Moved stream crypto to crypto component.

briar-core/src/org/briarproject/crypto/CryptoModule.java

@@ -14,6 +14,8 @@ import javax.inject.Singleton;
 import org.briarproject.api.crypto.CryptoComponent;
 import org.briarproject.api.crypto.CryptoExecutor;
 import org.briarproject.api.crypto.PasswordStrengthEstimator;
+import org.briarproject.api.crypto.StreamDecrypterFactory;
+import org.briarproject.api.crypto.StreamEncrypterFactory;
 import org.briarproject.api.lifecycle.LifecycleManager;
 
 import com.google.inject.AbstractModule;
@@ -44,6 +46,8 @@ public class CryptoModule extends AbstractModule {
 				CryptoComponentImpl.class).in(Singleton.class);
 		bind(PasswordStrengthEstimator.class).to(
 				PasswordStrengthEstimatorImpl.class);
+		bind(StreamDecrypterFactory.class).to(StreamDecrypterFactoryImpl.class);
+		bind(StreamEncrypterFactory.class).to(StreamEncrypterFactoryImpl.class);
 	}
 
 	@Provides @Singleton @CryptoExecutor

briar-core/src/org/briarproject/crypto/FrameEncoder.java

@@ -1,4 +1,4 @@
-package org.briarproject.transport;
+package org.briarproject.crypto;
 
 import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
 import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;

briar-core/src/org/briarproject/crypto/StreamDecrypterFactoryImpl.java

@@ -0,0 +1,42 @@
+package org.briarproject.crypto;
+
+import java.io.InputStream;
+
+import javax.inject.Inject;
+
+import org.briarproject.api.crypto.CryptoComponent;
+import org.briarproject.api.crypto.SecretKey;
+import org.briarproject.api.crypto.StreamDecrypter;
+import org.briarproject.api.crypto.StreamDecrypterFactory;
+import org.briarproject.api.transport.StreamContext;
+
+class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
+
+	private final CryptoComponent crypto;
+
+	@Inject
+	StreamDecrypterFactoryImpl(CryptoComponent crypto) {
+		this.crypto = crypto;
+	}
+
+	public StreamDecrypter createStreamDecrypter(InputStream in,
+			int maxFrameLength, StreamContext ctx) {
+		byte[] secret = ctx.getSecret();
+		long streamNumber = ctx.getStreamNumber();
+		boolean alice = !ctx.getAlice();
+		// Derive the frame key
+		SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
+		// Create the decrypter
+		return new StreamDecrypterImpl(in, crypto.getFrameCipher(), frameKey,
+				maxFrameLength);
+	}
+
+	public StreamDecrypter createInvitationStreamDecrypter(InputStream in,
+			int maxFrameLength, byte[] secret, boolean alice) {
+		// Derive the frame key
+		SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
+		// Create the decrypter
+		return new StreamDecrypterImpl(in, crypto.getFrameCipher(), frameKey,
+				maxFrameLength);
+	}
+}

briar-core/src/org/briarproject/crypto/StreamDecrypterImpl.java

@@ -1,4 +1,4 @@
-package org.briarproject.transport;
+package org.briarproject.crypto;
 
 import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
 import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
@@ -13,19 +13,20 @@ import java.security.GeneralSecurityException;
 import org.briarproject.api.FormatException;
 import org.briarproject.api.crypto.AuthenticatedCipher;
 import org.briarproject.api.crypto.SecretKey;
+import org.briarproject.api.crypto.StreamDecrypter;
 
-class IncomingEncryptionLayer implements FrameReader {
+class StreamDecrypterImpl implements StreamDecrypter {
 
 	private final InputStream in;
 	private final AuthenticatedCipher frameCipher;
 	private final SecretKey frameKey;
-	private final byte[] iv, aad, ciphertext;
+	private final byte[] iv, aad, plaintext, ciphertext;
 	private final int frameLength;
 
 	private long frameNumber;
 	private boolean finalFrame;
 
-	IncomingEncryptionLayer(InputStream in, AuthenticatedCipher frameCipher,
+	StreamDecrypterImpl(InputStream in, AuthenticatedCipher frameCipher,
 			SecretKey frameKey, int frameLength) {
 		this.in = in;
 		this.frameCipher = frameCipher;
@@ -33,12 +34,13 @@ class IncomingEncryptionLayer implements FrameReader {
 		this.frameLength = frameLength;
 		iv = new byte[IV_LENGTH];
 		aad = new byte[AAD_LENGTH];
+		plaintext = new byte[frameLength - MAC_LENGTH];
 		ciphertext = new byte[frameLength];
 		frameNumber = 0;
 		finalFrame = false;
 	}
 
