forked from I2P_Developers/i2p.i2p
Add RSAConstants
Specify RSA parameters Add RSA sig types Specify cert signature algorithm when generating keys Extend keygen max wait Catch NPE if sign fails in SU3File Fix signature conversion for RSA Fix public key conversion for RSA
This commit is contained in:
@ -315,10 +315,11 @@ public class KeyStoreUtil {
|
|||||||
"-dname", "CN=" + cname + ",OU=" + ou + ",O=I2P Anonymous Network,L=XX,ST=XX,C=XX",
|
"-dname", "CN=" + cname + ",OU=" + ou + ",O=I2P Anonymous Network,L=XX,ST=XX,C=XX",
|
||||||
"-validity", Integer.toString(validDays), // 10 years
|
"-validity", Integer.toString(validDays), // 10 years
|
||||||
"-keyalg", keyAlg,
|
"-keyalg", keyAlg,
|
||||||
|
"-sigalg", getSigAlg(keySize, keyAlg),
|
||||||
"-keysize", Integer.toString(keySize),
|
"-keysize", Integer.toString(keySize),
|
||||||
"-keypass", keyPW
|
"-keypass", keyPW
|
||||||
};
|
};
|
||||||
boolean success = (new ShellCommand()).executeSilentAndWaitTimed(args, 30); // 30 secs
|
boolean success = (new ShellCommand()).executeSilentAndWaitTimed(args, 240);
|
||||||
if (success) {
|
if (success) {
|
||||||
success = ks.exists();
|
success = ks.exists();
|
||||||
}
|
}
|
||||||
@ -335,6 +336,30 @@ public class KeyStoreUtil {
|
|||||||
return success;
|
return success;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static String getSigAlg(int size, String keyalg) {
|
||||||
|
if (keyalg.equals("EC"))
|
||||||
|
keyalg = "ECDSA";
|
||||||
|
String hash;
|
||||||
|
if (keyalg.equals("ECDSA")) {
|
||||||
|
if (size <= 256)
|
||||||
|
hash = "SHA256";
|
||||||
|
else if (size <= 384)
|
||||||
|
hash = "SHA384";
|
||||||
|
else
|
||||||
|
hash = "SHA512";
|
||||||
|
} else {
|
||||||
|
if (size <= 1024)
|
||||||
|
hash = "SHA1";
|
||||||
|
else if (size <= 2048)
|
||||||
|
hash = "SHA256";
|
||||||
|
else if (size <= 3072)
|
||||||
|
hash = "SHA384";
|
||||||
|
else
|
||||||
|
hash = "SHA512";
|
||||||
|
}
|
||||||
|
return hash + "with" + keyalg;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a private key out of a keystore
|
* Get a private key out of a keystore
|
||||||
*
|
*
|
||||||
|
|||||||
29
core/java/src/net/i2p/crypto/RSAConstants.java
Normal file
29
core/java/src/net/i2p/crypto/RSAConstants.java
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
package net.i2p.crypto;
|
||||||
|
|
||||||
|
import java.math.BigInteger;
|
||||||
|
import java.security.spec.RSAKeyGenParameterSpec;
|
||||||
|
|
||||||
|
import net.i2p.util.NativeBigInteger;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constants for RSA
|
||||||
|
*
|
||||||
|
* @since 0.9.9
|
||||||
|
*/
|
||||||
|
class RSAConstants {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generate a spec
|
||||||
|
*/
|
||||||
|
private static RSAKeyGenParameterSpec genSpec(int size, BigInteger exp) {
|
||||||
|
return new RSAKeyGenParameterSpec(size, exp);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static final BigInteger F4 = new NativeBigInteger(RSAKeyGenParameterSpec.F4);
|
||||||
|
|
||||||
|
// standard specs
|
||||||
|
public static final RSAKeyGenParameterSpec F4_1024_SPEC = genSpec(1024, F4);
|
||||||
|
public static final RSAKeyGenParameterSpec F4_2048_SPEC = genSpec(2048, F4);
|
||||||
|
public static final RSAKeyGenParameterSpec F4_3072_SPEC = genSpec(3072, F4);
|
||||||
|
public static final RSAKeyGenParameterSpec F4_4096_SPEC = genSpec(4096, F4);
|
||||||
|
}
|
||||||
@ -385,6 +385,8 @@ public class SU3File {
|
|||||||
SimpleDataStructure hash = sigType.getHashInstance();
|
SimpleDataStructure hash = sigType.getHashInstance();
|
||||||
hash.setData(sha);
|
hash.setData(sha);
|
||||||
Signature signature = _context.dsa().sign(hash, privkey, sigType);
|
Signature signature = _context.dsa().sign(hash, privkey, sigType);
|
||||||
|
if (signature == null)
|
||||||
|
throw new IOException("sig fail");
|
||||||
//System.out.println("hash\n" + HexDump.dump(sha));
|
//System.out.println("hash\n" + HexDump.dump(sha));
