Removed the initiator flag from the IV (no longer needed with the new

key derivation rules).

components/net/sf/briar/transport/ConnectionReaderFactoryImpl.java

@@ -44,7 +44,9 @@ class ConnectionReaderFactoryImpl implements ConnectionReaderFactory {
 		}
 		ivKey.erase();
 		// Validate the IV
-		if(!IvEncoder.validateIv(iv, true, ctx))
+		int index = ctx.getTransportIndex().getInt();
+		long connection = ctx.getConnectionNumber();
+		if(!IvEncoder.validateIv(iv, index, connection))
 			throw new IllegalArgumentException();
 		return createConnectionReader(in, true, ctx);
 	}
@@ -62,7 +64,9 @@ class ConnectionReaderFactoryImpl implements ConnectionReaderFactory {
 		ErasableKey macKey = crypto.deriveMacKey(secret, initiator);
 		ByteUtils.erase(secret);
 		// Create the decrypter
-		byte[] iv = IvEncoder.encodeIv(initiator, ctx);
+		int index = ctx.getTransportIndex().getInt();
+		long connection = ctx.getConnectionNumber();
+		byte[] iv = IvEncoder.encodeIv(index, connection);
 		Cipher frameCipher = crypto.getFrameCipher();
 		ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in, iv,
 				frameCipher, frameKey);

components/net/sf/briar/transport/ConnectionRecogniserImpl.java

@@ -103,7 +103,7 @@ DatabaseListener {
 
 	// Locking: this
 	private Bytes calculateIv(Context ctx, byte[] secret) {
-		byte[] iv = IvEncoder.encodeIv(true, ctx.transportIndex.getInt(),
+		byte[] iv = IvEncoder.encodeIv(ctx.transportIndex.getInt(),
 				ctx.connection);
 		ErasableKey ivKey = crypto.deriveIvKey(secret, true);
 		try {

components/net/sf/briar/transport/ConnectionWriterFactoryImpl.java

@@ -49,7 +49,9 @@ class ConnectionWriterFactoryImpl implements ConnectionWriterFactory {
 		}
 		ivKey.erase();
 		// Validate the IV
-		if(!IvEncoder.validateIv(iv, true, ctx))
+		int index = ctx.getTransportIndex().getInt();
+		long connection = ctx.getConnectionNumber();
+		if(!IvEncoder.validateIv(iv, index, connection))
 			throw new IllegalArgumentException();
 		return createConnectionWriter(out, capacity, false, ctx);
 	}
@@ -63,9 +65,11 @@ class ConnectionWriterFactoryImpl implements ConnectionWriterFactory {
 		ErasableKey macKey = crypto.deriveMacKey(secret, initiator);
 		ByteUtils.erase(secret);
 		// Create the encrypter
+		int index = ctx.getTransportIndex().getInt();
+		long connection = ctx.getConnectionNumber();
+		byte[] iv = IvEncoder.encodeIv(index, connection);
 		Cipher ivCipher = crypto.getIvCipher();
 		Cipher frameCipher = crypto.getFrameCipher();
-		byte[] iv = IvEncoder.encodeIv(initiator, ctx);
 		ConnectionEncrypter encrypter = new ConnectionEncrypterImpl(out,
 				capacity, iv, ivCipher, frameCipher, ivKey, frameKey);
 		// Create the writer

components/net/sf/briar/transport/IvEncoder.java

@@ -1,20 +1,12 @@
 package net.sf.briar.transport;
 
 import static net.sf.briar.api.transport.TransportConstants.IV_LENGTH;
-import net.sf.briar.api.transport.ConnectionContext;
 import net.sf.briar.util.ByteUtils;
 
 class IvEncoder {
 
-	static byte[] encodeIv(boolean initiator, ConnectionContext ctx) {
-		return encodeIv(initiator, ctx.getTransportIndex().getInt(),
-				ctx.getConnectionNumber());
-	}
-
-	static byte[] encodeIv(boolean initiator, int index, long connection) {
+	static byte[] encodeIv(int index, long connection) {
 		byte[] iv = new byte[IV_LENGTH];
-		// Bit 31 is the initiator flag
-		if(initiator) iv[3] = 1;
 		// Encode the transport index as an unsigned 16-bit integer
 		ByteUtils.writeUint16(index, iv, 4);
 		// Encode the connection number as an unsigned 32-bit integer
@@ -28,21 +20,11 @@ class IvEncoder {
 		ByteUtils.writeUint32(frame, iv, 10);
 	}
 
-	static boolean validateIv(byte[] iv, boolean initiator,
-			ConnectionContext ctx) {
-		return validateIv(iv, initiator, ctx.getTransportIndex().getInt(),
-				ctx.getConnectionNumber());
-	}
-
-	static boolean validateIv(byte[] iv, boolean initiator, int index,
-			long connection) {
+	static boolean validateIv(byte[] iv, int index, long connection) {
 		if(iv.length != IV_LENGTH) return false;
 		// Check that the reserved bits are all zero
-		for(int j = 0; j < 2; j++) if(iv[j] != 0) return false;
-		if(iv[3] != 0 && iv[3] != 1) return false;
-		for(int j = 10; j < iv.length; j++) if(iv[j] != 0) return false;
-		// Check that the initiator flag matches
-		if(initiator != getInitiatorFlag(iv)) return false;
+		for(int i = 0; i < 3; i++) if(iv[i] != 0) return false;
+		for(int i = 10; i < iv.length; i++) if(iv[i] != 0) return false;
 		// Check that the transport index matches
 		if(index != getTransportIndex(iv)) return false;
 		// Check that the connection number matches
@@ -51,11 +33,6 @@ class IvEncoder {
 		return true;
 	}
 
-	static boolean getInitiatorFlag(byte[] iv) {
-		if(iv.length != IV_LENGTH) throw new IllegalArgumentException();
-		return (iv[3] & 1) == 1;
-	}
-
 	static int getTransportIndex(byte[] iv) {
 		if(iv.length != IV_LENGTH) throw new IllegalArgumentException();
 		return ByteUtils.readUint16(iv, 4);