Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-22 23:59:54 +01:00
Code Issues Projects Releases Wiki Activity

Made secret keys erasable from memory.

Browse Source
This commit is contained in:
akwizgran
2011-11-15 14:43:06 +00:00
parent 23be7fd876
commit f41d48eb9f
17 changed files with 135 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
components/net/sf/briar/transport/ConnectionDecrypterImpl.java
View File

@@ -13,7 +13,7 @@ import java.security.InvalidKeyException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import net.sf.briar.api.crypto.ErasableKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
@@ -21,7 +21,7 @@ class ConnectionDecrypterImpl extends FilterInputStream
implements ConnectionDecrypter {
private final Cipher frameCipher;
private final SecretKey frameKey;
private final ErasableKey frameKey;
private final byte[] iv, buf;
private int bufOff = 0, bufLen = 0;
@@ -29,7 +29,7 @@ implements ConnectionDecrypter {
private boolean betweenFrames = true;
ConnectionDecrypterImpl(InputStream in, byte[] iv, Cipher frameCipher,
SecretKey frameKey) {
ErasableKey frameKey) {
super(in);
if(iv.length != IV_LENGTH) throw new IllegalArgumentException();
this.iv = iv;

8
components/net/sf/briar/transport/ConnectionEncrypterImpl.java
View File

@@ -12,22 +12,22 @@ import java.security.InvalidKeyException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import net.sf.briar.api.crypto.ErasableKey;
import javax.crypto.spec.IvParameterSpec;
class ConnectionEncrypterImpl extends FilterOutputStream
implements ConnectionEncrypter {
private final Cipher frameCipher;
private final SecretKey frameKey;
private final ErasableKey frameKey;
private final byte[] iv, encryptedIv;
private long capacity, frame = 0L;
private boolean ivWritten = false, betweenFrames = false;
ConnectionEncrypterImpl(OutputStream out, long capacity, byte[] iv,
Cipher ivCipher, Cipher frameCipher, SecretKey ivKey,
SecretKey frameKey) {
Cipher ivCipher, Cipher frameCipher, ErasableKey ivKey,
ErasableKey frameKey) {
super(out);
this.capacity = capacity;
this.iv = iv;

8
components/net/sf/briar/transport/ConnectionReaderFactoryImpl.java
View File

@@ -7,7 +7,7 @@ import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.crypto.CryptoComponent;
import net.sf.briar.api.protocol.TransportIndex;
@@ -29,7 +29,7 @@ class ConnectionReaderFactoryImpl implements ConnectionReaderFactory {
TransportIndex i, byte[] encryptedIv, byte[] secret) {
// Decrypt the IV
Cipher ivCipher = crypto.getIvCipher();
SecretKey ivKey = crypto.deriveIncomingIvKey(secret);
ErasableKey ivKey = crypto.deriveIncomingIvKey(secret);
byte[] iv;
try {
ivCipher.init(Cipher.DECRYPT_MODE, ivKey);
@@ -60,12 +60,12 @@ class ConnectionReaderFactoryImpl implements ConnectionReaderFactory {
byte[] iv = IvEncoder.encodeIv(initiator, i, connection);
// Create the decrypter
Cipher frameCipher = crypto.getFrameCipher();
SecretKey frameKey = crypto.deriveIncomingFrameKey(secret);
ErasableKey frameKey = crypto.deriveIncomingFrameKey(secret);
ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in, iv,
frameCipher, frameKey);
// Create the reader
Mac mac = crypto.getMac();
SecretKey macKey = crypto.deriveIncomingMacKey(secret);
ErasableKey macKey = crypto.deriveIncomingMacKey(secret);
return new ConnectionReaderImpl(decrypter, mac, macKey);
}
}

4
components/net/sf/briar/transport/ConnectionReaderImpl.java
View File

@@ -11,7 +11,7 @@ import java.security.InvalidKeyException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.FormatException;
import net.sf.briar.api.transport.ConnectionReader;
@@ -30,7 +30,7 @@ implements ConnectionReader {
private boolean betweenFrames = true;
ConnectionReaderImpl(ConnectionDecrypter decrypter, Mac mac,
SecretKey macKey) {
ErasableKey macKey) {
super(decrypter.getInputStream());
this.decrypter = decrypter;
this.mac = mac;

