Add constant-time method for verifying MACs.

2026-02-15 20:29:52 +01:00 · 2018-04-25 12:23:46 +01:00
parent 615f527270
commit 0217c205a1
20 changed files with 120 additions and 72 deletions
--- a/bramble-core/src/test/java/org/briarproject/bramble/client/ClientHelperImplTest.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/client/ClientHelperImplTest.java
@@ -37,6 +37,7 @@ import java.util.Random;

 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
+import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
 import static org.briarproject.bramble.test.TestUtils.getAuthor;
 import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getRandomId;
@@ -300,30 +301,34 @@ public class ClientHelperImplTest extends BrambleTestCase {

 	@Test
 	public void testVerifySignature() throws Exception {
+		byte[] signature = getRandomBytes(MAX_SIGNATURE_LENGTH);
 		byte[] publicKey = getRandomBytes(42);
-		byte[] bytes = expectToByteArray(list);
+		byte[] signed = expectToByteArray(list);

 		context.checking(new Expectations() {{
-			oneOf(cryptoComponent).verify(label, bytes, publicKey, rawMessage);
+			oneOf(cryptoComponent).verifySignature(signature, label, signed,
+					publicKey);
 			will(returnValue(true));
 		}});

-		clientHelper.verifySignature(label, rawMessage, publicKey, list);
+		clientHelper.verifySignature(signature, label, list, publicKey);
 		context.assertIsSatisfied();
 	}

 	@Test
 	public void testVerifyWrongSignature() throws Exception {
+		byte[] signature = getRandomBytes(MAX_SIGNATURE_LENGTH);
 		byte[] publicKey = getRandomBytes(42);
-		byte[] bytes = expectToByteArray(list);
+		byte[] signed = expectToByteArray(list);

 		context.checking(new Expectations() {{
-			oneOf(cryptoComponent).verify(label, bytes, publicKey, rawMessage);
+			oneOf(cryptoComponent).verifySignature(signature, label, signed,
+					publicKey);
 			will(returnValue(false));
 		}});

 		try {
-			clientHelper.verifySignature(label, rawMessage, publicKey, list);
+			clientHelper.verifySignature(signature, label, list, publicKey);
 			fail();
 		} catch (GeneralSecurityException e) {
 			// expected
--- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/EdSignatureTest.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/EdSignatureTest.java
@@ -143,9 +143,9 @@ public class EdSignatureTest extends SignatureTest {
 	}

 	@Override
-	protected boolean verify(String label, byte[] signedData, byte[] publicKey,
-			byte[] signature) throws GeneralSecurityException {
-		return crypto.verify(label, signedData, publicKey, signature);
+	protected boolean verify(byte[] signature, String label, byte[] signed,
+			byte[] publicKey) throws GeneralSecurityException {
+		return crypto.verifySignature(signature, label, signed, publicKey);
 	}

 	@Test
--- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyEncodingAndParsingTest.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyEncodingAndParsingTest.java
@@ -126,13 +126,13 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
 		byte[] signature = crypto.sign("test", message,
 				privateKey.getEncoded());
 		// Verify the signature
-		assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
-				signature));
+		assertTrue(crypto.verifySignature(signature, "test", message,
+				publicKey.getEncoded()));
 		// Encode and parse the public key - no exceptions should be thrown
 		publicKey = parser.parsePublicKey(publicKey.getEncoded());
 		// Verify the signature again
-		assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
-				signature));
+		assertTrue(crypto.verifySignature(signature, "test", message,
+				publicKey.getEncoded()));
 	}

 	@Test
@@ -146,15 +146,15 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
 		byte[] signature = crypto.sign("test", message,
 				privateKey.getEncoded());
 		// Verify the signature
-		assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
-				signature));
+		assertTrue(crypto.verifySignature(signature, "test", message,
+				publicKey.getEncoded()));
 		// Encode and parse the private key - no exceptions should be thrown
 		privateKey = parser.parsePrivateKey(privateKey.getEncoded());
 		// Sign the data again - the signatures should be the same
 		byte[] signature1 = crypto.sign("test", message,
 				privateKey.getEncoded());
-		assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
-				signature1));
+		assertTrue(crypto.verifySignature(signature1, "test", message,
+				publicKey.getEncoded()));
 		assertArrayEquals(signature, signature1);
 	}

--- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/MacTest.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/MacTest.java
@@ -13,6 +13,7 @@ import static org.briarproject.bramble.test.TestUtils.getSecretKey;
 import static org.briarproject.bramble.util.StringUtils.getRandomString;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;

 public class MacTest extends BrambleTestCase {

@@ -32,6 +33,7 @@ public class MacTest extends BrambleTestCase {
 		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
 		byte[] mac1 = crypto.mac(label1, key1, input1, input2, input3);
 		assertArrayEquals(mac, mac1);
+		assertTrue(crypto.verifyMac(mac, label1, key1, input1, input2, input3));
 	}

 	@Test
@@ -40,6 +42,11 @@ public class MacTest extends BrambleTestCase {
 		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
 		byte[] mac1 = crypto.mac(label2, key1, input1, input2, input3);
 		assertFalse(Arrays.equals(mac, mac1));
+		// Each MAC should fail to verify with the other MAC's label
+		assertFalse(crypto.verifyMac(mac, label2, key1, input1, input2,
+				input3));
+		assertFalse(crypto.verifyMac(mac1, label1, key2, input1, input2,
+				input3));
 	}

 	@Test
@@ -48,6 +55,11 @@ public class MacTest extends BrambleTestCase {
 		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
 		byte[] mac1 = crypto.mac(label1, key2, input1, input2, input3);
 		assertFalse(Arrays.equals(mac, mac1));
+		// Each MAC should fail to verify with the other MAC's key
+		assertFalse(crypto.verifyMac(mac, label1, key2, input1, input2,
+				input3));
+		assertFalse(crypto.verifyMac(mac1, label2, key1, input1, input2,
+				input3));
 	}

 	@Test
@@ -57,6 +69,11 @@ public class MacTest extends BrambleTestCase {
 		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
 		byte[] mac1 = crypto.mac(label1, key1, input3, input2, input1);
 		assertFalse(Arrays.equals(mac, mac1));
+		// Each MAC should fail to verify with the other MAC's inputs
+		assertFalse(crypto.verifyMac(mac, label1, key2, input3, input2,
+				input1));
+		assertFalse(crypto.verifyMac(mac1, label1, key1, input1, input2,
+				input3));
 	}

 }
--- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/SignatureTest.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/SignatureTest.java
@@ -28,8 +28,8 @@ public abstract class SignatureTest extends BrambleTestCase {
 	protected abstract byte[] sign(String label, byte[] toSign,
 			byte[] privateKey) throws GeneralSecurityException;

-	protected abstract boolean verify(String label, byte[] signedData,
-			byte[] publicKey, byte[] signature) throws GeneralSecurityException;
+	protected abstract boolean verify(byte[] signature, String label,
+			byte[] signed, byte[] publicKey) throws GeneralSecurityException;

 	SignatureTest() {
 		crypto = new CryptoComponentImpl(new TestSecureRandomProvider(), null);
@@ -85,7 +85,7 @@ public abstract class SignatureTest extends BrambleTestCase {
 	@Test
 	public void testSignatureVerification() throws Exception {
 		byte[] sig = sign(label, inputBytes, privateKey);
-		assertTrue(verify(label, inputBytes, publicKey, sig));
+		assertTrue(verify(sig, label, inputBytes, publicKey));
 	}

 	@Test
@@ -95,7 +95,7 @@ public abstract class SignatureTest extends BrambleTestCase {
 		byte[] privateKey2 = k2.getPrivate().getEncoded();
 		// calculate the signature with different key, should fail to verify
 		byte[] sig = sign(label, inputBytes, privateKey2);
-		assertFalse(verify(label, inputBytes, publicKey, sig));
+		assertFalse(verify(sig, label, inputBytes, publicKey));
 	}

 	@Test
@@ -104,7 +104,7 @@ public abstract class SignatureTest extends BrambleTestCase {
 		byte[] inputBytes2 = TestUtils.getRandomBytes(123);
 		// calculate the signature with different input, should fail to verify
 		byte[] sig = sign(label, inputBytes, privateKey);
-		assertFalse(verify(label, inputBytes2, publicKey, sig));
+		assertFalse(verify(sig, label, inputBytes2, publicKey));
 	}

 	@Test
@@ -113,7 +113,7 @@ public abstract class SignatureTest extends BrambleTestCase {
 		String label2 = StringUtils.getRandomString(42);
 		// calculate the signature with different label, should fail to verify
 		byte[] sig = sign(label, inputBytes, privateKey);
-		assertFalse(verify(label2, inputBytes, publicKey, sig));
+		assertFalse(verify(sig, label2, inputBytes, publicKey));
 	}

 }