Replaced SHA-256 with SHAd-256 to prevent length extension attacks.

components/net/sf/briar/crypto/DoubleDigest.java

@@ -0,0 +1,59 @@
+package net.sf.briar.crypto;
+
+import net.sf.briar.api.crypto.MessageDigest;
+
+/**
+ * A message digest that prevents length extension attacks - see Ferguson and
+ * Schneier, <i>Practical Cryptography</i>, chapter 6.
+ * <p>
+ * "Let h be an interative hash function. The hash function h<sub>d</sub> is
+ * defined by h<sub>d</sub> := h(h(m)), and has a claimed security level of
+ * min(k, n/2) where k is the security level of h and n is the size of the hash
+ * result."
+ */
+class DoubleDigest implements MessageDigest {
+
+	private final java.security.MessageDigest delegate;
+
+	DoubleDigest(java.security.MessageDigest delegate) {
+		this.delegate = delegate;
+	}
+
+	public byte[] digest() {
+		byte[] digest = delegate.digest(); // h(m)
+		delegate.update(digest);
+		return delegate.digest(); // h(h(m))
+	}
+
+	public byte[] digest(byte[] input) {
+		delegate.update(input);
+		return digest();
+	}
+
+	public int digest(byte[] buf, int offset, int len) {
+		byte[] digest = digest();
+		len = Math.min(len, digest.length);
+		System.arraycopy(digest, 0, buf, offset, len);
+		return len;
+	}
+
+	public int getDigestLength() {
+		return delegate.getDigestLength();
+	}
+
+	public void reset() {
+		delegate.reset();
+	}
+
+	public void update(byte input) {
+		delegate.update(input);
+	}
+
+	public void update(byte[] input) {
+		delegate.update(input);
+	}
+
+	public void update(byte[] input, int offset, int len) {
+		delegate.update(input, offset, len);
+	}
+}