Validate the decrypted IV before creating a reader/writer.

2026-02-21 07:09:56 +01:00 · 2011-10-18 15:58:10 +01:00
parent 2f457162a5
commit d7a417f36d
18 changed files with 121 additions and 80 deletions
--- a/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
@@ -84,8 +84,9 @@ public class ConnectionDecrypterImplTest extends TestCase {
 		out.write(ciphertextMac);
 		ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray());
 		// Use a ConnectionDecrypter to decrypt the ciphertext
-		ConnectionDecrypter d = new ConnectionDecrypterImpl(in, encryptedIv,
-				ivCipher, frameCipher, ivKey, frameKey);
+		ConnectionDecrypter d = new ConnectionDecrypterImpl(in, 
+				IvEncoder.encodeIv(initiator, transportId, connection),
+				frameCipher, frameKey);
 		// First frame
 		byte[] decrypted = new byte[ciphertext.length];
 		TestUtils.readFully(d.getInputStream(), decrypted);
--- a/test/net/sf/briar/transport/ConnectionWriterTest.java
+++ b/test/net/sf/briar/transport/ConnectionWriterTest.java
@@ -40,7 +40,7 @@ public class ConnectionWriterTest extends TestCase {
 		ByteArrayOutputStream out =
 			new ByteArrayOutputStream(MIN_CONNECTION_LENGTH);
 		ConnectionWriter w = connectionWriterFactory.createConnectionWriter(out,
-				MIN_CONNECTION_LENGTH, true, transportId, connection, secret);
+				MIN_CONNECTION_LENGTH, transportId, connection, secret);
 		// Check that the connection writer thinks there's room for a packet
 		long capacity = w.getRemainingCapacity();
 		assertTrue(capacity >= MAX_PACKET_LENGTH);
--- a/test/net/sf/briar/transport/FrameReadWriteTest.java
+++ b/test/net/sf/briar/transport/FrameReadWriteTest.java
@@ -84,12 +84,17 @@ public class FrameReadWriteTest extends TestCase {
 		out1.flush();
 		// Read the IV back
 		ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray());
-		byte[] recoveredIv = new byte[IV_LENGTH];
-		assertEquals(IV_LENGTH, in.read(recoveredIv));
-		assertArrayEquals(encryptedIv, recoveredIv);
+		byte[] recoveredEncryptedIv = new byte[IV_LENGTH];
+		assertEquals(IV_LENGTH, in.read(recoveredEncryptedIv));
+		assertArrayEquals(encryptedIv, recoveredEncryptedIv);
+		// Decrypt the IV
+		ivCipher.init(Cipher.DECRYPT_MODE, ivKey);
+		byte[] recoveredIv = ivCipher.doFinal(recoveredEncryptedIv);
+		iv = IvEncoder.encodeIv(initiator, transportId, connection);
+		assertArrayEquals(iv, recoveredIv);
 		// Read the frames back
-		ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in,
-				recoveredIv, ivCipher, frameCipher, ivKey, frameKey);
+		ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in, iv,
+				frameCipher, frameKey);
 		ConnectionReader reader = new ConnectionReaderImpl(decrypter, mac,
 				macKey);
 		InputStream in1 = reader.getInputStream();
--- a/test/net/sf/briar/transport/batch/BatchConnectionReadWriteTest.java
+++ b/test/net/sf/briar/transport/batch/BatchConnectionReadWriteTest.java
@@ -145,7 +145,8 @@ public class BatchConnectionReadWriteTest extends TestCase {
 			bob.getInstance(ProtocolReaderFactory.class);
 		BatchTransportReader reader = new TestBatchTransportReader(in);
 		IncomingBatchConnection batchIn = new IncomingBatchConnection(
-				connFactory, db, protoFactory, contactId, reader, encryptedIv);
+				connFactory, db, protoFactory, transportId, contactId, reader,
+				encryptedIv);
 		// No messages should have been added yet
 		assertFalse(listener.messagesAdded);
 		// Read whatever needs to be read