/** * The revocation key. Unused. * Must be the same type as the Destination's SigningPublicKey. * @throws IllegalArgumentException if different type */ public void setSigningKey(SigningPublicKey key) { if (key != null && _destination != null && key.getType() != _destination.getSigningPublicKey().getType()) throw new IllegalArgumentException("Signing key type mismatch"); _signingKey = key; }
/** * @throws IllegalArgumentException on mismatch of spubkey and spk types * @since 0.8.9 */ public PrivateKeyFile(File file, Destination dest, PrivateKey pk, SigningPrivateKey spk) { if (dest.getSigningPublicKey().getType() != spk.getType()) throw new IllegalArgumentException("Signing key type mismatch"); this.file = file; this.client = null; this.dest = dest; this.privKey = pk; this.signingPrivKey = spk; }
/** * Generic raw verify any type * * Warning, nonstandard for EdDSA, double-hashes, not recommended. * * @throws GeneralSecurityException if algorithm unvailable or on other errors * @since 0.9.9 */ private boolean altVerifySigRaw(Signature signature, SimpleDataStructure hash, SigningPublicKey verifyingKey) throws GeneralSecurityException { SigType type = signature.getType(); if (type != verifyingKey.getType()) throw new IllegalArgumentException("type mismatch sig=" + type + " key=" + verifyingKey.getType()); PublicKey pubKey = SigUtil.toJavaKey(verifyingKey); return verifySignature(signature, hash, pubKey); }
/** * Set the offline signing data. * Does NOT validate the signature. * Must be called AFTER setOptions(). Will throw ISE otherwise. * Side effect - modifies options. * * @throws IllegalStateException * @since 0.9.38 */ public void setOfflineSignature(long expires, SigningPublicKey transientSPK, Signature offlineSig) { if (_options == null) throw new IllegalStateException(); _options.setProperty(PROP_OFFLINE_EXPIRATION, Long.toString(expires / 1000)); _options.setProperty(PROP_TRANSIENT_KEY, transientSPK.getType().getCode() + ":" + transientSPK.toBase64()); _options.setProperty(PROP_OFFLINE_SIGNATURE, offlineSig.toBase64()); }
/** * @deprecated unused */ public static RSAPublicKey toJavaRSAKey(SigningPublicKey pk) throws GeneralSecurityException { SigType type = pk.getType(); KeyFactory kf = KeyFactory.getInstance("RSA"); BigInteger n = new NativeBigInteger(1, pk.getData()); BigInteger e = ((RSAKeyGenParameterSpec)type.getParams()).getPublicExponent(); // modulus exponent KeySpec ks = new RSAPublicKeySpec(n, e); return (RSAPublicKey) kf.generatePublic(ks); }
/** * Existing crypto keys, new signing key * @param privKeys all EncTypes must be available * @since 0.9.21 */ public LeaseInfo(List<PrivateKey> privKeys, Destination dest) { SimpleDataStructure signKeys[]; try { signKeys = KeyGenerator.getInstance().generateSigningKeys(dest.getSigningPublicKey().getType()); } catch (GeneralSecurityException gse) { throw new IllegalStateException(gse); } _privKeys = privKeys; _pubKeys = new ArrayList<PublicKey>(privKeys.size()); for (PrivateKey privKey : privKeys) { _pubKeys.add(KeyGenerator.getPublicKey(privKey)); } _signingPubKey = (SigningPublicKey) signKeys[0]; _signingPrivKey = (SigningPrivateKey) signKeys[1]; }
/** * Overridden to set the blinded key * * @param dest non-null, must be EdDSA_SHA512_Ed25519 * @throws IllegalStateException if already signed * @throws IllegalArgumentException if not EdDSA */ @Override public void setDestination(Destination dest) { super.setDestination(dest); SigningPublicKey spk = dest.getSigningPublicKey(); if (spk.getType() != SigType.EdDSA_SHA512_Ed25519) throw new IllegalArgumentException(); // TODO generate blinded key _signingKey = blind(spk, null); }
private static ECPublicKey cvtToJavaECKey(SigningPublicKey pk) throws GeneralSecurityException { SigType type = pk.getType(); BigInteger[] xy = split(pk.getData()); ECPoint w = new ECPoint(xy[0], xy[1]); // see ECConstants re: casting ECPublicKeySpec ks = new ECPublicKeySpec(w, (ECParameterSpec) type.getParams()); KeyFactory kf = KeyFactory.getInstance("EC"); return (ECPublicKey) kf.generatePublic(ks); }
/** * @return null on error or if not initialized or does not have offline keys * @since 0.9.38 */ public Signature getOfflineSignature() { if (_options == null || _destination == null) return null; String s = _options.getProperty(PROP_OFFLINE_SIGNATURE); if (s == null) return null; Signature rv = new Signature(_destination.getSigningPublicKey().getType()); try { rv.fromBase64(s); return rv; } catch (DataFormatException dfe) { return null; } }
/** * Only for SigType EdDSA_SHA512_Ed25519. * * @param key must be SigType EdDSA_SHA512_Ed25519 * @param h hash of secret data, same length as this key * @throws UnsupportedOperationException unless supported */ public static SigningPublicKey blind(SigningPublicKey key, SimpleDataStructure h) { if (key.getType() != TYPE) throw new UnsupportedOperationException(); if (h.length() != key.length()) throw new IllegalArgumentException(); try { EdDSAPublicKey jk = SigUtil.toJavaEdDSAKey(key); EdDSAPublicKey bjk = EdDSABlinding.blind(jk, h.getData()); return SigUtil.fromJavaKey(bjk, TYPE); } catch (GeneralSecurityException gse) { throw new IllegalArgumentException(gse); } }
