Example 31 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class CryptoChecker method warnUnavailableCrypto.
// these two are US-only and can change?
// private static String JRE7 = "http://www.oracle.com/technetwork/java/javase/documentation/java-se-7-doc-download-435117.html";
// private static String JRE8 = "http://www.oracle.com/technetwork/java/javase/documentation/jdk8-doc-downloads-2133158.html";
/**
* @param ctx if null, logs only to System.out (called from main)
*/
public static void warnUnavailableCrypto(RouterContext ctx) {
if (SystemVersion.isAndroid())
return;
boolean unavail = false;
Log log = null;
for (SigType t : SigType.values()) {
if (!t.isAvailable()) {
if (!unavail) {
unavail = true;
if (ctx != null)
log = ctx.logManager().getLog(CryptoChecker.class);
}
String s = "Crypto " + t + " is not available";
if (log != null)
log.logAlways(Log.WARN, s);
System.out.println("Warning: " + s);
}
}
if (unavail) {
String s = "Java version: " + System.getProperty("java.version") + " OS: " + System.getProperty("os.name") + ' ' + System.getProperty("os.arch") + ' ' + System.getProperty("os.version");
if (log != null)
log.logAlways(Log.WARN, s);
System.out.println("Warning: " + s);
if (!SystemVersion.isJava7()) {
s = "Please consider upgrading to Java 7";
if (log != null)
log.logAlways(Log.WARN, s);
System.out.println(s);
} else if (SystemVersion.isJava9()) {
s = "Java 9 support is beta, check for Java updates";
if (log != null)
log.logAlways(Log.WARN, s);
System.out.println("Warning: " + s);
}
if (!CryptoCheck.isUnlimited() && !SystemVersion.isJava9()) {
s = "Please consider installing the Java Cryptography Unlimited Strength Jurisdiction Policy Files from ";
// if (SystemVersion.isJava8())
// s += JRE8;
// else if (SystemVersion.isJava7())
// s += JRE7;
// else
s += JRE6;
if (log != null)
log.logAlways(Log.WARN, s);
System.out.println(s);
}
s = "This crypto will be required in a future release";
if (log != null)
log.logAlways(Log.WARN, s);
System.out.println("Warning: " + s);
} else if (ctx == null) {
// called from main()
System.out.println("All crypto available");
}
}Example 32 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class DatabaseEntry method verifySignature.
/**
* This is the same as isValid() in RouterInfo
* or verifySignature() in LeaseSet.
* @return valid
*/
protected boolean verifySignature() {
if (_signature == null)
return false;
byte[] data;
try {
data = getBytes();
} catch (DataFormatException dfe) {
return false;
}
if (data == null)
return false;
// if the data is non-null the SPK will be non-null
SigningPublicKey spk = getSigningPublicKey();
SigType type = spk.getType();
// used as a DoS
if (type == null || type.getBaseAlgorithm() == SigAlgo.RSA)
return false;
return DSAEngine.getInstance().verifySignature(_signature, data, spk);
}
Also used :
SigType(net.i2p.crypto.SigType)
Example 33 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class KeyCertificate method getExtraSigningKeyData.
/**
* Signing Key extra data, if any.
*
* @return null if unset or none
* @throws UnsupportedOperationException if the sig type is unsupported
*/
public byte[] getExtraSigningKeyData() {
// we assume no crypto key data
if (_payload == null || _payload.length <= HEADER_LENGTH)
return null;
SigType type = getSigType();
if (type == null)
throw new UnsupportedOperationException("unknown sig type");
int extra = Math.max(0, type.getPubkeyLen() - 128);
if (_payload.length == HEADER_LENGTH + extra)
return getExtraKeyData();
byte[] rv = new byte[extra];
System.arraycopy(_payload, HEADER_LENGTH, rv, 0, extra);
return rv;
}
Also used :
SigType(net.i2p.crypto.SigType)
Example 34 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class PrivateKeyFile method main.
/**
* Create a new PrivateKeyFile, or modify an existing one, with various
* types of Certificates.
*
* Changing a Certificate does not change the public or private keys.
* But it does change the Destination Hash, which effectively makes it
* a new Destination. In other words, don't change the Certificate on
* a Destination you've already registered in a hosts.txt key add form.
