diff --git a/core/java/src/net/i2p/crypto/DSAEngine.java b/core/java/src/net/i2p/crypto/DSAEngine.java index 0c57035f0..07c1a2ba4 100644 --- a/core/java/src/net/i2p/crypto/DSAEngine.java +++ b/core/java/src/net/i2p/crypto/DSAEngine.java @@ -382,7 +382,7 @@ public class DSAEngine { _log.error("Bad R length " + rbytes.length); return null; } else { - if (_log.shouldLog(Log.DEBUG)) _log.debug("Using short rbytes.length [" + rbytes.length + "]"); + //if (_log.shouldLog(Log.DEBUG)) _log.debug("Using short rbytes.length [" + rbytes.length + "]"); //System.arraycopy(rbytes, 0, out, 20 - rbytes.length, rbytes.length); for (int i = 0; i < rbytes.length; i++) out[i + 20 - rbytes.length] = rbytes[i]; @@ -401,7 +401,7 @@ public class DSAEngine { _log.error("Bad S length " + sbytes.length); return null; } else { - if (_log.shouldLog(Log.DEBUG)) _log.debug("Using short sbytes.length [" + sbytes.length + "]"); + //if (_log.shouldLog(Log.DEBUG)) _log.debug("Using short sbytes.length [" + sbytes.length + "]"); //System.arraycopy(sbytes, 0, out, 40 - sbytes.length, sbytes.length); for (int i = 0; i < sbytes.length; i++) out[i + 20 + 20 - sbytes.length] = sbytes[i]; diff --git a/core/java/src/net/i2p/crypto/ECConstants.java b/core/java/src/net/i2p/crypto/ECConstants.java index 4b202a814..9b8184292 100644 --- a/core/java/src/net/i2p/crypto/ECConstants.java +++ b/core/java/src/net/i2p/crypto/ECConstants.java @@ -301,13 +301,15 @@ class ECConstants { /** * Tries curve name1, then name2, then creates new from parms. + * @param name2 null to skip + * @param parms null to skip * @return null if all fail */ private static ECParameterSpec genSpec(String name1, String name2, ECParms parms) { ECParameterSpec rv = genSpec(name1); - if (rv == null) { + if (rv == null && name2 != null) { rv = genSpec(name2); - if (rv == null) { + if (rv == null && parms != null) { rv = parms.genSpec(); if (rv != null) log("Curve " + name2 + " created"); @@ -324,4 +326,12 @@ class ECConstants { public static final ECParameterSpec P384_SPEC = genSpec("secp384r1", "P-384", PARM_P384); public static final ECParameterSpec P521_SPEC = genSpec("secp521r1", "P-521", PARM_P521); + // Koblitz + public static final ECParameterSpec K163_SPEC = genSpec("sect163k1", "K-163", null); + public static final ECParameterSpec K233_SPEC = genSpec("sect233k1", "K-233", null); + public static final ECParameterSpec K283_SPEC = genSpec("sect283k1", "K-283", null); + public static final ECParameterSpec K409_SPEC = genSpec("sect409k1", "K-409", null); + public static final ECParameterSpec K571_SPEC = genSpec("sect571k1", "K-571", null); + + } diff --git a/core/java/src/net/i2p/crypto/KeyGenerator.java b/core/java/src/net/i2p/crypto/KeyGenerator.java index ca979425a..15dec5e72 100644 --- a/core/java/src/net/i2p/crypto/KeyGenerator.java +++ b/core/java/src/net/i2p/crypto/KeyGenerator.java @@ -225,34 +225,34 @@ public class KeyGenerator { kpg.initialize(type.getParams(), _context.random()); kp = kpg.generateKeyPair(); } catch (ProviderException pe) { + // java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID // This is a RuntimeException, thx Sun // Fails for P-192 only, on Ubuntu Log log = _context.logManager().getLog(KeyGenerator.class); String pname = kpg.getProvider().getName(); if ("BC".equals(pname)) { if (log.shouldLog(Log.WARN)) - log.warn("BC KPG failed", pe); - throw new GeneralSecurityException("BC KPG", pe); + log.warn("BC KPG failed for " + type, pe); + throw new GeneralSecurityException("BC KPG for " + type, pe); } if (!ECConstants.isBCAvailable()) - throw new GeneralSecurityException(pname + " KPG", pe); + throw new GeneralSecurityException(pname + " KPG failed for " + type, pe); if (log.shouldLog(Log.WARN)) - log.warn(pname + " KPG failed, trying BC", pe); + log.warn(pname + " KPG failed for " + type + ", trying BC", pe); try { kpg = KeyPairGenerator.getInstance("EC", "BC"); kpg.initialize(type.getParams(), _context.random()); kp = kpg.generateKeyPair(); } catch (ProviderException pe2) { if (log.shouldLog(Log.WARN)) - log.warn("BC KPG failed too", pe2); + log.warn("BC KPG failed for " + type + " also", pe2); // throw original exception - throw new GeneralSecurityException(pname + " KPG", pe); + throw new GeneralSecurityException(pname + " KPG for " + type, pe); } catch (GeneralSecurityException gse) { if (log.shouldLog(Log.WARN)) - log.warn("BC KPG failed too", gse); - gse.printStackTrace(); + log.warn("BC KPG failed for " + type + " also", gse); // throw original exception - throw new GeneralSecurityException(pname + " KPG", pe); + throw new GeneralSecurityException(pname + " KPG for " + type, pe); } } ECPublicKey pubkey = (ECPublicKey) kp.getPublic(); diff --git a/core/java/src/net/i2p/crypto/SigType.java b/core/java/src/net/i2p/crypto/SigType.java index 3d2bcc4b2..94f726da0 100644 --- a/core/java/src/net/i2p/crypto/SigType.java +++ b/core/java/src/net/i2p/crypto/SigType.java @@ -48,6 +48,11 @@ public enum SigType { ECDSA_SHA512_P256(10, 64, 32, 64, 64, SigAlgo.EC, "SHA-512", "SHA512withECDSA", ECConstants.P256_SPEC), ECDSA_SHA512_P384(11, 96, 48, 64, 96, SigAlgo.EC, "SHA-512", "SHA512withECDSA", ECConstants.P384_SPEC), + ECDSA_SHA256_K163(12, 42, 21, 32, 42, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K163_SPEC), + ECDSA_SHA256_K233(13, 60, 30, 32, 60, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K233_SPEC), + ECDSA_SHA256_K283(14, 72, 36, 32, 72, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K283_SPEC), + ECDSA_SHA256_K409(15, 104, 52, 32, 104, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K409_SPEC), + ECDSA_SHA256_K571(16, 144, 72, 32, 144, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K571_SPEC), //MD5 //ELGAMAL_SHA256