SunSPOT API V3.0


com.sun.squawk.security.verifier
Class SignatureVerifier

java.lang.Object
  extended by com.sun.squawk.security.verifier.SignatureVerifier

public class SignatureVerifier
extends Object

Used to verify the signature of certain signed data, including Suites.

Author:
Christian Pühringer

Field Summary
static int BUFFER_SIZE
          The numbe of bytes read from flash memory and passed to the signature verification per loop.
static int MAXIMUM_HEADER_SIZE
          The maximum size the header of a suite can have to be compatible with SignatureVerifier.
 
Method Summary
protected static void ensureInitialized()
           
static boolean getSuiteVerifiedFlag(int suiteAddress)
           
static void initialize(byte[] publicKeyBytes, int offset, int length)
           
static boolean isVerifiedSuite(String uri)
           
static void verify(byte[] buffer, byte[] signature)
          Verifies a buffer
static void verify(byte[] buffer, int bufferOffset, int bufferLength, byte[] signature, int signatureOffset, int signatureLength)
          Verifies a buffer
static void verifySuite(InputStream suiteIn)
          Verifies a suite in flash memory.
static void verifySuite(InputStream suiteIn, boolean useNativeSHA)
          Verifies a suite in flash memory using either the java Signature or a native read from flash and sha1 code.
static void verifySuite(String uri)
          Verifies a suite in flash memory.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

BUFFER_SIZE

public static final int BUFFER_SIZE
The numbe of bytes read from flash memory and passed to the signature verification per loop. Must be larger than MAXIMUM_HEADER_SIZE!. Theoretically should the verification be faster for larger buffer sizes, but measurements show that the influence is only measurable for very small buffer sizes, and even then is very small. (That is not very surprising, because larger buffer sizes only accelerate the message digesting, while the time for elliptic curve computations, and especially the flash memory operations does not change. (The time for ecc verifySuite is about 1s)) Suite (43800 byte) BUFFER_SIZE Verification time 48: 3125ms 128: 3092ms 256: 3043ms 512: 3047ms 1024: 3017ms 2048: 2984ms 4096: 3014ms 65536: 3009ms

See Also:
Constant Field Values

MAXIMUM_HEADER_SIZE

public static final int MAXIMUM_HEADER_SIZE
The maximum size the header of a suite can have to be compatible with SignatureVerifier. In the flash memory case this is guaranteed, the header 48 byte for application suites, the header of the library suite is slightly smaller. Higher maximum header sizes (actually higher differences between maximum and minimum header sizes) decrease the minimum size of the suite supported by verifySuite.

See Also:
Constant Field Values
Method Detail

ensureInitialized

protected static void ensureInitialized()
                                 throws SignatureVerifierException
Throws:
SignatureVerifierException

getSuiteVerifiedFlag

public static boolean getSuiteVerifiedFlag(int suiteAddress)
                                    throws IllegalArgumentException
Throws:
IllegalArgumentException

initialize

public static void initialize(byte[] publicKeyBytes,
                              int offset,
                              int length)
                       throws SignatureVerifierException
Throws:
SignatureVerifierException

isVerifiedSuite

public static boolean isVerifiedSuite(String uri)

verify

public static void verify(byte[] buffer,
                          int bufferOffset,
                          int bufferLength,
                          byte[] signature,
                          int signatureOffset,
                          int signatureLength)
                   throws SignatureVerifierException
Verifies a buffer

Throws:
SignatureVerifierException

verify

public static void verify(byte[] buffer,
                          byte[] signature)
                   throws SignatureVerifierException,
                          IOException
Verifies a buffer

Throws:
SignatureVerifierException
IOException

verifySuite

public static void verifySuite(InputStream suiteIn)
                        throws SignatureVerifierException,
                               IOException
Verifies a suite in flash memory. Remark: The suite header must be shorter than MAXIMUM_HEADER_SIZE bytes. This is only guarenteed in the case that the suite is in flash memory on a Spot, because it is ensured in com/syn/squawk/suiteconverter/Suite.java by replacing the parentURL with a url of the form flash://
.lib. If the suite is a suite file on the desktop, this is not garanteed, because the parent URL can have any length. Furthermore verifySuite expects that the first integer after the object memory in the suite is the hash. This is only the case for suite converted for flashmemory, thus it won't work for other suites.

Parameters:
suiteIn - An input stream which allows retrieving a suite. This usually is a FlashInputStream pointing to a suite in the flash memory.
Throws:
SignatureVerifierException
IOException

verifySuite

public static void verifySuite(InputStream suiteIn,
                               boolean useNativeSHA)
                        throws SignatureVerifierException,
                               IOException
Verifies a suite in flash memory using either the java Signature or a native read from flash and sha1 code. It is only intented to ensure that the byte code wasn't changed for Java compliance reasons. It does NOT protect against attackers (especially if ignoreSuiteVerifiedFlag==false). For functionallity which require such protection (like access control for over the air deployment)use the verify method.

Remark: The suite header must be shorter than MAXIMUM_HEADER_SIZE bytes. This is only guarenteed in the case that the suite is in flash memory on a Spot, because it is ensured in com/syn/squawk/suiteconverter/Suite.java by replacing the parentURL with a url of the form flash://

.lib. If the suite is a suite file on the desktop, this is not garanteed, because the parent URL can have any length. Furthermore verifySuite expects that the first integer after the object memory in the suite is the hash. This is only the case for suite converted for flashmemory, thus it won't work for other suites.

Parameters:
suiteIn - An input stream which allows retrieving a suite. This usually is a FlashInputStream pointing to a suite in the flash memory.
useNativeSHA - Use faster message digest computation. Native C is about 85x faster than the pure Java version. useNativeSHA=true cannot be used if NATIVE_VERIFICATION compile flag not set, and useNativeSHA=false cannot be used if NATIVE_VERIFICATION_ONLY is set.In this cases verifySuite will throw a RuntimeException
Throws:
SignatureVerifierException
IOException

verifySuite

public static void verifySuite(String uri)
                        throws SignatureVerifierException,
                               IOException
Verifies a suite in flash memory. Remark: The suite header must be shorter than MAXIMUM_HEADER_SIZE bytes. This is only guarenteed in the case that the suite is in flash memory on a Spot, because it is ensured in com/syn/squawk/suiteconverter/Suite.java by replacing the parentURL with a url of the form flash://
.lib. If the suite is a suite file on the desktop, this is not garanteed, because the parent URL can have any length. Furthermore verifySuite expects that the first integer after the object memory in the suite is the hash. This is only the case for suite converted for flashmemory, thus it won't work for other suites.

Parameters:
uri - A uri pointing to a suite in flash memory. (flash://
[.lib])
Throws:
SignatureVerifierException
IOException

SunSPOT API V3.0


Copyright © 2006, 2007 Sun Microsystems, Inc. All Rights Reserved.