Prepared to handle unencryptable messages. We really need this feature.

Author: thsc42

src/net/sharksystem/asap/protocol/ASAP_Modem_Impl.java

@@ -75,17 +75,17 @@ public void interest(CharSequence sender, CharSequence recipient, CharSequence f
             throws IOException, ASAPException, ASAPSecurityException {
 
         // prepare encryption and signing if required
-        CryptoSession cryptoSession = new CryptoSession(ASAP_1_0.INTEREST_CMD,
+        CryptoMessage cryptoMessage = new CryptoMessage(ASAP_1_0.INTEREST_CMD,
                 os, signed, encrypted, recipient,
                 this.signAndEncryptionKeyStorage);
 
-        cryptoSession.sendCmd();
+        cryptoMessage.sendCmd();
 
         InterestPDU_Impl.sendPDUWithoutCmd(sender, recipient, format, channel, eraFrom, eraTo,
-                cryptoSession.getOutputStream(), signed);
+                cryptoMessage.getOutputStream(), signed);
 
         // finish crypto session - if any
-        cryptoSession.finish();
+        cryptoMessage.finish();
     }
 
     @Override
@@ -114,44 +114,48 @@ public ASAP_PDU_1_0 readPDU(InputStream is) throws IOException, ASAPException {
 
         // encrypted?
         boolean encrypted = (cmd & ENCRYPTED_MASK) != 0;
-        // remove encrypted flag
-        cmd = (byte)(cmd & CMD_MASK);
 
         if(encrypted) {
-            try {
-                CryptoSession cryptoSession = new CryptoSession(this.signAndEncryptionKeyStorage);
-                InputStream decryptedIS = cryptoSession.decrypt(is);
+            CryptoMessage cryptoMessage = new CryptoMessage(this.signAndEncryptionKeyStorage);
+            boolean ownerIsRecipient = cryptoMessage.initDecryption(cmd, is);
+            if(ownerIsRecipient) {
+                // peer is recipient - decrypt and go ahead
+                InputStream decryptedIS = cryptoMessage.doDecryption(is);
                 is = decryptedIS;
-            }
-            catch(ASAPSecurityException e) {
-                System.out.println(this.getLogStart() + "cannot decrypt message. TODO: Store (according to some rules) and forward it?!");
+            } else {
+                // we cannot decrypt this message - we are not recipient - but we keep and redistribute
+                byte[] encryptedASAPMessage = cryptoMessage.getEncryptedMessage();
+                System.out.println(this.getLogStart() + "TODO: handle unencryptable message - redistribute?!");
+                throw new ASAPSecurityException("recived encrypted message which is not for me - TODO: keep it and redistribute. That's not an error but a missing feature.");
             }
         }
 
         int flagsInt = PDU_Impl.readByte(is);
 
         InputStream realIS = is;
-        CryptoSession verifyCryptoSession = null;
+        CryptoMessage verifyCryptoMessage = null;
         if(PDU_Impl.flagSet(PDU_Impl.SIGNED_TO_BIT_POSITION, flagsInt)) {
-            verifyCryptoSession = new CryptoSession(this.signAndEncryptionKeyStorage);
-            is = verifyCryptoSession.setupInputStreamListener(is, flagsInt);
+            verifyCryptoMessage = new CryptoMessage(this.signAndEncryptionKeyStorage);
+            is = verifyCryptoMessage.setupInputStreamCopier(flagsInt, is);
         }
 
         PDU_Impl pdu = null;
 
+        // remove encrypted flag
+        cmd = (byte)(cmd & CMD_MASK);
         switch(cmd) {
             case ASAP_1_0.OFFER_CMD: pdu = new OfferPDU_Impl(flagsInt, encrypted, is); break;
             case ASAP_1_0.INTEREST_CMD: pdu = new InterestPDU_Impl(flagsInt, encrypted, is); break;
             case ASAP_1_0.ASSIMILATE_CMD: pdu = new AssimilationPDU_Impl(flagsInt, encrypted, is); break;
             default: throw new ASAPException("unknown command: " + cmd);
         }
 
