Enforce correct seed and hash lengths in EdDSAPrivateKeySpec

str4d · str4d · commit 486ac81ca68f · 2017-04-01T16:24:34.000+13:00
diff --git a/src/net/i2p/crypto/eddsa/spec/EdDSAPrivateKeySpec.java b/src/net/i2p/crypto/eddsa/spec/EdDSAPrivateKeySpec.java
@@ -30,9 +30,12 @@ public class EdDSAPrivateKeySpec implements KeySpec {
     private final EdDSAParameterSpec spec;
 
     /**
-     *  @throws IllegalArgumentException if hash algorithm is unsupported
+     *  @throws IllegalArgumentException if seed length is wrong or hash algorithm is unsupported
      */
     public EdDSAPrivateKeySpec(byte[] seed, EdDSAParameterSpec spec) {
+        if (seed.length != spec.getCurve().getField().getb()/8)
+            throw new IllegalArgumentException("seed length is wrong");
+
         this.spec = spec;
         this.seed = seed;
 
@@ -65,9 +68,13 @@ public EdDSAPrivateKeySpec(byte[] seed, EdDSAParameterSpec spec) {
      *  getSeed() will return null if this constructor is used.
      *
      *  @param h the private key
+     *  @throws IllegalArgumentException if hash length is wrong
      *  @since 0.1.1
      */
     public EdDSAPrivateKeySpec(EdDSAParameterSpec spec, byte[] h) {
+        if (h.length != spec.getCurve().getField().getb()/4)
+            throw new IllegalArgumentException("hash length is wrong");
+
 	this.seed = null;
 	this.h = h;
 	this.spec = spec;
diff --git a/test/net/i2p/crypto/eddsa/spec/EdDSAPrivateKeySpecTest.java b/test/net/i2p/crypto/eddsa/spec/EdDSAPrivateKeySpecTest.java
@@ -15,7 +15,9 @@
 import static org.junit.Assert.*;
 import net.i2p.crypto.eddsa.Utils;
 
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 
 /**
  * @author str4d
@@ -28,6 +30,9 @@ public class EdDSAPrivateKeySpecTest {
 
     static final EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.CURVE_ED25519_SHA512);
 
+    @Rule
+    public ExpectedException exception = ExpectedException.none();
+
     /**
      * Test method for {@link net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec#EdDSAPrivateKeySpec(byte[], net.i2p.crypto.eddsa.spec.EdDSAParameterSpec)}.
      */
@@ -39,6 +44,13 @@ public void testEdDSAPrivateKeySpecFromSeed() {
         assertThat(key.getA().toByteArray(), is(equalTo(ZERO_PK)));
     }
 
+    @Test
+    public void incorrectSeedLengthThrows() {
+        exception.expect(IllegalArgumentException.class);
+        exception.expectMessage("seed length is wrong");
+        EdDSAPrivateKeySpec key = new EdDSAPrivateKeySpec(new byte[2], ed25519);
+    }
+
     /**
      * Test method for {@link net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec#EdDSAPrivateKeySpec(net.i2p.crypto.eddsa.spec.EdDSAParameterSpec, byte[])}.
      */
@@ -50,4 +62,10 @@ public void testEdDSAPrivateKeySpecFromH() {
         assertThat(key.getA().toByteArray(), is(equalTo(ZERO_PK)));
     }
 
+    @Test
+    public void incorrectHashLengthThrows() {
+        exception.expect(IllegalArgumentException.class);
+        exception.expectMessage("hash length is wrong");
+        EdDSAPrivateKeySpec key = new EdDSAPrivateKeySpec(ed25519, new byte[2]);
+    }
 }