-	public int readFrame(byte[] frame) throws IOException {
+	public int readFrame(byte[] payload) throws IOException {
 		if(finalFrame) return -1;
 		// Read the frame
 		int ciphertextLength = 0;
@@ -61,23 +63,25 @@ class IncomingEncryptionLayer implements FrameReader {
 		try {
 			frameCipher.init(false, frameKey, iv, aad);
 			int decrypted = frameCipher.doFinal(ciphertext, 0, ciphertextLength,
-					frame, 0);
+					plaintext, 0);
 			if(decrypted != plaintextLength) throw new RuntimeException();
 		} catch(GeneralSecurityException e) {
 			throw new FormatException();
 		}
 		// Decode and validate the header
-		finalFrame = FrameEncoder.isFinalFrame(frame);
+		finalFrame = FrameEncoder.isFinalFrame(plaintext);
 		if(!finalFrame && ciphertextLength < frameLength)
 			throw new FormatException();
-		int payloadLength = FrameEncoder.getPayloadLength(frame);
+		int payloadLength = FrameEncoder.getPayloadLength(plaintext);
 		if(payloadLength > plaintextLength - HEADER_LENGTH)
 			throw new FormatException();
 		// If there's any padding it must be all zeroes
 		for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++) {
-			if(frame[i] != 0) throw new FormatException();
+			if(plaintext[i] != 0) throw new FormatException();
 		}
 		frameNumber++;
+		// Copy the payload
+		System.arraycopy(plaintext, HEADER_LENGTH, payload, 0, payloadLength);
 		return payloadLength;
 	}
 }

briar-core/src/org/briarproject/crypto/StreamEncrypterFactoryImpl.java

@@ -0,0 +1,49 @@
+package org.briarproject.crypto;
+
+import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
+
+import java.io.OutputStream;
+
+import javax.inject.Inject;
+
+import org.briarproject.api.crypto.CryptoComponent;
+import org.briarproject.api.crypto.SecretKey;
+import org.briarproject.api.crypto.StreamEncrypter;
+import org.briarproject.api.crypto.StreamEncrypterFactory;
+import org.briarproject.api.transport.StreamContext;
+
+class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
+
+	private final CryptoComponent crypto;
+
+	@Inject
+	StreamEncrypterFactoryImpl(CryptoComponent crypto) {
+		this.crypto = crypto;
+	}
+
+	public StreamEncrypter createStreamEncrypter(OutputStream out,
+			int maxFrameLength, StreamContext ctx) {
+		byte[] secret = ctx.getSecret();
+		long streamNumber = ctx.getStreamNumber();
+		boolean alice = ctx.getAlice();
+		// Encode the tag
+		byte[] tag = new byte[TAG_LENGTH];
+		SecretKey tagKey = crypto.deriveTagKey(secret, alice);
+		crypto.encodeTag(tag, tagKey, streamNumber);
+		tagKey.erase();
+		// Derive the frame key
+		SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
+		// Create the encrypter
+		return new StreamEncrypterImpl(out, crypto.getFrameCipher(), frameKey,
+				maxFrameLength, tag);
+	}
+
+	public StreamEncrypter createInvitationStreamEncrypter(OutputStream out,
+			int maxFrameLength, byte[] secret, boolean alice) {
+		// Derive the frame key
+		SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
+		// Create the encrypter
+		return new StreamEncrypterImpl(out, crypto.getFrameCipher(), frameKey,
+				maxFrameLength, null);
+	}
+}

briar-core/src/org/briarproject/crypto/StreamEncrypterImpl.java

@@ -1,4 +1,4 @@
-package org.briarproject.transport;
+package org.briarproject.crypto;
 
 import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
 import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
@@ -12,19 +12,20 @@ import java.security.GeneralSecurityException;
 
 import org.briarproject.api.crypto.AuthenticatedCipher;
 import org.briarproject.api.crypto.SecretKey;
+import org.briarproject.api.crypto.StreamEncrypter;
 
