private boolean checkCallbackSignature(byte[] signature) { try { return callbackKey.verify(itemId.getDigest(), signature, HashType.SHA512); } catch (EncryptionError e) { return false; } }
/** * We have received {@link PacketTypes#NACK} packet. Means that session is broken, e.g. remote node was * rebooted. Need to restart handshake procedure immediately. * @param packet received {@link Packet} */ private void onReceiveNack(Packet packet) throws EncryptionError, SymmetricKey.AuthenticationFailed { report(logLabel, ()->"received nack from " + packet.senderNodeId, VerboseLevel.BASE); Session session = getOrCreateSession(packet.senderNodeId); if (session != null) { if (session.state.get() == Session.STATE_EXCHANGING) { List dataList = Boss.load(packet.payload); byte[] data = ((Bytes)dataList.get(0)).toArray(); byte[] sign = ((Bytes)dataList.get(1)).toArray(); if (new PublicKey(session.remoteNodeInfo.getPublicKey().pack()).verify(data, sign, HashType.SHA512)) { List nackPacketIdList = Boss.load(data); Integer nackPacketId = (int)nackPacketIdList.get(0); if (session.retransmitMap.containsKey(nackPacketId)) { session.startHandshake(); restartHandshakeIfNeeded(session, Instant.now()); } } } } }
@Test public void signatureTest() throws Exception { PrivateKey privateKey = TestKeys.privateKey(1); PublicKey publicKey = privateKey.getPublicKey(); byte [] signature256 = Do.decodeBase64(signature256_64); final byte[] signature512 = Do.decodeBase64(signature512_64); assertTrue(publicKey.verify(plainText, signature256, HashType.SHA256)); assertFalse(publicKey.verify(plainText+"tampered", signature256, HashType.SHA256)); assertFalse(publicKey.verify(plainText, signature256, HashType.SHA512)); assertTrue(publicKey.verify(plainText, signature512, HashType.SHA512)); assertFalse(publicKey.verify(plainText, signature512, HashType.SHA256)); assertFalse(publicKey.verify(plainText+"tampered", signature512, HashType.SHA512)); }
if (!nodeKey.verify(packedData, signature, HashType.SHA512) || !nodeKeys.stream().anyMatch(n -> n.equals(nodeKey))) return Binder.EMPTY;
private void processHelloAnswer(Binder result) throws EncryptionError { byte[] data = result.getBinaryOrThrow("data"); byte[] signature = result.getBinaryOrThrow("signature"); setRemoteKey(result.getBinaryOrThrow("public_key")); if (!remoteKey.verify(data, signature, HashType.SHA256)) throw new EncryptionError("bad signature in hello answer"); Binder answer = Boss.unpack(myKey.decrypt(data)); if (!Arrays.equals(answer.getBinaryOrThrow("nonce"), myNonce)) throw new EncryptionError("nonce mismatch"); remoteSessionKey = new SymmetricKey(answer.getBinary("session_key")); }
byte[] data = Bytes.random(128).getData(); byte[] signature = privateKey.sign(data, HashType.SHA512); if(!publicKey.verify(data,signature,HashType.SHA512)) { errorsCount.incrementAndGet(); byte[] data = Bytes.random(128).getData(); byte[] signature = privateKey.sign(data, HashType.SHA3_384); if(!publicKey.verify(data,signature,HashType.SHA3_384)) { errorsCount.incrementAndGet();
byte[] remoteNonce = ((Bytes)packetData.get(0)).toArray(); byte[] packetSign = ((Bytes)packetData.get(1)).toArray(); if (new PublicKey(session.remoteNodeInfo.getPublicKey().pack()).verify(remoteNonce, packetSign, HashType.SHA512)) { session.removeHandshakePacketsFromRetransmitMap(); session.remoteNonce = remoteNonce;
Binder getToken(Binder data) { // Check the answer is properly signed byte[] signedAnswer = data.getBinaryOrThrow("data"); try { if (publicKey.verify(signedAnswer, data.getBinaryOrThrow("signature"), HashType.SHA512)) { Binder params = Boss.unpack(signedAnswer); // now we can check the results if (!Arrays.equals(params.getBinaryOrThrow("server_nonce"), serverNonce)) addError(Errors.BAD_VALUE, "server_nonce", "does not match"); else { // Nonce is ok, we can return session token createSessionKey(); Binder result = Binder.fromKeysValues( "client_nonce", params.getBinaryOrThrow("client_nonce"), "encrypted_token", encryptedAnswer ); byte[] packed = Boss.pack(result); return Binder.fromKeysValues( "data", packed, "signature", myKey.sign(packed, HashType.SHA512) ); } } } catch (Exception e) { addError(Errors.BAD_VALUE, "signed_data", "wrong or tampered data block:" + e.getMessage()); } return null; }
byte[] encrypted = session.handshake_sessionPart1; byte[] sign = session.handshake_sessionPart2; if (new PublicKey(session.remoteNodeInfo.getPublicKey().pack()).verify(encrypted, sign, HashType.SHA512)) { byte[] decryptedData = new PrivateKey(ownPrivateKey.pack()).decrypt(encrypted); List data = Boss.load(decryptedData);
byte[] packet_remoteNonce = ((Bytes) nonceList.get(1)).toArray(); if (Arrays.equals(packet_remoteNonce, sessionReader.localNonce)) { if (new PublicKey(sessionReader.remoteNodeInfo.getPublicKey().pack()).verify(encrypted, sign, HashType.SHA512)) { report(logLabel, ()->"key_req successfully verified", VerboseLevel.BASE); sessionReader.remoteNonce = packet_senderNonce;
if (!nodePublicKey.verify(data, a.data.getBinaryOrThrow("signature"), HashType.SHA512)) throw new IOException("node signature failed");