Packages

c

com.digitalasset.canton.crypto

SynchronizerCryptoPureApi

final class SynchronizerCryptoPureApi extends CryptoPureApi with SynchronizerCryptoValidation

Wraps the CryptoPureApi to include static synchronizer parameters, ensuring that during signature verification and decryption (both asymmetric and symmetric), the static synchronizer parameters are explicitly checked. This is crucial because a malicious counter participant could potentially use a downgraded scheme. For other methods, such as key generation, signing, or encryption by this (honest) participant, we rely on the synchronizer handshake to ensure that only supported schemes within the synchronizer are used.

Linear Supertypes
SynchronizerCryptoValidation, CryptoPureApi, PasswordBasedEncryptionOps, RandomOps, HashOps, HmacOps, SigningOps, EncryptionOps, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. SynchronizerCryptoPureApi
  2. SynchronizerCryptoValidation
  3. CryptoPureApi
  4. PasswordBasedEncryptionOps
  5. RandomOps
  6. HashOps
  7. HmacOps
  8. SigningOps
  9. EncryptionOps
  10. AnyRef
  11. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new SynchronizerCryptoPureApi(staticSynchronizerParameters: StaticSynchronizerParameters, pureCrypto: CryptoPureApi)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def build(purpose: HashPurpose, algorithm: HashAlgorithm = defaultHashAlgorithm): HashBuilder

    Creates a HashBuilder for computing a hash with the given purpose.

    Creates a HashBuilder for computing a hash with the given purpose. For different purposes purpose1 and purpose2, all implementations must ensure that it is computationally infeasible to find a sequence bs of com.google.protobuf.ByteStrings such that bs.foldLeft(hashBuilder(purpose1))((b, hb) => hb.add(b)).finish and bs.foldLeft(hashBuilder(purpose2))((b, hb) => hb.add(b)).finish yield the same hash.

    Definition Classes
    HashOps
  6. def checkDecryption(keyFormatO: Option[CryptoKeyFormat], keySpecO: Option[EncryptionKeySpec], algorithmSpec: EncryptionAlgorithmSpec): Either[DecryptionError, Unit]

    Validates a node's encryption key and algorithm spec against the static synchronizer parameters.

    Validates a node's encryption key and algorithm spec against the static synchronizer parameters.

    Attributes
    protected
    Definition Classes
    SynchronizerCryptoValidation
  7. def checkSymmetricDecryption(keySpec: SymmetricKeyScheme): Either[DecryptionError, Unit]

    Validates a node's symmetric scheme against the static synchronizer parameters.

    Validates a node's symmetric scheme against the static synchronizer parameters.

    Attributes
    protected
    Definition Classes
    SynchronizerCryptoValidation
  8. def checkVerifySignature(hashAlgorithmO: Option[HashAlgorithm], signatureFormat: SignatureFormat, keyFormat: CryptoKeyFormat, keySpec: SigningKeySpec, algorithmSpecO: Option[SigningAlgorithmSpec]): Either[SignatureCheckError, Unit]

    Validates a node's signing key and algorithm spec against the static synchronizer parameters.

    Validates a node's signing key and algorithm spec against the static synchronizer parameters.

    Attributes
    protected
    Definition Classes
    SynchronizerCryptoValidation
  9. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @IntrinsicCandidate() @native()
  10. def createSymmetricKey(bytes: SecureRandomness, scheme: SymmetricKeyScheme): Either[EncryptionKeyCreationError, SymmetricKey]

    Creates a symmetric key with the specified scheme for the given randomness.

    Creates a symmetric key with the specified scheme for the given randomness.

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  11. def decryptWith[M](encrypted: Encrypted[M], symmetricKey: SymmetricKey)(deserialize: (ByteString) => Either[DeserializationError, M]): Either[DecryptionError, M]

    Decrypts a message encrypted using encryptWith

    Decrypts a message encrypted using encryptWith

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  12. def decryptWith[M](encrypted: AsymmetricEncrypted[M], privateKey: EncryptionPrivateKey)(deserialize: (ByteString) => Either[DeserializationError, M]): Either[DecryptionError, M]

    Decrypts a message encrypted using encryptWith

    Decrypts a message encrypted using encryptWith

    Definition Classes
    EncryptionOps
  13. def decryptWithPassword[M](pbencrypted: PasswordBasedEncrypted, password: String)(deserialize: (ByteString) => Either[DeserializationError, M]): Either[PasswordBasedEncryptionError, M]
    Definition Classes
    PasswordBasedEncryptionOps
  14. def defaultHashAlgorithm: HashAlgorithm
    Definition Classes
    SynchronizerCryptoPureApiHashOps
  15. def defaultHmacAlgorithm: HmacAlgorithm
    Definition Classes
    HmacOps
  16. def defaultPbkdfScheme: PbkdfScheme
    Attributes
    protected[crypto]
    Definition Classes
    SynchronizerCryptoPureApiPasswordBasedEncryptionOps
  17. def defaultSymmetricKeyScheme: SymmetricKeyScheme
    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  18. def deriveSymmetricKey(password: String, symmetricKeyScheme: SymmetricKeyScheme, pbkdfScheme: PbkdfScheme, saltO: Option[SecureRandomness]): Either[PasswordBasedEncryptionError, PasswordBasedEncryptionKey]

    Derive a symmetric encryption key from a given password.

    Derive a symmetric encryption key from a given password.

    password

    The password used to derive the key

    symmetricKeyScheme

    The intended symmetric encryption scheme for the password-based encryption.

    pbkdfScheme

    The password-based key derivation function (PBKDF) scheme to derive a key from the password.

    saltO

    The optional salt used for the key derivation. If none is a given a random salt is generated.