-class OutgoingEncryptionLayer implements FrameWriter {
+class StreamEncrypterImpl implements StreamEncrypter {
 
 	private final OutputStream out;
 	private final AuthenticatedCipher frameCipher;
 	private final SecretKey frameKey;
-	private final byte[] tag, iv, aad, ciphertext;
+	private final byte[] tag, iv, aad, plaintext, ciphertext;
 	private final int frameLength;
 
 	private long frameNumber;
 	private boolean writeTag;
 
-	OutgoingEncryptionLayer(OutputStream out, AuthenticatedCipher frameCipher,
+	StreamEncrypterImpl(OutputStream out, AuthenticatedCipher frameCipher,
 			SecretKey frameKey, int frameLength, byte[] tag) {
 		this.out = out;
 		this.frameCipher = frameCipher;
@@ -33,13 +34,14 @@ class OutgoingEncryptionLayer implements FrameWriter {
 		this.tag = tag;
 		iv = new byte[IV_LENGTH];
 		aad = new byte[AAD_LENGTH];
+		plaintext = new byte[frameLength - MAC_LENGTH];
 		ciphertext = new byte[frameLength];
 		frameNumber = 0;
 		writeTag = (tag != null);
 	}
 
-	public void writeFrame(byte[] frame, int payloadLength, boolean finalFrame)
-			throws IOException {
+	public void writeFrame(byte[] payload, int payloadLength,
+			boolean finalFrame) throws IOException {
 		if(frameNumber > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
 		// Write the tag if required
 		if(writeTag) {
@@ -51,8 +53,6 @@ class OutgoingEncryptionLayer implements FrameWriter {
 			}
 			writeTag = false;
 		}
-		// Encode the header
-		FrameEncoder.encodeHeader(frame, finalFrame, payloadLength);
 		// Don't pad the final frame
 		int plaintextLength, ciphertextLength;
 		if(finalFrame) {
@@ -62,16 +62,19 @@ class OutgoingEncryptionLayer implements FrameWriter {
 			plaintextLength = frameLength - MAC_LENGTH;
 			ciphertextLength = frameLength;
 		}
+		// Encode the header
+		FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength);
+		// Copy the payload
+		System.arraycopy(payload, 0, plaintext, HEADER_LENGTH, payloadLength);
 		// If there's any padding it must all be zeroes
-		for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++) {
-			frame[i] = 0;
-		}
+		for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++)
+			plaintext[i] = 0;
 		// Encrypt and authenticate the frame
 		FrameEncoder.encodeIv(iv, frameNumber);
 		FrameEncoder.encodeAad(aad, frameNumber, plaintextLength);
 		try {
 			frameCipher.init(true, frameKey, iv, aad);
-			int encrypted = frameCipher.doFinal(frame, 0, plaintextLength,
+			int encrypted = frameCipher.doFinal(plaintext, 0, plaintextLength,
 					ciphertext, 0);
 			if(encrypted != ciphertextLength) throw new RuntimeException();
 		} catch(GeneralSecurityException badCipher) {

briar-core/src/org/briarproject/invitation/AliceConnector.java

@@ -29,9 +29,7 @@ import org.briarproject.api.serial.ReaderFactory;
 import org.briarproject.api.serial.Writer;
 import org.briarproject.api.serial.WriterFactory;
 import org.briarproject.api.system.Clock;
-import org.briarproject.api.transport.StreamReader;
 import org.briarproject.api.transport.StreamReaderFactory;
-import org.briarproject.api.transport.StreamWriter;
 import org.briarproject.api.transport.StreamWriterFactory;
 
 /** A connection thread for the peer being Alice in the invitation protocol. */
@@ -51,9 +49,9 @@ class AliceConnector extends Connector {
 			Map<TransportId, TransportProperties> localProps,
 			PseudoRandom random) {
 		super(crypto, db, readerFactory, writerFactory, streamReaderFactory,
-				streamWriterFactory, authorFactory, groupFactory,
-				keyManager, connectionManager, clock, reuseConnection, group,
-				plugin, localAuthor, localProps, random);
+				streamWriterFactory, authorFactory, groupFactory, keyManager,
+				connectionManager, clock, reuseConnection, group, plugin,
+				localAuthor, localProps, random);
 	}
 
