forked from I2P_Developers/i2p.i2p
RouterInfo: Backport fix for verification of EdDSA RI sig type
from i2p.i2p.zzz.test2
This commit is contained in:
@ -30,6 +30,7 @@ import net.i2p.crypto.DSAEngine;
|
|||||||
import net.i2p.crypto.SHA1;
|
import net.i2p.crypto.SHA1;
|
||||||
import net.i2p.crypto.SHA1Hash;
|
import net.i2p.crypto.SHA1Hash;
|
||||||
import net.i2p.crypto.SHA256Generator;
|
import net.i2p.crypto.SHA256Generator;
|
||||||
|
import net.i2p.crypto.SigType;
|
||||||
import net.i2p.util.Clock;
|
import net.i2p.util.Clock;
|
||||||
import net.i2p.util.Log;
|
import net.i2p.util.Log;
|
||||||
import net.i2p.util.OrderedProperties;
|
import net.i2p.util.OrderedProperties;
|
||||||
@ -518,17 +519,27 @@ public class RouterInfo extends DatabaseEntry {
|
|||||||
public void readBytes(InputStream in, boolean verifySig) throws DataFormatException, IOException {
|
public void readBytes(InputStream in, boolean verifySig) throws DataFormatException, IOException {
|
||||||
if (_signature != null)
|
if (_signature != null)
|
||||||
throw new IllegalStateException();
|
throw new IllegalStateException();
|
||||||
|
_identity = new RouterIdentity();
|
||||||
|
_identity.readBytes(in);
|
||||||
|
// can't set the digest until we know the sig type
|
||||||
InputStream din;
|
InputStream din;
|
||||||
MessageDigest digest;
|
MessageDigest digest;
|
||||||
if (verifySig) {
|
if (verifySig) {
|
||||||
digest = SHA1.getInstance();
|
SigType type = _identity.getSigningPublicKey().getType();
|
||||||
din = new DigestInputStream(in, digest);
|
if (type != SigType.EdDSA_SHA512_Ed25519) {
|
||||||
|
// This won't work for EdDSA
|
||||||
|
digest = _identity.getSigningPublicKey().getType().getDigestInstance();
|
||||||
|
// TODO any better way?
|
||||||
|
digest.update(_identity.toByteArray());
|
||||||
|
din = new DigestInputStream(in, digest);
|
||||||
|
} else {
|
||||||
|
digest = null;
|
||||||
|
din = in;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
digest = null;
|
digest = null;
|
||||||
din = in;
|
din = in;
|
||||||
}
|
}
|
||||||
_identity = new RouterIdentity();
|
|
||||||
_identity.readBytes(din);
|
|
||||||
// avoid thrashing objects
|
// avoid thrashing objects
|
||||||
//Date when = DataHelper.readDate(in);
|
//Date when = DataHelper.readDate(in);
|
||||||
//if (when == null)
|
//if (when == null)
|
||||||
@ -558,9 +569,16 @@ public class RouterInfo extends DatabaseEntry {
|
|||||||
_signature.readBytes(in);
|
_signature.readBytes(in);
|
||||||
|
|
||||||
if (verifySig) {
|
if (verifySig) {
|
||||||
SHA1Hash hash = new SHA1Hash(digest.digest());
|
SigType type = _identity.getSigningPublicKey().getType();
|
||||||
_isValid = DSAEngine.getInstance().verifySignature(_signature, hash, _identity.getSigningPublicKey());
|
if (type != SigType.EdDSA_SHA512_Ed25519) {
|
||||||
_validated = true;
|
// This won't work for EdDSA
|
||||||
|
SimpleDataStructure hash = _identity.getSigningPublicKey().getType().getHashInstance();
|
||||||
|
hash.setData(digest.digest());
|
||||||
|
_isValid = DSAEngine.getInstance().verifySignature(_signature, hash, _identity.getSigningPublicKey());
|
||||||
|
_validated = true;
|
||||||
|
} else {
|
||||||
|
doValidate();
|
||||||
|
}
|
||||||
if (!_isValid) {
|
if (!_isValid) {
|
||||||
throw new DataFormatException("Bad sig");
|
throw new DataFormatException("Bad sig");
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user