#3751: Fix potential overriding of cipher by other libraries

This commit is contained in:
Valentine 2024-09-29 12:44:15 +03:00 committed by GitHub
parent f0a30c43cd
commit 01a5f36012
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -11,12 +11,12 @@ import java.security.Key;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.KeyPairGenerator; import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.Signature; import java.security.Signature;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec; import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64; import java.util.Base64;
import java.util.Random; import java.util.Random;
import java.util.UUID; import java.util.UUID;
@ -108,17 +108,17 @@ public class EncryptionUtil
return signature.verify( resp.getEncryptionData().getSignature() ); return signature.verify( resp.getEncryptionData().getSignature() );
} else } else
{ {
Cipher cipher = Cipher.getInstance( "RSA" ); Cipher cipher = Cipher.getInstance( "RSA/ECB/PKCS1Padding" );
cipher.init( Cipher.DECRYPT_MODE, keys.getPrivate() ); cipher.init( Cipher.DECRYPT_MODE, keys.getPrivate() );
byte[] decrypted = cipher.doFinal( resp.getVerifyToken() ); byte[] decrypted = cipher.doFinal( resp.getVerifyToken() );
return Arrays.equals( request.getVerifyToken(), decrypted ); return MessageDigest.isEqual( request.getVerifyToken(), decrypted );
} }
} }
public static SecretKey getSecret(EncryptionResponse resp, EncryptionRequest request) throws GeneralSecurityException public static SecretKey getSecret(EncryptionResponse resp, EncryptionRequest request) throws GeneralSecurityException
{ {
Cipher cipher = Cipher.getInstance( "RSA" ); Cipher cipher = Cipher.getInstance( "RSA/ECB/PKCS1Padding" );
cipher.init( Cipher.DECRYPT_MODE, keys.getPrivate() ); cipher.init( Cipher.DECRYPT_MODE, keys.getPrivate() );
return new SecretKeySpec( cipher.doFinal( resp.getSharedSecret() ), "AES" ); return new SecretKeySpec( cipher.doFinal( resp.getSharedSecret() ), "AES" );
} }
@ -143,7 +143,7 @@ public class EncryptionUtil
public static byte[] encrypt(Key key, byte[] b) throws GeneralSecurityException public static byte[] encrypt(Key key, byte[] b) throws GeneralSecurityException
{ {
Cipher hasher = Cipher.getInstance( "RSA" ); Cipher hasher = Cipher.getInstance( "RSA/ECB/PKCS1Padding" );
hasher.init( Cipher.ENCRYPT_MODE, key ); hasher.init( Cipher.ENCRYPT_MODE, key );
return hasher.doFinal( b ); return hasher.doFinal( b );
} }