Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-12 10:49:06 +01:00
Code Issues Projects Releases Wiki Activity

Refactor KeyManager and TagRecogniser. #55

Browse Source
This commit is contained in:
akwizgran
2015-02-12 09:11:24 +00:00
parent 878a70620d
commit 9868feeb2a
60 changed files with 2123 additions and 3840 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
briar-android/src/org/briarproject/android/AndroidNotificationManagerImpl.java
View File

@@ -32,7 +32,6 @@ import org.briarproject.api.event.Event;
import org.briarproject.api.event.EventBus;
import org.briarproject.api.event.EventListener;
import org.briarproject.api.event.SettingsUpdatedEvent;
import org.briarproject.api.lifecycle.Service;
import org.briarproject.api.messaging.GroupId;
import org.briarproject.util.StringUtils;
@@ -45,7 +44,7 @@ import android.support.v4.app.NotificationCompat;
import android.support.v4.app.TaskStackBuilder;
class AndroidNotificationManagerImpl implements AndroidNotificationManager,
Service, EventListener {
EventListener {
private static final int PRIVATE_MESSAGE_NOTIFICATION_ID = 3;
private static final int GROUP_POST_NOTIFICATION_ID = 4;

3
briar-api/src/org/briarproject/api/android/AndroidNotificationManager.java
View File

@@ -1,13 +1,14 @@
package org.briarproject.api.android;
import org.briarproject.api.ContactId;
import org.briarproject.api.lifecycle.Service;
import org.briarproject.api.messaging.GroupId;
/**
* Manages notifications for private messages and group posts. All methods must
* be called from the Android UI thread.
*/
public interface AndroidNotificationManager {
public interface AndroidNotificationManager extends Service {
public void showPrivateMessageNotification(ContactId c);

59
briar-api/src/org/briarproject/api/crypto/CryptoComponent.java
View File

@@ -1,5 +1,8 @@
package org.briarproject.api.crypto;
import org.briarproject.api.TransportId;
import org.briarproject.api.transport.TransportKeys;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
@@ -26,56 +29,50 @@ public interface CryptoComponent {
/** Generates a random invitation code. */
int generateInvitationCode();
/**
* Derives two confirmation codes from the given master secret. The first
* code is for Alice to give to Bob; the second is for Bob to give to
* Alice.
*/
int[] deriveConfirmationCodes(byte[] secret);
/**
* Derives two nonces from the given master secret. The first nonce is for
* Alice to sign; the second is for Bob to sign.
*/
byte[][] deriveInvitationNonces(byte[] secret);
/**
* Derives a shared master secret from two public keys and one of the
* corresponding private keys.
* @param alice indicates whether the private key belongs to Alice or Bob.
* @param alice whether the private key belongs to Alice or Bob.
*/
byte[] deriveMasterSecret(byte[] theirPublicKey, KeyPair ourKeyPair,
SecretKey deriveMasterSecret(byte[] theirPublicKey, KeyPair ourKeyPair,
boolean alice) throws GeneralSecurityException;
/** Derives a group salt from the given master secret. */
byte[] deriveGroupSalt(byte[] secret);
/**
* Derives a confirmation code from the given master secret.
* @param alice whether the code is for use by Alice or Bob.
*/
int deriveConfirmationCode(SecretKey master, boolean alice);
/**
* Derives an initial secret for the given transport from the given master
* Derives a header key for an invitation stream from the given master
* secret.
* @param alice whether the key is for use by Alice or Bob.
*/
byte[] deriveInitialSecret(byte[] secret, int transportIndex);
SecretKey deriveInvitationKey(SecretKey master, boolean alice);
/**
* Derives a temporary secret for the given period from the given secret,
* which is either the initial shared secret or the previous period's
* temporary secret.
* Derives a nonce from the given master secret for one of the parties to
* sign.
* @param alice whether the nonce is for use by Alice or Bob.
*/
byte[] deriveNextSecret(byte[] secret, long period);
byte[] deriveSignatureNonce(SecretKey master, boolean alice);
/** Derives a group salt from the given master secret. */
byte[] deriveGroupSalt(SecretKey master);
/**
* Derives a tag key from the given temporary secret.
* @param alice indicates whether the key is for streams initiated by
* Alice or Bob.
* Derives initial transport keys for the given transport in the given
* rotation period from the given master secret.
* @param alice whether the keys are for use by Alice or Bob.
*/
SecretKey deriveTagKey(byte[] secret, boolean alice);
TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
long rotationPeriod, boolean alice);
/**
* Derives a frame key from the given temporary secret and stream number.
* @param alice indicates whether the key is for a stream initiated by
* Alice or Bob.
* Rotates the given transport keys to the given rotation period. If the
* keys are for a future rotation period they are not rotated.
*/
SecretKey deriveFrameKey(byte[] secret, long streamNumber, boolean alice);
TransportKeys rotateTransportKeys(TransportKeys k, long rotationPeriod);
/** Encodes the pseudo-random tag that is used to recognise a stream. */
void encodeTag(byte[] tag, SecretKey tagKey, long streamNumber);

21
briar-api/src/org/briarproject/api/crypto/KeyManager.java
View File

@@ -1,21 +0,0 @@
package org.briarproject.api.crypto;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.lifecycle.Service;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.StreamContext;
public interface KeyManager extends Service {
/**
* Returns a {@link org.briarproject.api.transport.StreamContext
* StreamContext} for sending data to the given contact over the given
* transport, or null if an error occurs or the contact does not support
* the transport.
*/
StreamContext getStreamContext(ContactId c, TransportId t);
/** Called whenever an endpoint has been added. */
void endpointAdded(Endpoint ep, int maxLatency, byte[] initialSecret);
}

2
briar-api/src/org/briarproject/api/crypto/StreamDecrypterFactory.java
View File

@@ -13,5 +13,5 @@ public interface StreamDecrypterFactory {
* Creates a {@link StreamDecrypter} for decrypting an invitation stream.
*/
StreamDecrypter createInvitationStreamDecrypter(InputStream in,
byte[] secret, boolean alice);
SecretKey headerKey);
}

2
briar-api/src/org/briarproject/api/crypto/StreamEncrypterFactory.java
View File

@@ -13,5 +13,5 @@ public interface StreamEncrypterFactory {
* Creates a {@link StreamEncrypter} for encrypting an invitation stream.
*/
StreamEncrypter createInvitationStreamEncrypter(OutputStream out,
byte[] secret, boolean alice);
SecretKey headerKey);
}

63
briar-api/src/org/briarproject/api/db/DatabaseComponent.java
View File

@@ -1,9 +1,5 @@
package org.briarproject.api.db;
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorId;
import org.briarproject.api.Contact;
@@ -26,8 +22,11 @@ import org.briarproject.api.messaging.SubscriptionAck;
import org.briarproject.api.messaging.SubscriptionUpdate;
import org.briarproject.api.messaging.TransportAck;
import org.briarproject.api.messaging.TransportUpdate;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.TemporarySecret;
import org.briarproject.api.transport.TransportKeys;
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
/**
* Encapsulates the database implementation and exposes high-level operations
@@ -47,9 +46,6 @@ public interface DatabaseComponent {
*/
ContactId addContact(Author remote, AuthorId local) throws DbException;
/** Stores an endpoint. */
void addEndpoint(Endpoint ep) throws DbException;
/**
* Subscribes to a group, or returns false if the user already has the
* maximum number of public subscriptions.
@@ -62,18 +58,17 @@ public interface DatabaseComponent {
/** Stores a local message. */
void addLocalMessage(Message m) throws DbException;
/**
* Stores the given temporary secrets and deletes any secrets that have
* been made obsolete.
*/
void addSecrets(Collection<TemporarySecret> secrets) throws DbException;
/**
* Stores a transport and returns true if the transport was not previously
* in the database.
*/
boolean addTransport(TransportId t, int maxLatency) throws DbException;
/**
* Stores the given transport keys for a newly added contact.
*/
void addTransportKeys(ContactId c, TransportKeys k) throws DbException;
/**
* Returns an acknowledgement for the given contact, or null if there are
* no messages to acknowledge.
@@ -214,16 +209,17 @@ public interface DatabaseComponent {
Map<ContactId, TransportProperties> getRemoteProperties(TransportId t)
throws DbException;
/** Returns all temporary secrets. */
Collection<TemporarySecret> getSecrets() throws DbException;
/** Returns all settings. */
Settings getSettings() throws DbException;
/** Returns all contacts who subscribe to the given group. */
Collection<Contact> getSubscribers(GroupId g) throws DbException;
/** Returns the maximum latencies of all supported transports. */
/** Returns all transport keys for the given transport. */
Map<ContactId, TransportKeys> getTransportKeys(TransportId t)
throws DbException;
/** Returns the maximum latencies in milliseconds of all transports. */
Map<TransportId, Integer> getTransportLatencies() throws DbException;
/** Returns the number of unread messages in each subscribed group. */
@@ -233,11 +229,10 @@ public interface DatabaseComponent {
Collection<ContactId> getVisibility(GroupId g) throws DbException;
/**
* Increments the outgoing stream counter for the given endpoint in the
* given rotation period and returns the old value, or -1 if the counter
* does not exist.
* Increments the outgoing stream counter for the given contact and
* transport in the given rotation period .
*/
long incrementStreamCounter(ContactId c, TransportId t, long period)
void incrementStreamCounter(ContactId c, TransportId t, long rotationPeriod)
throws DbException;
/**
@@ -310,18 +305,11 @@ public interface DatabaseComponent {
*/
void removeTransport(TransportId t) throws DbException;
/**
* Sets the reordering window for the given endpoint in the given rotation
* period.
*/
void setReorderingWindow(ContactId c, TransportId t, long period,
long centre, byte[] bitmap) throws DbException;
/**
* Makes a group visible to the given contact, adds it to the contact's
* subscriptions, and sets it as the inbox group for the contact.
*/
public void setInboxGroup(ContactId c, Group g) throws DbException;
void setInboxGroup(ContactId c, Group g) throws DbException;
/**
* Marks a message as read or unread.
@@ -335,6 +323,13 @@ public interface DatabaseComponent {
void setRemoteProperties(ContactId c,
Map<TransportId, TransportProperties> p) throws DbException;
/**
* Sets the reordering window for the given contact and transport in the
* given rotation period.
*/
void setReorderingWindow(ContactId c, TransportId t, long rotationPeriod,
long base, byte[] bitmap) throws DbException;
/**
* Makes a group visible to the given set of contacts and invisible to any
* other current or future contacts.
@@ -347,4 +342,10 @@ public interface DatabaseComponent {
* to future contacts.
*/
void setVisibleToAll(GroupId g, boolean all) throws DbException;
/**
* Stores the given transport keys, deleting any keys they have replaced.
*/
void updateTransportKeys(Map<ContactId, TransportKeys> keys)
throws DbException;
}

2
briar-api/src/org/briarproject/api/messaging/Message.java
View File

@@ -28,7 +28,7 @@ public interface Message {
/** Returns the message's content type. */
String getContentType();
/** Returns the message's timestamp. */
/** Returns the message's timestamp in milliseconds since the Unix epoch. */
long getTimestamp();
/** Returns the serialised message. */

36
briar-api/src/org/briarproject/api/transport/Endpoint.java
View File

@@ -1,36 +0,0 @@
package org.briarproject.api.transport;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
public class Endpoint {
protected final ContactId contactId;
protected final TransportId transportId;
private final long epoch;
private final boolean alice;
public Endpoint(ContactId contactId, TransportId transportId, long epoch,
boolean alice) {
this.contactId = contactId;
this.transportId = transportId;
this.epoch = epoch;
this.alice = alice;
}
public ContactId getContactId() {
return contactId;
}
public TransportId getTransportId() {
return transportId;
}
public long getEpoch() {
return epoch;
}
public boolean getAlice() {
return alice;
}
}

51
briar-api/src/org/briarproject/api/transport/IncomingKeys.java Normal file
View File

@@ -0,0 +1,51 @@
package org.briarproject.api.transport;
import org.briarproject.api.crypto.SecretKey;
import static org.briarproject.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
/**
* Contains transport keys for receiving streams from a given contact over a
* given transport in a given rotation period.
*/
public class IncomingKeys {
private final SecretKey tagKey, headerKey;
private final long rotationPeriod, windowBase;
private final byte[] windowBitmap;
public IncomingKeys(SecretKey tagKey, SecretKey headerKey,
long rotationPeriod) {
this(tagKey, headerKey, rotationPeriod, 0,
new byte[REORDERING_WINDOW_SIZE / 8]);
}
public IncomingKeys(SecretKey tagKey, SecretKey headerKey,
long rotationPeriod, long windowBase, byte[] windowBitmap) {
this.tagKey = tagKey;
this.headerKey = headerKey;
this.rotationPeriod = rotationPeriod;
this.windowBase = windowBase;
this.windowBitmap = windowBitmap;
}
public SecretKey getTagKey() {
return tagKey;
}
public SecretKey getHeaderKey() {
return headerKey;
}
public long getRotationPeriod() {
return rotationPeriod;
}
public long getWindowBase() {
return windowBase;
}
public byte[] getWindowBitmap() {
return windowBitmap;
}
}

36
briar-api/src/org/briarproject/api/transport/KeyManager.java Normal file
View File

@@ -0,0 +1,36 @@
package org.briarproject.api.transport;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.db.DbException;
import org.briarproject.api.lifecycle.Service;
import java.util.Collection;
/**
* Responsible for managing transport keys and recognising the pseudo-random
* tags of incoming streams.
*/
public interface KeyManager extends Service {
/**
* Informs the key manager that a new contact has been added.
* {@link StreamContext StreamContexts} for the contact can be created
* after this method has returned.
*/
void contactAdded(ContactId c, Collection<TransportKeys> keys);
/**
* Returns a {@link StreamContext} for sending a stream to the given
* contact over the given transport, or null if an error occurs or the
* contact does not support the transport.
*/
StreamContext getStreamContext(ContactId c, TransportId t);
/**
* Looks up the given tag and returns a {@link StreamContext} for reading
* from the corresponding stream if the tag was expected, or null if the
* tag was unexpected.
*/
StreamContext recogniseTag(TransportId t, byte[] tag) throws DbException;
}

42
briar-api/src/org/briarproject/api/transport/OutgoingKeys.java Normal file
View File

@@ -0,0 +1,42 @@
package org.briarproject.api.transport;
import org.briarproject.api.crypto.SecretKey;
/**
* Contains transport keys for sending streams to a given contact over a given
* transport in a given rotation period.
*/
public class OutgoingKeys {
private final SecretKey tagKey, headerKey;
private final long rotationPeriod, streamCounter;
public OutgoingKeys(SecretKey tagKey, SecretKey headerKey,
long rotationPeriod) {
this(tagKey, headerKey, rotationPeriod, 0);
}
public OutgoingKeys(SecretKey tagKey, SecretKey headerKey,
long rotationPeriod, long streamCounter) {
this.tagKey = tagKey;
this.headerKey = headerKey;
this.rotationPeriod = rotationPeriod;
this.streamCounter = streamCounter;
}
public SecretKey getTagKey() {
return tagKey;
}
public SecretKey getHeaderKey() {
return headerKey;
}
public long getRotationPeriod() {
return rotationPeriod;
}
public long getStreamCounter() {
return streamCounter;
}
}

22
briar-api/src/org/briarproject/api/transport/StreamContext.java
View File

@@ -2,22 +2,22 @@ package org.briarproject.api.transport;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.SecretKey;
public class StreamContext {
private final ContactId contactId;
private final TransportId transportId;
private final byte[] secret;
private final SecretKey tagKey, headerKey;
private final long streamNumber;
private final boolean alice;
public StreamContext(ContactId contactId, TransportId transportId,
byte[] secret, long streamNumber, boolean alice) {
SecretKey tagKey, SecretKey headerKey, long streamNumber) {
this.contactId = contactId;
this.transportId = transportId;
this.secret = secret;
this.tagKey = tagKey;
this.headerKey = headerKey;
this.streamNumber = streamNumber;
this.alice = alice;
}
public ContactId getContactId() {
@@ -28,15 +28,15 @@ public class StreamContext {
return transportId;
}
public byte[] getSecret() {
return secret;
public SecretKey getTagKey() {
return tagKey;
}
public SecretKey getHeaderKey() {
return headerKey;
}
public long getStreamNumber() {
return streamNumber;
}
public boolean getAlice() {
return alice;
}
}

4
briar-api/src/org/briarproject/api/transport/StreamReaderFactory.java
View File

@@ -2,6 +2,8 @@ package org.briarproject.api.transport;
import java.io.InputStream;
import org.briarproject.api.crypto.SecretKey;
public interface StreamReaderFactory {
/**
@@ -15,5 +17,5 @@ public interface StreamReaderFactory {
* invitation stream.
*/
InputStream createInvitationStreamReader(InputStream in,
byte[] secret, boolean alice);
SecretKey headerKey);
}

4
briar-api/src/org/briarproject/api/transport/StreamWriterFactory.java
View File

@@ -2,6 +2,8 @@ package org.briarproject.api.transport;
import java.io.OutputStream;
import org.briarproject.api.crypto.SecretKey;
public interface StreamWriterFactory {
/**
@@ -15,5 +17,5 @@ public interface StreamWriterFactory {
* invitation stream.
*/
OutputStream createInvitationStreamWriter(OutputStream out,
byte[] secret, boolean alice);
SecretKey headerKey);
}

26
briar-api/src/org/briarproject/api/transport/TagRecogniser.java
View File

@@ -1,26 +0,0 @@
package org.briarproject.api.transport;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.db.DbException;
/** Keeps track of expected tags and uses them to recognise incoming streams. */
public interface TagRecogniser {
/**
* Looks up the given tag and returns a {@link StreamContext} for reading
* from the stream if the tag was expected, or null if the tag was
* unexpected.
*/
StreamContext recogniseTag(TransportId t, byte[] tag) throws DbException;
void addSecret(TemporarySecret s);
void removeSecret(ContactId c, TransportId t, long period);
void removeSecrets(ContactId c);
void removeSecrets(TransportId t);
void removeSecrets();
}

73
briar-api/src/org/briarproject/api/transport/TemporarySecret.java
View File

@@ -1,73 +0,0 @@
package org.briarproject.api.transport;
import static org.briarproject.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
public class TemporarySecret extends Endpoint {
private final long period, outgoing, centre;
private final byte[] secret, bitmap;
/** Creates a temporary secret with the given reordering window. */
public TemporarySecret(ContactId contactId, TransportId transportId,
long epoch, boolean alice, long period, byte[] secret,
long outgoing, long centre, byte[] bitmap) {
super(contactId, transportId, epoch, alice);
this.period = period;
this.secret = secret;
this.outgoing = outgoing;
this.centre = centre;
this.bitmap = bitmap;
}
/** Creates a temporary secret with a new reordering window. */
public TemporarySecret(ContactId contactId, TransportId transportId,
long epoch, boolean alice, long period, byte[] secret) {
this(contactId, transportId, epoch, alice, period, secret, 0, 0,
new byte[REORDERING_WINDOW_SIZE / 8]);
}
/** Creates a temporary secret derived from the given endpoint. */
public TemporarySecret(Endpoint ep, long period, byte[] secret) {
this(ep.getContactId(), ep.getTransportId(), ep.getEpoch(),
ep.getAlice(), period, secret);
}
public long getPeriod() {
return period;
}
public byte[] getSecret() {
return secret;
}
public long getOutgoingStreamCounter() {
return outgoing;
}
public long getWindowCentre() {
return centre;
}
public byte[] getWindowBitmap() {
return bitmap;
}
@Override
public int hashCode() {
int periodHashCode = (int) (period ^ (period >>> 32));
return contactId.hashCode() ^ transportId.hashCode() ^ periodHashCode;
}
@Override
public boolean equals(Object o) {
if (o instanceof TemporarySecret) {
TemporarySecret s = (TemporarySecret) o;
return contactId.equals(s.contactId) &&
transportId.equals(s.transportId) && period == s.period;
}
return false;
}
}

4
briar-api/src/org/briarproject/api/transport/TransportConstants.java
View File

@@ -28,8 +28,8 @@ public interface TransportConstants {
*/
int MIN_STREAM_LENGTH = 64 * 1024; // 64 KiB
/** The maximum difference between two communicating devices' clocks. */
int MAX_CLOCK_DIFFERENCE = 60 * 60 * 1000; // 1 hour
/** The maximum difference in milliseconds between two peers' clocks. */
int MAX_CLOCK_DIFFERENCE = 24 * 60 * 60 * 1000; // 24 hours
/** The size of the reordering window. */
int REORDERING_WINDOW_SIZE = 32;

44
briar-api/src/org/briarproject/api/transport/TransportKeys.java Normal file
View File

@@ -0,0 +1,44 @@
package org.briarproject.api.transport;
import org.briarproject.api.TransportId;
/** Keys for communicating with a given contact over a given transport. */
public class TransportKeys {
private final TransportId transportId;
private final IncomingKeys inPrev, inCurr, inNext;
private final OutgoingKeys outCurr;
public TransportKeys(TransportId transportId, IncomingKeys inPrev,
IncomingKeys inCurr, IncomingKeys inNext, OutgoingKeys outCurr) {
this.transportId = transportId;
this.inPrev = inPrev;
this.inCurr = inCurr;
this.inNext = inNext;
this.outCurr = outCurr;
}
public TransportId getTransportId() {
return transportId;
}
public IncomingKeys getPreviousIncomingKeys() {
return inPrev;
}
public IncomingKeys getCurrentIncomingKeys() {
return inCurr;
}
public IncomingKeys getNextIncomingKeys() {
return inNext;
}
public OutgoingKeys getCurrentOutgoingKeys() {
return outCurr;
}
public long getRotationPeriod() {
return outCurr.getRotationPeriod();
}
}

250
briar-core/src/org/briarproject/crypto/CryptoComponentImpl.java
View File

@@ -1,20 +1,6 @@
package org.briarproject.crypto;
import static java.util.logging.Level.INFO;
import static org.briarproject.api.invitation.InvitationConstants.CODE_BITS;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import static org.briarproject.crypto.EllipticCurveConstants.PARAMETERS;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.logging.Logger;
import javax.inject.Inject;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyPair;
import org.briarproject.api.crypto.KeyParser;
@@ -25,6 +11,9 @@ import org.briarproject.api.crypto.PublicKey;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.Signature;
import org.briarproject.api.system.SeedProvider;
import org.briarproject.api.transport.IncomingKeys;
import org.briarproject.api.transport.OutgoingKeys;
import org.briarproject.api.transport.TransportKeys;
import org.briarproject.util.ByteUtils;
import org.briarproject.util.StringUtils;
import org.spongycastle.crypto.AsymmetricCipherKeyPair;
@@ -43,6 +32,21 @@ import org.spongycastle.crypto.params.ECPrivateKeyParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.crypto.params.KeyParameter;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.logging.Logger;
import javax.inject.Inject;
import static java.util.logging.Level.INFO;
import static org.briarproject.api.invitation.InvitationConstants.CODE_BITS;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import static org.briarproject.crypto.EllipticCurveConstants.PARAMETERS;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
class CryptoComponentImpl implements CryptoComponent {
private static final Logger LOG =
@@ -55,22 +59,33 @@ class CryptoComponentImpl implements CryptoComponent {
private static final int PBKDF_TARGET_MILLIS = 500;
private static final int PBKDF_SAMPLES = 30;
// Labels for secret derivation
private static final byte[] MASTER = { 'M', 'A', 'S', 'T', 'E', 'R', '\0' };
private static final byte[] SALT = { 'S', 'A', 'L', 'T', '\0' };
private static final byte[] FIRST = { 'F', 'I', 'R', 'S', 'T', '\0' };
private static final byte[] ROTATE = { 'R', 'O', 'T', 'A', 'T', 'E', '\0' };
// Label for confirmation code derivation
private static final byte[] CODE = { 'C', 'O', 'D', 'E', '\0' };
// Label for invitation nonce derivation
private static final byte[] NONCE = { 'N', 'O', 'N', 'C', 'E', '\0' };
// Labels for key derivation
private static final byte[] A_TAG = { 'A', '_', 'T', 'A', 'G', '\0' };
private static final byte[] B_TAG = { 'B', '_', 'T', 'A', 'G', '\0' };
private static final byte[] A_FRAME =
{ 'A', '_', 'F', 'R', 'A', 'M', 'E', '\0' };
private static final byte[] B_FRAME =
{ 'B', '_', 'F', 'R', 'A', 'M', 'E', '\0' };
// KDF label for master key derivation
private static final byte[] MASTER = { 'M', 'A', 'S', 'T', 'E', 'R' };
// KDF labels for confirmation code derivation
private static final byte[] A_CONFIRM =
{ 'A', '_', 'C', 'O', 'N', 'F', 'I', 'R', 'M' };
private static final byte[] B_CONFIRM =
{ 'B', '_', 'C', 'O', 'N', 'F', 'I', 'R', 'M' };
// KDF labels for invitation stream header key derivation
private static final byte[] A_INVITE =
{ 'A', '_', 'I', 'N', 'V', 'I', 'T', 'E' };
private static final byte[] B_INVITE =
{ 'B', '_', 'I', 'N', 'V', 'I', 'T', 'E' };
// KDF labels for signature nonce derivation
private static final byte[] A_NONCE = { 'A', '_', 'N', 'O', 'N', 'C', 'E' };
private static final byte[] B_NONCE = { 'B', '_', 'N', 'O', 'N', 'C', 'E' };
// KDF label for group salt derivation
private static final byte[] SALT = { 'S', 'A', 'L', 'T' };
// KDF labels for tag key derivation
private static final byte[] A_TAG = { 'A', '_', 'T', 'A', 'G' };
private static final byte[] B_TAG = { 'B', '_', 'T', 'A', 'G' };
// KDF labels for header key derivation
private static final byte[] A_HEADER =
{ 'A', '_', 'H', 'E', 'A', 'D', 'E', 'R' };
private static final byte[] B_HEADER =
{ 'B', '_', 'H', 'E', 'A', 'D', 'E', 'R' };
// KDF label for key rotation
private static final byte[] ROTATE = { 'R', 'O', 'T', 'A', 'T', 'E' };
private final SecureRandom secureRandom;
private final ECKeyPairGenerator agreementKeyPairGenerator;
@@ -167,26 +182,7 @@ class CryptoComponentImpl implements CryptoComponent {
return ByteUtils.readUint(random, CODE_BITS);
}
public int[] deriveConfirmationCodes(byte[] secret) {
if (secret.length != SecretKey.LENGTH)
throw new IllegalArgumentException();
byte[] alice = counterModeKdf(secret, CODE, 0);
byte[] bob = counterModeKdf(secret, CODE, 1);
int[] codes = new int[2];
codes[0] = ByteUtils.readUint(alice, CODE_BITS);
codes[1] = ByteUtils.readUint(bob, CODE_BITS);
return codes;
}
public byte[][] deriveInvitationNonces(byte[] secret) {
if (secret.length != SecretKey.LENGTH)
throw new IllegalArgumentException();
byte[] alice = counterModeKdf(secret, NONCE, 0);
byte[] bob = counterModeKdf(secret, NONCE, 1);
return new byte[][] { alice, bob };
}
public byte[] deriveMasterSecret(byte[] theirPublicKey,
public SecretKey deriveMasterSecret(byte[] theirPublicKey,
KeyPair ourKeyPair, boolean alice) throws GeneralSecurityException {
MessageDigest messageDigest = getMessageDigest();
byte[] ourPublicKey = ourKeyPair.getPublic().getEncoded();
@@ -204,9 +200,8 @@ class CryptoComponentImpl implements CryptoComponent {
PublicKey theirPub = agreementKeyParser.parsePublicKey(theirPublicKey);
// The raw secret comes from the key agreement algorithm
byte[] raw = deriveSharedSecret(ourPriv, theirPub);
// Derive the cooked secret from the raw secret using the
// concatenation KDF
return concatenationKdf(raw, MASTER, aliceInfo, bobInfo);
// Derive the master secret from the raw secret using the hash KDF
return new SecretKey(hashKdf(raw, MASTER, aliceInfo, bobInfo));
}
// Package access for testing
@@ -228,46 +223,90 @@ class CryptoComponentImpl implements CryptoComponent {
return secret;
}
public byte[] deriveGroupSalt(byte[] secret) {
if (secret.length != SecretKey.LENGTH)
throw new IllegalArgumentException();
return counterModeKdf(secret, SALT, 0);
public int deriveConfirmationCode(SecretKey master, boolean alice) {
byte[] b = macKdf(master, alice ? A_CONFIRM : B_CONFIRM);
return ByteUtils.readUint(b, CODE_BITS);
}
public byte[] deriveInitialSecret(byte[] secret, int transportIndex) {
if (secret.length != SecretKey.LENGTH)
throw new IllegalArgumentException();
if (transportIndex < 0) throw new IllegalArgumentException();
return counterModeKdf(secret, FIRST, transportIndex);
public SecretKey deriveInvitationKey(SecretKey master, boolean alice) {
return new SecretKey(macKdf(master, alice ? A_INVITE : B_INVITE));
}
public byte[] deriveNextSecret(byte[] secret, long period) {
if (secret.length != SecretKey.LENGTH)
throw new IllegalArgumentException();
if (period < 0 || period > MAX_32_BIT_UNSIGNED)
throw new IllegalArgumentException();
return counterModeKdf(secret, ROTATE, period);
public byte[] deriveSignatureNonce(SecretKey master, boolean alice) {
return macKdf(master, alice ? A_NONCE : B_NONCE);
}
public SecretKey deriveTagKey(byte[] secret, boolean alice) {
if (secret.length != SecretKey.LENGTH)
throw new IllegalArgumentException();
if (alice) return deriveKey(secret, A_TAG, 0);
else return deriveKey(secret, B_TAG, 0);
public byte[] deriveGroupSalt(SecretKey master) {
return macKdf(master, SALT);
}
public SecretKey deriveFrameKey(byte[] secret, long streamNumber,
public TransportKeys deriveTransportKeys(TransportId t,
SecretKey master, long rotationPeriod, boolean alice) {
// Keys for the previous period are derived from the master secret
SecretKey inTagPrev = deriveTagKey(master, t, !alice);
SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
SecretKey outTagPrev = deriveTagKey(master, t, alice);
SecretKey outHeaderPrev = deriveHeaderKey(master, t, alice);
// Derive the keys for the current and next periods
SecretKey inTagCurr = rotateKey(inTagPrev, rotationPeriod);
SecretKey inHeaderCurr = rotateKey(inHeaderPrev, rotationPeriod);
SecretKey inTagNext = rotateKey(inTagCurr, rotationPeriod + 1);
SecretKey inHeaderNext = rotateKey(inHeaderCurr, rotationPeriod + 1);
SecretKey outTagCurr = rotateKey(outTagPrev, rotationPeriod);
SecretKey outHeaderCurr = rotateKey(outHeaderPrev, rotationPeriod);
// Initialise the reordering windows and stream counters
IncomingKeys inPrev = new IncomingKeys(inTagPrev, inHeaderPrev,
rotationPeriod - 1);
IncomingKeys inCurr = new IncomingKeys(inTagCurr, inHeaderCurr,
rotationPeriod);
IncomingKeys inNext = new IncomingKeys(inTagNext, inHeaderNext,
rotationPeriod + 1);
OutgoingKeys outCurr = new OutgoingKeys(outTagCurr, outHeaderCurr,
rotationPeriod);
// Collect and return the keys
return new TransportKeys(t, inPrev, inCurr, inNext, outCurr);
}
public TransportKeys rotateTransportKeys(TransportKeys k,
long rotationPeriod) {
if (k.getRotationPeriod() >= rotationPeriod) return k;
IncomingKeys inPrev = k.getPreviousIncomingKeys();
IncomingKeys inCurr = k.getCurrentIncomingKeys();
IncomingKeys inNext = k.getNextIncomingKeys();
OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
long startPeriod = outCurr.getRotationPeriod();
// Rotate the keys
for (long p = startPeriod + 1; p <= rotationPeriod; p++) {
inPrev = inCurr;
inCurr = inNext;
SecretKey inNextTag = rotateKey(inNext.getTagKey(), p + 1);
SecretKey inNextHeader = rotateKey(inNext.getHeaderKey(), p + 1);
inNext = new IncomingKeys(inNextTag, inNextHeader, p);
SecretKey outCurrTag = rotateKey(outCurr.getTagKey(), p);
SecretKey outCurrHeader = rotateKey(outCurr.getHeaderKey(), p);
outCurr = new OutgoingKeys(outCurrTag, outCurrHeader, p);
}
// Collect and return the keys
return new TransportKeys(k.getTransportId(), inPrev, inCurr, inNext,
outCurr);
}
private SecretKey rotateKey(SecretKey k, long rotationPeriod) {
byte[] period = new byte[4];
ByteUtils.writeUint32(rotationPeriod, period, 0);
return new SecretKey(macKdf(k, ROTATE, period));
}
private SecretKey deriveTagKey(SecretKey master, TransportId t,
boolean alice) {
if (secret.length != SecretKey.LENGTH)
throw new IllegalArgumentException();
if (streamNumber < 0 || streamNumber > MAX_32_BIT_UNSIGNED)
throw new IllegalArgumentException();
if (alice) return deriveKey(secret, A_FRAME, streamNumber);
else return deriveKey(secret, B_FRAME, streamNumber);
byte[] id = StringUtils.toUtf8(t.getString());
return new SecretKey(macKdf(master, alice ? A_TAG : B_TAG, id));
}
private SecretKey deriveKey(byte[] secret, byte[] label, long context) {
return new SecretKey(counterModeKdf(secret, label, context));
private SecretKey deriveHeaderKey(SecretKey master, TransportId t,
boolean alice) {
byte[] id = StringUtils.toUtf8(t.getString());
return new SecretKey(macKdf(master, alice ? A_HEADER : B_HEADER, id));
}
public void encodeTag(byte[] tag, SecretKey tagKey, long streamNumber) {
@@ -277,7 +316,8 @@ class CryptoComponentImpl implements CryptoComponent {
for (int i = 0; i < TAG_LENGTH; i++) tag[i] = 0;
ByteUtils.writeUint32(streamNumber, tag, 0);
BlockCipher cipher = new AESLightEngine();
assert cipher.getBlockSize() == TAG_LENGTH;
if (cipher.getBlockSize() != TAG_LENGTH)
throw new IllegalStateException();
KeyParameter k = new KeyParameter(tagKey.getBytes());
cipher.init(true, k);
cipher.processBlock(tag, 0, tag, 0);
@@ -348,16 +388,16 @@ class CryptoComponentImpl implements CryptoComponent {
// Key derivation function based on a hash function - see NIST SP 800-56A,
// section 5.8
private byte[] concatenationKdf(byte[]... inputs) {
private byte[] hashKdf(byte[]... inputs) {
// The output of the hash function must be long enough to use as a key
MessageDigest messageDigest = getMessageDigest();
if (messageDigest.getDigestLength() < SecretKey.LENGTH)
throw new RuntimeException();
// Each input is length-prefixed - the length must fit in an
// unsigned 8-bit integer
throw new IllegalStateException();
// Calculate the hash over the concatenated length-prefixed inputs
byte[] length = new byte[4];
for (byte[] input : inputs) {
if (input.length > 255) throw new IllegalArgumentException();
messageDigest.update((byte) input.length);
ByteUtils.writeUint32(input.length, length, 0);
messageDigest.update(length);
messageDigest.update(input);
}
byte[] hash = messageDigest.digest();
@@ -368,28 +408,24 @@ class CryptoComponentImpl implements CryptoComponent {
return truncated;
}
// Key derivation function based on a PRF in counter mode - see
// Key derivation function based on a pseudo-random function - see
// NIST SP 800-108, section 5.1
private byte[] counterModeKdf(byte[] secret, byte[] label, long context) {
if (secret.length != SecretKey.LENGTH)
throw new IllegalArgumentException();
// The label must be null-terminated
if (label[label.length - 1] != '\0')
throw new IllegalArgumentException();
private byte[] macKdf(SecretKey key, byte[]... inputs) {
// Initialise the PRF
Mac prf = new HMac(new SHA256Digest());
KeyParameter k = new KeyParameter(secret);
prf.init(k);
int macLength = prf.getMacSize();
prf.init(new KeyParameter(key.getBytes()));
// The output of the PRF must be long enough to use as a key
if (macLength < SecretKey.LENGTH) throw new RuntimeException();
int macLength = prf.getMacSize();
if (macLength < SecretKey.LENGTH)
throw new IllegalStateException();
// Calculate the PRF over the concatenated length-prefixed inputs
byte[] length = new byte[4];
for (byte[] input : inputs) {
ByteUtils.writeUint32(input.length, length, 0);
prf.update(length, 0, length.length);
prf.update(input, 0, input.length);
}
byte[] mac = new byte[macLength];
prf.update((byte) 0); // Counter
prf.update(label, 0, label.length); // Null-terminated
byte[] contextBytes = new byte[4];
ByteUtils.writeUint32(context, contextBytes, 0);
prf.update(contextBytes, 0, contextBytes.length);
prf.update((byte) SecretKey.LENGTH); // Output length
prf.doFinal(mac, 0);
// The output is the first SecretKey.LENGTH bytes of the MAC
if (mac.length == SecretKey.LENGTH) return mac;

