mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-15 04:18:53 +01:00
Moved stream crypto to crypto component.
This commit is contained in:
akwizgran
@@ -14,6 +14,8 @@ import javax.inject.Singleton;
|
||||
import org.briarproject.api.crypto.CryptoComponent;
|
||||
import org.briarproject.api.crypto.CryptoExecutor;
|
||||
import org.briarproject.api.crypto.PasswordStrengthEstimator;
|
||||
import org.briarproject.api.crypto.StreamDecrypterFactory;
|
||||
import org.briarproject.api.crypto.StreamEncrypterFactory;
|
||||
import org.briarproject.api.lifecycle.LifecycleManager;
|
||||
|
||||
import com.google.inject.AbstractModule;
|
||||
@@ -44,6 +46,8 @@ public class CryptoModule extends AbstractModule {
|
||||
CryptoComponentImpl.class).in(Singleton.class);
|
||||
bind(PasswordStrengthEstimator.class).to(
|
||||
PasswordStrengthEstimatorImpl.class);
|
||||
bind(StreamDecrypterFactory.class).to(StreamDecrypterFactoryImpl.class);
|
||||
bind(StreamEncrypterFactory.class).to(StreamEncrypterFactoryImpl.class);
|
||||
}
|
||||
|
||||
@Provides @Singleton @CryptoExecutor
|
||||
|
||||
54
briar-core/src/org/briarproject/crypto/FrameEncoder.java
Normal file
54
briar-core/src/org/briarproject/crypto/FrameEncoder.java
Normal file
@@ -0,0 +1,54 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
|
||||
|
||||
import org.briarproject.util.ByteUtils;
|
||||
|
||||
class FrameEncoder {
|
||||
|
||||
static void encodeIv(byte[] iv, long frameNumber) {
|
||||
if(iv.length < IV_LENGTH) throw new IllegalArgumentException();
|
||||
if(frameNumber < 0 || frameNumber > MAX_32_BIT_UNSIGNED)
|
||||
throw new IllegalArgumentException();
|
||||
ByteUtils.writeUint32(frameNumber, iv, 0);
|
||||
for(int i = 4; i < IV_LENGTH; i++) iv[i] = 0;
|
||||
}
|
||||
|
||||
static void encodeAad(byte[] aad, long frameNumber, int plaintextLength) {
|
||||
if(aad.length < AAD_LENGTH) throw new IllegalArgumentException();
|
||||
if(frameNumber < 0 || frameNumber > MAX_32_BIT_UNSIGNED)
|
||||
throw new IllegalArgumentException();
|
||||
if(plaintextLength < HEADER_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
if(plaintextLength > MAX_FRAME_LENGTH - MAC_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
ByteUtils.writeUint32(frameNumber, aad, 0);
|
||||
ByteUtils.writeUint16(plaintextLength, aad, 4);
|
||||
}
|
||||
|
||||
static void encodeHeader(byte[] header, boolean finalFrame,
|
||||
int payloadLength) {
|
||||
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
|
||||
if(payloadLength < 0)
|
||||
throw new IllegalArgumentException();
|
||||
if(payloadLength > MAX_FRAME_LENGTH - HEADER_LENGTH - MAC_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
ByteUtils.writeUint16(payloadLength, header, 0);
|
||||
if(finalFrame) header[0] |= 0x80;
|
||||
}
|
||||
|
||||
static boolean isFinalFrame(byte[] header) {
|
||||
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
|
||||
return (header[0] & 0x80) == 0x80;
|
||||
}
|
||||
|
||||
static int getPayloadLength(byte[] header) {
|
||||
if(header.length < HEADER_LENGTH) throw new IllegalArgumentException();
|
||||
return ByteUtils.readUint16(header, 0) & 0x7FFF;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import java.io.InputStream;
|
||||
|
||||
import javax.inject.Inject;
|
||||
|
||||
import org.briarproject.api.crypto.CryptoComponent;
|
||||
import org.briarproject.api.crypto.SecretKey;
