Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-21 23:29:52 +01:00
Code Issues Projects Releases Wiki Activity

Use a provider to instantiate AuthenticatedCipher.

Browse Source
This commit is contained in:
akwizgran
2015-01-14 19:59:38 +00:00
parent 6ff8f5ce69
commit 1c7432cac4
4 changed files with 30 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
briar-core/src/org/briarproject/crypto/CryptoComponentImpl.java
View File

@@ -336,7 +336,7 @@ class CryptoComponentImpl implements CryptoComponent {
int macBytes = cipher.getMacBytes(); int macBytes = cipher.getMacBytes();
// The input contains the salt, iterations, IV, ciphertext and MAC // The input contains the salt, iterations, IV, ciphertext and MAC
if(input.length < PBKDF_SALT_BYTES + 4 + STORAGE_IV_BYTES + macBytes) if(input.length < PBKDF_SALT_BYTES + 4 + STORAGE_IV_BYTES + macBytes)
return null; // Invalid return null; // Invalid input
byte[] salt = new byte[PBKDF_SALT_BYTES]; byte[] salt = new byte[PBKDF_SALT_BYTES];
System.arraycopy(input, 0, salt, 0, salt.length); System.arraycopy(input, 0, salt, 0, salt.length);
long iterations = ByteUtils.readUint32(input, salt.length); long iterations = ByteUtils.readUint32(input, salt.length);
@@ -366,28 +366,21 @@ class CryptoComponentImpl implements CryptoComponent {
// Key derivation function based on a hash function - see NIST SP 800-56A, // Key derivation function based on a hash function - see NIST SP 800-56A,
// section 5.8 // section 5.8
private byte[] concatenationKdf(byte[] rawSecret, byte[] label, private byte[] concatenationKdf(byte[]... args) {
byte[] initiatorInfo, byte[] responderInfo) {
// The output of the hash function must be long enough to use as a key // The output of the hash function must be long enough to use as a key
MessageDigest messageDigest = getMessageDigest(); MessageDigest messageDigest = getMessageDigest();
if(messageDigest.getDigestLength() < CIPHER_KEY_BYTES) if(messageDigest.getDigestLength() < CIPHER_KEY_BYTES)
throw new RuntimeException(); throw new RuntimeException();
// The length of every field must fit in an unsigned 8-bit integer // Each argument is length-prefixed - the length must fit in an
if(rawSecret.length > 255) throw new IllegalArgumentException(); // unsigned 8-bit integer
if(label.length > 255) throw new IllegalArgumentException(); for(byte[] arg : args) {
if(initiatorInfo.length > 255) throw new IllegalArgumentException(); if(arg.length > 255) throw new IllegalArgumentException();
if(responderInfo.length > 255) throw new IllegalArgumentException(); messageDigest.update((byte) arg.length);
// All fields are length-prefixed messageDigest.update(arg);
messageDigest.update((byte) rawSecret.length); }
messageDigest.update(rawSecret);
messageDigest.update((byte) label.length);
messageDigest.update(label);
messageDigest.update((byte) initiatorInfo.length);
messageDigest.update(initiatorInfo);
messageDigest.update((byte) responderInfo.length);
messageDigest.update(responderInfo);
byte[] hash = messageDigest.digest(); byte[] hash = messageDigest.digest();
// The secret is the first CIPHER_KEY_BYTES bytes of the hash // The output is the first CIPHER_KEY_BYTES bytes of the hash
if(hash.length == CIPHER_KEY_BYTES) return hash;
byte[] output = new byte[CIPHER_KEY_BYTES]; byte[] output = new byte[CIPHER_KEY_BYTES];
System.arraycopy(hash, 0, output, 0, output.length); System.arraycopy(hash, 0, output, 0, output.length);
return output; return output;
@@ -410,7 +403,7 @@ class CryptoComponentImpl implements CryptoComponent {
int macLength = prf.getMacSize(); int macLength = prf.getMacSize();
// The output of the PRF must be long enough to use as a key // The output of the PRF must be long enough to use as a key
if(macLength < CIPHER_KEY_BYTES) throw new RuntimeException(); if(macLength < CIPHER_KEY_BYTES) throw new RuntimeException();
byte[] mac = new byte[macLength], output = new byte[CIPHER_KEY_BYTES]; byte[] mac = new byte[macLength];
prf.update((byte) 0); // Counter prf.update((byte) 0); // Counter
prf.update(label, 0, label.length); // Null-terminated prf.update(label, 0, label.length); // Null-terminated
byte[] contextBytes = new byte[4]; byte[] contextBytes = new byte[4];
@@ -418,6 +411,9 @@ class CryptoComponentImpl implements CryptoComponent {
prf.update(contextBytes, 0, contextBytes.length); prf.update(contextBytes, 0, contextBytes.length);
prf.update((byte) CIPHER_KEY_BYTES); // Output length prf.update((byte) CIPHER_KEY_BYTES); // Output length
prf.doFinal(mac, 0); prf.doFinal(mac, 0);
// The output is the first CIPHER_KEY_BYTES bytes of the MAC
if(mac.length == CIPHER_KEY_BYTES) return mac;
byte[] output = new byte[CIPHER_KEY_BYTES];
System.arraycopy(mac, 0, output, 0, output.length); System.arraycopy(mac, 0, output, 0, output.length);
return output; return output;
} }

