Start implementing signing.

Author: thsc42

src/net/sharksystem/asap/protocol/ASAP_Modem_Impl.java

@@ -81,7 +81,7 @@ public void interest(CharSequence sender, CharSequence recipient, CharSequence f
         cryptoSession.sendCmd();
 
         InterestPDU_Impl.sendPDUWithoutCmd(sender, recipient, format, channel, eraFrom, eraTo,
-                cryptoSession.getOutputStream());
+                cryptoSession.getOutputStream(), signed);
 
         // finish crypto session - if any
         cryptoSession.finish();
@@ -124,7 +124,7 @@ public ASAP_PDU_1_0 readPDU(InputStream is) throws IOException, ASAPException {
 
         int flagsInt = PDU_Impl.readByte(is);
 
-        ASAP_PDU_1_0 pdu = null;
+        PDU_Impl pdu = null;
 
         switch(cmd) {
             case ASAP_1_0.OFFER_CMD: pdu = new OfferPDU_Impl(flagsInt, encrypted, is); break;
@@ -133,6 +133,27 @@ public ASAP_PDU_1_0 readPDU(InputStream is) throws IOException, ASAPException {
             default: throw new ASAPException("unknown command: " + cmd);
         }
 
+        if(pdu.signed()) {
+            String sender = pdu.getSender();
+            if(sender != null) {
+                // read signature and try to verify
+                try {
+                    CryptoSession cryptoSession = new CryptoSession(this.signAndEncryptionKeyStorage);
+                    if(cryptoSession.verify(sender, is)) {
+                        pdu.setVerified(true);
+                    }
+                }
+                catch(ASAPException e) {
+                    System.out.println(this.getLogStart() + " cannot verify message");
+                }
+            }
+        }
+
         return pdu;
     }
+
+    private String getLogStart() {
+        return this.getClass().getSimpleName() + ": ";
+    }
+
 }

src/net/sharksystem/asap/protocol/ASAP_PDU_Management.java

@@ -0,0 +1,5 @@
+package net.sharksystem.asap.protocol;
+
+interface ASAP_PDU_Management {
+    void setVerified(boolean b);
+}

src/net/sharksystem/asap/protocol/CryptoSession.java

@@ -9,12 +9,10 @@
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import java.io.*;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
+import java.security.*;
 
 class CryptoSession {
+    private Signature signature;
     private CharSequence recipient;
     private ASAPReadonlyKeyStorage keyStorage;
     private Cipher cipher = null;
@@ -24,38 +22,11 @@ class CryptoSession {
     private OutputStream effectivOS;
     private OutputStream realOS;
     private ByteArrayOutputStream asapMessageOS;
-    private byte[] asapMessageAsBytes;
 
     CryptoSession(ASAPReadonlyKeyStorage keyStorage) {
         this.keyStorage = keyStorage;
     }
 
-    InputStream decrypt(InputStream is) throws ASAPSecurityException {
-        return this.decrypt(is, this.keyStorage.getPrivateKey());
-    }
-
-    private InputStream decrypt(InputStream is, PrivateKey privateKey) throws ASAPSecurityException {
-        try {
-            this.cipher = Cipher.getInstance(keyStorage.getRSAEncryptionAlgorithm());
-            this.cipher.init(Cipher.DECRYPT_MODE, privateKey);
-
-            // read len
-            int len = PDU_Impl.readIntegerParameter(is);
-            byte[] messageBytes = new byte[len];
-
-            // read encrypted bytes from stream
-            is.read(messageBytes);
-
-            // debugging
-            // decrypt
-            byte[] decryptedBytes = this.cipher.doFinal(messageBytes);
-            return new ByteArrayInputStream(decryptedBytes);
-        } catch (BadPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException |
-                NoSuchPaddingException | InvalidKeyException | IOException | ASAPException e) {
-            throw new ASAPSecurityException(this.getLogStart(), e);
-        }
-    }
-
     CryptoSession(byte cmd, OutputStream os, boolean sign, boolean encrypted,
                   CharSequence recipient,
                   ASAPReadonlyKeyStorage keyStorage)
@@ -93,13 +64,9 @@ private InputStream decrypt(InputStream is, PrivateKey privateKey) throws ASAPSe
             }
 
