Author: nextgens
Date: 2007-10-24 09:26:37 +0000 (Wed, 24 Oct 2007)
New Revision: 15519
Modified:
trunk/freenet/src/freenet/node/FNPPacketMangler.java
Log:
Untested patch adding the DH-validity test to StS
Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java
===================================================================
--- trunk/freenet/src/freenet/node/FNPPacketMangler.java 2007-10-24
09:19:44 UTC (rev 15518)
+++ trunk/freenet/src/freenet/node/FNPPacketMangler.java 2007-10-24
09:26:37 UTC (rev 15519)
@@ -495,7 +495,7 @@
if(DiffieHellman.checkDHExponentialValidity(this.getClass(),
_hisExponential)) {
sendJFKMessage2(nonceInitiator, hisExponential, pn,
replyTo);
}else
- Logger.error(this, "We can't accept the exponential
"+pn+" sent us!!");
+ Logger.error(this, "We can't accept the exponential
"+pn+" sent us!! REDFLAG: IT CAN'T HAPPEN UNLESS AGAINST AN ACTIVE ATTACKER!!");
long t2=System.currentTimeMillis();
if((t2-t1)>500)
@@ -672,7 +672,7 @@
}
if(!DiffieHellman.checkDHExponentialValidity(this.getClass(),
_hisExponential)) {
- Logger.error(this, "We can't accept the exponential
"+pn+" sent us!!");
+ Logger.error(this, "We can't accept the exponential
"+pn+" sent us!! REDFLAG: IT CAN'T HAPPEN UNLESS AGAINST AN ACTIVE ATTACKER!!");
return;
}
@@ -1486,6 +1486,10 @@
byte[] aAsBytes = new byte[length];
System.arraycopy(payload, 3, aAsBytes, 0, length);
NativeBigInteger a = new NativeBigInteger(1, aAsBytes);
+ if(!DiffieHellman.checkDHExponentialValidity(this.getClass(),
a)) {
+ Logger.error(this, "We can't accept the exponential the
other end sent us!!");
+ return null;
+ }
DiffieHellmanContext ctx;
if(phase == 1) {
ctx = (DiffieHellmanContext)
pn.getKeyAgreementSchemeContext();
