Example 21 with Signature
use of net.i2p.data.Signature in project i2p.i2p by i2p.
the class TrustedUpdate method verify.
/**
* Verifies the DSA signature of a signed update file.
*
* @param signedFile The signed update file to check.
* @param signingPublicKey An instance of
* {@link net.i2p.data.SigningPublicKey} to use for
* verification.
*
* @return <code>true</code> if the file has a valid signature, otherwise
* <code>false</code>.
*/
public boolean verify(File signedFile, SigningPublicKey signingPublicKey) {
FileInputStream fileInputStream = null;
try {
fileInputStream = new FileInputStream(signedFile);
Signature signature = new Signature();
signature.readBytes(fileInputStream);
return _context.dsa().verifySignature(signature, fileInputStream, signingPublicKey);
} catch (IOException ioe) {
if (_log.shouldLog(Log.WARN))
_log.warn("Error reading " + signedFile + " to verify", ioe);
return false;
} catch (DataFormatException dfe) {
if (_log.shouldLog(Log.ERROR))
_log.error("Error reading the signature", dfe);
return false;
} finally {
if (fileInputStream != null)
try {
fileInputStream.close();
} catch (IOException ioe) {
}
}
}
Also used :
DataFormatException(net.i2p.data.DataFormatException)
Signature(net.i2p.data.Signature)
IOException(java.io.IOException)
FileInputStream(java.io.FileInputStream)
Example 22 with Signature
use of net.i2p.data.Signature in project i2p.i2p by i2p.
the class SelfSignedGenerator method generateCRL.
/**
* Generate a CRL for the given cert, signed with the given private key
*/
private static X509CRL generateCRL(X509Certificate cert, int validDays, int crlNum, byte[] sigoid, PrivateKey jpriv) throws GeneralSecurityException {
SigningPrivateKey priv = SigUtil.fromJavaKey(jpriv);
byte[] tbs = genTBSCRL(cert, validDays, crlNum, sigoid);
int tbslen = tbs.length;
Signature sig = DSAEngine.getInstance().sign(tbs, priv);
if (sig == null)
throw new GeneralSecurityException("sig failed");
byte[] sigbytes = SigUtil.toJavaSig(sig);
int seqlen = tbslen + sigoid.length + spaceFor(sigbytes.length + 1);
int totlen = spaceFor(seqlen);
byte[] cb = new byte[totlen];
int idx = 0;
// construct the whole encoded cert
cb[idx++] = 0x30;
idx = intToASN1(cb, idx, seqlen);
// TBS cert
System.arraycopy(tbs, 0, cb, idx, tbs.length);
idx += tbs.length;
// sig algo
System.arraycopy(sigoid, 0, cb, idx, sigoid.length);
idx += sigoid.length;
// sig (bit string)
cb[idx++] = 0x03;
idx = intToASN1(cb, idx, sigbytes.length + 1);
cb[idx++] = 0;
System.arraycopy(sigbytes, 0, cb, idx, sigbytes.length);
/**
**
* if (DEBUG) {
* System.out.println("CRL Sig OID");
* System.out.println(HexDump.dump(sigoid));
* System.out.println("CRL Signature");
* System.out.println(HexDump.dump(sigbytes));
* System.out.println("Whole CRL");
* System.out.println(HexDump.dump(cb));
* }
***
*/
ByteArrayInputStream bais = new ByteArrayInputStream(cb);
X509CRL rv;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// wow, unlike for x509Certificates, there's no validation here at all
// ASN.1 errors don't cause any exceptions
rv = (X509CRL) cf.generateCRL(bais);
} catch (IllegalArgumentException iae) {
throw new GeneralSecurityException("cert error", iae);
}
return rv;
}
Also used :
SigningPrivateKey(net.i2p.data.SigningPrivateKey)
X509CRL(java.security.cert.X509CRL)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Signature(net.i2p.data.Signature)
GeneralSecurityException(java.security.GeneralSecurityException)
CertificateFactory(java.security.cert.CertificateFactory)
Example 23 with Signature
use of net.i2p.data.Signature in project i2p.i2p by i2p.
the class InboundEstablishState method verifyIdentity.
