forked from I2P_Developers/i2p.i2p
* SigTypes:
- Add isSupportedSince(), use in floodfill selection - Handle mixed-case 25519 enum - Fix 25519 type code - Add dup type code check
This commit is contained in:
@ -29,27 +29,30 @@ public enum SigType {
|
|||||||
* Pubkey 128 bytes; privkey 20 bytes; hash 20 bytes; sig 40 bytes
|
* Pubkey 128 bytes; privkey 20 bytes; hash 20 bytes; sig 40 bytes
|
||||||
* @since 0.9.8
|
* @since 0.9.8
|
||||||
*/
|
*/
|
||||||
DSA_SHA1(0, 128, 20, 20, 40, SigAlgo.DSA, "SHA-1", "SHA1withDSA", CryptoConstants.DSA_SHA1_SPEC),
|
DSA_SHA1(0, 128, 20, 20, 40, SigAlgo.DSA, "SHA-1", "SHA1withDSA", CryptoConstants.DSA_SHA1_SPEC, "0"),
|
||||||
/** Pubkey 64 bytes; privkey 32 bytes; hash 32 bytes; sig 64 bytes */
|
/** Pubkey 64 bytes; privkey 32 bytes; hash 32 bytes; sig 64 bytes */
|
||||||
ECDSA_SHA256_P256(1, 64, 32, 32, 64, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.P256_SPEC),
|
ECDSA_SHA256_P256(1, 64, 32, 32, 64, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.P256_SPEC, "0.9.12"),
|
||||||
/** Pubkey 96 bytes; privkey 48 bytes; hash 48 bytes; sig 96 bytes */
|
/** Pubkey 96 bytes; privkey 48 bytes; hash 48 bytes; sig 96 bytes */
|
||||||
ECDSA_SHA384_P384(2, 96, 48, 48, 96, SigAlgo.EC, "SHA-384", "SHA384withECDSA", ECConstants.P384_SPEC),
|
ECDSA_SHA384_P384(2, 96, 48, 48, 96, SigAlgo.EC, "SHA-384", "SHA384withECDSA", ECConstants.P384_SPEC, "0.9.12"),
|
||||||
/** Pubkey 132 bytes; privkey 66 bytes; hash 64 bytes; sig 132 bytes */
|
/** Pubkey 132 bytes; privkey 66 bytes; hash 64 bytes; sig 132 bytes */
|
||||||
ECDSA_SHA512_P521(3, 132, 66, 64, 132, SigAlgo.EC, "SHA-512", "SHA512withECDSA", ECConstants.P521_SPEC),
|
ECDSA_SHA512_P521(3, 132, 66, 64, 132, SigAlgo.EC, "SHA-512", "SHA512withECDSA", ECConstants.P521_SPEC, "0.9.12"),
|
||||||
|
|
||||||
/** Pubkey 256 bytes; privkey 512 bytes; hash 32 bytes; sig 256 bytes */
|
/** Pubkey 256 bytes; privkey 512 bytes; hash 32 bytes; sig 256 bytes */
|
||||||
RSA_SHA256_2048(4, 256, 512, 32, 256, SigAlgo.RSA, "SHA-256", "SHA256withRSA", RSAConstants.F4_2048_SPEC),
|
RSA_SHA256_2048(4, 256, 512, 32, 256, SigAlgo.RSA, "SHA-256", "SHA256withRSA", RSAConstants.F4_2048_SPEC, "0.9.12"),
|
||||||
/** Pubkey 384 bytes; privkey 768 bytes; hash 48 bytes; sig 384 bytes */
|
/** Pubkey 384 bytes; privkey 768 bytes; hash 48 bytes; sig 384 bytes */
|
||||||
RSA_SHA384_3072(5, 384, 768, 48, 384, SigAlgo.RSA, "SHA-384", "SHA384withRSA", RSAConstants.F4_3072_SPEC),
|
RSA_SHA384_3072(5, 384, 768, 48, 384, SigAlgo.RSA, "SHA-384", "SHA384withRSA", RSAConstants.F4_3072_SPEC, "0.9.12"),
|
||||||
/** Pubkey 512 bytes; privkey 1024 bytes; hash 64 bytes; sig 512 bytes */
|
/** Pubkey 512 bytes; privkey 1024 bytes; hash 64 bytes; sig 512 bytes */
|
||||||
RSA_SHA512_4096(6, 512, 1024, 64, 512, SigAlgo.RSA, "SHA-512", "SHA512withRSA", RSAConstants.F4_4096_SPEC),
|
RSA_SHA512_4096(6, 512, 1024, 64, 512, SigAlgo.RSA, "SHA-512", "SHA512withRSA", RSAConstants.F4_4096_SPEC, "0.9.12"),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Pubkey 32 bytes; privkey 32 bytes; hash 64 bytes; sig 64 bytes
|
||||||
|
* @since 0.9.15
|
||||||
|
*/
|
||||||
|
EdDSA_SHA512_Ed25519(7, 32, 32, 64, 64, SigAlgo.EdDSA, "SHA-512", "SHA512withEdDSA", EdDSANamedCurveTable.getByName("ed25519-sha-512"), "0.9.15");
|
||||||
|
|
||||||
|
|
||||||
// TESTING....................