             // cipher is ready - we can encrypt
-            this.asapMessageOS = new ByteArrayOutputStream();
-            // pud will make a detour
-            this.effectivOS = this.asapMessageOS;
+            this.setupTempMessageStorage();
         }
 
-
-        /*
         if(sign) {
             // there must be a keyStorage
             if(keyStorage == null) {
@@ -113,32 +80,26 @@ private InputStream decrypt(InputStream is, PrivateKey privateKey) throws ASAPSe
             }
 
             // ok, we can sign
-        if(sign) {
-            // anything was written into a bytearray
 
             // produce signature
-            Signature signature = null;
             try {
-                signature = Signature.getInstance("TODO_signing_algorithm");
-                signature.initSign(keyStorage.getPrivateKey()); // desperate try
-                byte[] bytes2Sign = bufferOS.toByteArray();
-                signature.update(bytes2Sign);
-                byte[] signatureBytes = signature.sign();
+                this.signature = Signature.getInstance(this.keyStorage.getRSASigningAlgorithm());
 
-                // send out anything, including signature
+                // we could sign
+                this.setupTempMessageStorage();
 
-                // TODO need number of bytes payload to find signature later.
-                os.write(bytes2Sign);
-                os.write(signatureBytes);
-            } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
+            } catch (NoSuchAlgorithmException e) {
                 throw new ASAPSecurityException(e.getLocalizedMessage());
             }
         }
-        }
-
-         */
-
+    }
 
+    private void setupTempMessageStorage() {
+        if(this.asapMessageOS == null) {
+            this.asapMessageOS = new ByteArrayOutputStream();
+            // pud will make a detour
+            this.effectivOS = this.asapMessageOS;
+        }
     }
 
     public void sendCmd() throws IOException {
@@ -154,42 +115,111 @@ OutputStream getOutputStream() {
         return this.effectivOS;
     }
 
+    private void writeByteArray(byte[] bytes2Write, OutputStream os) throws IOException {
+        PDU_Impl.sendNonNegativeIntegerParameter(bytes2Write.length, os);
+        os.write(bytes2Write);
+    }
+
+    private byte[] readByteArray(InputStream is) throws IOException, ASAPException {
+        // read len
+        int len = PDU_Impl.readIntegerParameter(is);
+        byte[] messageBytes = new byte[len];
+
+        // read encrypted bytes from stream
+        is.read(messageBytes);
+
+        return messageBytes;
+    }
+
     public void finish() throws ASAPSecurityException {
-        if(cipher != null) {
-            // that is our asap message in clear text
-            this.asapMessageAsBytes = this.asapMessageOS.toByteArray();
+        // signing must come first
+        if(this.signature != null) {
+            try {
+                byte[] asapMessageAsBytes = this.asapMessageOS.toByteArray();
+                this.signature.initSign(this.keyStorage.getPrivateKey());
+                this.signature.update(asapMessageAsBytes);
+                byte[] signatureBytes = signature.sign();
+
+                if(this.cipher != null) {
+                    // have to store it - anything will be encrypted
+                    this.writeByteArray(signatureBytes, this.asapMessageOS);
+                } else {
+                    // can write anything now
+                    this.realOS.write(asapMessageAsBytes);
+                    this.writeByteArray(signatureBytes, this.realOS);
+                }
+            } catch (InvalidKeyException | SignatureException | IOException e) {
+                throw new ASAPSecurityException(this.getLogStart(), e);
+            }
+        }
+
+        if(this.cipher != null) {
             try {
                 // encrypted asap message
-                byte[] encryptedBytes = this.cipher.doFinal(this.asapMessageAsBytes);
-                //this.debuggingRememberEncryptedASAPMessage = encryptedBytes;
+                byte[] asapMessageAsBytes = this.asapMessageOS.toByteArray();
+                byte[] encryptedBytes = this.cipher.doFinal(asapMessageAsBytes);
 
