mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-13 03:09:04 +01:00
Variable-length frames (untested).
This commit is contained in:
akwizgran
@@ -13,10 +13,10 @@ public interface AuthenticatedCipher {
|
||||
throws GeneralSecurityException;
|
||||
|
||||
/** Encrypts or decrypts data in a single-part operation. */
|
||||
int doFinal(byte[] input, int inputOff, int len, byte[] output,
|
||||
int process(byte[] input, int inputOff, int len, byte[] output,
|
||||
int outputOff) throws GeneralSecurityException;
|
||||
|
||||
/** Returns the length of the message authenticated code (MAC) in bytes. */
|
||||
/** Returns the length of the message authentication code (MAC) in bytes. */
|
||||
int getMacLength();
|
||||
|
||||
/** Returns the block size of the cipher in bytes. */
|
||||
|
||||
@@ -5,8 +5,8 @@ import java.io.IOException;
|
||||
public interface StreamEncrypter {
|
||||
|
||||
/** Encrypts the given frame and writes it to the stream. */
|
||||
void writeFrame(byte[] payload, int payloadLength, boolean finalFrame)
|
||||
throws IOException;
|
||||
void writeFrame(byte[] payload, int payloadLength, int paddingLength,
|
||||
boolean finalFrame) throws IOException;
|
||||
|
||||
/** Flushes the stream. */
|
||||
void flush() throws IOException;
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
package org.briarproject.api.transport;
|
||||
|
||||
|
||||
public interface TransportConstants {
|
||||
|
||||
/** The length of the pseudo-random tag in bytes. */
|
||||
@@ -8,18 +9,18 @@ public interface TransportConstants {
|
||||
/** The maximum length of a frame in bytes, including the header and MAC. */
|
||||
int MAX_FRAME_LENGTH = 1024;
|
||||
|
||||
/** The length of the initalisation vector (IV) in bytes. */
|
||||
int IV_LENGTH = 12;
|
||||
|
||||
/** The length of the additional authenticated data (AAD) in bytes. */
|
||||
int AAD_LENGTH = 6;
|
||||
|
||||
/** The length of the frame header in bytes. */
|
||||
int HEADER_LENGTH = 2;
|
||||
|
||||
/** The length of the message authentication code (MAC) in bytes. */
|
||||
int MAC_LENGTH = 16;
|
||||
|
||||
/** The length of the frame header in bytes. */
|
||||
int HEADER_LENGTH = 4 + MAC_LENGTH;
|
||||
|
||||
/** The maximum total length of the frame payload and padding in bytes. */
|
||||
int MAX_PAYLOAD_LENGTH = MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH;
|
||||
|
||||
/** The length of the initalisation vector (IV) in bytes. */
|
||||
int IV_LENGTH = 12;
|
||||
|
||||
/**
|
||||
* The minimum stream length in bytes that all transport plugins must
|
||||
* support. Streams may be shorter than this length, but all transport
|
||||
|
||||
@@ -20,7 +20,7 @@ class AuthenticatedCipherImpl implements AuthenticatedCipher {
|
||||
this.macLength = macLength;
|
||||
}
|
||||
|
||||
public int doFinal(byte[] input, int inputOff, int len, byte[] output,
|
||||
public int process(byte[] input, int inputOff, int len, byte[] output,
|
||||
int outputOff) throws GeneralSecurityException {
|
||||
int processed = 0;
|
||||
if(len != 0) {
|
||||
|
||||
@@ -335,7 +335,7 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
MAC_BYTES);
|
||||
cipher.init(true, key, iv, null);
|
||||
int outputOff = salt.length + 4 + iv.length;
|
||||
cipher.doFinal(input, 0, input.length, output, outputOff);
|
||||
cipher.process(input, 0, input.length, output, outputOff);
|
||||
return output;
|
||||
} catch(GeneralSecurityException e) {
|
||||
throw new RuntimeException(e);
|
||||
@@ -369,7 +369,7 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
int inputOff = salt.length + 4 + iv.length;
|
||||
int inputLen = input.length - inputOff;
|
||||
byte[] output = new byte[inputLen - MAC_BYTES];
|
||||
cipher.doFinal(input, inputOff, inputLen, output, 0);
|
||||
cipher.process(input, inputOff, inputLen, output, 0);
|
||||
return output;
|
||||
} catch(GeneralSecurityException e) {
|
||||
return null; // Invalid ciphertext
|
||||
|
||||
@@ -1,44 +1,33 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
|
||||
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
|
||||
|
||||
import org.briarproject.util.ByteUtils;
|
||||
|
||||
class FrameEncoder {
|
||||
|
||||
static void encodeIv(byte[] iv, long frameNumber) {
|
||||
