diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-22 09:38:37 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-22 09:38:37 +0400 |
commit | 57c97c2341af7f73da4ab59c76d4c4a928fa338a (patch) | |
tree | b232c74ac682e30697cae995d128d586272ce689 /core/src/main/java/org/bouncycastle/crypto/tls | |
parent | 74fd01fac84fc22d4d1786cc6448fc1e79f12552 (diff) |
Add strict checking for EC point formats
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java | 48 |
1 files changed, 42 insertions, 6 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java index 47129ef0..a045fdbb 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java @@ -377,12 +377,48 @@ public class TlsECCUtils public static ECPoint deserializeECPoint(short[] ecPointFormats, ECCurve curve, byte[] encoding) throws IOException { - /* - * NOTE: Here we implicitly decode compressed or uncompressed encodings. DefaultTlsClient by - * default is set up to advertise that we can parse any encoding so this works fine, but - * extra checks might be needed here if that were changed. - */ - // TODO Review handling of infinity and hybrid encodings + if (encoding == null || encoding.length < 1) + { + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + + short actualFormat; + switch (encoding[0]) + { + case 0x02: // compressed + case 0x03: // compressed + { + if (ECAlgorithms.isF2mCurve(curve)) + { + actualFormat = ECPointFormat.ansiX962_compressed_char2; + } + else if (ECAlgorithms.isFpCurve(curve)) + { + actualFormat = ECPointFormat.ansiX962_compressed_prime; + } + else + { + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + break; + } + case 0x04: // uncompressed + { + actualFormat = ECPointFormat.uncompressed; + break; + } + case 0x00: // infinity + case 0x06: // hybrid + case 0x07: // hybrid + default: + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + + if (!Arrays.contains(ecPointFormats, actualFormat)) + { + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + return curve.decodePoint(encoding); } |