22
briar-core/src/org/briarproject/crypto/StreamDecrypterFactoryImpl.java
View File

@@ -5,7 +5,6 @@ import java.io.InputStream;
import javax.inject.Inject;
import javax.inject.Provider;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.StreamDecrypter;
import org.briarproject.api.crypto.StreamDecrypterFactory;
@@ -13,34 +12,21 @@ import org.briarproject.api.transport.StreamContext;
class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
private final CryptoComponent crypto;
private final Provider<AuthenticatedCipher> cipherProvider;
@Inject
StreamDecrypterFactoryImpl(CryptoComponent crypto,
Provider<AuthenticatedCipher> cipherProvider) {
this.crypto = crypto;
StreamDecrypterFactoryImpl(Provider<AuthenticatedCipher> cipherProvider) {
this.cipherProvider = cipherProvider;
}
public StreamDecrypter createStreamDecrypter(InputStream in,
StreamContext ctx) {
// Derive the frame key
byte[] secret = ctx.getSecret();
long streamNumber = ctx.getStreamNumber();
boolean alice = !ctx.getAlice();
SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
// Create the decrypter
AuthenticatedCipher cipher = cipherProvider.get();
return new StreamDecrypterImpl(in, cipher, frameKey);
return new StreamDecrypterImpl(in, cipher, ctx.getHeaderKey());
}
public StreamDecrypter createInvitationStreamDecrypter(InputStream in,
byte[] secret, boolean alice) {
// Derive the frame key
SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
// Create the decrypter
AuthenticatedCipher cipher = cipherProvider.get();
return new StreamDecrypterImpl(in, cipher, frameKey);
SecretKey headerKey) {
return new StreamDecrypterImpl(in, cipherProvider.get(), headerKey);
}
}

52
briar-core/src/org/briarproject/crypto/StreamDecrypterImpl.java
View File

@@ -1,75 +1,77 @@
package org.briarproject.crypto;
import org.briarproject.api.FormatException;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.StreamDecrypter;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import org.briarproject.api.FormatException;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.StreamDecrypter;
// FIXME: Implementation is incomplete, doesn't read the stream header
class StreamDecrypterImpl implements StreamDecrypter {
private final InputStream in;
private final AuthenticatedCipher frameCipher;
private final SecretKey frameKey;
private final byte[] iv, header, ciphertext;
private final byte[] iv, frameHeader, frameCiphertext;
private long frameNumber;
private boolean finalFrame;
StreamDecrypterImpl(InputStream in, AuthenticatedCipher frameCipher,
SecretKey frameKey) {
SecretKey headerKey) {
this.in = in;
this.frameCipher = frameCipher;
this.frameKey = frameKey;
this.frameKey = headerKey; // FIXME
iv = new byte[IV_LENGTH];
header = new byte[HEADER_LENGTH];
ciphertext = new byte[MAX_FRAME_LENGTH];
frameHeader = new byte[HEADER_LENGTH];
frameCiphertext = new byte[MAX_FRAME_LENGTH];
frameNumber = 0;
finalFrame = false;
}
public int readFrame(byte[] payload) throws IOException {
// The buffer must be big enough for a full-size frame
if (payload.length < MAX_PAYLOAD_LENGTH)
throw new IllegalArgumentException();
if (finalFrame) return -1;
// Read the header
// Read the frame header
int offset = 0;
while (offset < HEADER_LENGTH) {
int read = in.read(ciphertext, offset, HEADER_LENGTH - offset);
int read = in.read(frameCiphertext, offset, HEADER_LENGTH - offset);
if (read == -1) throw new EOFException();
offset += read;
}
// Decrypt and authenticate the header
// Decrypt and authenticate the frame header
FrameEncoder.encodeIv(iv, frameNumber, true);
try {
frameCipher.init(false, frameKey, iv);
int decrypted = frameCipher.process(ciphertext, 0, HEADER_LENGTH,
header, 0);
int decrypted = frameCipher.process(frameCiphertext, 0,
HEADER_LENGTH, frameHeader, 0);
if (decrypted != HEADER_LENGTH - MAC_LENGTH)
throw new RuntimeException();
} catch (GeneralSecurityException e) {
throw new FormatException();
}
// Decode and validate the header
finalFrame = FrameEncoder.isFinalFrame(header);
int payloadLength = FrameEncoder.getPayloadLength(header);
int paddingLength = FrameEncoder.getPaddingLength(header);
// Decode and validate the frame header
finalFrame = FrameEncoder.isFinalFrame(frameHeader);
int payloadLength = FrameEncoder.getPayloadLength(frameHeader);
int paddingLength = FrameEncoder.getPaddingLength(frameHeader);
if (payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
throw new FormatException();
// Read the payload and padding
int frameLength = HEADER_LENGTH + payloadLength + paddingLength
+ MAC_LENGTH;
while (offset < frameLength) {
int read = in.read(ciphertext, offset, frameLength - offset);
int read = in.read(frameCiphertext, offset, frameLength - offset);
if (read == -1) throw new EOFException();
offset += read;
}
@@ -77,7 +79,7 @@ class StreamDecrypterImpl implements StreamDecrypter {
FrameEncoder.encodeIv(iv, frameNumber, false);
try {
frameCipher.init(false, frameKey, iv);
int decrypted = frameCipher.process(ciphertext, HEADER_LENGTH,
int decrypted = frameCipher.process(frameCiphertext, HEADER_LENGTH,
payloadLength + paddingLength + MAC_LENGTH, payload, 0);
if (decrypted != payloadLength + paddingLength)
throw new RuntimeException();

19
briar-core/src/org/briarproject/crypto/StreamEncrypterFactoryImpl.java
View File

@@ -27,26 +27,15 @@ class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
public StreamEncrypter createStreamEncrypter(OutputStream out,
StreamContext ctx) {
byte[] secret = ctx.getSecret();
long streamNumber = ctx.getStreamNumber();
boolean alice = ctx.getAlice();
// Encode the tag
byte[] tag = new byte[TAG_LENGTH];
SecretKey tagKey = crypto.deriveTagKey(secret, alice);
crypto.encodeTag(tag, tagKey, streamNumber);
// Derive the frame key
SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
// Create the encrypter
crypto.encodeTag(tag, ctx.getTagKey(), ctx.getStreamNumber());
AuthenticatedCipher cipher = cipherProvider.get();
return new StreamEncrypterImpl(out, cipher, frameKey, tag);
return new StreamEncrypterImpl(out, cipher, ctx.getHeaderKey(), tag);
}
public StreamEncrypter createInvitationStreamEncrypter(OutputStream out,
byte[] secret, boolean alice) {
// Derive the frame key
SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
// Create the encrypter
SecretKey headerKey) {
AuthenticatedCipher cipher = cipherProvider.get();
return new StreamEncrypterImpl(out, cipher, frameKey, null);
return new StreamEncrypterImpl(out, cipher, headerKey, null);
}
}

49
briar-core/src/org/briarproject/crypto/StreamEncrypterImpl.java
View File

@@ -1,5 +1,12 @@
package org.briarproject.crypto;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.StreamEncrypter;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
@@ -7,32 +14,26 @@ import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH
import static org.briarproject.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.StreamEncrypter;
// FIXME: Implementation is incomplete, doesn't write the stream header
class StreamEncrypterImpl implements StreamEncrypter {
private final OutputStream out;
private final AuthenticatedCipher frameCipher;
private final SecretKey frameKey;
private final byte[] tag, iv, plaintext, ciphertext;
private final byte[] tag, iv, framePlaintext, frameCiphertext;
private long frameNumber;
private boolean writeTag;
StreamEncrypterImpl(OutputStream out, AuthenticatedCipher frameCipher,
SecretKey frameKey, byte[] tag) {
SecretKey headerKey, byte[] tag) {
this.out = out;
this.frameCipher = frameCipher;
this.frameKey = frameKey;
this.frameKey = headerKey; // FIXME
this.tag = tag;
iv = new byte[IV_LENGTH];
plaintext = new byte[HEADER_LENGTH + MAX_PAYLOAD_LENGTH];
ciphertext = new byte[MAX_FRAME_LENGTH];
framePlaintext = new byte[HEADER_LENGTH + MAX_PAYLOAD_LENGTH];
frameCiphertext = new byte[MAX_FRAME_LENGTH];
frameNumber = 0;
writeTag = (tag != null);
}
@@ -48,37 +49,39 @@ class StreamEncrypterImpl implements StreamEncrypter {
out.write(tag, 0, tag.length);
writeTag = false;
}
// Encode the header
FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength,
// Encode the frame header
FrameEncoder.encodeHeader(framePlaintext, finalFrame, payloadLength,
paddingLength);
// Encrypt and authenticate the header
// Encrypt and authenticate the frame header
FrameEncoder.encodeIv(iv, frameNumber, true);
try {
frameCipher.init(true, frameKey, iv);
int encrypted = frameCipher.process(plaintext, 0,
HEADER_LENGTH - MAC_LENGTH, ciphertext, 0);
int encrypted = frameCipher.process(framePlaintext, 0,
HEADER_LENGTH - MAC_LENGTH, frameCiphertext, 0);
if (encrypted != HEADER_LENGTH) throw new RuntimeException();
} catch (GeneralSecurityException badCipher) {
throw new RuntimeException(badCipher);
}
// Combine the payload and padding
System.arraycopy(payload, 0, plaintext, HEADER_LENGTH, payloadLength);
System.arraycopy(payload, 0, framePlaintext, HEADER_LENGTH,
payloadLength);
for (int i = 0; i < paddingLength; i++)
plaintext[HEADER_LENGTH + payloadLength + i] = 0;
framePlaintext[HEADER_LENGTH + payloadLength + i] = 0;
// Encrypt and authenticate the payload and padding
FrameEncoder.encodeIv(iv, frameNumber, false);
try {
frameCipher.init(true, frameKey, iv);
int encrypted = frameCipher.process(plaintext, HEADER_LENGTH,
payloadLength + paddingLength, ciphertext, HEADER_LENGTH);
int encrypted = frameCipher.process(framePlaintext, HEADER_LENGTH,
payloadLength + paddingLength, frameCiphertext,
HEADER_LENGTH);
if (encrypted != payloadLength + paddingLength + MAC_LENGTH)
throw new RuntimeException();
} catch (GeneralSecurityException badCipher) {
throw new RuntimeException(badCipher);
}
// Write the frame
out.write(ciphertext, 0, HEADER_LENGTH + payloadLength + paddingLength
+ MAC_LENGTH);
out.write(frameCiphertext, 0, HEADER_LENGTH + payloadLength
+ paddingLength + MAC_LENGTH);
frameNumber++;
}

85
briar-core/src/org/briarproject/db/Database.java
View File

@@ -1,9 +1,5 @@
package org.briarproject.db;
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorId;
import org.briarproject.api.Contact;
@@ -25,8 +21,11 @@ import org.briarproject.api.messaging.SubscriptionAck;
import org.briarproject.api.messaging.SubscriptionUpdate;
import org.briarproject.api.messaging.TransportAck;
import org.briarproject.api.messaging.TransportUpdate;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.TemporarySecret;
import org.briarproject.api.transport.TransportKeys;
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
// FIXME: Document the preconditions for calling each method
@@ -89,13 +88,6 @@ interface Database<T> {
ContactId addContact(T txn, Author remote, AuthorId local)
throws DbException;
/**
* Stores an endpoint.
* <p>
* Locking: write.
*/
void addEndpoint(T txn, Endpoint ep) throws DbException;
/**
* Subscribes to a group, or returns false if the user already has the
* maximum number of subscriptions.
@@ -125,15 +117,6 @@ interface Database<T> {
*/
void addOfferedMessage(T txn, ContactId c, MessageId m) throws DbException;
/**
* Stores the given temporary secrets and deletes any secrets that have
* been made obsolete.
* <p>
* Locking: write.
*/
void addSecrets(T txn, Collection<TemporarySecret> secrets)
throws DbException;
/**
* Initialises the status of the given message with respect to the given
* contact.
@@ -154,6 +137,13 @@ interface Database<T> {
boolean addTransport(T txn, TransportId t, int maxLatency)
throws DbException;
/**
* Stores the given transport keys for a newly added contact.
* <p>
* Locking: write.
*/
void addTransportKeys(T txn, ContactId c, TransportKeys k) throws DbException;
/**
* Makes a group visible to the given contact.
* <p>
@@ -270,13 +260,6 @@ interface Database<T> {
*/
Collection<ContactId> getContacts(T txn, AuthorId a) throws DbException;
/**
* Returns all endpoints.
* <p>
* Locking: read.
*/
Collection<Endpoint> getEndpoints(T txn) throws DbException;
/**
* Returns the amount of free storage space available to the database, in
* bytes. This is based on the minimum of the space available on the device
@@ -461,13 +444,6 @@ interface Database<T> {
RetentionUpdate getRetentionUpdate(T txn, ContactId c, int maxLatency)
throws DbException;
/**
* Returns all temporary secrets.
* <p>
* Locking: read.
*/
Collection<TemporarySecret> getSecrets(T txn) throws DbException;
/**
* Returns all settings.
* <p>
@@ -509,7 +485,15 @@ interface Database<T> {
throws DbException;
/**
* Returns the maximum latencies of all supported transports.
* Returns all transport keys for the given transport.
* <p>
* Locking: read.
*/
Map<ContactId, TransportKeys> getTransportKeys(T txn, TransportId t)
throws DbException;
/**
* Returns the maximum latencies in milliseconds of all transports.
* <p>
* Locking: read.
*/
@@ -540,14 +524,13 @@ interface Database<T> {
Collection<ContactId> getVisibility(T txn, GroupId g) throws DbException;
/**
* Increments the outgoing stream counter for the given endpoint in the
* given rotation period and returns the old value, or -1 if the counter
* does not exist.
* Increments the outgoing stream counter for the given contact and
* transport in the given rotation period.
* <p>
* Locking: write.
*/
long incrementStreamCounter(T txn, ContactId c, TransportId t, long period)
throws DbException;
void incrementStreamCounter(T txn, ContactId c, TransportId t,
long rotationPeriod) throws DbException;
/**
* Increments the retention time versions for all contacts to indicate that
@@ -692,13 +675,13 @@ interface Database<T> {
void resetExpiryTime(T txn, ContactId c, MessageId m) throws DbException;
/**
* Sets the reordering window for the given endpoint in the given rotation
* period.
* Sets the reordering window for the given contact and transport in the
* given rotation period.
* <p>
* Locking: write.
*/
void setReorderingWindow(T txn, ContactId c, TransportId t, long period,
long centre, byte[] bitmap) throws DbException;
void setReorderingWindow(T txn, ContactId c, TransportId t,
long rotationPeriod, long base, byte[] bitmap) throws DbException;
/**
* Updates the groups to which the given contact subscribes and returns
@@ -716,7 +699,7 @@ interface Database<T> {
* <p>
* Locking: write.
*/
public void setInboxGroup(T txn, ContactId c, Group g) throws DbException;
void setInboxGroup(T txn, ContactId c, Group g) throws DbException;
/**
* Marks a message as read or unread.
@@ -798,4 +781,12 @@ interface Database<T> {
*/
void updateExpiryTime(T txn, ContactId c, MessageId m, int maxLatency)
throws DbException;
/**
* Stores the given transport keys, deleting any keys they have replaced.
* <p>
* Locking: write.
*/
void updateTransportKeys(T txn, Map<ContactId, TransportKeys> keys)
throws DbException;
}

226
briar-core/src/org/briarproject/db/DatabaseComponentImpl.java
View File

@@ -1,25 +1,5 @@
package org.briarproject.db;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import static org.briarproject.db.DatabaseConstants.BYTES_PER_SWEEP;
import static org.briarproject.db.DatabaseConstants.CRITICAL_FREE_SPACE;
import static org.briarproject.db.DatabaseConstants.MAX_OFFERED_MESSAGES;
import static org.briarproject.db.DatabaseConstants.MAX_TRANSACTIONS_BETWEEN_SPACE_CHECKS;
import static org.briarproject.db.DatabaseConstants.MIN_FREE_SPACE;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Logger;
import javax.inject.Inject;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorId;
import org.briarproject.api.Contact;
@@ -75,8 +55,29 @@ import org.briarproject.api.messaging.SubscriptionAck;
import org.briarproject.api.messaging.SubscriptionUpdate;
import org.briarproject.api.messaging.TransportAck;
import org.briarproject.api.messaging.TransportUpdate;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.TemporarySecret;
import org.briarproject.api.transport.TransportKeys;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Logger;
import javax.inject.Inject;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import static org.briarproject.db.DatabaseConstants.BYTES_PER_SWEEP;
import static org.briarproject.db.DatabaseConstants.CRITICAL_FREE_SPACE;
import static org.briarproject.db.DatabaseConstants.MAX_OFFERED_MESSAGES;
import static org.briarproject.db.DatabaseConstants.MAX_TRANSACTIONS_BETWEEN_SPACE_CHECKS;
import static org.briarproject.db.DatabaseConstants.MIN_FREE_SPACE;
/**
* An implementation of DatabaseComponent using reentrant read-write locks.
@@ -85,7 +86,7 @@ import org.briarproject.api.transport.TemporarySecret;
* implementation is safe on a given JVM.
*/
class DatabaseComponentImpl<T> implements DatabaseComponent,
DatabaseCleaner.Callback {
DatabaseCleaner.Callback {
private static final Logger LOG =
Logger.getLogger(DatabaseComponentImpl.class.getName());
@@ -180,26 +181,6 @@ DatabaseCleaner.Callback {
return c;
}
public void addEndpoint(Endpoint ep) throws DbException {
lock.writeLock().lock();
try {
T txn = db.startTransaction();
try {
if (!db.containsContact(txn, ep.getContactId()))
throw new NoSuchContactException();
if (!db.containsTransport(txn, ep.getTransportId()))
throw new NoSuchTransportException();
db.addEndpoint(txn, ep);
db.commitTransaction(txn);
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
}
} finally {
lock.writeLock().unlock();
}
}
public boolean addGroup(Group g) throws DbException {
boolean added = false;
lock.writeLock().lock();
@@ -290,30 +271,6 @@ DatabaseCleaner.Callback {
}
}
public void addSecrets(Collection<TemporarySecret> secrets)
throws DbException {
lock.writeLock().lock();
try {
T txn = db.startTransaction();
try {
Collection<TemporarySecret> relevant =
new ArrayList<TemporarySecret>();
for (TemporarySecret s : secrets) {
if (db.containsContact(txn, s.getContactId()))
if (db.containsTransport(txn, s.getTransportId()))
relevant.add(s);
}
if (!secrets.isEmpty()) db.addSecrets(txn, relevant);
db.commitTransaction(txn);
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
}
} finally {
lock.writeLock().unlock();
}
}
public boolean addTransport(TransportId t, int maxLatency)
throws DbException {
boolean added;
@@ -334,6 +291,27 @@ DatabaseCleaner.Callback {
return added;
}
public void addTransportKeys(ContactId c, TransportKeys k)
throws DbException {
lock.writeLock().lock();
try {
T txn = db.startTransaction();
try {
if (!db.containsContact(txn, c))
throw new NoSuchContactException();
if (!db.containsTransport(txn, k.getTransportId()))
throw new NoSuchTransportException();
db.addTransportKeys(txn, c, k);
db.commitTransaction(txn);
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
}
} finally {
lock.writeLock().unlock();
}
}
public Ack generateAck(ContactId c, int maxMessages) throws DbException {
Collection<MessageId> ids;
lock.writeLock().lock();
@@ -883,23 +861,6 @@ DatabaseCleaner.Callback {
}
}
public Collection<TemporarySecret> getSecrets() throws DbException {
lock.readLock().lock();
try {
T txn = db.startTransaction();
try {
Collection<TemporarySecret> secrets = db.getSecrets(txn);
db.commitTransaction(txn);
return secrets;
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
}
} finally {
lock.readLock().unlock();
}
}
public Settings getSettings() throws DbException {
lock.readLock().lock();
try {
@@ -934,6 +895,27 @@ DatabaseCleaner.Callback {
}
}
public Map<ContactId, TransportKeys> getTransportKeys(TransportId t)
throws DbException {
lock.readLock().lock();
try {
T txn = db.startTransaction();
try {
if (!db.containsTransport(txn, t))
throw new NoSuchTransportException();
Map<ContactId, TransportKeys> keys =
db.getTransportKeys(txn, t);
db.commitTransaction(txn);
return keys;
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
}
} finally {
lock.readLock().unlock();
}
}
public Map<TransportId, Integer> getTransportLatencies()
throws DbException {
lock.readLock().lock();
@@ -989,8 +971,8 @@ DatabaseCleaner.Callback {
}
}
public long incrementStreamCounter(ContactId c, TransportId t,
long period) throws DbException {
public void incrementStreamCounter(ContactId c, TransportId t,
long rotationPeriod) throws DbException {
lock.writeLock().lock();
try {
T txn = db.startTransaction();
@@ -999,9 +981,8 @@ DatabaseCleaner.Callback {
throw new NoSuchContactException();
if (!db.containsTransport(txn, t))
throw new NoSuchTransportException();
long counter = db.incrementStreamCounter(txn, c, t, period);
db.incrementStreamCounter(txn, c, t, rotationPeriod);
db.commitTransaction(txn);
return counter;
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
@@ -1404,27 +1385,6 @@ DatabaseCleaner.Callback {
eventBus.broadcast(new TransportRemovedEvent(t));
}
public void setReorderingWindow(ContactId c, TransportId t, long period,
long centre, byte[] bitmap) throws DbException {
lock.writeLock().lock();
try {
T txn = db.startTransaction();
try {
if (!db.containsContact(txn, c))
throw new NoSuchContactException();
if (!db.containsTransport(txn, t))
throw new NoSuchTransportException();
db.setReorderingWindow(txn, c, t, period, centre, bitmap);
db.commitTransaction(txn);
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
}
} finally {
lock.writeLock().unlock();
}
}
public void setInboxGroup(ContactId c, Group g) throws DbException {
lock.writeLock().lock();
try {
@@ -1480,6 +1440,27 @@ DatabaseCleaner.Callback {
}
}
public void setReorderingWindow(ContactId c, TransportId t,
long rotationPeriod, long base, byte[] bitmap) throws DbException {
lock.writeLock().lock();
try {
T txn = db.startTransaction();
try {
if (!db.containsContact(txn, c))
throw new NoSuchContactException();
if (!db.containsTransport(txn, t))
throw new NoSuchTransportException();
db.setReorderingWindow(txn, c, t, rotationPeriod, base, bitmap);
db.commitTransaction(txn);
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
}
} finally {
lock.writeLock().unlock();
}
}
public void setVisibility(GroupId g, Collection<ContactId> visible)
throws DbException {
Collection<ContactId> affected = new ArrayList<ContactId>();
@@ -1552,6 +1533,33 @@ DatabaseCleaner.Callback {
eventBus.broadcast(new LocalSubscriptionsUpdatedEvent(affected));
}
public void updateTransportKeys(Map<ContactId, TransportKeys> keys)
throws DbException {
lock.writeLock().lock();
try {
T txn = db.startTransaction();
try {
Map<ContactId, TransportKeys> filtered =
new HashMap<ContactId, TransportKeys>();
for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
ContactId c = e.getKey();
TransportKeys k = e.getValue();
if (db.containsContact(txn, c)
&& db.containsTransport(txn, k.getTransportId())) {
filtered.put(c, k);
}
}
db.updateTransportKeys(txn, filtered);
db.commitTransaction(txn);
} catch (DbException e) {
db.abortTransaction(txn);
throw e;
}
} finally {
lock.writeLock().unlock();
}
}
public void checkFreeSpaceAndClean() throws DbException {
long freeSpace = db.getFreeSpace();
if (LOG.isLoggable(INFO)) LOG.info(freeSpace + " bytes free space");