static void encodeIv(byte[] iv, long frameNumber, boolean header) {
|
||||
if(iv.length < IV_LENGTH) throw new IllegalArgumentException();
|
||||
if(frameNumber < 0 || frameNumber > MAX_32_BIT_UNSIGNED)
|
||||
throw new IllegalArgumentException();
|
||||
ByteUtils.writeUint32(frameNumber, iv, 0);
|
||||
for(int i = 4; i < IV_LENGTH; i++) iv[i] = 0;
|
||||
}
|
||||
|
||||
static void encodeAad(byte[] aad, long frameNumber, int plaintextLength) {
|
||||
if(aad.length < AAD_LENGTH) throw new IllegalArgumentException();
|
||||
if(frameNumber < 0 || frameNumber > MAX_32_BIT_UNSIGNED)
|
||||
throw new IllegalArgumentException();
|
||||
if(plaintextLength < HEADER_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
if(plaintextLength > MAX_FRAME_LENGTH - MAC_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
ByteUtils.writeUint32(frameNumber, aad, 0);
|
||||
ByteUtils.writeUint16(plaintextLength, aad, 4);
|
||||
if(header) iv[4] = 1;
|
||||
else iv[4] = 0;
|
||||
for(int i = 5; i < IV_LENGTH; i++) iv[i] = 0;
|
||||
}
|
||||
|
||||
static void encodeHeader(byte[] header, boolean finalFrame,
|
||||
int payloadLength) {
|
||||
int payloadLength, int paddingLength) {
|
||||
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
|
||||
if(payloadLength < 0)
|
||||
throw new IllegalArgumentException();
|
||||
if(payloadLength > MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH)
|
||||
if(payloadLength < 0) throw new IllegalArgumentException();
|
||||
if(paddingLength < 0) throw new IllegalArgumentException();
|
||||
if(payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
ByteUtils.writeUint16(payloadLength, header, 0);
|
||||
ByteUtils.writeUint16(paddingLength, header, 2);
|
||||
if(finalFrame) header[0] |= 0x80;
|
||||
}
|
||||
|
||||
@@ -51,4 +40,9 @@ class FrameEncoder {
|
||||
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
|
||||
return ByteUtils.readUint16(header, 0) & 0x7FFF;
|
||||
}
|
||||
|
||||
static int getPaddingLength(byte[] header) {
|
||||
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
|
||||
return ByteUtils.readUint16(header, 2);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,10 +21,10 @@ class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
|
||||
|
||||
public StreamDecrypter createStreamDecrypter(InputStream in,
|
||||
StreamContext ctx) {
|
||||
// Derive the frame key
|
||||
byte[] secret = ctx.getSecret();
|
||||
long streamNumber = ctx.getStreamNumber();
|
||||
boolean alice = !ctx.getAlice();
|
||||
// Derive the frame key
|
||||
SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
|
||||
// Create the decrypter
|
||||
return new StreamDecrypterImpl(in, crypto.getFrameCipher(), frameKey);
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
|
||||
|
||||
import java.io.EOFException;
|
||||
import java.io.IOException;
|
||||
@@ -21,7 +21,7 @@ class StreamDecrypterImpl implements StreamDecrypter {
|
||||
private final InputStream in;
|
||||
private final AuthenticatedCipher frameCipher;
|
||||
private final SecretKey frameKey;
|
||||
private final byte[] iv, aad, plaintext, ciphertext;
|
||||
private final byte[] iv, aad, header, ciphertext;
|
||||
|
||||
private long frameNumber;
|
||||
private boolean finalFrame;
|
||||
@@ -32,50 +32,66 @@ class StreamDecrypterImpl implements StreamDecrypter {
|
||||
this.frameCipher = frameCipher;
|
||||
this.frameKey = frameKey;
|
||||
iv = new byte[IV_LENGTH];
|
||||
aad = new byte[AAD_LENGTH];
|
||||
plaintext = new byte[MAX_FRAME_LENGTH - MAC_LENGTH];
|
||||
aad = new byte[IV_LENGTH];
|
||||
header = new byte[HEADER_LENGTH];
|
||||
ciphertext = new byte[MAX_FRAME_LENGTH];
|
||||
frameNumber = 0;
|
||||
finalFrame = false;
|
||||
}
|
||||
|
||||
public int readFrame(byte[] payload) throws IOException {
|
||||
if(payload.length < MAX_PAYLOAD_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
if(finalFrame) return -1;
|
||||
// Read the frame
|
||||
int ciphertextLength = 0;
|
||||
while(ciphertextLength < MAX_FRAME_LENGTH) {
|
||||
int read = in.read(ciphertext, ciphertextLength,
|
||||
MAX_FRAME_LENGTH - ciphertextLength);
|
||||
if(read == -1) break; // We'll check the length later
|
||||
ciphertextLength += read;
|
||||
// Read the header
|
||||
int offset = 0;
|
||||
while(offset < HEADER_LENGTH) {