|
// TESTING....................
|
||||||
|
|
||||||
/** Pubkey 32 bytes; privkey 32 bytes; hash 64 bytes; sig 64 bytes; */
|
|
||||||
EdDSA_SHA512_Ed25519(4, 32, 32, 64, 64, SigAlgo.EdDSA, "SHA-512", "SHA512withEdDSA", EdDSANamedCurveTable.getByName("ed25519-sha-512"));
|
|
||||||
|
|
||||||
// others..........
|
// others..........
|
||||||
|
|
||||||
@ -90,11 +93,11 @@ public enum SigType {
|
|||||||
|
|
||||||
private final int code, pubkeyLen, privkeyLen, hashLen, sigLen;
|
private final int code, pubkeyLen, privkeyLen, hashLen, sigLen;
|
||||||
private final SigAlgo base;
|
private final SigAlgo base;
|
||||||
private final String digestName, algoName;
|
private final String digestName, algoName, since;
|
||||||
private final AlgorithmParameterSpec params;
|
private final AlgorithmParameterSpec params;
|
||||||
|
|
||||||
SigType(int cod, int pubLen, int privLen, int hLen, int sLen, SigAlgo baseAlgo,
|
SigType(int cod, int pubLen, int privLen, int hLen, int sLen, SigAlgo baseAlgo,
|
||||||
String mdName, String aName, AlgorithmParameterSpec pSpec) {
|
String mdName, String aName, AlgorithmParameterSpec pSpec, String supportedSince) {
|
||||||
code = cod;
|
code = cod;
|
||||||
pubkeyLen = pubLen;
|
pubkeyLen = pubLen;
|
||||||
privkeyLen = privLen;
|
privkeyLen = privLen;
|
||||||
@ -104,6 +107,7 @@ public enum SigType {
|
|||||||
digestName = mdName;
|
digestName = mdName;
|
||||||
algoName = aName;
|
algoName = aName;
|
||||||
params = pSpec;
|
params = pSpec;
|
||||||
|
since = supportedSince;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** the unique identifier for this type */
|
/** the unique identifier for this type */
|
||||||
@ -162,6 +166,15 @@ public enum SigType {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The router version in which this type was first supported.
