Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-20 14:49:53 +01:00
Code Issues Projects Releases Wiki Activity

Variable-length frames (untested).

Browse Source
This commit is contained in:
akwizgran
2015-01-05 17:35:29 +00:00
parent d3bf2d59a1
commit 1f69f0d2f6
16 changed files with 147 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
briar-api/src/org/briarproject/api/crypto/AuthenticatedCipher.java
View File

@@ -13,10 +13,10 @@ public interface AuthenticatedCipher {
throws GeneralSecurityException; throws GeneralSecurityException;
/** Encrypts or decrypts data in a single-part operation. */ /** Encrypts or decrypts data in a single-part operation. */
int doFinal(byte[] input, int inputOff, int len, byte[] output, int process(byte[] input, int inputOff, int len, byte[] output,
int outputOff) throws GeneralSecurityException; int outputOff) throws GeneralSecurityException;
/** Returns the length of the message authenticated code (MAC) in bytes. */ /** Returns the length of the message authentication code (MAC) in bytes. */
int getMacLength(); int getMacLength();
/** Returns the block size of the cipher in bytes. */ /** Returns the block size of the cipher in bytes. */

4
briar-api/src/org/briarproject/api/crypto/StreamEncrypter.java
View File

@@ -5,8 +5,8 @@ import java.io.IOException;
public interface StreamEncrypter { public interface StreamEncrypter {
/** Encrypts the given frame and writes it to the stream. */ /** Encrypts the given frame and writes it to the stream. */
void writeFrame(byte[] payload, int payloadLength, boolean finalFrame) void writeFrame(byte[] payload, int payloadLength, int paddingLength,
throws IOException; boolean finalFrame) throws IOException;
/** Flushes the stream. */ /** Flushes the stream. */
void flush() throws IOException; void flush() throws IOException;

19
briar-api/src/org/briarproject/api/transport/TransportConstants.java
View File

@@ -1,5 +1,6 @@
package org.briarproject.api.transport; package org.briarproject.api.transport;
public interface TransportConstants { public interface TransportConstants {
/** The length of the pseudo-random tag in bytes. */ /** The length of the pseudo-random tag in bytes. */
@@ -8,18 +9,18 @@ public interface TransportConstants {
/** The maximum length of a frame in bytes, including the header and MAC. */ /** The maximum length of a frame in bytes, including the header and MAC. */
int MAX_FRAME_LENGTH = 1024; int MAX_FRAME_LENGTH = 1024;
/** The length of the initalisation vector (IV) in bytes. */
int IV_LENGTH = 12;
/** The length of the additional authenticated data (AAD) in bytes. */
int AAD_LENGTH = 6;
/** The length of the frame header in bytes. */
int HEADER_LENGTH = 2;
/** The length of the message authentication code (MAC) in bytes. */ /** The length of the message authentication code (MAC) in bytes. */
int MAC_LENGTH = 16; int MAC_LENGTH = 16;
/** The length of the frame header in bytes. */
int HEADER_LENGTH = 4 + MAC_LENGTH;
/** The maximum total length of the frame payload and padding in bytes. */
int MAX_PAYLOAD_LENGTH = MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH;
/** The length of the initalisation vector (IV) in bytes. */
int IV_LENGTH = 12;
/** /**
* The minimum stream length in bytes that all transport plugins must * The minimum stream length in bytes that all transport plugins must
* support. Streams may be shorter than this length, but all transport * support. Streams may be shorter than this length, but all transport

2
briar-core/src/org/briarproject/crypto/AuthenticatedCipherImpl.java
View File

@@ -20,7 +20,7 @@ class AuthenticatedCipherImpl implements AuthenticatedCipher {
this.macLength = macLength; this.macLength = macLength;
} }
public int doFinal(byte[] input, int inputOff, int len, byte[] output, public int process(byte[] input, int inputOff, int len, byte[] output,
int outputOff) throws GeneralSecurityException { int outputOff) throws GeneralSecurityException {
int processed = 0; int processed = 0;
if(len != 0) { if(len != 0) {

4
briar-core/src/org/briarproject/crypto/CryptoComponentImpl.java
View File

@@ -335,7 +335,7 @@ class CryptoComponentImpl implements CryptoComponent {
MAC_BYTES); MAC_BYTES);
cipher.init(true, key, iv, null); cipher.init(true, key, iv, null);
int outputOff = salt.length + 4 + iv.length; int outputOff = salt.length + 4 + iv.length;
cipher.doFinal(input, 0, input.length, output, outputOff); cipher.process(input, 0, input.length, output, outputOff);
return output; return output;
} catch(GeneralSecurityException e) { } catch(GeneralSecurityException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
@@ -369,7 +369,7 @@ class CryptoComponentImpl implements CryptoComponent {
int inputOff = salt.length + 4 + iv.length; int inputOff = salt.length + 4 + iv.length;
int inputLen = input.length - inputOff; int inputLen = input.length - inputOff;
byte[] output = new byte[inputLen - MAC_BYTES]; byte[] output = new byte[inputLen - MAC_BYTES];
cipher.doFinal(input, inputOff, inputLen, output, 0); cipher.process(input, inputOff, inputLen, output, 0);
return output; return output;
} catch(GeneralSecurityException e) { } catch(GeneralSecurityException e) {
return null; // Invalid ciphertext return null; // Invalid ciphertext