|
||||
int read = in.read(ciphertext, offset, HEADER_LENGTH - offset);
|
||||
if(read == -1) throw new EOFException();
|
||||
offset += read;
|
||||
}
|
||||
int plaintextLength = ciphertextLength - MAC_LENGTH;
|
||||
if(plaintextLength < HEADER_LENGTH) throw new EOFException();
|
||||
// Decrypt and authenticate the frame
|
||||
FrameEncoder.encodeIv(iv, frameNumber);
|
||||
FrameEncoder.encodeAad(aad, frameNumber, plaintextLength);
|
||||
// Decrypt and authenticate the header
|
||||
FrameEncoder.encodeIv(iv, frameNumber, true);
|
||||
FrameEncoder.encodeIv(aad, frameNumber, true);
|
||||
try {
|
||||
frameCipher.init(false, frameKey, iv, aad);
|
||||
int decrypted = frameCipher.doFinal(ciphertext, 0, ciphertextLength,
|
||||
plaintext, 0);
|
||||
if(decrypted != plaintextLength) throw new RuntimeException();
|
||||
int decrypted = frameCipher.process(ciphertext, 0, HEADER_LENGTH,
|
||||
header, 0);
|
||||
if(decrypted != HEADER_LENGTH - MAC_LENGTH)
|
||||
throw new RuntimeException();
|
||||
} catch(GeneralSecurityException e) {
|
||||
throw new FormatException();
|
||||
}
|
||||
// Decode and validate the header
|
||||
finalFrame = FrameEncoder.isFinalFrame(plaintext);
|
||||
if(!finalFrame && ciphertextLength < MAX_FRAME_LENGTH)
|
||||
finalFrame = FrameEncoder.isFinalFrame(header);
|
||||
int payloadLength = FrameEncoder.getPayloadLength(header);
|
||||
int paddingLength = FrameEncoder.getPaddingLength(header);
|
||||
if(payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
|
||||
throw new FormatException();
|
||||
int payloadLength = FrameEncoder.getPayloadLength(plaintext);
|
||||
if(payloadLength > plaintextLength - HEADER_LENGTH)
|
||||
throw new FormatException();
|
||||
// If there's any padding it must be all zeroes
|
||||
for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++) {
|
||||
if(plaintext[i] != 0) throw new FormatException();
|
||||
// Read the payload and padding
|
||||
int frameLength = HEADER_LENGTH + payloadLength + paddingLength
|
||||
+ MAC_LENGTH;
|
||||
while(offset < frameLength) {
|
||||
int read = in.read(ciphertext, offset, frameLength - offset);
|
||||
if(read == -1) throw new EOFException();
|
||||
offset += read;
|
||||
}
|
||||
// Decrypt and authenticate the payload and padding
|
||||
FrameEncoder.encodeIv(iv, frameNumber, false);
|
||||
FrameEncoder.encodeIv(aad, frameNumber, false);
|
||||
try {
|
||||
frameCipher.init(false, frameKey, iv, aad);
|
||||
int decrypted = frameCipher.process(ciphertext, HEADER_LENGTH,
|
||||
payloadLength + paddingLength + MAC_LENGTH, payload, 0);
|
||||
if(decrypted != payloadLength + paddingLength)
|
||||
throw new RuntimeException();
|
||||
} catch(GeneralSecurityException e) {
|
||||
throw new FormatException();
|
||||
}
|
||||
// If there's any padding it must be all zeroes
|
||||
for(int i = 0; i < paddingLength; i++)
|
||||
if(payload[payloadLength + i] != 0) throw new FormatException();
|
||||
frameNumber++;
|
||||
// Copy the payload
|
||||
System.arraycopy(plaintext, HEADER_LENGTH, payload, 0, payloadLength);
|
||||
return payloadLength;
|
||||
}
|
||||
}
|
||||
@@ -1,10 +1,10 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
|
||||
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
|
||||
|
||||
import java.io.IOException;
|
||||
@@ -32,50 +32,57 @@ class StreamEncrypterImpl implements StreamEncrypter {
|
||||
this.frameKey = frameKey;
|
||||
this.tag = tag;
|
||||
iv = new byte[IV_LENGTH];
|
||||
aad = new byte[AAD_LENGTH];
|
||||
plaintext = new byte[MAX_FRAME_LENGTH - MAC_LENGTH];
|
||||
aad = new byte[IV_LENGTH];
|
||||
plaintext = new byte[HEADER_LENGTH + MAX_PAYLOAD_LENGTH];
|
||||
ciphertext = new byte[MAX_FRAME_LENGTH];
|
||||
frameNumber = 0;
|
||||
writeTag = (tag != null);
|
||||
}
|
||||
|
||||
public void writeFrame(byte[] payload, int payloadLength,
|
||||
boolean finalFrame) throws IOException {
|
||||
if(frameNumber > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
|
||||
int paddingLength, boolean finalFrame) throws IOException {
|
||||
if(payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
// Don't allow the frame counter to wrap
|
||||
if(frameNumber > MAX_32_BIT_UNSIGNED) throw new IOException();
|
||||
// Write the tag if required