|
||||||
|
*
|
||||||
|
* @since 0.9.15
|
||||||
|
*/
|
||||||
|
public String getSupportedSince() {
|
||||||
|
return since;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @since 0.9.12
|
* @since 0.9.12
|
||||||
* @return true if supported in this JVM
|
* @return true if supported in this JVM
|
||||||
@ -208,7 +221,8 @@ public enum SigType {
|
|||||||
|
|
||||||
static {
|
static {
|
||||||
for (SigType type : SigType.values()) {
|
for (SigType type : SigType.values()) {
|
||||||
BY_CODE.put(Integer.valueOf(type.getCode()), type);
|
if (BY_CODE.put(Integer.valueOf(type.getCode()), type) != null)
|
||||||
|
throw new IllegalStateException("Duplicate SigType code");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -226,7 +240,11 @@ public enum SigType {
|
|||||||
*/
|
*/
|
||||||
public static SigType parseSigType(String stype) {
|
public static SigType parseSigType(String stype) {
|
||||||
try {
|
try {
|
||||||
return valueOf(stype.toUpperCase(Locale.US));
|
String uc = stype.toUpperCase(Locale.US);
|
||||||
|
// handle mixed-case enum
|
||||||
|
if (uc.equals("EDDSA_SHA512_ED25519"))
|
||||||
|
return EdDSA_SHA512_Ed25519;
|
||||||
|
return valueOf(uc);
|
||||||
} catch (IllegalArgumentException iae) {
|
} catch (IllegalArgumentException iae) {
|
||||||
try {
|
try {
|
||||||
int code = Integer.parseInt(stype);
|
int code = Integer.parseInt(stype);
|
||||||
|
@ -4,6 +4,9 @@ import java.security.AccessController;
|
|||||||
import java.security.PrivilegedAction;
|
import java.security.PrivilegedAction;
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @since 0.9.15
|
||||||
|
*/
|
||||||
public final class I2PProvider extends Provider {
|
public final class I2PProvider extends Provider {
|
||||||
public static final String PROVIDER_NAME = "I2P";
|
public static final String PROVIDER_NAME = "I2P";
|
||||||
private static final String INFO = "I2P Security Provider v0.1, implementing" +
|
private static final String INFO = "I2P Security Provider v0.1, implementing" +
|
||||||
|
10
history.txt
10
history.txt
@ -1,3 +1,13 @@
|
|||||||
|
2014-08-22 zzz
|
||||||
|
* SigTypes:
|
||||||
|
- Add isSupportedSince(), use in floodfill selection
|
||||||
|
- Handle mixed-case 25519 enum
|
||||||
|
- Fix 25519 type code
|
||||||
|
- Add dup type code check
|
||||||
|
|
||||||
|
2014-08-21 str4d
|
||||||
|
* Add Ed25519 SigType
|
||||||
|
|
||||||
2014-08-21 zzz
|
2014-08-21 zzz
|
||||||
* i2psnark:
|
* i2psnark:
|
||||||
- Escape control chars in encodePath()
|
- Escape control chars in encodePath()
|
||||||
|
@ -18,7 +18,7 @@ public class RouterVersion {
|
|||||||
/** deprecated */
|
/** deprecated */
|
||||||
public final static String ID = "Monotone";
|
public final static String ID = "Monotone";
|
||||||
public final static String VERSION = CoreVersion.VERSION;
|
public final static String VERSION = CoreVersion.VERSION;
|
||||||
public final static long BUILD = 8;
|
public final static long BUILD = 9;
|
||||||
|
|
||||||
/** for example "-test" */
|
/** for example "-test" */
|
||||||
public final static String EXTRA = "";
|
public final static String EXTRA = "";
|
||||||
|
@ -171,21 +171,23 @@ class FloodfillVerifyStoreJob extends JobImpl {
|
|||||||
private Hash pickTarget() {
|
private Hash pickTarget() {
|
||||||
Hash rkey = getContext().routingKeyGenerator().getRoutingKey(_key);
|
Hash rkey = getContext().routingKeyGenerator().getRoutingKey(_key);
|
||||||
FloodfillPeerSelector sel = (FloodfillPeerSelector)_facade.getPeerSelector();
|
FloodfillPeerSelector sel = (FloodfillPeerSelector)_facade.getPeerSelector();
|
||||||
boolean isKeyCert = false;
|
Certificate keyCert = null;
|
||||||
if (!_isRouterInfo) {
|
if (!_isRouterInfo) {
|
||||||
LeaseSet ls = _facade.lookupLeaseSetLocally(_key);
|
LeaseSet ls = _facade.lookupLeaseSetLocally(_key);
|
||||||
if (ls != null &&
|
if (ls != null) {
|
||||||
ls.getDestination().getCertificate().getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY)
|
Certificate cert = ls.getDestination().getCertificate();
|
||||||
isKeyCert = true;
|
if (cert.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY)