454
briar-core/src/org/briarproject/db/JdbcDatabase.java
View File

@@ -1,14 +1,33 @@
package org.briarproject.db;
import static java.sql.Types.BINARY;
import static java.sql.Types.VARCHAR;
import static java.util.logging.Level.WARNING;
import static org.briarproject.api.Author.Status.ANONYMOUS;
import static org.briarproject.api.Author.Status.UNKNOWN;
import static org.briarproject.api.Author.Status.VERIFIED;
import static org.briarproject.api.messaging.MessagingConstants.MAX_SUBSCRIPTIONS;
import static org.briarproject.api.messaging.MessagingConstants.RETENTION_GRANULARITY;
import static org.briarproject.db.ExponentialBackoff.calculateExpiry;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorId;
import org.briarproject.api.Contact;
import org.briarproject.api.ContactId;
import org.briarproject.api.LocalAuthor;
import org.briarproject.api.Settings;
import org.briarproject.api.TransportConfig;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.db.DbClosedException;
import org.briarproject.api.db.DbException;
import org.briarproject.api.db.MessageHeader;
import org.briarproject.api.db.MessageHeader.State;
import org.briarproject.api.messaging.Group;
import org.briarproject.api.messaging.GroupId;
import org.briarproject.api.messaging.Message;
import org.briarproject.api.messaging.MessageId;
import org.briarproject.api.messaging.RetentionAck;
import org.briarproject.api.messaging.RetentionUpdate;
import org.briarproject.api.messaging.SubscriptionAck;
import org.briarproject.api.messaging.SubscriptionUpdate;
import org.briarproject.api.messaging.TransportAck;
import org.briarproject.api.messaging.TransportUpdate;
import org.briarproject.api.system.Clock;
import org.briarproject.api.transport.IncomingKeys;
import org.briarproject.api.transport.OutgoingKeys;
import org.briarproject.api.transport.TransportKeys;
import java.io.IOException;
import java.sql.Connection;
@@ -32,32 +51,15 @@ import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Logger;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorId;
import org.briarproject.api.Contact;
import org.briarproject.api.ContactId;
import org.briarproject.api.LocalAuthor;
import org.briarproject.api.Settings;
import org.briarproject.api.TransportConfig;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.db.DbClosedException;
import org.briarproject.api.db.DbException;
import org.briarproject.api.db.MessageHeader;
import org.briarproject.api.db.MessageHeader.State;
import org.briarproject.api.messaging.Group;
import org.briarproject.api.messaging.GroupId;
import org.briarproject.api.messaging.Message;
import org.briarproject.api.messaging.MessageId;
import org.briarproject.api.messaging.RetentionAck;
import org.briarproject.api.messaging.RetentionUpdate;
import org.briarproject.api.messaging.SubscriptionAck;
import org.briarproject.api.messaging.SubscriptionUpdate;
import org.briarproject.api.messaging.TransportAck;
import org.briarproject.api.messaging.TransportUpdate;
import org.briarproject.api.system.Clock;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.TemporarySecret;
import static java.sql.Types.BINARY;
import static java.sql.Types.VARCHAR;
import static java.util.logging.Level.WARNING;
import static org.briarproject.api.Author.Status.ANONYMOUS;
import static org.briarproject.api.Author.Status.UNKNOWN;
import static org.briarproject.api.Author.Status.VERIFIED;
import static org.briarproject.api.messaging.MessagingConstants.MAX_SUBSCRIPTIONS;
import static org.briarproject.api.messaging.MessagingConstants.RETENTION_GRANULARITY;
import static org.briarproject.db.ExponentialBackoff.calculateExpiry;
/**
* A generic database implementation that can be used with any JDBC-compatible
@@ -65,8 +67,8 @@ import org.briarproject.api.transport.TemporarySecret;
*/
abstract class JdbcDatabase implements Database<Connection> {
private static final int SCHEMA_VERSION = 9;
private static final int MIN_SCHEMA_VERSION = 9;
private static final int SCHEMA_VERSION = 10;
private static final int MIN_SCHEMA_VERSION = 10;
private static final String CREATE_SETTINGS =
"CREATE TABLE settings"
@@ -277,13 +279,16 @@ abstract class JdbcDatabase implements Database<Connection> {
+ " REFERENCES contacts (contactId)"
+ " ON DELETE CASCADE)";
private static final String CREATE_ENDPOINTS =
"CREATE TABLE endpoints"
private static final String CREATE_INCOMING_KEYS =
"CREATE TABLE incomingKeys"
+ " (contactId INT NOT NULL,"
+ " transportId VARCHAR NOT NULL,"
+ " epoch BIGINT NOT NULL,"
+ " alice BOOLEAN NOT NULL,"
+ " PRIMARY KEY (contactId, transportId),"
+ " period BIGINT NOT NULL,"
+ " tagKey SECRET NOT NULL,"
+ " headerKey SECRET NOT NULL,"
+ " base BIGINT NOT NULL,"
+ " bitmap BINARY NOT NULL,"
+ " PRIMARY KEY (contactId, transportId, period),"
+ " FOREIGN KEY (contactId)"
+ " REFERENCES contacts (contactId)"
+ " ON DELETE CASCADE,"
@@ -291,16 +296,15 @@ abstract class JdbcDatabase implements Database<Connection> {
+ " REFERENCES transports (transportId)"
+ " ON DELETE CASCADE)";
private static final String CREATE_SECRETS =
"CREATE TABLE secrets"
private static final String CREATE_OUTGOING_KEYS =
"CREATE TABLE outgoingKeys"
+ " (contactId INT NOT NULL,"
+ " transportId VARCHAR NOT NULL,"
+ " period BIGINT NOT NULL,"
+ " secret SECRET NOT NULL,"
+ " outgoing BIGINT NOT NULL,"
+ " centre BIGINT NOT NULL,"
+ " bitmap BINARY NOT NULL,"
+ " PRIMARY KEY (contactId, transportId, period),"
+ " tagKey SECRET NOT NULL,"
+ " headerKey SECRET NOT NULL,"
+ " stream BIGINT NOT NULL,"
+ " PRIMARY KEY (contactId, transportId),"
+ " FOREIGN KEY (contactId)"
+ " REFERENCES contacts (contactId)"
+ " ON DELETE CASCADE,"
@@ -324,6 +328,7 @@ abstract class JdbcDatabase implements Database<Connection> {
private boolean closed = false; // Locking: connectionsLock
protected abstract Connection createConnection() throws SQLException;
protected abstract void flushBuffersToDisk(Statement s) throws SQLException;
private final Lock connectionsLock = new ReentrantLock();
@@ -339,7 +344,7 @@ abstract class JdbcDatabase implements Database<Connection> {
}
protected void open(String driverClass, boolean reopen) throws DbException,
IOException {
IOException {
// Load the JDBC driver
try {
Class.forName(driverClass);
@@ -382,7 +387,7 @@ abstract class JdbcDatabase implements Database<Connection> {
try {
if (rs != null) rs.close();
} catch (SQLException e) {
if (LOG.isLoggable(WARNING))LOG.log(WARNING, e.toString(), e);
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
}
}
@@ -390,7 +395,7 @@ abstract class JdbcDatabase implements Database<Connection> {
try {
if (s != null) s.close();
} catch (SQLException e) {
if (LOG.isLoggable(WARNING))LOG.log(WARNING, e.toString(), e);
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
}
}
@@ -418,8 +423,8 @@ abstract class JdbcDatabase implements Database<Connection> {
s.executeUpdate(insertTypeNames(CREATE_TRANSPORT_VERSIONS));
s.executeUpdate(insertTypeNames(CREATE_CONTACT_TRANSPORT_PROPS));
s.executeUpdate(insertTypeNames(CREATE_CONTACT_TRANSPORT_VERSIONS));
s.executeUpdate(insertTypeNames(CREATE_ENDPOINTS));
s.executeUpdate(insertTypeNames(CREATE_SECRETS));
s.executeUpdate(insertTypeNames(CREATE_INCOMING_KEYS));
s.executeUpdate(insertTypeNames(CREATE_OUTGOING_KEYS));
s.close();
} catch (SQLException e) {
tryToClose(s);
@@ -480,7 +485,8 @@ abstract class JdbcDatabase implements Database<Connection> {
try {
txn.close();
} catch (SQLException e1) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e1.toString(), e1);
if (LOG.isLoggable(WARNING))
LOG.log(WARNING, e1.toString(), e1);
}
// Whatever happens, allow the database to close
connectionsLock.lock();
@@ -679,26 +685,6 @@ abstract class JdbcDatabase implements Database<Connection> {
}
}
public void addEndpoint(Connection txn, Endpoint ep) throws DbException {
PreparedStatement ps = null;
try {
String sql = "INSERT INTO endpoints"
+ " (contactId, transportId, epoch, alice)"
+ " VALUES (?, ?, ?, ?)";
ps = txn.prepareStatement(sql);
ps.setInt(1, ep.getContactId().getInt());
ps.setString(2, ep.getTransportId().getString());
ps.setLong(3, ep.getEpoch());
ps.setBoolean(4, ep.getAlice());
int affected = ps.executeUpdate();
if (affected != 1) throw new DbStateException();
ps.close();
} catch (SQLException e) {
tryToClose(ps);
throw new DbException(e);
}
}
public boolean addGroup(Connection txn, Group g) throws DbException {
PreparedStatement ps = null;
ResultSet rs = null;
@@ -824,52 +810,6 @@ abstract class JdbcDatabase implements Database<Connection> {
}
}
public void addSecrets(Connection txn, Collection<TemporarySecret> secrets)
throws DbException {
PreparedStatement ps = null;
try {
// Store the new secrets
String sql = "INSERT INTO secrets (contactId, transportId, period,"
+ " secret, outgoing, centre, bitmap)"
+ " VALUES (?, ?, ?, ?, ?, ?, ?)";
ps = txn.prepareStatement(sql);
for (TemporarySecret s : secrets) {
ps.setInt(1, s.getContactId().getInt());
ps.setString(2, s.getTransportId().getString());
ps.setLong(3, s.getPeriod());
ps.setBytes(4, s.getSecret());
ps.setLong(5, s.getOutgoingStreamCounter());
ps.setLong(6, s.getWindowCentre());
ps.setBytes(7, s.getWindowBitmap());
ps.addBatch();
}
int[] batchAffected = ps.executeBatch();
if (batchAffected.length != secrets.size())
throw new DbStateException();
for (int i = 0; i < batchAffected.length; i++) {
if (batchAffected[i] != 1) throw new DbStateException();
}
ps.close();
// Delete any obsolete secrets
sql = "DELETE FROM secrets"
+ " WHERE contactId = ? AND transportId = ? AND period < ?";
ps = txn.prepareStatement(sql);
for (TemporarySecret s : secrets) {
ps.setInt(1, s.getContactId().getInt());
ps.setString(2, s.getTransportId().getString());
ps.setLong(3, s.getPeriod() - 2);
ps.addBatch();
}
batchAffected = ps.executeBatch();
if (batchAffected.length != secrets.size())
throw new DbStateException();
ps.close();
} catch (SQLException e) {
tryToClose(ps);
throw new DbException(e);
}
}
public void addStatus(Connection txn, ContactId c, MessageId m, boolean ack,
boolean seen) throws DbException {
PreparedStatement ps = null;
@@ -947,6 +887,68 @@ abstract class JdbcDatabase implements Database<Connection> {
}
}
public void addTransportKeys(Connection txn, ContactId c, TransportKeys k)
throws DbException {
PreparedStatement ps = null;
try {
// Store the incoming keys
String sql = "INSERT INTO incomingKeys (contactId, transportId,"
+ " period, tagKey, headerKey, base, bitmap)"
+ " VALUES (?, ?, ?, ?, ?, ?, ?)";
ps = txn.prepareStatement(sql);
ps.setInt(1, c.getInt());
ps.setString(2, k.getTransportId().getString());
// Previous rotation period
IncomingKeys inPrev = k.getPreviousIncomingKeys();
ps.setLong(3, inPrev.getRotationPeriod());
ps.setBytes(4, inPrev.getTagKey().getBytes());
ps.setBytes(5, inPrev.getHeaderKey().getBytes());
ps.setLong(6, inPrev.getWindowBase());
ps.setBytes(7, inPrev.getWindowBitmap());
ps.addBatch();
// Current rotation period
IncomingKeys inCurr = k.getCurrentIncomingKeys();
ps.setLong(3, inCurr.getRotationPeriod());
ps.setBytes(4, inCurr.getTagKey().getBytes());
ps.setBytes(5, inCurr.getHeaderKey().getBytes());
ps.setLong(6, inCurr.getWindowBase());
ps.setBytes(7, inCurr.getWindowBitmap());
ps.addBatch();
// Next rotation period
IncomingKeys inNext = k.getNextIncomingKeys();
ps.setLong(3, inNext.getRotationPeriod());
ps.setBytes(4, inNext.getTagKey().getBytes());
ps.setBytes(5, inNext.getHeaderKey().getBytes());
ps.setLong(6, inNext.getWindowBase());
ps.setBytes(7, inNext.getWindowBitmap());
ps.addBatch();
int[] batchAffected = ps.executeBatch();
if (batchAffected.length != 3) throw new DbStateException();
for (int i = 0; i < batchAffected.length; i++) {
if (batchAffected[i] != 1) throw new DbStateException();
}
ps.close();
// Store the outgoing keys
sql = "INSERT INTO outgoingKeys (contactId, transportId, period,"
+ " tagKey, headerKey, stream)"
+ " VALUES (?, ?, ?, ?, ?, ?)";
ps = txn.prepareStatement(sql);
ps.setInt(1, c.getInt());
ps.setString(2, k.getTransportId().getString());
OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
ps.setLong(3, outCurr.getRotationPeriod());
ps.setBytes(4, outCurr.getTagKey().getBytes());
ps.setBytes(5, outCurr.getHeaderKey().getBytes());
ps.setLong(6, outCurr.getStreamCounter());
int affected = ps.executeUpdate();
if (affected != 1) throw new DbStateException();
ps.close();
} catch (SQLException e) {
tryToClose(ps);
throw new DbException(e);
}
}
public void addVisibility(Connection txn, ContactId c, GroupId g)
throws DbException {
PreparedStatement ps = null;
@@ -1326,32 +1328,6 @@ abstract class JdbcDatabase implements Database<Connection> {
}
}
public Collection<Endpoint> getEndpoints(Connection txn)
throws DbException {
PreparedStatement ps = null;
ResultSet rs = null;
try {
String sql = "SELECT contactId, transportId, epoch, alice"
+ " FROM endpoints";
ps = txn.prepareStatement(sql);
rs = ps.executeQuery();
List<Endpoint> endpoints = new ArrayList<Endpoint>();
while (rs.next()) {
ContactId contactId = new ContactId(rs.getInt(1));
TransportId transportId = new TransportId(rs.getString(2));
long epoch = rs.getLong(3);
boolean alice = rs.getBoolean(4);
endpoints.add(new Endpoint(contactId, transportId, epoch,
alice));
}
return Collections.unmodifiableList(endpoints);
} catch (SQLException e) {
tryToClose(rs);
tryToClose(ps);
throw new DbException(e);
}
}
public Group getGroup(Connection txn, GroupId g) throws DbException {
PreparedStatement ps = null;
ResultSet rs = null;
@@ -2098,43 +2074,6 @@ abstract class JdbcDatabase implements Database<Connection> {
}
}
public Collection<TemporarySecret> getSecrets(Connection txn)
throws DbException {
PreparedStatement ps = null;
ResultSet rs = null;
try {
String sql = "SELECT e.contactId, e.transportId, epoch, alice,"
+ " period, secret, outgoing, centre, bitmap"
+ " FROM endpoints AS e"
+ " JOIN secrets AS s"
+ " ON e.contactId = s.contactId"
+ " AND e.transportId = s.transportId";
ps = txn.prepareStatement(sql);
rs = ps.executeQuery();
List<TemporarySecret> secrets = new ArrayList<TemporarySecret>();
while (rs.next()) {
ContactId contactId = new ContactId(rs.getInt(1));
TransportId transportId = new TransportId(rs.getString(2));
long epoch = rs.getLong(3);
boolean alice = rs.getBoolean(4);
long period = rs.getLong(5);
byte[] secret = rs.getBytes(6);
long outgoing = rs.getLong(7);
long centre = rs.getLong(8);
byte[] bitmap = rs.getBytes(9);
secrets.add(new TemporarySecret(contactId, transportId, epoch,
alice, period, secret, outgoing, centre, bitmap));
}
rs.close();
ps.close();
return Collections.unmodifiableList(secrets);
} catch (SQLException e) {
tryToClose(rs);
tryToClose(ps);
throw new DbException(e);
}
}
public Settings getSettings(Connection txn) throws DbException {
PreparedStatement ps = null;
ResultSet rs = null;
@@ -2317,6 +2256,67 @@ abstract class JdbcDatabase implements Database<Connection> {
}
}
public Map<ContactId, TransportKeys> getTransportKeys(Connection txn,
TransportId t) throws DbException {
PreparedStatement ps = null;
ResultSet rs = null;
try {
// Retrieve the incoming keys
String sql = "SELECT period, tagKey, headerKey, base, bitmap"
+ " FROM incomingKeys"
+ " WHERE transportId = ?"
+ " ORDER BY contactId, period";
ps = txn.prepareStatement(sql);
ps.setString(1, t.getString());
rs = ps.executeQuery();
List<IncomingKeys> inKeys = new ArrayList<IncomingKeys>();
while (rs.next()) {
long rotationPeriod = rs.getLong(1);
SecretKey tagKey = new SecretKey(rs.getBytes(2));
SecretKey headerKey = new SecretKey(rs.getBytes(3));
long windowBase = rs.getLong(4);
byte[] windowBitmap = rs.getBytes(5);
inKeys.add(new IncomingKeys(tagKey, headerKey, rotationPeriod,
windowBase, windowBitmap));
}
rs.close();
ps.close();
// Retrieve the outgoing keys in the same order
sql = "SELECT contactId, period, tagKey, headerKey, stream"
+ " FROM outgoingKeys"
+ " WHERE transportId = ?"
+ " ORDER BY contactId, period";
ps = txn.prepareStatement(sql);
ps.setString(1, t.getString());
rs = ps.executeQuery();
Map<ContactId, TransportKeys> keys =
new HashMap<ContactId, TransportKeys>();
for (int i = 0; rs.next(); i++) {
// There should be three times as many incoming keys
if (inKeys.size() < (i + 1) * 3) throw new DbStateException();
ContactId contactId = new ContactId(rs.getInt(1));
long rotationPeriod = rs.getLong(2);
SecretKey tagKey = new SecretKey(rs.getBytes(3));
SecretKey headerKey = new SecretKey(rs.getBytes(4));
long streamCounter = rs.getLong(5);
OutgoingKeys outCurr = new OutgoingKeys(tagKey, headerKey,
rotationPeriod, streamCounter);
IncomingKeys inPrev = inKeys.get(i * 3);
IncomingKeys inCurr = inKeys.get(i * 3 + 1);
IncomingKeys inNext = inKeys.get(i * 3 + 2);
keys.put(contactId, new TransportKeys(t, inPrev, inCurr,
inNext, outCurr));
}
rs.close();
ps.close();
return Collections.unmodifiableMap(keys);
} catch (SQLException e) {
tryToClose(rs);
tryToClose(ps);
throw new DbException(e);
}
}
public Map<TransportId, Integer> getTransportLatencies(Connection txn)
throws DbException {
PreparedStatement ps = null;
@@ -2327,7 +2327,7 @@ abstract class JdbcDatabase implements Database<Connection> {
rs = ps.executeQuery();
Map<TransportId, Integer> latencies =
new HashMap<TransportId, Integer>();
while (rs.next()){
while (rs.next()) {
TransportId id = new TransportId(rs.getString(1));
latencies.put(id, rs.getInt(2));
}
@@ -2392,7 +2392,7 @@ abstract class JdbcDatabase implements Database<Connection> {
ps.setString(3, u.getId().getString());
ps.addBatch();
}
int [] batchAffected = ps.executeBatch();
int[] batchAffected = ps.executeBatch();
if (batchAffected.length != updates.size())
throw new DbStateException();
for (i = 0; i < batchAffected.length; i++) {
@@ -2455,42 +2455,21 @@ abstract class JdbcDatabase implements Database<Connection> {
}
}
public long incrementStreamCounter(Connection txn, ContactId c,
TransportId t, long period) throws DbException {
public void incrementStreamCounter(Connection txn, ContactId c,
TransportId t, long rotationPeriod) throws DbException {
PreparedStatement ps = null;
ResultSet rs = null;
try {
// Get the current stream counter
String sql = "SELECT outgoing FROM secrets"
String sql = "UPDATE outgoingKeys SET stream = stream + 1"
+ " WHERE contactId = ? AND transportId = ? AND period = ?";
ps = txn.prepareStatement(sql);
ps.setInt(1, c.getInt());
ps.setString(2, t.getString());
ps.setLong(3, period);
rs = ps.executeQuery();
if (!rs.next()) {
rs.close();
ps.close();
return -1;
}
long streamNumber = rs.getLong(1);
if (rs.next()) throw new DbStateException();
rs.close();
ps.close();
// Increment the stream counter
sql = "UPDATE secrets SET outgoing = outgoing + 1"
+ " WHERE contactId = ? AND transportId = ? AND period = ?";
ps = txn.prepareStatement(sql);
ps.setInt(1, c.getInt());
ps.setString(2, t.getString());
ps.setLong(3, period);
ps.setLong(3, rotationPeriod);
int affected = ps.executeUpdate();
if (affected != 1) throw new DbStateException();
ps.close();
return streamNumber;
} catch (SQLException e) {
tryToClose(ps);
tryToClose(rs);
throw new DbException(e);
}
}
@@ -2929,18 +2908,19 @@ abstract class JdbcDatabase implements Database<Connection> {
throw new DbException(e);
}
}
public void setReorderingWindow(Connection txn, ContactId c, TransportId t,
long period, long centre, byte[] bitmap) throws DbException {
long rotationPeriod, long base, byte[] bitmap) throws DbException {
PreparedStatement ps = null;
try {
String sql = "UPDATE secrets SET centre = ?, bitmap = ?"
String sql = "UPDATE incomingKeys SET base = ?, bitmap = ?"
+ " WHERE contactId = ? AND transportId = ? AND period = ?";
ps = txn.prepareStatement(sql);
ps.setLong(1, centre);
ps.setLong(1, base);
ps.setBytes(2, bitmap);
ps.setInt(3, c.getInt());
ps.setString(4, t.getString());
ps.setLong(5, period);
ps.setLong(5, rotationPeriod);
int affected = ps.executeUpdate();
if (affected < 0 || affected > 1) throw new DbStateException();
ps.close();
@@ -3139,7 +3119,7 @@ abstract class JdbcDatabase implements Database<Connection> {
public boolean setRemoteProperties(Connection txn, ContactId c,
TransportId t, TransportProperties p, long version)
throws DbException {
throws DbException {
PreparedStatement ps = null;
ResultSet rs = null;
try {
@@ -3354,4 +3334,46 @@ abstract class JdbcDatabase implements Database<Connection> {
throw new DbException(e);
}
}
public void updateTransportKeys(Connection txn,
Map<ContactId, TransportKeys> keys) throws DbException {
PreparedStatement ps = null;
try {
// Delete any existing incoming keys
String sql = "DELETE FROM incomingKeys"
+ " WHERE contactId = ?"
+ " AND transportId = ?";
ps = txn.prepareStatement(sql);
for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
ps.setInt(1, e.getKey().getInt());
ps.setString(2, e.getValue().getTransportId().getString());
ps.addBatch();
}
int[] batchAffected = ps.executeBatch();
if (batchAffected.length != keys.size())
throw new DbStateException();
ps.close();
// Delete any existing outgoing keys
sql = "DELETE FROM outgoingKeys"
+ " WHERE contactId = ?"
+ " AND transportId = ?";
ps = txn.prepareStatement(sql);
for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
ps.setInt(1, e.getKey().getInt());
ps.setString(2, e.getValue().getTransportId().getString());
ps.addBatch();
}
batchAffected = ps.executeBatch();
if (batchAffected.length != keys.size())
throw new DbStateException();
ps.close();
} catch (SQLException e) {
tryToClose(ps);
throw new DbException(e);
}
// Store the new keys
for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
addTransportKeys(txn, e.getKey(), e.getValue());
}
}
}

56
briar-core/src/org/briarproject/invitation/AliceConnector.java
View File

@@ -1,23 +1,13 @@
package org.briarproject.invitation;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.util.Map;
import java.util.logging.Logger;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorFactory;
import org.briarproject.api.LocalAuthor;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.crypto.PseudoRandom;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.data.Reader;
import org.briarproject.api.data.ReaderFactory;
import org.briarproject.api.data.Writer;
@@ -29,9 +19,20 @@ import org.briarproject.api.plugins.ConnectionManager;
import org.briarproject.api.plugins.duplex.DuplexPlugin;
import org.briarproject.api.plugins.duplex.DuplexTransportConnection;
import org.briarproject.api.system.Clock;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.util.Map;
import java.util.logging.Logger;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
/** A connection thread for the peer being Alice in the invitation protocol. */
class AliceConnector extends Connector {
@@ -49,9 +50,9 @@ class AliceConnector extends Connector {
Map<TransportId, TransportProperties> localProps,
PseudoRandom random) {
super(crypto, db, readerFactory, writerFactory, streamReaderFactory,
streamWriterFactory, authorFactory, groupFactory, keyManager,
connectionManager, clock, reuseConnection, group, plugin,
localAuthor, localProps, random);
streamWriterFactory, authorFactory, groupFactory,
keyManager, connectionManager, clock, reuseConnection, group,
plugin, localAuthor, localProps, random);
}
@Override
@@ -71,7 +72,7 @@ class AliceConnector extends Connector {
OutputStream out;
Reader r;
Writer w;
byte[] secret;
SecretKey master;
try {
in = conn.getReader().getInputStream();
out = conn.getWriter().getOutputStream();
@@ -82,7 +83,7 @@ class AliceConnector extends Connector {
byte[] hash = receivePublicKeyHash(r);
sendPublicKey(w);
byte[] key = receivePublicKey(r);
secret = deriveMasterSecret(hash, key, true);
master = deriveMasterSecret(hash, key, true);
} catch (IOException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
group.keyAgreementFailed();
@@ -96,8 +97,8 @@ class AliceConnector extends Connector {
}
// The key agreement succeeded - derive the confirmation codes
if (LOG.isLoggable(INFO)) LOG.info(pluginName + " agreement succeeded");
int[] codes = crypto.deriveConfirmationCodes(secret);
int aliceCode = codes[0], bobCode = codes[1];
int aliceCode = crypto.deriveConfirmationCode(master, true);
int bobCode = crypto.deriveConfirmationCode(master, false);
group.keyAgreementSucceeded(aliceCode, bobCode);
// Exchange confirmation results
boolean localMatched, remoteMatched;
@@ -130,19 +131,22 @@ class AliceConnector extends Connector {
// Confirmation succeeded - upgrade to a secure connection
if (LOG.isLoggable(INFO))
LOG.info(pluginName + " confirmation succeeded");
// Derive the header keys
SecretKey aliceHeaderKey = crypto.deriveInvitationKey(master, true);
SecretKey bobHeaderKey = crypto.deriveInvitationKey(master, false);
// Create the readers
InputStream streamReader =
streamReaderFactory.createInvitationStreamReader(in,
secret, false); // Bob's stream
bobHeaderKey);
r = readerFactory.createReader(streamReader);
// Create the writers
OutputStream streamWriter =
streamWriterFactory.createInvitationStreamWriter(out,
secret, true); // Alice's stream
aliceHeaderKey);
w = writerFactory.createWriter(streamWriter);
// Derive the invitation nonces
byte[][] nonces = crypto.deriveInvitationNonces(secret);
byte[] aliceNonce = nonces[0], bobNonce = nonces[1];
byte[] aliceNonce = crypto.deriveSignatureNonce(master, true);
byte[] bobNonce = crypto.deriveSignatureNonce(master, false);
// Exchange pseudonyms, signed nonces, timestamps and transports
Author remoteAuthor;
long remoteTimestamp;
@@ -171,11 +175,11 @@ class AliceConnector extends Connector {
tryToClose(conn, true);
return;
}
// The epoch is the minimum of the peers' timestamps
long epoch = Math.min(localTimestamp, remoteTimestamp);
// The agreed timestamp is the minimum of the peers' timestamps
long timestamp = Math.min(localTimestamp, remoteTimestamp);
// Add the contact and store the transports
try {
addContact(remoteAuthor, remoteProps, secret, epoch, true);
addContact(remoteAuthor, remoteProps, master, timestamp, true);
} catch (DbException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
tryToClose(conn, true);
@@ -190,4 +194,4 @@ class AliceConnector extends Connector {
LOG.info(pluginName + " pseudonym exchange succeeded");
group.pseudonymExchangeSucceeded(remoteAuthor);
}
}
}

54
briar-core/src/org/briarproject/invitation/BobConnector.java
View File

@@ -1,23 +1,13 @@
package org.briarproject.invitation;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.util.Map;
import java.util.logging.Logger;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorFactory;
import org.briarproject.api.LocalAuthor;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.crypto.PseudoRandom;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.data.Reader;
import org.briarproject.api.data.ReaderFactory;
import org.briarproject.api.data.Writer;
@@ -29,9 +19,20 @@ import org.briarproject.api.plugins.ConnectionManager;
import org.briarproject.api.plugins.duplex.DuplexPlugin;
import org.briarproject.api.plugins.duplex.DuplexTransportConnection;
import org.briarproject.api.system.Clock;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.util.Map;
import java.util.logging.Logger;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
/** A connection thread for the peer being Bob in the invitation protocol. */
class BobConnector extends Connector {
@@ -49,9 +50,9 @@ class BobConnector extends Connector {
Map<TransportId, TransportProperties> localProps,
PseudoRandom random) {
super(crypto, db, readerFactory, writerFactory, streamReaderFactory,
streamWriterFactory, authorFactory, groupFactory, keyManager,
connectionManager, clock, reuseConnection, group, plugin,
localAuthor, localProps, random);
streamWriterFactory, authorFactory, groupFactory,
keyManager, connectionManager, clock, reuseConnection, group,
plugin, localAuthor, localProps, random);
}
@Override
@@ -65,7 +66,7 @@ class BobConnector extends Connector {
OutputStream out;
Reader r;
Writer w;
byte[] secret;
SecretKey master;
try {
in = conn.getReader().getInputStream();
out = conn.getWriter().getOutputStream();
@@ -82,7 +83,7 @@ class BobConnector extends Connector {
sendPublicKeyHash(w);
byte[] key = receivePublicKey(r);
sendPublicKey(w);
secret = deriveMasterSecret(hash, key, false);
master = deriveMasterSecret(hash, key, false);
} catch (IOException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
group.keyAgreementFailed();
@@ -96,8 +97,8 @@ class BobConnector extends Connector {
}
// The key agreement succeeded - derive the confirmation codes
if (LOG.isLoggable(INFO)) LOG.info(pluginName + " agreement succeeded");
int[] codes = crypto.deriveConfirmationCodes(secret);
int aliceCode = codes[0], bobCode = codes[1];
int aliceCode = crypto.deriveConfirmationCode(master, true);
int bobCode = crypto.deriveConfirmationCode(master, false);
group.keyAgreementSucceeded(bobCode, aliceCode);
// Exchange confirmation results
boolean localMatched, remoteMatched;
@@ -130,19 +131,22 @@ class BobConnector extends Connector {
// Confirmation succeeded - upgrade to a secure connection
if (LOG.isLoggable(INFO))
LOG.info(pluginName + " confirmation succeeded");
// Derive the header keys
SecretKey aliceHeaderKey = crypto.deriveInvitationKey(master, true);
SecretKey bobHeaderKey = crypto.deriveInvitationKey(master, false);
// Create the readers
InputStream streamReader =
streamReaderFactory.createInvitationStreamReader(in,
secret, true); // Alice's stream
aliceHeaderKey);
r = readerFactory.createReader(streamReader);
// Create the writers
OutputStream streamWriter =
streamWriterFactory.createInvitationStreamWriter(out,
secret, false); // Bob's stream
bobHeaderKey);
w = writerFactory.createWriter(streamWriter);
// Derive the nonces
byte[][] nonces = crypto.deriveInvitationNonces(secret);
byte[] aliceNonce = nonces[0], bobNonce = nonces[1];
byte[] aliceNonce = crypto.deriveSignatureNonce(master, true);
byte[] bobNonce = crypto.deriveSignatureNonce(master, false);
// Exchange pseudonyms, signed nonces, timestamps and transports
Author remoteAuthor;
long remoteTimestamp;
@@ -171,11 +175,11 @@ class BobConnector extends Connector {
tryToClose(conn, true);
return;
}
// The epoch is the minimum of the peers' timestamps
long epoch = Math.min(localTimestamp, remoteTimestamp);
// The agreed timestamp is the minimum of the peers' timestamps
long timestamp = Math.min(localTimestamp, remoteTimestamp);
// Add the contact and store the transports
try {
addContact(remoteAuthor, remoteProps, secret, epoch, false);
addContact(remoteAuthor, remoteProps, master, timestamp, false);
} catch (DbException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
tryToClose(conn, true);

