mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-14 11:49:04 +01:00
Replaced encrypted IVs with pseudo-random tags.
This commit is contained in:
akwizgran
@@ -1,18 +1,16 @@
|
||||
package net.sf.briar.transport;
|
||||
|
||||
import static net.sf.briar.api.transport.TransportConstants.TAG_LENGTH;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import net.sf.briar.api.crypto.ErasableKey;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import net.sf.briar.TestUtils;
|
||||
import net.sf.briar.api.crypto.CryptoComponent;
|
||||
import net.sf.briar.api.protocol.TransportIndex;
|
||||
import net.sf.briar.api.crypto.ErasableKey;
|
||||
import net.sf.briar.crypto.CryptoModule;
|
||||
|
||||
import org.apache.commons.io.output.ByteArrayOutputStream;
|
||||
@@ -25,18 +23,14 @@ public class ConnectionDecrypterImplTest extends TestCase {
|
||||
|
||||
private static final int MAC_LENGTH = 32;
|
||||
|
||||
private final Cipher tagCipher, frameCipher;
|
||||
private final ErasableKey tagKey, frameKey;
|
||||
private final TransportIndex transportIndex = new TransportIndex(13);
|
||||
private final long connection = 12345L;
|
||||
private final Cipher frameCipher;
|
||||
private final ErasableKey frameKey;
|
||||
|
||||
public ConnectionDecrypterImplTest() {
|
||||
super();
|
||||
Injector i = Guice.createInjector(new CryptoModule());
|
||||
CryptoComponent crypto = i.getInstance(CryptoComponent.class);
|
||||
tagCipher = crypto.getTagCipher();
|
||||
frameCipher = crypto.getFrameCipher();
|
||||
tagKey = crypto.generateTestKey();
|
||||
frameKey = crypto.generateTestKey();
|
||||
}
|
||||
|
||||
@@ -51,12 +45,8 @@ public class ConnectionDecrypterImplTest extends TestCase {
|
||||
}
|
||||
|
||||
private void testDecryption(boolean initiator) throws Exception {
|
||||
// Calculate the plaintext and ciphertext for the IV
|
||||
byte[] iv = IvEncoder.encodeIv(transportIndex.getInt(), connection);
|
||||
tagCipher.init(Cipher.ENCRYPT_MODE, tagKey);
|
||||
byte[] tag = tagCipher.doFinal(iv);
|
||||
assertEquals(TAG_LENGTH, tag.length);
|
||||
// Calculate the expected plaintext for the first frame
|
||||
byte[] iv = new byte[frameCipher.getBlockSize()];
|
||||
byte[] ciphertext = new byte[123];
|
||||
byte[] ciphertextMac = new byte[MAC_LENGTH];
|
||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||
@@ -84,9 +74,8 @@ public class ConnectionDecrypterImplTest extends TestCase {
|
||||
out.write(ciphertextMac);
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray());
|
||||
// Use a ConnectionDecrypter to decrypt the ciphertext
|
||||
ConnectionDecrypter d = new ConnectionDecrypterImpl(in,
|
||||
IvEncoder.encodeIv(transportIndex.getInt(), connection),
|
||||
frameCipher, frameKey);
|
||||
ConnectionDecrypter d = new ConnectionDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
// First frame
|
||||
byte[] decrypted = new byte[ciphertext.length];
|
||||
TestUtils.readFully(d.getInputStream(), decrypted);
|
||||
|
||||
@@ -1,17 +1,15 @@
|
||||
package net.sf.briar.transport;
|
||||
|
||||
import static net.sf.briar.api.transport.TransportConstants.TAG_LENGTH;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import net.sf.briar.api.crypto.ErasableKey;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import net.sf.briar.api.crypto.CryptoComponent;
|
||||
import net.sf.briar.api.protocol.TransportIndex;
|
||||
import net.sf.briar.api.crypto.ErasableKey;
|
||||
import net.sf.briar.crypto.CryptoModule;
|
||||
|
||||
import org.junit.Test;
|
||||
@@ -25,8 +23,6 @@ public class ConnectionEncrypterImplTest extends TestCase {
|
||||
|
||||
private final Cipher tagCipher, frameCipher;
|
||||
private final ErasableKey tagKey, frameKey;
|
||||
private final TransportIndex transportIndex = new TransportIndex(13);
|
||||
private final long connection = 12345L;
|
||||
|
||||
public ConnectionEncrypterImplTest() {
|
||||
super();
|
||||
@@ -49,12 +45,10 @@ public class ConnectionEncrypterImplTest extends TestCase {
|
||||
}
|
||||
|
||||
private void testEncryption(boolean initiator) throws Exception {
|
||||
// Calculate the expected ciphertext for the IV
|
||||
byte[] iv = IvEncoder.encodeIv(transportIndex.getInt(), connection);
|
||||
tagCipher.init(Cipher.ENCRYPT_MODE, tagKey);
|
||||
byte[] tag = tagCipher.doFinal(iv);
|
||||
assertEquals(TAG_LENGTH, tag.length);
|
||||
// Calculate the expected tag
|
||||
byte[] tag = TagEncoder.encodeTag(0, tagCipher, tagKey);
|
||||