|
||||
if(writeTag) {
|
||||
out.write(tag, 0, tag.length);
|
||||
writeTag = false;
|
||||
}
|
||||
// Don't pad the final frame
|
||||
int plaintextLength, ciphertextLength;
|
||||
if(finalFrame) {
|
||||
plaintextLength = HEADER_LENGTH + payloadLength;
|
||||
ciphertextLength = plaintextLength + MAC_LENGTH;
|
||||
} else {
|
||||
plaintextLength = MAX_FRAME_LENGTH - MAC_LENGTH;
|
||||
ciphertextLength = MAX_FRAME_LENGTH;
|
||||
}
|
||||
// Encode the header
|
||||
FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength);
|
||||
// Copy the payload
|
||||
System.arraycopy(payload, 0, plaintext, HEADER_LENGTH, payloadLength);
|
||||
// If there's any padding it must all be zeroes
|
||||
for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++)
|
||||
plaintext[i] = 0;
|
||||
// Encrypt and authenticate the frame
|
||||
FrameEncoder.encodeIv(iv, frameNumber);
|
||||
FrameEncoder.encodeAad(aad, frameNumber, plaintextLength);
|
||||
FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength,
|
||||
paddingLength);
|
||||
// Encrypt and authenticate the header
|
||||
FrameEncoder.encodeIv(iv, frameNumber, true);
|
||||
FrameEncoder.encodeIv(aad, frameNumber, true);
|
||||
try {
|
||||
frameCipher.init(true, frameKey, iv, aad);
|
||||
int encrypted = frameCipher.doFinal(plaintext, 0, plaintextLength,
|
||||
ciphertext, 0);
|
||||
if(encrypted != ciphertextLength) throw new RuntimeException();
|
||||
int encrypted = frameCipher.process(plaintext, 0,
|
||||
HEADER_LENGTH - MAC_LENGTH, ciphertext, 0);
|
||||
if(encrypted != HEADER_LENGTH) throw new RuntimeException();
|
||||
} catch(GeneralSecurityException badCipher) {
|
||||
throw new RuntimeException(badCipher);
|
||||
}
|
||||
// Combine the payload and padding
|
||||
System.arraycopy(payload, 0, plaintext, HEADER_LENGTH, payloadLength);
|
||||
for(int i = 0; i < paddingLength; i++)
|
||||
plaintext[HEADER_LENGTH + payloadLength + i] = 0;
|
||||
// Encrypt and authenticate the payload and padding
|
||||
FrameEncoder.encodeIv(iv, frameNumber, false);
|
||||
FrameEncoder.encodeIv(aad, frameNumber, false);
|
||||
try {
|
||||
frameCipher.init(true, frameKey, iv, aad);
|
||||
int encrypted = frameCipher.process(plaintext, HEADER_LENGTH,
|
||||
payloadLength + paddingLength, ciphertext, HEADER_LENGTH);
|
||||
if(encrypted != payloadLength + paddingLength + MAC_LENGTH)
|
||||
throw new RuntimeException();
|
||||
} catch(GeneralSecurityException badCipher) {
|
||||
throw new RuntimeException(badCipher);
|
||||
}
|
||||
// Write the frame
|
||||
out.write(ciphertext, 0, ciphertextLength);
|
||||
out.write(ciphertext, 0, HEADER_LENGTH + payloadLength + paddingLength
|
||||
+ MAC_LENGTH);
|
||||
frameNumber++;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package org.briarproject.transport;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
@@ -18,7 +16,7 @@ class StreamReaderImpl extends InputStream {
|
||||
|
||||
StreamReaderImpl(StreamDecrypter decrypter) {
|
||||
this.decrypter = decrypter;
|
||||
payload = new byte[MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH];
|
||||
payload = new byte[MAX_PAYLOAD_LENGTH];
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package org.briarproject.transport;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
@@ -25,7 +23,7 @@ class StreamWriterImpl extends OutputStream {
|
||||
|
||||
StreamWriterImpl(StreamEncrypter encrypter) {
|
||||
this.encrypter = encrypter;
|
||||
payload = new byte[MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH];
|
||||
payload = new byte[MAX_PAYLOAD_LENGTH];
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -69,7 +67,7 @@ class StreamWriterImpl extends OutputStream {
|
||||
}
|
||||
|
||||
private void writeFrame(boolean finalFrame) throws IOException {
|
||||
encrypter.writeFrame(payload, length, finalFrame);
|
||||
encrypter.writeFrame(payload, length, 0, finalFrame);
|
||||
length = 0;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,185 +1,37 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
|
||||
import org.briarproject.BriarTestCase;
|
||||
import org.briarproject.TestLifecycleModule;
|
||||
import org.briarproject.TestSystemModule;
|
||||
import org.briarproject.api.FormatException;
|
||||
