use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class SelfSignedGenerator method generate.
/**
* @param cname the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.
* @param altNames the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses.
* cname, localhost, 127.0.0.1, and ::1 will be automatically added.
* @param ou The OU (organizational unit) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
* @param o The O (organization)in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
* @param l The L (city or locality) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
* @param st The ST (state or province) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
* @param c The C (country) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
*
* @return length 4 array:
* rv[0] is a Java PublicKey
* rv[1] is a Java PrivateKey
* rv[2] is a Java X509Certificate
* rv[3] is a Java X509CRL
*
* @since 0.9.34 added altNames param
*/
public static Object[] generate(String cname, Set<String> altNames, String ou, String o, String l, String st, String c, int validDays, SigType type) throws GeneralSecurityException {
SimpleDataStructure[] keys = KeyGenerator.getInstance().generateSigningKeys(type);
SigningPublicKey pub = (SigningPublicKey) keys[0];
SigningPrivateKey priv = (SigningPrivateKey) keys[1];
PublicKey jpub = SigUtil.toJavaKey(pub);
PrivateKey jpriv = SigUtil.toJavaKey(priv);
return generate(jpub, jpriv, priv, type, cname, altNames, ou, o, l, st, c, validDays);
}
use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class Packet method verifySignature.
/**
* Determine whether the signature on the data is valid.
*
* @param ctx Application context
* @param from the Destination the data came from
* @param buffer data to validate with signature
* @return true if the signature exists and validates against the data,
* false otherwise.
*/
public boolean verifySignature(I2PAppContext ctx, Destination from, byte[] buffer) {
if (!isFlagSet(FLAG_SIGNATURE_INCLUDED))
return false;
if (_optionSignature == null)
return false;
// prevent receiveNewSyn() ... !active ... sendReset() ... verifySignature ... NPE
if (from == null)
return false;
int size = writtenSize();
if (buffer == null)
buffer = new byte[size];
SigningPublicKey spk = from.getSigningPublicKey();
SigType type = spk.getType();
if (type == null) {
Log l = ctx.logManager().getLog(Packet.class);
if (l.shouldLog(Log.WARN))
l.warn("Unknown sig type in " + from + " cannot verify " + toString());
return false;
}
int written = writePacket(buffer, 0, type.getSigLen());
if (written != size) {
ctx.logManager().getLog(Packet.class).error("Written " + written + " size " + size + " for " + toString(), new Exception("moo"));
return false;
}
// on a close or reset packet where we have a signature without a FROM
if (type != _optionSignature.getType() && type.getSigLen() == _optionSignature.length())
_optionSignature = new Signature(type, _optionSignature.getData());
boolean ok = ctx.dsa().verifySignature(_optionSignature, buffer, 0, size, spk);
if (!ok) {
Log l = ctx.logManager().getLog(Packet.class);
if (l.shouldLog(Log.WARN))
l.warn("Signature failed on " + toString(), new Exception("moo"));
// if (false) {
// l.error(Base64.encode(buffer, 0, size));
// l.error("Signature: " + Base64.encode(_optionSignature.getData()));
// }
}
return ok;
}
use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class TunnelController method createAltPrivateKey.
/**
* Creates alternate Destination with the same encryption keys as the primary Destination,
* but a different signing key.
*
* Must have already called createPrivateKey() successfully.
* Does nothing unless option OPT_ALT_PKF is set with the privkey file name.
* Does nothing if the file already exists.