/**
* Determine if Alice sent us a valid confirmation packet. The
* identity signs: Alice's IP + Alice's port + Bob's IP + Bob's port
* + Alice's new relay key + Alice's signed on time
*
* Note that the protocol does not include a signature of the RouterIdentity,
* which could be a problem?
*
* Caller must synch on this.
*/
private void verifyIdentity() {
if (_receivedUnconfirmedIdentity == null)
// either not yet recvd or bad ident
return;
if (_receivedSignature == null)
// either not yet recvd or bad sig
return;
byte[] signed = new byte[// X + Y
256 + 256 + _aliceIP.length + 2 + _bobIP.length + 2 + // Alice's relay key
4 + // signed on time
4];
int off = 0;
System.arraycopy(_receivedX, 0, signed, off, _receivedX.length);
off += _receivedX.length;
getSentY();
System.arraycopy(_sentY, 0, signed, off, _sentY.length);
off += _sentY.length;
System.arraycopy(_aliceIP, 0, signed, off, _aliceIP.length);
off += _aliceIP.length;
DataHelper.toLong(signed, off, 2, _alicePort);
off += 2;
System.arraycopy(_bobIP, 0, signed, off, _bobIP.length);
off += _bobIP.length;
DataHelper.toLong(signed, off, 2, _bobPort);
off += 2;
DataHelper.toLong(signed, off, 4, _sentRelayTag);
off += 4;
DataHelper.toLong(signed, off, 4, _receivedSignedOnTime);
Signature sig = new Signature(_receivedUnconfirmedIdentity.getSigType(), _receivedSignature);
boolean ok = _context.dsa().verifySignature(sig, signed, _receivedUnconfirmedIdentity.getSigningPublicKey());
if (ok) {
// todo partial spoof detection - get peer.calculateHash(),
// lookup in netdb locally, if not equal, fail?
_receivedConfirmedIdentity = _receivedUnconfirmedIdentity;
} else {
if (_log.shouldLog(Log.WARN))
_log.warn("Signature failed from " + _receivedUnconfirmedIdentity);
}
}
Also used :
Signature(net.i2p.data.Signature)
Example 24 with Signature
use of net.i2p.data.Signature in project i2p.i2p by i2p.
the class PacketBuilder method buildSessionConfirmedPacket.
/**
* Build a new SessionConfirmed packet for the given peer
*
* @return ready to send packets, or null if there was a problem
*/
private UDPPacket buildSessionConfirmedPacket(OutboundEstablishState state, int fragmentNum, int numFragments, byte[] identity) {
UDPPacket packet = buildPacketHeader(SESSION_CONFIRMED_FLAG_BYTE);
DatagramPacket pkt = packet.getPacket();
byte[] data = pkt.getData();
int off = HEADER_SIZE;
InetAddress to = null;
try {
to = InetAddress.getByAddress(state.getSentIP());
} catch (UnknownHostException uhe) {
if (_log.shouldLog(Log.ERROR))
_log.error("How did we think this was a valid IP? " + state.getRemoteHostId().toString());
packet.release();
return null;
}
// now for the body
data[off] = (byte) (fragmentNum << 4);
data[off] |= (numFragments & 0xF);
off++;
int curFragSize = MAX_IDENTITY_FRAGMENT_SIZE;
if (fragmentNum == numFragments - 1) {
if (identity.length % MAX_IDENTITY_FRAGMENT_SIZE != 0)
curFragSize = identity.length % MAX_IDENTITY_FRAGMENT_SIZE;
}
DataHelper.toLong(data, off, 2, curFragSize);
off += 2;
int curFragOffset = fragmentNum * MAX_IDENTITY_FRAGMENT_SIZE;
System.arraycopy(identity, curFragOffset, data, off, curFragSize);
off += curFragSize;
if (fragmentNum == numFragments - 1) {
DataHelper.toLong(data, off, 4, state.getSentSignedOnTime());
off += 4;
// handle variable signature size
// we need to pad this so we're at the encryption boundary
Signature sig = state.getSentSignature();
int siglen = sig.length();
int mod = (off + siglen) & 0x0f;
if (mod != 0) {
int paddingRequired = 16 - mod;
// add an arbitrary number of 16byte pad blocks too ???
_context.random().nextBytes(data, off, paddingRequired);
off += paddingRequired;
}
// We cannot have non-mod16 (pad2) padding here, since the signature
// is at the end. As of 0.9.7 we won't decrypt past the end of the packet
// so trailing non-mod-16 data is ignored. That truncates the sig.