import org.briarproject.api.crypto.AuthenticatedCipher;
|
||||
import org.briarproject.api.crypto.CryptoComponent;
|
||||
import org.briarproject.api.crypto.SecretKey;
|
||||
import org.briarproject.util.ByteUtils;
|
||||
import org.junit.Test;
|
||||
|
||||
import com.google.inject.Guice;
|
||||
import com.google.inject.Injector;
|
||||
|
||||
public class StreamDecrypterImplTest extends BriarTestCase {
|
||||
|
||||
// FIXME: This is an integration test, not a unit test
|
||||
|
||||
private static final int MAX_PAYLOAD_LENGTH =
|
||||
MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH;
|
||||
|
||||
private final CryptoComponent crypto;
|
||||
private final AuthenticatedCipher frameCipher;
|
||||
private final SecretKey frameKey;
|
||||
|
||||
public StreamDecrypterImplTest() {
|
||||
Injector i = Guice.createInjector(new CryptoModule(),
|
||||
new TestLifecycleModule(), new TestSystemModule());
|
||||
crypto = i.getInstance(CryptoComponent.class);
|
||||
frameCipher = crypto.getFrameCipher();
|
||||
frameKey = crypto.generateSecretKey();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testReadValidFrames() throws Exception {
|
||||
// Generate two valid frames
|
||||
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, false);
|
||||
byte[] frame1 = generateFrame(1, MAX_FRAME_LENGTH, 123, false, false);
|
||||
// Concatenate the frames
|
||||
byte[] valid = new byte[MAX_FRAME_LENGTH * 2];
|
||||
System.arraycopy(frame, 0, valid, 0, MAX_FRAME_LENGTH);
|
||||
System.arraycopy(frame1, 0, valid, MAX_FRAME_LENGTH, MAX_FRAME_LENGTH);
|
||||
// Read the frames
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(valid);
|
||||
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
byte[] payload = new byte[MAX_PAYLOAD_LENGTH];
|
||||
assertEquals(123, i.readFrame(payload));
|
||||
assertEquals(123, i.readFrame(payload));
|
||||
// FIXME
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTruncatedFrameThrowsException() throws Exception {
|
||||
// Generate a valid frame
|
||||
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, false);
|
||||
// Chop off the last byte
|
||||
byte[] truncated = new byte[MAX_FRAME_LENGTH - 1];
|
||||
System.arraycopy(frame, 0, truncated, 0, MAX_FRAME_LENGTH - 1);
|
||||
// Try to read the frame, which should fail due to truncation
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(truncated);
|
||||
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
try {
|
||||
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
|
||||
fail();
|
||||
} catch(FormatException expected) {}
|
||||
// FIXME
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testModifiedFrameThrowsException() throws Exception {
|
||||
// Generate a valid frame
|
||||
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, false);
|
||||
// Modify a randomly chosen byte of the frame
|
||||
frame[(int) (Math.random() * MAX_FRAME_LENGTH)] ^= 1;
|
||||
// Try to read the frame, which should fail due to modification
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(frame);
|
||||
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
try {
|
||||
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
|
||||
fail();
|
||||
} catch(FormatException expected) {}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testShortNonFinalFrameThrowsException() throws Exception {
|
||||
// Generate a short non-final frame
|
||||
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH - 1, 123, false,
|
||||
false);
|
||||
// Try to read the frame, which should fail due to invalid length
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(frame);
|
||||
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
try {
|
||||
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
|
||||
fail();
|
||||
} catch(FormatException expected) {}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testShortFinalFrameDoesNotThrowException() throws Exception {
|
||||
// Generate a short final frame
|
||||
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH - 1, 123, true, false);
|
||||
// Read the frame
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(frame);
|
||||
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
int length = i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
|
||||
assertEquals(123, length);