-        if(verifyCryptoSession != null) {
+        if(verifyCryptoMessage != null) {
             String sender = pdu.getSender();
             if(sender != null) {
                 // read signature and try to verify
                 try {
-                    pdu.setVerified(verifyCryptoSession.verify(sender, realIS));
+                    pdu.setVerified(verifyCryptoMessage.verify(sender, realIS));
                 }
                 catch(ASAPException e) {
                     System.out.println(this.getLogStart() + " cannot verify message");

…ksystem/asap/protocol/CryptoSession.java …ksystem/asap/protocol/CryptoMessage.javasrc/net/sharksystem/asap/protocol/CryptoSession.java renamed to src/net/sharksystem/asap/protocol/CryptoMessage.java src/net/sharksystem/asap/protocol/CryptoSession.java renamed to src/net/sharksystem/asap/protocol/CryptoMessage.java

@@ -2,17 +2,14 @@
 
 import net.sharksystem.asap.ASAPException;
 import net.sharksystem.asap.ASAPSecurityException;
-import net.sharksystem.asap.protocol.ASAP_1_0;
-import net.sharksystem.asap.protocol.PDU_Impl;
 import net.sharksystem.crypto.ASAPBasicKeyStorage;
 
 import javax.crypto.*;
 import javax.crypto.spec.SecretKeySpec;
 import java.io.*;
 import java.security.*;
 
-class CryptoSession {
-    private static final int MAX_ENCRYPTION_BLOCK_SIZE = 128;
+class CryptoMessage {
     private Signature signature;
     private CharSequence recipient;
     private ASAPBasicKeyStorage keyStorage;
@@ -23,13 +20,15 @@ class CryptoSession {
     private OutputStream effectivOS;
     private OutputStream realOS;
     private ByteArrayOutputStream asapMessageOS;
-    private InputStreamCopy verifyStream;
+    private InputStreamCopy inputStreamCopy;
+    private byte[] encryptedSymmetricKey;
+    private byte[] encryptedContent;
 
-    CryptoSession(ASAPBasicKeyStorage keyStorage) {
+    CryptoMessage(ASAPBasicKeyStorage keyStorage) {
         this.keyStorage = keyStorage;
     }
 
-    CryptoSession(byte cmd, OutputStream os, boolean sign, boolean encrypted,
+    CryptoMessage(byte cmd, OutputStream os, boolean sign, boolean encrypted,
                   CharSequence recipient,
                   ASAPBasicKeyStorage keyStorage)
             throws ASAPSecurityException {
@@ -50,6 +49,10 @@ class CryptoSession {
                         "but there is not key store at all - fatal, give up");
             }
 
+            if(this.recipient == null) {
+                throw new ASAPSecurityException("cannot encrypt message with no specified receiver - fatal, give up");
+            }
+
             this.publicKey = keyStorage.getPublicKey(recipient);
             // there should be an exception - but better safe than sorry
             if(this.publicKey == null) {
@@ -158,6 +161,9 @@ public void finish() throws ASAPSecurityException {
         // must be after signing
         if(this.cipher != null) {
             try {
+                // send receiver - unencrypted - need this for ad-hoc routing
+                PDU_Impl.sendCharSequenceParameter(this.recipient, this.realOS);
+
                 // get symmetric key
                 SecretKey encryptionKey = this.keyStorage.generateSymmetricKey();
                 byte[] encodedSymmetricKey = encryptionKey.getEncoded();
@@ -186,6 +192,7 @@ public void finish() throws ASAPSecurityException {
 
                     int lastStepLen = asapMessageAsBytes.length - i;
                     symmetricCipher.update(asapMessageAsBytes, i, lastStepLen);
+                    // did not work - ignored previous updates. anyway, there is a solution, see below
                     byte[] encryptedContent = symmetricCipher.doFinal();
                      */
 
@@ -226,13 +233,18 @@ byte[] getCopy() {
         }
     }
 
-    public InputStream setupInputStreamListener(InputStream is, int flagsInt) throws IOException {
+    public InputStream setupInputStreamCopier(int priorInt, InputStream is)
+            throws IOException {
+
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        PDU_Impl.sendFlags(flagsInt, baos);
+//        if(writeInt) {
+//            PDU_Impl.sendFlags(priorInt, baos);
+//        }
 