 	@Override
@@ -131,14 +129,16 @@ class AliceConnector extends Connector {
 		if(LOG.isLoggable(INFO))
 			LOG.info(pluginName + " confirmation succeeded");
 		int maxFrameLength = conn.getReader().getMaxFrameLength();
-		StreamReader streamReader =
+		// Create the readers
+		InputStream streamReader =
 				streamReaderFactory.createInvitationStreamReader(in,
 						maxFrameLength, secret, false); // Bob's stream
-		r = readerFactory.createReader(streamReader.getInputStream());
-		StreamWriter streamWriter =
+		r = readerFactory.createReader(streamReader);
+		// Create the writers
+		OutputStream streamWriter =
 				streamWriterFactory.createInvitationStreamWriter(out,
 						maxFrameLength, secret, true); // Alice's stream
-		w = writerFactory.createWriter(streamWriter.getOutputStream());
+		w = writerFactory.createWriter(streamWriter);
 		// Derive the invitation nonces
 		byte[][] nonces = crypto.deriveInvitationNonces(secret);
 		byte[] aliceNonce = nonces[0], bobNonce = nonces[1];

briar-core/src/org/briarproject/invitation/BobConnector.java

@@ -29,9 +29,7 @@ import org.briarproject.api.serial.ReaderFactory;
 import org.briarproject.api.serial.Writer;
 import org.briarproject.api.serial.WriterFactory;
 import org.briarproject.api.system.Clock;
-import org.briarproject.api.transport.StreamReader;
 import org.briarproject.api.transport.StreamReaderFactory;
-import org.briarproject.api.transport.StreamWriter;
 import org.briarproject.api.transport.StreamWriterFactory;
 
 /** A connection thread for the peer being Bob in the invitation protocol. */
@@ -51,9 +49,9 @@ class BobConnector extends Connector {
 			Map<TransportId, TransportProperties> localProps,
 			PseudoRandom random) {
 		super(crypto, db, readerFactory, writerFactory, streamReaderFactory,
-				streamWriterFactory, authorFactory, groupFactory,
-				keyManager, connectionManager, clock, reuseConnection, group,
-				plugin, localAuthor, localProps, random);
+				streamWriterFactory, authorFactory, groupFactory, keyManager,
+				connectionManager, clock, reuseConnection, group, plugin,
+				localAuthor, localProps, random);
 	}
 
 	@Override
@@ -131,14 +129,16 @@ class BobConnector extends Connector {
 		if(LOG.isLoggable(INFO))
 			LOG.info(pluginName + " confirmation succeeded");
 		int maxFrameLength = conn.getReader().getMaxFrameLength();
-		StreamReader streamReader =
+		// Create the readers
+		InputStream streamReader =
 				streamReaderFactory.createInvitationStreamReader(in,
 						maxFrameLength, secret, true); // Alice's stream
-		r = readerFactory.createReader(streamReader.getInputStream());
-		StreamWriter streamWriter =
+		r = readerFactory.createReader(streamReader);
+		// Create the writers
+		OutputStream streamWriter =
 				streamWriterFactory.createInvitationStreamWriter(out,
 						maxFrameLength, secret, false); // Bob's stream
-		w = writerFactory.createWriter(streamWriter.getOutputStream());
+		w = writerFactory.createWriter(streamWriter);
 		// Derive the nonces
 		byte[][] nonces = crypto.deriveInvitationNonces(secret);
 		byte[] aliceNonce = nonces[0], bobNonce = nonces[1];

