Changeset 2cd9b34 for core


Ignore:
Timestamp:
Sep 2, 2017 12:21:55 PM (3 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
8f4f7b7b
Parents:
94738c1
Message:

Data: Prohibit excess key data in certs (ticket #2035)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/data/SigningPublicKey.java

    r94738c1 r2cd9b34  
    133133            return new SigningPublicKey(null, _data);
    134134        int newLen = newType.getPubkeyLen();
    135         if (newLen == SigType.DSA_SHA1.getPubkeyLen())
     135        int ctype = kcert.getCryptoTypeCode();
     136        if (ctype == 0) {
     137            // prohibit excess key data
     138            // TODO non-zero crypto type if added
     139            int sz = 7;
     140            if (newLen > KEYSIZE_BYTES)
     141                sz += newLen - KEYSIZE_BYTES;
     142            if (kcert.size() != sz)
     143                throw new IllegalArgumentException("Excess data in key certificate");
     144        }
     145        if (newLen == KEYSIZE_BYTES)
    136146            return new SigningPublicKey(newType, _data);
    137147        byte[] newData = new byte[newLen];
    138         if (newLen < SigType.DSA_SHA1.getPubkeyLen()) {
     148        if (newLen < KEYSIZE_BYTES) {
    139149            // right-justified
    140150            System.arraycopy(_data, _data.length - newLen, newData, 0, newLen);
     
    164174            throw new IllegalStateException("Cannot convert " + _type + " to " + newType);
    165175        int newLen = newType.getPubkeyLen();
    166         if (newLen >= SigType.DSA_SHA1.getPubkeyLen())
     176        if (newLen >= KEYSIZE_BYTES)
    167177            return null;
    168         int padLen = SigType.DSA_SHA1.getPubkeyLen() - newLen;
     178        int padLen = KEYSIZE_BYTES - newLen;
    169179        byte[] pad = new byte[padLen];
    170180        System.arraycopy(_data, 0, pad, 0, padLen);
Note: See TracChangeset for help on using the changeset viewer.