141
briar-core/src/org/briarproject/invitation/Connector.java
View File

@@ -1,5 +1,46 @@
package org.briarproject.invitation;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorFactory;
import org.briarproject.api.ContactId;
import org.briarproject.api.FormatException;
import org.briarproject.api.LocalAuthor;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyPair;
import org.briarproject.api.crypto.KeyParser;
import org.briarproject.api.crypto.MessageDigest;
import org.briarproject.api.crypto.PseudoRandom;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.Signature;
import org.briarproject.api.data.Reader;
import org.briarproject.api.data.ReaderFactory;
import org.briarproject.api.data.Writer;
import org.briarproject.api.data.WriterFactory;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.db.DbException;
import org.briarproject.api.messaging.Group;
import org.briarproject.api.messaging.GroupFactory;
import org.briarproject.api.plugins.ConnectionManager;
import org.briarproject.api.plugins.duplex.DuplexPlugin;
import org.briarproject.api.plugins.duplex.DuplexTransportConnection;
import org.briarproject.api.system.Clock;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
import org.briarproject.api.transport.TransportKeys;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.logging.Logger;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import static org.briarproject.api.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
@@ -9,50 +50,9 @@ import static org.briarproject.api.TransportPropertyConstants.MAX_PROPERTIES_PER
import static org.briarproject.api.TransportPropertyConstants.MAX_PROPERTY_LENGTH;
import static org.briarproject.api.TransportPropertyConstants.MAX_TRANSPORT_ID_LENGTH;
import static org.briarproject.api.invitation.InvitationConstants.CONNECTION_TIMEOUT;
import static org.briarproject.api.transport.TransportConstants.MAX_CLOCK_DIFFERENCE;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.logging.Logger;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorFactory;
import org.briarproject.api.ContactId;
import org.briarproject.api.FormatException;
import org.briarproject.api.LocalAuthor;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.crypto.KeyPair;
import org.briarproject.api.crypto.KeyParser;
import org.briarproject.api.crypto.MessageDigest;
import org.briarproject.api.crypto.PseudoRandom;
import org.briarproject.api.crypto.Signature;
import org.briarproject.api.data.Reader;
import org.briarproject.api.data.ReaderFactory;
import org.briarproject.api.data.Writer;
import org.briarproject.api.data.WriterFactory;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.db.DbException;
import org.briarproject.api.db.NoSuchTransportException;
import org.briarproject.api.messaging.Group;
import org.briarproject.api.messaging.GroupFactory;
import org.briarproject.api.plugins.ConnectionManager;
import org.briarproject.api.plugins.duplex.DuplexPlugin;
import org.briarproject.api.plugins.duplex.DuplexTransportConnection;
import org.briarproject.api.system.Clock;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
// FIXME: This class has way too many dependencies
abstract class Connector extends Thread {
private static final Logger LOG =
@@ -152,8 +152,8 @@ abstract class Connector extends Thread {
return b;
}
protected byte[] deriveMasterSecret(byte[] hash, byte[] key, boolean alice)
throws GeneralSecurityException {
protected SecretKey deriveMasterSecret(byte[] hash, byte[] key,
boolean alice) throws GeneralSecurityException {
// Check that the hash matches the key
if (!Arrays.equals(hash, messageDigest.digest(key))) {
if (LOG.isLoggable(INFO))
@@ -271,39 +271,34 @@ abstract class Connector extends Thread {
}
protected void addContact(Author remoteAuthor,
Map<TransportId, TransportProperties> remoteProps, byte[] secret,
long epoch, boolean alice) throws DbException {
Map<TransportId, TransportProperties> remoteProps, SecretKey master,
long timestamp, boolean alice) throws DbException {
// Add the contact to the database
contactId = db.addContact(remoteAuthor, localAuthor.getId());
// Create and store the inbox group
byte[] salt = crypto.deriveGroupSalt(secret);
byte[] salt = crypto.deriveGroupSalt(master);
Group inbox = groupFactory.createGroup("Inbox", salt);
db.addGroup(inbox);
db.setInboxGroup(contactId, inbox);
// Store the remote transport properties
db.setRemoteProperties(contactId, remoteProps);
// Create an endpoint for each transport shared with the contact
List<TransportId> ids = new ArrayList<TransportId>();
// Derive transport keys for each transport shared with the contact
Map<TransportId, Integer> latencies = db.getTransportLatencies();
for (TransportId id : localProps.keySet()) {
if (latencies.containsKey(id) && remoteProps.containsKey(id))
ids.add(id);
}
// Assign indices to the transports deterministically and derive keys
Collections.sort(ids, TransportIdComparator.INSTANCE);
int size = ids.size();
for (int i = 0; i < size; i++) {
TransportId id = ids.get(i);
Endpoint ep = new Endpoint(contactId, id, epoch, alice);
int maxLatency = latencies.get(id);
try {
db.addEndpoint(ep);
} catch (NoSuchTransportException e) {
continue;
List<TransportKeys> keys = new ArrayList<TransportKeys>();
for (TransportId t : localProps.keySet()) {
if (remoteProps.containsKey(t) && latencies.containsKey(t)) {
// Work out what rotation period the timestamp belongs to
long latency = latencies.get(t);
long rotationPeriodLength = latency + MAX_CLOCK_DIFFERENCE;
long rotationPeriod = timestamp / rotationPeriodLength;
// Derive the transport keys
TransportKeys k = crypto.deriveTransportKeys(t, master,
rotationPeriod, alice);
db.addTransportKeys(contactId, k);
keys.add(k);
}
byte[] initialSecret = crypto.deriveInitialSecret(secret, i);
keyManager.endpointAdded(ep, maxLatency, initialSecret);
}
keyManager.contactAdded(contactId, keys);
}
protected void tryToClose(DuplexTransportConnection conn,
@@ -322,16 +317,4 @@ abstract class Connector extends Thread {
TransportId t = plugin.getId();
connectionManager.manageOutgoingConnection(contactId, t, conn);
}
private static class TransportIdComparator
implements Comparator<TransportId> {
private static final TransportIdComparator INSTANCE =
new TransportIdComparator();
public int compare(TransportId t1, TransportId t2) {
String s1 = t1.getString(), s2 = t2.getString();
return String.CASE_INSENSITIVE_ORDER.compare(s1, s2);
}
}
}

30
briar-core/src/org/briarproject/invitation/ConnectorGroup.java
View File

@@ -1,19 +1,5 @@
package org.briarproject.invitation;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static java.util.logging.Level.WARNING;
import static org.briarproject.api.invitation.InvitationConstants.CONFIRMATION_TIMEOUT;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Logger;
import org.briarproject.api.Author;
import org.briarproject.api.AuthorFactory;
import org.briarproject.api.AuthorId;
@@ -21,7 +7,6 @@ import org.briarproject.api.LocalAuthor;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.crypto.PseudoRandom;
import org.briarproject.api.data.ReaderFactory;
import org.briarproject.api.data.WriterFactory;
@@ -35,9 +20,24 @@ import org.briarproject.api.plugins.ConnectionManager;
import org.briarproject.api.plugins.PluginManager;
import org.briarproject.api.plugins.duplex.DuplexPlugin;
import org.briarproject.api.system.Clock;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Logger;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static java.util.logging.Level.WARNING;
import static org.briarproject.api.invitation.InvitationConstants.CONFIRMATION_TIMEOUT;
/** A task consisting of one or more parallel connection attempts. */
class ConnectorGroup extends Thread implements InvitationTask {

2
briar-core/src/org/briarproject/invitation/InvitationTaskFactoryImpl.java
View File

@@ -5,7 +5,6 @@ import javax.inject.Inject;
import org.briarproject.api.AuthorFactory;
import org.briarproject.api.AuthorId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.data.ReaderFactory;
import org.briarproject.api.data.WriterFactory;
import org.briarproject.api.db.DatabaseComponent;
@@ -15,6 +14,7 @@ import org.briarproject.api.messaging.GroupFactory;
import org.briarproject.api.plugins.ConnectionManager;
import org.briarproject.api.plugins.PluginManager;
import org.briarproject.api.system.Clock;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;

16
briar-core/src/org/briarproject/plugins/ConnectionManagerImpl.java
View File

@@ -14,7 +14,6 @@ import javax.inject.Inject;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.db.DbException;
import org.briarproject.api.lifecycle.IoExecutor;
import org.briarproject.api.messaging.MessagingSession;
@@ -24,10 +23,10 @@ import org.briarproject.api.plugins.ConnectionRegistry;
import org.briarproject.api.plugins.TransportConnectionReader;
import org.briarproject.api.plugins.TransportConnectionWriter;
import org.briarproject.api.plugins.duplex.DuplexTransportConnection;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
import org.briarproject.api.transport.TagRecogniser;
class ConnectionManagerImpl implements ConnectionManager {
@@ -36,7 +35,6 @@ class ConnectionManagerImpl implements ConnectionManager {
private final Executor ioExecutor;
private final KeyManager keyManager;
private final TagRecogniser tagRecogniser;
private final StreamReaderFactory streamReaderFactory;
private final StreamWriterFactory streamWriterFactory;
private final MessagingSessionFactory messagingSessionFactory;
@@ -44,14 +42,12 @@ class ConnectionManagerImpl implements ConnectionManager {
@Inject
ConnectionManagerImpl(@IoExecutor Executor ioExecutor,
KeyManager keyManager, TagRecogniser tagRecogniser,
StreamReaderFactory streamReaderFactory,
KeyManager keyManager, StreamReaderFactory streamReaderFactory,
StreamWriterFactory streamWriterFactory,
MessagingSessionFactory messagingSessionFactory,
ConnectionRegistry connectionRegistry) {
this.ioExecutor = ioExecutor;
this.keyManager = keyManager;
this.tagRecogniser = tagRecogniser;
this.streamReaderFactory = streamReaderFactory;
this.streamWriterFactory = streamWriterFactory;
this.messagingSessionFactory = messagingSessionFactory;
@@ -134,7 +130,7 @@ class ConnectionManagerImpl implements ConnectionManager {
StreamContext ctx;
try {
byte[] tag = readTag(transportId, reader);
ctx = tagRecogniser.recogniseTag(transportId, tag);
ctx = keyManager.recogniseTag(transportId, tag);
} catch (IOException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
disposeReader(true, false);
@@ -238,7 +234,7 @@ class ConnectionManagerImpl implements ConnectionManager {
StreamContext ctx;
try {
byte[] tag = readTag(transportId, reader);
ctx = tagRecogniser.recogniseTag(transportId, tag);
ctx = keyManager.recogniseTag(transportId, tag);
} catch (IOException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
disposeReader(true, false);
@@ -367,7 +363,7 @@ class ConnectionManagerImpl implements ConnectionManager {
StreamContext ctx;
try {
byte[] tag = readTag(transportId, reader);
ctx = tagRecogniser.recogniseTag(transportId, tag);
ctx = keyManager.recogniseTag(transportId, tag);
} catch (IOException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
disposeReader(true, true);
@@ -420,4 +416,4 @@ class ConnectionManagerImpl implements ConnectionManager {
}
}
}
}
}

38
briar-core/src/org/briarproject/plugins/PluginManagerImpl.java
View File

@@ -1,22 +1,5 @@
package org.briarproject.plugins;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.logging.Logger;
import javax.inject.Inject;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportConfig;
import org.briarproject.api.TransportId;
@@ -42,6 +25,23 @@ import org.briarproject.api.plugins.simplex.SimplexPluginFactory;
import org.briarproject.api.system.Clock;
import org.briarproject.api.ui.UiCallback;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.logging.Logger;
import javax.inject.Inject;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
class PluginManagerImpl implements PluginManager {
private static final Logger LOG =
@@ -367,7 +367,7 @@ class PluginManagerImpl implements PluginManager {
}
private class SimplexCallback extends PluginCallbackImpl
implements SimplexPluginCallback {
implements SimplexPluginCallback {
private SimplexCallback(TransportId id) {
super(id);
@@ -383,7 +383,7 @@ class PluginManagerImpl implements PluginManager {
}
private class DuplexCallback extends PluginCallbackImpl
implements DuplexPluginCallback {
implements DuplexPluginCallback {
private DuplexCallback(TransportId id) {
super(id);

469
briar-core/src/org/briarproject/transport/KeyManagerImpl.java
View File

@@ -1,27 +1,10 @@
package org.briarproject.transport;
import static java.util.logging.Level.WARNING;
import static org.briarproject.api.transport.TransportConstants.MAX_CLOCK_DIFFERENCE;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
import java.util.TimerTask;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Logger;
import javax.inject.Inject;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.db.DatabaseExecutor;
import org.briarproject.api.db.DbException;
import org.briarproject.api.event.ContactRemovedEvent;
import org.briarproject.api.event.Event;
@@ -31,429 +14,115 @@ import org.briarproject.api.event.TransportAddedEvent;
import org.briarproject.api.event.TransportRemovedEvent;
import org.briarproject.api.system.Clock;
import org.briarproject.api.system.Timer;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.TagRecogniser;
import org.briarproject.api.transport.TemporarySecret;
import org.briarproject.api.transport.TransportKeys;
// FIXME: Don't make alien calls with a lock held
class KeyManagerImpl extends TimerTask implements KeyManager, EventListener {
import java.util.Collection;
import java.util.Map;
import java.util.Map.Entry;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executor;
import java.util.logging.Logger;
private static final int MS_BETWEEN_CHECKS = 60 * 1000;
import javax.inject.Inject;
import static java.util.logging.Level.WARNING;
class KeyManagerImpl implements KeyManager, EventListener {
private static final Logger LOG =
Logger.getLogger(KeyManagerImpl.class.getName());
private final CryptoComponent crypto;
private final DatabaseComponent db;
private final CryptoComponent crypto;
private final Executor dbExecutor;
private final EventBus eventBus;
private final TagRecogniser tagRecogniser;
private final Clock clock;
private final Timer timer;
private final Lock lock = new ReentrantLock();
// The following are locking: lock
private final Map<TransportId, Integer> maxLatencies;
private final Map<EndpointKey, TemporarySecret> oldSecrets;
private final Map<EndpointKey, TemporarySecret> currentSecrets;
private final Map<EndpointKey, TemporarySecret> newSecrets;
private final Clock clock;
private final ConcurrentHashMap<TransportId, TransportKeyManager> managers;
@Inject
KeyManagerImpl(CryptoComponent crypto, DatabaseComponent db,
EventBus eventBus, TagRecogniser tagRecogniser, Clock clock,
Timer timer) {
this.crypto = crypto;
KeyManagerImpl(DatabaseComponent db, CryptoComponent crypto,
@DatabaseExecutor Executor dbExecutor, EventBus eventBus,
Timer timer, Clock clock) {
this.db = db;
this.crypto = crypto;
this.dbExecutor = dbExecutor;
this.eventBus = eventBus;
this.tagRecogniser = tagRecogniser;
this.clock = clock;
this.timer = timer;
maxLatencies = new HashMap<TransportId, Integer>();
oldSecrets = new HashMap<EndpointKey, TemporarySecret>();
currentSecrets = new HashMap<EndpointKey, TemporarySecret>();
newSecrets = new HashMap<EndpointKey, TemporarySecret>();
this.clock = clock;
managers = new ConcurrentHashMap<TransportId, TransportKeyManager>();
}
public boolean start() {
lock.lock();
eventBus.addListener(this);
try {
eventBus.addListener(this);
// Load the temporary secrets and transport latencies from the DB
Collection<TemporarySecret> secrets;
try {
secrets = db.getSecrets();
maxLatencies.putAll(db.getTransportLatencies());
} catch (DbException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
return false;
}
// Work out what phase of its lifecycle each secret is in
long now = clock.currentTimeMillis();
Collection<TemporarySecret> dead =
assignSecretsToMaps(now, secrets);
// Replace any dead secrets
Collection<TemporarySecret> created = replaceDeadSecrets(now, dead);
if (!created.isEmpty()) {
// Store any secrets that have been created,
// removing any dead ones
try {
db.addSecrets(created);
} catch (DbException e) {
if (LOG.isLoggable(WARNING))
LOG.log(WARNING, e.toString(), e);
return false;
}
}
// Pass the old, current and new secrets to the recogniser
for (TemporarySecret s : oldSecrets.values())
tagRecogniser.addSecret(s);
for (TemporarySecret s : currentSecrets.values())
tagRecogniser.addSecret(s);
for (TemporarySecret s : newSecrets.values())
tagRecogniser.addSecret(s);
// Schedule periodic key rotation
timer.scheduleAtFixedRate(this, MS_BETWEEN_CHECKS,
MS_BETWEEN_CHECKS);
return true;
} finally {
lock.unlock();
Map<TransportId, Integer> latencies = db.getTransportLatencies();
for (Entry<TransportId, Integer> e : latencies.entrySet())
addTransport(e.getKey(), e.getValue());
} catch (DbException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
return false;
}
}
// Assigns secrets to the appropriate maps and returns any dead secrets
// Locking: lock
private Collection<TemporarySecret> assignSecretsToMaps(long now,
Collection<TemporarySecret> secrets) {
Collection<TemporarySecret> dead = new ArrayList<TemporarySecret>();
for (TemporarySecret s : secrets) {
// Discard the secret if the transport has been removed
Integer maxLatency = maxLatencies.get(s.getTransportId());
if (maxLatency == null) {
LOG.info("Discarding obsolete secret");
continue;
}
long rotation = maxLatency + MAX_CLOCK_DIFFERENCE;
long creationTime = s.getEpoch() + rotation * (s.getPeriod() - 2);
long activationTime = creationTime + rotation;
long deactivationTime = activationTime + rotation;
long destructionTime = deactivationTime + rotation;
if (now >= destructionTime) {
dead.add(s);
} else if (now >= deactivationTime) {
oldSecrets.put(new EndpointKey(s), s);
} else if (now >= activationTime) {
currentSecrets.put(new EndpointKey(s), s);
} else if (now >= creationTime) {
newSecrets.put(new EndpointKey(s), s);
} else {
// FIXME: Work out what to do here
throw new Error("Clock has moved backwards");
}
}
return dead;
}
// Replaces the given secrets and returns any secrets created
// Locking: lock
private Collection<TemporarySecret> replaceDeadSecrets(long now,
Collection<TemporarySecret> dead) {
// If there are several dead secrets for an endpoint, use the newest
Map<EndpointKey, TemporarySecret> newest =
new HashMap<EndpointKey, TemporarySecret>();
for (TemporarySecret s : dead) {
EndpointKey k = new EndpointKey(s);
TemporarySecret exists = newest.get(k);
if (exists == null) {
// There's no other secret for this endpoint
newest.put(k, s);
} else if (exists.getPeriod() < s.getPeriod()) {
// There's an older secret - use this one instead
newest.put(k, s);
} else {
// There's a newer secret - keep using it
}
}
Collection<TemporarySecret> created = new ArrayList<TemporarySecret>();
for (Entry<EndpointKey, TemporarySecret> e : newest.entrySet()) {
TemporarySecret s = e.getValue();
Integer maxLatency = maxLatencies.get(s.getTransportId());
if (maxLatency == null) throw new IllegalStateException();
// Work out which rotation period we're in
long elapsed = now - s.getEpoch();
long rotation = maxLatency + MAX_CLOCK_DIFFERENCE;
long period = (elapsed / rotation) + 1;
if (period < 1) throw new IllegalStateException();
if (period - s.getPeriod() < 2)
throw new IllegalStateException();
// Derive the old, current and new secrets
byte[] b1 = s.getSecret();
for (long p = s.getPeriod() + 1; p < period; p++)
b1 = crypto.deriveNextSecret(b1, p);
byte[] b2 = crypto.deriveNextSecret(b1, period);
byte[] b3 = crypto.deriveNextSecret(b2, period + 1);
// Add the secrets to their respective maps if not already present
EndpointKey k = e.getKey();
if (!oldSecrets.containsKey(k)) {
TemporarySecret s1 = new TemporarySecret(s, period - 1, b1);
oldSecrets.put(k, s1);
created.add(s1);
}
if (!currentSecrets.containsKey(k)) {
TemporarySecret s2 = new TemporarySecret(s, period, b2);
currentSecrets.put(k, s2);
created.add(s2);
}
if (!newSecrets.containsKey(k)) {
TemporarySecret s3 = new TemporarySecret(s, period + 1, b3);
newSecrets.put(k, s3);
created.add(s3);
}
}
return created;
return true;
}
public boolean stop() {
lock.lock();
try {
eventBus.removeListener(this);
timer.cancel();
tagRecogniser.removeSecrets();
maxLatencies.clear();
oldSecrets.clear();
currentSecrets.clear();
newSecrets.clear();
return true;
} finally {
lock.unlock();
eventBus.removeListener(this);
return true;
}
public void contactAdded(ContactId c, Collection<TransportKeys> keys) {
for (TransportKeys k : keys) {
TransportKeyManager m = managers.get(k.getTransportId());
if (m != null) m.addContact(c, k);
}
}
public StreamContext getStreamContext(ContactId c,
TransportId t) {
lock.lock();
try {
TemporarySecret s = currentSecrets.get(new EndpointKey(c, t));
if (s == null) {
LOG.info("No secret for endpoint");
return null;
}
long streamNumber;
try {
streamNumber = db.incrementStreamCounter(c, t, s.getPeriod());
if (streamNumber == -1) {
LOG.info("No counter for period");
return null;
}
} catch (DbException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
return null;
}
byte[] secret = s.getSecret();
return new StreamContext(c, t, secret, streamNumber, s.getAlice());
} finally {
lock.unlock();
}
public StreamContext getStreamContext(ContactId c, TransportId t) {
TransportKeyManager m = managers.get(t);
return m == null ? null : m.getStreamContext(c);
}
public void endpointAdded(Endpoint ep, int maxLatency,
byte[] initialSecret) {
lock.lock();
try {
maxLatencies.put(ep.getTransportId(), maxLatency);
// Work out which rotation period we're in
long elapsed = clock.currentTimeMillis() - ep.getEpoch();
long rotation = maxLatency + MAX_CLOCK_DIFFERENCE;
long period = (elapsed / rotation) + 1;
if (period < 1) throw new IllegalStateException();
// Derive the old, current and new secrets
byte[] b1 = initialSecret;
for (long p = 0; p < period; p++)
b1 = crypto.deriveNextSecret(b1, p);
byte[] b2 = crypto.deriveNextSecret(b1, period);
byte[] b3 = crypto.deriveNextSecret(b2, period + 1);
TemporarySecret s1 = new TemporarySecret(ep, period - 1, b1);
TemporarySecret s2 = new TemporarySecret(ep, period, b2);
TemporarySecret s3 = new TemporarySecret(ep, period + 1, b3);
// Add the incoming secrets to their respective maps
EndpointKey k = new EndpointKey(ep);
oldSecrets.put(k, s1);
currentSecrets.put(k, s2);
newSecrets.put(k, s3);
// Store the new secrets
try {
db.addSecrets(Arrays.asList(s1, s2, s3));
} catch (DbException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
return;
}
// Pass the new secrets to the recogniser
tagRecogniser.addSecret(s1);
tagRecogniser.addSecret(s2);
tagRecogniser.addSecret(s3);
} finally {
lock.unlock();
}
}
@Override
public void run() {
lock.lock();
try {
// Rebuild the maps because we may be running a whole period late
Collection<TemporarySecret> secrets = new ArrayList<TemporarySecret>();
secrets.addAll(oldSecrets.values());
secrets.addAll(currentSecrets.values());
secrets.addAll(newSecrets.values());
oldSecrets.clear();
currentSecrets.clear();
newSecrets.clear();
// Work out what phase of its lifecycle each secret is in
long now = clock.currentTimeMillis();
Collection<TemporarySecret> dead = assignSecretsToMaps(now, secrets);
// Remove any dead secrets from the recogniser
for (TemporarySecret s : dead) {
ContactId c = s.getContactId();
TransportId t = s.getTransportId();
long period = s.getPeriod();
tagRecogniser.removeSecret(c, t, period);
}
// Replace any dead secrets
Collection<TemporarySecret> created = replaceDeadSecrets(now, dead);
if (!created.isEmpty()) {
// Store any secrets that have been created
try {
db.addSecrets(created);
} catch (DbException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
}
// Pass any secrets that have been created to the recogniser
for (TemporarySecret s : created) tagRecogniser.addSecret(s);
}
} finally {
lock.unlock();
}
public StreamContext recogniseTag(TransportId t, byte[] tag)
throws DbException {
TransportKeyManager m = managers.get(t);
return m == null ? null : m.recogniseTag(tag);
}
public void eventOccurred(Event e) {
if (e instanceof ContactRemovedEvent) {
ContactRemovedEvent c = (ContactRemovedEvent) e;
timer.schedule(new ContactRemovedTask(c), 0);
} else if (e instanceof TransportAddedEvent) {
if (e instanceof TransportAddedEvent) {
TransportAddedEvent t = (TransportAddedEvent) e;
timer.schedule(new TransportAddedTask(t), 0);
addTransport(t.getTransportId(), t.getMaxLatency());
} else if (e instanceof TransportRemovedEvent) {
TransportRemovedEvent t = (TransportRemovedEvent) e;
timer.schedule(new TransportRemovedTask(t), 0);
removeTransport(((TransportRemovedEvent) e).getTransportId());
} else if (e instanceof ContactRemovedEvent) {
removeContact(((ContactRemovedEvent) e).getContactId());
}
}
// Locking: lock
private void removeSecrets(ContactId c, Map<?, TemporarySecret> m) {
Iterator<TemporarySecret> it = m.values().iterator();
while (it.hasNext())
if (it.next().getContactId().equals(c)) it.remove();
}
// Locking: lock
private void removeSecrets(TransportId t, Map<?, TemporarySecret> m) {
Iterator<TemporarySecret> it = m.values().iterator();
while (it.hasNext())
if (it.next().getTransportId().equals(t)) it.remove();
}
private static class EndpointKey {
private final ContactId contactId;
private final TransportId transportId;
private EndpointKey(ContactId contactId, TransportId transportId) {
this.contactId = contactId;
this.transportId = transportId;
}
private EndpointKey(Endpoint ep) {
this(ep.getContactId(), ep.getTransportId());
}
@Override
public int hashCode() {
return contactId.hashCode() ^ transportId.hashCode();
}
@Override
public boolean equals(Object o) {
if (o instanceof EndpointKey) {
EndpointKey k = (EndpointKey) o;
return contactId.equals(k.contactId) &&
transportId.equals(k.transportId);
private void addTransport(final TransportId t, final int maxLatency) {
dbExecutor.execute(new Runnable() {
public void run() {
TransportKeyManager m = new TransportKeyManager(db, crypto,
dbExecutor, timer, clock, t, maxLatency);
// Don't add transport twice if event is received during startup
if (managers.putIfAbsent(t, m) == null) m.start();
}
return false;
}
});
}
private class ContactRemovedTask extends TimerTask {
private final ContactRemovedEvent event;
private ContactRemovedTask(ContactRemovedEvent event) {
this.event = event;
}
@Override
public void run() {
ContactId c = event.getContactId();
tagRecogniser.removeSecrets(c);
lock.lock();
try {
removeSecrets(c, oldSecrets);
removeSecrets(c, currentSecrets);
removeSecrets(c, newSecrets);
} finally {
lock.unlock();
}
}
private void removeTransport(TransportId t) {
managers.remove(t);
}
private class TransportAddedTask extends TimerTask {
private final TransportAddedEvent event;
private TransportAddedTask(TransportAddedEvent event) {
this.event = event;
}
@Override
public void run() {
lock.lock();
try {
maxLatencies.put(event.getTransportId(), event.getMaxLatency());
} finally {
lock.unlock();
private void removeContact(final ContactId c) {
dbExecutor.execute(new Runnable() {
public void run() {
for (TransportKeyManager m : managers.values())
m.removeContact(c);
}
}
}
private class TransportRemovedTask extends TimerTask {
private TransportRemovedEvent event;
private TransportRemovedTask(TransportRemovedEvent event) {
this.event = event;
}
@Override
public void run() {
TransportId t = event.getTransportId();
tagRecogniser.removeSecrets(t);
lock.lock();
try {
maxLatencies.remove(t);
removeSecrets(t, oldSecrets);
removeSecrets(t, currentSecrets);
removeSecrets(t, newSecrets);
} finally {
lock.unlock();
}
}
});
}
}

40
briar-core/src/org/briarproject/transport/MutableIncomingKeys.java Normal file
View File

@@ -0,0 +1,40 @@
package org.briarproject.transport;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.transport.IncomingKeys;
// This class is not thread-safe
class MutableIncomingKeys {
private final SecretKey tagKey, headerKey;
private final long rotationPeriod;
private final ReorderingWindow window;
MutableIncomingKeys(IncomingKeys in) {
tagKey = in.getTagKey();
headerKey = in.getHeaderKey();
rotationPeriod = in.getRotationPeriod();
window = new ReorderingWindow(in.getWindowBase(), in.getWindowBitmap());
}
IncomingKeys snapshot() {
return new IncomingKeys(tagKey, headerKey, rotationPeriod,
window.getBase(), window.getBitmap());
}
SecretKey getTagKey() {
return tagKey;
}
SecretKey getHeaderKey() {
return headerKey;
}
long getRotationPeriod() {
return rotationPeriod;
}
ReorderingWindow getWindow() {
return window;
}
}

44
briar-core/src/org/briarproject/transport/MutableOutgoingKeys.java Normal file
View File

