Initial support for tagging every segment (untested).

components/net/sf/briar/transport/ConnectionEncrypter.java

@@ -2,7 +2,6 @@ package net.sf.briar.transport;
 
 import java.io.IOException;
 
-
 /** Encrypts authenticated data to be sent over a connection. */
 interface ConnectionEncrypter extends FrameSink {
 

components/net/sf/briar/transport/ConnectionEncrypterImpl.java

@@ -1,5 +1,6 @@
 package net.sf.briar.transport;
 
+import static net.sf.briar.api.transport.TransportConstants.TAG_LENGTH;
 import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
 
 import java.io.IOException;
@@ -14,54 +15,52 @@ import net.sf.briar.api.crypto.ErasableKey;
 class ConnectionEncrypterImpl implements ConnectionEncrypter {
 
 	private final OutputStream out;
-	private final Cipher frameCipher;
-	private final ErasableKey frameKey;
+	private final Cipher tagCipher, frameCipher;
+	private final ErasableKey tagKey, frameKey;
+	private final boolean tagEverySegment;
 	private final byte[] iv, tag;
 
-	private long capacity, frame = 0L;
-	private boolean tagWritten = false;
+	private long capacity, frame = 0;
 
 	ConnectionEncrypterImpl(OutputStream out, long capacity, Cipher tagCipher,
-			Cipher frameCipher, ErasableKey tagKey, ErasableKey frameKey) {
+			Cipher frameCipher, ErasableKey tagKey, ErasableKey frameKey,
+			boolean tagEverySegment) {
 		this.out = out;
 		this.capacity = capacity;
+		this.tagCipher = tagCipher;
 		this.frameCipher = frameCipher;
+		this.tagKey = tagKey;
 		this.frameKey = frameKey;
+		this.tagEverySegment = tagEverySegment;
 		iv = IvEncoder.encodeIv(0, frameCipher.getBlockSize());
-		// Encrypt the tag
-		tag = TagEncoder.encodeTag(0, tagCipher, tagKey);
-		tagKey.erase();
+		tag = new byte[TAG_LENGTH];
 	}
 
 	public void writeFrame(byte[] b, int len) throws IOException {
 		if(frame > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
-		if(!tagWritten) {
-			try {
+		try {
+			if(tagEverySegment || frame == 0) {
+				TagEncoder.encodeTag(tag, frame, tagCipher, tagKey);
 				out.write(tag);
-			} catch(IOException e) {
-				frameKey.erase();
-				throw e;
+				capacity -= tag.length;
+			}
+			IvEncoder.updateIv(iv, frame);
+			IvParameterSpec ivSpec = new IvParameterSpec(iv);
+			try {
+				frameCipher.init(Cipher.ENCRYPT_MODE, frameKey, ivSpec);
+				int encrypted = frameCipher.doFinal(b, 0, len, b);
+				if(encrypted != len) throw new RuntimeException();
+			} catch(GeneralSecurityException badCipher) {
+				throw new RuntimeException(badCipher);
 			}
-			capacity -= tag.length;
-			tagWritten = true;
-		}
-		IvEncoder.updateIv(iv, frame);
-		IvParameterSpec ivSpec = new IvParameterSpec(iv);
-		try {
-			frameCipher.init(Cipher.ENCRYPT_MODE, frameKey, ivSpec);
-			int encrypted = frameCipher.doFinal(b, 0, len, b);
-			if(encrypted != len) throw new RuntimeException();
-		} catch(GeneralSecurityException badCipher) {
-			throw new RuntimeException(badCipher);
-		}
-		try {
 			out.write(b, 0, len);
+			capacity -= len;
+			frame++;
 		} catch(IOException e) {
 			frameKey.erase();
+			tagKey.erase();
 			throw e;
 		}
-		capacity -= len;
-		frame++;
 	}
 
