Replaced SHA-256 with SHAd-256 to prevent length extension attacks.

api/net/sf/briar/api/crypto/CryptoComponent.java

@@ -1,7 +1,6 @@
 package net.sf.briar.api.crypto;
 
 import java.security.KeyPair;
-import java.security.MessageDigest;
 import java.security.SecureRandom;
 import java.security.Signature;
 

api/net/sf/briar/api/crypto/MessageDigest.java

@@ -0,0 +1,29 @@
+package net.sf.briar.api.crypto;
+
+/** An interface that allows a java.security.MessageDigest to be wrapped. */
+public interface MessageDigest {
+
+    /** @see {@link java.security.MessageDigest#digest()} */
+	byte[] digest();
+
+	/** @see {@link java.security.MessageDigest#digest(byte[])} */
+	byte[] digest(byte[] input);
+
+	/** @see {@link java.security.MessageDigest#digest(byte[], int, int)} */
+	int digest(byte[] buf, int offset, int len);
+
+	/** @see {@link java.security.MessageDigest#getDigestLength()} */
+	int getDigestLength();
+
+	/** @see {@link java.security.MessageDigest#reset()} */
+	void reset();
+
+	/** @see {@link java.security.MessageDigest#update(byte)} */
+	void update(byte input);
+
+	/** @see {@link java.security.MessageDigest#update(byte[])} */
+	void update(byte[] input);
+
+	/** @see {@link java.security.MessageDigest#update(byte[], int, int)} */
+	void update(byte[] input, int offset, int len);
+}

api/net/sf/briar/api/serial/CopyingConsumer.java

@@ -0,0 +1,22 @@
+package net.sf.briar.api.serial;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+/** A consumer that makes a copy of the bytes consumed. */
+public class CopyingConsumer implements Consumer {
+
+	private final ByteArrayOutputStream out = new ByteArrayOutputStream();
+
+	public byte[] getCopy() {
+		return out.toByteArray();
+	}
+
+	public void write(byte b) throws IOException {
+		out.write(b);
+	}
+
+	public void write(byte[] b, int off, int len) throws IOException {
+		out.write(b, off, len);
+	}
+}

api/net/sf/briar/api/serial/CountingConsumer.java

@@ -0,0 +1,33 @@
+package net.sf.briar.api.serial;
+
+import java.io.IOException;
+
+import net.sf.briar.api.FormatException;
+
+/**
+ * A consumer that counts the number of bytes consumed and throws a
+ * FormatException if the count exceeds a given limit.
+ */
+public class CountingConsumer implements Consumer {
+
+	private final long limit;
+	private long count = 0L;
+
+	public CountingConsumer(long limit) {
+		this.limit = limit;
+	}
+
+	public long getCount() {
+		return count;
+	}
+
+	public void write(byte b) throws IOException {
+		count++;
+		if(count > limit) throw new FormatException();
+	}
+
+	public void write(byte[] b, int off, int len) throws IOException {
+		count += len;
+		if(count > limit) throw new FormatException();
+	}
+}

api/net/sf/briar/api/serial/DigestingConsumer.java

@@ -0,0 +1,21 @@
+package net.sf.briar.api.serial;
+
+import net.sf.briar.api.crypto.MessageDigest;
+
+/** A consumer that passes its input through a message digest. */
+public class DigestingConsumer implements Consumer {
+
+	private final MessageDigest messageDigest;
+
+	public DigestingConsumer(MessageDigest messageDigest) {
+		this.messageDigest = messageDigest;
+	}
+
+	public void write(byte b) {
+		messageDigest.update(b);
+	}
+
+	public void write(byte[] b, int off, int len) {
+		messageDigest.update(b, off, len);
+	}
+}

api/net/sf/briar/api/serial/SigningConsumer.java

@@ -0,0 +1,31 @@
+package net.sf.briar.api.serial;
+
+import java.io.IOException;
+import java.security.Signature;
+import java.security.SignatureException;
+
+/** A consumer that passes its input through a signature. */
+public class SigningConsumer implements Consumer {
+
+	private final Signature signature;
+
+	public SigningConsumer(Signature signature) {
+		this.signature = signature;
+	}
+
+	public void write(byte b) throws IOException {
+		try {
+			signature.update(b);
+		} catch(SignatureException e) {
+			throw new IOException(e.getMessage());
+		}
+	}
+
+	public void write(byte[] b, int off, int len) throws IOException {
+		try {
+			signature.update(b, off, len);
+		} catch(SignatureException e) {
+			throw new IOException(e.getMessage());
+		}
+	}
+}