From c4385b2336dae3be7bec9120dd45424315f015f5 Mon Sep 17 00:00:00 2001
From: Christian Basler <chrigu.meyer@gmail.com>
Date: Sun, 2 Apr 2017 21:03:04 +0200
Subject: [PATCH] Add some passive support for SHA256 based signatures

---
 .../ports/AbstractCryptography.java           | 30 ++++++++++++++++---
 .../cryptography/bc/BouncyCryptography.java   | 16 ++--------
 .../cryptography/sc/SpongyCryptography.java   | 12 ++------
 3 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/core/src/main/java/ch/dissem/bitmessage/ports/AbstractCryptography.java b/core/src/main/java/ch/dissem/bitmessage/ports/AbstractCryptography.java
index 7668391..304c20d 100644
--- a/core/src/main/java/ch/dissem/bitmessage/ports/AbstractCryptography.java
+++ b/core/src/main/java/ch/dissem/bitmessage/ports/AbstractCryptography.java
@@ -31,10 +31,7 @@ import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 import java.io.IOException;
 import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.Provider;
-import java.security.SecureRandom;
+import java.security.*;
 
 import static ch.dissem.bitmessage.InternalContext.NETWORK_EXTRA_BYTES;
 import static ch.dissem.bitmessage.InternalContext.NETWORK_NONCE_TRIALS_PER_BYTE;
@@ -50,6 +47,10 @@ public abstract class AbstractCryptography implements Cryptography, InternalCont
     private static final BigInteger TWO_POW_64 = TWO.pow(64);
     private static final BigInteger TWO_POW_16 = TWO.pow(16);
 
+    protected static final String ALGORITHM_ECDSA = "ECDSA";
+    protected static final String ALGORITHM_ECDSA_SHA1 = "SHA1withECDSA";
+    protected static final String ALGORITHM_EVP_SHA256 = "SHA256withECDSA";
+
     protected final Provider provider;
     private InternalContext context;
 
@@ -127,6 +128,27 @@ public abstract class AbstractCryptography implements Cryptography, InternalCont
         }
     }
 
+    protected byte[] doSign(byte[] data, java.security.PrivateKey privKey) throws GeneralSecurityException {
+        // TODO: change this to ALGORITHM_EVP_SHA256 once it's generally used in the network
+        Signature sig = Signature.getInstance(ALGORITHM_ECDSA_SHA1, provider);
+        sig.initSign(privKey);
+        sig.update(data);
+        return sig.sign();
+    }
+
+
+    protected boolean doCheckSignature(byte[] data, byte[] signature, PublicKey publicKey) throws GeneralSecurityException {
+        for (String algorithm : new String[]{ALGORITHM_ECDSA_SHA1, ALGORITHM_EVP_SHA256}) {
+            Signature sig = Signature.getInstance(algorithm, provider);
+            sig.initVerify(publicKey);
+            sig.update(data);
+            if (sig.verify(signature)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     @Override
     public byte[] getInitialHash(ObjectMessage object) {
         return sha512(object.getPayloadBytesWithoutNonce());
diff --git a/cryptography-bc/src/main/java/ch/dissem/bitmessage/cryptography/bc/BouncyCryptography.java b/cryptography-bc/src/main/java/ch/dissem/bitmessage/cryptography/bc/BouncyCryptography.java
index 632c30a..bc8ec93 100644
--- a/cryptography-bc/src/main/java/ch/dissem/bitmessage/cryptography/bc/BouncyCryptography.java
+++ b/cryptography-bc/src/main/java/ch/dissem/bitmessage/cryptography/bc/BouncyCryptography.java
@@ -38,10 +38,7 @@ import org.bouncycastle.jce.spec.ECPublicKeySpec;
 import org.bouncycastle.math.ec.ECPoint;
 
 import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyFactory;
-import java.security.PublicKey;
-import java.security.Signature;
+import java.security.*;
 import java.security.spec.KeySpec;
 import java.util.Arrays;
 
@@ -51,7 +48,6 @@ import java.util.Arrays;
  */
 public class BouncyCryptography extends AbstractCryptography {
     private static final X9ECParameters EC_CURVE_PARAMETERS = CustomNamedCurves.getByName("secp256k1");
-    private static final String ALGORITHM_ECDSA = "ECDSA";
 
     public BouncyCryptography() {
         super(new BouncyCastleProvider());
@@ -106,10 +102,7 @@ public class BouncyCryptography extends AbstractCryptography {
             KeySpec keySpec = new ECPublicKeySpec(Q, spec);
             PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider).generatePublic(keySpec);
 
-            Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider);
-            sig.initVerify(publicKey);
-            sig.update(data);
-            return sig.verify(signature);
+            return doCheckSignature(data, signature, publicKey);
         } catch (GeneralSecurityException e) {
             throw new ApplicationException(e);
         }
@@ -131,10 +124,7 @@ public class BouncyCryptography extends AbstractCryptography {
             java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider)
                 .generatePrivate(keySpec);
 
-            Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider);
-            sig.initSign(privKey);
-            sig.update(data);
-            return sig.sign();
+            return doSign(data, privKey);
         } catch (GeneralSecurityException e) {
             throw new ApplicationException(e);
         }
diff --git a/cryptography-sc/src/main/java/ch/dissem/bitmessage/cryptography/sc/SpongyCryptography.java b/cryptography-sc/src/main/java/ch/dissem/bitmessage/cryptography/sc/SpongyCryptography.java
index b9234cd..f86e6c2 100644
--- a/cryptography-sc/src/main/java/ch/dissem/bitmessage/cryptography/sc/SpongyCryptography.java
+++ b/cryptography-sc/src/main/java/ch/dissem/bitmessage/cryptography/sc/SpongyCryptography.java
@@ -41,7 +41,6 @@ import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
 import java.security.PublicKey;
-import java.security.Signature;
 import java.security.spec.KeySpec;
 import java.util.Arrays;
 
@@ -51,7 +50,6 @@ import java.util.Arrays;
  */
 public class SpongyCryptography extends AbstractCryptography {
     private static final X9ECParameters EC_CURVE_PARAMETERS = CustomNamedCurves.getByName("secp256k1");
-    private static final String ALGORITHM_ECDSA = "ECDSA";
 
     public SpongyCryptography() {
         super(new BouncyCastleProvider());
@@ -106,10 +104,7 @@ public class SpongyCryptography extends AbstractCryptography {
             KeySpec keySpec = new ECPublicKeySpec(Q, spec);
             PublicKey publicKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider).generatePublic(keySpec);
 
-            Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider);
-            sig.initVerify(publicKey);
-            sig.update(data);
-            return sig.verify(signature);
+            return doCheckSignature(data, signature, publicKey);
         } catch (GeneralSecurityException e) {
             throw new ApplicationException(e);
         }
@@ -131,10 +126,7 @@ public class SpongyCryptography extends AbstractCryptography {
             java.security.PrivateKey privKey = KeyFactory.getInstance(ALGORITHM_ECDSA, provider)
                 .generatePrivate(keySpec);
 
-            Signature sig = Signature.getInstance(ALGORITHM_ECDSA, provider);
-            sig.initSign(privKey);
-            sig.update(data);
-            return sig.sign();
+            return doSign(data, privKey);
         } catch (GeneralSecurityException e) {
             throw new ApplicationException(e);
         }