@@ -0,0 +1,44 @@
package org.briarproject.transport;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.transport.OutgoingKeys;
// This class is not thread-safe
class MutableOutgoingKeys {
private final SecretKey tagKey, headerKey;
private final long rotationPeriod;
private long streamCounter;
MutableOutgoingKeys(OutgoingKeys out) {
tagKey = out.getTagKey();
headerKey = out.getHeaderKey();
rotationPeriod = out.getRotationPeriod();
streamCounter = out.getStreamCounter();
}
OutgoingKeys snapshot() {
return new OutgoingKeys(tagKey, headerKey, rotationPeriod,
streamCounter);
}
SecretKey getTagKey() {
return tagKey;
}
SecretKey getHeaderKey() {
return headerKey;
}
long getRotationPeriod() {
return rotationPeriod;
}
long getStreamCounter() {
return streamCounter;
}
void incrementStreamCounter() {
streamCounter++;
}
}

44
briar-core/src/org/briarproject/transport/MutableTransportKeys.java Normal file
View File

@@ -0,0 +1,44 @@
package org.briarproject.transport;
import org.briarproject.api.TransportId;
import org.briarproject.api.transport.TransportKeys;
class MutableTransportKeys {
private final TransportId transportId;
private final MutableIncomingKeys inPrev, inCurr, inNext;
private final MutableOutgoingKeys outCurr;
MutableTransportKeys(TransportKeys k) {
transportId = k.getTransportId();
inPrev = new MutableIncomingKeys(k.getPreviousIncomingKeys());
inCurr = new MutableIncomingKeys(k.getCurrentIncomingKeys());
inNext = new MutableIncomingKeys(k.getNextIncomingKeys());
outCurr = new MutableOutgoingKeys(k.getCurrentOutgoingKeys());
}
TransportKeys snapshot() {
return new TransportKeys(transportId, inPrev.snapshot(),
inCurr.snapshot(), inNext.snapshot(), outCurr.snapshot());
}
TransportId getTransportId() {
return transportId;
}
MutableIncomingKeys getPreviousIncomingKeys() {
return inPrev;
}
MutableIncomingKeys getCurrentIncomingKeys() {
return inCurr;
}
MutableIncomingKeys getNextIncomingKeys() {
return inNext;
}
MutableOutgoingKeys getCurrentOutgoingKeys() {
return outCurr;
}
}

152
briar-core/src/org/briarproject/transport/ReorderingWindow.java
View File

@@ -1,102 +1,98 @@
package org.briarproject.transport;
import static org.briarproject.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.Collections;
import java.util.List;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
// This class is not thread-safe
class ReorderingWindow {
private final Set<Long> unseen;
private long base;
private boolean[] seen;
private long centre;
ReorderingWindow() {
unseen = new HashSet<Long>();
for (long l = 0; l < REORDERING_WINDOW_SIZE / 2; l++) unseen.add(l);
centre = 0;
}
ReorderingWindow(long centre, byte[] bitmap) {
if (centre < 0 || centre > MAX_32_BIT_UNSIGNED + 1)
ReorderingWindow(long base, byte[] bitmap) {
if (base < 0) throw new IllegalArgumentException();
if (base > MAX_32_BIT_UNSIGNED + 1)
throw new IllegalArgumentException();
if (bitmap.length != REORDERING_WINDOW_SIZE / 8)
throw new IllegalArgumentException();
this.centre = centre;
unseen = new HashSet<Long>();
long bitmapBottom = centre - REORDERING_WINDOW_SIZE / 2;
for (int bytes = 0; bytes < bitmap.length; bytes++) {
for (int bits = 0; bits < 8; bits++) {
long streamNumber = bitmapBottom + bytes * 8 + bits;
if (streamNumber >= 0 && streamNumber <= MAX_32_BIT_UNSIGNED) {
if ((bitmap[bytes] & (128 >> bits)) == 0)
unseen.add(streamNumber);
}
this.base = base;
seen = new boolean[bitmap.length * 8];
for (int i = 0; i < bitmap.length; i++) {
for (int j = 0; j < 8; j++) {
if ((bitmap[i] & (128 >> j)) != 0) seen[i * 8 + j] = true;
}
}
}
boolean isSeen(long streamNumber) {
return !unseen.contains(streamNumber);
}
Collection<Long> setSeen(long streamNumber) {
long bottom = getBottom(centre);
long top = getTop(centre);
if (streamNumber < bottom || streamNumber > top)
throw new IllegalArgumentException();
if (!unseen.remove(streamNumber))
throw new IllegalArgumentException();
Collection<Long> changed = new ArrayList<Long>();
if (streamNumber >= centre) {
centre = streamNumber + 1;
long newBottom = getBottom(centre);
long newTop = getTop(centre);
for (long l = bottom; l < newBottom; l++) {
if (unseen.remove(l)) changed.add(l);
}
for (long l = top + 1; l <= newTop; l++) {
if (unseen.add(l)) changed.add(l);
}
}
return changed;
}
long getCentre() {
return centre;
long getBase() {
return base;
}
byte[] getBitmap() {
byte[] bitmap = new byte[REORDERING_WINDOW_SIZE / 8];
long bitmapBottom = centre - REORDERING_WINDOW_SIZE / 2;
for (int bytes = 0; bytes < bitmap.length; bytes++) {
for (int bits = 0; bits < 8; bits++) {
long streamNumber = bitmapBottom + bytes * 8 + bits;
if (streamNumber >= 0 && streamNumber <= MAX_32_BIT_UNSIGNED) {
if (!unseen.contains(streamNumber))
bitmap[bytes] |= 128 >> bits;
}
byte[] bitmap = new byte[seen.length / 8];
for (int i = 0; i < bitmap.length; i++) {
for (int j = 0; j < 8; j++) {
if (seen[i * 8 + j]) bitmap[i] |= 128 >> j;
}
}
return bitmap;
}
// Returns the lowest value contained in a window with the given centre
private static long getBottom(long centre) {
return Math.max(0, centre - REORDERING_WINDOW_SIZE / 2);
}
// Returns the highest value contained in a window with the given centre
private static long getTop(long centre) {
return Math.min(MAX_32_BIT_UNSIGNED,
centre + REORDERING_WINDOW_SIZE / 2 - 1);
}
public Collection<Long> getUnseen() {
List<Long> getUnseen() {
List<Long> unseen = new ArrayList<Long>(seen.length);
for (int i = 0; i < seen.length; i++)
if (!seen[i]) unseen.add(base + i);
return unseen;
}
Change setSeen(long index) {
if (index < base) throw new IllegalArgumentException();
if (index >= base + seen.length) throw new IllegalArgumentException();
if (index > MAX_32_BIT_UNSIGNED) throw new IllegalArgumentException();
int offset = (int) (index - base);
if (seen[offset]) throw new IllegalArgumentException();
seen[offset] = true;
// Rule 1: Slide until all elements above the midpoint are unseen
int slide = Math.max(0, offset + 1 - seen.length / 2);
// Rule 2: Slide until the lowest element is unseen
while (seen[slide]) slide++;
// If the window doesn't need to slide, return
if (slide == 0) {
List<Long> added = Collections.emptyList();
List<Long> removed = Collections.singletonList(index);
return new Change(added, removed);
}
// Record the elements that will be added and removed
List<Long> added = new ArrayList<Long>(slide);
List<Long> removed = new ArrayList<Long>(slide);
for (int i = 0; i < slide; i++) {
if (!seen[i]) removed.add(base + i);
added.add(base + seen.length + i);
}
removed.add(index);
// Update the window
base += slide;
for (int i = 0; i + slide < seen.length; i++) seen[i] = seen[i + slide];
for (int i = seen.length - slide; i < seen.length; i++) seen[i] = false;
return new Change(added, removed);
}
static class Change {
private final List<Long> added, removed;
Change(List<Long> added, List<Long> removed) {
this.added = added;
this.removed = removed;
}
List<Long> getAdded() {
return added;
}
List<Long> getRemoved() {
return removed;
}
}
}

5
briar-core/src/org/briarproject/transport/StreamReaderFactoryImpl.java
View File

@@ -4,6 +4,7 @@ import java.io.InputStream;
import javax.inject.Inject;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.StreamDecrypterFactory;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.StreamReaderFactory;
@@ -23,9 +24,9 @@ class StreamReaderFactoryImpl implements StreamReaderFactory {
}
public InputStream createInvitationStreamReader(InputStream in,
byte[] secret, boolean alice) {
SecretKey headerKey) {
return new StreamReaderImpl(
streamDecrypterFactory.createInvitationStreamDecrypter(in,
secret, alice));
headerKey));
}
}

8
briar-core/src/org/briarproject/transport/StreamReaderImpl.java
View File

@@ -7,6 +7,12 @@ import java.io.InputStream;
import org.briarproject.api.crypto.StreamDecrypter;
/**
* An {@link java.io.InputStream InputStream} that unpacks payload data from
* transport frames.
* <p>
* This class is not thread-safe.
*/
class StreamReaderImpl extends InputStream {
private final StreamDecrypter decrypter;
@@ -50,7 +56,7 @@ class StreamReaderImpl extends InputStream {
}
private void readFrame() throws IOException {
assert length == 0;
if (length != 0) throw new IllegalStateException();
offset = 0;
length = decrypter.readFrame(payload);
}

5
briar-core/src/org/briarproject/transport/StreamWriterFactoryImpl.java
View File

@@ -4,6 +4,7 @@ import java.io.OutputStream;
import javax.inject.Inject;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.crypto.StreamEncrypterFactory;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.StreamWriterFactory;
@@ -24,9 +25,9 @@ class StreamWriterFactoryImpl implements StreamWriterFactory {
}
public OutputStream createInvitationStreamWriter(OutputStream out,
byte[] secret, boolean alice) {
SecretKey headerKey) {
return new StreamWriterImpl(
streamEncrypterFactory.createInvitationStreamEncrypter(out,
secret, alice));
headerKey));
}
}

6
briar-core/src/org/briarproject/transport/StreamWriterImpl.java
View File

@@ -8,9 +8,9 @@ import java.io.OutputStream;
import org.briarproject.api.crypto.StreamEncrypter;
/**
* A {@link org.briarproject.api.transport.StreamWriter StreamWriter} that
* buffers its input and writes a frame whenever there is a full frame to write
* or the {@link #flush()} method is called.
* An {@link java.io.OutputStream OutputStream} that packs data into transport
* frames, writing a frame whenever there is a full frame to write or the
* {@link #flush()} method is called.
* <p>
* This class is not thread-safe.
*/

105
briar-core/src/org/briarproject/transport/TagRecogniserImpl.java
View File

@@ -1,105 +0,0 @@
package org.briarproject.transport;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.inject.Inject;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.db.DbException;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.TagRecogniser;
import org.briarproject.api.transport.TemporarySecret;
class TagRecogniserImpl implements TagRecogniser {
private final CryptoComponent crypto;
private final DatabaseComponent db;
private final Lock lock = new ReentrantLock();
// Locking: lock
private final Map<TransportId, TransportTagRecogniser> recognisers;
@Inject
TagRecogniserImpl(CryptoComponent crypto, DatabaseComponent db) {
this.crypto = crypto;
this.db = db;
recognisers = new HashMap<TransportId, TransportTagRecogniser>();
}
public StreamContext recogniseTag(TransportId t, byte[] tag)
throws DbException {
TransportTagRecogniser r;
lock.lock();
try {
r = recognisers.get(t);
} finally {
lock.unlock();
}
if (r == null) return null;
return r.recogniseTag(tag);
}
public void addSecret(TemporarySecret s) {
TransportId t = s.getTransportId();
TransportTagRecogniser r;
lock.lock();
try {
r = recognisers.get(t);
if (r == null) {
r = new TransportTagRecogniser(crypto, db, t);
recognisers.put(t, r);
}
} finally {
lock.unlock();
}
r.addSecret(s);
}
public void removeSecret(ContactId c, TransportId t, long period) {
TransportTagRecogniser r;
lock.lock();
try {
r = recognisers.get(t);
} finally {
lock.unlock();
}
if (r != null) r.removeSecret(c, period);
}
public void removeSecrets(ContactId c) {
lock.lock();
try {
for (TransportTagRecogniser r : recognisers.values())
r.removeSecrets(c);
} finally {
lock.unlock();
}
}
public void removeSecrets(TransportId t) {
lock.lock();
try {
recognisers.remove(t);
} finally {
lock.unlock();
}
}
public void removeSecrets() {
lock.lock();
try {
for (TransportTagRecogniser r : recognisers.values())
r.removeSecrets();
} finally {
lock.unlock();
}
}
}

294
briar-core/src/org/briarproject/transport/TransportKeyManager.java Normal file
View File

@@ -0,0 +1,294 @@
package org.briarproject.transport;
import org.briarproject.api.Bytes;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.db.DbException;
import org.briarproject.api.system.Clock;
import org.briarproject.api.system.Timer;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.TransportKeys;
import org.briarproject.transport.ReorderingWindow.Change;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
import java.util.TimerTask;
import java.util.concurrent.Executor;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Logger;
import static java.util.logging.Level.WARNING;
import static org.briarproject.api.transport.TransportConstants.MAX_CLOCK_DIFFERENCE;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
class TransportKeyManager extends TimerTask {
private static final Logger LOG =
Logger.getLogger(TransportKeyManager.class.getName());
private final DatabaseComponent db;
private final CryptoComponent crypto;
private final Executor dbExecutor;
private final Timer timer;
private final Clock clock;
private final TransportId transportId;
private final long rotationPeriodLength;
private final ReentrantLock lock;
// The following are locking: lock
private final Map<Bytes, TagContext> inContexts;
private final Map<ContactId, MutableOutgoingKeys> outContexts;
private final Map<ContactId, MutableTransportKeys> keys;
TransportKeyManager(DatabaseComponent db, CryptoComponent crypto,
Executor dbExecutor, Timer timer, Clock clock,
TransportId transportId, long maxLatency) {
this.db = db;
this.crypto = crypto;
this.dbExecutor = dbExecutor;
this.timer = timer;
this.clock = clock;
this.transportId = transportId;
rotationPeriodLength = maxLatency + MAX_CLOCK_DIFFERENCE;
lock = new ReentrantLock();
inContexts = new HashMap<Bytes, TagContext>();
outContexts = new HashMap<ContactId, MutableOutgoingKeys>();
keys = new HashMap<ContactId, MutableTransportKeys>();
}
void start() {
// Load the transport keys from the DB
Map<ContactId, TransportKeys> loaded;
try {
loaded = db.getTransportKeys(transportId);
} catch (DbException e) {
if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
return;
}
// Rotate the keys to the current rotation period
Map<ContactId, TransportKeys> rotated =
new HashMap<ContactId, TransportKeys>();
Map<ContactId, TransportKeys> current =
new HashMap<ContactId, TransportKeys>();
long now = clock.currentTimeMillis();
long rotationPeriod = now / rotationPeriodLength;
for (Entry<ContactId, TransportKeys> e : loaded.entrySet()) {
ContactId c = e.getKey();
TransportKeys k = e.getValue();
TransportKeys k1 = crypto.rotateTransportKeys(k, rotationPeriod);
if (k1.getRotationPeriod() > k.getRotationPeriod())
rotated.put(c, k1);
current.put(c, k1);
}
lock.lock();
try {
// Initialise mutable state for all contacts
for (Entry<ContactId, TransportKeys> e : current.entrySet())
addKeys(e.getKey(), new MutableTransportKeys(e.getValue()));
// Write any rotated keys back to the DB
saveTransportKeys(rotated);
} finally {
lock.unlock();
}
// Schedule a periodic task to rotate the keys
long delay = rotationPeriodLength - now % rotationPeriodLength;
timer.scheduleAtFixedRate(this, delay, rotationPeriodLength);
}
// Locking: lock
private void addKeys(ContactId c, MutableTransportKeys m) {
encodeTags(c, m.getPreviousIncomingKeys());
encodeTags(c, m.getCurrentIncomingKeys());
encodeTags(c, m.getNextIncomingKeys());
outContexts.put(c, m.getCurrentOutgoingKeys());
keys.put(c, m);
}
// Locking: lock
private void encodeTags(ContactId c, MutableIncomingKeys inKeys) {
for (long streamNumber : inKeys.getWindow().getUnseen()) {
TagContext tagCtx = new TagContext(c, inKeys, streamNumber);
byte[] tag = new byte[TAG_LENGTH];
crypto.encodeTag(tag, inKeys.getTagKey(), streamNumber);
inContexts.put(new Bytes(tag), tagCtx);
}
}
private void saveTransportKeys(final Map<ContactId, TransportKeys> rotated) {
dbExecutor.execute(new Runnable() {
public void run() {
try {
db.updateTransportKeys(rotated);
} catch (DbException e) {
if (LOG.isLoggable(WARNING))
LOG.log(WARNING, e.toString(), e);
}
}
});
}
void addContact(ContactId c, TransportKeys k) {
lock.lock();
try {
// Initialise mutable state for the contact
addKeys(c, new MutableTransportKeys(k));
} finally {
lock.unlock();
}
}
void removeContact(ContactId c) {
lock.lock();
try {
// Remove mutable state for the contact
Iterator<Entry<Bytes, TagContext>> it =
inContexts.entrySet().iterator();
while (it.hasNext())
if (it.next().getValue().contactId.equals(c)) it.remove();
outContexts.remove(c);
keys.remove(c);
} finally {
lock.unlock();
}
}
StreamContext getStreamContext(ContactId c) {
StreamContext ctx;
lock.lock();
try {
// Look up the outgoing keys for the contact
MutableOutgoingKeys outKeys = outContexts.get(c);
if (outKeys == null) return null;
if (outKeys.getStreamCounter() > MAX_32_BIT_UNSIGNED) return null;
// Create a stream context
ctx = new StreamContext(c, transportId, outKeys.getTagKey(),
outKeys.getHeaderKey(), outKeys.getStreamCounter());
// Increment the stream counter and write it back to the DB
outKeys.incrementStreamCounter();
saveIncrementedStreamCounter(c, outKeys.getRotationPeriod());
} finally {
lock.unlock();
}
// TODO: Wait for save to complete, return null if it fails
return ctx;
}
private void saveIncrementedStreamCounter(final ContactId c,
final long rotationPeriod) {
dbExecutor.execute(new Runnable() {
public void run() {
try {
db.incrementStreamCounter(c, transportId, rotationPeriod);
} catch (DbException e) {
if (LOG.isLoggable(WARNING))
LOG.log(WARNING, e.toString(), e);
}
}
});
}
StreamContext recogniseTag(byte[] tag) {
StreamContext ctx;
lock.lock();
try {
// Look up the incoming keys for the tag
TagContext tagCtx = inContexts.remove(new Bytes(tag));
if (tagCtx == null) return null;
MutableIncomingKeys inKeys = tagCtx.inKeys;
// Create a stream context
ctx = new StreamContext(tagCtx.contactId, transportId,
inKeys.getTagKey(), inKeys.getHeaderKey(),
tagCtx.streamNumber);
// Update the reordering window
ReorderingWindow window = inKeys.getWindow();
Change change = window.setSeen(tagCtx.streamNumber);
// Add tags for any stream numbers added to the window
for (long streamNumber : change.getAdded()) {
byte[] addTag = new byte[TAG_LENGTH];
crypto.encodeTag(addTag, inKeys.getTagKey(), streamNumber);
inContexts.put(new Bytes(addTag), new TagContext(
tagCtx.contactId, inKeys, streamNumber));
}
// Remove tags for any stream numbers removed from the window
for (long streamNumber : change.getRemoved()) {
byte[] removeTag = new byte[TAG_LENGTH];
crypto.encodeTag(removeTag, inKeys.getTagKey(), streamNumber);
inContexts.remove(new Bytes(removeTag));
}
// Write the window back to the DB
saveReorderingWindow(tagCtx.contactId, inKeys.getRotationPeriod(),
window.getBase(), window.getBitmap());
} finally {
lock.unlock();
}
// TODO: Wait for save to complete, return null if it fails
return ctx;
}
private void saveReorderingWindow(final ContactId c,
final long rotationPeriod, final long base, final byte[] bitmap) {
dbExecutor.execute(new Runnable() {
public void run() {
try {
db.setReorderingWindow(c, transportId, rotationPeriod,
base, bitmap);
} catch (DbException e) {
if (LOG.isLoggable(WARNING))
LOG.log(WARNING, e.toString(), e);
}
}
});
}
@Override
public void run() {
lock.lock();
try {
// Rotate the keys to the current rotation period
Map<ContactId, TransportKeys> rotated =
new HashMap<ContactId, TransportKeys>();
Map<ContactId, TransportKeys> current =
new HashMap<ContactId, TransportKeys>();
long now = clock.currentTimeMillis();
long rotationPeriod = now / rotationPeriodLength;
for (Entry<ContactId, MutableTransportKeys> e : keys.entrySet()) {
ContactId c = e.getKey();
TransportKeys k = e.getValue().snapshot();
TransportKeys k1 = crypto.rotateTransportKeys(k,
rotationPeriod);
if (k1.getRotationPeriod() > k.getRotationPeriod())
rotated.put(c, k1);
current.put(c, k1);
}
// Rebuild the mutable state for all contacts
inContexts.clear();
outContexts.clear();
keys.clear();
for (Entry<ContactId, TransportKeys> e : current.entrySet())
addKeys(e.getKey(), new MutableTransportKeys(e.getValue()));
// Write any rotated keys back to the DB
saveTransportKeys(rotated);
} finally {
lock.unlock();
}
}
private static class TagContext {
private final ContactId contactId;
private final MutableIncomingKeys inKeys;
private final long streamNumber;
private TagContext(ContactId contactId, MutableIncomingKeys inKeys,
long streamNumber) {
this.contactId = contactId;
this.inKeys = inKeys;
this.streamNumber = streamNumber;
}
}
}

17
briar-core/src/org/briarproject/transport/TransportModule.java
View File

@@ -1,23 +1,20 @@
package org.briarproject.transport;
import javax.inject.Singleton;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.lifecycle.LifecycleManager;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
import org.briarproject.api.transport.TagRecogniser;
import com.google.inject.AbstractModule;
import com.google.inject.Provides;
import org.briarproject.api.lifecycle.LifecycleManager;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
import javax.inject.Singleton;
public class TransportModule extends AbstractModule {
@Override
protected void configure() {
bind(StreamReaderFactory.class).to(StreamReaderFactoryImpl.class);
bind(TagRecogniser.class).to(
TagRecogniserImpl.class).in(Singleton.class);
bind(StreamWriterFactory.class).to(StreamWriterFactoryImpl.class);
}

215
briar-core/src/org/briarproject/transport/TransportTagRecogniser.java
View File

@@ -1,215 +0,0 @@
package org.briarproject.transport;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.briarproject.api.Bytes;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.db.DbException;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.TemporarySecret;
// FIXME: Don't make alien calls with a lock held
/**
* A {@link org.briarproject.api.transport.TagRecogniser TagRecogniser} for a
* specific transport.
*/
class TransportTagRecogniser {
private final CryptoComponent crypto;
private final DatabaseComponent db;
private final TransportId transportId;
private final Lock lock = new ReentrantLock();
// The following are locking: lock
private final Map<Bytes, TagContext> tagMap;
private final Map<RemovalKey, RemovalContext> removalMap;
TransportTagRecogniser(CryptoComponent crypto, DatabaseComponent db,
TransportId transportId) {
this.crypto = crypto;
this.db = db;
this.transportId = transportId;
tagMap = new HashMap<Bytes, TagContext>();
removalMap = new HashMap<RemovalKey, RemovalContext>();
}
StreamContext recogniseTag(byte[] tag) throws DbException {
lock.lock();
try {
TagContext t = tagMap.remove(new Bytes(tag));
if (t == null) return null; // The tag was not expected
// Update the reordering window and the expected tags
SecretKey key = crypto.deriveTagKey(t.secret, !t.alice);
for (long streamNumber : t.window.setSeen(t.streamNumber)) {
byte[] tag1 = new byte[TAG_LENGTH];
crypto.encodeTag(tag1, key, streamNumber);
if (streamNumber < t.streamNumber) {
TagContext removed = tagMap.remove(new Bytes(tag1));
assert removed != null;
} else {
TagContext added = new TagContext(t, streamNumber);
TagContext duplicate = tagMap.put(new Bytes(tag1), added);
assert duplicate == null;
}
}
// Store the updated reordering window in the DB
db.setReorderingWindow(t.contactId, transportId, t.period,
t.window.getCentre(), t.window.getBitmap());
return new StreamContext(t.contactId, transportId, t.secret,
t.streamNumber, t.alice);
} finally {
lock.unlock();
}
}
void addSecret(TemporarySecret s) {
lock.lock();
try {
ContactId contactId = s.getContactId();
boolean alice = s.getAlice();
long period = s.getPeriod();
byte[] secret = s.getSecret();
long centre = s.getWindowCentre();
byte[] bitmap = s.getWindowBitmap();
// Create the reordering window and the expected tags
SecretKey key = crypto.deriveTagKey(secret, !alice);
ReorderingWindow window = new ReorderingWindow(centre, bitmap);
for (long streamNumber : window.getUnseen()) {
byte[] tag = new byte[TAG_LENGTH];
crypto.encodeTag(tag, key, streamNumber);
TagContext added = new TagContext(contactId, alice, period,
secret, window, streamNumber);
TagContext duplicate = tagMap.put(new Bytes(tag), added);
assert duplicate == null;
}
// Create a removal context to remove the window and the tags later
RemovalContext r = new RemovalContext(window, secret, alice);
removalMap.put(new RemovalKey(contactId, period), r);
} finally {
lock.unlock();
}
}
void removeSecret(ContactId contactId, long period) {
lock.lock();
try {
RemovalKey k = new RemovalKey(contactId, period);
RemovalContext removed = removalMap.remove(k);
if (removed == null) throw new IllegalArgumentException();
removeSecret(removed);
} finally {
lock.unlock();
}
}
// Locking: lock
private void removeSecret(RemovalContext r) {
// Remove the expected tags
SecretKey key = crypto.deriveTagKey(r.secret, !r.alice);
byte[] tag = new byte[TAG_LENGTH];
for (long streamNumber : r.window.getUnseen()) {
crypto.encodeTag(tag, key, streamNumber);
TagContext removed = tagMap.remove(new Bytes(tag));
assert removed != null;
}
}
void removeSecrets(ContactId c) {
lock.lock();
try {
Collection<RemovalKey> keysToRemove = new ArrayList<RemovalKey>();
for (RemovalKey k : removalMap.keySet())
if (k.contactId.equals(c)) keysToRemove.add(k);
for (RemovalKey k : keysToRemove)
removeSecret(k.contactId, k.period);
} finally {
lock.unlock();
}
}
void removeSecrets() {
lock.lock();
try {
for (RemovalContext r : removalMap.values()) removeSecret(r);
assert tagMap.isEmpty();
removalMap.clear();
} finally {
lock.unlock();
}
}
private static class TagContext {
private final ContactId contactId;
private final boolean alice;
private final long period;
private final byte[] secret;
private final ReorderingWindow window;
private final long streamNumber;
private TagContext(ContactId contactId, boolean alice, long period,
byte[] secret, ReorderingWindow window, long streamNumber) {
this.contactId = contactId;
this.alice = alice;
this.period = period;
this.secret = secret;
this.window = window;
this.streamNumber = streamNumber;
}
private TagContext(TagContext t, long streamNumber) {
this(t.contactId, t.alice, t.period, t.secret, t.window,
streamNumber);
}
}
private static class RemovalKey {
private final ContactId contactId;
private final long period;
private RemovalKey(ContactId contactId, long period) {
this.contactId = contactId;
this.period = period;
}
@Override
public int hashCode() {
return contactId.hashCode() ^ (int) (period ^ (period >>> 32));
}
@Override
public boolean equals(Object o) {
if (o instanceof RemovalKey) {
RemovalKey k = (RemovalKey) o;
return contactId.equals(k.contactId) && period == k.period;
}
return false;
}
}
private static class RemovalContext {
private final ReorderingWindow window;
private final byte[] secret;
private final boolean alice;
private RemovalContext(ReorderingWindow window, byte[] secret,
boolean alice) {
this.window = window;
this.secret = secret;
this.alice = alice;
}
}
}

4
briar-desktop/src/org/briarproject/plugins/DesktopPluginsModule.java
View File

@@ -1,6 +1,10 @@
package org.briarproject.plugins;
import com.google.inject.Provides;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.concurrent.Executor;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.lifecycle.IoExecutor;

35
briar-tests/src/org/briarproject/ProtocolIntegrationTest.java
View File

@@ -10,6 +10,7 @@ import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyPair;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.messaging.Ack;
import org.briarproject.api.messaging.Group;
import org.briarproject.api.messaging.GroupFactory;
@@ -44,7 +45,6 @@ import java.io.OutputStream;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Random;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import static org.junit.Assert.assertArrayEquals;
@@ -61,14 +61,9 @@ public class ProtocolIntegrationTest extends BriarTestCase {
private final MessageVerifier messageVerifier;
private final ContactId contactId;
private final byte[] secret;
private final Author author;
private final SecretKey tagKey, headerKey;
private final Group group;
private final Message message, message1;
private final String authorName = "Alice";
private final String contentType = "text/plain";
private final long timestamp = System.currentTimeMillis();
private final String messageBody = "Hello world";
private final Collection<MessageId> messageIds;
private final TransportId transportId;
private final TransportProperties transportProperties;
@@ -85,9 +80,9 @@ public class ProtocolIntegrationTest extends BriarTestCase {
packetWriterFactory = i.getInstance(PacketWriterFactory.class);
messageVerifier = i.getInstance(MessageVerifier.class);
contactId = new ContactId(234);
// Create a shared secret
secret = new byte[32];
new Random().nextBytes(secret);
// Create the transport keys
tagKey = TestUtils.createSecretKey();
headerKey = TestUtils.createSecretKey();
// Create a group
GroupFactory groupFactory = i.getInstance(GroupFactory.class);
group = groupFactory.createGroup("Group");
@@ -95,12 +90,15 @@ public class ProtocolIntegrationTest extends BriarTestCase {
AuthorFactory authorFactory = i.getInstance(AuthorFactory.class);
CryptoComponent crypto = i.getInstance(CryptoComponent.class);
KeyPair authorKeyPair = crypto.generateSignatureKeyPair();
author = authorFactory.createAuthor(authorName,
Author author = authorFactory.createAuthor("Alice",
authorKeyPair.getPublic().getEncoded());
// Create two messages to the group: one anonymous, one pseudonymous
MessageFactory messageFactory = i.getInstance(MessageFactory.class);
String contentType = "text/plain";
long timestamp = System.currentTimeMillis();
String messageBody = "Hello world";
message = messageFactory.createAnonymousMessage(null, group,
contentType, timestamp, messageBody.getBytes("UTF-8"));
"text/plain", timestamp, messageBody.getBytes("UTF-8"));
message1 = messageFactory.createPseudonymousMessage(null, group,
author, authorKeyPair.getPrivate(), contentType, timestamp,
messageBody.getBytes("UTF-8"));
@@ -118,8 +116,8 @@ public class ProtocolIntegrationTest extends BriarTestCase {
private byte[] write() throws Exception {
ByteArrayOutputStream out = new ByteArrayOutputStream();
StreamContext ctx = new StreamContext(contactId, transportId, secret,
0, true);
StreamContext ctx = new StreamContext(contactId, transportId, tagKey,
headerKey, 0);
OutputStream streamWriter =
streamWriterFactory.createStreamWriter(out, ctx);
PacketWriter packetWriter = packetWriterFactory.createPacketWriter(
@@ -134,7 +132,8 @@ public class ProtocolIntegrationTest extends BriarTestCase {
packetWriter.writeRequest(new Request(messageIds));
SubscriptionUpdate su = new SubscriptionUpdate(Arrays.asList(group), 1);
SubscriptionUpdate su = new SubscriptionUpdate(
Collections.singletonList(group), 1);
packetWriter.writeSubscriptionUpdate(su);
TransportUpdate tu = new TransportUpdate(transportId,
@@ -150,8 +149,8 @@ public class ProtocolIntegrationTest extends BriarTestCase {
byte[] tag = new byte[TAG_LENGTH];
assertEquals(TAG_LENGTH, in.read(tag, 0, TAG_LENGTH));
// FIXME: Check that the expected tag was received
StreamContext ctx = new StreamContext(contactId, transportId, secret,
0, false);
StreamContext ctx = new StreamContext(contactId, transportId, tagKey,
headerKey, 0);
InputStream streamReader =
streamReaderFactory.createStreamReader(in, ctx);
PacketReader packetReader = packetReaderFactory.createPacketReader(
@@ -184,7 +183,7 @@ public class ProtocolIntegrationTest extends BriarTestCase {
// Read the subscription update
assertTrue(packetReader.hasSubscriptionUpdate());
SubscriptionUpdate su = packetReader.readSubscriptionUpdate();
assertEquals(Arrays.asList(group), su.getGroups());
assertEquals(Collections.singletonList(group), su.getGroups());
assertEquals(1, su.getVersion());
// Read the transport update