1
briar-core/src/org/briarproject/crypto/CryptoModule.java
View File

@@ -42,6 +42,7 @@ public class CryptoModule extends AbstractModule {
@Override @Override
protected void configure() { protected void configure() {
bind(AuthenticatedCipher.class).to(AuthenticatedCipherImpl.class);
bind(CryptoComponent.class).to( bind(CryptoComponent.class).to(
CryptoComponentImpl.class).in(Singleton.class); CryptoComponentImpl.class).in(Singleton.class);
bind(PasswordStrengthEstimator.class).to( bind(PasswordStrengthEstimator.class).to(

10
briar-core/src/org/briarproject/crypto/StreamDecrypterFactoryImpl.java
View File

@@ -3,6 +3,7 @@ package org.briarproject.crypto;
import java.io.InputStream; import java.io.InputStream;
import javax.inject.Inject; import javax.inject.Inject;
import javax.inject.Provider;
import org.briarproject.api.crypto.CryptoComponent; import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey; import org.briarproject.api.crypto.SecretKey;
@@ -13,10 +14,13 @@ import org.briarproject.api.transport.StreamContext;
class StreamDecrypterFactoryImpl implements StreamDecrypterFactory { class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
private final CryptoComponent crypto; private final CryptoComponent crypto;
private final Provider<AuthenticatedCipher> cipherProvider;
@Inject @Inject
StreamDecrypterFactoryImpl(CryptoComponent crypto) { StreamDecrypterFactoryImpl(CryptoComponent crypto,
Provider<AuthenticatedCipher> cipherProvider) {
this.crypto = crypto; this.crypto = crypto;
this.cipherProvider = cipherProvider;
} }
public StreamDecrypter createStreamDecrypter(InputStream in, public StreamDecrypter createStreamDecrypter(InputStream in,
@@ -27,7 +31,7 @@ class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
boolean alice = !ctx.getAlice(); boolean alice = !ctx.getAlice();
SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice); SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
// Create the decrypter // Create the decrypter
AuthenticatedCipher cipher = new AuthenticatedCipherImpl(); AuthenticatedCipher cipher = cipherProvider.get();
return new StreamDecrypterImpl(in, cipher, frameKey); return new StreamDecrypterImpl(in, cipher, frameKey);
} }
@@ -36,7 +40,7 @@ class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
// Derive the frame key // Derive the frame key
SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice); SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
// Create the decrypter // Create the decrypter
AuthenticatedCipher cipher = new AuthenticatedCipherImpl(); AuthenticatedCipher cipher = cipherProvider.get();
return new StreamDecrypterImpl(in, cipher, frameKey); return new StreamDecrypterImpl(in, cipher, frameKey);
} }
} }

10
briar-core/src/org/briarproject/crypto/StreamEncrypterFactoryImpl.java
View File

@@ -5,6 +5,7 @@ import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import java.io.OutputStream; import java.io.OutputStream;
import javax.inject.Inject; import javax.inject.Inject;
import javax.inject.Provider;
import org.briarproject.api.crypto.CryptoComponent; import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey; import org.briarproject.api.crypto.SecretKey;
@@ -15,10 +16,13 @@ import org.briarproject.api.transport.StreamContext;
class StreamEncrypterFactoryImpl implements StreamEncrypterFactory { class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
private final CryptoComponent crypto; private final CryptoComponent crypto;
private final Provider<AuthenticatedCipher> cipherProvider;
@Inject @Inject
StreamEncrypterFactoryImpl(CryptoComponent crypto) { StreamEncrypterFactoryImpl(CryptoComponent crypto,
Provider<AuthenticatedCipher> cipherProvider) {
this.crypto = crypto; this.crypto = crypto;
this.cipherProvider = cipherProvider;
} }
public StreamEncrypter createStreamEncrypter(OutputStream out, public StreamEncrypter createStreamEncrypter(OutputStream out,
@@ -33,7 +37,7 @@ class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
// Derive the frame key // Derive the frame key
SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice); SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
// Create the encrypter // Create the encrypter
AuthenticatedCipher cipher = new AuthenticatedCipherImpl(); AuthenticatedCipher cipher = cipherProvider.get();
return new StreamEncrypterImpl(out, cipher, frameKey, tag); return new StreamEncrypterImpl(out, cipher, frameKey, tag);
} }
@@ -42,7 +46,7 @@ class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
// Derive the frame key // Derive the frame key
SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice); SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
// Create the encrypter // Create the encrypter
AuthenticatedCipher cipher = new AuthenticatedCipherImpl(); AuthenticatedCipher cipher = cipherProvider.get();
return new StreamEncrypterImpl(out, cipher, frameKey, null); return new StreamEncrypterImpl(out, cipher, frameKey, null);
} }
} }