*
* Copied and expanded from that in Destination.java
*/
public static void main(String[] args) {
int hashEffort = HASH_EFFORT;
String stype = null;
String hostname = null;
int mode = 0;
boolean error = false;
Getopt g = new Getopt("pkf", args, "t:nuxhse:c:a:");
int c;
while ((c = g.getopt()) != -1) {
switch(c) {
case 'c':
stype = g.getOptarg();
break;
case 't':
stype = g.getOptarg();
case 'n':
case 'u':
case 'x':
case 'h':
case 's':
if (mode == 0)
mode = c;
else
error = true;
break;
case 'a':
hostname = g.getOptarg();
if (mode == 0)
mode = c;
else
error = true;
break;
case 'e':
hashEffort = Integer.parseInt(g.getOptarg());
break;
case '?':
case ':':
default:
error = true;
break;
}
// switch
}
// while
int remaining = args.length - g.getOptind();
int reqd = mode == 's' ? 2 : 1;
if (error || remaining != reqd) {
usage();
System.exit(1);
}
String filearg = args[g.getOptind()];
I2PClient client = I2PClientFactory.createClient();
try {
File f = new File(filearg);
boolean exists = f.exists();
PrivateKeyFile pkf = new PrivateKeyFile(f, client);
Destination d;
if (stype != null) {
SigType type = SigType.parseSigType(stype);
if (type == null)
throw new IllegalArgumentException("Signature type " + stype + " is not supported");
d = pkf.createIfAbsent(type);
} else {
d = pkf.createIfAbsent();
}
if (exists)
System.out.println("Original Destination:");
else
System.out.println("Created Destination:");
System.out.println(pkf);
verifySignature(d);
switch(mode) {
case 0:
// we are done
break;
case 'n':
// Cert constructor generates a null cert
pkf.setCertType(Certificate.CERTIFICATE_TYPE_NULL);
System.out.println("New destination with null cert is:");
break;
case 'u':
pkf.setCertType(99);
System.out.println("New destination with unknown cert is:");
break;
case 'x':
pkf.setCertType(Certificate.CERTIFICATE_TYPE_HIDDEN);
System.out.println("New destination with hidden cert is:");
break;
case 'h':
System.out.println("Estimating hashcash generation time, stand by...");
System.out.println(estimateHashCashTime(hashEffort));
pkf.setHashCashCert(hashEffort);
System.out.println("New destination with hashcash cert is:");
break;
case 's':
// Sign dest1 with dest2's Signing Private Key
PrivateKeyFile pkf2 = new PrivateKeyFile(args[g.getOptind() + 1]);
pkf.setSignedCert(pkf2);
System.out.println("New destination with signed cert is:");
break;
case 't':
// KeyCert
SigType type = SigType.parseSigType(stype);
if (type == null)
throw new IllegalArgumentException("Signature type " + stype + " is not supported");
pkf.setKeyCert(type);
System.out.println("New destination with key cert is:");
break;
case 'a':
// addressbook auth
OrderedProperties props = new OrderedProperties();
HostTxtEntry he = new HostTxtEntry(hostname, d.toBase64(), props);
he.sign(pkf.getSigningPrivKey());
System.out.println("Addressbook Authentication String:");
OutputStreamWriter out = new OutputStreamWriter(System.out);
he.write(out);
out.flush();
System.out.println("");
return;
default:
// shouldn't happen
usage();
return;
}
if (mode != 0) {
System.out.println(pkf);
pkf.write();
verifySignature(pkf.getDestination());
}
} catch (I2PException e) {
e.printStackTrace();
System.exit(1);
} catch (IOException e) {
e.printStackTrace();
System.exit(1);
}
}
Also used :
I2PException(net.i2p.I2PException)
HostTxtEntry(net.i2p.client.naming.HostTxtEntry)
IOException(java.io.IOException)
SigType(net.i2p.crypto.SigType)
Getopt(gnu.getopt.Getopt)
I2PClient(net.i2p.client.I2PClient)
OrderedProperties(net.i2p.util.OrderedProperties)
OutputStreamWriter(java.io.OutputStreamWriter)
File(java.io.File)
Example 35 with SigType
use of net.i2p.crypto.SigType in project i2p.i2p by i2p.
the class TunnelConfig method getConfig.
/**
* Based on all provided data, create a set of configuration parameters
* suitable for use in a TunnelController. This will replace (not add to)
* any existing parameters, so this should return a comprehensive mapping.