9
briar-tests/src/org/briarproject/TestUtils.java
View File

@@ -7,6 +7,9 @@ import java.io.File;
import java.util.Random;
import java.util.concurrent.atomic.AtomicInteger;
import org.briarproject.api.UniqueId;
import org.briarproject.api.crypto.SecretKey;
public class TestUtils {
private static final AtomicInteger nextTestDir =
@@ -35,4 +38,10 @@ public class TestUtils {
c[i] = (char) ('a' + random.nextInt(26));
return new String(c);
}
public static SecretKey createSecretKey() {
byte[] b = new byte[SecretKey.LENGTH];
random.nextBytes(b);
return new SecretKey(b);
}
}

7
briar-tests/src/org/briarproject/crypto/KeyAgreementTest.java
View File

@@ -4,6 +4,7 @@ import org.briarproject.BriarTestCase;
import org.briarproject.TestSeedProvider;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.KeyPair;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.system.SeedProvider;
import org.junit.Test;
@@ -19,8 +20,8 @@ public class KeyAgreementTest extends BriarTestCase {
byte[] aPub = aPair.getPublic().getEncoded();
KeyPair bPair = crypto.generateAgreementKeyPair();
byte[] bPub = bPair.getPublic().getEncoded();
byte[] aSecret = crypto.deriveMasterSecret(aPub, bPair, true);
byte[] bSecret = crypto.deriveMasterSecret(bPub, aPair, false);
assertArrayEquals(aSecret, bSecret);
SecretKey aMaster = crypto.deriveMasterSecret(aPub, bPair, true);
SecretKey bMaster = crypto.deriveMasterSecret(bPub, aPair, false);
assertArrayEquals(aMaster.getBytes(), bMaster.getBytes());
}
}

174
briar-tests/src/org/briarproject/crypto/KeyDerivationTest.java
View File

@@ -2,72 +2,164 @@ package org.briarproject.crypto;
import org.briarproject.BriarTestCase;
import org.briarproject.TestSeedProvider;
import org.briarproject.TestUtils;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.transport.TransportKeys;
import org.junit.Test;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Random;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertFalse;
public class KeyDerivationTest extends BriarTestCase {
private final TransportId transportId = new TransportId("id");
private final CryptoComponent crypto;
private final byte[] secret;
private final SecretKey master;
public KeyDerivationTest() {
crypto = new CryptoComponentImpl(new TestSeedProvider());
secret = new byte[32];
new Random().nextBytes(secret);
master = TestUtils.createSecretKey();
}
@Test
public void testKeysAreDistinct() {
List<SecretKey> keys = new ArrayList<SecretKey>();
keys.add(crypto.deriveFrameKey(secret, 0, true));
keys.add(crypto.deriveFrameKey(secret, 0, false));
keys.add(crypto.deriveTagKey(secret, true));
keys.add(crypto.deriveTagKey(secret, false));
for (int i = 0; i < 4; i++) {
byte[] keyI = keys.get(i).getBytes();
for (int j = 0; j < 4; j++) {
byte[] keyJ = keys.get(j).getBytes();
assertEquals(i == j, Arrays.equals(keyI, keyJ));
}
}
TransportKeys k = crypto.deriveTransportKeys(transportId, master,
123, true);
assertAllDifferent(k);
}
@Test
public void testSecretAffectsDerivation() {
Random r = new Random();
List<byte[]> secrets = new ArrayList<byte[]>();
for (int i = 0; i < 20; i++) {
byte[] b = new byte[32];
r.nextBytes(b);
secrets.add(crypto.deriveNextSecret(b, 0));
}
for (int i = 0; i < 20; i++) {
byte[] secretI = secrets.get(i);
for (int j = 0; j < 20; j++) {
byte[] secretJ = secrets.get(j);
assertEquals(i == j, Arrays.equals(secretI, secretJ));
}
}
public void testCurrentKeysMatchCurrentKeysOfContact() {
// Start in rotation period 123
TransportKeys kA = crypto.deriveTransportKeys(transportId, master,
123, true);
TransportKeys kB = crypto.deriveTransportKeys(transportId, master,
123, false);
// Alice's incoming keys should equal Bob's outgoing keys
assertArrayEquals(kA.getCurrentIncomingKeys().getTagKey().getBytes(),
kB.getCurrentOutgoingKeys().getTagKey().getBytes());
assertArrayEquals(kA.getCurrentIncomingKeys().getHeaderKey().getBytes(),
kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
// Alice's outgoing keys should equal Bob's incoming keys
assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
kB.getCurrentIncomingKeys().getTagKey().getBytes());
assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
kB.getCurrentIncomingKeys().getHeaderKey().getBytes());
// Rotate into the future
kA = crypto.rotateTransportKeys(kA, 456);
kB = crypto.rotateTransportKeys(kB, 456);
// Alice's incoming keys should equal Bob's outgoing keys
assertArrayEquals(kA.getCurrentIncomingKeys().getTagKey().getBytes(),
kB.getCurrentOutgoingKeys().getTagKey().getBytes());
assertArrayEquals(kA.getCurrentIncomingKeys().getHeaderKey().getBytes(),
kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
// Alice's outgoing keys should equal Bob's incoming keys
assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
kB.getCurrentIncomingKeys().getTagKey().getBytes());
assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
kB.getCurrentIncomingKeys().getHeaderKey().getBytes());
}
@Test
public void testStreamNumberAffectsDerivation() {
List<byte[]> secrets = new ArrayList<byte[]>();
for (int i = 0; i < 20; i++)
secrets.add(crypto.deriveNextSecret(secret, i));
for (int i = 0; i < 20; i++) {
byte[] secretI = secrets.get(i);
for (int j = 0; j < 20; j++) {
byte[] secretJ = secrets.get(j);
assertEquals(i == j, Arrays.equals(secretI, secretJ));
public void testPreviousKeysMatchPreviousKeysOfContact() {
// Start in rotation period 123
TransportKeys kA = crypto.deriveTransportKeys(transportId, master,
123, true);
TransportKeys kB = crypto.deriveTransportKeys(transportId, master,
123, false);
// Compare Alice's previous keys in period 456 with Bob's current keys
// in period 455
kA = crypto.rotateTransportKeys(kA, 456);
kB = crypto.rotateTransportKeys(kB, 455);
// Alice's previous incoming keys should equal Bob's outgoing keys
assertArrayEquals(kA.getPreviousIncomingKeys().getTagKey().getBytes(),
kB.getCurrentOutgoingKeys().getTagKey().getBytes());
assertArrayEquals(kA.getPreviousIncomingKeys().getHeaderKey().getBytes(),
kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
// Compare Alice's current keys in period 456 with Bob's previous keys
// in period 457
kB = crypto.rotateTransportKeys(kB, 457);
// Alice's outgoing keys should equal Bob's previous incoming keys
assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
kB.getPreviousIncomingKeys().getTagKey().getBytes());
assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
kB.getPreviousIncomingKeys().getHeaderKey().getBytes());
}
@Test
public void testNextKeysMatchNextKeysOfContact() {
// Start in rotation period 123
TransportKeys kA = crypto.deriveTransportKeys(transportId, master,
123, true);
TransportKeys kB = crypto.deriveTransportKeys(transportId, master,
123, false);
// Compare Alice's current keys in period 456 with Bob's next keys in
// period 455
kA = crypto.rotateTransportKeys(kA, 456);
kB = crypto.rotateTransportKeys(kB, 455);
// Alice's outgoing keys should equal Bob's next incoming keys
assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
kB.getNextIncomingKeys().getTagKey().getBytes());
assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
kB.getNextIncomingKeys().getHeaderKey().getBytes());
// Compare Alice's next keys in period 456 with Bob's current keys
// in period 457
kB = crypto.rotateTransportKeys(kB, 457);
// Alice's next incoming keys should equal Bob's outgoing keys
assertArrayEquals(kA.getNextIncomingKeys().getTagKey().getBytes(),
kB.getCurrentOutgoingKeys().getTagKey().getBytes());
assertArrayEquals(kA.getNextIncomingKeys().getHeaderKey().getBytes(),
kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
}
@Test
public void testMasterKeyAffectsOutput() {
SecretKey master1 = TestUtils.createSecretKey();
assertFalse(Arrays.equals(master.getBytes(), master1.getBytes()));
TransportKeys k = crypto.deriveTransportKeys(transportId, master,
123, true);
TransportKeys k1 = crypto.deriveTransportKeys(transportId, master1,
123, true);
assertAllDifferent(k, k1);
}
@Test
public void testTransportIdAffectsOutput() {
TransportId transportId1 = new TransportId("id1");
assertFalse(transportId.getString().equals(transportId1.getString()));
TransportKeys k = crypto.deriveTransportKeys(transportId, master,
123, true);
TransportKeys k1 = crypto.deriveTransportKeys(transportId1, master,
123, true);
assertAllDifferent(k, k1);
}
private void assertAllDifferent(TransportKeys... transportKeys) {
List<SecretKey> secretKeys = new ArrayList<SecretKey>();
for (TransportKeys k : transportKeys) {
secretKeys.add(k.getPreviousIncomingKeys().getTagKey());
secretKeys.add(k.getPreviousIncomingKeys().getHeaderKey());
secretKeys.add(k.getCurrentIncomingKeys().getTagKey());
secretKeys.add(k.getCurrentIncomingKeys().getHeaderKey());
secretKeys.add(k.getNextIncomingKeys().getTagKey());
secretKeys.add(k.getNextIncomingKeys().getHeaderKey());
secretKeys.add(k.getCurrentOutgoingKeys().getTagKey());
secretKeys.add(k.getCurrentOutgoingKeys().getHeaderKey());
}
assertAllDifferent(secretKeys);
}
private void assertAllDifferent(List<SecretKey> keys) {
for (SecretKey ki : keys) {
for (SecretKey kj : keys) {
if (ki == kj) assertArrayEquals(ki.getBytes(), kj.getBytes());
else assertFalse(Arrays.equals(ki.getBytes(), kj.getBytes()));
}
}
}

112
briar-tests/src/org/briarproject/db/DatabaseComponentTest.java
View File

@@ -11,6 +11,7 @@ import org.briarproject.api.LocalAuthor;
import org.briarproject.api.TransportConfig;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.db.NoSuchContactException;
import org.briarproject.api.db.NoSuchLocalAuthorException;
@@ -45,8 +46,9 @@ import org.briarproject.api.messaging.SubscriptionAck;
import org.briarproject.api.messaging.SubscriptionUpdate;
import org.briarproject.api.messaging.TransportAck;
import org.briarproject.api.messaging.TransportUpdate;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.TemporarySecret;
import org.briarproject.api.transport.IncomingKeys;
import org.briarproject.api.transport.OutgoingKeys;
import org.briarproject.api.transport.TransportKeys;
import org.jmock.Expectations;
import org.jmock.Mockery;
import org.junit.Test;
@@ -84,8 +86,6 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
protected final int maxLatency;
protected final ContactId contactId;
protected final Contact contact;
protected final Endpoint endpoint;
protected final TemporarySecret temporarySecret;
public DatabaseComponentTest() {
groupId = new GroupId(TestUtils.getRandomId());
@@ -112,9 +112,6 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
maxLatency = Integer.MAX_VALUE;
contactId = new ContactId(234);
contact = new Contact(contactId, author, localAuthorId);
endpoint = new Endpoint(contactId, transportId, 123, true);
temporarySecret = new TemporarySecret(contactId, transportId, 123,
false, 234, new byte[32], 345, 456, new byte[4]);
}
protected abstract <T> DatabaseComponent createDatabaseComponent(
@@ -157,7 +154,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
oneOf(eventBus).broadcast(with(any(ContactAddedEvent.class)));
// getContacts()
oneOf(database).getContacts(txn);
will(returnValue(Arrays.asList(contact)));
will(returnValue(Collections.singletonList(contact)));
// getRemoteProperties()
oneOf(database).getRemoteProperties(txn, transportId);
will(returnValue(Collections.emptyMap()));
@@ -177,7 +174,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
will(returnValue(Collections.emptyList()));
// getGroups()
oneOf(database).getGroups(txn);
will(returnValue(Arrays.asList(groupId)));
will(returnValue(Collections.singletonList(group)));
// removeGroup()
oneOf(database).containsGroup(txn, groupId);
will(returnValue(true));
@@ -213,13 +210,13 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
assertFalse(db.open());
db.addLocalAuthor(localAuthor);
assertEquals(contactId, db.addContact(author, localAuthorId));
assertEquals(Arrays.asList(contact), db.getContacts());
assertEquals(Collections.singletonList(contact), db.getContacts());
assertEquals(Collections.emptyMap(),
db.getRemoteProperties(transportId));
db.addGroup(group); // First time - listeners called
db.addGroup(group); // Second time - not called
assertEquals(Collections.emptyList(), db.getMessageHeaders(groupId));
assertEquals(Arrays.asList(groupId), db.getGroups());
assertEquals(Collections.singletonList(group), db.getGroups());
db.removeGroup(group);
db.removeContact(contactId);
db.removeLocalAuthor(localAuthorId);
@@ -297,9 +294,9 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
oneOf(database).addMessage(txn, message, true);
oneOf(database).setReadFlag(txn, messageId, true);
oneOf(database).getVisibility(txn, groupId);
will(returnValue(Arrays.asList(contactId)));
will(returnValue(Collections.singletonList(contactId)));
oneOf(database).getContactIds(txn);
will(returnValue(Arrays.asList(contactId)));
will(returnValue(Collections.singletonList(contactId)));
oneOf(database).removeOfferedMessage(txn, contactId, messageId);
will(returnValue(false));
oneOf(database).addStatus(txn, contactId, messageId, false, false);
@@ -336,7 +333,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
eventBus, shutdown);
try {
db.addEndpoint(endpoint);
db.addTransportKeys(contactId, createTransportKeys());
fail();
} catch (NoSuchContactException expected) {}
@@ -401,7 +398,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
} catch (NoSuchContactException expected) {}
try {
Ack a = new Ack(Arrays.asList(messageId));
Ack a = new Ack(Collections.singletonList(messageId));
db.receiveAck(contactId, a);
fail();
} catch (NoSuchContactException expected) {}
@@ -412,7 +409,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
} catch (NoSuchContactException expected) {}
try {
Offer o = new Offer(Arrays.asList(messageId));
Offer o = new Offer(Collections.singletonList(messageId));
db.receiveOffer(contactId, o);
fail();
} catch (NoSuchContactException expected) {}
@@ -594,7 +591,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
// Check whether the transport is in the DB (which it's not)
exactly(8).of(database).startTransaction();
will(returnValue(txn));
exactly(3).of(database).containsContact(txn, contactId);
exactly(2).of(database).containsContact(txn, contactId);
will(returnValue(true));
exactly(8).of(database).containsTransport(txn, transportId);
will(returnValue(false));
@@ -606,11 +603,6 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
db.addLocalAuthor(localAuthor);
assertEquals(contactId, db.addContact(author, localAuthorId));
try {
db.addEndpoint(endpoint);
fail();
} catch (NoSuchTransportException expected) {}
try {
db.getConfig(transportId);
fail();
@@ -621,6 +613,11 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
fail();
} catch (NoSuchTransportException expected) {}
try {
db.getTransportKeys(transportId);
fail();
} catch (NoSuchTransportException expected) {}
try {
db.mergeConfig(transportId, new TransportConfig());
fail();
@@ -909,7 +906,8 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
oneOf(database).containsContact(txn, contactId);
will(returnValue(true));
oneOf(database).getSubscriptionUpdate(txn, contactId, maxLatency);
will(returnValue(new SubscriptionUpdate(Arrays.asList(group), 1)));
will(returnValue(new SubscriptionUpdate(
Collections.singletonList(group), 1)));
oneOf(database).commitTransaction(txn);
}});
DatabaseComponent db = createDatabaseComponent(database, cleaner,
@@ -917,7 +915,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
SubscriptionUpdate u = db.generateSubscriptionUpdate(contactId,
maxLatency);
assertEquals(Arrays.asList(group), u.getGroups());
assertEquals(Collections.singletonList(group), u.getGroups());
assertEquals(1, u.getVersion());
context.assertIsSatisfied();
@@ -962,8 +960,8 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
oneOf(database).containsContact(txn, contactId);
will(returnValue(true));
oneOf(database).getTransportUpdates(txn, contactId, maxLatency);
will(returnValue(Arrays.asList(new TransportUpdate(transportId,
transportProperties, 1))));
will(returnValue(Collections.singletonList(new TransportUpdate(
transportId, transportProperties, 1))));
oneOf(database).commitTransaction(txn);
}});
DatabaseComponent db = createDatabaseComponent(database, cleaner,
@@ -1003,7 +1001,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
DatabaseComponent db = createDatabaseComponent(database, cleaner,
eventBus, shutdown);
db.receiveAck(contactId, new Ack(Arrays.asList(messageId)));
db.receiveAck(contactId, new Ack(Collections.singletonList(messageId)));
context.assertIsSatisfied();
}
@@ -1027,9 +1025,9 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
will(returnValue(true));
oneOf(database).addMessage(txn, message, false);
oneOf(database).getVisibility(txn, groupId);
will(returnValue(Arrays.asList(contactId)));
will(returnValue(Collections.singletonList(contactId)));
oneOf(database).getContactIds(txn);
will(returnValue(Arrays.asList(contactId)));
will(returnValue(Collections.singletonList(contactId)));
oneOf(database).removeOfferedMessage(txn, contactId, messageId);
will(returnValue(false));
oneOf(database).addStatus(txn, contactId, messageId, false, true);
@@ -1176,7 +1174,8 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
DatabaseComponent db = createDatabaseComponent(database, cleaner,
eventBus, shutdown);
db.receiveRequest(contactId, new Request(Arrays.asList(messageId)));
db.receiveRequest(contactId, new Request(Collections.singletonList(
messageId)));
context.assertIsSatisfied();
}
@@ -1244,13 +1243,15 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
will(returnValue(txn));
oneOf(database).containsContact(txn, contactId);
will(returnValue(true));
oneOf(database).setGroups(txn, contactId, Arrays.asList(group), 1);
oneOf(database).setGroups(txn, contactId,
Collections.singletonList(group), 1);
oneOf(database).commitTransaction(txn);
}});
DatabaseComponent db = createDatabaseComponent(database, cleaner,
eventBus, shutdown);
SubscriptionUpdate u = new SubscriptionUpdate(Arrays.asList(group), 1);
SubscriptionUpdate u = new SubscriptionUpdate(
Collections.singletonList(group), 1);
db.receiveSubscriptionUpdate(contactId, u);
context.assertIsSatisfied();
@@ -1398,7 +1399,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
DatabaseComponent db = createDatabaseComponent(database, cleaner,
eventBus, shutdown);
db.setVisibility(groupId, Arrays.asList(contactId));
db.setVisibility(groupId, Collections.singletonList(contactId));
context.assertIsSatisfied();
}
@@ -1467,7 +1468,7 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
will(returnValue(true));
oneOf(database).setVisibleToAll(txn, groupId, true);
oneOf(database).getVisibility(txn, groupId);
will(returnValue(Arrays.asList(contactId)));
will(returnValue(Collections.singletonList(contactId)));
oneOf(database).getContactIds(txn);
will(returnValue(both));
oneOf(database).addVisibility(txn, contactId1, groupId);
@@ -1478,14 +1479,15 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
DatabaseComponent db = createDatabaseComponent(database, cleaner,
eventBus, shutdown);
db.setVisibility(groupId, Arrays.asList(contactId));
db.setVisibility(groupId, Collections.singletonList(contactId));
db.setVisibleToAll(groupId, true);
context.assertIsSatisfied();
}
@Test
public void testTemporarySecrets() throws Exception {
public void testTransportKeys() throws Exception {
final TransportKeys keys = createTransportKeys();
Mockery context = new Mockery();
@SuppressWarnings("unchecked")
final Database<Object> database = context.mock(Database.class);
@@ -1493,28 +1495,52 @@ public abstract class DatabaseComponentTest extends BriarTestCase {
final ShutdownManager shutdown = context.mock(ShutdownManager.class);
final EventBus eventBus = context.mock(EventBus.class);
context.checking(new Expectations() {{
// addSecrets()
// updateTransportKeys()
oneOf(database).startTransaction();
will(returnValue(txn));
oneOf(database).containsContact(txn, contactId);
will(returnValue(true));
oneOf(database).containsTransport(txn, transportId);
will(returnValue(true));
oneOf(database).addSecrets(txn, Arrays.asList(temporarySecret));
oneOf(database).updateTransportKeys(txn,
Collections.singletonMap(contactId, keys));
oneOf(database).commitTransaction(txn);
// getSecrets()
// getTransportKeys()
oneOf(database).startTransaction();
will(returnValue(txn));
oneOf(database).getSecrets(txn);
will(returnValue(Arrays.asList(temporarySecret)));
oneOf(database).containsTransport(txn, transportId);
will(returnValue(true));
oneOf(database).getTransportKeys(txn, transportId);
will(returnValue(Collections.singletonMap(contactId, keys)));
oneOf(database).commitTransaction(txn);
}});
DatabaseComponent db = createDatabaseComponent(database, cleaner,
eventBus, shutdown);
db.addSecrets(Arrays.asList(temporarySecret));
assertEquals(Arrays.asList(temporarySecret), db.getSecrets());
db.updateTransportKeys(Collections.singletonMap(contactId, keys));
assertEquals(Collections.singletonMap(contactId, keys),
db.getTransportKeys(transportId));
context.assertIsSatisfied();
}
private TransportKeys createTransportKeys() {
SecretKey inPrevTagKey = TestUtils.createSecretKey();
SecretKey inPrevHeaderKey = TestUtils.createSecretKey();
IncomingKeys inPrev = new IncomingKeys(inPrevTagKey, inPrevHeaderKey,
1, 123, new byte[4]);
SecretKey inCurrTagKey = TestUtils.createSecretKey();
SecretKey inCurrHeaderKey = TestUtils.createSecretKey();
IncomingKeys inCurr = new IncomingKeys(inCurrTagKey, inCurrHeaderKey,
2, 234, new byte[4]);
SecretKey inNextTagKey = TestUtils.createSecretKey();
SecretKey inNextHeaderKey = TestUtils.createSecretKey();
IncomingKeys inNext = new IncomingKeys(inNextTagKey, inNextHeaderKey,
3, 345, new byte[4]);
SecretKey outCurrTagKey = TestUtils.createSecretKey();
SecretKey outCurrHeaderKey = TestUtils.createSecretKey();
OutgoingKeys outCurr = new OutgoingKeys(outCurrTagKey, outCurrHeaderKey,
2, 456);
return new TransportKeys(transportId, inPrev, inCurr, inNext, outCurr);
}
}