-        this.verifyStream = new InputStreamCopy(baos.toByteArray(), is);
+        baos.write(priorInt);
 
-        return this.verifyStream;
+        this.inputStreamCopy = new InputStreamCopy(baos.toByteArray(), is);
+        return this.inputStreamCopy;
     }
 
     public boolean verify(String sender, InputStream is) throws IOException, ASAPException {
@@ -244,7 +256,7 @@ public boolean verify(String sender, InputStream is) throws IOException, ASAPExc
             this.signature = Signature.getInstance(this.keyStorage.getRSASigningAlgorithm());
             this.signature.initVerify(publicKey);
             // get data which are to be verified
-            byte[] signedData = this.verifyStream.getCopy();
+            byte[] signedData = this.inputStreamCopy.getCopy();
             this.signature.update(signedData);
             byte[] signatureBytes = this.readByteArray(is);
             boolean wasVerified = this.signature.verify(signatureBytes);
@@ -256,35 +268,74 @@ public boolean verify(String sender, InputStream is) throws IOException, ASAPExc
 
     ////////////////////////////////// decrypt
 
-    public InputStream decrypt(InputStream is) throws ASAPSecurityException {
-        return this.decrypt(is, this.keyStorage.getPrivateKey());
+    /**
+     * Simple idea: We read anything from stream and keep a copy. Later, we figure out
+     * if we can encrypt that message or not. Either way, we can keep and redistribute a copy.
+     *
+     *
+     * @param cmd
+     * @param is
+     * @return
+     * @throws IOException
+     * @throws ASAPException
+     */
+    public boolean initDecryption(byte cmd, InputStream is) throws IOException, ASAPException {
+        // make a copy of read data
+        InputStream copyStream = this.setupInputStreamCopier(cmd, is);
+
+        // read recipient
+        this.recipient = PDU_Impl.readCharSequenceParameter(copyStream);
+
+        // read encrypted symmetric key
+        this.encryptedSymmetricKey = this.readByteArray(copyStream);
+
+        // read content
+        this.encryptedContent = this.readByteArray(copyStream);
+
+        // read anything - are we recipient?
+        if(this.keyStorage.isOwner(this.recipient)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    byte[] getEncryptedMessage() throws ASAPSecurityException {
+        if(this.inputStreamCopy == null) {
+            throw new ASAPSecurityException(
+                    this.getLogStart() + "no copy made, maybe forgot to initialize decryption?");
+        }
+
+        return this.inputStreamCopy.getCopy();
+    }
+
+    public InputStream doDecryption(InputStream is) throws ASAPSecurityException {
+        return this.doDecryption(is, this.keyStorage.getPrivateKey());
     }
 
     // parameter private key is usually not an option. Good entry for testing / debugging, though
-    private InputStream decrypt(InputStream is, PrivateKey privateKey) throws ASAPSecurityException {
+    public InputStream doDecryption(InputStream is, PrivateKey privateKey) throws ASAPSecurityException {
         try {
-            // read encrypted symmetric key
-            byte[] encryptedSymmetricKey = this.readByteArray(is);
-
             // decrypt encoded symmetric key
             this.cipher = Cipher.getInstance(keyStorage.getRSAEncryptionAlgorithm());
             this.cipher.init(Cipher.DECRYPT_MODE, privateKey);
-            byte[] encodedSymmetricKey = this.cipher.doFinal(encryptedSymmetricKey);
+
+            // read encryptedKey in initDecryption
+            byte[] encodedSymmetricKey = this.cipher.doFinal(this.encryptedSymmetricKey);
 
             // create symmetric key object
             SecretKey symmetricKey =
                     new SecretKeySpec(encodedSymmetricKey, this.keyStorage.getSymmetricKeyType());
 
