Example 6 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class BlocklistEntries method verify.
public synchronized boolean verify(I2PAppContext ctx) {
if (verified)
return true;
if (signer == null || sig == null || supdated == null)
return false;
if (updated > ctx.clock().now() + MAX_FUTURE)
return false;
Log log = ctx.logManager().getLog(BlocklistEntries.class);
String[] ss = DataHelper.split(sig, ":", 2);
if (ss.length != 2) {
log.error("blocklist feed bad sig: " + sig);
return false;
}
SigType type = SigType.parseSigType(ss[0]);
if (type == null) {
log.error("blocklist feed bad sig: " + sig);
return false;
}
if (!type.isAvailable()) {
log.error("blocklist feed sigtype unavailable: " + sig);
return false;
}
byte[] bsig = Base64.decode(ss[1]);
if (bsig == null) {
log.error("blocklist feed bad sig: " + sig);
return false;
}
Signature ssig;
try {
ssig = new Signature(type, bsig);
} catch (IllegalArgumentException iae) {
log.error("blocklist feed bad sig: " + sig);
return false;
}
// look in both install dir and config dir for the signer cert
KeyRing ring = new DirKeyRing(new File(ctx.getBaseDir(), "certificates"));
PublicKey pubkey;
try {
pubkey = ring.getKey(signer, CONTENT_ROUTER, type);
} catch (IOException ioe) {
log.error("blocklist feed error", ioe);
return false;
} catch (GeneralSecurityException gse) {
log.error("blocklist feed error", gse);
return false;
}
if (pubkey == null) {
boolean diff = true;
try {
diff = !ctx.getBaseDir().getCanonicalPath().equals(ctx.getConfigDir().getCanonicalPath());
} catch (IOException ioe) {
}
if (diff) {
ring = new DirKeyRing(new File(ctx.getConfigDir(), "certificates"));
try {
pubkey = ring.getKey(signer, CONTENT_ROUTER, type);
} catch (IOException ioe) {
log.error("blocklist feed error", ioe);
return false;
} catch (GeneralSecurityException gse) {
log.error("blocklist feed error", gse);
return false;
}
}
if (pubkey == null) {
log.error("unknown signer for blocklist feed: " + signer);
return false;
}
}
SigningPublicKey spubkey;
try {
spubkey = SigUtil.fromJavaKey(pubkey, type);
} catch (GeneralSecurityException gse) {
log.error("blocklist feed bad sig: " + sig, gse);
return false;
}
StringBuilder buf = new StringBuilder(256);
buf.append(supdated).append('\n');
for (String s : entries) {
buf.append(s).append('\n');
}
for (String s : removes) {
buf.append('!').append(s).append('\n');
}
byte[] data = DataHelper.getUTF8(buf.toString());
boolean rv = ctx.dsa().verifySignature(ssig, data, spubkey);
if (rv)
log.info("blocklist feed sig ok");
else
log.error("blocklist feed sig verify fail: " + signer);
verified = rv;
return rv;
}
Also used :
SigningPublicKey(net.i2p.data.SigningPublicKey)
Log(net.i2p.util.Log)
PublicKey(java.security.PublicKey)
SigningPublicKey(net.i2p.data.SigningPublicKey)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
SigType(net.i2p.crypto.SigType)
DirKeyRing(net.i2p.crypto.DirKeyRing)
KeyRing(net.i2p.crypto.KeyRing)
DirKeyRing(net.i2p.crypto.DirKeyRing)
Signature(net.i2p.data.Signature)
File(java.io.File)
Example 7 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class I2PSocketManagerFactory method getSigType.
/**
* @param opts may be null
* @since 0.9.12
*/
private static SigType getSigType(Properties opts) {
if (opts != null) {
String st = opts.getProperty(I2PClient.PROP_SIGTYPE);
if (st != null) {
SigType rv = SigType.parseSigType(st);
if (rv != null && rv.isAvailable())
return rv;
if (rv != null)
st = rv.toString();
getLog().logAlways(Log.WARN, "Unsupported sig type " + st + ", reverting to " + I2PClient.DEFAULT_SIGTYPE);
}
}
return I2PClient.DEFAULT_SIGTYPE;
}
Also used :
SigType(net.i2p.crypto.SigType)
Example 8 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class I2PClientImpl method createDestination.
/**
* Create the destination with the given payload and write it out along with
* the PrivateKey and SigningPrivateKey to the destKeyStream
*
* If cert is a KeyCertificate, the signing keypair will be of the specified type.
* The KeyCertificate data must be .............................
* The padding if any will be randomized. The extra key data if any will be set in the
* key cert.
*
* Caller must close stream.