439
briar-tests/src/org/briarproject/db/H2DatabaseTest.java
View File

@@ -11,14 +11,17 @@ import org.briarproject.api.LocalAuthor;
import org.briarproject.api.TransportConfig;
import org.briarproject.api.TransportId;
import org.briarproject.api.TransportProperties;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.db.DbException;
import org.briarproject.api.db.MessageHeader;
import org.briarproject.api.messaging.Group;
import org.briarproject.api.messaging.GroupId;
import org.briarproject.api.messaging.Message;
import org.briarproject.api.messaging.MessageId;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.TemporarySecret;
import org.briarproject.api.transport.IncomingKeys;
import org.briarproject.api.transport.OutgoingKeys;
import org.briarproject.api.transport.TransportKeys;
import org.briarproject.system.FileUtilsImpl;
import org.briarproject.system.SystemClock;
import org.junit.After;
import org.junit.Before;
@@ -34,6 +37,7 @@ import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Random;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -59,7 +63,6 @@ public class H2DatabaseTest extends BriarTestCase {
private final Random random = new Random();
private final GroupId groupId;
private final Group group;
private final AuthorId authorId;
private final Author author;
private final AuthorId localAuthorId;
private final LocalAuthor localAuthor;
@@ -75,7 +78,7 @@ public class H2DatabaseTest extends BriarTestCase {
public H2DatabaseTest() throws Exception {
groupId = new GroupId(TestUtils.getRandomId());
group = new Group(groupId, "Group", new byte[GROUP_SALT_LENGTH]);
authorId = new AuthorId(TestUtils.getRandomId());
AuthorId authorId = new AuthorId(TestUtils.getRandomId());
author = new Author(authorId, "Alice", new byte[MAX_PUBLIC_KEY_LENGTH]);
localAuthorId = new AuthorId(TestUtils.getRandomId());
localAuthor = new LocalAuthor(localAuthorId, "Bob",
@@ -171,7 +174,7 @@ public class H2DatabaseTest extends BriarTestCase {
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addGroup(txn, group);
db.addVisibility(txn, contactId, groupId);
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
db.addMessage(txn, message, true);
// The message has no status yet, so it should not be sendable
@@ -216,7 +219,7 @@ public class H2DatabaseTest extends BriarTestCase {
assertTrue(ids.isEmpty());
// The contact subscribing should make the message sendable
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
ids = db.getMessagesToSend(txn, contactId, ONE_MEGABYTE);
assertFalse(ids.isEmpty());
Iterator<MessageId> it = ids.iterator();
@@ -243,7 +246,7 @@ public class H2DatabaseTest extends BriarTestCase {
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addGroup(txn, group);
db.addVisibility(txn, contactId, groupId);
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
db.addMessage(txn, message, true);
db.addStatus(txn, contactId, messageId, false, false);
@@ -273,7 +276,7 @@ public class H2DatabaseTest extends BriarTestCase {
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addGroup(txn, group);
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
db.addMessage(txn, message, true);
db.addStatus(txn, contactId, messageId, false, false);
@@ -305,7 +308,7 @@ public class H2DatabaseTest extends BriarTestCase {
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addGroup(txn, group);
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
// Add some messages to ack
MessageId messageId1 = new MessageId(TestUtils.getRandomId());
@@ -342,7 +345,7 @@ public class H2DatabaseTest extends BriarTestCase {
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addGroup(txn, group);
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
// Receive the same message twice
db.addMessage(txn, message, true);
@@ -352,10 +355,10 @@ public class H2DatabaseTest extends BriarTestCase {
// The message ID should only be returned once
Collection<MessageId> ids = db.getMessagesToAck(txn, contactId, 1234);
assertEquals(Arrays.asList(messageId), ids);
assertEquals(Collections.singletonList(messageId), ids);
// Remove the message ID
db.lowerAckFlag(txn, contactId, Arrays.asList(messageId));
db.lowerAckFlag(txn, contactId, Collections.singletonList(messageId));
// The message ID should have been removed
assertEquals(Collections.emptyList(), db.getMessagesToAck(txn,
@@ -375,7 +378,7 @@ public class H2DatabaseTest extends BriarTestCase {
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addGroup(txn, group);
db.addVisibility(txn, contactId, groupId);
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
db.addMessage(txn, message, true);
db.addStatus(txn, contactId, messageId, false, false);
@@ -674,7 +677,7 @@ public class H2DatabaseTest extends BriarTestCase {
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addGroup(txn, group);
db.addVisibility(txn, contactId, groupId);
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
// The message is not in the database
assertFalse(db.containsVisibleMessage(txn, contactId, messageId));
@@ -692,7 +695,7 @@ public class H2DatabaseTest extends BriarTestCase {
// Add a contact with a subscription
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
// There's no local subscription for the group
assertFalse(db.containsVisibleMessage(txn, contactId, messageId));
@@ -711,7 +714,7 @@ public class H2DatabaseTest extends BriarTestCase {
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addGroup(txn, group);
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
db.addMessage(txn, message, true);
db.addStatus(txn, contactId, messageId, false, false);
@@ -737,7 +740,8 @@ public class H2DatabaseTest extends BriarTestCase {
// Make the group visible to the contact
db.addVisibility(txn, contactId, groupId);
assertEquals(Arrays.asList(contactId), db.getVisibility(txn, groupId));
assertEquals(Collections.singletonList(contactId),
db.getVisibility(txn, groupId));
// Make the group invisible again
db.removeVisibility(txn, contactId, groupId);
@@ -1111,183 +1115,97 @@ public class H2DatabaseTest extends BriarTestCase {
}
@Test
public void testTemporarySecrets() throws Exception {
// Create an endpoint and four consecutive temporary secrets
long epoch = 123;
int latency = 234;
boolean alice = false;
long outgoing1 = 345, centre1 = 456;
long outgoing2 = 567, centre2 = 678;
long outgoing3 = 789, centre3 = 890;
long outgoing4 = 901, centre4 = 123;
Endpoint ep = new Endpoint(contactId, transportId, epoch, alice);
Random random = new Random();
byte[] secret1 = new byte[32], bitmap1 = new byte[4];
random.nextBytes(secret1);
random.nextBytes(bitmap1);
TemporarySecret s1 = new TemporarySecret(contactId, transportId, epoch,
alice, 0, secret1, outgoing1, centre1, bitmap1);
byte[] secret2 = new byte[32], bitmap2 = new byte[4];
random.nextBytes(secret2);
random.nextBytes(bitmap2);
TemporarySecret s2 = new TemporarySecret(contactId, transportId, epoch,
alice, 1, secret2, outgoing2, centre2, bitmap2);
byte[] secret3 = new byte[32], bitmap3 = new byte[4];
random.nextBytes(secret3);
random.nextBytes(bitmap3);
TemporarySecret s3 = new TemporarySecret(contactId, transportId, epoch,
alice, 2, secret3, outgoing3, centre3, bitmap3);
byte[] secret4 = new byte[32], bitmap4 = new byte[4];
random.nextBytes(secret4);
random.nextBytes(bitmap4);
TemporarySecret s4 = new TemporarySecret(contactId, transportId, epoch,
alice, 3, secret4, outgoing4, centre4, bitmap4);
public void testTransportKeys() throws Exception {
TransportKeys keys = createTransportKeys();
Database<Connection> db = open(false);
Connection txn = db.startTransaction();
// Initially there should be no secrets in the database
assertEquals(Collections.emptyList(), db.getSecrets(txn));
// Initially there should be no transport keys in the database
assertEquals(Collections.emptyMap(),
db.getTransportKeys(txn, transportId));
// Add the contact, the transport, the endpoint and the first three
// secrets (periods 0, 1 and 2)
// Add the contact, the transport and the transport keys
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addTransport(txn, transportId, latency);
db.addEndpoint(txn, ep);
db.addSecrets(txn, Arrays.asList(s1, s2, s3));
db.addTransport(txn, transportId, 123);
db.addTransportKeys(txn, contactId, keys);
// Retrieve the first three secrets
Collection<TemporarySecret> secrets = db.getSecrets(txn);
assertEquals(3, secrets.size());
boolean foundFirst = false, foundSecond = false, foundThird = false;
for (TemporarySecret s : secrets) {
assertEquals(contactId, s.getContactId());
assertEquals(transportId, s.getTransportId());
assertEquals(epoch, s.getEpoch());
assertEquals(alice, s.getAlice());
if (s.getPeriod() == 0) {
assertArrayEquals(secret1, s.getSecret());
assertEquals(outgoing1, s.getOutgoingStreamCounter());
assertEquals(centre1, s.getWindowCentre());
assertArrayEquals(bitmap1, s.getWindowBitmap());
foundFirst = true;
} else if (s.getPeriod() == 1) {
assertArrayEquals(secret2, s.getSecret());
assertEquals(outgoing2, s.getOutgoingStreamCounter());
assertEquals(centre2, s.getWindowCentre());
assertArrayEquals(bitmap2, s.getWindowBitmap());
foundSecond = true;
} else if (s.getPeriod() == 2) {
assertArrayEquals(secret3, s.getSecret());
assertEquals(outgoing3, s.getOutgoingStreamCounter());
assertEquals(centre3, s.getWindowCentre());
assertArrayEquals(bitmap3, s.getWindowBitmap());
foundThird = true;
} else {
fail();
}
}
assertTrue(foundFirst);
assertTrue(foundSecond);
assertTrue(foundThird);
// Retrieve the transport keys
Map<ContactId, TransportKeys> newKeys =
db.getTransportKeys(txn, transportId);
assertEquals(1, newKeys.size());
Entry<ContactId, TransportKeys> e =
newKeys.entrySet().iterator().next();
assertEquals(contactId, e.getKey());
TransportKeys k = e.getValue();
assertEquals(transportId, k.getTransportId());
assertKeysEquals(keys.getPreviousIncomingKeys(),
k.getPreviousIncomingKeys());
assertKeysEquals(keys.getCurrentIncomingKeys(),
k.getCurrentIncomingKeys());
assertKeysEquals(keys.getNextIncomingKeys(),
k.getNextIncomingKeys());
assertKeysEquals(keys.getCurrentOutgoingKeys(),
k.getCurrentOutgoingKeys());
// Adding the fourth secret (period 3) should delete the first
db.addSecrets(txn, Arrays.asList(s4));
secrets = db.getSecrets(txn);
assertEquals(3, secrets.size());
foundSecond = foundThird = false;
boolean foundFourth = false;
for (TemporarySecret s : secrets) {
assertEquals(contactId, s.getContactId());
assertEquals(transportId, s.getTransportId());
assertEquals(epoch, s.getEpoch());
assertEquals(alice, s.getAlice());
if (s.getPeriod() == 1) {
assertArrayEquals(secret2, s.getSecret());
assertEquals(outgoing2, s.getOutgoingStreamCounter());
assertEquals(centre2, s.getWindowCentre());
assertArrayEquals(bitmap2, s.getWindowBitmap());
foundSecond = true;
} else if (s.getPeriod() == 2) {
assertArrayEquals(secret3, s.getSecret());
assertEquals(outgoing3, s.getOutgoingStreamCounter());
assertEquals(centre3, s.getWindowCentre());
assertArrayEquals(bitmap3, s.getWindowBitmap());
foundThird = true;
} else if (s.getPeriod() == 3) {
assertArrayEquals(secret4, s.getSecret());
assertEquals(outgoing4, s.getOutgoingStreamCounter());
assertEquals(centre4, s.getWindowCentre());
assertArrayEquals(bitmap4, s.getWindowBitmap());
foundFourth = true;
} else {
fail();
}
}
assertTrue(foundSecond);
assertTrue(foundThird);
assertTrue(foundFourth);
// Removing the contact should remove the secrets
// Removing the contact should remove the transport keys
db.removeContact(txn, contactId);
assertEquals(Collections.emptyList(), db.getSecrets(txn));
assertEquals(Collections.emptyMap(),
db.getTransportKeys(txn, transportId));
db.commitTransaction(txn);
db.close();
}
private void assertKeysEquals(IncomingKeys expected, IncomingKeys actual) {
assertArrayEquals(expected.getTagKey().getBytes(),
actual.getTagKey().getBytes());
assertArrayEquals(expected.getHeaderKey().getBytes(),
actual.getHeaderKey().getBytes());
assertEquals(expected.getRotationPeriod(), actual.getRotationPeriod());
assertEquals(expected.getWindowBase(), actual.getWindowBase());
assertArrayEquals(expected.getWindowBitmap(), actual.getWindowBitmap());
}
private void assertKeysEquals(OutgoingKeys expected, OutgoingKeys actual) {
assertArrayEquals(expected.getTagKey().getBytes(),
actual.getTagKey().getBytes());
assertArrayEquals(expected.getHeaderKey().getBytes(),
actual.getHeaderKey().getBytes());
assertEquals(expected.getRotationPeriod(), actual.getRotationPeriod());
assertEquals(expected.getStreamCounter(), actual.getStreamCounter());
}
@Test
public void testIncrementStreamCounter() throws Exception {
// Create an endpoint and a temporary secret
long epoch = 123;
int latency = 234;
boolean alice = false;
long period = 345, outgoing = 456, centre = 567;
Endpoint ep = new Endpoint(contactId, transportId, epoch, alice);
Random random = new Random();
byte[] secret = new byte[32], bitmap = new byte[4];
random.nextBytes(secret);
TemporarySecret s = new TemporarySecret(contactId, transportId, epoch,
alice, period, secret, outgoing, centre, bitmap);
TransportKeys keys = createTransportKeys();
long rotationPeriod = keys.getCurrentOutgoingKeys().getRotationPeriod();
long streamCounter = keys.getCurrentOutgoingKeys().getStreamCounter();
Database<Connection> db = open(false);
Connection txn = db.startTransaction();
// Add the contact, transport, endpoint and temporary secret
// Add the contact, transport and transport keys
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addTransport(txn, transportId, latency);
db.addEndpoint(txn, ep);
db.addSecrets(txn, Arrays.asList(s));
db.addTransport(txn, transportId, 123);
db.updateTransportKeys(txn, Collections.singletonMap(contactId, keys));
// Retrieve the secret
Collection<TemporarySecret> secrets = db.getSecrets(txn);
assertEquals(1, secrets.size());
s = secrets.iterator().next();
assertEquals(contactId, s.getContactId());
assertEquals(transportId, s.getTransportId());
assertEquals(period, s.getPeriod());
assertArrayEquals(secret, s.getSecret());
assertEquals(outgoing, s.getOutgoingStreamCounter());
assertEquals(centre, s.getWindowCentre());
assertArrayEquals(bitmap, s.getWindowBitmap());
// Increment the stream counter twice and retrieve the secret again
assertEquals(outgoing, db.incrementStreamCounter(txn,
s.getContactId(), s.getTransportId(), s.getPeriod()));
assertEquals(outgoing + 1, db.incrementStreamCounter(txn,
s.getContactId(), s.getTransportId(), s.getPeriod()));
secrets = db.getSecrets(txn);
assertEquals(1, secrets.size());
s = secrets.iterator().next();
assertEquals(contactId, s.getContactId());
assertEquals(transportId, s.getTransportId());
assertEquals(period, s.getPeriod());
assertArrayEquals(secret, s.getSecret());
assertEquals(outgoing + 2, s.getOutgoingStreamCounter());
assertEquals(centre, s.getWindowCentre());
assertArrayEquals(bitmap, s.getWindowBitmap());
// Increment the stream counter twice and retrieve the transport keys
db.incrementStreamCounter(txn, contactId, transportId, rotationPeriod);
db.incrementStreamCounter(txn, contactId, transportId, rotationPeriod);
Map<ContactId, TransportKeys> newKeys =
db.getTransportKeys(txn, transportId);
assertEquals(1, newKeys.size());
Entry<ContactId, TransportKeys> e =
newKeys.entrySet().iterator().next();
assertEquals(contactId, e.getKey());
TransportKeys k = e.getValue();
assertEquals(transportId, k.getTransportId());
OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
assertEquals(rotationPeriod, outCurr.getRotationPeriod());
assertEquals(streamCounter + 2, outCurr.getStreamCounter());
db.commitTransaction(txn);
db.close();
@@ -1295,123 +1213,36 @@ public class H2DatabaseTest extends BriarTestCase {
@Test
public void testSetReorderingWindow() throws Exception {
// Create an endpoint and a temporary secret
long epoch = 123;
int latency = 234;
boolean alice = false;
long period = 345, outgoing = 456, centre = 567;
Endpoint ep = new Endpoint(contactId, transportId, epoch, alice);
Random random = new Random();
byte[] secret = new byte[32], bitmap = new byte[4];
random.nextBytes(secret);
TemporarySecret s = new TemporarySecret(contactId, transportId, epoch,
alice, period, secret, outgoing, centre, bitmap);
TransportKeys keys = createTransportKeys();
long rotationPeriod = keys.getCurrentIncomingKeys().getRotationPeriod();
long base = keys.getCurrentIncomingKeys().getWindowBase();
byte[] bitmap = keys.getCurrentIncomingKeys().getWindowBitmap();
Database<Connection> db = open(false);
Connection txn = db.startTransaction();
// Add the contact, transport, endpoint and temporary secret
// Add the contact, transport and transport keys
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addTransport(txn, transportId, latency);
db.addEndpoint(txn, ep);
db.addSecrets(txn, Arrays.asList(s));
db.addTransport(txn, transportId, 123);
db.updateTransportKeys(txn, Collections.singletonMap(contactId, keys));
// Retrieve the secret
Collection<TemporarySecret> secrets = db.getSecrets(txn);
assertEquals(1, secrets.size());
s = secrets.iterator().next();
assertEquals(contactId, s.getContactId());
assertEquals(transportId, s.getTransportId());
assertEquals(period, s.getPeriod());
assertArrayEquals(secret, s.getSecret());
assertEquals(outgoing, s.getOutgoingStreamCounter());
assertEquals(centre, s.getWindowCentre());
assertArrayEquals(bitmap, s.getWindowBitmap());
// Update the reordering window and retrieve the secret again
// Update the reordering window and retrieve the transport keys
random.nextBytes(bitmap);
db.setReorderingWindow(txn, contactId, transportId, period, centre,
bitmap);
secrets = db.getSecrets(txn);
assertEquals(1, secrets.size());
s = secrets.iterator().next();
assertEquals(contactId, s.getContactId());
assertEquals(transportId, s.getTransportId());
assertEquals(period, s.getPeriod());
assertArrayEquals(secret, s.getSecret());
assertEquals(outgoing, s.getOutgoingStreamCounter());
assertEquals(centre, s.getWindowCentre());
assertArrayEquals(bitmap, s.getWindowBitmap());
// Updating a nonexistent window should not throw an exception
db.setReorderingWindow(txn, contactId, transportId, period + 1, 1,
bitmap);
// The nonexistent window should not have been created
secrets = db.getSecrets(txn);
assertEquals(1, secrets.size());
s = secrets.iterator().next();
assertEquals(contactId, s.getContactId());
assertEquals(transportId, s.getTransportId());
assertEquals(period, s.getPeriod());
assertArrayEquals(secret, s.getSecret());
assertEquals(outgoing, s.getOutgoingStreamCounter());
assertEquals(centre, s.getWindowCentre());
assertArrayEquals(bitmap, s.getWindowBitmap());
db.commitTransaction(txn);
db.close();
}
@Test
public void testEndpoints() throws Exception {
// Create some endpoints
long epoch1 = 123, epoch2 = 234;
int latency1 = 345, latency2 = 456;
boolean alice1 = true, alice2 = false;
TransportId transportId1 = new TransportId("bar");
TransportId transportId2 = new TransportId("baz");
Endpoint ep1 = new Endpoint(contactId, transportId1, epoch1, alice1);
Endpoint ep2 = new Endpoint(contactId, transportId2, epoch2, alice2);
Database<Connection> db = open(false);
Connection txn = db.startTransaction();
// Initially there should be no endpoints in the database
assertEquals(Collections.emptyList(), db.getEndpoints(txn));
// Add the contact, the transports and the endpoints
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.addTransport(txn, transportId1, latency1);
db.addTransport(txn, transportId2, latency2);
db.addEndpoint(txn, ep1);
db.addEndpoint(txn, ep2);
// Retrieve the endpoints
Collection<Endpoint> endpoints = db.getEndpoints(txn);
assertEquals(2, endpoints.size());
boolean foundFirst = false, foundSecond = false;
for (Endpoint ep : endpoints) {
assertEquals(contactId, ep.getContactId());
if (ep.getTransportId().equals(transportId1)) {
assertEquals(epoch1, ep.getEpoch());
assertEquals(alice1, ep.getAlice());
foundFirst = true;
} else if (ep.getTransportId().equals(transportId2)) {
assertEquals(epoch2, ep.getEpoch());
assertEquals(alice2, ep.getAlice());
foundSecond = true;
} else {
fail();
}
}
assertTrue(foundFirst);
assertTrue(foundSecond);
// Removing the contact should remove the endpoints
db.removeContact(txn, contactId);
assertEquals(Collections.emptyList(), db.getEndpoints(txn));
db.setReorderingWindow(txn, contactId, transportId, rotationPeriod,
base + 1, bitmap);
Map<ContactId, TransportKeys> newKeys =
db.getTransportKeys(txn, transportId);
assertEquals(1, newKeys.size());
Entry<ContactId, TransportKeys> e =
newKeys.entrySet().iterator().next();
assertEquals(contactId, e.getKey());
TransportKeys k = e.getValue();
assertEquals(transportId, k.getTransportId());
IncomingKeys inCurr = k.getCurrentIncomingKeys();
assertEquals(rotationPeriod, inCurr.getRotationPeriod());
assertEquals(base + 1, inCurr.getWindowBase());
assertArrayEquals(bitmap, inCurr.getWindowBitmap());
db.commitTransaction(txn);
db.close();
@@ -1431,27 +1262,30 @@ public class H2DatabaseTest extends BriarTestCase {
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
assertEquals(contactId1, db.addContact(txn, author1, localAuthorId));
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId1, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
db.setGroups(txn, contactId1, Collections.singletonList(group), 1);
// The group should be available
assertEquals(Collections.emptyList(), db.getGroups(txn));
assertEquals(Arrays.asList(group), db.getAvailableGroups(txn));
assertEquals(Collections.singletonList(group),
db.getAvailableGroups(txn));
// Subscribe to the group - it should no longer be available
db.addGroup(txn, group);
assertEquals(Arrays.asList(group), db.getGroups(txn));
assertEquals(Collections.singletonList(group), db.getGroups(txn));
assertEquals(Collections.emptyList(), db.getAvailableGroups(txn));
// Unsubscribe from the group - it should be available again
db.removeGroup(txn, groupId);
assertEquals(Collections.emptyList(), db.getGroups(txn));
assertEquals(Arrays.asList(group), db.getAvailableGroups(txn));
assertEquals(Collections.singletonList(group),
db.getAvailableGroups(txn));
// The first contact unsubscribes - it should still be available
db.setGroups(txn, contactId, Collections.<Group>emptyList(), 2);
assertEquals(Collections.emptyList(), db.getGroups(txn));
assertEquals(Arrays.asList(group), db.getAvailableGroups(txn));
assertEquals(Collections.singletonList(group),
db.getAvailableGroups(txn));
// The second contact unsubscribes - it should no longer be available
db.setGroups(txn, contactId1, Collections.<Group>emptyList(), 2);
@@ -1501,9 +1335,8 @@ public class H2DatabaseTest extends BriarTestCase {
db.getInboxMessageHeaders(txn, contactId));
// Add a message to the inbox group - the header should be returned
boolean local = true, seen = false;
db.addMessage(txn, message, local);
db.addStatus(txn, contactId, messageId, false, seen);
db.addMessage(txn, message, true);
db.addStatus(txn, contactId, messageId, false, false);
Collection<MessageHeader> headers =
db.getInboxMessageHeaders(txn, contactId);
assertEquals(1, headers.size());
@@ -1514,7 +1347,7 @@ public class H2DatabaseTest extends BriarTestCase {
assertEquals(localAuthor, header.getAuthor());
assertEquals(contentType, header.getContentType());
assertEquals(timestamp, header.getTimestamp());
assertEquals(local, header.isLocal());
assertEquals(true, header.isLocal());
assertEquals(false, header.isRead());
assertEquals(STORED, header.getStatus());
assertFalse(header.isRead());
@@ -1560,7 +1393,7 @@ public class H2DatabaseTest extends BriarTestCase {
// Add a contact who subscribes to a group
db.addLocalAuthor(txn, localAuthor);
assertEquals(contactId, db.addContact(txn, author, localAuthorId));
db.setGroups(txn, contactId, Arrays.asList(group), 1);
db.setGroups(txn, contactId, Collections.singletonList(group), 1);
// Subscribe to the group and make it visible to the contact
db.addGroup(txn, group);
@@ -1571,7 +1404,7 @@ public class H2DatabaseTest extends BriarTestCase {
db.addStatus(txn, contactId, messageId, false, false);
Collection<MessageId> sendable = db.getMessagesToSend(txn, contactId,
ONE_MEGABYTE);
assertEquals(Arrays.asList(messageId), sendable);
assertEquals(Collections.singletonList(messageId), sendable);
// Mark the message as seen - it should no longer be sendable
db.raiseSeenFlag(txn, contactId, messageId);
@@ -1584,9 +1417,9 @@ public class H2DatabaseTest extends BriarTestCase {
assertEquals(Collections.emptyList(), sendable);
// The contact resubscribes - the message should be sendable again
db.setGroups(txn, contactId, Arrays.asList(group), 3);
db.setGroups(txn, contactId, Collections.singletonList(group), 3);
sendable = db.getMessagesToSend(txn, contactId, ONE_MEGABYTE);
assertEquals(Arrays.asList(messageId), sendable);
assertEquals(Collections.singletonList(messageId), sendable);
db.commitTransaction(txn);
db.close();
@@ -1616,6 +1449,26 @@ public class H2DatabaseTest extends BriarTestCase {
return db;
}
private TransportKeys createTransportKeys() {
SecretKey inPrevTagKey = TestUtils.createSecretKey();
SecretKey inPrevHeaderKey = TestUtils.createSecretKey();
IncomingKeys inPrev = new IncomingKeys(inPrevTagKey, inPrevHeaderKey,
1, 123, new byte[4]);
SecretKey inCurrTagKey = TestUtils.createSecretKey();
SecretKey inCurrHeaderKey = TestUtils.createSecretKey();
IncomingKeys inCurr = new IncomingKeys(inCurrTagKey, inCurrHeaderKey,
2, 234, new byte[4]);
SecretKey inNextTagKey = TestUtils.createSecretKey();
SecretKey inNextHeaderKey = TestUtils.createSecretKey();
IncomingKeys inNext = new IncomingKeys(inNextTagKey, inNextHeaderKey,
3, 345, new byte[4]);
SecretKey outCurrTagKey = TestUtils.createSecretKey();
SecretKey outCurrHeaderKey = TestUtils.createSecretKey();
OutgoingKeys outCurr = new OutgoingKeys(outCurrTagKey, outCurrHeaderKey,
2, 456);
return new TransportKeys(transportId, inPrev, inCurr, inNext, outCurr);
}
@After
public void tearDown() {
TestUtils.deleteTestDirectory(testDir);

61
briar-tests/src/org/briarproject/messaging/SimplexMessagingIntegrationTest.java
View File

@@ -13,7 +13,8 @@ import org.briarproject.api.AuthorId;
import org.briarproject.api.ContactId;
import org.briarproject.api.LocalAuthor;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.KeyManager;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.event.Event;
import org.briarproject.api.event.EventBus;
@@ -29,11 +30,11 @@ import org.briarproject.api.messaging.PacketReader;
import org.briarproject.api.messaging.PacketReaderFactory;
import org.briarproject.api.messaging.PacketWriter;
import org.briarproject.api.messaging.PacketWriterFactory;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.KeyManager;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.StreamReaderFactory;
import org.briarproject.api.transport.StreamWriterFactory;
import org.briarproject.api.transport.TagRecogniser;
import org.briarproject.api.transport.TransportKeys;
import org.briarproject.crypto.CryptoModule;
import org.briarproject.data.DataModule;
import org.briarproject.db.DatabaseModule;
@@ -49,7 +50,7 @@ import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Random;
import java.util.Collections;
import static org.briarproject.api.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
import static org.briarproject.api.messaging.MessagingConstants.GROUP_SALT_LENGTH;
@@ -63,26 +64,18 @@ import static org.junit.Assert.assertTrue;
public class SimplexMessagingIntegrationTest extends BriarTestCase {
private static final int MAX_LATENCY = 2 * 60 * 1000; // 2 minutes
private static final int ROTATION_PERIOD =
MAX_CLOCK_DIFFERENCE + MAX_LATENCY;
private static final long ROTATION_PERIOD_LENGTH =
MAX_LATENCY + MAX_CLOCK_DIFFERENCE;
private final File testDir = TestUtils.getTestDirectory();
private final File aliceDir = new File(testDir, "alice");
private final File bobDir = new File(testDir, "bob");
private final TransportId transportId;
private final byte[] initialSecret;
private final long epoch;
private final TransportId transportId = new TransportId("id");
private final SecretKey master = TestUtils.createSecretKey();
private final long timestamp = System.currentTimeMillis();
private Injector alice, bob;
public SimplexMessagingIntegrationTest() throws Exception {
transportId = new TransportId("id");
// Create matching secrets for Alice and Bob
initialSecret = new byte[32];
new Random().nextBytes(initialSecret);
epoch = System.currentTimeMillis() - 2 * ROTATION_PERIOD;
}
@Before
public void setUp() {
testDir.mkdirs();
@@ -125,14 +118,17 @@ public class SimplexMessagingIntegrationTest extends BriarTestCase {
Group group = gf.createGroup("Group", new byte[GROUP_SALT_LENGTH]);
db.addGroup(group);
db.setInboxGroup(contactId, group);
// Add the transport and the endpoint
// Add the transport
db.addTransport(transportId, MAX_LATENCY);
Endpoint ep = new Endpoint(contactId, transportId, epoch, true);
db.addEndpoint(ep);
keyManager.endpointAdded(ep, MAX_LATENCY, initialSecret);
// Derive and store the transport keys
long rotationPeriod = timestamp / ROTATION_PERIOD_LENGTH;
CryptoComponent crypto = alice.getInstance(CryptoComponent.class);
TransportKeys keys = crypto.deriveTransportKeys(transportId, master,
rotationPeriod, true);
db.addTransportKeys(contactId, keys);
keyManager.contactAdded(contactId, Collections.singletonList(keys));
// Send Bob a message
String contentType = "text/plain";
long timestamp = System.currentTimeMillis();
byte[] body = "Hi Bob!".getBytes("UTF-8");
MessageFactory messageFactory = alice.getInstance(MessageFactory.class);
Message message = messageFactory.createAnonymousMessage(null, group,
@@ -166,7 +162,7 @@ public class SimplexMessagingIntegrationTest extends BriarTestCase {
return out.toByteArray();
}
private void read(byte[] b) throws Exception {
private void read(byte[] stream) throws Exception {
// Open Bob's database
DatabaseComponent db = bob.getInstance(DatabaseComponent.class);
assertFalse(db.open());
@@ -188,21 +184,24 @@ public class SimplexMessagingIntegrationTest extends BriarTestCase {
Group group = gf.createGroup("Group", new byte[GROUP_SALT_LENGTH]);
db.addGroup(group);
db.setInboxGroup(contactId, group);
// Add the transport and the endpoint
// Add the transport
db.addTransport(transportId, MAX_LATENCY);
Endpoint ep = new Endpoint(contactId, transportId, epoch, false);
db.addEndpoint(ep);
keyManager.endpointAdded(ep, MAX_LATENCY, initialSecret);
// Derive and store the transport keys
long rotationPeriod = timestamp / ROTATION_PERIOD_LENGTH;
CryptoComponent crypto = bob.getInstance(CryptoComponent.class);
TransportKeys keys = crypto.deriveTransportKeys(transportId, master,
rotationPeriod, false);
db.addTransportKeys(contactId, keys);
keyManager.contactAdded(contactId, Collections.singletonList(keys));
// Set up an event listener
MessageListener listener = new MessageListener();
bob.getInstance(EventBus.class).addListener(listener);
// Create a tag recogniser and recognise the tag
ByteArrayInputStream in = new ByteArrayInputStream(b);
TagRecogniser rec = bob.getInstance(TagRecogniser.class);
// Read and recognise the tag
ByteArrayInputStream in = new ByteArrayInputStream(stream);
byte[] tag = new byte[TAG_LENGTH];
int read = in.read(tag);
assertEquals(tag.length, read);
StreamContext ctx = rec.recogniseTag(transportId, tag);
StreamContext ctx = keyManager.recogniseTag(transportId, tag);
assertNotNull(ctx);
// Create a stream reader
StreamReaderFactory streamReaderFactory =

592
briar-tests/src/org/briarproject/transport/KeyManagerImplTest.java
View File

@@ -1,600 +1,14 @@
package org.briarproject.transport;
import org.briarproject.BriarTestCase;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.event.EventBus;
import org.briarproject.api.event.EventListener;
import org.briarproject.api.system.Clock;
import org.briarproject.api.system.Timer;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.TagRecogniser;
import org.briarproject.api.transport.TemporarySecret;
import org.jmock.Expectations;
import org.jmock.Mockery;
import org.junit.Test;
import java.util.Arrays;
import java.util.Collections;
import static org.briarproject.api.transport.TransportConstants.MAX_CLOCK_DIFFERENCE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
public class KeyManagerImplTest extends BriarTestCase {
private static final long EPOCH = 1000L * 1000L * 1000L * 1000L;
private static final int MAX_LATENCY = 2 * 60 * 1000; // 2 minutes
private static final int ROTATION_PERIOD =
MAX_CLOCK_DIFFERENCE + MAX_LATENCY;
private final ContactId contactId;
private final TransportId transportId;
private final byte[] secret0, secret1, secret2, secret3, secret4;
private final byte[] initialSecret;
public KeyManagerImplTest() {
contactId = new ContactId(234);
transportId = new TransportId("id");
secret0 = new byte[32];
secret1 = new byte[32];
secret2 = new byte[32];
secret3 = new byte[32];
secret4 = new byte[32];
for (int i = 0; i < secret0.length; i++) secret0[i] = 1;
for (int i = 0; i < secret1.length; i++) secret1[i] = 2;
for (int i = 0; i < secret2.length; i++) secret2[i] = 3;
for (int i = 0; i < secret3.length; i++) secret3[i] = 4;
for (int i = 0; i < secret4.length; i++) secret4[i] = 5;
initialSecret = new byte[32];
for (int i = 0; i < initialSecret.length; i++) initialSecret[i] = 123;
}
@Test
public void testStartAndStop() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Collections.emptyList()));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.emptyMap()));
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testEndpointAdded() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The secrets for periods 0 - 2 should be derived
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Collections.emptyList()));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// endpointAdded() during rotation period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(crypto).deriveNextSecret(initialSecret, 0);
will(returnValue(secret0));
oneOf(crypto).deriveNextSecret(secret0, 1);
will(returnValue(secret1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(db).addSecrets(Arrays.asList(s0, s1, s2));
// The secrets for periods 0 - 2 should be added to the recogniser
oneOf(tagRecogniser).addSecret(s0);
oneOf(tagRecogniser).addSecret(s1);
oneOf(tagRecogniser).addSecret(s2);
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.endpointAdded(ep, MAX_LATENCY, initialSecret);
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testEndpointAddedAndGetConnectionContext() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The secrets for periods 0 - 2 should be derived
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Collections.emptyList()));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// endpointAdded() during rotation period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(crypto).deriveNextSecret(initialSecret, 0);
will(returnValue(secret0));
oneOf(crypto).deriveNextSecret(secret0, 1);
will(returnValue(secret1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(db).addSecrets(Arrays.asList(s0, s1, s2));
// The secrets for periods 0 - 2 should be added to the recogniser
oneOf(tagRecogniser).addSecret(s0);
oneOf(tagRecogniser).addSecret(s1);
oneOf(tagRecogniser).addSecret(s2);
// getConnectionContext()
oneOf(db).incrementStreamCounter(contactId, transportId, 1);
will(returnValue(0L));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.endpointAdded(ep, MAX_LATENCY, initialSecret);
StreamContext ctx =
keyManager.getStreamContext(contactId, transportId);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(transportId, ctx.getTransportId());
assertArrayEquals(secret1, ctx.getSecret());
assertEquals(0, ctx.getStreamNumber());
assertEquals(true, ctx.getAlice());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAtEpoch() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the epoch, the start of period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
// The secrets for periods 0 - 2 should be added to the recogniser
oneOf(tagRecogniser).addSecret(s0);
oneOf(tagRecogniser).addSecret(s1);
oneOf(tagRecogniser).addSecret(s2);
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAtStartOfPeriod2() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
// The secret for period 3 should be derived and stored
final TemporarySecret s3 = new TemporarySecret(ep, 3, secret3);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the start of period 2
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH + ROTATION_PERIOD));
// The secret for period 3 should be derived and stored
oneOf(crypto).deriveNextSecret(secret0, 1);
will(returnValue(secret1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(crypto).deriveNextSecret(secret2, 3);
will(returnValue(secret3));
oneOf(db).addSecrets(Arrays.asList(s3));
// The secrets for periods 1 - 3 should be added to the recogniser
oneOf(tagRecogniser).addSecret(s1);
oneOf(tagRecogniser).addSecret(s2);
oneOf(tagRecogniser).addSecret(s3);
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAtEndOfPeriod3() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
// The secrets for periods 3 and 4 should be derived and stored
final TemporarySecret s3 = new TemporarySecret(ep, 3, secret3);
final TemporarySecret s4 = new TemporarySecret(ep, 4, secret4);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the end of period 3
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH + 3 * ROTATION_PERIOD - 1));
// The secrets for periods 3 and 4 should be derived from secret 1
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(crypto).deriveNextSecret(secret2, 3);
will(returnValue(secret3));
oneOf(crypto).deriveNextSecret(secret3, 4);
will(returnValue(secret4));
// The new secrets should be stored
oneOf(db).addSecrets(Arrays.asList(s3, s4));
// The secrets for periods 2 - 4 should be added to the recogniser
oneOf(tagRecogniser).addSecret(s2);
oneOf(tagRecogniser).addSecret(s3);
oneOf(tagRecogniser).addSecret(s4);
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAndRotateInSamePeriod() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the epoch, the start of period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
// The secrets for periods 0 - 2 should be added to the recogniser
oneOf(tagRecogniser).addSecret(s0);
oneOf(tagRecogniser).addSecret(s1);
oneOf(tagRecogniser).addSecret(s2);
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// run() during period 1: the secrets should not be affected
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH + 1));
// getConnectionContext()
oneOf(db).incrementStreamCounter(contactId, transportId, 1);
will(returnValue(0L));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.run();
StreamContext ctx =
keyManager.getStreamContext(contactId, transportId);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(transportId, ctx.getTransportId());
assertArrayEquals(secret1, ctx.getSecret());
assertEquals(0, ctx.getStreamNumber());
assertEquals(true, ctx.getAlice());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAndRotateInNextPeriod() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
// The secret for period 3 should be derived and stored
final TemporarySecret s3 = new TemporarySecret(ep, 3, secret3);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the epoch, the start of period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
// The secrets for periods 0 - 2 should be added to the recogniser
oneOf(tagRecogniser).addSecret(s0);
oneOf(tagRecogniser).addSecret(s1);
oneOf(tagRecogniser).addSecret(s2);
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// run() during period 2: the secrets should be rotated
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH + ROTATION_PERIOD + 1));
oneOf(crypto).deriveNextSecret(secret0, 1);
will(returnValue(secret1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(crypto).deriveNextSecret(secret2, 3);
will(returnValue(secret3));
oneOf(tagRecogniser).removeSecret(contactId, transportId, 0);
oneOf(db).addSecrets(Arrays.asList(s3));
oneOf(tagRecogniser).addSecret(s3);
// getConnectionContext()
oneOf(db).incrementStreamCounter(contactId, transportId, 2);
will(returnValue(0L));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.run();
StreamContext ctx =
keyManager.getStreamContext(contactId, transportId);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(transportId, ctx.getTransportId());
assertArrayEquals(secret2, ctx.getSecret());
assertEquals(0, ctx.getStreamNumber());
assertEquals(true, ctx.getAlice());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAndRotateAWholePeriodLate() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final TagRecogniser tagRecogniser = context.mock(TagRecogniser.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
// The secrets for periods 3 and 4 should be derived and stored
final TemporarySecret s3 = new TemporarySecret(ep, 3, secret3);
final TemporarySecret s4 = new TemporarySecret(ep, 4, secret4);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the epoch, the start of period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
// The secrets for periods 0 - 2 should be added to the recogniser
oneOf(tagRecogniser).addSecret(s0);
oneOf(tagRecogniser).addSecret(s1);
oneOf(tagRecogniser).addSecret(s2);
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// run() during period 3 (late): the secrets should be rotated
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH + 2 * ROTATION_PERIOD + 1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(crypto).deriveNextSecret(secret2, 3);
will(returnValue(secret3));
oneOf(crypto).deriveNextSecret(secret3, 4);
will(returnValue(secret4));
oneOf(tagRecogniser).removeSecret(contactId, transportId, 0);
oneOf(tagRecogniser).removeSecret(contactId, transportId, 1);
oneOf(db).addSecrets(Arrays.asList(s3, s4));
oneOf(tagRecogniser).addSecret(s3);
oneOf(tagRecogniser).addSecret(s4);
// getConnectionContext()
oneOf(db).incrementStreamCounter(contactId, transportId, 3);
will(returnValue(0L));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
oneOf(tagRecogniser).removeSecrets();
}});
assertTrue(keyManager.start());
keyManager.run();
StreamContext ctx =
keyManager.getStreamContext(contactId, transportId);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(transportId, ctx.getTransportId());
assertArrayEquals(secret3, ctx.getSecret());
assertEquals(0, ctx.getStreamNumber());
assertEquals(true, ctx.getAlice());
keyManager.stop();
context.assertIsSatisfied();
public void testUnitTestsExist() {
fail(); // FIXME: Write tests
}
}

