echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Data: Prohibit excess key data in certs (ticket #2035)

Browse Source
This commit is contained in:
zzz
2017-09-02 12:21:55 +00:00
parent 94738c1396
commit 2cd9b34427
3 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
core/java/src/net/i2p/data/SigningPublicKey.java
View File

@ -132,10 +132,20 @@ public class SigningPublicKey extends SimpleDataStructure {
if (newType == null) if (newType == null)
return new SigningPublicKey(null, _data); return new SigningPublicKey(null, _data);
int newLen = newType.getPubkeyLen(); int newLen = newType.getPubkeyLen();
if (newLen == SigType.DSA_SHA1.getPubkeyLen()) int ctype = kcert.getCryptoTypeCode();
if (ctype == 0) {
// prohibit excess key data
// TODO non-zero crypto type if added
int sz = 7;
if (newLen > KEYSIZE_BYTES)
sz += newLen - KEYSIZE_BYTES;
if (kcert.size() != sz)
throw new IllegalArgumentException("Excess data in key certificate");
}
if (newLen == KEYSIZE_BYTES)
return new SigningPublicKey(newType, _data); return new SigningPublicKey(newType, _data);
byte[] newData = new byte[newLen]; byte[] newData = new byte[newLen];
if (newLen < SigType.DSA_SHA1.getPubkeyLen()) { if (newLen < KEYSIZE_BYTES) {
// right-justified // right-justified
System.arraycopy(_data, _data.length - newLen, newData, 0, newLen); System.arraycopy(_data, _data.length - newLen, newData, 0, newLen);
} else { } else {
@ -163,9 +173,9 @@ public class SigningPublicKey extends SimpleDataStructure {
if (_type != SigType.DSA_SHA1) if (_type != SigType.DSA_SHA1)
throw new IllegalStateException("Cannot convert " + _type + " to " + newType); throw new IllegalStateException("Cannot convert " + _type + " to " + newType);
int newLen = newType.getPubkeyLen(); int newLen = newType.getPubkeyLen();
if (newLen >= SigType.DSA_SHA1.getPubkeyLen()) if (newLen >= KEYSIZE_BYTES)
return null; return null;
int padLen = SigType.DSA_SHA1.getPubkeyLen() - newLen; int padLen = KEYSIZE_BYTES - newLen;
byte[] pad = new byte[padLen]; byte[] pad = new byte[padLen];
System.arraycopy(_data, 0, pad, 0, padLen); System.arraycopy(_data, 0, pad, 0, padLen);
return pad; return pad;

5
history.txt
View File

@ -1,3 +1,8 @@
2017-09-02 zzz
* Data: Prohibit excess key data in certs (ticket #2035)
* i2psnark: New open trackers
* Startup: Add property to disable output redirect (ticket #2037)
2017-08-26 str4d 2017-08-26 str4d
* Console (light): * Console (light):
- Sidebar Restart/Shutdown buttons: - Sidebar Restart/Shutdown buttons:

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */ /** deprecated */
public final static String ID = "Monotone"; public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION; public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 1; public final static long BUILD = 2;
/** for example "-test" */ /** for example "-test" */
public final static String EXTRA = ""; public final static String EXTRA = "";