Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-18 21:59:54 +01:00
Code Issues Projects Releases Wiki Activity

Public key validation: check that (x, y) is not the point at infinity.

Browse Source
This commit is contained in:
akwizgran
2014-01-05 21:45:01 +00:00
parent bf1a72c826
commit 09e16e3b34
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
briar-core/src/net/sf/briar/crypto/Sec1KeyParser.java
View File

@@ -35,17 +35,18 @@ class Sec1KeyParser implements KeyParser {
public PublicKey parsePublicKey(byte[] encodedKey) public PublicKey parsePublicKey(byte[] encodedKey)
throws GeneralSecurityException { throws GeneralSecurityException {
// Note: SEC 1 parameter names are used below, not RFC 5639 names // The validation procedure comes from SEC 1, section 3.2.2.1. Note
// that SEC 1 parameter names are used below, not RFC 5639 names
if(encodedKey.length != publicKeyBytes) if(encodedKey.length != publicKeyBytes)
throw new GeneralSecurityException(); throw new GeneralSecurityException();
// The first byte must be 0x04 // The first byte must be 0x04
if(encodedKey[0] != 4) throw new GeneralSecurityException(); if(encodedKey[0] != 4) throw new GeneralSecurityException();
// The x co-ordinate must be >= 0 and < q // The x co-ordinate must be >= 0 and < p
byte[] xBytes = new byte[bytesPerInt]; byte[] xBytes = new byte[bytesPerInt];
System.arraycopy(encodedKey, 1, xBytes, 0, bytesPerInt); System.arraycopy(encodedKey, 1, xBytes, 0, bytesPerInt);
BigInteger x = new BigInteger(1, xBytes); // Positive signum BigInteger x = new BigInteger(1, xBytes); // Positive signum
if(x.compareTo(modulus) >= 0) throw new GeneralSecurityException(); if(x.compareTo(modulus) >= 0) throw new GeneralSecurityException();
// The y co-ordinate must be >= 0 and < q // The y co-ordinate must be >= 0 and < p
byte[] yBytes = new byte[bytesPerInt]; byte[] yBytes = new byte[bytesPerInt];
System.arraycopy(encodedKey, 1 + bytesPerInt, yBytes, 0, bytesPerInt); System.arraycopy(encodedKey, 1 + bytesPerInt, yBytes, 0, bytesPerInt);
BigInteger y = new BigInteger(1, yBytes); // Positive signum BigInteger y = new BigInteger(1, yBytes); // Positive signum
@@ -56,10 +57,13 @@ class Sec1KeyParser implements KeyParser {
BigInteger lhs = y.multiply(y).mod(modulus); BigInteger lhs = y.multiply(y).mod(modulus);
BigInteger rhs = x.multiply(x).add(a).multiply(x).add(b).mod(modulus); BigInteger rhs = x.multiply(x).add(a).multiply(x).add(b).mod(modulus);
if(!lhs.equals(rhs)) throw new GeneralSecurityException(); if(!lhs.equals(rhs)) throw new GeneralSecurityException();
// Verify that the point (x, y) times n = the point at infinity // We know the point (x, y) is on the curve, so we can create the point
ECFieldElement elementX = new ECFieldElement.Fp(modulus, x); ECFieldElement elementX = new ECFieldElement.Fp(modulus, x);
ECFieldElement elementY = new ECFieldElement.Fp(modulus, y); ECFieldElement elementY = new ECFieldElement.Fp(modulus, y);
ECPoint pub = new ECPoint.Fp(params.getCurve(), elementX, elementY); ECPoint pub = new ECPoint.Fp(params.getCurve(), elementX, elementY);
// Verify that the point (x, y) is not the point at infinity
if(pub.isInfinity()) throw new GeneralSecurityException();
// Verify that the point (x, y) times n is the point at infinity
if(!pub.multiply(params.getN()).isInfinity()) if(!pub.multiply(params.getN()).isInfinity())
throw new GeneralSecurityException(); throw new GeneralSecurityException();
// Construct a public key from the point (x, y) and the params // Construct a public key from the point (x, y) and the params