*
* @return success
* @since 0.9.30
*/
private boolean createAltPrivateKey() {
if (PREFERRED_SIGTYPE == SigType.DSA_SHA1)
return false;
File keyFile = getPrivateKeyFile();
if (keyFile == null)
return false;
if (!keyFile.exists())
return false;
File altFile = getAlternatePrivateKeyFile();
if (altFile == null)
return false;
if (altFile.equals(keyFile))
return false;
if (altFile.exists())
return true;
PrivateKeyFile pkf = new PrivateKeyFile(keyFile);
FileOutputStream out = null;
try {
Destination dest = pkf.getDestination();
if (dest == null)
return false;
if (dest.getSigType() != SigType.DSA_SHA1)
return false;
PublicKey pub = dest.getPublicKey();
PrivateKey priv = pkf.getPrivKey();
SimpleDataStructure[] signingKeys = KeyGenerator.getInstance().generateSigningKeys(PREFERRED_SIGTYPE);
SigningPublicKey signingPubKey = (SigningPublicKey) signingKeys[0];
SigningPrivateKey signingPrivKey = (SigningPrivateKey) signingKeys[1];
KeyCertificate cert = new KeyCertificate(signingPubKey);
Destination d = new Destination();
d.setPublicKey(pub);
d.setSigningPublicKey(signingPubKey);
d.setCertificate(cert);
int len = signingPubKey.length();
if (len < 128) {
byte[] pad = new byte[128 - len];
RandomSource.getInstance().nextBytes(pad);
d.setPadding(pad);
} else if (len > 128) {
// copy of excess data handled in KeyCertificate constructor
}
out = new SecureFileOutputStream(altFile);
d.writeBytes(out);
priv.writeBytes(out);
signingPrivKey.writeBytes(out);
try {
out.close();
} catch (IOException ioe) {
}
String destStr = d.toBase64();
log("Alternate private key created and saved in " + altFile.getAbsolutePath());
log("You should backup this file in a secure place.");
log("New alternate destination: " + destStr);
String b32 = d.toBase32();
log("Base32: " + b32);
File backupDir = new SecureFile(I2PAppContext.getGlobalContext().getConfigDir(), KEY_BACKUP_DIR);
if (backupDir.isDirectory() || backupDir.mkdir()) {
String name = b32 + '-' + I2PAppContext.getGlobalContext().clock().now() + ".dat";
File backup = new File(backupDir, name);
if (FileUtil.copy(altFile, backup, false, true)) {
SecureFileOutputStream.setPerms(backup);
log("Alternate private key backup saved to " + backup.getAbsolutePath());
}
}
return true;
} catch (GeneralSecurityException e) {
log("Error creating keys " + e);
return false;
} catch (I2PSessionException e) {
log("Error creating keys " + e);
return false;
} catch (I2PException e) {
log("Error creating keys " + e);
return false;
} catch (IOException e) {
log("Error creating keys " + e);
return false;
} catch (RuntimeException e) {
log("Error creating keys " + e);
return false;
} finally {
if (out != null)
try {
out.close();
} catch (IOException ioe) {
}
}
}
use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class LoadRouterInfoJob method readKeyData.
/**
* @param rkf1 in router.keys format, tried second
* @param rkf2 in eepPriv.dat format, tried first
* @return non-null, throws IOE if neither exisits
* @since 0.9.16
*/
public static KeyData readKeyData(File rkf1, File rkf2) throws DataFormatException, IOException {
RouterIdentity ri;
PrivateKey privkey;
SigningPrivateKey signingPrivKey;
if (rkf2.exists()) {
RouterPrivateKeyFile pkf = new RouterPrivateKeyFile(rkf2);
ri = pkf.getRouterIdentity();
if (!pkf.validateKeyPairs())
throw new DataFormatException("Key pairs invalid");
privkey = pkf.getPrivKey();
signingPrivKey = pkf.getSigningPrivKey();
} else {
InputStream fis = null;
try {
fis = new BufferedInputStream(new FileInputStream(rkf1));
privkey = new PrivateKey();
privkey.readBytes(fis);
signingPrivKey = new SigningPrivateKey();
signingPrivKey.readBytes(fis);
PublicKey pubkey = new PublicKey();
pubkey.readBytes(fis);
SigningPublicKey signingPubKey = new SigningPublicKey();
signingPubKey.readBytes(fis);
// validate
try {
if (!pubkey.equals(KeyGenerator.getPublicKey(privkey)))
throw new DataFormatException("Key pairs invalid");
if (!signingPubKey.equals(KeyGenerator.getSigningPublicKey(signingPrivKey)))
throw new DataFormatException("Key pairs invalid");
} catch (IllegalArgumentException iae) {
throw new DataFormatException("Key pairs invalid", iae);
}
ri = new RouterIdentity();
ri.setPublicKey(pubkey);
ri.setSigningPublicKey(signingPubKey);
ri.setCertificate(Certificate.NULL_CERT);
} finally {
if (fis != null)
try {
fis.close();
} catch (IOException ioe) {
}
}
}
return new KeyData(ri, privkey, signingPrivKey);
}
use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class DSABench method main.