// BUG: NPE here if null signature
System.arraycopy(sig.getData(), 0, data, off, siglen);
off += siglen;
} else {
// We never get here (see above)
// nothing more to add beyond the identity fragment
// pad up so we're on the encryption boundary
off = pad1(data, off);
// allowed but untested
// off = pad2(data, off);
}
pkt.setLength(off);
authenticate(packet, state.getCipherKey(), state.getMACKey());
setTo(packet, to, state.getSentPort());
packet.setMessageType(TYPE_CONF);
return packet;
}
Also used :
UnknownHostException(java.net.UnknownHostException)
DatagramPacket(java.net.DatagramPacket)
Signature(net.i2p.data.Signature)
InetAddress(java.net.InetAddress)
Example 25 with Signature
use of net.i2p.data.Signature in project i2p.i2p by i2p.
the class Packet method verifySignature.
/**
* Determine whether the signature on the data is valid.
*
* @param ctx Application context
* @param from the Destination the data came from
* @param buffer data to validate with signature
* @return true if the signature exists and validates against the data,
* false otherwise.
*/
public boolean verifySignature(I2PAppContext ctx, Destination from, byte[] buffer) {
if (!isFlagSet(FLAG_SIGNATURE_INCLUDED))
return false;
if (_optionSignature == null)
return false;
// prevent receiveNewSyn() ... !active ... sendReset() ... verifySignature ... NPE
if (from == null)
return false;
int size = writtenSize();
if (buffer == null)
buffer = new byte[size];
SigningPublicKey spk = from.getSigningPublicKey();
SigType type = spk.getType();
if (type == null) {
Log l = ctx.logManager().getLog(Packet.class);
if (l.shouldLog(Log.WARN))
l.warn("Unknown sig type in " + from + " cannot verify " + toString());
return false;
}
int written = writePacket(buffer, 0, type.getSigLen());
if (written != size) {
ctx.logManager().getLog(Packet.class).error("Written " + written + " size " + size + " for " + toString(), new Exception("moo"));
return false;
}
// on a close or reset packet where we have a signature without a FROM
if (type != _optionSignature.getType() && type.getSigLen() == _optionSignature.length())
_optionSignature = new Signature(type, _optionSignature.getData());
boolean ok = ctx.dsa().verifySignature(_optionSignature, buffer, 0, size, spk);
if (!ok) {
Log l = ctx.logManager().getLog(Packet.class);
if (l.shouldLog(Log.WARN))
l.warn("Signature failed on " + toString(), new Exception("moo"));
// if (false) {
// l.error(Base64.encode(buffer, 0, size));
// l.error("Signature: " + Base64.encode(_optionSignature.getData()));
// }
}
return ok;
}
Also used :
SigningPublicKey(net.i2p.data.SigningPublicKey)
Log(net.i2p.util.Log)
Signature(net.i2p.data.Signature)
SigType(net.i2p.crypto.SigType)
DataFormatException(net.i2p.data.DataFormatException)
IOException(java.io.IOException)
Aggregations
Signature (net.i2p.data.Signature)36
IOException (java.io.IOException)16
SigType (net.i2p.crypto.SigType)14
DataFormatException (net.i2p.data.DataFormatException)11
SigningPublicKey (net.i2p.data.SigningPublicKey)11
ByteArrayInputStream (java.io.ByteArrayInputStream)7
GeneralSecurityException (java.security.GeneralSecurityException)6
FileInputStream (java.io.FileInputStream)5
StringWriter (java.io.StringWriter)5
SigningPrivateKey (net.i2p.data.SigningPrivateKey)5
InetAddress (java.net.InetAddress)4
MessageDigest (java.security.MessageDigest)4
Destination (net.i2p.data.Destination)4
SimpleDataStructure (net.i2p.data.SimpleDataStructure)4
FileOutputStream (java.io.FileOutputStream)3
InputStream (java.io.InputStream)3
DigestInputStream (java.security.DigestInputStream)3
Hash (net.i2p.data.Hash)3
Log (net.i2p.util.Log)3
SecureFileOutputStream (net.i2p.util.SecureFileOutputStream)3
