Validate the decrypted IV before creating a reader/writer.

2026-02-13 11:19:04 +01:00 · 2011-10-18 15:58:10 +01:00
parent 2f457162a5
commit d7a417f36d
18 changed files with 121 additions and 80 deletions
--- a/test/net/sf/briar/ProtocolIntegrationTest.java
+++ b/test/net/sf/briar/ProtocolIntegrationTest.java
@@ -131,7 +131,7 @@ public class ProtocolIntegrationTest extends TestCase {
 		ByteArrayOutputStream out = new ByteArrayOutputStream();
 		// Use Alice's secret for writing
 		ConnectionWriter w = connectionWriterFactory.createConnectionWriter(out,
-				Long.MAX_VALUE, true, transportId, connection, aliceSecret);
+				Long.MAX_VALUE, transportId, connection, aliceSecret);
 		OutputStream out1 = w.getOutputStream();

 		AckWriter a = protocolWriterFactory.createAckWriter(out1);
@@ -175,17 +175,17 @@ public class ProtocolIntegrationTest extends TestCase {

 	private void read(byte[] connection) throws Exception {
 		InputStream in = new ByteArrayInputStream(connection);
-		byte[] iv = new byte[16];
+		byte[] encryptedIv = new byte[16];
 		int offset = 0;
 		while(offset < 16) {
-			int read = in.read(iv, offset, iv.length - offset);
+			int read = in.read(encryptedIv, offset, 16 - offset);
 			if(read == -1) break;
 			offset += read;
 		}
 		assertEquals(16, offset);
 		// Use Bob's secret for reading
 		ConnectionReader r = connectionReaderFactory.createConnectionReader(in,
-				iv, bobSecret);
+				transportId, encryptedIv, bobSecret);
 		in = r.getInputStream();
 		ProtocolReader protocolReader =
 			protocolReaderFactory.createProtocolReader(in);
--- a/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
@@ -84,8 +84,9 @@ public class ConnectionDecrypterImplTest extends TestCase {
 		out.write(ciphertextMac);
 		ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray());
 		// Use a ConnectionDecrypter to decrypt the ciphertext
-		ConnectionDecrypter d = new ConnectionDecrypterImpl(in, encryptedIv,
-				ivCipher, frameCipher, ivKey, frameKey);
+		ConnectionDecrypter d = new ConnectionDecrypterImpl(in, 
+				IvEncoder.encodeIv(initiator, transportId, connection),
+				frameCipher, frameKey);
 		// First frame
 		byte[] decrypted = new byte[ciphertext.length];
 		TestUtils.readFully(d.getInputStream(), decrypted);
--- a/test/net/sf/briar/transport/ConnectionWriterTest.java
+++ b/test/net/sf/briar/transport/ConnectionWriterTest.java
@@ -40,7 +40,7 @@ public class ConnectionWriterTest extends TestCase {
 		ByteArrayOutputStream out =
 			new ByteArrayOutputStream(MIN_CONNECTION_LENGTH);
 		ConnectionWriter w = connectionWriterFactory.createConnectionWriter(out,
-				MIN_CONNECTION_LENGTH, true, transportId, connection, secret);
+				MIN_CONNECTION_LENGTH, transportId, connection, secret);
 		// Check that the connection writer thinks there's room for a packet
 		long capacity = w.getRemainingCapacity();
 		assertTrue(capacity >= MAX_PACKET_LENGTH);
--- a/test/net/sf/briar/transport/FrameReadWriteTest.java
+++ b/test/net/sf/briar/transport/FrameReadWriteTest.java
@@ -84,12 +84,17 @@ public class FrameReadWriteTest extends TestCase {
 		out1.flush();
 		// Read the IV back
 		ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray());
-		byte[] recoveredIv = new byte[IV_LENGTH];
-		assertEquals(IV_LENGTH, in.read(recoveredIv));
-		assertArrayEquals(encryptedIv, recoveredIv);
+		byte[] recoveredEncryptedIv = new byte[IV_LENGTH];
+		assertEquals(IV_LENGTH, in.read(recoveredEncryptedIv));
+		assertArrayEquals(encryptedIv, recoveredEncryptedIv);
+		// Decrypt the IV
+		ivCipher.init(Cipher.DECRYPT_MODE, ivKey);
+		byte[] recoveredIv = ivCipher.doFinal(recoveredEncryptedIv);
+		iv = IvEncoder.encodeIv(initiator, transportId, connection);
+		assertArrayEquals(iv, recoveredIv);
 		// Read the frames back
-		ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in,
-				recoveredIv, ivCipher, frameCipher, ivKey, frameKey);
+		ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in, iv,
+				frameCipher, frameKey);
 		ConnectionReader reader = new ConnectionReaderImpl(decrypter, mac,
 				macKey);
 		InputStream in1 = reader.getInputStream();
--- a/test/net/sf/briar/transport/batch/BatchConnectionReadWriteTest.java
+++ b/test/net/sf/briar/transport/batch/BatchConnectionReadWriteTest.java
@@ -145,7 +145,8 @@ public class BatchConnectionReadWriteTest extends TestCase {
 			bob.getInstance(ProtocolReaderFactory.class);
 		BatchTransportReader reader = new TestBatchTransportReader(in);
 		IncomingBatchConnection batchIn = new IncomingBatchConnection(
-				connFactory, db, protoFactory, contactId, reader, encryptedIv);
+				connFactory, db, protoFactory, transportId, contactId, reader,
+				encryptedIv);
 		// No messages should have been added yet
 		assertFalse(listener.messagesAdded);
 		// Read whatever needs to be read