-                // write len
-                PDU_Impl.sendNonNegativeIntegerParameter(encryptedBytes.length, this.realOS);
-                // write data
+                this.writeByteArray(encryptedBytes, this.realOS);
                 this.realOS.write(encryptedBytes);
+            } catch (IllegalBlockSizeException | BadPaddingException | IOException e) {
+                throw new ASAPSecurityException(this.getLogStart(), e);
+            }
+        }
+    }
 
-                /*
-                // debugging - decrypt
+    ////////////////////////////////// verify
 
-                // make a test
-                ByteArrayOutputStream senderSiteTest = new ByteArrayOutputStream();
-                PDU_Impl.sendNonNegativeIntegerParameter(encryptedBytes.length, senderSiteTest);
-                senderSiteTest.write(encryptedBytes);
+    public boolean verify(String sender, InputStream is) throws IOException, ASAPException {
+        // try to get senders' public key
+        PublicKey publicKey = this.keyStorage.getPublicKey(sender);
+        if(publicKey == null) return false;
 
-                this.debuggingEncryptedASAPMessageWithLen = senderSiteTest.toByteArray();
+        try {
+            this.signature = Signature.getInstance(this.keyStorage.getRSASigningAlgorithm());
+            this.signature.initVerify(publicKey);
+            byte[] signatureBytes = this.readByteArray(is);
+            boolean wasVerified = this.signature.verify(signatureBytes);
+            return wasVerified;
+        } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {
+            throw new ASAPSecurityException(this.getLogStart(), e);
+        }
+    }
 
-                PrivateKey privateKey = this.keyStorage.getPrivateKey(this.recipient);
-//                ByteArrayInputStream decrypt = (ByteArrayInputStream) this.decrypt(new ByteArrayInputStream(senderSiteTest.toByteArray()), privateKey);
-                ByteArrayInputStream decrypt = (ByteArrayInputStream) this.decrypt(new ByteArrayInputStream(this.debuggingEncryptedASAPMessageWithLen), privateKey);
-                int i = 42;
- */
-            } catch (IllegalBlockSizeException | BadPaddingException | IOException e) {
-                throw new ASAPSecurityException(this.getLogStart(), e);
-            }
+    ////////////////////////////////// decrypt
+
+    InputStream decrypt(InputStream is) throws ASAPSecurityException {
+        return this.decrypt(is, this.keyStorage.getPrivateKey());
+    }
+
+    // parameter private key is usually no option. There is just one - burt was good for debugging
+    private InputStream decrypt(InputStream is, PrivateKey privateKey) throws ASAPSecurityException {
+        try {
+            this.cipher = Cipher.getInstance(keyStorage.getRSAEncryptionAlgorithm());
+            this.cipher.init(Cipher.DECRYPT_MODE, privateKey);
+
+            // read encrypted message
+            byte[] messageBytes = this.readByteArray(is);
+
+            /*
+            // read len
+            int len = PDU_Impl.readIntegerParameter(is);
+            byte[] messageBytes = new byte[len];
+
+            // read encrypted bytes from stream
+            is.read(messageBytes);
+             */
+
+            // decrypt
+            byte[] decryptedBytes = this.cipher.doFinal(messageBytes);
+            return new ByteArrayInputStream(decryptedBytes);
+        } catch (BadPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException |
+                NoSuchPaddingException | InvalidKeyException | IOException | ASAPException e) {
+            throw new ASAPSecurityException(this.getLogStart(), e);
         }
     }
 
     private String getLogStart() {
         return this.getClass().getSimpleName() + ": ";
     }
+
 }

src/net/sharksystem/asap/protocol/InterestPDU_Impl.java

@@ -32,7 +32,8 @@ private void readFromEra(InputStream is) throws IOException, ASAPException {
     }
 