briar-core/src/org/briarproject/plugins/ConnectionManagerImpl.java

@@ -6,6 +6,7 @@ import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
 import java.io.EOFException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
 import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
@@ -24,9 +25,7 @@ import org.briarproject.api.plugins.TransportConnectionReader;
 import org.briarproject.api.plugins.TransportConnectionWriter;
 import org.briarproject.api.plugins.duplex.DuplexTransportConnection;
 import org.briarproject.api.transport.StreamContext;
-import org.briarproject.api.transport.StreamReader;
 import org.briarproject.api.transport.StreamReaderFactory;
-import org.briarproject.api.transport.StreamWriter;
 import org.briarproject.api.transport.StreamWriterFactory;
 import org.briarproject.api.transport.TagRecogniser;
 import org.briarproject.util.ByteUtils;
@@ -97,11 +96,10 @@ class ConnectionManagerImpl implements ConnectionManager {
 	private MessagingSession createIncomingSession(StreamContext ctx,
 			TransportConnectionReader r) throws IOException {
 		try {
-			StreamReader streamReader = streamReaderFactory.createStreamReader(
+			InputStream streamReader = streamReaderFactory.createStreamReader(
 					r.getInputStream(), r.getMaxFrameLength(), ctx);
 			return messagingSessionFactory.createIncomingSession(
-					ctx.getContactId(), ctx.getTransportId(),
-					streamReader.getInputStream());
+					ctx.getContactId(), ctx.getTransportId(), streamReader);
 		} finally {
 			ByteUtils.erase(ctx.getSecret());
 		}
@@ -110,11 +108,11 @@ class ConnectionManagerImpl implements ConnectionManager {
 	private MessagingSession createSimplexOutgoingSession(StreamContext ctx,
 			TransportConnectionWriter w) throws IOException {
 		try {
-			StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+			OutputStream streamWriter = streamWriterFactory.createStreamWriter(
 					w.getOutputStream(), w.getMaxFrameLength(), ctx);
 			return messagingSessionFactory.createSimplexOutgoingSession(
 					ctx.getContactId(), ctx.getTransportId(), w.getMaxLatency(),
-					streamWriter.getOutputStream());
+					streamWriter);
 		} finally {
 			ByteUtils.erase(ctx.getSecret());
 		}
@@ -123,11 +121,11 @@ class ConnectionManagerImpl implements ConnectionManager {
 	private MessagingSession createDuplexOutgoingSession(StreamContext ctx,
 			TransportConnectionWriter w) throws IOException {
 		try {
-			StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+			OutputStream streamWriter = streamWriterFactory.createStreamWriter(
 					w.getOutputStream(), w.getMaxFrameLength(), ctx);
 			return messagingSessionFactory.createDuplexOutgoingSession(
 					ctx.getContactId(), ctx.getTransportId(), w.getMaxLatency(),
-					w.getMaxIdleTime(), streamWriter.getOutputStream());
+					w.getMaxIdleTime(), streamWriter);
 		} finally {
 			ByteUtils.erase(ctx.getSecret());
 		}

briar-core/src/org/briarproject/transport/FrameReader.java

@@ -1,12 +0,0 @@
-package org.briarproject.transport;
-
-import java.io.IOException;
-
-interface FrameReader {
-
-	/**
-	 * Reads a frame into the given buffer and returns its payload length, or
-	 * -1 if no more frames can be read from the connection.
-	 */
-	int readFrame(byte[] frame) throws IOException;
-}

briar-core/src/org/briarproject/transport/FrameWriter.java

@@ -1,13 +0,0 @@
-package org.briarproject.transport;
-
-import java.io.IOException;
-
-interface FrameWriter {
-
-	/** Writes the given frame. */
-	void writeFrame(byte[] frame, int payloadLength, boolean finalFrame)
-			throws IOException;
-
-	/** Flushes the stream. */
-	void flush() throws IOException;
-}

briar-core/src/org/briarproject/transport/StreamReaderFactoryImpl.java

@@ -4,37 +4,32 @@ import java.io.InputStream;
 
 import javax.inject.Inject;
 
-import org.briarproject.api.crypto.CryptoComponent;
-import org.briarproject.api.crypto.SecretKey;
+import org.briarproject.api.crypto.StreamDecrypter;
+import org.briarproject.api.crypto.StreamDecrypterFactory;
 import org.briarproject.api.transport.StreamContext;
-import org.briarproject.api.transport.StreamReader;
 import org.briarproject.api.transport.StreamReaderFactory;
 
 class StreamReaderFactoryImpl implements StreamReaderFactory {
 
-	private final CryptoComponent crypto;
+	private final StreamDecrypterFactory streamDecrypterFactory;
 
 	@Inject
-	StreamReaderFactoryImpl(CryptoComponent crypto) {
-		this.crypto = crypto;
+	StreamReaderFactoryImpl(StreamDecrypterFactory streamDecrypterFactory) {
+		this.streamDecrypterFactory = streamDecrypterFactory;
 	}
 
-	public StreamReader createStreamReader(InputStream in,
-			int maxFrameLength, StreamContext ctx) {
-		byte[] secret = ctx.getSecret();
-		long streamNumber = ctx.getStreamNumber();
-		boolean alice = !ctx.getAlice();
-		SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
-		FrameReader frameReader = new IncomingEncryptionLayer(in,
-				crypto.getFrameCipher(), frameKey, maxFrameLength);
-		return new StreamReaderImpl(frameReader, maxFrameLength);
+	public InputStream createStreamReader(InputStream in, int maxFrameLength,
+			StreamContext ctx) {
+		StreamDecrypter s = streamDecrypterFactory.createStreamDecrypter(in,
+				maxFrameLength, ctx);
+		return new StreamReaderImpl(s, maxFrameLength);
 	}
 