/** * Only called at startup via LoadRouterInfoJob and RebuildRouterInfoJob. * Not called by periodic RepublishLocalRouterInfoJob. * We don't want to change the cert on the fly as it changes the router hash. * RouterInfo.isHidden() checks the capability, but RouterIdentity.isHidden() checks the cert. * There's no reason to ever add a hidden cert? * * @return the certificate for a new RouterInfo - probably a null cert. * @since 0.9.16 moved from Router */ static Certificate createCertificate(RouterContext ctx, SigningPublicKey spk) { if (spk.getType() != SigType.DSA_SHA1) return new KeyCertificate(spk); if (ctx.getBooleanProperty(Router.PROP_HIDDEN)) return new Certificate(Certificate.CERTIFICATE_TYPE_HIDDEN, null); return Certificate.NULL_CERT; } }
/** * Overridden because we have a blinded key, not a dest. * This is the hash of the signing public key type and the signing public key. * Throws IllegalStateException if not initialized. * * @throws IllegalStateException */ @Override public Hash getHash() { if (__calculatedHash == null) { if (_signingKey == null) throw new IllegalStateException(); int len = _signingKey.length(); byte[] b = new byte[2 + len]; DataHelper.toLong(b, 0, 2, _signingKey.getType().getCode()); System.arraycopy(_signingKey.getData(), 0, b, 2, len); __calculatedHash = SHA256Generator.getInstance().calculateHash(b); } return __calculatedHash; }
/** * @return JAVA key! */ public static PublicKey toJavaKey(SigningPublicKey pk) throws GeneralSecurityException { switch (pk.getType().getBaseAlgorithm()) { case DSA: return toJavaDSAKey(pk); case EC: return toJavaECKey(pk); case EdDSA: return toJavaEdDSAKey(pk); case RSA: return toJavaRSAKey(pk); default: throw new IllegalArgumentException(); } }
/** * @since 0.9.15 */ private static EdDSAPublicKey cvtToJavaEdDSAKey(SigningPublicKey pk) throws GeneralSecurityException { try { return new EdDSAPublicKey(new EdDSAPublicKeySpec( pk.getData(), (EdDSAParameterSpec) pk.getType().getParams())); } catch (IllegalArgumentException iae) { throw new InvalidKeyException(iae); } }
public void readBytes(InputStream rawConfig) throws DataFormatException, IOException { _destination = Destination.create(rawConfig); _options = DataHelper.readProperties(rawConfig); _creationDate = DataHelper.readDate(rawConfig); _signature = new Signature(_destination.getSigningPublicKey().getType()); _signature.readBytes(rawConfig); }
protected void writeOfflineBytes(OutputStream out) throws DataFormatException, IOException { if (_transientSigningPublicKey == null || _offlineSignature == null) throw new DataFormatException("No offline key/sig"); DataHelper.writeLong(out, 4, _transientExpires / 1000); DataHelper.writeLong(out, 2, _transientSigningPublicKey.getType().getCode()); _transientSigningPublicKey.writeBytes(out); _offlineSignature.writeBytes(out); }
/** * Overridden because we have a blinded key, not a dest */ @Override protected void writeOfflineBytes(OutputStream out) throws DataFormatException, IOException { if (_transientSigningPublicKey == null || _offlineSignature == null) throw new DataFormatException("No offline key/sig"); DataHelper.writeLong(out, 4, _transientExpires / 1000); DataHelper.writeLong(out, 2, _signingKey.getType().getCode()); _transientSigningPublicKey.writeBytes(out); _offlineSignature.writeBytes(out); }
protected void readOfflineBytes(InputStream in) throws DataFormatException, IOException { _transientExpires = DataHelper.readLong(in, 4) * 1000; int itype = (int) DataHelper.readLong(in, 2); SigType type = SigType.getByCode(itype); if (type == null) throw new DataFormatException("Unknown sig type " + itype); _transientSigningPublicKey = new SigningPublicKey(type); _transientSigningPublicKey.readBytes(in); SigType stype = _destination.getSigningPublicKey().getType(); _offlineSignature = new Signature(stype); _offlineSignature.readBytes(in); }
/** * Overridden because we have a blinded key, not a dest */ @Override protected void readOfflineBytes(InputStream in) throws DataFormatException, IOException { _transientExpires = DataHelper.readLong(in, 4) * 1000; int itype = (int) DataHelper.readLong(in, 2); SigType type = SigType.getByCode(itype); if (type == null) throw new DataFormatException("Unknown sig type " + itype); _transientSigningPublicKey = new SigningPublicKey(type); _transientSigningPublicKey.readBytes(in); SigType stype = _signingKey.getType(); _offlineSignature = new Signature(stype); _offlineSignature.readBytes(in); }
/** * Overridden because we have a blinded key, not a dest */ @Override protected void writeHeader(OutputStream out) throws DataFormatException, IOException { DataHelper.writeLong(out, 2, _signingKey.getType().getCode()); _signingKey.writeBytes(out); if (_published <= 0) _published = Clock.getInstance().now(); DataHelper.writeLong(out, 4, _published / 1000); DataHelper.writeLong(out, 2, (_expires - _published) / 1000); DataHelper.writeLong(out, 2, _flags); if (isOffline()) writeOfflineBytes(out); }