From b01b17f2b1a3b8cff46be2d047bbc39c738e84d3 Mon Sep 17 00:00:00 2001 From: akwizgran <akwizgran@users.sourceforge.net> Date: Thu, 29 Mar 2012 20:11:11 +0100 Subject: [PATCH] Fixed some key derivation bugs and removed an unnecessary argument. CryptoComponentImpl needs some unit tests. --- .../sf/briar/api/crypto/CryptoComponent.java | 2 +- .../sf/briar/crypto/CryptoComponentImpl.java | 22 +++++++------------ .../briar/plugins/InvitationStarterImpl.java | 4 ++-- 3 files changed, 11 insertions(+), 17 deletions(-) diff --git a/api/net/sf/briar/api/crypto/CryptoComponent.java b/api/net/sf/briar/api/crypto/CryptoComponent.java index 1db1df9112..e01c1aea2f 100644 --- a/api/net/sf/briar/api/crypto/CryptoComponent.java +++ b/api/net/sf/briar/api/crypto/CryptoComponent.java @@ -19,7 +19,7 @@ public interface CryptoComponent { byte[][] deriveInitialSecrets(byte[] ourPublicKey, byte[] theirPublicKey, PrivateKey ourPrivateKey, int invitationCode, boolean initiator); - int deriveConfirmationCode(byte[] secret, boolean initiator); + int deriveConfirmationCode(byte[] secret); byte[] deriveNextSecret(byte[] secret, int index, long connection); diff --git a/components/net/sf/briar/crypto/CryptoComponentImpl.java b/components/net/sf/briar/crypto/CryptoComponentImpl.java index eb7cab4963..46056f137c 100644 --- a/components/net/sf/briar/crypto/CryptoComponentImpl.java +++ b/components/net/sf/briar/crypto/CryptoComponentImpl.java @@ -104,14 +104,14 @@ class CryptoComponentImpl implements CryptoComponent { if(secret.length != SECRET_KEY_BYTES) throw new IllegalArgumentException(); // The label and context must leave a byte free for the counter - if(label.length + context.length + 4 > KEY_DERIVATION_IV_BYTES) + if(label.length + context.length + 2 >= KEY_DERIVATION_IV_BYTES) throw new IllegalArgumentException(); // The IV contains the length-prefixed label and context byte[] ivBytes = new byte[KEY_DERIVATION_IV_BYTES]; ByteUtils.writeUint8(label.length, ivBytes, 0); - System.arraycopy(label, 0, ivBytes, 2, label.length); - ByteUtils.writeUint8(context.length, ivBytes, label.length + 2); - System.arraycopy(context, 0, ivBytes, label.length + 4, context.length); + System.arraycopy(label, 0, ivBytes, 1, label.length); + ByteUtils.writeUint8(context.length, ivBytes, label.length + 1); + System.arraycopy(context, 0, ivBytes, label.length + 2, context.length); // Use the secret and the IV to encrypt a blank plaintext IvParameterSpec iv = new IvParameterSpec(ivBytes); ErasableKey key = new ErasableKeyImpl(secret, SECRET_KEY_ALGO); @@ -178,7 +178,7 @@ class CryptoComponentImpl implements CryptoComponent { if(messageDigest.getDigestLength() < SECRET_KEY_BYTES) throw new RuntimeException(); // All fields are length-prefixed - byte[] length = new byte[4]; + byte[] length = new byte[1]; ByteUtils.writeUint8(rawSecret.length, length, 0); messageDigest.update(length); messageDigest.update(rawSecret); @@ -213,19 +213,13 @@ class CryptoComponentImpl implements CryptoComponent { return counterModeKdf(secret, NEXT, context); } - public int deriveConfirmationCode(byte[] secret, boolean initiator) { - byte[] context = initiator ? INITIATOR : RESPONDER; - byte[] output = counterModeKdf(secret, CODE, context); - int code = extractCode(output); + public int deriveConfirmationCode(byte[] secret) { + byte[] output = counterModeKdf(secret, CODE, CODE); + int code = ByteUtils.readUint(output, CODE_BITS); ByteUtils.erase(output); return code; } - private int extractCode(byte[] secret) { - // Convert the first CODE_BITS bits of the secret into an unsigned int - return ByteUtils.readUint(secret, CODE_BITS); - } - public KeyPair generateKeyPair() { return keyPairGenerator.generateKeyPair(); } diff --git a/components/net/sf/briar/plugins/InvitationStarterImpl.java b/components/net/sf/briar/plugins/InvitationStarterImpl.java index a60285bffe..29ddd721c8 100644 --- a/components/net/sf/briar/plugins/InvitationStarterImpl.java +++ b/components/net/sf/briar/plugins/InvitationStarterImpl.java @@ -158,8 +158,8 @@ class InvitationStarterImpl implements InvitationStarter { callback.showFailure(INVALID_KEY); return; } - int initCode = crypto.deriveConfirmationCode(secrets[0], true); - int respCode = crypto.deriveConfirmationCode(secrets[1], false); + int initCode = crypto.deriveConfirmationCode(secrets[0]); + int respCode = crypto.deriveConfirmationCode(secrets[1]); int ourCode = initiator ? initCode : respCode; int theirCode = initiator ? respCode : initCode; // Compare the confirmation codes -- GitLab