-            // read content
-            byte[] encryptedContent = this.readByteArray(is);
-
             // decrypt content
             Cipher symmetricCipher = Cipher.getInstance(keyStorage.getSymmetricEncryptionAlgorithm());
             symmetricCipher.init(Cipher.DECRYPT_MODE, symmetricKey);
-            byte[] decryptedBytes = symmetricCipher.doFinal(encryptedContent);
+
+            // read encryptedContent in initDecryption
+            byte[] decryptedBytes = symmetricCipher.doFinal(this.encryptedContent);
             return new ByteArrayInputStream(decryptedBytes);
         } catch (BadPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException |
-                NoSuchPaddingException | InvalidKeyException | IOException | ASAPException e) {
+                NoSuchPaddingException | InvalidKeyException e) {
             throw new ASAPSecurityException(this.getLogStart(), e);
         }
     }

src/net/sharksystem/asap/protocol/PDU_Impl.java

@@ -217,16 +217,16 @@ static int readIntegerParameter(InputStream is) throws IOException, ASAPExceptio
         return value;
     }
 
-    protected long readLongParameter(InputStream is) throws IOException, ASAPException {
-        long value = this.readIntegerParameter(is);
+    static long readLongParameter(InputStream is) throws IOException, ASAPException {
+        long value = readIntegerParameter(is);
         value = value << 32;
-        long right = this.readIntegerParameter(is);
+        long right = readIntegerParameter(is);
         value += right;
         return value;
     }
 
-    protected String readCharSequenceParameter(InputStream is) throws IOException, ASAPException {
-        int length = this.readIntegerParameter(is);
+    static String readCharSequenceParameter(InputStream is) throws IOException, ASAPException {
+        int length = readIntegerParameter(is);
         byte[] parameterBytes = new byte[length];
 
         is.read(parameterBytes);

src/net/sharksystem/crypto/ASAPBasicKeyStorage.java

@@ -40,4 +40,11 @@ public interface ASAPBasicKeyStorage {
     String getSymmetricEncryptionAlgorithm();
 
     String getSymmetricKeyType();
+
+    /**
+     *
+     * @param peerID
+     * @return true if peerID is owners' id.
+     */
+    boolean isOwner(CharSequence peerID);
 }

src/net/sharksystem/crypto/TestASAPKeyStorage.java

@@ -10,27 +10,27 @@
 
 public class TestASAPKeyStorage implements ASAPBasicKeyStorage {
     private final KeyPair keyPair;
-    private final String name;
+    private final CharSequence ownerID;
     private long timeInMillis = 0;
 
     public static final String DEFAULT_RSA_ENCRYPTION_ALGORITHM = "RSA/ECB/PKCS1Padding";
     public static final String DEFAULT_SYMMETRIC_KEY_TYPE = "AES";
     public static final String DEFAULT_SYMMETRIC_ENCRYPTION_ALGORITHM = "AES/ECB/PKCS5Padding";
-//    public static int DEFAULT_AES_KEY_SIZE = 256; TODO we need a better one
-    public static int DEFAULT_AES_KEY_SIZE = 128;
+//    public static int DEFAULT_AES_KEY_SIZE = 256;
+    public static int DEFAULT_AES_KEY_SIZE = 128; // TODO we can do better
     public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256withRSA";
 
     private HashMap<String, KeyPair> peerKeyPairs = new HashMap<>();
 
-    public TestASAPKeyStorage(String name) throws ASAPSecurityException {
+    public TestASAPKeyStorage(String ownerID) throws ASAPSecurityException {
         // generate owners key pair;
-        this.name = name;
+        this.ownerID = ownerID;
         this.keyPair = this.generateKeyPair();
         this.timeInMillis = System.currentTimeMillis();
     }
 
-    public TestASAPKeyStorage(String name, KeyPair ownerKeyPair) {
-        this.name = name;
+    public TestASAPKeyStorage(CharSequence ownerID, KeyPair ownerKeyPair) {
+        this.ownerID = ownerID;
         this.keyPair = ownerKeyPair;
     }
 
@@ -128,12 +128,18 @@ public String getSymmetricKeyType() {
         return DEFAULT_SYMMETRIC_KEY_TYPE;
     }
 
+    @Override
+    public boolean isOwner(CharSequence peerID) {
+        return peerID.equals(this.ownerID);
+    }
+
     @Override
     public String getRSASigningAlgorithm() {
         return DEFAULT_SIGNATURE_ALGORITHM;
     }
 
     public void addKeyPair(String peerID, KeyPair keyPair) {
+
         this.peerKeyPairs.put(peerID, keyPair);
     }
 }