public static void main(String[] args) {
int times = 100;
long keygentime = 0;
long signtime = 0;
long verifytime = 0;
long maxKey = 0;
long minKey = 0;
long maxS = 0;
long minS = 0;
long maxV = 0;
long minV = 0;
Object[] keys = KeyGenerator.getInstance().generateSigningKeypair();
byte[] message = new byte[32 + 32];
for (int i = 0; i < message.length; i++) message[i] = (byte) ((i % 26) + 'a');
for (int x = 0; x < times; x++) {
long startkeys = System.currentTimeMillis();
keys = KeyGenerator.getInstance().generateSigningKeypair();
SigningPublicKey pubkey = (SigningPublicKey) keys[0];
SigningPrivateKey privkey = (SigningPrivateKey) keys[1];
long endkeys = System.currentTimeMillis();
long startsign = System.currentTimeMillis();
Signature s = DSAEngine.getInstance().sign(message, privkey);
Signature s1 = DSAEngine.getInstance().sign(new ByteArrayInputStream(message), privkey);
long endsignstartverify = System.currentTimeMillis();
boolean v = DSAEngine.getInstance().verifySignature(s, message, pubkey);
boolean v1 = DSAEngine.getInstance().verifySignature(s1, new ByteArrayInputStream(message), pubkey);
boolean v2 = DSAEngine.getInstance().verifySignature(s1, message, pubkey);
boolean v3 = DSAEngine.getInstance().verifySignature(s, new ByteArrayInputStream(message), pubkey);
long endverify = System.currentTimeMillis();
System.out.print(".");
keygentime += endkeys - startkeys;
signtime += endsignstartverify - startsign;
verifytime += endverify - endsignstartverify;
if (!v) {
throw new RuntimeException("Holy crap, did not verify");
}
if (!(v1 && v2 && v3))
throw new RuntimeException("Stream did not verify");
if ((minKey == 0) && (minS == 0) && (minV == 0)) {
minKey = endkeys - startkeys;
maxKey = endkeys - startkeys;
minS = endsignstartverify - startsign;
maxS = endsignstartverify - startsign;
minV = endverify - endsignstartverify;
maxV = endverify - endsignstartverify;
} else {
if (minKey > endkeys - startkeys)
minKey = endkeys - startkeys;
if (maxKey < endkeys - startkeys)
maxKey = endkeys - startkeys;
if (minS > endsignstartverify - startsign)
minS = endsignstartverify - startsign;
if (maxS < endsignstartverify - startsign)
maxS = endsignstartverify - startsign;
if (minV > endverify - endsignstartverify)
minV = endverify - endsignstartverify;
if (maxV < endverify - endsignstartverify)
maxV = endverify - endsignstartverify;
}
}
System.out.println();
System.out.println("Key Generation Time Average: " + (keygentime / times) + "\ttotal: " + keygentime + "\tmin: " + minKey + "\tmax: " + maxKey + "\tKeygen/second: " + (keygentime == 0 ? "NaN" : "" + (times * 1000) / keygentime));
System.out.println("Signing Time Average : " + (signtime / times) + "\ttotal: " + signtime + "\tmin: " + minS + "\tmax: " + maxS + "\tSigning Bps: " + (times * message.length * 1000) / signtime);
System.out.println("Verification Time Average : " + (verifytime / times) + "\ttotal: " + verifytime + "\tmin: " + minV + "\tmax: " + maxV + "\tDecryption Bps: " + (times * message.length * 1000) / verifytime);
}
Aggregations