-	public StreamReader createInvitationStreamReader(InputStream in,
+	public InputStream createInvitationStreamReader(InputStream in,
 			int maxFrameLength, byte[] secret, boolean alice) {
-		SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
-		FrameReader frameReader = new IncomingEncryptionLayer(in,
-				crypto.getFrameCipher(), frameKey, maxFrameLength);
-		return new StreamReaderImpl(frameReader, maxFrameLength);
+		StreamDecrypter s =
+				streamDecrypterFactory.createInvitationStreamDecrypter(in,
+						maxFrameLength, secret, alice);
+		return new StreamReaderImpl(s, maxFrameLength);
 	}
 }

briar-core/src/org/briarproject/transport/StreamReaderImpl.java

@@ -6,22 +6,18 @@ import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
 import java.io.IOException;
 import java.io.InputStream;
 
-import org.briarproject.api.transport.StreamReader;
+import org.briarproject.api.crypto.StreamDecrypter;
 
-class StreamReaderImpl extends InputStream implements StreamReader {
+class StreamReaderImpl extends InputStream {
 
-	private final FrameReader in;
-	private final byte[] frame;
+	private final StreamDecrypter decrypter;
+	private final byte[] payload;
 
 	private int offset = 0, length = 0;
 
-	StreamReaderImpl(FrameReader in, int frameLength) {
-		this.in = in;
-		frame = new byte[frameLength - MAC_LENGTH];
-	}
-
-	public InputStream getInputStream() {
-		return this;
+	StreamReaderImpl(StreamDecrypter decrypter, int frameLength) {
+		this.decrypter = decrypter;
+		payload = new byte[frameLength - HEADER_LENGTH - MAC_LENGTH];
 	}
 
 	@Override
@@ -30,7 +26,7 @@ class StreamReaderImpl extends InputStream implements StreamReader {
 			if(length == -1) return -1;
 			readFrame();
 		}
-		int b = frame[offset] & 0xff;
+		int b = payload[offset] & 0xff;
 		offset++;
 		length--;
 		return b;
@@ -48,7 +44,7 @@ class StreamReaderImpl extends InputStream implements StreamReader {
 			readFrame();
 		}
 		len = Math.min(len, length);
-		System.arraycopy(frame, offset, b, off, len);
+		System.arraycopy(payload, offset, b, off, len);
 		offset += len;
 		length -= len;
 		return len;
@@ -56,7 +52,7 @@ class StreamReaderImpl extends InputStream implements StreamReader {
 
 	private void readFrame() throws IOException {
 		assert length == 0;
-		offset = HEADER_LENGTH;
-		length = in.readFrame(frame);
+		offset = 0;
+		length = decrypter.readFrame(payload);
 	}
 }

briar-core/src/org/briarproject/transport/StreamWriterFactoryImpl.java

@@ -1,46 +1,35 @@
 package org.briarproject.transport;
 
-import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
-
 import java.io.OutputStream;
 
 import javax.inject.Inject;
 
-import org.briarproject.api.crypto.CryptoComponent;
-import org.briarproject.api.crypto.SecretKey;
+import org.briarproject.api.crypto.StreamEncrypter;
+import org.briarproject.api.crypto.StreamEncrypterFactory;
 import org.briarproject.api.transport.StreamContext;
-import org.briarproject.api.transport.StreamWriter;
 import org.briarproject.api.transport.StreamWriterFactory;
 
 class StreamWriterFactoryImpl implements StreamWriterFactory {
 
-	private final CryptoComponent crypto;
+	private final StreamEncrypterFactory streamEncrypterFactory;
 
 	@Inject
-	StreamWriterFactoryImpl(CryptoComponent crypto) {
-		this.crypto = crypto;
+	StreamWriterFactoryImpl(StreamEncrypterFactory streamEncrypterFactory) {
+		this.streamEncrypterFactory = streamEncrypterFactory;
 	}
 
