Improve testing around nondeterministic ECDSA

Author: preuss-adam

src/main/java/org/eclipse/biscuit/crypto/KeyPair.java

@@ -35,12 +35,25 @@ public KeyPair generate(SecureRandom rng) {
       new Factory() {
         @Override
         public KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize {
-          return new SECP256R1KeyPair(bytes);
+          return new SECP256R1KeyPair(bytes, true);
         }
 
         @Override
         public KeyPair generate(SecureRandom rng) {
-          return new SECP256R1KeyPair(rng);
+          return new SECP256R1KeyPair(rng, true);
+        }
+      };
+
+  public static final Factory DEFAULT_NONDETERMINISTIC_SECP256R1_FACTORY =
+      new Factory() {
+        @Override
+        public KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize {
+          return new SECP256R1KeyPair(bytes, false);
+        }
+
+        @Override
+        public KeyPair generate(SecureRandom rng) {
+          return new SECP256R1KeyPair(rng, false);
         }
       };
 
@@ -69,9 +82,9 @@ public static KeyPair generate(Algorithm algorithm, byte[] bytes)
 
   public static KeyPair generate(Algorithm algorithm, SecureRandom rng) {
     if (algorithm == Algorithm.Ed25519) {
-      return ed25519Factory != null ? ed25519Factory.generate(rng) : new Ed25519KeyPair(rng);
+      return ed25519Factory.generate(rng);
     } else if (algorithm == Algorithm.SECP256R1) {
-      return secp256r1Factory != null ? secp256r1Factory.generate(rng) : new SECP256R1KeyPair(rng);
+      return secp256r1Factory.generate(rng);
     } else {
       throw new IllegalArgumentException("Unsupported algorithm");
     }

src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java

@@ -31,12 +31,16 @@ final class SECP256R1KeyPair extends KeyPair {
 
   private final BCECPrivateKey privateKey;
   private final BCECPublicKey publicKey;
+  private final boolean deterministicNonce;
 
   static final String ALGORITHM = "ECDSA";
   static final String CURVE = "secp256r1";
   static final ECNamedCurveParameterSpec SECP256R1 = ECNamedCurveTable.getParameterSpec(CURVE);
 
-  SECP256R1KeyPair(byte[] bytes) throws Error.FormatError.InvalidKeySize {
+  SECP256R1KeyPair(byte[] bytes, boolean deterministicNonce)
+      throws Error.FormatError.InvalidKeySize {
+    this.deterministicNonce = deterministicNonce;
+
     if (bytes.length != BUFFER_SIZE) {
       throw new Error.FormatError.InvalidKeySize(bytes.length);
     }
@@ -52,7 +56,9 @@ final class SECP256R1KeyPair extends KeyPair {
     this.publicKey = publicKey;
   }
 
-  SECP256R1KeyPair(SecureRandom rng) {
+  SECP256R1KeyPair(SecureRandom rng, boolean deterministicNonce) {
+    this.deterministicNonce = deterministicNonce;
+
     byte[] bytes = new byte[BUFFER_SIZE];
     rng.nextBytes(bytes);
 
@@ -78,10 +84,6 @@ final class SECP256R1KeyPair extends KeyPair {
   /// a weak RNG.
   @Override
   public byte[] sign(byte[] data) {
-    return sign(data, true);
-  }
-
-  public byte[] sign(byte[] data, boolean deterministicNonce) {
     var digest = new SHA256Digest();
     digest.update(data, 0, data.length);
     var hash = new byte[digest.getDigestSize()];

src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2019 Geoffroy Couprie <contact@geoffroycouprie.com> and Contributors to the Eclipse Foundation.
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.eclipse.biscuit.token;
+
+import static org.eclipse.biscuit.token.builder.Utils.fact;
+import static org.eclipse.biscuit.token.builder.Utils.str;
+
+import biscuit.format.schema.Schema;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.util.List;
+import org.eclipse.biscuit.crypto.KeyPair;
+import org.eclipse.biscuit.error.Error;
+import org.eclipse.biscuit.token.builder.Block;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.parallel.Isolated;
+
+/** Top-level test to ensure ECDSA with nondeterministic nonce also works. */
+@Isolated
+public class NondeterministicEcdsaTest {
+  @BeforeAll
+  static void beforeAll() {
+    KeyPair.setSECP256R1Factory(KeyPair.DEFAULT_NONDETERMINISTIC_SECP256R1_FACTORY);
+  }
+
+  @AfterAll
+  static void afterAll() {
+    KeyPair.setSECP256R1Factory(KeyPair.DEFAULT_SECP256R1_FACTORY);
+  }
+
+  @Test
+  public void simpleSigningTest()
+      throws Error, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
+    var root = KeyPair.generate(Schema.PublicKey.Algorithm.SECP256R1);
+    var b =
+        Biscuit.make(
+            new SecureRandom(),
+            root,
+            new Block().addFact(fact("foo", List.of(str("bar")))).build());
+    Biscuit.fromBytes(b.serialize(), root.getPublicKey());
+  }
+}