|
||||||
|
keyCert = cert;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (isKeyCert) {
|
if (keyCert != null) {
|
||||||
while (true) {
|
while (true) {
|
||||||
List<Hash> peers = sel.selectFloodfillParticipants(rkey, 1, _ignore, _facade.getKBuckets());
|
List<Hash> peers = sel.selectFloodfillParticipants(rkey, 1, _ignore, _facade.getKBuckets());
|
||||||
if (peers.isEmpty())
|
if (peers.isEmpty())
|
||||||
break;
|
break;
|
||||||
Hash peer = peers.get(0);
|
Hash peer = peers.get(0);
|
||||||
RouterInfo ri = _facade.lookupRouterInfoLocally(peer);
|
RouterInfo ri = _facade.lookupRouterInfoLocally(peer);
|
||||||
if (ri != null && StoreJob.supportsKeyCerts(ri))
|
if (ri != null && StoreJob.supportsCert(ri, keyCert))
|
||||||
return peer;
|
return peer;
|
||||||
if (_log.shouldLog(Log.INFO))
|
if (_log.shouldLog(Log.INFO))
|
||||||
_log.info(getJobId() + ": Skipping verify w/ router that doesn't support key certs " + peer);
|
_log.info(getJobId() + ": Skipping verify w/ router that doesn't support key certs " + peer);
|
||||||
|
@ -12,8 +12,10 @@ import java.util.ArrayList;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import net.i2p.crypto.SigType;
|
||||||
import net.i2p.data.Certificate;
|
import net.i2p.data.Certificate;
|
||||||
import net.i2p.data.DatabaseEntry;
|
import net.i2p.data.DatabaseEntry;
|
||||||
|
import net.i2p.data.DataFormatException;
|
||||||
import net.i2p.data.Hash;
|
import net.i2p.data.Hash;
|
||||||
import net.i2p.data.LeaseSet;
|
import net.i2p.data.LeaseSet;
|
||||||
import net.i2p.data.RouterInfo;
|
import net.i2p.data.RouterInfo;
|
||||||
@ -170,8 +172,8 @@ class StoreJob extends JobImpl {
|
|||||||
_state.addSkipped(peer);
|
_state.addSkipped(peer);
|
||||||
skipped++;
|
skipped++;
|
||||||
} else if (_state.getData().getType() == DatabaseEntry.KEY_TYPE_LEASESET &&
|
} else if (_state.getData().getType() == DatabaseEntry.KEY_TYPE_LEASESET &&
|
||||||
((LeaseSet)_state.getData()).getDestination().getCertificate().getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY &&
|
!supportsCert((RouterInfo)ds,
|
||||||
!supportsKeyCerts((RouterInfo)ds)) {
|
((LeaseSet)_state.getData()).getDestination().getCertificate())) {
|
||||||
if (_log.shouldLog(Log.INFO))
|
if (_log.shouldLog(Log.INFO))
|
||||||
_log.info(getJobId() + ": Skipping router that doesn't support key certs " + peer);
|
_log.info(getJobId() + ": Skipping router that doesn't support key certs " + peer);
|
||||||
_state.addSkipped(peer);
|
_state.addSkipped(peer);
|
||||||
@ -517,17 +519,27 @@ class StoreJob extends JobImpl {
|
|||||||
return VersionComparator.comp(v, MIN_ENCRYPTION_VERSION) >= 0;
|
return VersionComparator.comp(v, MIN_ENCRYPTION_VERSION) >= 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final String MIN_KEYCERT_VERSION = "0.9.12";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Does he support key certs (assumed with a non-DSA key)?
|
* Does this router understand this cert?
|
||||||
|
* @return true if not a key cert
|
||||||
* @since 0.9.12
|
* @since 0.9.12
|
||||||
*/
|
*/
|
||||||
public static boolean supportsKeyCerts(RouterInfo ri) {
|
public static boolean supportsCert(RouterInfo ri, Certificate cert) {
|
||||||
|
if (cert.getCertificateType() != Certificate.CERTIFICATE_TYPE_KEY)
|
||||||
|
return true;
|
||||||
|
SigType type;
|
||||||
|
try {
|
||||||
|
type = cert.toKeyCertificate().getSigType();
|
||||||
|
} catch (DataFormatException dfe) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (type == null)
|
||||||
|
return false;
|
||||||
String v = ri.getOption("router.version");
|
String v = ri.getOption("router.version");
|
||||||
if (v == null)
|
if (v == null)
|
||||||
return false;
|
return false;
|
||||||
return VersionComparator.comp(v, MIN_KEYCERT_VERSION) >= 0;
|
String since = type.getSupportedSince();
|
||||||
|
return VersionComparator.comp(v, since) >= 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final String MIN_BIGLEASESET_VERSION = "0.9";
|
private static final String MIN_BIGLEASESET_VERSION = "0.9";
|
||||||
|
Reference in New Issue
Block a user