Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-15 04:18:53 +01:00
Code Issues Projects Releases Wiki Activity

Code clarity, more unit tests for ByteUtils.

Browse Source 
Addresses comments for !48.
This commit is contained in:
akwizgran
2016-01-12 11:10:22 +00:00
parent 99f8d21eea
commit 3c6ead0603
11 changed files with 242 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
briar-core/src/org/briarproject/crypto/CryptoComponentImpl.java
View File

@@ -42,6 +42,8 @@ import static java.util.logging.Level.INFO;
import static org.briarproject.api.invitation.InvitationConstants.CODE_BITS;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import static org.briarproject.crypto.EllipticCurveConstants.PARAMETERS;
import static org.briarproject.util.ByteUtils.INT_32_BYTES;
import static org.briarproject.util.ByteUtils.INT_64_BYTES;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
class CryptoComponentImpl implements CryptoComponent {
@@ -287,7 +289,7 @@ class CryptoComponentImpl implements CryptoComponent {
}
private SecretKey rotateKey(SecretKey k, long rotationPeriod) {
byte[] period = new byte[8];
byte[] period = new byte[INT_64_BYTES];
ByteUtils.writeUint64(rotationPeriod, period, 0);
return new SecretKey(macKdf(k, ROTATE, period));
}
@@ -314,7 +316,7 @@ class CryptoComponentImpl implements CryptoComponent {
int macLength = prf.getDigestSize();
if (macLength < TAG_LENGTH) throw new IllegalStateException();
// The input is the stream number as a 64-bit integer
byte[] input = new byte[8];
byte[] input = new byte[INT_64_BYTES];
ByteUtils.writeUint64(streamNumber, input, 0);
prf.update(input, 0, input.length);
byte[] mac = new byte[macLength];
@@ -337,15 +339,16 @@ class CryptoComponentImpl implements CryptoComponent {
byte[] iv = new byte[STORAGE_IV_BYTES];
secureRandom.nextBytes(iv);
// The output contains the salt, iterations, IV, ciphertext and MAC
int outputLen = salt.length + 4 + iv.length + input.length + macBytes;
int outputLen = salt.length + INT_32_BYTES + iv.length + input.length
+ macBytes;
byte[] output = new byte[outputLen];
System.arraycopy(salt, 0, output, 0, salt.length);
ByteUtils.writeUint32(iterations, output, salt.length);
System.arraycopy(iv, 0, output, salt.length + 4, iv.length);
System.arraycopy(iv, 0, output, salt.length + INT_32_BYTES, iv.length);
// Initialise the cipher and encrypt the plaintext
try {
cipher.init(true, key, iv);
int outputOff = salt.length + 4 + iv.length;
int outputOff = salt.length + INT_32_BYTES + iv.length;
cipher.process(input, 0, input.length, output, outputOff);
return output;
} catch (GeneralSecurityException e) {
@@ -357,7 +360,8 @@ class CryptoComponentImpl implements CryptoComponent {
AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
int macBytes = cipher.getMacBytes();
// The input contains the salt, iterations, IV, ciphertext and MAC
if (input.length < PBKDF_SALT_BYTES + 4 + STORAGE_IV_BYTES + macBytes)
if (input.length < PBKDF_SALT_BYTES + INT_32_BYTES + STORAGE_IV_BYTES
+ macBytes)
return null; // Invalid input
byte[] salt = new byte[PBKDF_SALT_BYTES];
System.arraycopy(input, 0, salt, 0, salt.length);
@@ -365,7 +369,7 @@ class CryptoComponentImpl implements CryptoComponent {
if (iterations < 0 || iterations > Integer.MAX_VALUE)
return null; // Invalid iteration count
byte[] iv = new byte[STORAGE_IV_BYTES];
System.arraycopy(input, salt.length + 4, iv, 0, iv.length);
System.arraycopy(input, salt.length + INT_32_BYTES, iv, 0, iv.length);
// Derive the key from the password
SecretKey key = new SecretKey(pbkdf2(password, salt, (int) iterations));
// Initialise the cipher
@@ -376,7 +380,7 @@ class CryptoComponentImpl implements CryptoComponent {
}
// Try to decrypt the ciphertext (may be invalid)
try {
int inputOff = salt.length + 4 + iv.length;
int inputOff = salt.length + INT_32_BYTES + iv.length;
int inputLen = input.length - inputOff;
byte[] output = new byte[inputLen - macBytes];
cipher.process(input, inputOff, inputLen, output, 0);
@@ -394,7 +398,7 @@ class CryptoComponentImpl implements CryptoComponent {
int hashLength = digest.getDigestSize();
if (hashLength < SecretKey.LENGTH) throw new IllegalStateException();
// Calculate the hash over the concatenated length-prefixed inputs
byte[] length = new byte[4];
byte[] length = new byte[INT_32_BYTES];
for (byte[] input : inputs) {
ByteUtils.writeUint32(input.length, length, 0);
digest.update(length, 0, length.length);
@@ -418,7 +422,7 @@ class CryptoComponentImpl implements CryptoComponent {
int macLength = prf.getDigestSize();
if (macLength < SecretKey.LENGTH) throw new IllegalStateException();
// Calculate the PRF over the concatenated length-prefixed inputs
byte[] length = new byte[4];
byte[] length = new byte[INT_32_BYTES];
for (byte[] input : inputs) {
ByteUtils.writeUint32(input.length, length, 0);
prf.update(length, 0, length.length);