36
briar-core/src/org/briarproject/crypto/FrameEncoder.java
View File

@@ -1,44 +1,33 @@
package org.briarproject.crypto; package org.briarproject.crypto;
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH; import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH; import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED; import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
import org.briarproject.util.ByteUtils; import org.briarproject.util.ByteUtils;
class FrameEncoder { class FrameEncoder {
static void encodeIv(byte[] iv, long frameNumber) { static void encodeIv(byte[] iv, long frameNumber, boolean header) {
if(iv.length < IV_LENGTH) throw new IllegalArgumentException(); if(iv.length < IV_LENGTH) throw new IllegalArgumentException();
if(frameNumber < 0 || frameNumber > MAX_32_BIT_UNSIGNED) if(frameNumber < 0 || frameNumber > MAX_32_BIT_UNSIGNED)
throw new IllegalArgumentException(); throw new IllegalArgumentException();
ByteUtils.writeUint32(frameNumber, iv, 0); ByteUtils.writeUint32(frameNumber, iv, 0);
for(int i = 4; i < IV_LENGTH; i++) iv[i] = 0; if(header) iv[4] = 1;
} else iv[4] = 0;
for(int i = 5; i < IV_LENGTH; i++) iv[i] = 0;
static void encodeAad(byte[] aad, long frameNumber, int plaintextLength) {
if(aad.length < AAD_LENGTH) throw new IllegalArgumentException();
if(frameNumber < 0 || frameNumber > MAX_32_BIT_UNSIGNED)
throw new IllegalArgumentException();
if(plaintextLength < HEADER_LENGTH)
throw new IllegalArgumentException();
if(plaintextLength > MAX_FRAME_LENGTH - MAC_LENGTH)
throw new IllegalArgumentException();
ByteUtils.writeUint32(frameNumber, aad, 0);
ByteUtils.writeUint16(plaintextLength, aad, 4);
} }
static void encodeHeader(byte[] header, boolean finalFrame, static void encodeHeader(byte[] header, boolean finalFrame,
int payloadLength) { int payloadLength, int paddingLength) {
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException(); if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
if(payloadLength < 0) if(payloadLength < 0) throw new IllegalArgumentException();
throw new IllegalArgumentException(); if(paddingLength < 0) throw new IllegalArgumentException();
if(payloadLength > MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH) if(payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
throw new IllegalArgumentException(); throw new IllegalArgumentException();
ByteUtils.writeUint16(payloadLength, header, 0); ByteUtils.writeUint16(payloadLength, header, 0);
ByteUtils.writeUint16(paddingLength, header, 2);
if(finalFrame) header[0] |= 0x80; if(finalFrame) header[0] |= 0x80;
} }
@@ -51,4 +40,9 @@ class FrameEncoder {
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException(); if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
return ByteUtils.readUint16(header, 0) & 0x7FFF; return ByteUtils.readUint16(header, 0) & 0x7FFF;
} }
static int getPaddingLength(byte[] header) {
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
return ByteUtils.readUint16(header, 2);
}
} }

2
briar-core/src/org/briarproject/crypto/StreamDecrypterFactoryImpl.java
View File

@@ -21,10 +21,10 @@ class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
public StreamDecrypter createStreamDecrypter(InputStream in, public StreamDecrypter createStreamDecrypter(InputStream in,
StreamContext ctx) { StreamContext ctx) {
// Derive the frame key
byte[] secret = ctx.getSecret(); byte[] secret = ctx.getSecret();
long streamNumber = ctx.getStreamNumber(); long streamNumber = ctx.getStreamNumber();
boolean alice = !ctx.getAlice(); boolean alice = !ctx.getAlice();
// Derive the frame key
SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice); SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
// Create the decrypter // Create the decrypter
return new StreamDecrypterImpl(in, crypto.getFrameCipher(), frameKey); return new StreamDecrypterImpl(in, crypto.getFrameCipher(), frameKey);