|
||||
// FIXME
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInvalidPayloadLengthThrowsException() throws Exception {
|
||||
// Generate a frame with an invalid payload length
|
||||
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, false);
|
||||
ByteUtils.writeUint16(MAX_PAYLOAD_LENGTH + 1, frame, 0);
|
||||
// Try to read the frame, which should fail due to invalid length
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(frame);
|
||||
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
try {
|
||||
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
|
||||
fail();
|
||||
} catch(FormatException expected) {}
|
||||
// FIXME
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNonZeroPaddingThrowsException() throws Exception {
|
||||
// Generate a frame with bad padding
|
||||
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, true);
|
||||
// Try to read the frame, which should fail due to bad padding
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(frame);
|
||||
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
try {
|
||||
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
|
||||
fail();
|
||||
} catch(FormatException expected) {}
|
||||
// FIXME
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCannotReadBeyondFinalFrame() throws Exception {
|
||||
// Generate a valid final frame and another valid final frame after it
|
||||
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, MAX_PAYLOAD_LENGTH,
|
||||
true, false);
|
||||
byte[] frame1 = generateFrame(1, MAX_FRAME_LENGTH, 123, true, false);
|
||||
// Concatenate the frames
|
||||
byte[] extraFrame = new byte[MAX_FRAME_LENGTH * 2];
|
||||
System.arraycopy(frame, 0, extraFrame, 0, MAX_FRAME_LENGTH);
|
||||
System.arraycopy(frame1, 0, extraFrame, MAX_FRAME_LENGTH,
|
||||
MAX_FRAME_LENGTH);
|
||||
// Read the final frame, which should first read the tag
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(extraFrame);
|
||||
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
|
||||
frameKey);
|
||||
byte[] payload = new byte[MAX_PAYLOAD_LENGTH];
|
||||
assertEquals(MAX_PAYLOAD_LENGTH, i.readFrame(payload));
|
||||
// The frame after the final frame should not be read
|
||||
assertEquals(-1, i.readFrame(payload));
|
||||
}
|
||||
|
||||
private byte[] generateFrame(long frameNumber, int frameLength,
|
||||
int payloadLength, boolean finalFrame, boolean badPadding)
|
||||
throws Exception {
|
||||
byte[] iv = new byte[IV_LENGTH], aad = new byte[AAD_LENGTH];
|
||||
byte[] plaintext = new byte[frameLength - MAC_LENGTH];
|
||||
byte[] ciphertext = new byte[frameLength];
|
||||
FrameEncoder.encodeIv(iv, frameNumber);
|
||||
FrameEncoder.encodeAad(aad, frameNumber, plaintext.length);
|
||||
frameCipher.init(true, frameKey, iv, aad);
|
||||
FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength);
|
||||
if(badPadding) plaintext[HEADER_LENGTH + payloadLength] = 1;
|
||||
frameCipher.doFinal(plaintext, 0, plaintext.length, ciphertext, 0);
|
||||
return ciphertext;
|
||||
// FIXME
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,102 +1,27 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.util.Random;
|
||||
|
||||
import org.briarproject.BriarTestCase;
|
||||
import org.briarproject.TestLifecycleModule;
|
||||
import org.briarproject.TestSystemModule;
|
||||
import org.briarproject.api.crypto.AuthenticatedCipher;
|
||||
import org.briarproject.api.crypto.CryptoComponent;
|
||||
import org.briarproject.api.crypto.SecretKey;
|
||||
import org.junit.Test;
|
||||
|
||||
import com.google.inject.Guice;
|
||||
import com.google.inject.Injector;
|
||||
|
||||
public class StreamEncrypterImplTest extends BriarTestCase {
|
||||
|
||||
// FIXME: This is an integration test, not a unit test
|
||||
|
||||
private final CryptoComponent crypto;
|
||||
private final AuthenticatedCipher frameCipher;
|
||||
|
||||
public StreamEncrypterImplTest() {
|
||||
Injector i = Guice.createInjector(new CryptoModule(),
|
||||
new TestLifecycleModule(), new TestSystemModule());
|
||||
crypto = i.getInstance(CryptoComponent.class);
|
||||
frameCipher = crypto.getFrameCipher();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testEncryptionWithoutTag() throws Exception {
|
||||