|
||||
import org.briarproject.api.crypto.StreamDecrypter;
|
||||
import org.briarproject.api.crypto.StreamDecrypterFactory;
|
||||
import org.briarproject.api.transport.StreamContext;
|
||||
|
||||
class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
|
||||
|
||||
private final CryptoComponent crypto;
|
||||
|
||||
@Inject
|
||||
StreamDecrypterFactoryImpl(CryptoComponent crypto) {
|
||||
this.crypto = crypto;
|
||||
}
|
||||
|
||||
public StreamDecrypter createStreamDecrypter(InputStream in,
|
||||
int maxFrameLength, StreamContext ctx) {
|
||||
byte[] secret = ctx.getSecret();
|
||||
long streamNumber = ctx.getStreamNumber();
|
||||
boolean alice = !ctx.getAlice();
|
||||
// Derive the frame key
|
||||
SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
|
||||
// Create the decrypter
|
||||
return new StreamDecrypterImpl(in, crypto.getFrameCipher(), frameKey,
|
||||
maxFrameLength);
|
||||
}
|
||||
|
||||
public StreamDecrypter createInvitationStreamDecrypter(InputStream in,
|
||||
int maxFrameLength, byte[] secret, boolean alice) {
|
||||
// Derive the frame key
|
||||
SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
|
||||
// Create the decrypter
|
||||
return new StreamDecrypterImpl(in, crypto.getFrameCipher(), frameKey,
|
||||
maxFrameLength);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,87 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
|
||||
import java.io.EOFException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
import org.briarproject.api.FormatException;
|
||||
import org.briarproject.api.crypto.AuthenticatedCipher;
|
||||
import org.briarproject.api.crypto.SecretKey;
|
||||
import org.briarproject.api.crypto.StreamDecrypter;
|
||||
|
||||
class StreamDecrypterImpl implements StreamDecrypter {
|
||||
|
||||
private final InputStream in;
|
||||
private final AuthenticatedCipher frameCipher;
|
||||
private final SecretKey frameKey;
|
||||
private final byte[] iv, aad, plaintext, ciphertext;
|
||||
private final int frameLength;
|
||||
|
||||
private long frameNumber;
|
||||
private boolean finalFrame;
|
||||
|
||||
StreamDecrypterImpl(InputStream in, AuthenticatedCipher frameCipher,
|
||||
SecretKey frameKey, int frameLength) {
|
||||
this.in = in;
|
||||
this.frameCipher = frameCipher;
|
||||
this.frameKey = frameKey;
|
||||
this.frameLength = frameLength;
|
||||
iv = new byte[IV_LENGTH];
|
||||
aad = new byte[AAD_LENGTH];
|
||||
plaintext = new byte[frameLength - MAC_LENGTH];
|
||||
ciphertext = new byte[frameLength];
|
||||
frameNumber = 0;
|
||||
finalFrame = false;
|
||||
}
|
||||
|
||||
public int readFrame(byte[] payload) throws IOException {
|
||||
if(finalFrame) return -1;
|
||||
// Read the frame
|
||||
int ciphertextLength = 0;
|
||||
try {
|
||||
while(ciphertextLength < frameLength) {
|
||||
int read = in.read(ciphertext, ciphertextLength,
|
||||
frameLength - ciphertextLength);
|
||||
if(read == -1) break; // We'll check the length later
|
||||
ciphertextLength += read;
|
||||
}
|
||||
} catch(IOException e) {
|
||||
frameKey.erase();
|
||||
throw e;
|
||||
}
|
||||
int plaintextLength = ciphertextLength - MAC_LENGTH;
|
||||
if(plaintextLength < HEADER_LENGTH) throw new EOFException();
|
||||
// Decrypt and authenticate the frame
|
||||
FrameEncoder.encodeIv(iv, frameNumber);
|
||||
FrameEncoder.encodeAad(aad, frameNumber, plaintextLength);
|