74
briar-core/src/org/briarproject/crypto/StreamDecrypterImpl.java
View File

@@ -1,10 +1,10 @@
package org.briarproject.crypto; package org.briarproject.crypto;
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH; import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH; import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import java.io.EOFException; import java.io.EOFException;
import java.io.IOException; import java.io.IOException;
@@ -21,7 +21,7 @@ class StreamDecrypterImpl implements StreamDecrypter {
private final InputStream in; private final InputStream in;
private final AuthenticatedCipher frameCipher; private final AuthenticatedCipher frameCipher;
private final SecretKey frameKey; private final SecretKey frameKey;
private final byte[] iv, aad, plaintext, ciphertext; private final byte[] iv, aad, header, ciphertext;
private long frameNumber; private long frameNumber;
private boolean finalFrame; private boolean finalFrame;
@@ -32,50 +32,66 @@ class StreamDecrypterImpl implements StreamDecrypter {
this.frameCipher = frameCipher; this.frameCipher = frameCipher;
this.frameKey = frameKey; this.frameKey = frameKey;
iv = new byte[IV_LENGTH]; iv = new byte[IV_LENGTH];
aad = new byte[AAD_LENGTH]; aad = new byte[IV_LENGTH];
plaintext = new byte[MAX_FRAME_LENGTH - MAC_LENGTH]; header = new byte[HEADER_LENGTH];
ciphertext = new byte[MAX_FRAME_LENGTH]; ciphertext = new byte[MAX_FRAME_LENGTH];
frameNumber = 0; frameNumber = 0;
finalFrame = false; finalFrame = false;
} }
public int readFrame(byte[] payload) throws IOException { public int readFrame(byte[] payload) throws IOException {
if(payload.length < MAX_PAYLOAD_LENGTH)
throw new IllegalArgumentException();
if(finalFrame) return -1; if(finalFrame) return -1;
// Read the frame // Read the header
int ciphertextLength = 0; int offset = 0;
while(ciphertextLength < MAX_FRAME_LENGTH) { while(offset < HEADER_LENGTH) {
int read = in.read(ciphertext, ciphertextLength, int read = in.read(ciphertext, offset, HEADER_LENGTH - offset);
MAX_FRAME_LENGTH - ciphertextLength); if(read == -1) throw new EOFException();
if(read == -1) break; // We'll check the length later offset += read;
ciphertextLength += read;
} }
int plaintextLength = ciphertextLength - MAC_LENGTH; // Decrypt and authenticate the header
if(plaintextLength < HEADER_LENGTH) throw new EOFException(); FrameEncoder.encodeIv(iv, frameNumber, true);
// Decrypt and authenticate the frame FrameEncoder.encodeIv(aad, frameNumber, true);
FrameEncoder.encodeIv(iv, frameNumber);
FrameEncoder.encodeAad(aad, frameNumber, plaintextLength);
try { try {
frameCipher.init(false, frameKey, iv, aad); frameCipher.init(false, frameKey, iv, aad);
int decrypted = frameCipher.doFinal(ciphertext, 0, ciphertextLength, int decrypted = frameCipher.process(ciphertext, 0, HEADER_LENGTH,
plaintext, 0); header, 0);
if(decrypted != plaintextLength) throw new RuntimeException(); if(decrypted != HEADER_LENGTH - MAC_LENGTH)
throw new RuntimeException();
} catch(GeneralSecurityException e) { } catch(GeneralSecurityException e) {
throw new FormatException(); throw new FormatException();
} }
// Decode and validate the header // Decode and validate the header
finalFrame = FrameEncoder.isFinalFrame(plaintext); finalFrame = FrameEncoder.isFinalFrame(header);
if(!finalFrame && ciphertextLength < MAX_FRAME_LENGTH) int payloadLength = FrameEncoder.getPayloadLength(header);
int paddingLength = FrameEncoder.getPaddingLength(header);
if(payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
throw new FormatException(); throw new FormatException();
int payloadLength = FrameEncoder.getPayloadLength(plaintext); // Read the payload and padding
if(payloadLength > plaintextLength - HEADER_LENGTH) int frameLength = HEADER_LENGTH + payloadLength + paddingLength
throw new FormatException(); + MAC_LENGTH;
// If there's any padding it must be all zeroes while(offset < frameLength) {
for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++) { int read = in.read(ciphertext, offset, frameLength - offset);
if(plaintext[i] != 0) throw new FormatException(); if(read == -1) throw new EOFException();
offset += read;
} }
// Decrypt and authenticate the payload and padding
FrameEncoder.encodeIv(iv, frameNumber, false);
FrameEncoder.encodeIv(aad, frameNumber, false);
try {
frameCipher.init(false, frameKey, iv, aad);
int decrypted = frameCipher.process(ciphertext, HEADER_LENGTH,
payloadLength + paddingLength + MAC_LENGTH, payload, 0);
if(decrypted != payloadLength + paddingLength)
throw new RuntimeException();
} catch(GeneralSecurityException e) {
throw new FormatException();
}
// If there's any padding it must be all zeroes
for(int i = 0; i < paddingLength; i++)
if(payload[payloadLength + i] != 0) throw new FormatException();
frameNumber++; frameNumber++;
// Copy the payload
System.arraycopy(plaintext, HEADER_LENGTH, payload, 0, payloadLength);
return payloadLength; return payloadLength;
} }
} }