int payloadLength = 123;
|
||||
byte[] iv = new byte[IV_LENGTH], aad = new byte[AAD_LENGTH];
|
||||
byte[] plaintext = new byte[MAX_FRAME_LENGTH - MAC_LENGTH];
|
||||
byte[] ciphertext = new byte[MAX_FRAME_LENGTH];
|
||||
SecretKey frameKey = crypto.generateSecretKey();
|
||||
// Calculate the expected ciphertext
|
||||
FrameEncoder.encodeIv(iv, 0);
|
||||
FrameEncoder.encodeAad(aad, 0, plaintext.length);
|
||||
frameCipher.init(true, frameKey, iv, aad);
|
||||
FrameEncoder.encodeHeader(plaintext, false, payloadLength);
|
||||
frameCipher.doFinal(plaintext, 0, plaintext.length, ciphertext, 0);
|
||||
// Check that the actual ciphertext matches what's expected
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
StreamEncrypterImpl o = new StreamEncrypterImpl(out, frameCipher,
|
||||
frameKey, null);
|
||||
o.writeFrame(new byte[payloadLength], payloadLength, false);
|
||||
byte[] actual = out.toByteArray();
|
||||
assertEquals(MAX_FRAME_LENGTH, actual.length);
|
||||
for(int i = 0; i < MAX_FRAME_LENGTH; i++)
|
||||
assertEquals(ciphertext[i], actual[i]);
|
||||
// FIXME
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testEncryptionWithTag() throws Exception {
|
||||
byte[] tag = new byte[TAG_LENGTH];
|
||||
new Random().nextBytes(tag);
|
||||
int payloadLength = 123;
|
||||
byte[] iv = new byte[IV_LENGTH], aad = new byte[AAD_LENGTH];
|
||||
byte[] plaintext = new byte[MAX_FRAME_LENGTH - MAC_LENGTH];
|
||||
byte[] ciphertext = new byte[MAX_FRAME_LENGTH];
|
||||
SecretKey frameKey = crypto.generateSecretKey();
|
||||
// Calculate the expected ciphertext
|
||||
FrameEncoder.encodeIv(iv, 0);
|
||||
FrameEncoder.encodeAad(aad, 0, plaintext.length);
|
||||
frameCipher.init(true, frameKey, iv, aad);
|
||||
FrameEncoder.encodeHeader(plaintext, false, payloadLength);
|
||||
frameCipher.doFinal(plaintext, 0, plaintext.length, ciphertext, 0);
|
||||
// Check that the actual tag and ciphertext match what's expected
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
StreamEncrypterImpl o = new StreamEncrypterImpl(out, frameCipher,
|
||||
frameKey, tag);
|
||||
o.writeFrame(new byte[payloadLength], payloadLength, false);
|
||||
byte[] actual = out.toByteArray();
|
||||
assertEquals(TAG_LENGTH + MAX_FRAME_LENGTH, actual.length);
|
||||
for(int i = 0; i < TAG_LENGTH; i++) assertEquals(tag[i], actual[i]);
|
||||
for(int i = 0; i < MAX_FRAME_LENGTH; i++)
|
||||
assertEquals(ciphertext[i], actual[TAG_LENGTH + i]);
|
||||
// FIXME
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCloseConnectionWithoutWriting() throws Exception {
|
||||
byte[] tag = new byte[TAG_LENGTH];
|
||||
new Random().nextBytes(tag);
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
// Initiator's constructor
|
||||
StreamEncrypterImpl o = new StreamEncrypterImpl(out, frameCipher,
|
||||
crypto.generateSecretKey(), tag);
|
||||
// Write an empty final frame without having written any other frames
|
||||
o.writeFrame(new byte[MAX_FRAME_LENGTH - MAC_LENGTH], 0, true);
|
||||
// The tag and the empty frame should be written to the output stream
|
||||
assertEquals(TAG_LENGTH + HEADER_LENGTH + MAC_LENGTH, out.size());
|
||||
public void testFlushWritesTagIfNotAlreadyWritten() throws Exception {
|
||||
// FIXME
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFlushDoesNotWriteTagIfAlreadyWritten() throws Exception {
|
||||
// FIXME
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package org.briarproject.transport;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
|
||||
|
||||
import org.briarproject.BriarTestCase;
|
||||
import org.briarproject.api.crypto.StreamDecrypter;
|
||||
@@ -12,9 +10,6 @@ import org.junit.Test;
|
||||
|
||||
public class StreamReaderImplTest extends BriarTestCase {
|
||||
|
||||
private static final int MAX_PAYLOAD_LENGTH =
|
||||
MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH;
|
||||
|
||||
@Test
|
||||
public void testEmptyFramesAreSkipped() throws Exception {
|
||||
Mockery context = new Mockery();
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package org.briarproject.transport;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
|
||||
|
||||
import org.briarproject.BriarTestCase;
|
||||
import org.briarproject.api.crypto.StreamEncrypter;
|
||||
