Use a provider to instantiate AuthenticatedCipher on each use, to prevent concurrency problems

briar-core/src/main/java/org/briarproject/briar/socialbackup/recovery/CustodianTaskImpl.java

@@ -19,6 +19,7 @@ import java.security.GeneralSecurityException;
 import java.util.logging.Logger;
 
 import javax.inject.Inject;
+import javax.inject.Provider;
 
 import static java.util.logging.Logger.getLogger;
 
@@ -29,7 +30,6 @@ public class CustodianTaskImpl extends ReturnShardTaskImpl
 	private final ClientHelper clientHelper;
 	private InetSocketAddress remoteSocketAddress;
 	private Socket socket;
-	private final AuthenticatedCipher cipher;
 	private byte[] payload;
 
 	private static final Logger LOG =
@@ -37,11 +37,10 @@ public class CustodianTaskImpl extends ReturnShardTaskImpl
 
 	@Inject
 	CustodianTaskImpl(CryptoComponent crypto, ClientHelper clientHelper,
-			AuthenticatedCipher cipher) {
-		super(cipher, crypto);
+			Provider<AuthenticatedCipher> cipherProvider) {
+		super(cipherProvider, crypto);
 		this.clientHelper = clientHelper;
 
-		this.cipher = cipher;
 	}
 
 	@Override
@@ -141,7 +140,7 @@ public class CustodianTaskImpl extends ReturnShardTaskImpl
 			DataInputStream inputStream = new DataInputStream(socket.getInputStream());
 			byte[] ackNonce = read(inputStream, NONCE_LENGTH);
 			byte[] ackMessageEncrypted =
-					read(inputStream, 3 + cipher.getMacBytes());
+					read(inputStream, 3 + AUTH_TAG_BYTES);
 			byte[] ackMessage = decrypt(ackMessageEncrypted, ackNonce);
 			String ackMessageString = new String(ackMessage);
 			LOG.info("Received ack message: " + new String(ackMessage));

briar-core/src/main/java/org/briarproject/briar/socialbackup/recovery/ReturnShardTaskImpl.java

@@ -5,24 +5,28 @@ import org.briarproject.bramble.api.crypto.AuthenticatedCipher;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.briar.socialbackup.SocialBackupConstants;
 
 import java.io.DataInputStream;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 
+import javax.inject.Provider;
+
 public class ReturnShardTaskImpl {
-	private final AuthenticatedCipher cipher;
+	private final Provider<AuthenticatedCipher> cipherProvider;
 	private final CryptoComponent crypto;
 	private final SecureRandom secureRandom;
-	final int TIMEOUT = 120 * 1000;
-	final int NONCE_LENGTH = 24; // TODO get these constants
+	final int NONCE_LENGTH = SocialBackupConstants.NONCE_BYTES;
+	final int AUTH_TAG_BYTES = SocialBackupConstants.AUTH_TAG_BYTES;
+	final int TIMEOUT = 120 * 1000; // TODO move to SocialBackupConstants
 	final int AGREEMENT_PUBLIC_KEY_LENGTH = 32;
 	SecretKey sharedSecret;
 	final KeyPair localKeyPair;
 
-	ReturnShardTaskImpl(AuthenticatedCipher cipher, CryptoComponent crypto) {
-		this.cipher = cipher;
+	ReturnShardTaskImpl(Provider<AuthenticatedCipher> cipherProvider, CryptoComponent crypto) {
+		this.cipherProvider = cipherProvider;
 		this.crypto = crypto;
 		this.secureRandom = crypto.getSecureRandom();
 		localKeyPair = crypto.generateAgreementKeyPair();
@@ -44,6 +48,7 @@ public class ReturnShardTaskImpl {
 
 	byte[] encrypt(byte[] message, byte[] nonce)
 			throws GeneralSecurityException {
+		AuthenticatedCipher cipher = cipherProvider.get();
 		cipher.init(true, sharedSecret, nonce);
 		byte[] cipherText = new byte[message.length + cipher.getMacBytes()];
 		cipher.process(message, 0, message.length, cipherText, 0);
@@ -52,6 +57,7 @@ public class ReturnShardTaskImpl {
 
 	byte[] decrypt(byte[] cipherText, byte[] nonce)
 			throws GeneralSecurityException {
+		AuthenticatedCipher cipher = cipherProvider.get();
 		cipher.init(false, sharedSecret, nonce);
 		byte[] message = new byte[cipherText.length - cipher.getMacBytes()];
 		cipher.process(cipherText, 0, cipherText.length, message, 0);