Deprecate SignatureOps in server and client

.gitignore

@@ -1,5 +1,4 @@
 .DS_Store
-coniks_common/src/org/coniks/coniks_common/*.class
-coniks_common/src/com/google/protobuf/*.java
-coniks_server/src/org/coniks/coniks_server/*.class
-coniks_test_client/src/org/coniks/coniks_test_client/*.class
+target
+bin
+logs

coniks_common/pom.xml

@@ -21,7 +21,7 @@
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>3.8.1</version>
+      <version>4.12</version>
       <scope>test</scope>
     </dependency>
 

coniks_server/pom.xml

@@ -22,7 +22,7 @@
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>3.8.1</version>
+      <version>4.12</version>
       <scope>test</scope>
     </dependency>
 
@@ -33,6 +33,13 @@
       <scope>compile</scope>
     </dependency>
 
+    <dependency>
+      <groupId>org.coniks.crypto</groupId>
+      <artifactId>coniks-crypto</artifactId>
+      <version>1.3-SNAPSHOT</version>
+      <scope>compile</scope>
+    </dependency>
+
     <dependency>
       <groupId>com.google.protobuf</groupId>
       <artifactId>protobuf-java</artifactId>

coniks_server/src/main/java/org/coniks/coniks_server/KeyChange.java

@@ -36,9 +36,13 @@ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 import java.security.interfaces.DSAPublicKey;
 import java.util.Arrays;
 
+// coniks-java imports
+import org.coniks.crypto.*;
+
 /** Implements a key change operation.
  *
  *@author Michael Rochlin
+ *@author Marcela S. Melara ([email protected])
  */
 public class KeyChange extends Operation {
     private String newKeyData;
@@ -97,10 +101,21 @@ public boolean canChangeInfo(UserLeafNode uln) {
             ServerLogger.error("Tried to make unsigned KeyChange but wasn't allowed");
             return false;
         }
-        if (!uln.allowsUnsignedKeychange()
-            && !SignatureOps.verifySigFromDSA(msg, sig, uln.getChangeKey())) {
-            ServerLogger.error("Requires that key changes be signed, but the signature was invalid");
-            return false;
+        if (!uln.allowsUnsignedKeychange()) {
+
+            boolean res = false;
+
+            try {
+                res = Signing.dsaVerify(uln.getChangeKey(), msg, sig);
+            }
+            catch (Exception e) {
+                ServerLogger.error("[KeyChange] "+e.getMessage());
+            }
+
+            if(!res) {
+                ServerLogger.error("Requires that key changes be signed, but the signature was invalid");
+                return false;
+            }
         }
         return true;
     }

coniks_server/src/main/java/org/coniks/coniks_server/RequestHandler.java

@@ -45,6 +45,9 @@ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 import com.google.protobuf.AbstractMessage;
 import com.google.protobuf.ByteString;
 
+// coniks-java imports
+import org.coniks.crypto.*;
+
 import org.coniks.coniks_common.MsgType;
 import org.coniks.coniks_common.C2SProtos.Registration;
 import org.coniks.coniks_common.C2SProtos.CommitmentReq;
@@ -302,7 +305,18 @@ private synchronized void handleSignedULNChangeProto(SignedULNChangeReq signedRe
 
         byte[] reqMsg = changeReq.toByteArray();
         byte[] sig = signedReq.getSig().toByteArray();
-        if (!SignatureOps.verifySigFromDSA(reqMsg, sig, publicChangeKey)) {
+
+        boolean res = false;
+
+        try {
+            res = Signing.dsaVerify(publicChangeKey, reqMsg, sig);
+        }
+        // let's catch the panic here and log it
+        catch (Exception e) {
+            ServerLogger.error("[RequestHandler] "+e.getMessage());
+        }
+
+        if (!res) {
             MsgHandlerLogger.log("Failed to verify message");
             MsgHandlerLogger.log("Failed sig said\n" + Arrays.toString(sig));
             ServerMessaging.sendSimpleResponseProto(ServerErr.SIGNED_CHANGE_VERIF_ERR, clientSocket);

coniks_server/src/main/java/org/coniks/coniks_server/SignatureOps.java

@@ -58,7 +58,9 @@ public class SignatureOps{
      * of the {@code input}.
      *@throws A RuntimeException if there is a problem with the private key
      * loaded from the server's keystore.
+     *@deprecated Use more general {@link org.coniks.crypto.Signing#rsaSign(RSAPublicKey, byte[]) rsaVerify} instead.
      */
+    @Deprecated
     public static byte[] sign(byte[] input) {
 
