feat(crypto): add PBKDF2-HMAC-SHA512 and SHA-256 digest implementations with tests

Author: xt0x

src/main/java/com/example/bip39/crypto/Pbkdf2HmacSha512.java

@@ -0,0 +1,75 @@
+package com.example.bip39.crypto;
+
+import com.example.bip39.error.Bip39ErrorCode;
+import com.example.bip39.error.Bip39Exception;
+import com.example.bip39.util.Bip39Constants;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.Objects;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+public final class Pbkdf2HmacSha512 {
+
+  private static final String HMAC_SHA512 = "HmacSHA512";
+
+  private Pbkdf2HmacSha512() {}
+
+  public static byte[] derive(byte[] passwordBytes, byte[] saltBytes) {
+    Objects.requireNonNull(passwordBytes, "passwordBytes must not be null");
+    Objects.requireNonNull(saltBytes, "saltBytes must not be null");
+
+    try {
+      Mac mac = Mac.getInstance(HMAC_SHA512);
+      mac.init(new SecretKeySpec(passwordBytes, HMAC_SHA512));
+      return deriveKey(
+          mac, saltBytes, Bip39Constants.PBKDF2_ITERATIONS, Bip39Constants.SEED_LEN_BYTES);
+    } catch (NoSuchAlgorithmException | InvalidKeyException exception) {
+      throw new Bip39Exception(
+          Bip39ErrorCode.ERR_PBKDF2_FAILURE, "PBKDF2-HMAC-SHA512 is unavailable", exception);
+    }
+  }
+
+  private static byte[] deriveKey(
+      Mac mac, byte[] saltBytes, int iterations, int derivedKeyLengthBytes) {
+    int blockLengthBytes = mac.getMacLength();
+    int blockCount = (derivedKeyLengthBytes + blockLengthBytes - 1) / blockLengthBytes;
+    byte[] derivedKey = new byte[blockCount * blockLengthBytes];
+
+    for (int blockIndex = 1; blockIndex <= blockCount; blockIndex++) {
+      byte[] block = deriveBlock(mac, saltBytes, iterations, blockIndex);
+      System.arraycopy(block, 0, derivedKey, (blockIndex - 1) * blockLengthBytes, block.length);
+    }
+
+    return Arrays.copyOf(derivedKey, derivedKeyLengthBytes);
+  }
+
+  private static byte[] deriveBlock(Mac mac, byte[] saltBytes, int iterations, int blockIndex) {
+    byte[] input = Arrays.copyOf(saltBytes, saltBytes.length + Integer.BYTES);
+    writeIntBigEndian(input, saltBytes.length, blockIndex);
+
+    byte[] iterationResult = mac.doFinal(input);
+    byte[] block = iterationResult.clone();
+
+    for (int iteration = 1; iteration < iterations; iteration++) {
+      iterationResult = mac.doFinal(iterationResult);
+      xorInto(block, iterationResult);
+    }
+
+    return block;
+  }
+
+  private static void xorInto(byte[] target, byte[] source) {
+    for (int index = 0; index < target.length; index++) {
+      target[index] ^= source[index];
+    }
+  }
+
+  private static void writeIntBigEndian(byte[] bytes, int offset, int value) {
+    bytes[offset] = (byte) (value >>> 24);
+    bytes[offset + 1] = (byte) (value >>> 16);
+    bytes[offset + 2] = (byte) (value >>> 8);
+    bytes[offset + 3] = (byte) value;
+  }
+}

src/main/java/com/example/bip39/crypto/Sha256Digest.java

@@ -0,0 +1,21 @@
+package com.example.bip39.crypto;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Objects;
+
+public final class Sha256Digest {
+
+  private Sha256Digest() {}
+
+  public static byte[] digest(byte[] input) {
+    Objects.requireNonNull(input, "input must not be null");
+
+    try {
+      MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
+      return messageDigest.digest(input);
+    } catch (NoSuchAlgorithmException exception) {
+      throw new IllegalStateException("SHA-256 is unavailable", exception);
+    }
+  }
+}

src/test/java/com/example/bip39/crypto/Pbkdf2HmacSha512Test.java

@@ -0,0 +1,49 @@
+package com.example.bip39.crypto;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import com.example.bip39.util.Bip39Constants;
+import java.nio.charset.StandardCharsets;
+import java.util.HexFormat;
+import org.junit.jupiter.api.Test;
+
+class Pbkdf2HmacSha512Test {
+
+  @Test
+  void derivesBip39SeedForFirstOfficialVector() {
+    byte[] derived =
+        Pbkdf2HmacSha512.derive(
+            "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
+                .getBytes(StandardCharsets.UTF_8),
+            "mnemonicTREZOR".getBytes(StandardCharsets.UTF_8));
+
+    assertEquals(Bip39Constants.SEED_LEN_BYTES, derived.length);
+    assertEquals(
+        "c55257c360c07c72029aebc1b53c05ed0362ada38ead3e3e9efa3708e5349553"
+            + "1f09a6987599d18264c1e1c92f2cf141630c7a3c4ab7c81b2f001698e7463b04",
+        HexFormat.of().formatHex(derived));
+  }
+
+  @Test
+  void isDeterministicForSameInputs() {
+    byte[] passwordBytes =
+        "legal winner thank year wave sausage worth useful legal winner thank yellow"
+            .getBytes(StandardCharsets.UTF_8);
+    byte[] saltBytes = "mnemonicTREZOR".getBytes(StandardCharsets.UTF_8);
+
+    assertArrayEquals(
+        Pbkdf2HmacSha512.derive(passwordBytes, saltBytes),
+        Pbkdf2HmacSha512.derive(passwordBytes, saltBytes));
+  }
+
+  @Test
+  void rejectsNullInputs() {
+    byte[] passwordBytes = "password".getBytes(StandardCharsets.UTF_8);
+    byte[] saltBytes = "salt".getBytes(StandardCharsets.UTF_8);
+
+    assertThrows(NullPointerException.class, () -> Pbkdf2HmacSha512.derive(null, saltBytes));
+    assertThrows(NullPointerException.class, () -> Pbkdf2HmacSha512.derive(passwordBytes, null));
+  }
+}

src/test/java/com/example/bip39/crypto/Sha256DigestTest.java

@@ -0,0 +1,25 @@
+package com.example.bip39.crypto;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.nio.charset.StandardCharsets;
+import java.util.HexFormat;
+import org.junit.jupiter.api.Test;
+
+class Sha256DigestTest {
+
+  @Test
+  void hashesKnownInput() {
+    byte[] digest = Sha256Digest.digest("abc".getBytes(StandardCharsets.UTF_8));
+
+    assertEquals(
+        "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
+        HexFormat.of().formatHex(digest));
+  }
+
+  @Test
+  void rejectsNullInput() {
+    assertThrows(NullPointerException.class, () -> Sha256Digest.digest(null));
+  }
+}