35
briar-core/src/org/briarproject/crypto/FrameEncoder.java
View File

@@ -2,48 +2,51 @@ package org.briarproject.crypto;
import org.briarproject.util.ByteUtils;
import static org.briarproject.api.transport.TransportConstants.FRAME_HEADER_PAYLOAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_HEADER_PLAINTEXT_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_NONCE_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import static org.briarproject.util.ByteUtils.INT_16_BYTES;
import static org.briarproject.util.ByteUtils.INT_64_BYTES;
class FrameEncoder {
static void encodeIv(byte[] iv, long frameNumber, boolean header) {
if (iv.length < FRAME_IV_LENGTH) throw new IllegalArgumentException();
static void encodeNonce(byte[] dest, long frameNumber, boolean header) {
if (dest.length < FRAME_NONCE_LENGTH)
throw new IllegalArgumentException();
if (frameNumber < 0) throw new IllegalArgumentException();
ByteUtils.writeUint64(frameNumber, iv, 0);
if (header) iv[0] |= 0x80;
for (int i = 8; i < FRAME_IV_LENGTH; i++) iv[i] = 0;
ByteUtils.writeUint64(frameNumber, dest, 0);
if (header) dest[0] |= 0x80;
for (int i = INT_64_BYTES; i < FRAME_NONCE_LENGTH; i++) dest[i] = 0;
}
static void encodeHeader(byte[] header, boolean finalFrame,
static void encodeHeader(byte[] dest, boolean finalFrame,
int payloadLength, int paddingLength) {
if (header.length < FRAME_HEADER_PAYLOAD_LENGTH)
if (dest.length < FRAME_HEADER_PLAINTEXT_LENGTH)
throw new IllegalArgumentException();
if (payloadLength < 0) throw new IllegalArgumentException();
if (paddingLength < 0) throw new IllegalArgumentException();
if (payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
throw new IllegalArgumentException();
ByteUtils.writeUint16(payloadLength, header, 0);
ByteUtils.writeUint16(paddingLength, header, 2);
if (finalFrame) header[0] |= 0x80;
ByteUtils.writeUint16(payloadLength, dest, 0);
ByteUtils.writeUint16(paddingLength, dest, INT_16_BYTES);
if (finalFrame) dest[0] |= 0x80;
}
static boolean isFinalFrame(byte[] header) {
if (header.length < FRAME_HEADER_PAYLOAD_LENGTH)
if (header.length < FRAME_HEADER_PLAINTEXT_LENGTH)
throw new IllegalArgumentException();
return (header[0] & 0x80) == 0x80;
}
static int getPayloadLength(byte[] header) {
if (header.length < FRAME_HEADER_PAYLOAD_LENGTH)
if (header.length < FRAME_HEADER_PLAINTEXT_LENGTH)
throw new IllegalArgumentException();
return ByteUtils.readUint16(header, 0) & 0x7FFF;
}
static int getPaddingLength(byte[] header) {
if (header.length < FRAME_HEADER_PAYLOAD_LENGTH)
if (header.length < FRAME_HEADER_PLAINTEXT_LENGTH)
throw new IllegalArgumentException();
return ByteUtils.readUint16(header, 2);
return ByteUtils.readUint16(header, INT_16_BYTES);
}
}

