mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-21 23:29:52 +01:00
Require a label for signing
This adds a sign() and a verify() method to the CryptoComponent that take a mandatory label argument to ensure that signatures can't be repurposed.
This commit is contained in:
@@ -51,8 +51,8 @@ class GroupMessageFactoryImpl implements GroupMessageFactory {
|
||||
int type = JOIN.getInt();
|
||||
BdfList toSign = BdfList.of(groupId, timestamp, type,
|
||||
member.getName(), member.getPublicKey(), invite);
|
||||
byte[] memberSignature =
|
||||
clientHelper.sign(toSign, member.getPrivateKey());
|
||||
byte[] memberSignature = clientHelper
|
||||
.sign(SIGNING_LABEL_JOIN, toSign, member.getPrivateKey());
|
||||
|
||||
// Compose the message
|
||||
BdfList body =
|
||||
@@ -78,8 +78,8 @@ class GroupMessageFactoryImpl implements GroupMessageFactory {
|
||||
BdfList toSign = BdfList.of(groupId, timestamp, type,
|
||||
author.getName(), author.getPublicKey(), parentId,
|
||||
previousMsgId, content);
|
||||
byte[] signature =
|
||||
clientHelper.sign(toSign, author.getPrivateKey());
|
||||
byte[] signature = clientHelper
|
||||
.sign(SIGNING_LABEL_POST, toSign, author.getPrivateKey());
|
||||
|
||||
// Compose the message
|
||||
BdfList body =
|
||||
|
||||
@@ -27,9 +27,12 @@ import java.util.Collection;
|
||||
import static org.briarproject.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
|
||||
import static org.briarproject.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
|
||||
import static org.briarproject.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
|
||||
import static org.briarproject.api.privategroup.GroupMessageFactory.SIGNING_LABEL_JOIN;
|
||||
import static org.briarproject.api.privategroup.GroupMessageFactory.SIGNING_LABEL_POST;
|
||||
import static org.briarproject.api.privategroup.MessageType.JOIN;
|
||||
import static org.briarproject.api.privategroup.MessageType.POST;
|
||||
import static org.briarproject.api.privategroup.PrivateGroupConstants.MAX_GROUP_POST_BODY_LENGTH;
|
||||
import static org.briarproject.api.privategroup.invitation.GroupInvitationFactory.SIGNING_LABEL_INVITE;
|
||||
import static org.briarproject.privategroup.GroupConstants.KEY_INITIAL_JOIN_MSG;
|
||||
import static org.briarproject.privategroup.GroupConstants.KEY_MEMBER_ID;
|
||||
import static org.briarproject.privategroup.GroupConstants.KEY_MEMBER_NAME;
|
||||
@@ -130,7 +133,7 @@ class GroupMessageValidator extends BdfMessageValidator {
|
||||
.createInviteToken(creator.getId(), member.getId(),
|
||||
pg.getId(), inviteTimestamp);
|
||||
try {
|
||||
clientHelper.verifySignature(creatorSignature,
|
||||
clientHelper.verifySignature(SIGNING_LABEL_INVITE, creatorSignature,
|
||||
creator.getPublicKey(), token);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new InvalidMessageException(e);
|
||||
@@ -146,8 +149,8 @@ class GroupMessageValidator extends BdfMessageValidator {
|
||||
BdfList signed = BdfList.of(g.getId(), m.getTimestamp(), JOIN.getInt(),
|
||||
member.getName(), member.getPublicKey(), invite);
|
||||
try {
|
||||
clientHelper.verifySignature(memberSignature, member.getPublicKey(),
|
||||
signed);
|
||||
clientHelper.verifySignature(SIGNING_LABEL_JOIN, memberSignature,
|
||||
member.getPublicKey(), signed);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new InvalidMessageException(e);
|
||||
}
|
||||
@@ -189,8 +192,8 @@ class GroupMessageValidator extends BdfMessageValidator {
|
||||
member.getName(), member.getPublicKey(), parentId,
|
||||
previousMessageId, content);
|
||||
try {
|
||||
clientHelper
|
||||
.verifySignature(signature, member.getPublicKey(), signed);
|
||||
clientHelper.verifySignature(SIGNING_LABEL_POST, signature,
|
||||
member.getPublicKey(), signed);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new InvalidMessageException(e);
|
||||
}
|
||||
|
||||
@@ -36,7 +36,7 @@ class GroupInvitationFactoryImpl implements GroupInvitationFactory {
|
||||
BdfList token = createInviteToken(creatorId, memberId, privateGroupId,
|
||||
timestamp);
|
||||
try {
|
||||
return clientHelper.sign(token, privateKey);
|
||||
return clientHelper.sign(SIGNING_LABEL_INVITE, token, privateKey);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new IllegalArgumentException(e);
|
||||
} catch (FormatException e) {
|
||||
@@ -50,7 +50,6 @@ class GroupInvitationFactoryImpl implements GroupInvitationFactory {
|
||||
Group contactGroup = contactGroupFactory.createContactGroup(CLIENT_ID,
|
||||
creatorId, memberId);
|
||||
return BdfList.of(
|
||||
0, // TODO: Replace with a namespaced string
|
||||
timestamp,
|
||||
contactGroup.getId(),
|
||||
privateGroupId
|
||||
|
||||
@@ -31,6 +31,7 @@ import static org.briarproject.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH
|
||||
import static org.briarproject.api.privategroup.PrivateGroupConstants.GROUP_SALT_LENGTH;
|
||||
import static org.briarproject.api.privategroup.PrivateGroupConstants.MAX_GROUP_INVITATION_MSG_LENGTH;
|
||||
import static org.briarproject.api.privategroup.PrivateGroupConstants.MAX_GROUP_NAME_LENGTH;
|
||||
import static org.briarproject.api.privategroup.invitation.GroupInvitationFactory.SIGNING_LABEL_INVITE;
|
||||
import static org.briarproject.privategroup.invitation.MessageType.ABORT;
|
||||
import static org.briarproject.privategroup.invitation.MessageType.INVITE;
|
||||
import static org.briarproject.privategroup.invitation.MessageType.JOIN;
|
||||
@@ -96,13 +97,13 @@ class GroupInvitationValidator extends BdfMessageValidator {
|
||||
groupName, creator, salt);
|
||||
// Verify the signature
|
||||
BdfList signed = BdfList.of(
|
||||
INVITE.getValue(),
|
||||
m.getTimestamp(),
|
||||
m.getGroupId(),
|
||||
privateGroup.getId()
|
||||
);
|
||||
try {
|
||||
clientHelper.verifySignature(signature, creatorPublicKey, signed);
|
||||
clientHelper.verifySignature(SIGNING_LABEL_INVITE, signature,
|
||||
creatorPublicKey, signed);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new FormatException();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user