-	public StreamWriter createStreamWriter(OutputStream out,
-			int maxFrameLength, StreamContext ctx) {
-		byte[] secret = ctx.getSecret();
-		long streamNumber = ctx.getStreamNumber();
-		boolean alice = ctx.getAlice();
-		byte[] tag = new byte[TAG_LENGTH];
-		SecretKey tagKey = crypto.deriveTagKey(secret, alice);
-		crypto.encodeTag(tag, tagKey, streamNumber);
-		tagKey.erase();
-		SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
-		FrameWriter frameWriter = new OutgoingEncryptionLayer(out,
-				crypto.getFrameCipher(), frameKey, maxFrameLength, tag);
-		return new StreamWriterImpl(frameWriter, maxFrameLength);
+	public OutputStream createStreamWriter(OutputStream out, int maxFrameLength,
+			StreamContext ctx) {
+		StreamEncrypter s = streamEncrypterFactory.createStreamEncrypter(out,
+				maxFrameLength, ctx);
+		return new StreamWriterImpl(s, maxFrameLength);
 	}
 
-	public StreamWriter createInvitationStreamWriter(OutputStream out,
+	public OutputStream createInvitationStreamWriter(OutputStream out,
 			int maxFrameLength, byte[] secret, boolean alice) {
-		SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
-		FrameWriter frameWriter = new OutgoingEncryptionLayer(out,
-				crypto.getFrameCipher(), frameKey, maxFrameLength, null);
-		return new StreamWriterImpl(frameWriter, maxFrameLength);
+		StreamEncrypter s =
+				streamEncrypterFactory.createInvitationStreamEncrypter(out,
+						maxFrameLength, secret, alice);
+		return new StreamWriterImpl(s, maxFrameLength);
 	}
 }

briar-core/src/org/briarproject/transport/StreamWriterImpl.java

@@ -6,7 +6,7 @@ import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
 import java.io.IOException;
 import java.io.OutputStream;
 
-import org.briarproject.api.transport.StreamWriter;
+import org.briarproject.api.crypto.StreamEncrypter;
 
 /**
  * A {@link org.briarproject.api.transport.StreamWriter StreamWriter} that
@@ -15,43 +15,36 @@ import org.briarproject.api.transport.StreamWriter;
  * <p>
  * This class is not thread-safe.
  */
-class StreamWriterImpl extends OutputStream implements StreamWriter {
+class StreamWriterImpl extends OutputStream {
 
-	private final FrameWriter out;
-	private final byte[] frame;
-	private final int frameLength;
+	private final StreamEncrypter encrypter;
+	private final byte[] payload;
 
 	private int length = 0;
 
-	StreamWriterImpl(FrameWriter out, int frameLength) {
-		this.out = out;
-		this.frameLength = frameLength;
-		frame = new byte[frameLength - MAC_LENGTH];
-	}
-
-	public OutputStream getOutputStream() {
-		return this;
+	StreamWriterImpl(StreamEncrypter encrypter, int maxFrameLength) {
+		this.encrypter = encrypter;
+		payload = new byte[maxFrameLength - HEADER_LENGTH - MAC_LENGTH];
 	}
 
 	@Override
 	public void close() throws IOException {
 		writeFrame(true);
-		out.flush();
+		encrypter.flush();
 		super.close();
 	}
 
 	@Override
 	public void flush() throws IOException {
 		writeFrame(false);
-		out.flush();
+		encrypter.flush();
 	}
 
 	@Override
 	public void write(int b) throws IOException {
-		frame[HEADER_LENGTH + length] = (byte) b;
+		payload[length] = (byte) b;
 		length++;
-		if(HEADER_LENGTH + length + MAC_LENGTH == frameLength)
-			writeFrame(false);
+		if(length == payload.length) writeFrame(false);
 	}
 
 	@Override
@@ -61,21 +54,21 @@ class StreamWriterImpl extends OutputStream implements StreamWriter {
 
 	@Override
 	public void write(byte[] b, int off, int len) throws IOException {
-		int available = frameLength - HEADER_LENGTH - length - MAC_LENGTH;
+		int available = payload.length - length;
 		while(available <= len) {
-			System.arraycopy(b, off, frame, HEADER_LENGTH + length, available);
+			System.arraycopy(b, off, payload, length, available);
 			length += available;
 			writeFrame(false);
 			off += available;
 			len -= available;
-			available = frameLength - HEADER_LENGTH - length - MAC_LENGTH;
+			available = payload.length - length;
 		}
-		System.arraycopy(b, off, frame, HEADER_LENGTH + length, len);
+		System.arraycopy(b, off, payload, length, len);
 		length += len;
 	}
 
 	private void writeFrame(boolean finalFrame) throws IOException {
-		out.writeFrame(frame, length, finalFrame);
+		encrypter.writeFrame(payload, length, finalFrame);
 		length = 0;
 	}
 }