||||
try {
|
||||
frameCipher.init(false, frameKey, iv, aad);
|
||||
int decrypted = frameCipher.doFinal(ciphertext, 0, ciphertextLength,
|
||||
plaintext, 0);
|
||||
if(decrypted != plaintextLength) throw new RuntimeException();
|
||||
} catch(GeneralSecurityException e) {
|
||||
throw new FormatException();
|
||||
}
|
||||
// Decode and validate the header
|
||||
finalFrame = FrameEncoder.isFinalFrame(plaintext);
|
||||
if(!finalFrame && ciphertextLength < frameLength)
|
||||
throw new FormatException();
|
||||
int payloadLength = FrameEncoder.getPayloadLength(plaintext);
|
||||
if(payloadLength > plaintextLength - HEADER_LENGTH)
|
||||
throw new FormatException();
|
||||
// If there's any padding it must be all zeroes
|
||||
for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++) {
|
||||
if(plaintext[i] != 0) throw new FormatException();
|
||||
}
|
||||
frameNumber++;
|
||||
// Copy the payload
|
||||
System.arraycopy(plaintext, HEADER_LENGTH, payload, 0, payloadLength);
|
||||
return payloadLength;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,49 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
|
||||
|
||||
import java.io.OutputStream;
|
||||
|
||||
import javax.inject.Inject;
|
||||
|
||||
import org.briarproject.api.crypto.CryptoComponent;
|
||||
import org.briarproject.api.crypto.SecretKey;
|
||||
import org.briarproject.api.crypto.StreamEncrypter;
|
||||
import org.briarproject.api.crypto.StreamEncrypterFactory;
|
||||
import org.briarproject.api.transport.StreamContext;
|
||||
|
||||
class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
|
||||
|
||||
private final CryptoComponent crypto;
|
||||
|
||||
@Inject
|
||||
StreamEncrypterFactoryImpl(CryptoComponent crypto) {
|
||||
this.crypto = crypto;
|
||||
}
|
||||
|
||||
public StreamEncrypter createStreamEncrypter(OutputStream out,
|
||||
int maxFrameLength, StreamContext ctx) {
|
||||
byte[] secret = ctx.getSecret();
|
||||
long streamNumber = ctx.getStreamNumber();
|
||||
boolean alice = ctx.getAlice();
|
||||
// Encode the tag
|
||||
byte[] tag = new byte[TAG_LENGTH];
|
||||
SecretKey tagKey = crypto.deriveTagKey(secret, alice);
|
||||
crypto.encodeTag(tag, tagKey, streamNumber);
|
||||
tagKey.erase();
|
||||
// Derive the frame key
|
||||
SecretKey frameKey = crypto.deriveFrameKey(secret, streamNumber, alice);
|
||||
// Create the encrypter
|
||||
return new StreamEncrypterImpl(out, crypto.getFrameCipher(), frameKey,
|
||||
maxFrameLength, tag);
|
||||
}
|
||||
|
||||
public StreamEncrypter createInvitationStreamEncrypter(OutputStream out,
|
||||
int maxFrameLength, byte[] secret, boolean alice) {
|
||||
// Derive the frame key
|
||||
SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
|
||||
// Create the encrypter
|
||||
return new StreamEncrypterImpl(out, crypto.getFrameCipher(), frameKey,
|
||||
maxFrameLength, null);
|
||||
}
|
||||
}
|
||||
106
briar-core/src/org/briarproject/crypto/StreamEncrypterImpl.java
Normal file
106
briar-core/src/org/briarproject/crypto/StreamEncrypterImpl.java
Normal file
@@ -0,0 +1,106 @@
|
||||
package org.briarproject.crypto;
|
||||
|
||||
import static org.briarproject.api.transport.TransportConstants.AAD_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.HEADER_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.IV_LENGTH;
|
||||