6
briar-core/src/org/briarproject/crypto/PseudoRandomImpl.java
View File

@@ -3,14 +3,16 @@ package org.briarproject.crypto;
import org.briarproject.api.crypto.PseudoRandom;
import org.briarproject.util.ByteUtils;
import static org.briarproject.util.ByteUtils.INT_32_BYTES;
class PseudoRandomImpl implements PseudoRandom {
private final FortunaGenerator generator;
PseudoRandomImpl(int seed1, int seed2) {
byte[] seed = new byte[8];
byte[] seed = new byte[INT_32_BYTES * 2];
ByteUtils.writeUint32(seed1, seed, 0);
ByteUtils.writeUint32(seed2, seed, 4);
ByteUtils.writeUint32(seed2, seed, INT_32_BYTES);
generator = new FortunaGenerator(seed);
}

20
briar-core/src/org/briarproject/crypto/StreamDecrypterImpl.java
View File

@@ -10,8 +10,8 @@ import java.io.InputStream;
import java.security.GeneralSecurityException;
import static org.briarproject.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_HEADER_PAYLOAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_HEADER_PLAINTEXT_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_NONCE_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
@@ -23,7 +23,7 @@ class StreamDecrypterImpl implements StreamDecrypter {
private final InputStream in;
private final AuthenticatedCipher cipher;
private final SecretKey streamHeaderKey;
private final byte[] frameIv, frameHeader, frameCiphertext;
private final byte[] frameNonce, frameHeader, frameCiphertext;
private SecretKey frameKey;
private long frameNumber;
@@ -34,8 +34,8 @@ class StreamDecrypterImpl implements StreamDecrypter {
this.in = in;
this.cipher = cipher;
this.streamHeaderKey = streamHeaderKey;
frameIv = new byte[FRAME_IV_LENGTH];
frameHeader = new byte[FRAME_HEADER_PAYLOAD_LENGTH];
frameNonce = new byte[FRAME_NONCE_LENGTH];
frameHeader = new byte[FRAME_HEADER_PLAINTEXT_LENGTH];
frameCiphertext = new byte[MAX_FRAME_LENGTH];
frameKey = null;
frameNumber = 0;
@@ -60,12 +60,12 @@ class StreamDecrypterImpl implements StreamDecrypter {
offset += read;
}
// Decrypt and authenticate the frame header
FrameEncoder.encodeIv(frameIv, frameNumber, true);
FrameEncoder.encodeNonce(frameNonce, frameNumber, true);
try {
cipher.init(false, frameKey, frameIv);
cipher.init(false, frameKey, frameNonce);
int decrypted = cipher.process(frameCiphertext, 0,
FRAME_HEADER_LENGTH, frameHeader, 0);
if (decrypted != FRAME_HEADER_PAYLOAD_LENGTH)
if (decrypted != FRAME_HEADER_PLAINTEXT_LENGTH)
throw new RuntimeException();
} catch (GeneralSecurityException e) {
throw new FormatException();
@@ -85,9 +85,9 @@ class StreamDecrypterImpl implements StreamDecrypter {
offset += read;
}
// Decrypt and authenticate the payload and padding
FrameEncoder.encodeIv(frameIv, frameNumber, false);
FrameEncoder.encodeNonce(frameNonce, frameNumber, false);
try {
cipher.init(false, frameKey, frameIv);
cipher.init(false, frameKey, frameNonce);
int decrypted = cipher.process(frameCiphertext, FRAME_HEADER_LENGTH,
payloadLength + paddingLength + MAC_LENGTH, payload, 0);
if (decrypted != payloadLength + paddingLength)

