Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-11 18:29:05 +01:00
Code Issues Projects Releases Wiki Activity

Explicitly check length of proof of ownership.

Browse Source
This commit is contained in:
akwizgran
2019-06-04 12:17:10 +01:00
parent d3c7ecdef4
commit d939fe80bd
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bramble-core/src/main/java/org/briarproject/bramble/contact/HandshakeConstants.java
View File

@@ -22,4 +22,8 @@ interface HandshakeConstants {
*/
String BOB_PROOF_LABEL = "org.briarproject.bramble.handshake/BOB_PROOF";
/**
* The length of the proof of ownership in bytes.
*/
int PROOF_BYTES = 32;
}

14
bramble-core/src/main/java/org/briarproject/bramble/contact/HandshakeManagerImpl.java
View File

@@ -32,9 +32,11 @@ import javax.annotation.concurrent.Immutable;
import javax.inject.Inject;
import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
import static org.briarproject.bramble.contact.HandshakeConstants.PROOF_BYTES;
import static org.briarproject.bramble.contact.HandshakeConstants.PROTOCOL_VERSION;
import static org.briarproject.bramble.contact.HandshakeRecordTypes.EPHEMERAL_PUBLIC_KEY;
import static org.briarproject.bramble.contact.HandshakeRecordTypes.PROOF_OF_OWNERSHIP;
import static org.briarproject.bramble.util.ValidationUtils.checkLength;
@Immutable
@NotNullByDefault
@@ -128,11 +130,9 @@ class HandshakeManagerImpl implements HandshakeManager {
}
private PublicKey receivePublicKey(RecordReader r) throws IOException {
Record rec = readRecord(r, EPHEMERAL_PUBLIC_KEY);
int length = rec.getPayload().length;
if (length == 0 || length > MAX_AGREEMENT_PUBLIC_KEY_BYTES)
throw new FormatException();
return new AgreementPublicKey(rec.getPayload());
byte[] key = readRecord(r, EPHEMERAL_PUBLIC_KEY).getPayload();
checkLength(key, 1, MAX_AGREEMENT_PUBLIC_KEY_BYTES);
return new AgreementPublicKey(key);
}
private void sendProof(RecordWriter w, byte[] proof) throws IOException {
@@ -141,7 +141,9 @@ class HandshakeManagerImpl implements HandshakeManager {
}
private byte[] receiveProof(RecordReader r) throws IOException {
return readRecord(r, PROOF_OF_OWNERSHIP).getPayload();
byte[] proof = readRecord(r, PROOF_OF_OWNERSHIP).getPayload();
checkLength(proof, PROOF_BYTES, PROOF_BYTES);
return proof;
}
private Record readRecord(RecordReader r, byte expectedType)