Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-21 07:09:56 +01:00
Code Issues Projects Releases Wiki Activity

Check the return value from Signature.verify(). *cough*

Browse Source
This commit is contained in:
akwizgran
2011-07-12 17:08:31 +01:00
parent 3d549ea6ac
commit 2af6f19476
7 changed files with 65 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/net/sf/briar/api/protocol/BatchBuilder.java
View File

@@ -1,8 +1,7 @@
package net.sf.briar.api.protocol; package net.sf.briar.api.protocol;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidKeyException; import java.security.GeneralSecurityException;
import java.security.SignatureException;
public interface BatchBuilder { public interface BatchBuilder {
@@ -13,5 +12,5 @@ public interface BatchBuilder {
void setSignature(byte[] sig); void setSignature(byte[] sig);
/** Builds and returns the batch. */ /** Builds and returns the batch. */
Batch build() throws IOException, SignatureException, InvalidKeyException; Batch build() throws IOException, GeneralSecurityException;
} }

5
api/net/sf/briar/api/protocol/HeaderBuilder.java
View File

@@ -1,8 +1,7 @@
package net.sf.briar.api.protocol; package net.sf.briar.api.protocol;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidKeyException; import java.security.GeneralSecurityException;
import java.security.SignatureException;
import java.util.Map; import java.util.Map;
public interface HeaderBuilder { public interface HeaderBuilder {
@@ -20,5 +19,5 @@ public interface HeaderBuilder {
void setSignature(byte[] sig); void setSignature(byte[] sig);
/** Builds and returns the header. */ /** Builds and returns the header. */
Header build() throws IOException, SignatureException, InvalidKeyException; Header build() throws IOException, GeneralSecurityException;
} }

7
components/net/sf/briar/protocol/IncomingBatchBuilder.java
View File

@@ -1,7 +1,7 @@
package net.sf.briar.protocol; package net.sf.briar.protocol;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidKeyException; import java.security.GeneralSecurityException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.Signature; import java.security.Signature;
@@ -24,13 +24,12 @@ public class IncomingBatchBuilder extends BatchBuilderImpl {
this.sig = sig; this.sig = sig;
} }
public Batch build() throws IOException, SignatureException, public Batch build() throws IOException, GeneralSecurityException {
InvalidKeyException {
if(sig == null) throw new IllegalStateException(); if(sig == null) throw new IllegalStateException();
byte[] raw = getSignableRepresentation(); byte[] raw = getSignableRepresentation();
signature.initVerify(keyPair.getPublic()); signature.initVerify(keyPair.getPublic());
signature.update(raw); signature.update(raw);
signature.verify(sig); if(!signature.verify(sig)) throw new SignatureException();
messageDigest.reset(); messageDigest.reset();
messageDigest.update(raw); messageDigest.update(raw);
messageDigest.update(sig); messageDigest.update(sig);

7
components/net/sf/briar/protocol/IncomingHeaderBuilder.java
View File

@@ -1,7 +1,7 @@
package net.sf.briar.protocol; package net.sf.briar.protocol;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidKeyException; import java.security.GeneralSecurityException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.Signature; import java.security.Signature;
@@ -28,13 +28,12 @@ class IncomingHeaderBuilder extends HeaderBuilderImpl {
this.sig = sig; this.sig = sig;
} }
public Header build() throws IOException, SignatureException, public Header build() throws IOException, GeneralSecurityException {
InvalidKeyException {
if(sig == null) throw new IllegalStateException(); if(sig == null) throw new IllegalStateException();
byte[] raw = getSignableRepresentation(); byte[] raw = getSignableRepresentation();
signature.initVerify(keyPair.getPublic()); signature.initVerify(keyPair.getPublic());
signature.update(raw); signature.update(raw);
signature.verify(sig); if(!signature.verify(sig)) throw new SignatureException();
messageDigest.reset(); messageDigest.reset();
messageDigest.update(raw); messageDigest.update(raw);
messageDigest.update(sig); messageDigest.update(sig);

