From de73dec4b895553510e4193becc9a429fbf7140b Mon Sep 17 00:00:00 2001 From: zzz Date: Fri, 13 Aug 2021 10:15:24 -0400 Subject: [PATCH] Crypto: Fix corruption of EC and DSA private keys on Java 17 Update test to try all key types --- core/java/src/net/i2p/crypto/KeyStoreUtil.java | 17 ++++++++++++++--- core/java/src/net/i2p/crypto/SigUtil.java | 10 ++++++++-- history.txt | 3 +++ .../java/src/net/i2p/router/RouterVersion.java | 2 +- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/core/java/src/net/i2p/crypto/KeyStoreUtil.java b/core/java/src/net/i2p/crypto/KeyStoreUtil.java index e9db65cb3..3cefca43e 100644 --- a/core/java/src/net/i2p/crypto/KeyStoreUtil.java +++ b/core/java/src/net/i2p/crypto/KeyStoreUtil.java @@ -1381,10 +1381,21 @@ public final class KeyStoreUtil { File ksf = new File(args[1]); String alias = args[2]; String pw = args[3]; - boolean ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias, "test cname", "test ou", + boolean ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-EC", "test cname", "test ou", + DEFAULT_KEY_VALID_DAYS, "EC", 256, pw); + System.out.println("EC genkey ok? " + ok); + ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-DSA", "test cname", "test ou", + DEFAULT_KEY_VALID_DAYS, "DSA", 1024, pw); + System.out.println("DSA genkey ok? " + ok); + ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-RSA", "test cname", "test ou", + DEFAULT_KEY_VALID_DAYS, "RSA", 4096, pw); + System.out.println("RSA genkey ok? " + ok); + ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-EdDSA", "test cname", "test ou", DEFAULT_KEY_VALID_DAYS, "EdDSA", 256, pw); - //DEFAULT_KEY_VALID_DAYS, "ElGamal", 2048, pw); - System.out.println("genkey ok? " + ok); + System.out.println("EdDSA genkey ok? " + ok); + //ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-ElG", "test cname", "test ou", + // DEFAULT_KEY_VALID_DAYS, "ElGamal", 2048, pw); + //System.out.println("ElG genkey ok? " + ok); } private static void testKeygen2(String[] args) throws Exception { diff --git a/core/java/src/net/i2p/crypto/SigUtil.java b/core/java/src/net/i2p/crypto/SigUtil.java index 5926ea72b..0a3509b9a 100644 --- a/core/java/src/net/i2p/crypto/SigUtil.java +++ b/core/java/src/net/i2p/crypto/SigUtil.java @@ -289,7 +289,11 @@ public final class SigUtil { throws GeneralSecurityException { SigType type = pk.getType(); byte[] b = pk.getData(); - BigInteger s = new NativeBigInteger(1, b); + // Java 17 is zeroing out the byte array somewhere. + // So we can't use NBI which caches the byte array returned in toByteArray(), + // or it trashes our private key + //BigInteger s = new NativeBigInteger(1, b); + BigInteger s = new BigInteger(1, b); // see ECConstants re: casting ECPrivateKeySpec ks = new ECPrivateKeySpec(s, (ECParameterSpec) type.getParams()); KeyFactory kf = KeyFactory.getInstance("EC"); @@ -426,7 +430,9 @@ public final class SigUtil { throws GeneralSecurityException { KeyFactory kf = KeyFactory.getInstance("DSA"); // x p q g - KeySpec ks = new DSAPrivateKeySpec(new NativeBigInteger(1, pk.getData()), + KeySpec ks = new DSAPrivateKeySpec(new BigInteger(1, pk.getData()), + // see cvtToJavaECKey + //KeySpec ks = new DSAPrivateKeySpec(new NativeBigInteger(1, pk.getData()), CryptoConstants.dsap, CryptoConstants.dsaq, CryptoConstants.dsag); diff --git a/history.txt b/history.txt index 5e2c6a18c..142d455ca 100644 --- a/history.txt +++ b/history.txt @@ -1,3 +1,6 @@ +2021-08-13 zzz + * Crypto: Fix corruption of EC and DSA private keys on Java 17 + 2021-08-07 zzz * UPnP: Fix URL handling diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index 011810b47..98ae52310 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -18,7 +18,7 @@ public class RouterVersion { /** deprecated */ public final static String ID = "Git"; public final static String VERSION = CoreVersion.VERSION; - public final static long BUILD = 8; + public final static long BUILD = 9; /** for example "-test" */ public final static String EXTRA = "-rc";