61
briar-core/src/org/briarproject/crypto/StreamEncrypterImpl.java
View File

@@ -1,10 +1,10 @@
package org.briarproject.crypto; package org.briarproject.crypto;
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH; import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH; import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED; import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
import java.io.IOException; import java.io.IOException;
@@ -32,50 +32,57 @@ class StreamEncrypterImpl implements StreamEncrypter {
this.frameKey = frameKey; this.frameKey = frameKey;
this.tag = tag; this.tag = tag;
iv = new byte[IV_LENGTH]; iv = new byte[IV_LENGTH];
aad = new byte[AAD_LENGTH]; aad = new byte[IV_LENGTH];
plaintext = new byte[MAX_FRAME_LENGTH - MAC_LENGTH]; plaintext = new byte[HEADER_LENGTH + MAX_PAYLOAD_LENGTH];
ciphertext = new byte[MAX_FRAME_LENGTH]; ciphertext = new byte[MAX_FRAME_LENGTH];
frameNumber = 0; frameNumber = 0;
writeTag = (tag != null); writeTag = (tag != null);
} }
public void writeFrame(byte[] payload, int payloadLength, public void writeFrame(byte[] payload, int payloadLength,
boolean finalFrame) throws IOException { int paddingLength, boolean finalFrame) throws IOException {
if(frameNumber > MAX_32_BIT_UNSIGNED) throw new IllegalStateException(); if(payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
throw new IllegalArgumentException();
// Don't allow the frame counter to wrap
if(frameNumber > MAX_32_BIT_UNSIGNED) throw new IOException();
// Write the tag if required // Write the tag if required
if(writeTag) { if(writeTag) {
out.write(tag, 0, tag.length); out.write(tag, 0, tag.length);
writeTag = false; writeTag = false;
} }
// Don't pad the final frame
int plaintextLength, ciphertextLength;
if(finalFrame) {
plaintextLength = HEADER_LENGTH + payloadLength;
ciphertextLength = plaintextLength + MAC_LENGTH;
} else {
plaintextLength = MAX_FRAME_LENGTH - MAC_LENGTH;
ciphertextLength = MAX_FRAME_LENGTH;
}
// Encode the header // Encode the header
FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength); FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength,
// Copy the payload paddingLength);
System.arraycopy(payload, 0, plaintext, HEADER_LENGTH, payloadLength); // Encrypt and authenticate the header
// If there's any padding it must all be zeroes FrameEncoder.encodeIv(iv, frameNumber, true);
for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++) FrameEncoder.encodeIv(aad, frameNumber, true);
plaintext[i] = 0;
// Encrypt and authenticate the frame
FrameEncoder.encodeIv(iv, frameNumber);
FrameEncoder.encodeAad(aad, frameNumber, plaintextLength);
try { try {
frameCipher.init(true, frameKey, iv, aad); frameCipher.init(true, frameKey, iv, aad);
int encrypted = frameCipher.doFinal(plaintext, 0, plaintextLength, int encrypted = frameCipher.process(plaintext, 0,
ciphertext, 0); HEADER_LENGTH - MAC_LENGTH, ciphertext, 0);
if(encrypted != ciphertextLength) throw new RuntimeException(); if(encrypted != HEADER_LENGTH) throw new RuntimeException();
} catch(GeneralSecurityException badCipher) {
throw new RuntimeException(badCipher);
}
// Combine the payload and padding
System.arraycopy(payload, 0, plaintext, HEADER_LENGTH, payloadLength);
for(int i = 0; i < paddingLength; i++)
plaintext[HEADER_LENGTH + payloadLength + i] = 0;
// Encrypt and authenticate the payload and padding
FrameEncoder.encodeIv(iv, frameNumber, false);
FrameEncoder.encodeIv(aad, frameNumber, false);
try {
frameCipher.init(true, frameKey, iv, aad);
int encrypted = frameCipher.process(plaintext, HEADER_LENGTH,
payloadLength + paddingLength, ciphertext, HEADER_LENGTH);
if(encrypted != payloadLength + paddingLength + MAC_LENGTH)
throw new RuntimeException();
} catch(GeneralSecurityException badCipher) { } catch(GeneralSecurityException badCipher) {
throw new RuntimeException(badCipher); throw new RuntimeException(badCipher);
} }
// Write the frame // Write the frame
out.write(ciphertext, 0, ciphertextLength); out.write(ciphertext, 0, HEADER_LENGTH + payloadLength + paddingLength
+ MAC_LENGTH);
frameNumber++; frameNumber++;
} }

6
briar-core/src/org/briarproject/transport/StreamReaderImpl.java
View File

@@ -1,8 +1,6 @@
package org.briarproject.transport; package org.briarproject.transport;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
@@ -18,7 +16,7 @@ class StreamReaderImpl extends InputStream {
StreamReaderImpl(StreamDecrypter decrypter) { StreamReaderImpl(StreamDecrypter decrypter) {
this.decrypter = decrypter; this.decrypter = decrypter;
payload = new byte[MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH]; payload = new byte[MAX_PAYLOAD_LENGTH];
} }
@Override @Override