 	public void flush() throws IOException {

components/net/sf/briar/transport/ConnectionRecogniserImpl.java

@@ -33,8 +33,8 @@ import net.sf.briar.api.protocol.TransportId;
 import net.sf.briar.api.protocol.TransportIndex;
 import net.sf.briar.api.transport.ConnectionContext;
 import net.sf.briar.api.transport.ConnectionRecogniser;
-import net.sf.briar.api.transport.IncomingConnectionExecutor;
 import net.sf.briar.api.transport.ConnectionWindow;
+import net.sf.briar.api.transport.IncomingConnectionExecutor;
 import net.sf.briar.util.ByteUtils;
 
 import com.google.inject.Inject;
@@ -102,7 +102,8 @@ DatabaseListener {
 	// Locking: this
 	private Bytes calculateTag(Context ctx, byte[] secret) {
 		ErasableKey tagKey = crypto.deriveTagKey(secret, true);
-		byte[] tag = TagEncoder.encodeTag(0, tagCipher, tagKey);
+		byte[] tag = new byte[TAG_LENGTH];
+		TagEncoder.encodeTag(tag, 0, tagCipher, tagKey);
 		tagKey.erase();
 		return new Bytes(tag);
 	}

components/net/sf/briar/transport/ConnectionWriterFactoryImpl.java

@@ -49,7 +49,7 @@ class ConnectionWriterFactoryImpl implements ConnectionWriterFactory {
 		Cipher tagCipher = crypto.getTagCipher();
 		Cipher frameCipher = crypto.getFrameCipher();
 		ConnectionEncrypter encrypter = new ConnectionEncrypterImpl(out,
-				capacity, tagCipher, frameCipher, tagKey, frameKey);
+				capacity, tagCipher, frameCipher, tagKey, frameKey, false);
 		// Create the writer
 		Mac mac = crypto.getMac();
 		return new ConnectionWriterImpl(encrypter, mac, macKey);

components/net/sf/briar/transport/SegmentedConnectionEncrypter.java

@@ -1,7 +1,8 @@
 package net.sf.briar.transport;
 
-import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
 import static net.sf.briar.api.transport.TransportConstants.MAX_FRAME_LENGTH;
+import static net.sf.briar.api.transport.TransportConstants.TAG_LENGTH;
+import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -16,38 +17,37 @@ import net.sf.briar.api.plugins.SegmentSink;
 class SegmentedConnectionEncrypter implements ConnectionEncrypter {
 
 	private final SegmentSink out;
-	private final Cipher frameCipher;
-	private final ErasableKey frameKey;
-	private final byte[] iv, tag;
+	private final Cipher tagCipher, frameCipher;
+	private final ErasableKey tagKey, frameKey;
+	private final boolean tagEverySegment;
+	private final byte[] iv;
 	private final Segment segment;
 
-	private long capacity, frame = 0L;
-	private boolean tagWritten = false;
+	private long capacity, frame = 0;
 
 	SegmentedConnectionEncrypter(SegmentSink out, long capacity,
 			Cipher tagCipher, Cipher frameCipher, ErasableKey tagKey,
-			ErasableKey frameKey) {
+			ErasableKey frameKey, boolean tagEverySegment) {
 		this.out = out;
 		this.capacity = capacity;
+		this.tagCipher = tagCipher;
 		this.frameCipher = frameCipher;
+		this.tagKey = tagKey;
 		this.frameKey = frameKey;
+		this.tagEverySegment = tagEverySegment;
 		iv = IvEncoder.encodeIv(0, frameCipher.getBlockSize());
-		// Encrypt the tag
-		tag = TagEncoder.encodeTag(0, tagCipher, tagKey);
-		tagKey.erase();
 		segment = new SegmentImpl();
 	}
 