*
* @param destKeyStream location to write out the destination, PrivateKey, and SigningPrivateKey,
* format is specified in {@link net.i2p.data.PrivateKeyFile PrivateKeyFile}
*/
public Destination createDestination(OutputStream destKeyStream, Certificate cert) throws I2PException, IOException {
Destination d = new Destination();
Object[] keypair = KeyGenerator.getInstance().generatePKIKeypair();
PublicKey publicKey = (PublicKey) keypair[0];
PrivateKey privateKey = (PrivateKey) keypair[1];
SimpleDataStructure[] signingKeys;
if (cert.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY) {
KeyCertificate kcert = cert.toKeyCertificate();
SigType type = kcert.getSigType();
try {
signingKeys = KeyGenerator.getInstance().generateSigningKeys(type);
} catch (GeneralSecurityException gse) {
throw new I2PException("keygen fail", gse);
}
} else {
signingKeys = KeyGenerator.getInstance().generateSigningKeys();
}
SigningPublicKey signingPubKey = (SigningPublicKey) signingKeys[0];
SigningPrivateKey signingPrivKey = (SigningPrivateKey) signingKeys[1];
d.setPublicKey(publicKey);
d.setSigningPublicKey(signingPubKey);
if (cert.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY) {
// fix up key certificate or padding
KeyCertificate kcert = cert.toKeyCertificate();
SigType type = kcert.getSigType();
int len = type.getPubkeyLen();
if (len < 128) {
byte[] pad = new byte[128 - len];
RandomSource.getInstance().nextBytes(pad);
d.setPadding(pad);
} else if (len > 128) {
System.arraycopy(signingPubKey.getData(), 128, kcert.getPayload(), KeyCertificate.HEADER_LENGTH, len - 128);
}
}
d.setCertificate(cert);
d.writeBytes(destKeyStream);
privateKey.writeBytes(destKeyStream);
signingPrivKey.writeBytes(destKeyStream);
destKeyStream.flush();
return d;
}
Also used :
I2PException(net.i2p.I2PException)
Destination(net.i2p.data.Destination)
SigningPublicKey(net.i2p.data.SigningPublicKey)
PrivateKey(net.i2p.data.PrivateKey)
SigningPrivateKey(net.i2p.data.SigningPrivateKey)
SigningPublicKey(net.i2p.data.SigningPublicKey)
PublicKey(net.i2p.data.PublicKey)
GeneralSecurityException(java.security.GeneralSecurityException)
SigType(net.i2p.crypto.SigType)
SigningPrivateKey(net.i2p.data.SigningPrivateKey)
KeyCertificate(net.i2p.data.KeyCertificate)
SimpleDataStructure(net.i2p.data.SimpleDataStructure)
Example 9 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class HostTxtEntry method hasValidRemoveSig.
/**
* Verify with the "dest" property's public key using the "sig" property
*/
public boolean hasValidRemoveSig() {
if (props == null)
return false;
boolean rv = false;
// don't cache result
if (true) {
StringWriter buf = new StringWriter(1024);
String sig = props.getProperty(PROP_SIG);
String olddest = props.getProperty(PROP_DEST);
if (sig == null || olddest == null)
return false;
try {
writeProps(buf, true, true);
} catch (IOException ioe) {
// won't happen
return false;
}
byte[] sdata = Base64.decode(sig);
if (sdata == null)
return false;
Destination d;
try {
d = new Destination(olddest);
} catch (DataFormatException dfe) {
return false;
}
SigningPublicKey spk = d.getSigningPublicKey();
SigType type = spk.getType();
if (type == null)
return false;
Signature s;
try {
s = new Signature(type, sdata);
} catch (IllegalArgumentException iae) {
return false;
}
rv = DSAEngine.getInstance().verifySignature(s, DataHelper.getUTF8(buf.toString()), spk);
}
return rv;
}
Also used :
Destination(net.i2p.data.Destination)
SigningPublicKey(net.i2p.data.SigningPublicKey)
DataFormatException(net.i2p.data.DataFormatException)
StringWriter(java.io.StringWriter)
Signature(net.i2p.data.Signature)
IOException(java.io.IOException)
SigType(net.i2p.crypto.SigType)
Example 10 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class I2PDatagramDissector method verifySignature.
/**
* Verify the signature of this datagram (previously loaded with the
* loadI2PDatagram() method)
* @throws I2PInvalidDatagramException if the signature is invalid
*/
public void verifySignature() throws I2PInvalidDatagramException {
// first check if it already got validated
if (this.valid)
return;
if (rxSign == null || rxSign.getData() == null || rxDest == null)
throw new I2PInvalidDatagramException("Datagram not yet read");
// now validate
SigningPublicKey spk = rxDest.getSigningPublicKey();
SigType type = spk.getType();
if (type == null)
throw new I2PInvalidDatagramException("unsupported sig type");
if (type == SigType.DSA_SHA1) {
if (!this.dsaEng.verifySignature(rxSign, rxHash, spk))
throw new I2PInvalidDatagramException("Incorrect I2P repliable datagram signature");
} else {
if (!this.dsaEng.verifySignature(rxSign, rxPayload, 0, rxPayloadLen, spk))
throw new I2PInvalidDatagramException("Incorrect I2P repliable datagram signature");
}
// set validated
this.valid = true;
}
Also used :
SigningPublicKey(net.i2p.data.SigningPublicKey)
SigType(net.i2p.crypto.SigType)
Aggregations
SigType (net.i2p.crypto.SigType)44
IOException (java.io.IOException)18
DataFormatException (net.i2p.data.DataFormatException)15
Signature (net.i2p.data.Signature)14
Destination (net.i2p.data.Destination)12
SigningPublicKey (net.i2p.data.SigningPublicKey)11
File (java.io.File)6
GeneralSecurityException (java.security.GeneralSecurityException)6
Properties (java.util.Properties)6
Hash (net.i2p.data.Hash)6
PrivateKey (net.i2p.data.PrivateKey)6
SigningPrivateKey (net.i2p.data.SigningPrivateKey)6
PublicKey (net.i2p.data.PublicKey)5
SimpleDataStructure (net.i2p.data.SimpleDataStructure)5
RouterInfo (net.i2p.data.router.RouterInfo)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
I2PException (net.i2p.I2PException)4
RouterIdentity (net.i2p.data.router.RouterIdentity)4
Log (net.i2p.util.Log)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