8
briar-core/src/org/briarproject/transport/StreamWriterImpl.java
View File

@@ -1,8 +1,6 @@
package org.briarproject.transport; package org.briarproject.transport;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
@@ -25,7 +23,7 @@ class StreamWriterImpl extends OutputStream {
StreamWriterImpl(StreamEncrypter encrypter) { StreamWriterImpl(StreamEncrypter encrypter) {
this.encrypter = encrypter; this.encrypter = encrypter;
payload = new byte[MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH]; payload = new byte[MAX_PAYLOAD_LENGTH];
} }
@Override @Override
@@ -69,7 +67,7 @@ class StreamWriterImpl extends OutputStream {
} }
private void writeFrame(boolean finalFrame) throws IOException { private void writeFrame(boolean finalFrame) throws IOException {
encrypter.writeFrame(payload, length, finalFrame); encrypter.writeFrame(payload, length, 0, finalFrame);
length = 0; length = 0;
} }
} }

160
briar-tests/src/org/briarproject/crypto/StreamDecrypterImplTest.java
View File

@@ -1,185 +1,37 @@
package org.briarproject.crypto; package org.briarproject.crypto;
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import java.io.ByteArrayInputStream;
import org.briarproject.BriarTestCase; import org.briarproject.BriarTestCase;
import org.briarproject.TestLifecycleModule;
import org.briarproject.TestSystemModule;
import org.briarproject.api.FormatException;
import org.briarproject.api.crypto.AuthenticatedCipher;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.util.ByteUtils;
import org.junit.Test; import org.junit.Test;
import com.google.inject.Guice;
import com.google.inject.Injector;
public class StreamDecrypterImplTest extends BriarTestCase { public class StreamDecrypterImplTest extends BriarTestCase {
// FIXME: This is an integration test, not a unit test
private static final int MAX_PAYLOAD_LENGTH =
MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH;
private final CryptoComponent crypto;
private final AuthenticatedCipher frameCipher;
private final SecretKey frameKey;
public StreamDecrypterImplTest() {
Injector i = Guice.createInjector(new CryptoModule(),
new TestLifecycleModule(), new TestSystemModule());
crypto = i.getInstance(CryptoComponent.class);
frameCipher = crypto.getFrameCipher();
frameKey = crypto.generateSecretKey();
}
@Test @Test
public void testReadValidFrames() throws Exception { public void testReadValidFrames() throws Exception {
// Generate two valid frames // FIXME
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, false);
byte[] frame1 = generateFrame(1, MAX_FRAME_LENGTH, 123, false, false);
// Concatenate the frames
byte[] valid = new byte[MAX_FRAME_LENGTH * 2];
System.arraycopy(frame, 0, valid, 0, MAX_FRAME_LENGTH);
System.arraycopy(frame1, 0, valid, MAX_FRAME_LENGTH, MAX_FRAME_LENGTH);
// Read the frames
ByteArrayInputStream in = new ByteArrayInputStream(valid);
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
frameKey);
byte[] payload = new byte[MAX_PAYLOAD_LENGTH];
assertEquals(123, i.readFrame(payload));
assertEquals(123, i.readFrame(payload));
} }
@Test @Test
public void testTruncatedFrameThrowsException() throws Exception { public void testTruncatedFrameThrowsException() throws Exception {
// Generate a valid frame // FIXME
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, false);
// Chop off the last byte
byte[] truncated = new byte[MAX_FRAME_LENGTH - 1];
System.arraycopy(frame, 0, truncated, 0, MAX_FRAME_LENGTH - 1);
// Try to read the frame, which should fail due to truncation
ByteArrayInputStream in = new ByteArrayInputStream(truncated);
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
frameKey);
try {
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
fail();
} catch(FormatException expected) {}
} }
@Test @Test
public void testModifiedFrameThrowsException() throws Exception { public void testModifiedFrameThrowsException() throws Exception {
// Generate a valid frame // FIXME
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, false);
// Modify a randomly chosen byte of the frame
frame[(int) (Math.random() * MAX_FRAME_LENGTH)] ^= 1;