|
||||||
//System.out.println("sig\n" + HexDump.dump(signature.getData()));
|
//System.out.println("sig\n" + HexDump.dump(signature.getData()));
|
||||||
signature.writeBytes(out);
|
signature.writeBytes(out);
|
||||||
|
|||||||
@ -54,6 +54,11 @@ public enum SigType {
|
|||||||
ECDSA_SHA256_K409(15, 104, 52, 32, 104, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K409_SPEC),
|
ECDSA_SHA256_K409(15, 104, 52, 32, 104, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K409_SPEC),
|
||||||
ECDSA_SHA256_K571(16, 144, 72, 32, 144, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K571_SPEC),
|
ECDSA_SHA256_K571(16, 144, 72, 32, 144, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K571_SPEC),
|
||||||
|
|
||||||
|
RSA_SHA1(17, 128, 256, 20, 128, SigAlgo.RSA, "SHA-1", "SHA1withRSA", RSAConstants.F4_1024_SPEC),
|
||||||
|
RSA_SHA256(18, 256, 512, 32, 256, SigAlgo.RSA, "SHA-256", "SHA256withRSA", RSAConstants.F4_2048_SPEC),
|
||||||
|
RSA_SHA384(19, 384, 768, 48, 384, SigAlgo.RSA, "SHA-384", "SHA2384ithRSA", RSAConstants.F4_3072_SPEC),
|
||||||
|
RSA_SHA512(20, 512, 1024, 64, 512, SigAlgo.RSA, "SHA-512", "SHA512withRSA", RSAConstants.F4_4096_SPEC),
|
||||||
|
|
||||||
//MD5
|
//MD5
|
||||||
//ELGAMAL_SHA256
|
//ELGAMAL_SHA256
|
||||||
//RSA_SHA1
|
//RSA_SHA1
|
||||||
|
|||||||
@ -31,6 +31,7 @@ import java.security.spec.ECPoint;
|
|||||||
import java.security.spec.EllipticCurve;
|
import java.security.spec.EllipticCurve;
|
||||||
import java.security.spec.KeySpec;
|
import java.security.spec.KeySpec;
|
||||||
import java.security.spec.PKCS8EncodedKeySpec;
|
import java.security.spec.PKCS8EncodedKeySpec;
|
||||||
|
import java.security.spec.RSAKeyGenParameterSpec;
|
||||||
import java.security.spec.RSAPrivateKeySpec;
|
import java.security.spec.RSAPrivateKeySpec;
|
||||||
import java.security.spec.RSAPublicKeySpec;
|
import java.security.spec.RSAPublicKeySpec;
|
||||||
import java.security.spec.X509EncodedKeySpec;
|
import java.security.spec.X509EncodedKeySpec;
|
||||||
@ -169,8 +170,8 @@ class SigUtil {
|
|||||||
byte[] by = new byte[sublen];
|
byte[] by = new byte[sublen];
|
||||||
System.arraycopy(b, 0, bx, 0, sublen);
|
System.arraycopy(b, 0, bx, 0, sublen);
|
||||||
System.arraycopy(b, sublen, by, 0, sublen);
|
System.arraycopy(b, sublen, by, 0, sublen);
|
||||||
BigInteger x = new BigInteger(1, bx);
|
BigInteger x = new NativeBigInteger(1, bx);
|
||||||
BigInteger y = new BigInteger(1, by);
|
BigInteger y = new NativeBigInteger(1, by);
|
||||||
ECPoint w = new ECPoint(x, y);
|
ECPoint w = new ECPoint(x, y);
|
||||||
// see ECConstants re: casting
|
// see ECConstants re: casting
|
||||||
ECPublicKeySpec ks = new ECPublicKeySpec(w, (ECParameterSpec) type.getParams());
|
ECPublicKeySpec ks = new ECPublicKeySpec(w, (ECParameterSpec) type.getParams());
|
||||||
@ -184,7 +185,7 @@ class SigUtil {
|
|||||||
int len = type.getPubkeyLen();
|
int len = type.getPubkeyLen();
|
||||||
int sublen = len / 2;
|
int sublen = len / 2;
|
||||||
byte[] b = pk.getData();
|
byte[] b = pk.getData();
|
||||||
BigInteger s = new BigInteger(1, b);
|
BigInteger s = new NativeBigInteger(1, b);
|
||||||
// see ECConstants re: casting
|
// see ECConstants re: casting
|
||||||
ECPrivateKeySpec ks = new ECPrivateKeySpec(s, (ECParameterSpec) type.getParams());
|
ECPrivateKeySpec ks = new ECPrivateKeySpec(s, (ECParameterSpec) type.getParams());
|
||||||
KeyFactory kf = KeyFactory.getInstance("EC");
|
KeyFactory kf = KeyFactory.getInstance("EC");
|
||||||
@ -254,42 +255,71 @@ class SigUtil {
|
|||||||
return new SigningPrivateKey(type, bx);
|
return new SigningPrivateKey(type, bx);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @deprecated unused
|
||||||
|
*/
|
||||||
public static RSAPublicKey toJavaRSAKey(SigningPublicKey pk)
|
public static RSAPublicKey toJavaRSAKey(SigningPublicKey pk)
|
||||||
throws GeneralSecurityException {
|
throws GeneralSecurityException {
|
||||||
|
SigType type = pk.getType();