*/
public Properties getConfig() {
Properties config = new Properties();
updateConfigGeneric(config);
if ((TunnelController.isClient(_type) && !TunnelController.TYPE_STREAMR_CLIENT.equals(_type)) || TunnelController.TYPE_STREAMR_SERVER.equals(_type)) {
// streamrserver uses interface
if (_reachableBy != null)
config.setProperty(TunnelController.PROP_INTFC, _reachableBy);
else
config.setProperty(TunnelController.PROP_INTFC, "");
} else {
// streamrclient uses targetHost
if (_targetHost != null)
config.setProperty(TunnelController.PROP_TARGET_HOST, _targetHost);
}
if (TunnelController.isClient(_type)) {
// generic client stuff
if (_port >= 0)
config.setProperty(TunnelController.PROP_LISTEN_PORT, Integer.toString(_port));
config.setProperty(TunnelController.PROP_SHARED, _sharedClient + "");
for (String p : _booleanClientOpts) config.setProperty(OPT + p, "" + _booleanOptions.contains(p));
for (String p : _otherClientOpts) {
if (_otherOptions.containsKey(p))
config.setProperty(OPT + p, _otherOptions.get(p));
}
} else {
// generic server stuff
if (_targetPort >= 0)
config.setProperty(TunnelController.PROP_TARGET_PORT, Integer.toString(_targetPort));
// see TunnelController.setConfig()
_booleanOptions.add(TunnelController.PROP_LIMITS_SET);
for (String p : _booleanServerOpts) config.setProperty(OPT + p, "" + _booleanOptions.contains(p));
for (String p : _otherServerOpts) {
if (_otherOptions.containsKey(p))
config.setProperty(OPT + p, _otherOptions.get(p));
}
}
// override bundle setting set above
if (!TunnelController.isClient(_type) && !TunnelController.TYPE_HTTP_SERVER.equals(_type) && !TunnelController.TYPE_STREAMR_SERVER.equals(_type)) {
config.setProperty(TunnelController.OPT_BUNDLE_REPLY, "true");
}
// generic proxy stuff
if (TunnelController.TYPE_HTTP_CLIENT.equals(_type) || TunnelController.TYPE_CONNECT.equals(_type) || TunnelController.TYPE_SOCKS.equals(_type) || TunnelController.TYPE_SOCKS_IRC.equals(_type)) {
for (String p : _booleanProxyOpts) config.setProperty(OPT + p, "" + _booleanOptions.contains(p));
if (_proxyList != null)
config.setProperty(TunnelController.PROP_PROXIES, _proxyList);
}
// Proxy auth including migration to MD5
if (TunnelController.TYPE_HTTP_CLIENT.equals(_type) || TunnelController.TYPE_CONNECT.equals(_type)) {
// Migrate even if auth is disabled
// go get the old from custom options that updateConfigGeneric() put in there
String puser = OPT + I2PTunnelHTTPClientBase.PROP_USER;
String user = config.getProperty(puser);
String ppw = OPT + I2PTunnelHTTPClientBase.PROP_PW;
String pw = config.getProperty(ppw);
if (user != null && pw != null && user.length() > 0 && pw.length() > 0) {
String pmd5 = OPT + I2PTunnelHTTPClientBase.PROP_PROXY_DIGEST_PREFIX + user + I2PTunnelHTTPClientBase.PROP_PROXY_DIGEST_SUFFIX;
if (config.getProperty(pmd5) == null) {
// not in there, migrate
String realm = _type.equals(TunnelController.TYPE_HTTP_CLIENT) ? I2PTunnelHTTPClient.AUTH_REALM : I2PTunnelConnectClient.AUTH_REALM;
String hex = PasswordManager.md5Hex(realm, user, pw);
if (hex != null) {
config.setProperty(pmd5, hex);
config.remove(puser);
config.remove(ppw);
}
}
}
// New user/password
String auth = _otherOptions.get(I2PTunnelHTTPClientBase.PROP_AUTH);
if (auth != null && !auth.equals("false")) {
if (_newProxyUser != null && _newProxyPW != null && _newProxyUser.length() > 0 && _newProxyPW.length() > 0) {
String pmd5 = OPT + I2PTunnelHTTPClientBase.PROP_PROXY_DIGEST_PREFIX + _newProxyUser + I2PTunnelHTTPClientBase.PROP_PROXY_DIGEST_SUFFIX;
String realm = _type.equals(TunnelController.TYPE_HTTP_CLIENT) ? I2PTunnelHTTPClient.AUTH_REALM : I2PTunnelConnectClient.AUTH_REALM;
