Skip to content

Commit

Permalink
Fix #663: Enforce check for temporary keys in protocol version 3.3 (#664
Browse files Browse the repository at this point in the history
)
  • Loading branch information
romanstrobl authored Oct 15, 2024
1 parent cfc0690 commit a3476de
Showing 1 changed file with 8 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ public class EciesRequestResponseValidator implements RequestResponseValidator {
*/
private final static Set<String> supportedVersions = Set.of("3.3", "3.2", "3.1", "3.0");

/**
* Indicate that request must contain temporaryKeyId. This is valid for protocol V3.3+.
*/
private final boolean useTemporaryKeys;
/**
* Indicate that request and response must contain timestamp and nonce. This is valid for protocol V3.2+.
*/
Expand All @@ -53,6 +57,7 @@ public EciesRequestResponseValidator(String protocolVersion) throws EncryptorExc
if (!supportedVersions.contains(protocolVersion)) {
throw new EncryptorException("Unsupported protocol version " + protocolVersion);
}
this.useTemporaryKeys = "3.3".equals(protocolVersion);
this.useTimestamp = "3.3".equals(protocolVersion) || "3.2".equals(protocolVersion);
this.useNonceForRequest = "3.3".equals(protocolVersion) || "3.2".equals(protocolVersion) || "3.1".equals(protocolVersion);
}
Expand All @@ -65,6 +70,9 @@ public boolean validateEncryptedRequest(EncryptedRequest request) {
if (request.getEphemeralPublicKey() == null || request.getEncryptedData() == null || request.getMac() == null) {
return false;
}
if (useTemporaryKeys == (request.getTemporaryKeyId() == null)) {
return false;
}
if (useNonceForRequest == (request.getNonce() == null)) {
// Fails when nonce is missing in 3.1+
// Fails when nonce is present in 3.0
Expand Down

0 comments on commit a3476de

Please sign in to comment.