         RSAPrivateKey MY_PRIV_KEY = KeyOps.loadSigningKey();
@@ -95,7 +97,9 @@ public static byte[] sign(byte[] input) {
      *
      *@return {@code true} if the signature on the message is valid, {@code false}
      * otherwise.
+     *@deprecated Use more general {@link org.coniks.crypto.Signing#rsaVerify(RSAPublicKey, byte[], byte[]) rsaVerify} instead.
      */
+    @Deprecated
     public static boolean verifySig(byte[] msg, byte[] signature, String keyOwner){
 
         RSAPublicKey pubKey = KeyOps.loadPublicKey(keyOwner);
@@ -122,7 +126,10 @@ public static boolean verifySig(byte[] msg, byte[] signature, String keyOwner){
 
     }
 
-    /** Verify {@code msg} with {@code sig} using {@code pk} */
+    /** Verify {@code msg} with {@code sig} using {@code pk} 
+     *
+     *@deprecated Use more general {@link org.coniks.crypto.Signing#dsaVerify(DSAPublicKey, byte[], byte[]) dsaVerify} instead.*/
+    @Deprecated
     public static boolean verifySigFromDSA(byte[] msg, byte[] sig, PublicKey pk) {
         try {
             Signature verifyalg = Signature.getInstance("DSA");

coniks_server/src/main/java/org/coniks/coniks_server/TransparencyOps.java

@@ -34,6 +34,9 @@ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 package org.coniks.coniks_server;
 
 import com.google.protobuf.ByteString;
+
+// coniks-java imports
+import org.coniks.crypto.*;
 import org.coniks.coniks_common.C2SProtos.AuthPath;
 import org.coniks.coniks_common.C2SProtos.*;
 import org.coniks.coniks_common.UtilProtos.Hash;
@@ -43,8 +46,7 @@ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 import java.util.TreeMap;
 import java.util.PriorityQueue;
 import java.security.*;
-import java.security.interfaces.RSAPublicKey;
-import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.*;
 import java.nio.ByteBuffer;
 
 import org.javatuples.*;
@@ -71,7 +73,16 @@ public static SignedTreeRoot generateSTR(RootNode root, long ep,
         byte[] strBytesPreSig = ServerUtils.getSTRBytesForSig(root, ep, prevEp,
                                                               prevStrHash);
 
-        byte[] sig = SignatureOps.sign(strBytesPreSig);
+        RSAPrivateKey key = KeyOps.loadSigningKey();
+
+        byte[] sig = null;
+        try {
+            sig = Signing.rsaSign(key, strBytesPreSig);
+        }
+        catch (Exception e) {
+            ServerLogger.error("[RequestHandler] "+e.getMessage());
+            return null;
+        }
 
 	return new SignedTreeRoot(root, ep, prevEp, prevStrHash, sig, null);
     }
@@ -93,8 +104,17 @@ public static synchronized SignedTreeRoot generateNextSTR(RootNode root, long ep
         byte[] strBytesPreSig = ServerUtils.getSTRBytesForSig(root, ep, prevEpoch,
                                                               prevStrHash);
 
-        byte[] sig = SignatureOps.sign(strBytesPreSig);
-
+        RSAPrivateKey key = KeyOps.loadSigningKey();
+
+        byte[] sig = null;
+        try {
+            sig = Signing.rsaSign(key, strBytesPreSig);
+        }
+        catch (Exception e) {
+            ServerLogger.error("[RequestHandler] "+e.getMessage());
+            return null;
+        }
+
 	return new SignedTreeRoot(root, ep, prevEpoch, prevStrHash, sig, ServerHistory.getCurSTR());
     }
 

coniks_test_client/pom.xml

@@ -22,7 +22,7 @@
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>3.8.1</version>
+      <version>4.12</version>
       <scope>test</scope>
     </dependency>
 