// Try to read the frame, which should fail due to modification
ByteArrayInputStream in = new ByteArrayInputStream(frame);
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
frameKey);
try {
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
fail();
} catch(FormatException expected) {}
}
@Test
public void testShortNonFinalFrameThrowsException() throws Exception {
// Generate a short non-final frame
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH - 1, 123, false,
false);
// Try to read the frame, which should fail due to invalid length
ByteArrayInputStream in = new ByteArrayInputStream(frame);
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
frameKey);
try {
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
fail();
} catch(FormatException expected) {}
}
@Test
public void testShortFinalFrameDoesNotThrowException() throws Exception {
// Generate a short final frame
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH - 1, 123, true, false);
// Read the frame
ByteArrayInputStream in = new ByteArrayInputStream(frame);
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
frameKey);
int length = i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
assertEquals(123, length);
} }
@Test @Test
public void testInvalidPayloadLengthThrowsException() throws Exception { public void testInvalidPayloadLengthThrowsException() throws Exception {
// Generate a frame with an invalid payload length // FIXME
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, false);
ByteUtils.writeUint16(MAX_PAYLOAD_LENGTH + 1, frame, 0);
// Try to read the frame, which should fail due to invalid length
ByteArrayInputStream in = new ByteArrayInputStream(frame);
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
frameKey);
try {
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
fail();
} catch(FormatException expected) {}
} }
@Test @Test
public void testNonZeroPaddingThrowsException() throws Exception { public void testNonZeroPaddingThrowsException() throws Exception {
// Generate a frame with bad padding // FIXME
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, 123, false, true);
// Try to read the frame, which should fail due to bad padding
ByteArrayInputStream in = new ByteArrayInputStream(frame);
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
frameKey);
try {
i.readFrame(new byte[MAX_PAYLOAD_LENGTH]);
fail();
} catch(FormatException expected) {}
} }
@Test @Test
public void testCannotReadBeyondFinalFrame() throws Exception { public void testCannotReadBeyondFinalFrame() throws Exception {
// Generate a valid final frame and another valid final frame after it // FIXME
byte[] frame = generateFrame(0, MAX_FRAME_LENGTH, MAX_PAYLOAD_LENGTH,
true, false);
byte[] frame1 = generateFrame(1, MAX_FRAME_LENGTH, 123, true, false);
// Concatenate the frames
byte[] extraFrame = new byte[MAX_FRAME_LENGTH * 2];
System.arraycopy(frame, 0, extraFrame, 0, MAX_FRAME_LENGTH);
System.arraycopy(frame1, 0, extraFrame, MAX_FRAME_LENGTH,
MAX_FRAME_LENGTH);
// Read the final frame, which should first read the tag
ByteArrayInputStream in = new ByteArrayInputStream(extraFrame);
StreamDecrypterImpl i = new StreamDecrypterImpl(in, frameCipher,
frameKey);
byte[] payload = new byte[MAX_PAYLOAD_LENGTH];
assertEquals(MAX_PAYLOAD_LENGTH, i.readFrame(payload));
// The frame after the final frame should not be read
assertEquals(-1, i.readFrame(payload));
}
private byte[] generateFrame(long frameNumber, int frameLength,
int payloadLength, boolean finalFrame, boolean badPadding)
throws Exception {
byte[] iv = new byte[IV_LENGTH], aad = new byte[AAD_LENGTH];
byte[] plaintext = new byte[frameLength - MAC_LENGTH];
byte[] ciphertext = new byte[frameLength];
FrameEncoder.encodeIv(iv, frameNumber);
FrameEncoder.encodeAad(aad, frameNumber, plaintext.length);
frameCipher.init(true, frameKey, iv, aad);
FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength);
if(badPadding) plaintext[HEADER_LENGTH + payloadLength] = 1;
frameCipher.doFinal(plaintext, 0, plaintext.length, ciphertext, 0);
return ciphertext;
} }
} }