import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static org.briarproject.util.ByteUtils.MAX_32_BIT_UNSIGNED;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
import org.briarproject.api.crypto.AuthenticatedCipher;
|
||||
import org.briarproject.api.crypto.SecretKey;
|
||||
import org.briarproject.api.crypto.StreamEncrypter;
|
||||
|
||||
class StreamEncrypterImpl implements StreamEncrypter {
|
||||
|
||||
private final OutputStream out;
|
||||
private final AuthenticatedCipher frameCipher;
|
||||
private final SecretKey frameKey;
|
||||
private final byte[] tag, iv, aad, plaintext, ciphertext;
|
||||
private final int frameLength;
|
||||
|
||||
private long frameNumber;
|
||||
private boolean writeTag;
|
||||
|
||||
StreamEncrypterImpl(OutputStream out, AuthenticatedCipher frameCipher,
|
||||
SecretKey frameKey, int frameLength, byte[] tag) {
|
||||
this.out = out;
|
||||
this.frameCipher = frameCipher;
|
||||
this.frameKey = frameKey;
|
||||
this.frameLength = frameLength;
|
||||
this.tag = tag;
|
||||
iv = new byte[IV_LENGTH];
|
||||
aad = new byte[AAD_LENGTH];
|
||||
plaintext = new byte[frameLength - MAC_LENGTH];
|
||||
ciphertext = new byte[frameLength];
|
||||
frameNumber = 0;
|
||||
writeTag = (tag != null);
|
||||
}
|
||||
|
||||
public void writeFrame(byte[] payload, int payloadLength,
|
||||
boolean finalFrame) throws IOException {
|
||||
if(frameNumber > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
|
||||
// Write the tag if required
|
||||
if(writeTag) {
|
||||
try {
|
||||
out.write(tag, 0, tag.length);
|
||||
} catch(IOException e) {
|
||||
frameKey.erase();
|
||||
throw e;
|
||||
}
|
||||
writeTag = false;
|
||||
}
|
||||
// Don't pad the final frame
|
||||
int plaintextLength, ciphertextLength;
|
||||
if(finalFrame) {
|
||||
plaintextLength = HEADER_LENGTH + payloadLength;
|
||||
ciphertextLength = plaintextLength + MAC_LENGTH;
|
||||
} else {
|
||||
plaintextLength = frameLength - MAC_LENGTH;
|
||||
ciphertextLength = frameLength;
|
||||
}
|
||||
// Encode the header
|
||||
FrameEncoder.encodeHeader(plaintext, finalFrame, payloadLength);
|
||||
// Copy the payload
|
||||
System.arraycopy(payload, 0, plaintext, HEADER_LENGTH, payloadLength);
|
||||
// If there's any padding it must all be zeroes
|
||||
for(int i = HEADER_LENGTH + payloadLength; i < plaintextLength; i++)
|
||||
plaintext[i] = 0;
|
||||
// Encrypt and authenticate the frame
|
||||
FrameEncoder.encodeIv(iv, frameNumber);
|
||||
FrameEncoder.encodeAad(aad, frameNumber, plaintextLength);
|
||||
try {
|
||||
frameCipher.init(true, frameKey, iv, aad);
|
||||
int encrypted = frameCipher.doFinal(plaintext, 0, plaintextLength,
|
||||
ciphertext, 0);
|
||||
if(encrypted != ciphertextLength) throw new RuntimeException();
|
||||
} catch(GeneralSecurityException badCipher) {
|
||||
throw new RuntimeException(badCipher);
|
||||
}
|
||||
// Write the frame
|
||||
try {
|
||||
out.write(ciphertext, 0, ciphertextLength);
|
||||
} catch(IOException e) {
|
||||
frameKey.erase();
|
||||
throw e;
|
||||
}
|
||||
frameNumber++;
|
||||
}
|
||||
|
||||
public void flush() throws IOException {
|
||||
// Write the tag if required
|
||||
if(writeTag) {
|
||||
try {
|
||||
out.write(tag, 0, tag.length);
|
||||
} catch(IOException e) {
|
||||
frameKey.erase();
|
||||
throw e;
|
||||
}
|
||||
writeTag = false;
|
||||
}
|
||||
out.flush();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user