12
components/net/sf/briar/transport/ConnectionRecogniserImpl.java
View File

@@ -14,7 +14,7 @@ import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.Bytes;
import net.sf.briar.api.ContactId;
@@ -75,7 +75,7 @@ DatabaseListener {
}
private synchronized void calculateIvs(ContactId c) throws DbException {
SecretKey ivKey = crypto.deriveIncomingIvKey(db.getSharedSecret(c));
ErasableKey ivKey = crypto.deriveIncomingIvKey(db.getSharedSecret(c));
for(TransportId t : localTransportIds) {
TransportIndex i = db.getRemoteIndex(c, t);
if(i != null) {
@@ -86,7 +86,7 @@ DatabaseListener {
}
private synchronized void calculateIvs(ContactId c, TransportId t,
TransportIndex i, SecretKey ivKey, ConnectionWindow w)
TransportIndex i, ErasableKey ivKey, ConnectionWindow w)
throws DbException {
for(Long unseen : w.getUnseen()) {
Bytes iv = new Bytes(encryptIv(i, unseen, ivKey));
@@ -95,7 +95,7 @@ DatabaseListener {
}
private synchronized byte[] encryptIv(TransportIndex i, long connection,
SecretKey ivKey) {
ErasableKey ivKey) {
byte[] iv = IvEncoder.encodeIv(true, i, connection);
try {
ivCipher.init(Cipher.ENCRYPT_MODE, ivKey);
@@ -131,7 +131,7 @@ DatabaseListener {
TransportIndex i1 = ctx1.getTransportIndex();
if(c1.equals(c) && i1.equals(i)) it.remove();
}
SecretKey ivKey = crypto.deriveIncomingIvKey(db.getSharedSecret(c));
ErasableKey ivKey = crypto.deriveIncomingIvKey(db.getSharedSecret(c));
calculateIvs(c, ctx.getTransportId(), i, ivKey, w);
} catch(NoSuchContactException e) {
// The contact was removed - clean up when we get the event
@@ -182,7 +182,7 @@ DatabaseListener {
for(ContactId c : db.getContacts()) {
try {
byte[] secret = db.getSharedSecret(c);
SecretKey ivKey = crypto.deriveIncomingIvKey(secret);
ErasableKey ivKey = crypto.deriveIncomingIvKey(secret);
TransportIndex i = db.getRemoteIndex(c, t);
if(i != null) {
ConnectionWindow w = db.getConnectionWindow(c, i);

10
components/net/sf/briar/transport/ConnectionWriterFactoryImpl.java
View File

@@ -7,7 +7,7 @@ import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.crypto.CryptoComponent;
import net.sf.briar.api.protocol.TransportIndex;
@@ -36,7 +36,7 @@ class ConnectionWriterFactoryImpl implements ConnectionWriterFactory {
byte[] secret) {
// Decrypt the IV
Cipher ivCipher = crypto.getIvCipher();
SecretKey ivKey = crypto.deriveIncomingIvKey(secret);
ErasableKey ivKey = crypto.deriveIncomingIvKey(secret);
byte[] iv;
try {
ivCipher.init(Cipher.DECRYPT_MODE, ivKey);
@@ -63,14 +63,14 @@ class ConnectionWriterFactoryImpl implements ConnectionWriterFactory {
// Create the encrypter
Cipher ivCipher = crypto.getIvCipher();
Cipher frameCipher = crypto.getFrameCipher();
SecretKey ivKey = crypto.deriveOutgoingIvKey(secret);
SecretKey frameKey = crypto.deriveOutgoingFrameKey(secret);
ErasableKey ivKey = crypto.deriveOutgoingIvKey(secret);
ErasableKey frameKey = crypto.deriveOutgoingFrameKey(secret);
byte[] iv = IvEncoder.encodeIv(initiator, i, connection);
ConnectionEncrypter encrypter = new ConnectionEncrypterImpl(out,
capacity, iv, ivCipher, frameCipher, ivKey, frameKey);
// Create the writer
Mac mac = crypto.getMac();
SecretKey macKey = crypto.deriveOutgoingMacKey(secret);
ErasableKey macKey = crypto.deriveOutgoingMacKey(secret);
return new ConnectionWriterImpl(encrypter, mac, macKey);
}
}

4
components/net/sf/briar/transport/ConnectionWriterImpl.java
View File

@@ -10,7 +10,7 @@ import java.io.OutputStream;
import java.security.InvalidKeyException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.transport.ConnectionWriter;
import net.sf.briar.util.ByteUtils;
@@ -31,7 +31,7 @@ implements ConnectionWriter {
protected long frame = 0L;
ConnectionWriterImpl(ConnectionEncrypter encrypter, Mac mac,
SecretKey macKey) {
ErasableKey macKey) {
super(encrypter.getOutputStream());
this.encrypter = encrypter;
this.mac = mac;

4
components/net/sf/briar/transport/PaddedConnectionWriter.java
View File

@@ -5,7 +5,7 @@ import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
import java.io.IOException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.util.ByteUtils;
@@ -23,7 +23,7 @@ class PaddedConnectionWriter extends ConnectionWriterImpl {
private IOException exception = null;
PaddedConnectionWriter(ConnectionEncrypter encrypter, Mac mac,
SecretKey macKey) {
ErasableKey macKey) {
super(encrypter, mac, macKey);
padding = new byte[maxPayloadLength];
}