, scheme: SymmetricKeyScheme): Either[EncryptionKeyCreationError, SymmetricKey]

    Creates a symmetric key with the specified scheme for the given randomness.

    Creates a symmetric key with the specified scheme for the given randomness.

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  8. def decryptWith[M](encrypted: Encrypted[M], symmetricKey: SymmetricKey)(deserialize: (ByteString) => Either[DeserializationError, M]): Either[DecryptionError, M]

    Decrypts a message encrypted using encryptWith

    Decrypts a message encrypted using encryptWith

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  9. def decryptWith[M](encrypted: AsymmetricEncrypted[M], privateKey: EncryptionPrivateKey)(deserialize: (ByteString) => Either[DeserializationError, M]): Either[DecryptionError, M]

    Decrypts a message encrypted using encryptWith

    Decrypts a message encrypted using encryptWith

    Definition Classes
    EncryptionOps
  10. def decryptWithInternal[M](encrypted: AsymmetricEncrypted[M], privateKey: EncryptionPrivateKey)(deserialize: (ByteString) => Either[DeserializationError, M]): Either[DecryptionError, M]
    Attributes
    protected[crypto]
    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  11. def decryptWithPassword[M](pbencrypted: PasswordBasedEncrypted, password: String)(deserialize: (ByteString) => Either[DeserializationError, M]): Either[PasswordBasedEncryptionError, M]
    Definition Classes
    PasswordBasedEncryptionOps
  12. def defaultEncryptionAlgorithmSpec: EncryptionAlgorithmSpec
    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  13. def defaultHashAlgorithm: HashAlgorithm
    Definition Classes
    SynchronizerCryptoPureApiHashOps
  14. def defaultHmacAlgorithm: HmacAlgorithm
    Definition Classes
    HmacOps
  15. def defaultPbkdfScheme: PbkdfScheme
    Attributes
    protected[crypto]
    Definition Classes
    SynchronizerCryptoPureApiPasswordBasedEncryptionOps
  16. def defaultSigningAlgorithmSpec: SigningAlgorithmSpec
    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  17. def defaultSymmetricKeyScheme: SymmetricKeyScheme
    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  18. def deriveSymmetricKey(password: String, symmetricKeyScheme: SymmetricKeyScheme, pbkdfScheme: PbkdfScheme, saltO: Option[SecureRandomness]): Either[PasswordBasedEncryptionError, PasswordBasedEncryptionKey]

    Derive a symmetric encryption key from a given password.

    Derive a symmetric encryption key from a given password.

    password

    The password used to derive the key

    symmetricKeyScheme

    The intended symmetric encryption scheme for the password-based encryption.

    pbkdfScheme

    The password-based key derivation function (PBKDF) scheme to derive a key from the password.

    saltO

    The optional salt used for the key derivation. If none is a given a random salt is generated.

    Definition Classes
    SynchronizerCryptoPureApiPasswordBasedEncryptionOps
  19. def digest(purpose: HashPurpose, bytes: ByteString, algorithm: HashAlgorithm = defaultHashAlgorithm): Hash

    Convenience method for build(purpose).addWithoutLengthPrefix(bytes).finish

    Convenience method for build(purpose).addWithoutLengthPrefix(bytes).finish

    Definition Classes
    HashOps
  20. def encryptDeterministicWith[M <: HasToByteString](message: M, publicKey: EncryptionPublicKey, encryptionAlgorithmSpec: EncryptionAlgorithmSpec)(implicit traceContext: TraceContext): Either[EncryptionError, AsymmetricEncrypted[M]]

    Deterministically encrypts the given bytes using the given public key.

    Deterministically encrypts the given bytes using the given public key. This is unsafe for general use and it's only used to encrypt the decryption key of each view

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  21. def encryptSymmetricWith[M <: HasToByteString](message: M, symmetricKey: SymmetricKey): Either[EncryptionError, Encrypted[M]]

    Encrypts the bytes of the serialized message using the given symmetric key.

    Encrypts the bytes of the serialized message using the given symmetric key. Where the message embedded protocol version determines the message serialization.