20
briar-core/src/org/briarproject/crypto/StreamEncrypterImpl.java
View File

@@ -8,8 +8,8 @@ import java.io.OutputStream;
import java.security.GeneralSecurityException;
import static org.briarproject.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_HEADER_PAYLOAD_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_HEADER_PLAINTEXT_LENGTH;
import static org.briarproject.api.transport.TransportConstants.FRAME_NONCE_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
@@ -22,7 +22,7 @@ class StreamEncrypterImpl implements StreamEncrypter {
private final AuthenticatedCipher cipher;
private final SecretKey streamHeaderKey, frameKey;
private final byte[] tag, streamHeaderIv;
private final byte[] frameIv, frameHeader, framePlaintext, frameCiphertext;
private final byte[] frameNonce, frameHeader, framePlaintext, frameCiphertext;
private long frameNumber;
private boolean writeTag, writeStreamHeader;
@@ -36,8 +36,8 @@ class StreamEncrypterImpl implements StreamEncrypter {
this.streamHeaderIv = streamHeaderIv;
this.streamHeaderKey = streamHeaderKey;
this.frameKey = frameKey;
frameIv = new byte[FRAME_IV_LENGTH];
frameHeader = new byte[FRAME_HEADER_PAYLOAD_LENGTH];
frameNonce = new byte[FRAME_NONCE_LENGTH];
frameHeader = new byte[FRAME_HEADER_PLAINTEXT_LENGTH];
framePlaintext = new byte[MAX_PAYLOAD_LENGTH];
frameCiphertext = new byte[MAX_FRAME_LENGTH];
frameNumber = 0;
@@ -59,11 +59,11 @@ class StreamEncrypterImpl implements StreamEncrypter {
FrameEncoder.encodeHeader(frameHeader, finalFrame, payloadLength,
paddingLength);
// Encrypt and authenticate the frame header
FrameEncoder.encodeIv(frameIv, frameNumber, true);
FrameEncoder.encodeNonce(frameNonce, frameNumber, true);
try {
cipher.init(true, frameKey, frameIv);
cipher.init(true, frameKey, frameNonce);
int encrypted = cipher.process(frameHeader, 0,
FRAME_HEADER_PAYLOAD_LENGTH, frameCiphertext, 0);
FRAME_HEADER_PLAINTEXT_LENGTH, frameCiphertext, 0);
if (encrypted != FRAME_HEADER_LENGTH) throw new RuntimeException();
} catch (GeneralSecurityException badCipher) {
throw new RuntimeException(badCipher);
@@ -73,9 +73,9 @@ class StreamEncrypterImpl implements StreamEncrypter {
for (int i = 0; i < paddingLength; i++)
framePlaintext[payloadLength + i] = 0;
// Encrypt and authenticate the payload and padding
FrameEncoder.encodeIv(frameIv, frameNumber, false);
FrameEncoder.encodeNonce(frameNonce, frameNumber, false);
try {
cipher.init(true, frameKey, frameIv);
cipher.init(true, frameKey, frameNonce);
int encrypted = cipher.process(framePlaintext, 0,
payloadLength + paddingLength, frameCiphertext,
FRAME_HEADER_LENGTH);