// Calculate the expected ciphertext for the first frame
|
||||
byte[] iv = new byte[frameCipher.getBlockSize()];
|
||||
byte[] plaintext = new byte[123];
|
||||
byte[] plaintextMac = new byte[MAC_LENGTH];
|
||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||
@@ -82,9 +76,8 @@ public class ConnectionEncrypterImplTest extends TestCase {
|
||||
byte[] expected = out.toByteArray();
|
||||
// Use a ConnectionEncrypter to encrypt the plaintext
|
||||
out.reset();
|
||||
iv = IvEncoder.encodeIv(transportIndex.getInt(), connection);
|
||||
ConnectionEncrypter e = new ConnectionEncrypterImpl(out, Long.MAX_VALUE,
|
||||
iv, tagCipher, frameCipher, tagKey, frameKey);
|
||||
tagCipher, frameCipher, tagKey, frameKey);
|
||||
e.getOutputStream().write(plaintext);
|
||||
e.writeMac(plaintextMac);
|
||||
e.getOutputStream().write(plaintext1);
|
||||
|
||||
@@ -617,8 +617,6 @@ public class ConnectionRecogniserImplTest extends TestCase {
|
||||
// Calculate the expected tag for connection number 3
|
||||
ErasableKey tagKey = crypto.deriveTagKey(secret, true);
|
||||
Cipher tagCipher = crypto.getTagCipher();
|
||||
tagCipher.init(Cipher.ENCRYPT_MODE, tagKey);
|
||||
byte[] iv = IvEncoder.encodeIv(remoteIndex.getInt(), 3);
|
||||
return tagCipher.doFinal(iv);
|
||||
return TagEncoder.encodeTag(0, tagCipher, tagKey);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,11 +11,10 @@ import java.util.Random;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.Mac;
|
||||
import net.sf.briar.api.crypto.ErasableKey;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import net.sf.briar.api.crypto.CryptoComponent;
|
||||
import net.sf.briar.api.protocol.TransportIndex;
|
||||
import net.sf.briar.api.crypto.ErasableKey;
|
||||
import net.sf.briar.api.transport.ConnectionReader;
|
||||
import net.sf.briar.api.transport.ConnectionWriter;
|
||||
import net.sf.briar.crypto.CryptoModule;
|
||||
@@ -33,8 +32,6 @@ public class FrameReadWriteTest extends TestCase {
|
||||
private final byte[] outSecret;
|
||||
private final ErasableKey tagKey, frameKey, macKey;
|
||||
private final Mac mac;
|
||||
private final TransportIndex transportIndex = new TransportIndex(13);
|
||||
private final long connection = 12345L;
|
||||
|
||||
public FrameReadWriteTest() {
|
||||
super();
|
||||
@@ -63,11 +60,8 @@ public class FrameReadWriteTest extends TestCase {
|
||||
}
|
||||
|
||||
private void testWriteAndRead(boolean initiator) throws Exception {
|
||||
// Create and encrypt the IV
|
||||
byte[] iv = IvEncoder.encodeIv(transportIndex.getInt(), connection);
|
||||
tagCipher.init(Cipher.ENCRYPT_MODE, tagKey);
|
||||
byte[] tag = tagCipher.doFinal(iv);
|
||||
assertEquals(TAG_LENGTH, tag.length);
|
||||
// Encode the tag
|
||||
byte[] tag = TagEncoder.encodeTag(0, tagCipher, tagKey);
|
||||
// Generate two random frames
|
||||
byte[] frame = new byte[12345];
|
||||
random.nextBytes(frame);
|
||||
@@ -80,7 +74,7 @@ public class FrameReadWriteTest extends TestCase {
|
||||
// Write the frames
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
ConnectionEncrypter encrypter = new ConnectionEncrypterImpl(out,
|
||||
Long.MAX_VALUE, iv, tagCipher, frameCipher, tagCopy, frameCopy);
|
||||
Long.MAX_VALUE, tagCipher, frameCipher, tagCopy, frameCopy);
|
||||
ConnectionWriter writer = new ConnectionWriterImpl(encrypter, mac,
|
||||
macCopy);
|
||||
OutputStream out1 = writer.getOutputStream();
|
||||
@@ -88,18 +82,14 @@ public class FrameReadWriteTest extends TestCase {
|
||||
out1.flush();
|
||||
out1.write(frame1);
|
||||
out1.flush();
|
||||
// Read the IV back
|
||||
// Read the tag back
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray());
|
||||
byte[] recoveredTag = new byte[TAG_LENGTH];
|
||||
assertEquals(TAG_LENGTH, in.read(recoveredTag));
|
||||
assertArrayEquals(tag, recoveredTag);
|
||||
// Decrypt the IV
|
||||
tagCipher.init(Cipher.DECRYPT_MODE, tagKey);
|
||||
byte[] recoveredIv = tagCipher.doFinal(recoveredTag);
|
||||
iv = IvEncoder.encodeIv(transportIndex.getInt(), connection);
|
||||
assertArrayEquals(iv, recoveredIv);
|
||||
assertTrue(TagEncoder.validateTag(tag, 0, tagCipher, tagKey));
|
||||
// Read the frames back
|
||||
ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in, iv,
|
||||
ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in,
|
||||
frameCipher, frameKey);
|
||||
ConnectionReader reader = new ConnectionReaderImpl(decrypter, mac,
|
||||
macKey);
|
||||
|
||||
Reference in New Issue
Block a user