    Definition Classes
    EncryptionOps
  22. def encryptWith[M <: HasToByteString](message: M, publicKey: EncryptionPublicKey, encryptionAlgorithmSpec: EncryptionAlgorithmSpec): Either[EncryptionError, AsymmetricEncrypted[M]]

    Encrypts the bytes of the serialized message using the given public key.

    Encrypts the bytes of the serialized message using the given public key.

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  23. def encryptWithPassword(message: ByteString, password: String, symmetricKeyScheme: SymmetricKeyScheme = defaultSymmetricKeyScheme, pbkdfScheme: PbkdfScheme = defaultPbkdfScheme): Either[PasswordBasedEncryptionError, PasswordBasedEncrypted]
    Definition Classes
    PasswordBasedEncryptionOps
  24. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  25. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  26. def generateRandomByteString(length: Int): ByteString
    Definition Classes
    RandomOps
  27. def generateRandomBytes(length: Int): Array[Byte]
    Attributes
    protected[crypto]
    Definition Classes
    SynchronizerCryptoPureApiRandomOps
  28. def generateSecureRandomness(length: Int): SecureRandomness
    Definition Classes
    RandomOps
  29. def generateSymmetricKey(scheme: SymmetricKeyScheme): Either[EncryptionKeyGenerationError, SymmetricKey]

    Generates and returns a random symmetric key using the specified scheme.

    Generates and returns a random symmetric key using the specified scheme.

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  30. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @IntrinsicCandidate() @native()
  31. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @IntrinsicCandidate() @native()
  32. def hmacWithSecret(secret: HmacSecret, message: ByteString, algorithm: HmacAlgorithm = defaultHmacAlgorithm): Either[HmacError, Hmac]
    Definition Classes
    HmacOps
  33. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  34. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  35. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @IntrinsicCandidate() @native()
  36. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @IntrinsicCandidate() @native()
  37. def sign(hash: Hash, signingKey: SigningPrivateKey, usage: NonEmpty[Set[SigningKeyUsage]], signingAlgorithmSpec: SigningAlgorithmSpec = defaultSigningAlgorithmSpec)(implicit traceContext: TraceContext): Either[SigningError, Signature]

    Signs the given hash using the private signing key.

    Signs the given hash using the private signing key.

    usage

    the usage we intend to enforce. If multiple usages are enforced, at least one of them must be satisfied. In other words, the provided signing key's usage must intersect with the specified usages.

    Definition Classes
    SigningOps
  38. def signBytes(bytes: ByteString, signingKey: SigningPrivateKey, usage: NonEmpty[Set[SigningKeyUsage]], signingAlgorithmSpec: SigningAlgorithmSpec = defaultSigningAlgorithmSpec)(implicit traceContext: TraceContext): Either[SigningError, Signature]

    Preferably, we sign a hash; however, we also allow signing arbitrary bytes when necessary.

    Preferably, we sign a hash; however, we also allow signing arbitrary bytes when necessary.

    Attributes
    protected[crypto]
    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  39. def supportedEncryptionAlgorithmSpecs: NonEmpty[Set[EncryptionAlgorithmSpec]]
    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  40. def supportedSigningAlgorithmSpecs: NonEmpty[Set[SigningAlgorithmSpec]]
    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  41. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  42. def toString(): String
    Definition Classes
    AnyRef → Any
  43. def verifySignature(bytes: ByteString, publicKey: SigningPublicKey, signature: Signature, usage: NonEmpty[Set[SigningKeyUsage]])(implicit traceContext: TraceContext): Either[SignatureCheckError, Unit]
    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  44. def verifySignature(hash: Hash, publicKey: SigningPublicKey, signature: Signature, usage: NonEmpty[Set[SigningKeyUsage]])(implicit traceContext: TraceContext): Either[SignatureCheckError, Unit]

    Confirms if the provided signature is a valid signature of the payload using the public key

    Confirms if the provided signature is a valid signature of the payload using the public key

    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  45. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  46. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  47. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

    (Since version 9)

Inherited from CryptoPureApi

Inherited from PasswordBasedEncryptionOps

Inherited from RandomOps

Inherited from HashOps

Inherited from HmacOps

Inherited from SigningOps

Inherited from EncryptionOps

Inherited from AnyRef

Inherited from Any

Ungrouped