Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-14 11:49:04 +01:00
Code Issues Projects Releases Wiki Activity

Ignore expected IVs that arrive by the wrong transport.

Browse Source 
This prevents an attacker from replaying connections to test whether a
transport endpoint has the same owner as an endpoint on another
transport (eg probing a Bluetooth device to see whether it has the
same owner as a given internet host).
This commit is contained in:
akwizgran
2011-11-17 09:24:28 +00:00
parent 13ebd369e2
commit 66d973bcdd
5 changed files with 44 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
test/net/sf/briar/transport/ConnectionRecogniserImplTest.java
View File

@@ -74,7 +74,7 @@ public class ConnectionRecogniserImplTest extends TestCase {
}});
final ConnectionRecogniserImpl c =
new ConnectionRecogniserImpl(crypto, db);
assertNull(c.acceptConnection(new byte[IV_LENGTH]));
assertNull(c.acceptConnection(transportId, new byte[IV_LENGTH]));
context.assertIsSatisfied();
}
@@ -111,20 +111,22 @@ public class ConnectionRecogniserImplTest extends TestCase {
}});
final ConnectionRecogniserImpl c =
new ConnectionRecogniserImpl(crypto, db);
// First time - the IV should be expected
ConnectionContext ctx = c.acceptConnection(encryptedIv);
// The IV should not be expected by the wrong transport
TransportId wrong = new TransportId(TestUtils.getRandomId());
assertNull(c.acceptConnection(wrong, encryptedIv));
// The IV should be expected by the right transport
ConnectionContext ctx = c.acceptConnection(transportId, encryptedIv);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(remoteIndex, ctx.getTransportIndex());
assertEquals(3L, ctx.getConnectionNumber());
// Second time - the IV should no longer be expected
assertNull(c.acceptConnection(encryptedIv));
// The IV should no longer be expected
assertNull(c.acceptConnection(transportId, encryptedIv));
// The window should have advanced
Map<Long, byte[]> unseen = connectionWindow.getUnseen();
assertEquals(19, unseen.size());
for(int i = 0; i < 19; i++) {
if(i == 3) continue;
assertTrue(unseen.containsKey(Long.valueOf(i)));
assertEquals(i != 3, unseen.containsKey(Long.valueOf(i)));
}
context.assertIsSatisfied();
}

2
test/net/sf/briar/transport/batch/BatchConnectionReadWriteTest.java
View File

@@ -159,7 +159,7 @@ public class BatchConnectionReadWriteTest extends TestCase {
byte[] encryptedIv = new byte[IV_LENGTH];
int read = in.read(encryptedIv);
assertEquals(encryptedIv.length, read);
ConnectionContext ctx = rec.acceptConnection(encryptedIv);
ConnectionContext ctx = rec.acceptConnection(transportId, encryptedIv);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(transportIndex, ctx.getTransportIndex());