     static void sendPDUWithoutCmd(CharSequence sender, CharSequence recipient, CharSequence format,
-                                  CharSequence channel, int eraFrom, int eraTo, OutputStream os)
+                                  CharSequence channel, int eraFrom, int eraTo, OutputStream os,
+                                  boolean signed)
             throws IOException, ASAPException {
 
         if(format == null || format.length() < 1) format = ASAP_1_0.ANY_FORMAT;
@@ -50,6 +51,7 @@ static void sendPDUWithoutCmd(CharSequence sender, CharSequence recipient, CharS
         flags = PDU_Impl.setFlag(channel, flags, CHANNEL_BIT_POSITION);
         flags = PDU_Impl.setFlag(eraFrom, flags, ERA_FROM_BIT_POSITION);
         flags = PDU_Impl.setFlag(eraTo, flags, ERA_TO_BIT_POSITION);
+        flags = PDU_Impl.setFlag(signed, flags, SIGNED_TO_BIT_POSITION);
 
         PDU_Impl.sendFlags(flags, os);
 

src/net/sharksystem/asap/protocol/PDU_Impl.java

@@ -10,14 +10,15 @@
 
 import static net.sharksystem.asap.protocol.ASAP_1_0.ERA_NOT_DEFINED;
 
-abstract class PDU_Impl implements ASAP_PDU_1_0 {
+abstract class PDU_Impl implements ASAP_PDU_1_0, ASAP_PDU_Management {
     public static final int SENDER_BIT_POSITION = 0;
     public static final int RECIPIENT_PEER_BIT_POSITION = 1;
     public static final int CHANNEL_BIT_POSITION = 2;
     public static final int ERA_BIT_POSITION = 3;
     public static final int ERA_FROM_BIT_POSITION = 4;
     public static final int ERA_TO_BIT_POSITION = 5;
     public static final int OFFSETS_BIT_POSITION = 6;
+    public static final int SIGNED_TO_BIT_POSITION = 7;
 
     private boolean senderSet = false;
     private boolean recipientSet = false;
@@ -48,6 +49,10 @@ abstract class PDU_Impl implements ASAP_PDU_1_0 {
     public boolean signed() { return this.signed; }
     public boolean verified() { return this.verified; };
 
+    public void setVerified(boolean verified) {
+        this.verified = verified;
+    }
+
     public String toString() {
         StringBuilder sb = new StringBuilder();
 
@@ -61,10 +66,18 @@ public String toString() {
         sb.append(" | format: "); sb.append(format);
         sb.append(" | channel: "); if(channelSet) sb.append(this.channel); else sb.append("not set");
         sb.append(" | era: "); if(eraSet) sb.append(era); else sb.append("not set");
+        sb.append(" | signed: "); this.appendTrueFalse(this.signed, sb);
+        sb.append(" | verified: "); this.appendTrueFalse(this.verified, sb);
+        sb.append(" | encrypted: "); this.appendTrueFalse(this.encrypted, sb);
 
         return sb.toString();
     }
 
+    private void appendTrueFalse(boolean value, StringBuilder sb) {
+        if(value) sb.append("true");
+        else sb.append("false");
+    }
+
     /**
      * @param cmd
      * @param flags
@@ -127,6 +140,12 @@ protected void evaluateFlags(int flag) {
         testFlag = testFlag << OFFSETS_BIT_POSITION;
         result = flag & testFlag;
         offsetsSet = result != 0;
+
+        // signed parameter set ?
+        testFlag = 1;
+        testFlag = testFlag << SIGNED_TO_BIT_POSITION;
+        result = flag & testFlag;
+        this.signed = result != 0;
     }
 
     @Override
@@ -308,6 +327,17 @@ static int setFlag(int parameter, int flags, int bit_position) {
         return flags;
     }
 
+    static int setFlag(boolean parameter, int flags, int bit_position) {
+        if(parameter) {
+            int newFlag = 1;
+            newFlag = newFlag << bit_position;
+
+            return flags | newFlag;
+        }
+
+        return flags;
+    }
+
     static void checkValidStream(OutputStream os) throws ASAPException {
         if(os == null) throw new ASAPException("outputstream must not be null");
     }