    Definition Classes
    SynchronizerCryptoPureApiPasswordBasedEncryptionOps
  19. def digest(purpose: HashPurpose, bytes: ByteString, algorithm: HashAlgorithm = defaultHashAlgorithm): Hash

    Convenience method for build(purpose).addWithoutLengthPrefix(bytes).finish

    Convenience method for build(purpose).addWithoutLengthPrefix(bytes).finish

    Definition Classes
    HashOps
  20. def encryptDeterministicWith[M <: HasToByteString](message: M, publicKey: EncryptionPublicKey, encryptionAlgorithmSpec: EncryptionAlgorithmSpec)(implicit traceContext: TraceContext): Either[EncryptionError, AsymmetricEncrypted[M]]

    Deterministically encrypts the given bytes using the given public key.

    Deterministically encrypts the given bytes using the given public key. This is unsafe for general use, and it's only used to encrypt the decryption key of each view

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  21. def encryptSymmetricWith[M <: HasToByteString](message: M, symmetricKey: SymmetricKey): Either[EncryptionError, Encrypted[M]]

    Encrypts the bytes of the serialized message using the given symmetric key.

    Encrypts the bytes of the serialized message using the given symmetric key. Where the message embedded protocol version determines the message serialization.

    Definition Classes
    EncryptionOps
  22. def encryptWith[M <: HasToByteString](message: M, publicKey: EncryptionPublicKey, encryptionAlgorithmSpec: EncryptionAlgorithmSpec): Either[EncryptionError, AsymmetricEncrypted[M]]

    Encrypts the bytes of the serialized message using the given public key.

    Encrypts the bytes of the serialized message using the given public key.

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  23. def encryptWithPassword(message: ByteString, password: String, symmetricKeyScheme: SymmetricKeyScheme = defaultSymmetricKeyScheme, pbkdfScheme: PbkdfScheme = defaultPbkdfScheme): Either[PasswordBasedEncryptionError, PasswordBasedEncrypted]
    Definition Classes
    PasswordBasedEncryptionOps
  24. def encryptionAlgorithmSpecs: CryptoScheme[EncryptionAlgorithmSpec]
    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  25. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  26. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  27. def generateRandomByteString(length: Int): ByteString
    Definition Classes
    RandomOps
  28. def generateRandomBytes(length: Int): Array[Byte]
    Attributes
    protected[crypto]
    Definition Classes
    SynchronizerCryptoPureApiRandomOps
  29. def generateSecureRandomness(length: Int): SecureRandomness
    Definition Classes
    RandomOps
  30. def generateSymmetricKey(scheme: SymmetricKeyScheme): Either[EncryptionKeyGenerationError, SymmetricKey]

    Generates and returns a random symmetric key using the specified scheme.

    Generates and returns a random symmetric key using the specified scheme.

    Definition Classes
    SynchronizerCryptoPureApiEncryptionOps
  31. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @IntrinsicCandidate() @native()
  32. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @IntrinsicCandidate() @native()
  33. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  34. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  35. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @IntrinsicCandidate() @native()
  36. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @IntrinsicCandidate() @native()
  37. val pureCrypto: CryptoPureApi
  38. def sign(hash: Hash, signingKey: SigningPrivateKey, usage: NonEmpty[Set[SigningKeyUsage]], signingAlgorithmSpec: SigningAlgorithmSpec = signingAlgorithmSpecs.default)(implicit traceContext: TraceContext): Either[SigningError, Signature]

    Signs the given hash using the private signing key.

    Signs the given hash using the private signing key.

    usage

    the usage we intend to enforce. If multiple usages are enforced, at least one of them must be satisfied. In other words, the provided signing key's usage must intersect with the specified usages.

    Definition Classes
    SigningOps
  39. def signBytes(bytes: ByteString, signingKey: SigningPrivateKey, usage: NonEmpty[Set[SigningKeyUsage]], signingAlgorithmSpec: SigningAlgorithmSpec = signingAlgorithmSpecs.default)(implicit traceContext: TraceContext): Either[SigningError, Signature]

    Preferably, we sign a hash; however, we also allow signing arbitrary bytes when necessary.

    Preferably, we sign a hash; however, we also allow signing arbitrary bytes when necessary.

    Attributes
    protected[crypto]
    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  40. def signingAlgorithmSpecs: CryptoScheme[SigningAlgorithmSpec]
    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  41. val staticSynchronizerParameters: StaticSynchronizerParameters
    Definition Classes
    SynchronizerCryptoPureApiSynchronizerCryptoValidation
  42. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  43. def toString(): String
    Definition Classes
    AnyRef → Any
  44. def verifySignature(bytes: ByteString, publicKey: SigningPublicKey, signature: Signature, usage: NonEmpty[Set[SigningKeyUsage]])(implicit traceContext: TraceContext): Either[SignatureCheckError, Unit]
    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  45. def verifySignature(hash: Hash, publicKey: SigningPublicKey, signature: Signature, usage: NonEmpty[Set[SigningKeyUsage]])(implicit traceContext: TraceContext): Either[SignatureCheckError, Unit]

    Confirms if the provided signature is a valid signature of the payload using the public key

    Confirms if the provided signature is a valid signature of the payload using the public key

    Definition Classes
    SynchronizerCryptoPureApiSigningOps
  46. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  47. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  48. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

    (Since version 9)

Inherited from SynchronizerCryptoValidation

Inherited from CryptoPureApi

Inherited from PasswordBasedEncryptionOps

Inherited from RandomOps

Inherited from HashOps

Inherited from HmacOps

Inherited from SigningOps

Inherited from EncryptionOps

Inherited from AnyRef

Inherited from Any

Ungrouped