101
briar-core/src/org/briarproject/util/ByteUtils.java
View File

@@ -12,63 +12,72 @@ public class ByteUtils {
*/
public static final long MAX_32_BIT_UNSIGNED = 4294967295L; // 2^32 - 1
public static void writeUint8(int i, byte[] b, int offset) {
if (i < 0) throw new IllegalArgumentException();
if (i > 255) throw new IllegalArgumentException();
if (b.length < offset) throw new IllegalArgumentException();
b[offset] = (byte) i;
/** The number of bytes needed to encode a 16-bit integer. */
public static final int INT_16_BYTES = 2;
/** The number of bytes needed to encode a 32-bit integer. */
public static final int INT_32_BYTES = 4;
/** The number of bytes needed to encode a 64-bit integer. */
public static final int INT_64_BYTES = 8;
public static void writeUint16(int src, byte[] dest, int offset) {
if (src < 0) throw new IllegalArgumentException();
if (src > MAX_16_BIT_UNSIGNED) throw new IllegalArgumentException();
if (dest.length < offset + INT_16_BYTES)
throw new IllegalArgumentException();
dest[offset] = (byte) (src >> 8);
dest[offset + 1] = (byte) (src & 0xFF);
}
public static void writeUint16(int i, byte[] b, int offset) {
if (i < 0) throw new IllegalArgumentException();
if (i > MAX_16_BIT_UNSIGNED) throw new IllegalArgumentException();
if (b.length < offset + 2) throw new IllegalArgumentException();
b[offset] = (byte) (i >> 8);
b[offset + 1] = (byte) (i & 0xFF);
public static void writeUint32(long src, byte[] dest, int offset) {
if (src < 0) throw new IllegalArgumentException();
if (src > MAX_32_BIT_UNSIGNED) throw new IllegalArgumentException();
if (dest.length < offset + INT_32_BYTES)
throw new IllegalArgumentException();
dest[offset] = (byte) (src >> 24);
dest[offset + 1] = (byte) (src >> 16 & 0xFF);
dest[offset + 2] = (byte) (src >> 8 & 0xFF);
dest[offset + 3] = (byte) (src & 0xFF);
}
public static void writeUint32(long i, byte[] b, int offset) {
if (i < 0) throw new IllegalArgumentException();
if (i > MAX_32_BIT_UNSIGNED) throw new IllegalArgumentException();
if (b.length < offset + 4) throw new IllegalArgumentException();
b[offset] = (byte) (i >> 24);
b[offset + 1] = (byte) (i >> 16 & 0xFF);
b[offset + 2] = (byte) (i >> 8 & 0xFF);
b[offset + 3] = (byte) (i & 0xFF);
public static void writeUint64(long src, byte[] dest, int offset) {
if (src < 0) throw new IllegalArgumentException();
if (dest.length < offset + INT_64_BYTES)
throw new IllegalArgumentException();
dest[offset] = (byte) (src >> 56);
dest[offset + 1] = (byte) (src >> 48 & 0xFF);
dest[offset + 2] = (byte) (src >> 40 & 0xFF);
dest[offset + 3] = (byte) (src >> 32 & 0xFF);
dest[offset + 4] = (byte) (src >> 24 & 0xFF);
dest[offset + 5] = (byte) (src >> 16 & 0xFF);
dest[offset + 6] = (byte) (src >> 8 & 0xFF);
dest[offset + 7] = (byte) (src & 0xFF);
}
public static void writeUint64(long i, byte[] b, int offset) {
if (i < 0) throw new IllegalArgumentException();
if (b.length < offset + 8) throw new IllegalArgumentException();
b[offset] = (byte) (i >> 56);
b[offset + 1] = (byte) (i >> 48 & 0xFF);
b[offset + 2] = (byte) (i >> 40 & 0xFF);
b[offset + 3] = (byte) (i >> 32 & 0xFF);
b[offset + 4] = (byte) (i >> 24 & 0xFF);
b[offset + 5] = (byte) (i >> 16 & 0xFF);
b[offset + 6] = (byte) (i >> 8 & 0xFF);
b[offset + 7] = (byte) (i & 0xFF);
public static int readUint16(byte[] src, int offset) {
if (src.length < offset + INT_16_BYTES)
throw new IllegalArgumentException();
return ((src[offset] & 0xFF) << 8) | (src[offset + 1] & 0xFF);
}
public static int readUint16(byte[] b, int offset) {
if (b.length < offset + 2) throw new IllegalArgumentException();
return ((b[offset] & 0xFF) << 8) | (b[offset + 1] & 0xFF);
public static long readUint32(byte[] src, int offset) {
if (src.length < offset + INT_32_BYTES)
throw new IllegalArgumentException();
return ((src[offset] & 0xFFL) << 24)
| ((src[offset + 1] & 0xFFL) << 16)
| ((src[offset + 2] & 0xFFL) << 8)
| (src[offset + 3] & 0xFFL);
}
public static long readUint32(byte[] b, int offset) {
if (b.length < offset + 4) throw new IllegalArgumentException();
return ((b[offset] & 0xFFL) << 24) | ((b[offset + 1] & 0xFFL) << 16)
| ((b[offset + 2] & 0xFFL) << 8) | (b[offset + 3] & 0xFFL);
}
public static int readUint(byte[] b, int bits) {
if (b.length << 3 < bits) throw new IllegalArgumentException();
int result = 0;
public static int readUint(byte[] src, int bits) {
if (src.length << 3 < bits) throw new IllegalArgumentException();
int dest = 0;
for (int i = 0; i < bits; i++) {
if ((b[i >> 3] & 128 >> (i & 7)) != 0) result |= 1 << bits - i - 1;
if ((src[i >> 3] & 128 >> (i & 7)) != 0) dest |= 1 << bits - i - 1;
}
assert result >= 0;
assert result < 1 << bits;
return result;
assert dest >= 0;
assert dest < 1 << bits;
return dest;
}
}