Made secret keys erasable from memory.

2026-02-15 20:29:52 +01:00 · 2011-11-15 14:43:06 +00:00
parent 23be7fd876
commit f41d48eb9f
17 changed files with 135 additions and 75 deletions
--- a/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
@@ -6,7 +6,7 @@ import static org.junit.Assert.assertArrayEquals;
 import java.io.ByteArrayInputStream;

 import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
 import javax.crypto.spec.IvParameterSpec;

 import junit.framework.TestCase;
@@ -26,7 +26,7 @@ public class ConnectionDecrypterImplTest extends TestCase {
 	private static final int MAC_LENGTH = 32;

 	private final Cipher ivCipher, frameCipher;
-	private final SecretKey ivKey, frameKey;
+	private final ErasableKey ivKey, frameKey;
 	private final TransportIndex transportIndex = new TransportIndex(13);
 	private final long connection = 12345L;

@@ -36,8 +36,8 @@ public class ConnectionDecrypterImplTest extends TestCase {
 		CryptoComponent crypto = i.getInstance(CryptoComponent.class);
 		ivCipher = crypto.getIvCipher();
 		frameCipher = crypto.getFrameCipher();
-		ivKey = crypto.generateSecretKey();
-		frameKey = crypto.generateSecretKey();
+		ivKey = crypto.generateTestKey();
+		frameKey = crypto.generateTestKey();
 	}

 	@Test
--- a/test/net/sf/briar/transport/ConnectionEncrypterImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionEncrypterImplTest.java
@@ -6,7 +6,7 @@ import static org.junit.Assert.assertArrayEquals;
 import java.io.ByteArrayOutputStream;

 import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
 import javax.crypto.spec.IvParameterSpec;

 import junit.framework.TestCase;
@@ -24,7 +24,7 @@ public class ConnectionEncrypterImplTest extends TestCase {
 	private static final int MAC_LENGTH = 32;

 	private final Cipher ivCipher, frameCipher;
-	private final SecretKey ivKey, frameKey;
+	private final ErasableKey ivKey, frameKey;
 	private final TransportIndex transportIndex = new TransportIndex(13);
 	private final long connection = 12345L;

@@ -34,8 +34,8 @@ public class ConnectionEncrypterImplTest extends TestCase {
 		CryptoComponent crypto = i.getInstance(CryptoComponent.class);
 		ivCipher = crypto.getIvCipher();
 		frameCipher = crypto.getFrameCipher();
-		ivKey = crypto.generateSecretKey();
-		frameKey = crypto.generateSecretKey();
+		ivKey = crypto.generateTestKey();
+		frameKey = crypto.generateTestKey();
 	}

 	@Test
--- a/test/net/sf/briar/transport/ConnectionRecogniserImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionRecogniserImplTest.java
@@ -6,7 +6,7 @@ import java.util.Collection;
 import java.util.Collections;

 import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;

 import junit.framework.TestCase;
 import net.sf.briar.TestUtils;
@@ -79,7 +79,7 @@ public class ConnectionRecogniserImplTest extends TestCase {
 	@Test
 	public void testExpectedIv() throws Exception {
 		// Calculate the expected IV for connection number 3
-		SecretKey ivKey = crypto.deriveIncomingIvKey(secret);
+		ErasableKey ivKey = crypto.deriveIncomingIvKey(secret);
 		Cipher ivCipher = crypto.getIvCipher();
 		ivCipher.init(Cipher.ENCRYPT_MODE, ivKey);
 		byte[] iv = IvEncoder.encodeIv(true, remoteIndex, 3L);
--- a/test/net/sf/briar/transport/FrameReadWriteTest.java
+++ b/test/net/sf/briar/transport/FrameReadWriteTest.java
@@ -11,7 +11,7 @@ import java.util.Random;

 import javax.crypto.Cipher;
 import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;

 import junit.framework.TestCase;
 import net.sf.briar.api.crypto.CryptoComponent;
@@ -29,7 +29,7 @@ public class FrameReadWriteTest extends TestCase {

 	private final CryptoComponent crypto;
 	private final Cipher ivCipher, frameCipher;
-	private final SecretKey ivKey, frameKey, macKey;
+	private final ErasableKey ivKey, frameKey, macKey;
 	private final Mac mac;
 	private final Random random;
 	private final byte[] secret = new byte[100];
--- a/test/net/sf/briar/transport/TransportTest.java
+++ b/test/net/sf/briar/transport/TransportTest.java
@@ -3,7 +3,7 @@ package net.sf.briar.transport;
 import static net.sf.briar.api.transport.TransportConstants.MAX_FRAME_LENGTH;

 import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;

 import junit.framework.TestCase;
 import net.sf.briar.api.crypto.CryptoComponent;
@@ -16,7 +16,7 @@ import com.google.inject.Injector;
 public abstract class TransportTest extends TestCase {

 	protected final Mac mac;
-	protected final SecretKey macKey;
+	protected final ErasableKey macKey;
 	protected final int headerLength = 4, macLength, maxPayloadLength;

 	public TransportTest() throws Exception {
@@ -24,7 +24,7 @@ public abstract class TransportTest extends TestCase {
 		Injector i = Guice.createInjector(new CryptoModule());
 		CryptoComponent crypto = i.getInstance(CryptoComponent.class);
 		mac = crypto.getMac();
-		macKey = crypto.generateSecretKey();
+		macKey = crypto.generateTestKey();
 		macLength = mac.getMacLength();
 		maxPayloadLength = MAX_FRAME_LENGTH - headerLength - macLength;
 	}