93
briar-tests/src/org/briarproject/crypto/StreamEncrypterImplTest.java
View File

@@ -1,102 +1,27 @@
package org.briarproject.crypto; package org.briarproject.crypto;
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import java.io.ByteArrayOutputStream;
import java.util.Random;
import org.briarproject.BriarTestCase; import org.briarproject.BriarTestCase;
import org.briarproject.TestLifecycleModule;
import org.briarproject.TestSystemModule;
import org.briarproject.api.crypto.AuthenticatedCipher;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey;
import org.junit.Test; import org.junit.Test;
import com.google.inject.Guice;
import com.google.inject.Injector;
public class StreamEncrypterImplTest extends BriarTestCase { public class StreamEncrypterImplTest extends BriarTestCase {
// FIXME: This is an integration test, not a unit test
private final CryptoComponent crypto;
private final AuthenticatedCipher frameCipher;
public StreamEncrypterImplTest() {
Injector i = Guice.createInjector(new CryptoModule(),
new TestLifecycleModule(), new TestSystemModule());
crypto = i.getInstance(CryptoComponent.class);
frameCipher = crypto.getFrameCipher();
}
@Test @Test
public void testEncryptionWithoutTag() throws Exception { public void testEncryptionWithoutTag() throws Exception {
int payloadLength = 123; // FIXME
byte[] iv = new byte[IV_LENGTH], aad = new byte[AAD_LENGTH];
byte[] plaintext = new byte[MAX_FRAME_LENGTH - MAC_LENGTH];
byte[] ciphertext = new byte[MAX_FRAME_LENGTH];
SecretKey frameKey = crypto.generateSecretKey();
// Calculate the expected ciphertext
FrameEncoder.encodeIv(iv, 0);
FrameEncoder.encodeAad(aad, 0, plaintext.length);
frameCipher.init(true, frameKey, iv, aad);
FrameEncoder.encodeHeader(plaintext, false, payloadLength);
frameCipher.doFinal(plaintext, 0, plaintext.length, ciphertext, 0);
// Check that the actual ciphertext matches what's expected
ByteArrayOutputStream out = new ByteArrayOutputStream();
StreamEncrypterImpl o = new StreamEncrypterImpl(out, frameCipher,
frameKey, null);
o.writeFrame(new byte[payloadLength], payloadLength, false);
byte[] actual = out.toByteArray();
assertEquals(MAX_FRAME_LENGTH, actual.length);
for(int i = 0; i < MAX_FRAME_LENGTH; i++)
assertEquals(ciphertext[i], actual[i]);
} }
@Test @Test
public void testEncryptionWithTag() throws Exception { public void testEncryptionWithTag() throws Exception {
byte[] tag = new byte[TAG_LENGTH]; // FIXME
new Random().nextBytes(tag);
int payloadLength = 123;
byte[] iv = new byte[IV_LENGTH], aad = new byte[AAD_LENGTH];
byte[] plaintext = new byte[MAX_FRAME_LENGTH - MAC_LENGTH];
byte[] ciphertext = new byte[MAX_FRAME_LENGTH];
SecretKey frameKey = crypto.generateSecretKey();
// Calculate the expected ciphertext
FrameEncoder.encodeIv(iv, 0);
FrameEncoder.encodeAad(aad, 0, plaintext.length);
frameCipher.init(true, frameKey, iv, aad);
FrameEncoder.encodeHeader(plaintext, false, payloadLength);
frameCipher.doFinal(plaintext, 0, plaintext.length, ciphertext, 0);
// Check that the actual tag and ciphertext match what's expected
ByteArrayOutputStream out = new ByteArrayOutputStream();
StreamEncrypterImpl o = new StreamEncrypterImpl(out, frameCipher,
frameKey, tag);
o.writeFrame(new byte[payloadLength], payloadLength, false);
byte[] actual = out.toByteArray();
assertEquals(TAG_LENGTH + MAX_FRAME_LENGTH, actual.length);
for(int i = 0; i < TAG_LENGTH; i++) assertEquals(tag[i], actual[i]);
for(int i = 0; i < MAX_FRAME_LENGTH; i++)
assertEquals(ciphertext[i], actual[TAG_LENGTH + i]);
} }
@Test @Test
public void testCloseConnectionWithoutWriting() throws Exception { public void testFlushWritesTagIfNotAlreadyWritten() throws Exception {
byte[] tag = new byte[TAG_LENGTH]; // FIXME
new Random().nextBytes(tag); }
ByteArrayOutputStream out = new ByteArrayOutputStream();
// Initiator's constructor @Test
StreamEncrypterImpl o = new StreamEncrypterImpl(out, frameCipher, public void testFlushDoesNotWriteTagIfAlreadyWritten() throws Exception {
crypto.generateSecretKey(), tag); // FIXME
// Write an empty final frame without having written any other frames
o.writeFrame(new byte[MAX_FRAME_LENGTH - MAC_LENGTH], 0, true);
// The tag and the empty frame should be written to the output stream
assertEquals(TAG_LENGTH + HEADER_LENGTH + MAC_LENGTH, out.size());
} }
} }

7
briar-tests/src/org/briarproject/transport/StreamReaderImplTest.java
View File

@@ -1,8 +1,6 @@
package org.briarproject.transport; package org.briarproject.transport;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import org.briarproject.BriarTestCase; import org.briarproject.BriarTestCase;
import org.briarproject.api.crypto.StreamDecrypter; import org.briarproject.api.crypto.StreamDecrypter;
@@ -12,9 +10,6 @@ import org.junit.Test;
public class StreamReaderImplTest extends BriarTestCase { public class StreamReaderImplTest extends BriarTestCase {
private static final int MAX_PAYLOAD_LENGTH =
MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH;
@Test @Test
public void testEmptyFramesAreSkipped() throws Exception { public void testEmptyFramesAreSkipped() throws Exception {
Mockery context = new Mockery(); Mockery context = new Mockery();

33
briar-tests/src/org/briarproject/transport/StreamWriterImplTest.java
View File

