Crypto: Fix corruption of EC and DSA private keys on Java 17

Update test to try all key types
2021-08-13 10:15:24 -04:00
parent 4938e13f0e
commit de73dec4b8
4 changed files with 26 additions and 6 deletions
--- a/core/java/src/net/i2p/crypto/KeyStoreUtil.java
+++ b/core/java/src/net/i2p/crypto/KeyStoreUtil.java
@ -1381,10 +1381,21 @@ public final class KeyStoreUtil {
        File ksf = new File(args[1]);
        String alias = args[2];
        String pw = args[3];
-        boolean ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias, "test cname", "test ou",
+        boolean ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-EC", "test cname", "test ou",
+                                DEFAULT_KEY_VALID_DAYS, "EC", 256, pw);
+        System.out.println("EC genkey ok? " + ok);
+        ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-DSA", "test cname", "test ou",
+                                DEFAULT_KEY_VALID_DAYS, "DSA", 1024, pw);
+        System.out.println("DSA genkey ok? " + ok);
+        ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-RSA", "test cname", "test ou",
+                                DEFAULT_KEY_VALID_DAYS, "RSA", 4096, pw);
+        System.out.println("RSA genkey ok? " + ok);
+        ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-EdDSA", "test cname", "test ou",
                                DEFAULT_KEY_VALID_DAYS, "EdDSA", 256, pw);
-                                //DEFAULT_KEY_VALID_DAYS, "ElGamal", 2048, pw);
-        System.out.println("genkey ok? " + ok);
+        System.out.println("EdDSA genkey ok? " + ok);
+        //ok = createKeys(ksf, DEFAULT_KEYSTORE_PASSWORD, alias + "-ElG", "test cname", "test ou",
+        //                        DEFAULT_KEY_VALID_DAYS, "ElGamal", 2048, pw);
+        //System.out.println("ElG genkey ok? " + ok);
    }

    private static void testKeygen2(String[] args) throws Exception {
--- a/core/java/src/net/i2p/crypto/SigUtil.java
+++ b/core/java/src/net/i2p/crypto/SigUtil.java
@ -289,7 +289,11 @@ public final class SigUtil {
                              throws GeneralSecurityException {
        SigType type = pk.getType();
        byte[] b = pk.getData();
-        BigInteger s = new NativeBigInteger(1, b);
+        // Java 17 is zeroing out the byte array somewhere.
+        // So we can't use NBI which caches the byte array returned in toByteArray(),
+        // or it trashes our private key
+        //BigInteger s = new NativeBigInteger(1, b);
+        BigInteger s = new BigInteger(1, b);
        // see ECConstants re: casting
        ECPrivateKeySpec ks = new ECPrivateKeySpec(s, (ECParameterSpec) type.getParams());
        KeyFactory kf = KeyFactory.getInstance("EC");
@ -426,7 +430,9 @@ public final class SigUtil {
                              throws GeneralSecurityException {
        KeyFactory kf = KeyFactory.getInstance("DSA");
        // x p q g
-        KeySpec ks = new DSAPrivateKeySpec(new NativeBigInteger(1, pk.getData()),
+        KeySpec ks = new DSAPrivateKeySpec(new BigInteger(1, pk.getData()),
+        // see cvtToJavaECKey
+        //KeySpec ks = new DSAPrivateKeySpec(new NativeBigInteger(1, pk.getData()),
                                            CryptoConstants.dsap,
                                            CryptoConstants.dsaq,
                                            CryptoConstants.dsag);
--- a/history.txt
+++ b/history.txt
@ -1,3 +1,6 @@
+2021-08-13 zzz
+ * Crypto: Fix corruption of EC and DSA private keys on Java 17
+
 2021-08-07 zzz
 * UPnP: Fix URL handling

--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@ -18,7 +18,7 @@ public class RouterVersion {
    /** deprecated */
    public final static String ID = "Git";
    public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 8;
+    public final static long BUILD = 9;

    /** for example "-test" */
    public final static String EXTRA = "-rc";