772
briar-tests/src/org/briarproject/transport/KeyRotationIntegrationTest.java
View File

@@ -1,772 +0,0 @@
package org.briarproject.transport;
import org.briarproject.BriarTestCase;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.event.EventBus;
import org.briarproject.api.event.EventListener;
import org.briarproject.api.system.Clock;
import org.briarproject.api.system.Timer;
import org.briarproject.api.transport.Endpoint;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.TagRecogniser;
import org.briarproject.api.transport.TemporarySecret;
import org.briarproject.util.ByteUtils;
import org.hamcrest.Description;
import org.jmock.Expectations;
import org.jmock.Mockery;
import org.jmock.api.Action;
import org.jmock.api.Invocation;
import org.junit.Test;
import java.util.Arrays;
import java.util.Collections;
import static org.briarproject.api.transport.TransportConstants.MAX_CLOCK_DIFFERENCE;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
public class KeyRotationIntegrationTest extends BriarTestCase {
private static final long EPOCH = 1000L * 1000L * 1000L * 1000L;
private static final int MAX_LATENCY = 2 * 60 * 1000; // 2 minutes
private static final int ROTATION_PERIOD =
MAX_CLOCK_DIFFERENCE + MAX_LATENCY;
private final ContactId contactId;
private final TransportId transportId;
private final byte[] secret0, secret1, secret2, secret3, secret4;
private final byte[] key0, key1, key2, key3, key4;
private final SecretKey k0, k1, k2, k3, k4;
private final byte[] initialSecret;
public KeyRotationIntegrationTest() {
contactId = new ContactId(234);
transportId = new TransportId("id");
secret0 = new byte[32];
secret1 = new byte[32];
secret2 = new byte[32];
secret3 = new byte[32];
secret4 = new byte[32];
for (int i = 0; i < secret0.length; i++) secret0[i] = 1;
for (int i = 0; i < secret1.length; i++) secret1[i] = 2;
for (int i = 0; i < secret2.length; i++) secret2[i] = 3;
for (int i = 0; i < secret3.length; i++) secret3[i] = 4;
for (int i = 0; i < secret4.length; i++) secret4[i] = 5;
key0 = new byte[32];
key1 = new byte[32];
key2 = new byte[32];
key3 = new byte[32];
key4 = new byte[32];
k0 = new SecretKey(key0);
k1 = new SecretKey(key1);
k2 = new SecretKey(key2);
k3 = new SecretKey(key3);
k4 = new SecretKey(key4);
for (int i = 0; i < key0.length; i++) key0[i] = 1;
for (int i = 0; i < key1.length; i++) key1[i] = 2;
for (int i = 0; i < key2.length; i++) key2[i] = 3;
for (int i = 0; i < key3.length; i++) key3[i] = 4;
for (int i = 0; i < key4.length; i++) key4[i] = 5;
initialSecret = new byte[32];
for (int i = 0; i < initialSecret.length; i++) initialSecret[i] = 123;
}
@Test
public void testStartAndStop() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final TagRecogniser tagRecogniser = new TagRecogniserImpl(crypto, db);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Collections.emptyList()));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.emptyMap()));
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// stop()
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
}});
assertTrue(keyManager.start());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testEndpointAdded() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final TagRecogniser tagRecogniser = new TagRecogniserImpl(crypto, db);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The secrets for periods 0 - 2 should be derived
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Collections.emptyList()));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// endpointAdded() during rotation period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(crypto).deriveNextSecret(initialSecret, 0);
will(returnValue(secret0));
oneOf(crypto).deriveNextSecret(secret0, 1);
will(returnValue(secret1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(db).addSecrets(Arrays.asList(s0, s1, s2));
// The recogniser should derive the tags for period 0
oneOf(crypto).deriveTagKey(secret0, false);
will(returnValue(k0));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k0),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// stop()
// The recogniser should derive the tags for period 0
oneOf(crypto).deriveTagKey(secret0, false);
will(returnValue(k0));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k0),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// Remove the listener and stop the timer
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
}});
assertTrue(keyManager.start());
keyManager.endpointAdded(ep, MAX_LATENCY, initialSecret);
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testEndpointAddedAndGetConnectionContext() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final TagRecogniser tagRecogniser = new TagRecogniserImpl(crypto, db);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The secrets for periods 0 - 2 should be derived
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Collections.emptyList()));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// endpointAdded() during rotation period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(crypto).deriveNextSecret(initialSecret, 0);
will(returnValue(secret0));
oneOf(crypto).deriveNextSecret(secret0, 1);
will(returnValue(secret1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(db).addSecrets(Arrays.asList(s0, s1, s2));
// The recogniser should derive the tags for period 0
oneOf(crypto).deriveTagKey(secret0, false);
will(returnValue(k0));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k0),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// getConnectionContext()
oneOf(db).incrementStreamCounter(contactId, transportId, 1);
will(returnValue(0L));
// stop()
// The recogniser should derive the tags for period 0
oneOf(crypto).deriveTagKey(secret0, false);
will(returnValue(k0));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k0),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// Remove the listener and stop the timer
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
}});
assertTrue(keyManager.start());
keyManager.endpointAdded(ep, MAX_LATENCY, initialSecret);
StreamContext ctx =
keyManager.getStreamContext(contactId, transportId);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(transportId, ctx.getTransportId());
assertArrayEquals(secret1, ctx.getSecret());
assertEquals(0, ctx.getStreamNumber());
assertEquals(true, ctx.getAlice());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testEndpointAddedAndAcceptConnection() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final TagRecogniser tagRecogniser = new TagRecogniserImpl(crypto, db);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The secrets for periods 0 - 2 should be derived
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Collections.emptyList()));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// endpointAdded() during rotation period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
oneOf(crypto).deriveNextSecret(initialSecret, 0);
will(returnValue(secret0));
oneOf(crypto).deriveNextSecret(secret0, 1);
will(returnValue(secret1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(db).addSecrets(Arrays.asList(s0, s1, s2));
// The recogniser should derive the tags for period 0
oneOf(crypto).deriveTagKey(secret0, false);
will(returnValue(k0));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k0),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// acceptConnection()
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with(16L));
will(new EncodeTagAction());
oneOf(db).setReorderingWindow(contactId, transportId, 2, 1,
new byte[] {0, 1, 0, 0});
// stop()
// The recogniser should derive the tags for period 0
oneOf(crypto).deriveTagKey(secret0, false);
will(returnValue(k0));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k0),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the updated tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 1; i < 17; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// Remove the listener and stop the timer
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
}});
assertTrue(keyManager.start());
keyManager.endpointAdded(ep, MAX_LATENCY, initialSecret);
// Recognise the tag for connection 0 in period 2
byte[] tag = new byte[TAG_LENGTH];
encodeTag(tag, key2, 0);
StreamContext ctx = tagRecogniser.recogniseTag(transportId, tag);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(transportId, ctx.getTransportId());
assertArrayEquals(secret2, ctx.getSecret());
assertEquals(0, ctx.getStreamNumber());
assertEquals(true, ctx.getAlice());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAtEpoch() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final TagRecogniser tagRecogniser = new TagRecogniserImpl(crypto, db);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the epoch, the start of period 1
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH));
// The recogniser should derive the tags for period 0
oneOf(crypto).deriveTagKey(secret0, false);
will(returnValue(k0));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k0),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// Start the timer
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// stop()
// The recogniser should remove the tags for period 0
oneOf(crypto).deriveTagKey(secret0, false);
will(returnValue(k0));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k0),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// Remove the listener and stop the timer
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
}});
assertTrue(keyManager.start());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAtStartOfPeriod2() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final TagRecogniser tagRecogniser = new TagRecogniserImpl(crypto, db);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
// The secret for period 3 should be derived and stored
final TemporarySecret s3 = new TemporarySecret(ep, 3, secret3);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the start of period 2
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH + ROTATION_PERIOD));
// The secret for period 3 should be derived and stored
oneOf(crypto).deriveNextSecret(secret0, 1);
will(returnValue(secret1));
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(crypto).deriveNextSecret(secret2, 3);
will(returnValue(secret3));
oneOf(db).addSecrets(Arrays.asList(s3));
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 3
oneOf(crypto).deriveTagKey(secret3, false);
will(returnValue(k3));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k3),
with((long) i));
will(new EncodeTagAction());
}
// Start the timer
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// stop()
// The recogniser should derive the tags for period 1
oneOf(crypto).deriveTagKey(secret1, false);
will(returnValue(k1));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k1),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should remove the tags for period 3
oneOf(crypto).deriveTagKey(secret3, false);
will(returnValue(k3));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k3),
with((long) i));
will(new EncodeTagAction());
}
// Remove the listener and stop the timer
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
}});
assertTrue(keyManager.start());
keyManager.stop();
context.assertIsSatisfied();
}
@Test
public void testLoadSecretsAtEndOfPeriod3() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final DatabaseComponent db = context.mock(DatabaseComponent.class);
final EventBus eventBus = context.mock(EventBus.class);
final Clock clock = context.mock(Clock.class);
final Timer timer = context.mock(Timer.class);
final TagRecogniser tagRecogniser = new TagRecogniserImpl(crypto, db);
final KeyManagerImpl keyManager = new KeyManagerImpl(crypto, db,
eventBus, tagRecogniser, clock, timer);
// The DB contains the secrets for periods 0 - 2
Endpoint ep = new Endpoint(contactId, transportId, EPOCH, true);
final TemporarySecret s0 = new TemporarySecret(ep, 0, secret0);
final TemporarySecret s1 = new TemporarySecret(ep, 1, secret1);
final TemporarySecret s2 = new TemporarySecret(ep, 2, secret2);
// The secrets for periods 3 and 4 should be derived and stored
final TemporarySecret s3 = new TemporarySecret(ep, 3, secret3);
final TemporarySecret s4 = new TemporarySecret(ep, 4, secret4);
context.checking(new Expectations() {{
// start()
oneOf(eventBus).addListener(with(any(EventListener.class)));
oneOf(db).getSecrets();
will(returnValue(Arrays.asList(s0, s1, s2)));
oneOf(db).getTransportLatencies();
will(returnValue(Collections.singletonMap(transportId,
MAX_LATENCY)));
// The current time is the end of period 3
oneOf(clock).currentTimeMillis();
will(returnValue(EPOCH + 3 * ROTATION_PERIOD - 1));
// The secrets for periods 3 and 4 should be derived from secret 1
oneOf(crypto).deriveNextSecret(secret1, 2);
will(returnValue(secret2));
oneOf(crypto).deriveNextSecret(secret2, 3);
will(returnValue(secret3));
oneOf(crypto).deriveNextSecret(secret3, 4);
will(returnValue(secret4));
// The new secrets should be stored
oneOf(db).addSecrets(Arrays.asList(s3, s4));
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 3
oneOf(crypto).deriveTagKey(secret3, false);
will(returnValue(k3));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k3),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 4
oneOf(crypto).deriveTagKey(secret4, false);
will(returnValue(k4));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k4),
with((long) i));
will(new EncodeTagAction());
}
// Start the timer
oneOf(timer).scheduleAtFixedRate(with(keyManager),
with(any(long.class)), with(any(long.class)));
// stop()
// The recogniser should derive the tags for period 2
oneOf(crypto).deriveTagKey(secret2, false);
will(returnValue(k2));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k2),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should remove the tags for period 3
oneOf(crypto).deriveTagKey(secret3, false);
will(returnValue(k3));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k3),
with((long) i));
will(new EncodeTagAction());
}
// The recogniser should derive the tags for period 4
oneOf(crypto).deriveTagKey(secret4, false);
will(returnValue(k4));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(k4),
with((long) i));
will(new EncodeTagAction());
}
// Remove the listener and stop the timer
oneOf(eventBus).removeListener(with(any(EventListener.class)));
oneOf(timer).cancel();
}});
assertTrue(keyManager.start());
keyManager.stop();
context.assertIsSatisfied();
}
private void encodeTag(byte[] tag, byte[] rawKey, long streamNumber) {
// Encode a fake tag based on the key and stream number
System.arraycopy(rawKey, 0, tag, 0, tag.length);
ByteUtils.writeUint32(streamNumber, tag, 0);
}
private class EncodeTagAction implements Action {
public void describeTo(Description description) {
description.appendText("Encodes a tag");
}
public Object invoke(Invocation invocation) throws Throwable {
byte[] tag = (byte[]) invocation.getParameter(0);
SecretKey key = (SecretKey) invocation.getParameter(1);
long streamNumber = (Long) invocation.getParameter(2);
encodeTag(tag, key.getBytes(), streamNumber);
return null;
}
}
}

219
briar-tests/src/org/briarproject/transport/ReorderingWindowTest.java
View File

@@ -1,5 +1,10 @@
package org.briarproject.transport;
import org.briarproject.BriarTestCase;
import org.briarproject.api.transport.TransportConstants;
import org.briarproject.transport.ReorderingWindow.Change;
import org.junit.Assert;
import org.junit.Test;
import org.briarproject.BriarTestCase;
import org.junit.Test;
@@ -13,148 +18,102 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.util.Arrays;
import java.util.Collections;
import java.util.Random;
import static org.briarproject.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
import static org.junit.Assert.assertArrayEquals;
public class ReorderingWindowTest extends BriarTestCase {
@Test
public void testWindowSliding() {
ReorderingWindow w = new ReorderingWindow();
for (int i = 0; i < 100; i++) {
assertFalse(w.isSeen(i));
w.setSeen(i);
assertTrue(w.isSeen(i));
}
}
@Test
public void testWindowJumping() {
ReorderingWindow w = new ReorderingWindow();
for (int i = 0; i < 100; i += 13) {
assertFalse(w.isSeen(i));
w.setSeen(i);
assertTrue(w.isSeen(i));
}
}
@Test
public void testWindowUpperLimit() {
ReorderingWindow w = new ReorderingWindow();
// Centre is 0, highest value in window is 15
w.setSeen(15);
// Centre is 16, highest value in window is 31
w.setSeen(31);
try {
// Centre is 32, highest value in window is 47
w.setSeen(48);
fail();
} catch (IllegalArgumentException expected) {}
// Centre is max - 1, highest value in window is max
public void testBitmapConversion() {
Random random = new Random();
byte[] bitmap = new byte[REORDERING_WINDOW_SIZE / 8];
w = new ReorderingWindow(MAX_32_BIT_UNSIGNED - 1, bitmap);
assertFalse(w.isSeen(MAX_32_BIT_UNSIGNED - 1));
assertFalse(w.isSeen(MAX_32_BIT_UNSIGNED));
// Values greater than max should never be allowed
try {
w.setSeen(MAX_32_BIT_UNSIGNED + 1);
fail();
} catch (IllegalArgumentException expected) {}
w.setSeen(MAX_32_BIT_UNSIGNED);
assertTrue(w.isSeen(MAX_32_BIT_UNSIGNED));
// Centre should have moved to max + 1
assertEquals(MAX_32_BIT_UNSIGNED + 1, w.getCentre());
// The bit corresponding to max should be set
byte[] expectedBitmap = new byte[REORDERING_WINDOW_SIZE / 8];
expectedBitmap[expectedBitmap.length / 2 - 1] = 1; // 00000001
assertArrayEquals(expectedBitmap, w.getBitmap());
// Values greater than max should never be allowed even if centre > max
try {
w.setSeen(MAX_32_BIT_UNSIGNED + 1);
fail();
} catch (IllegalArgumentException expected) {}
for (int i = 0; i < 1000; i++) {
random.nextBytes(bitmap);
ReorderingWindow window = new ReorderingWindow(0L, bitmap);
assertArrayEquals(bitmap, window.getBitmap());
}
}
@Test
public void testWindowLowerLimit() {
ReorderingWindow w = new ReorderingWindow();
// Centre is 0, negative values should never be allowed
try {
w.setSeen(-1);
fail();
} catch (IllegalArgumentException expected) {}
// Slide the window
w.setSeen(15);
// Centre is 16, lowest value in window is 0
w.setSeen(0);
// Slide the window
w.setSeen(16);
// Centre is 17, lowest value in window is 1
w.setSeen(1);
try {
w.setSeen(0);
fail();
} catch (IllegalArgumentException expected) {}
// Slide the window
w.setSeen(25);
// Centre is 26, lowest value in window is 10
w.setSeen(10);
try {
w.setSeen(9);
fail();
} catch (IllegalArgumentException expected) {}
// Centre should still be 26
assertEquals(26, w.getCentre());
// The bits corresponding to 10, 15, 16 and 25 should be set
byte[] expectedBitmap = new byte[REORDERING_WINDOW_SIZE / 8];
expectedBitmap[0] = (byte) 134; // 10000110
expectedBitmap[1] = 1; // 00000001
assertArrayEquals(expectedBitmap, w.getBitmap());
public void testWindowSlidesWhenFirstElementIsSeen() {
byte[] bitmap = new byte[REORDERING_WINDOW_SIZE / 8];
ReorderingWindow window = new ReorderingWindow(0L, bitmap);
// Set the first element seen
Change change = window.setSeen(0L);
// The window should slide by one element
assertEquals(1L, window.getBase());
assertEquals(Collections.singletonList((long) REORDERING_WINDOW_SIZE), change.getAdded());
assertEquals(Collections.singletonList(0L), change.getRemoved());
// All elements in the window should be unseen
assertArrayEquals(bitmap, window.getBitmap());
}
@Test
public void testCannotSetSeenTwice() {
ReorderingWindow w = new ReorderingWindow();
w.setSeen(15);
try {
w.setSeen(15);
fail();
} catch (IllegalArgumentException expected) {}
public void testWindowDoesNotSlideWhenElementBelowMidpointIsSeen() {
byte[] bitmap = new byte[REORDERING_WINDOW_SIZE / 8];
ReorderingWindow window = new ReorderingWindow(0L, bitmap);
// Set an element below the midpoint seen
Change change = window.setSeen(1L);
// The window should not slide
assertEquals(0L, window.getBase());
assertEquals(Collections.emptyList(), change.getAdded());
assertEquals(Collections.singletonList(1L), change.getRemoved());
// The second element in the window should be seen
bitmap[0] = 0x40; // 0100 0000
assertArrayEquals(bitmap, window.getBitmap());
}
@Test
public void testGetUnseenStreamNumbers() {
ReorderingWindow w = new ReorderingWindow();
// Centre is 0; window should cover 0 to 15, inclusive, with none seen
Collection<Long> unseen = w.getUnseen();
assertEquals(16, unseen.size());
for (int i = 0; i < 16; i++) {
assertTrue(unseen.contains(Long.valueOf(i)));
assertFalse(w.isSeen(i));
}
w.setSeen(3);
w.setSeen(4);
// Centre is 5; window should cover 0 to 20, inclusive, with two seen
unseen = w.getUnseen();
assertEquals(19, unseen.size());
for (int i = 0; i < 21; i++) {
if (i == 3 || i == 4) {
assertFalse(unseen.contains(Long.valueOf(i)));
assertTrue(w.isSeen(i));
} else {
assertTrue(unseen.contains(Long.valueOf(i)));
assertFalse(w.isSeen(i));
}
}
w.setSeen(19);
// Centre is 20; window should cover 4 to 35, inclusive, with two seen
unseen = w.getUnseen();
assertEquals(30, unseen.size());
for (int i = 4; i < 36; i++) {
if (i == 4 || i == 19) {
assertFalse(unseen.contains(Long.valueOf(i)));
assertTrue(w.isSeen(i));
} else {
assertTrue(unseen.contains(Long.valueOf(i)));
assertFalse(w.isSeen(i));
}
}
public void testWindowSlidesWhenElementAboveMidpointIsSeen() {
byte[] bitmap = new byte[REORDERING_WINDOW_SIZE / 8];
ReorderingWindow window = new ReorderingWindow(0, bitmap);
long aboveMidpoint = REORDERING_WINDOW_SIZE / 2;
// Set an element above the midpoint seen
Change change = window.setSeen(aboveMidpoint);
// The window should slide by one element
assertEquals(1L, window.getBase());
assertEquals(Collections.singletonList((long) REORDERING_WINDOW_SIZE), change.getAdded());
assertEquals(Arrays.asList(0L, aboveMidpoint), change.getRemoved());
// The highest element below the midpoint should be seen
bitmap[bitmap.length / 2 - 1] = (byte) 0x01; // 0000 0001
assertArrayEquals(bitmap, window.getBitmap());
}
@Test
public void testWindowSlidesUntilLowestElementIsUnseenWhenFirstElementIsSeen() {
byte[] bitmap = new byte[REORDERING_WINDOW_SIZE / 8];
ReorderingWindow window = new ReorderingWindow(0L, bitmap);
window.setSeen(1L);
// Set the first element seen
Change change = window.setSeen(0L);
// The window should slide by two elements
assertEquals(2L, window.getBase());
assertEquals(Arrays.asList((long) REORDERING_WINDOW_SIZE,
(long) (REORDERING_WINDOW_SIZE + 1)), change.getAdded());
assertEquals(Collections.singletonList(0L), change.getRemoved());
// All elements in the window should be unseen
assertArrayEquals(bitmap, window.getBitmap());
}
@Test
public void testWindowSlidesUntilLowestElementIsUnseenWhenElementAboveMidpointIsSeen() {
byte[] bitmap = new byte[REORDERING_WINDOW_SIZE / 8];
ReorderingWindow window = new ReorderingWindow(0L, bitmap);
window.setSeen(1L);
long aboveMidpoint = REORDERING_WINDOW_SIZE / 2;
// Set an element above the midpoint seen
Change change = window.setSeen(aboveMidpoint);
// The window should slide by two elements
assertEquals(2L, window.getBase());
assertEquals(Arrays.asList((long) REORDERING_WINDOW_SIZE,
(long) (REORDERING_WINDOW_SIZE + 1)), change.getAdded());
assertEquals(Arrays.asList(0L, aboveMidpoint), change.getRemoved());
// The second-highest element below the midpoint should be seen
bitmap[bitmap.length / 2 - 1] = (byte) 0x02; // 0000 0010
assertArrayEquals(bitmap, window.getBitmap());
}
}

14
briar-tests/src/org/briarproject/transport/TransportKeyManagerTest.java Normal file
View File

@@ -0,0 +1,14 @@
package org.briarproject.transport;
import org.briarproject.BriarTestCase;
import org.junit.Test;
import static org.junit.Assert.fail;
public class TransportKeyManagerTest extends BriarTestCase {
@Test
public void testUnitTestsExist() {
fail(); // FIXME: Write tests
}
}

130
briar-tests/src/org/briarproject/transport/TransportTagRecogniserTest.java
View File

@@ -1,130 +0,0 @@
package org.briarproject.transport;
import org.briarproject.BriarTestCase;
import org.briarproject.api.ContactId;
import org.briarproject.api.TransportId;
import org.briarproject.api.crypto.CryptoComponent;
import org.briarproject.api.crypto.SecretKey;
import org.briarproject.api.db.DatabaseComponent;
import org.briarproject.api.transport.StreamContext;
import org.briarproject.api.transport.TemporarySecret;
import org.briarproject.util.ByteUtils;
import org.hamcrest.Description;
import org.jmock.Expectations;
import org.jmock.Mockery;
import org.jmock.api.Action;
import org.jmock.api.Invocation;
import org.junit.Test;
import java.util.Random;
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
public class TransportTagRecogniserTest extends BriarTestCase {
private final ContactId contactId = new ContactId(234);
private final TransportId transportId = new TransportId("id");
private final SecretKey tagKey = new SecretKey(new byte[32]);
@Test
public void testAddAndRemoveSecret() {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final byte[] secret = new byte[32];
new Random().nextBytes(secret);
final boolean alice = false;
final DatabaseComponent db = context.mock(DatabaseComponent.class);
context.checking(new Expectations() {{
// Add secret
oneOf(crypto).deriveTagKey(secret, !alice);
will(returnValue(tagKey));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(tagKey),
with((long) i));
will(new EncodeTagAction());
}
// Remove secret
oneOf(crypto).deriveTagKey(secret, !alice);
will(returnValue(tagKey));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(tagKey),
with((long) i));
will(new EncodeTagAction());
}
}});
TemporarySecret s = new TemporarySecret(contactId, transportId, 123,
alice, 0, secret, 0, 0, new byte[4]);
TransportTagRecogniser recogniser =
new TransportTagRecogniser(crypto, db, transportId);
recogniser.addSecret(s);
recogniser.removeSecret(contactId, 0);
context.assertIsSatisfied();
}
@Test
public void testRecogniseTag() throws Exception {
Mockery context = new Mockery();
final CryptoComponent crypto = context.mock(CryptoComponent.class);
final byte[] secret = new byte[32];
new Random().nextBytes(secret);
final boolean alice = false;
final DatabaseComponent db = context.mock(DatabaseComponent.class);
context.checking(new Expectations() {{
// Add secret
oneOf(crypto).deriveTagKey(secret, !alice);
will(returnValue(tagKey));
for (int i = 0; i < 16; i++) {
oneOf(crypto).encodeTag(with(any(byte[].class)), with(tagKey),
with((long) i));
will(new EncodeTagAction());
}
// Recognise tag 0
oneOf(crypto).deriveTagKey(secret, !alice);
will(returnValue(tagKey));
// The window should slide to include tag 16
oneOf(crypto).encodeTag(with(any(byte[].class)), with(tagKey),
with(16L));
will(new EncodeTagAction());
// The updated window should be stored
oneOf(db).setReorderingWindow(contactId, transportId, 0, 1,
new byte[] {0, 1, 0, 0});
// Recognise tag again - no expectations
}});
TemporarySecret s = new TemporarySecret(contactId, transportId, 123,
alice, 0, secret, 0, 0, new byte[4]);
TransportTagRecogniser recogniser =
new TransportTagRecogniser(crypto, db, transportId);
recogniser.addSecret(s);
// Tag 0 should be expected
byte[] tag = new byte[TAG_LENGTH];
StreamContext ctx = recogniser.recogniseTag(tag);
assertNotNull(ctx);
assertEquals(contactId, ctx.getContactId());
assertEquals(transportId, ctx.getTransportId());
assertArrayEquals(secret, ctx.getSecret());
assertEquals(0, ctx.getStreamNumber());
assertEquals(alice, ctx.getAlice());
// Tag 0 should not be expected again
assertNull(recogniser.recogniseTag(tag));
context.assertIsSatisfied();
}
private static class EncodeTagAction implements Action {
public void describeTo(Description description) {
description.appendText("Encodes a tag");
}
public Object invoke(Invocation invocation) throws Throwable {
byte[] tag = (byte[]) invocation.getParameter(0);
long streamNumber = (Long) invocation.getParameter(2);
// Encode a fake tag based on the stream number
ByteUtils.writeUint32(streamNumber, tag, 0);
return null;
}
}
}