echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Data: Change LS2 sign/verify to match proposal changes

Browse Source
This commit is contained in:
zzz
2018-11-27 12:34:41 +00:00
parent b93be8bb4a
commit a8bacd8727
1 changed files with 54 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
core/java/src/net/i2p/data/LeaseSet2.java
View File

@ -337,6 +337,34 @@ public class LeaseSet2 extends LeaseSet {
_expires = _lastExpiration; _expires = _lastExpiration;
} }
/**
* Sign the structure using the supplied signing key.
* Overridden because LS2 sigs cover the type byte.
*
* @throws IllegalStateException if already signed
*/
@Override
public void sign(SigningPrivateKey key) throws DataFormatException {
if (_signature != null)
throw new IllegalStateException();
if (key == null)
throw new DataFormatException("No signing key");
int len = size();
ByteArrayOutputStream out = new ByteArrayOutputStream(1 + len);
try {
// unlike LS1, sig covers type
out.write(getType());
writeBytesWithoutSig(out);
} catch (IOException ioe) {
throw new DataFormatException("Signature failed", ioe);
}
byte data[] = out.toByteArray();
// now sign with the key
_signature = DSAEngine.getInstance().sign(data, key);
if (_signature == null)
throw new DataFormatException("Signature failed with " + key.getType() + " key");
}
/** /**
* Verify with the SPK in the dest for online sigs. * Verify with the SPK in the dest for online sigs.
* Verify with the SPK in the offline sig section for offline sigs. * Verify with the SPK in the offline sig section for offline sigs.
@ -344,26 +372,40 @@ public class LeaseSet2 extends LeaseSet {
*/ */
@Override @Override
public boolean verifySignature() { public boolean verifySignature() {
if (!isOffline())
return super.verifySignature();
if (_signature == null) if (_signature == null)
return false; return false;
// Disallow RSA as it's so slow it could be used as a DoS // Disallow RSA as it's so slow it could be used as a DoS
SigType type = _signature.getType(); SigType type = _signature.getType();
if (type == null || type.getBaseAlgorithm() == SigAlgo.RSA) if (type == null || type.getBaseAlgorithm() == SigAlgo.RSA)
return false; return false;
// verify offline block SigningPublicKey spk;
if (!verifyOfflineSignature()) if (isOffline()) {
// verify LS2 using offline block's SPK
// Disallow RSA as it's so slow it could be used as a DoS
type = _transientSigningPublicKey.getType();
if (type == null || type.getBaseAlgorithm() == SigAlgo.RSA)
return false;
if (!verifyOfflineSignature())
return false;
spk = _transientSigningPublicKey;
} else {
spk = getSigningPublicKey();
}
int len = size();
ByteArrayOutputStream out = new ByteArrayOutputStream(1 + len);
try {
// unlike LS1, sig covers type
out.write(getType());
writeBytesWithoutSig(out);
} catch (IOException ioe) {
ioe.printStackTrace();
return false; return false;
// verify LS2 using offline block's SPK } catch (DataFormatException dfe) {
// Disallow RSA as it's so slow it could be used as a DoS dfe.printStackTrace();
type = _transientSigningPublicKey.getType();
if (type == null || type.getBaseAlgorithm() == SigAlgo.RSA)
return false; return false;
byte data[] = getBytes(); }
if (data == null) byte data[] = out.toByteArray();
return false; return DSAEngine.getInstance().verifySignature(_signature, data, spk);
return DSAEngine.getInstance().verifySignature(_signature, data, _transientSigningPublicKey);
} }
@Override @Override