 	public void writeFrame(byte[] b, int len) throws IOException {
 		if(frame > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
 		int offset = 0;
-		if(!tagWritten) {
-			if(tag.length + len > MAX_FRAME_LENGTH)
+		if(tagEverySegment || frame == 0) {
+			if(len + TAG_LENGTH > MAX_FRAME_LENGTH)
 				throw new IllegalArgumentException();
-			System.arraycopy(tag, 0, segment.getBuffer(), 0, tag.length);
-			capacity -= tag.length;
-			tagWritten = true;
-			offset = tag.length;
+			TagEncoder.encodeTag(segment.getBuffer(), frame, tagCipher, tagKey);
+			offset = TAG_LENGTH;
+			capacity -= TAG_LENGTH;
 		}
 		IvEncoder.updateIv(iv, frame);
 		IvParameterSpec ivSpec = new IvParameterSpec(iv);
@@ -64,6 +64,7 @@ class SegmentedConnectionEncrypter implements ConnectionEncrypter {
 			out.writeSegment(segment);
 		} catch(IOException e) {
 			frameKey.erase();
+			tagKey.erase();
 			throw e;
 		}
 		capacity -= len;

components/net/sf/briar/transport/TagEncoder.java

@@ -1,29 +1,34 @@
 package net.sf.briar.transport;
 
+import static net.sf.briar.api.transport.TransportConstants.TAG_LENGTH;
+import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
+
 import java.security.GeneralSecurityException;
 
 import javax.crypto.Cipher;
 import javax.crypto.spec.IvParameterSpec;
 
 import net.sf.briar.api.crypto.ErasableKey;
-import net.sf.briar.api.transport.TransportConstants;
 import net.sf.briar.util.ByteUtils;
 
 class TagEncoder {
 
-	static byte[] encodeTag(long frame, Cipher tagCipher, ErasableKey tagKey) {
-		if(frame < 0 || frame > ByteUtils.MAX_32_BIT_UNSIGNED)
+	private static final byte[] BLANK = new byte[TAG_LENGTH];
+
+	static void encodeTag(byte[] tag, long frame, Cipher tagCipher,
+			ErasableKey tagKey) {
+		if(tag.length < TAG_LENGTH) throw new IllegalArgumentException();
+		if(frame < 0 || frame > MAX_32_BIT_UNSIGNED)
 			throw new IllegalArgumentException();
-		// The plaintext is blank
-		byte[] plaintext = new byte[TransportConstants.TAG_LENGTH];
 		// Encode the frame number as a uint32 at the end of the IV
 		byte[] iv = new byte[tagCipher.getBlockSize()];
-		if(iv.length != plaintext.length) throw new IllegalArgumentException();
+		if(iv.length != TAG_LENGTH) throw new IllegalArgumentException();
 		ByteUtils.writeUint32(frame, iv, iv.length - 4);
 		IvParameterSpec ivSpec = new IvParameterSpec(iv);
 		try {
 			tagCipher.init(Cipher.ENCRYPT_MODE, tagKey, ivSpec);
-			return tagCipher.doFinal(plaintext);
+			int encrypted = tagCipher.doFinal(BLANK, 0, TAG_LENGTH, tag);
+			if(encrypted != TAG_LENGTH) throw new IllegalArgumentException();
 		} catch(GeneralSecurityException e) {
 			// Unsuitable cipher or key
 			throw new IllegalArgumentException(e);
@@ -32,9 +37,9 @@ class TagEncoder {
 
 	static boolean validateTag(byte[] tag, long frame, Cipher tagCipher,
 			ErasableKey tagKey) {
-		if(frame < 0 || frame > ByteUtils.MAX_32_BIT_UNSIGNED)
+		if(frame < 0 || frame > MAX_32_BIT_UNSIGNED)
 			throw new IllegalArgumentException();
-		if(tag.length != TransportConstants.TAG_LENGTH) return false;
+		if(tag.length != TAG_LENGTH) return false;
 		// Encode the frame number as a uint32 at the end of the IV
 		byte[] iv = new byte[tagCipher.getBlockSize()];
 		if(iv.length != tag.length) throw new IllegalArgumentException();