@@ -1,8 +1,6 @@
package org.briarproject.transport; package org.briarproject.transport;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH; import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import org.briarproject.BriarTestCase; import org.briarproject.BriarTestCase;
import org.briarproject.api.crypto.StreamEncrypter; import org.briarproject.api.crypto.StreamEncrypter;
@@ -12,9 +10,6 @@ import org.junit.Test;
public class StreamWriterImplTest extends BriarTestCase { public class StreamWriterImplTest extends BriarTestCase {
private static final int MAX_PAYLOAD_LENGTH =
MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH;
@Test @Test
public void testCloseWithoutWritingWritesFinalFrame() throws Exception { public void testCloseWithoutWritingWritesFinalFrame() throws Exception {
Mockery context = new Mockery(); Mockery context = new Mockery();
@@ -22,7 +17,7 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Write an empty final frame // Write an empty final frame
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0), oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
with(true)); with(0), with(true));
// Flush the stream // Flush the stream
oneOf(encrypter).flush(); oneOf(encrypter).flush();
}}); }});
@@ -40,7 +35,7 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Write a non-final frame with an empty payload // Write a non-final frame with an empty payload
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0), oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
with(false)); with(0), with(false));
// Flush the stream // Flush the stream
oneOf(encrypter).flush(); oneOf(encrypter).flush();
}}); }});
@@ -51,7 +46,7 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Closing the writer writes a final frame and flushes again // Closing the writer writes a final frame and flushes again
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0), oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
with(true)); with(0), with(true));
oneOf(encrypter).flush(); oneOf(encrypter).flush();
}}); }});
w.close(); w.close();
@@ -67,7 +62,7 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Write a non-final frame with one payload byte // Write a non-final frame with one payload byte
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(1), oneOf(encrypter).writeFrame(with(any(byte[].class)), with(1),
with(false)); with(0), with(false));
// Flush the stream // Flush the stream
oneOf(encrypter).flush(); oneOf(encrypter).flush();
}}); }});
@@ -79,7 +74,7 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Closing the writer writes a final frame and flushes again // Closing the writer writes a final frame and flushes again
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0), oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
with(true)); with(0), with(true));
oneOf(encrypter).flush(); oneOf(encrypter).flush();
}}); }});
w.close(); w.close();
@@ -94,18 +89,16 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Write a full non-final frame // Write a full non-final frame
oneOf(encrypter).writeFrame(with(any(byte[].class)), oneOf(encrypter).writeFrame(with(any(byte[].class)),
with(MAX_PAYLOAD_LENGTH), with(false)); with(MAX_PAYLOAD_LENGTH), with(0), with(false));
}}); }});
for(int i = 0; i < MAX_PAYLOAD_LENGTH; i++) { for(int i = 0; i < MAX_PAYLOAD_LENGTH; i++) w.write(0);
w.write(0);
}
context.assertIsSatisfied(); context.assertIsSatisfied();
// Clean up // Clean up
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Closing the writer writes a final frame and flushes again // Closing the writer writes a final frame and flushes again
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0), oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
with(true)); with(0), with(true));
oneOf(encrypter).flush(); oneOf(encrypter).flush();
}}); }});
w.close(); w.close();
@@ -120,7 +113,7 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Write two full non-final frames // Write two full non-final frames
exactly(2).of(encrypter).writeFrame(with(any(byte[].class)), exactly(2).of(encrypter).writeFrame(with(any(byte[].class)),
with(MAX_PAYLOAD_LENGTH), with(false)); with(MAX_PAYLOAD_LENGTH), with(0), with(false));
}}); }});
// Sanity check // Sanity check
assertEquals(0, MAX_PAYLOAD_LENGTH % 2); assertEquals(0, MAX_PAYLOAD_LENGTH % 2);
@@ -136,7 +129,7 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Closing the writer writes a final frame and flushes again // Closing the writer writes a final frame and flushes again
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0), oneOf(encrypter).writeFrame(with(any(byte[].class)), with(0),
with(true)); with(0), with(true));
oneOf(encrypter).flush(); oneOf(encrypter).flush();
}}); }});
w.close(); w.close();
@@ -151,10 +144,10 @@ public class StreamWriterImplTest extends BriarTestCase {
context.checking(new Expectations() {{ context.checking(new Expectations() {{
// Write two full non-final frames // Write two full non-final frames
exactly(2).of(encrypter).writeFrame(with(any(byte[].class)), exactly(2).of(encrypter).writeFrame(with(any(byte[].class)),
with(MAX_PAYLOAD_LENGTH), with(false)); with(MAX_PAYLOAD_LENGTH), with(0), with(false));
// Write a final frame with a one-byte payload // Write a final frame with a one-byte payload
oneOf(encrypter).writeFrame(with(any(byte[].class)), with(1), oneOf(encrypter).writeFrame(with(any(byte[].class)), with(1),
with(true)); with(0), with(true));
// Flush the stream // Flush the stream
oneOf(encrypter).flush(); oneOf(encrypter).flush();
}}); }});

2
briar-tests/src/org/briarproject/transport/TestStreamEncrypter.java
View File

@@ -24,7 +24,7 @@ class TestStreamEncrypter implements StreamEncrypter {
} }
public void writeFrame(byte[] payload, int payloadLength, public void writeFrame(byte[] payload, int payloadLength,
boolean finalFrame) throws IOException { int paddingLength, boolean finalFrame) throws IOException {
if(writeTag) { if(writeTag) {
out.write(tag); out.write(tag);
writeTag = false; writeTag = false;