Add strict checking for EC point formats

author: Peter Dettman <peter.dettman@bouncycastle.org> 2014-07-22 09:38:37 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2014-07-22 09:38:37 +0400
commit: 57c97c2341af7f73da4ab59c76d4c4a928fa338a (patch)
tree: b232c74ac682e30697cae995d128d586272ce689 /core
parent: 74fd01fac84fc22d4d1786cc6448fc1e79f12552 (diff)
1 files changed, 42 insertions, 6 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java
index 47129ef0..a045fdbb 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java
@@ -377,12 +377,48 @@ public class TlsECCUtils
 
     public static ECPoint deserializeECPoint(short[] ecPointFormats, ECCurve curve, byte[] encoding) throws IOException
     {
-        /*
-         * NOTE: Here we implicitly decode compressed or uncompressed encodings. DefaultTlsClient by
-         * default is set up to advertise that we can parse any encoding so this works fine, but
-         * extra checks might be needed here if that were changed.
-         */
-        // TODO Review handling of infinity and hybrid encodings
+        if (encoding == null || encoding.length < 1)
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
+        short actualFormat;
+        switch (encoding[0])
+        {
+        case 0x02: // compressed
+        case 0x03: // compressed
+        {
+            if (ECAlgorithms.isF2mCurve(curve))
+            {
+                actualFormat = ECPointFormat.ansiX962_compressed_char2;
+            }
+            else if (ECAlgorithms.isFpCurve(curve))
+            {
+                actualFormat = ECPointFormat.ansiX962_compressed_prime;
+            }
+            else
+            {
+                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            }
+            break;
+        }
+        case 0x04: // uncompressed
+        {
+            actualFormat = ECPointFormat.uncompressed;
+            break;
+        }
+        case 0x00: // infinity
+        case 0x06: // hybrid
+        case 0x07: // hybrid
+        default:
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
+        if (!Arrays.contains(ecPointFormats, actualFormat))
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
         return curve.decodePoint(encoding);
     }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2014-07-22 09:38:37 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2014-07-22 09:38:37 +0400
commit	57c97c2341af7f73da4ab59c76d4c4a928fa338a (patch)
tree	b232c74ac682e30697cae995d128d586272ce689 /core
parent	74fd01fac84fc22d4d1786cc6448fc1e79f12552 (diff)