|
||||||
KeyFactory kf = KeyFactory.getInstance("RSA");
|
KeyFactory kf = KeyFactory.getInstance("RSA");
|
||||||
|
BigInteger n = new NativeBigInteger(1, pk.getData());
|
||||||
|
BigInteger e = ((RSAKeyGenParameterSpec)type.getParams()).getPublicExponent();
|
||||||
// modulus exponent
|
// modulus exponent
|
||||||
KeySpec ks = new RSAPublicKeySpec(null, null); // FIXME
|
KeySpec ks = new RSAPublicKeySpec(n, e);
|
||||||
return (RSAPublicKey) kf.generatePublic(ks);
|
return (RSAPublicKey) kf.generatePublic(ks);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @deprecated unimplemented, unused
|
||||||
|
*/
|
||||||
public static RSAPrivateKey toJavaRSAKey(SigningPrivateKey pk)
|
public static RSAPrivateKey toJavaRSAKey(SigningPrivateKey pk)
|
||||||
throws GeneralSecurityException {
|
throws GeneralSecurityException {
|
||||||
|
/*
|
||||||
KeyFactory kf = KeyFactory.getInstance("RSA");
|
KeyFactory kf = KeyFactory.getInstance("RSA");
|
||||||
|
// private key is modulus (pubkey) + exponent
|
||||||
|
// get each part like in EC
|
||||||
|
BigInteger n = new NativeBigInteger(1, ...);
|
||||||
|
BigInteger d = new NativeBigInteger(1, ...);
|
||||||
// modulus exponent
|
// modulus exponent
|
||||||
KeySpec ks = new RSAPrivateKeySpec(null, null); // FIXME
|
KeySpec ks = new RSAPrivateKeySpec(n, d); // 65537 0x10001
|
||||||
return (RSAPrivateKey) kf.generatePrivate(ks);
|
return (RSAPrivateKey) kf.generatePrivate(ks);
|
||||||
|
*/
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @deprecated unused
|
||||||
|
*/
|
||||||
public static SigningPublicKey fromJavaKey(RSAPublicKey pk, SigType type)
|
public static SigningPublicKey fromJavaKey(RSAPublicKey pk, SigType type)
|
||||||
throws GeneralSecurityException {
|
throws GeneralSecurityException {
|
||||||
BigInteger y = pk.getPublicExponent();
|
BigInteger n = pk.getModulus();
|
||||||
int len = type.getPubkeyLen();
|
int len = type.getPubkeyLen();
|
||||||
byte[] by = rectify(y, len);
|
byte[] bn = rectify(n, len);
|
||||||
return new SigningPublicKey(type, by);
|
return new SigningPublicKey(type, bn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @deprecated unimplemented, unused
|
||||||
|
*/
|
||||||
public static SigningPrivateKey fromJavaKey(RSAPrivateKey pk, SigType type)
|
public static SigningPrivateKey fromJavaKey(RSAPrivateKey pk, SigType type)
|
||||||
throws GeneralSecurityException {
|
throws GeneralSecurityException {
|
||||||
BigInteger x = pk.getPrivateExponent();
|
/*
|
||||||
int len = type.getPrivkeyLen();
|
// private key is modulus (pubkey) + exponent
|
||||||
byte[] bx = rectify(x, len);
|
BigInteger n = pk.getModulus();
|
||||||
|
BigInteger d = pk.getPrivateExponent();
|
||||||
|
// put them together like in EC
|
||||||
return new SigningPrivateKey(type, bx);
|
return new SigningPrivateKey(type, bx);
|
||||||
|
*/
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return ASN.1 representation
|
* @return ASN.1 representation
|
||||||
*/
|
*/
|
||||||
public static byte[] toJavaSig(Signature sig) {
|
public static byte[] toJavaSig(Signature sig) {
|
||||||
|
// RSA sigs are not ASN encoded
|
||||||
|
if (sig.getType().getBaseAlgorithm() == SigAlgo.RSA)
|
||||||
|
return sig.getData();
|
||||||
return sigBytesToASN1(sig.getData());
|
return sigBytesToASN1(sig.getData());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -299,6 +329,9 @@ class SigUtil {
|
|||||||
*/
|
*/
|
||||||
public static Signature fromJavaSig(byte[] asn, SigType type)
|
public static Signature fromJavaSig(byte[] asn, SigType type)
|
||||||
throws SignatureException {
|
throws SignatureException {
|
||||||
|
// RSA sigs are not ASN encoded
|
||||||
|
if (type.getBaseAlgorithm() == SigAlgo.RSA)
|
||||||
|
return new Signature(type, asn);
|
||||||
return new Signature(type, aSN1ToSigBytes(asn, type.getSigLen()));
|
return new Signature(type, aSN1ToSigBytes(asn, type.getSigLen()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user