6
components/net/sf/briar/protocol/OutgoingBatchBuilder.java
View File

@@ -1,11 +1,10 @@
package net.sf.briar.protocol; package net.sf.briar.protocol;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidKeyException; import java.security.GeneralSecurityException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.Signature; import java.security.Signature;
import java.security.SignatureException;
import net.sf.briar.api.protocol.Batch; import net.sf.briar.api.protocol.Batch;
import net.sf.briar.api.protocol.BatchId; import net.sf.briar.api.protocol.BatchId;
@@ -22,8 +21,7 @@ public class OutgoingBatchBuilder extends BatchBuilderImpl {
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
} }
public Batch build() throws IOException, SignatureException, public Batch build() throws IOException, GeneralSecurityException {
InvalidKeyException {
byte[] raw = getSignableRepresentation(); byte[] raw = getSignableRepresentation();
signature.initSign(keyPair.getPrivate()); signature.initSign(keyPair.getPrivate());
signature.update(raw); signature.update(raw);

6
components/net/sf/briar/protocol/OutgoingHeaderBuilder.java
View File

@@ -1,11 +1,10 @@
package net.sf.briar.protocol; package net.sf.briar.protocol;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidKeyException; import java.security.GeneralSecurityException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.Signature; import java.security.Signature;
import java.security.SignatureException;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
@@ -26,8 +25,7 @@ public class OutgoingHeaderBuilder extends HeaderBuilderImpl {
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
} }
public Header build() throws IOException, SignatureException, public Header build() throws IOException, GeneralSecurityException {
InvalidKeyException {
byte[] raw = getSignableRepresentation(); byte[] raw = getSignableRepresentation();
signature.initSign(keyPair.getPrivate()); signature.initSign(keyPair.getPrivate());
signature.update(raw); signature.update(raw);

51
test/net/sf/briar/protocol/BundleReadWriteTest.java
View File

@@ -3,6 +3,8 @@ package net.sf.briar.protocol;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.RandomAccessFile;
import java.security.GeneralSecurityException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.KeyPairGenerator; import java.security.KeyPairGenerator;
import java.security.MessageDigest; import java.security.MessageDigest;
@@ -149,6 +151,55 @@ public class BundleReadWriteTest extends TestCase {
r.close(); r.close();
} }
@Test
public void testModifyingBundleBreaksSignature() throws Exception {
testWriteBundle();
RandomAccessFile f = new RandomAccessFile(bundle, "rw");
f.seek(bundle.length() - 50);
byte b = f.readByte();
f.seek(bundle.length() - 50);
f.writeByte(b + 1);
f.close();
MessageParser messageParser = new MessageParser() {
public Message parseMessage(byte[] body) throws FormatException,
SignatureException {
// FIXME: Really parse the message
return message;
}
};
Provider<HeaderBuilder> headerBuilderProvider =
new Provider<HeaderBuilder>() {
public HeaderBuilder get() {
return new IncomingHeaderBuilder(keyPair, sig, digest, wf);
}
};
Provider<BatchBuilder> batchBuilderProvider =
new Provider<BatchBuilder>() {
public BatchBuilder get() {
return new IncomingBatchBuilder(keyPair, sig, digest, wf);
}
};
FileInputStream in = new FileInputStream(bundle);
Reader reader = new ReaderFactoryImpl().createReader(in);
BundleReader r = new BundleReaderImpl(reader, bundle.length(),
messageParser, headerBuilderProvider, batchBuilderProvider);
Header h = r.getHeader();
assertEquals(acks, h.getAcks());
assertEquals(subs, h.getSubscriptions());
assertEquals(transports, h.getTransports());
try {
r.getNextBatch();
assertTrue(false);
} catch(GeneralSecurityException expected) {}
r.close();
}
@After @After
public void tearDown() { public void tearDown() {
TestUtils.deleteTestDirectory(testDir); TestUtils.deleteTestDirectory(testDir);