@@ -33,6 +33,13 @@
       <scope>compile</scope>
     </dependency>
 
+    <dependency>
+      <groupId>org.coniks.crypto</groupId>
+      <artifactId>coniks-crypto</artifactId>
+      <version>1.3-SNAPSHOT</version>
+      <scope>compile</scope>
+    </dependency>
+
     <dependency>
       <groupId>com.google.protobuf</groupId>
       <artifactId>protobuf-java</artifactId>

coniks_test_client/src/main/java/org/coniks/coniks_test_client/SignatureOps.java

@@ -39,17 +39,6 @@ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 import javax.crypto.*;
 import java.math.BigInteger;
 
-// TODO(mrochlin)
-// Should use protected keystore instead of just file streams
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.InputStream;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-
 /** Implements all operations involving digital signatures
  * that a CONIKS client must perform.
  *
@@ -60,7 +49,9 @@ public class SignatureOps{
     /** Verifies {@code msg} and the {@code sig} using the DSA PublicKey {@code pk} 
      *
      *@return {@code true} if the signature is valid, {@code false} otherwise.
+     **@deprecated Use more general {@link org.coniks.crypto.Signing#dsaVerify(DSAPublicKey, byte[], byte[]) dsaVerify} instead.
      */
+    @Deprecated
     public static boolean verifySigFromDSA(byte[] msg, byte[] sig, PublicKey pk) {
         try {
             Signature verifyalg = Signature.getInstance("DSA");
@@ -86,8 +77,10 @@ public static boolean verifySigFromDSA(byte[] msg, byte[] sig, PublicKey pk) {
 
     /** Signs {@code msg} using DSAPrivateKey {@code prk} 
      *
-     *@return the signature or null on an error  
+     *@return the signature or null on an error
+     *@deprecated Use more general {@link org.coniks.crypto.Signing#dsaSign(DSAPublicKey, byte[], byte[]) dsaSign} instead.
      */
+    @Deprecated
     public static byte[] signDSA(byte[] msg, DSAPrivateKey prk) throws InvalidKeyException {
         if (prk == null) {
             ClientLogger.error("The given key is invalid.");

coniks_test_client/src/main/java/org/coniks/coniks_test_client/TestClient.java

@@ -44,6 +44,9 @@ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 import java.lang.NumberFormatException;
 
 import com.google.protobuf.*;
+
+// coniks-java imports
+import org.coniks.crypto.*;
 import org.coniks.coniks_common.C2SProtos.*;
 import org.coniks.coniks_common.UtilProtos.ServerResp;
 import org.coniks.coniks_common.ServerErr;
@@ -247,10 +250,10 @@ private static int signedKeyChange(String uname, String server) {
                                                                                user.isAllowsPublicVisibility());
 
 
-            sig = SignatureOps.signDSA(changeReq.toByteArray(), prKey);
+            sig = Signing.dsaSign(prKey, changeReq.toByteArray());
         }
-        catch (InvalidKeyException e) {
-            ClientLogger.error(e.getMessage());
+        catch (NoSuchAlgorithmException e) {
+            ClientLogger.error("[TestClient] "+e.getMessage());
             user.unloadChangePrivKey();
             return ClientUtils.INTERNAL_CLIENT_ERR;
         }
@@ -368,10 +371,10 @@ private static int changeKeyChangePolicy(String uname, String server) {
                                                                                user.isAllowsPublicVisibility());
 
 
-            sig = SignatureOps.signDSA(changeReq.toByteArray(), prKey);
+            sig = Signing.dsaSign(prKey, changeReq.toByteArray());
         }
-        catch (InvalidKeyException e) {
-            ClientLogger.error(e.getMessage());
+        catch (NoSuchAlgorithmException e) {
+            ClientLogger.error("[TestClient] "+e.getMessage());
             user.unloadChangePrivKey();
             return ClientUtils.INTERNAL_CLIENT_ERR;
         }

crypto/pom.xml

@@ -24,11 +24,24 @@
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>3.8.1</version>
+      <version>4.12</version>
       <scope>test</scope>
     </dependency>
   </dependencies>
 
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>2.19.1</version>
+        <configuration>
+          <useFile>false</useFile>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>