@@ -12,9 +10,6 @@ import org.junit.Test;
|
||||
|
||||
public class StreamWriterImplTest extends BriarTestCase {
|
||||
|
||||
private static final int MAX_PAYLOAD_LENGTH =
|
||||
MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH;
|
||||
|
||||
@Test
|
||||
public void testCloseWithoutWritingWritesFinalFrame() throws Exception {
|
||||
Mockery context = new Mockery();
|
||||
@@ -22,7 +17,7 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Write an empty final frame
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
|
||||
with(true));
|
||||
with(0), with(true));
|
||||
// Flush the stream
|
||||
oneOf(encrypter).flush();
|
||||
}});
|
||||
@@ -40,7 +35,7 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Write a non-final frame with an empty payload
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
|
||||
with(false));
|
||||
with(0), with(false));
|
||||
// Flush the stream
|
||||
oneOf(encrypter).flush();
|
||||
}});
|
||||
@@ -51,7 +46,7 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Closing the writer writes a final frame and flushes again
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
|
||||
with(true));
|
||||
with(0), with(true));
|
||||
oneOf(encrypter).flush();
|
||||
}});
|
||||
w.close();
|
||||
@@ -67,7 +62,7 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Write a non-final frame with one payload byte
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(1),
|
||||
with(false));
|
||||
with(0), with(false));
|
||||
// Flush the stream
|
||||
oneOf(encrypter).flush();
|
||||
}});
|
||||
@@ -79,7 +74,7 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Closing the writer writes a final frame and flushes again
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
|
||||
with(true));
|
||||
with(0), with(true));
|
||||
oneOf(encrypter).flush();
|
||||
}});
|
||||
w.close();
|
||||
@@ -94,18 +89,16 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Write a full non-final frame
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)),
|
||||
with(MAX_PAYLOAD_LENGTH), with(false));
|
||||
with(MAX_PAYLOAD_LENGTH), with(0), with(false));
|
||||
}});
|
||||
for(int i = 0; i < MAX_PAYLOAD_LENGTH; i++) {
|
||||
w.write(0);
|
||||
}
|
||||
for(int i = 0; i < MAX_PAYLOAD_LENGTH; i++) w.write(0);
|
||||
context.assertIsSatisfied();
|
||||
|
||||
// Clean up
|
||||
context.checking(new Expectations() {{
|
||||
// Closing the writer writes a final frame and flushes again
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
|
||||
with(true));
|
||||
with(0), with(true));
|
||||
oneOf(encrypter).flush();
|
||||
}});
|
||||
w.close();
|
||||
@@ -120,7 +113,7 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Write two full non-final frames
|
||||
exactly(2).of(encrypter).writeFrame(with(any(byte[].class)),
|
||||
with(MAX_PAYLOAD_LENGTH), with(false));
|
||||
with(MAX_PAYLOAD_LENGTH), with(0), with(false));
|
||||
}});
|
||||
// Sanity check
|
||||
assertEquals(0, MAX_PAYLOAD_LENGTH % 2);
|
||||
@@ -136,7 +129,7 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Closing the writer writes a final frame and flushes again
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
|
||||
with(true));
|
||||
with(0), with(true));
|
||||
oneOf(encrypter).flush();
|
||||
}});
|
||||
w.close();
|
||||
@@ -151,10 +144,10 @@ public class StreamWriterImplTest extends BriarTestCase {
|
||||
context.checking(new Expectations() {{
|
||||
// Write two full non-final frames
|
||||
exactly(2).of(encrypter).writeFrame(with(any(byte[].class)),
|
||||
with(MAX_PAYLOAD_LENGTH), with(false));
|
||||
with(MAX_PAYLOAD_LENGTH), with(0), with(false));
|
||||
// Write a final frame with a one-byte payload
|
||||
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(1),
|
||||
with(true));
|
||||
with(0), with(true));
|
||||
// Flush the stream
|
||||
oneOf(encrypter).flush();
|
||||
}});
|
||||
|
||||
@@ -24,7 +24,7 @@ class TestStreamEncrypter implements StreamEncrypter {
|
||||
}
|
||||
|
||||
public void writeFrame(byte[] payload, int payloadLength,
|
||||
boolean finalFrame) throws IOException {
|
||||
int paddingLength, boolean finalFrame) throws IOException {
|
||||
if(writeTag) {
|
||||
out.write(tag);
|
||||
writeTag = false;
|
||||
|
||||
Reference in New Issue
Block a user