String hex = PasswordManager.md5Hex(realm, _newProxyUser, _newProxyPW);
if (hex != null)
config.setProperty(pmd5, hex);
}
}
}
if (TunnelController.TYPE_IRC_CLIENT.equals(_type) || TunnelController.TYPE_STD_CLIENT.equals(_type) || TunnelController.TYPE_STREAMR_CLIENT.equals(_type)) {
if (_targetDestination != null)
config.setProperty(TunnelController.PROP_DEST, _targetDestination);
} else if (TunnelController.TYPE_HTTP_SERVER.equals(_type) || TunnelController.TYPE_HTTP_BIDIR_SERVER.equals(_type)) {
if (_spoofedHost != null)
config.setProperty(TunnelController.PROP_SPOOFED_HOST, _spoofedHost);
for (String p : _httpServerOpts) if (_otherOptions.containsKey(p))
config.setProperty(OPT + p, _otherOptions.get(p));
}
if (TunnelController.TYPE_HTTP_BIDIR_SERVER.equals(_type)) {
if (_port >= 0)
config.setProperty(TunnelController.PROP_LISTEN_PORT, Integer.toString(_port));
if (_reachableBy != null)
config.setProperty(TunnelController.PROP_INTFC, _reachableBy);
else if (_targetHost != null)
config.setProperty(TunnelController.PROP_INTFC, _targetHost);
else
config.setProperty(TunnelController.PROP_INTFC, "");
}
if (TunnelController.TYPE_IRC_CLIENT.equals(_type)) {
boolean dcc = _booleanOptions.contains(I2PTunnelIRCClient.PROP_DCC);
config.setProperty(OPT + I2PTunnelIRCClient.PROP_DCC, "" + dcc);
// add some sane server options since they aren't in the GUI (yet)
if (dcc) {
config.setProperty(OPT + PROP_MAX_CONNS_MIN, "3");
config.setProperty(OPT + PROP_MAX_CONNS_HOUR, "10");
config.setProperty(OPT + PROP_MAX_TOTAL_CONNS_MIN, "5");
config.setProperty(OPT + PROP_MAX_TOTAL_CONNS_HOUR, "25");
}
}
if (!TunnelController.isClient(_type) || _booleanOptions.contains("persistentClientKey")) {
// As of 0.9.17, add a persistent random key if not present
String p = OPT + "inbound.randomKey";
if (!config.containsKey(p)) {
byte[] rk = new byte[32];
_context.random().nextBytes(rk);
config.setProperty(p, Base64.encode(rk));
p = OPT + "outbound.randomKey";
_context.random().nextBytes(rk);
config.setProperty(p, Base64.encode(rk));
}
// As of 0.9.18, add persistent leaseset keys if not present
// but only if we know the sigtype
p = OPT + "i2cp.leaseSetSigningPrivateKey";
if (_dest != null && !config.containsKey(p)) {
try {
SigType type = _dest.getSigType();
SimpleDataStructure[] keys = KeyGenerator.getInstance().generateSigningKeys(type);
config.setProperty(p, type.name() + ':' + keys[1].toBase64());
p = OPT + "i2cp.leaseSetPrivateKey";
keys = KeyGenerator.getInstance().generatePKIKeys();
config.setProperty(p, "ELGAMAL_2048:" + keys[1].toBase64());
} catch (GeneralSecurityException gse) {
// so much for that
}
}
}
return config;
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
Properties(java.util.Properties)
SimpleDataStructure(net.i2p.data.SimpleDataStructure)
SigType(net.i2p.crypto.SigType)
Aggregations
SigType (net.i2p.crypto.SigType)44
IOException (java.io.IOException)18
DataFormatException (net.i2p.data.DataFormatException)15
Signature (net.i2p.data.Signature)14
Destination (net.i2p.data.Destination)12
SigningPublicKey (net.i2p.data.SigningPublicKey)11
File (java.io.File)6
GeneralSecurityException (java.security.GeneralSecurityException)6
Properties (java.util.Properties)6
Hash (net.i2p.data.Hash)6
PrivateKey (net.i2p.data.PrivateKey)6
SigningPrivateKey (net.i2p.data.SigningPrivateKey)6
PublicKey (net.i2p.data.PublicKey)5
SimpleDataStructure (net.i2p.data.SimpleDataStructure)5
RouterInfo (net.i2p.data.router.RouterInfo)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
I2PException (net.i2p.I2PException)4
RouterIdentity (net.i2p.data.router.RouterIdentity)4
Log (net.i2p.util.Log)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
