mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-14 03:39:05 +01:00
Converted incoming encryption layer from frames to segments.
This commit is contained in:
akwizgran
@@ -30,9 +30,10 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
private static final String CIPHER_ALGO = "AES/CTR/NoPadding";
|
||||
private static final String SECRET_KEY_ALGO = "AES";
|
||||
private static final int SECRET_KEY_BYTES = 32; // 256 bits
|
||||
private static final int KEY_DERIVATION_IV_BYTES = 16; // 128 bits
|
||||
private static final String MAC_ALGO = "HMacSHA256";
|
||||
private static final String SIGNATURE_ALGO = "ECDSA";
|
||||
private static final int KEY_DERIVATION_IV_BYTES = 16; // 128 bits
|
||||
private static final String TAG_CIPHER_ALGO = "AES/ECB/NoPadding";
|
||||
|
||||
// Labels for key derivation, null-terminated
|
||||
private static final byte[] FRAME = { 'F', 'R', 'A', 'M', 'E', 0 };
|
||||
@@ -176,7 +177,7 @@ class CryptoComponentImpl implements CryptoComponent {
|
||||
|
||||
public Cipher getTagCipher() {
|
||||
try {
|
||||
return Cipher.getInstance(CIPHER_ALGO, PROVIDER);
|
||||
return Cipher.getInstance(TAG_CIPHER_ALGO, PROVIDER);
|
||||
} catch(GeneralSecurityException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
@@ -27,9 +27,9 @@ class ConnectionReaderFactoryImpl implements ConnectionReaderFactory {
|
||||
// Validate the tag
|
||||
Cipher tagCipher = crypto.getTagCipher();
|
||||
ErasableKey tagKey = crypto.deriveTagKey(secret, true);
|
||||
boolean valid = TagEncoder.validateTag(tag, 0, tagCipher, tagKey);
|
||||
long segmentNumber = TagEncoder.decodeTag(tag, tagCipher, tagKey);
|
||||
tagKey.erase();
|
||||
if(!valid) throw new IllegalArgumentException();
|
||||
if(segmentNumber != 0) throw new IllegalArgumentException();
|
||||
return createConnectionReader(in, true, secret);
|
||||
}
|
||||
|
||||
@@ -51,7 +51,10 @@ class ConnectionReaderFactoryImpl implements ConnectionReaderFactory {
|
||||
Mac mac = crypto.getMac();
|
||||
IncomingEncryptionLayer decrypter = new IncomingEncryptionLayerImpl(in,
|
||||
tagCipher, frameCipher, tagKey, frameKey, false);
|
||||
// No error correction
|
||||
IncomingErrorCorrectionLayer correcter =
|
||||
new NullIncomingErrorCorrectionLayer(decrypter);
|
||||
// Create the reader
|
||||
return new ConnectionReaderImpl(decrypter, mac, macKey);
|
||||
return new ConnectionReaderImpl(correcter, mac, macKey);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,12 +2,13 @@ package net.sf.briar.transport;
|
||||
|
||||
import static net.sf.briar.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
||||
import javax.crypto.Mac;
|
||||
|
||||
@@ -17,16 +18,16 @@ import net.sf.briar.api.transport.ConnectionReader;
|
||||
|
||||
class ConnectionReaderImpl extends InputStream implements ConnectionReader {
|
||||
|
||||
private final IncomingEncryptionLayer decrypter;
|
||||
private final IncomingErrorCorrectionLayer in;
|
||||
private final Mac mac;
|
||||
private final byte[] buf;
|
||||
private final Frame frame;
|
||||
|
||||
private long frame = 0L;
|
||||
private long frameNumber = 0L;
|
||||
private int offset = 0, length = 0;
|
||||
|
||||
ConnectionReaderImpl(IncomingEncryptionLayer decrypter, Mac mac,
|
||||
ConnectionReaderImpl(IncomingErrorCorrectionLayer in, Mac mac,
|
||||
ErasableKey macKey) {
|
||||
this.decrypter = decrypter;
|
||||
this.in = in;
|
||||
this.mac = mac;
|
||||
// Initialise the MAC
|
||||
try {
|
||||
@@ -37,7 +38,7 @@ class ConnectionReaderImpl extends InputStream implements ConnectionReader {
|
||||
macKey.erase();
|
||||
if(mac.getMacLength() != MAC_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
buf = new byte[MAX_FRAME_LENGTH];
|
||||
frame = new Frame();
|
||||
}
|
||||
|
||||
public InputStream getInputStream() {
|
||||
@@ -47,7 +48,7 @@ class ConnectionReaderImpl extends InputStream implements ConnectionReader {
|
||||
@Override
|
||||
public int read() throws IOException {
|
||||
while(length == 0) if(!readFrame()) return -1;
|
||||
int b = buf[offset] & 0xff;
|
||||
int b = frame.getBuffer()[offset] & 0xff;
|
||||
offset++;
|
||||
length--;
|
||||
return b;
|
||||
@@ -62,7 +63,7 @@ class ConnectionReaderImpl extends InputStream implements ConnectionReader {
|
||||
public int read(byte[] b, int off, int len) throws IOException {
|
||||
while(length == 0) if(!readFrame()) return -1;
|
||||
len = Math.min(len, length);
|
||||
System.arraycopy(buf, offset, b, off, len);
|
||||
System.arraycopy(frame.getBuffer(), offset, b, off, len);
|
||||
offset += len;
|
||||
length -= len;
|
||||
return len;
|
||||
@@ -71,17 +72,19 @@ class ConnectionReaderImpl extends InputStream implements ConnectionReader {
|
||||
private boolean readFrame() throws IOException {
|
||||
assert length == 0;
|
||||
// Don't allow more than 2^32 frames to be read
|
||||
if(frame > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
|
||||
if(frameNumber > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
|
||||
// Read a frame
|
||||
int frameLength = decrypter.readFrame(buf);
|
||||
if(frameLength == -1) return false;
|
||||
Collection<Long> window = Collections.singleton(frameNumber);
|
||||
if(!in.readFrame(frame, window)) return false;
|
||||
// Check that the frame number is correct and the length is legal
|
||||
if(!HeaderEncoder.validateHeader(buf, frame))
|
||||
byte[] buf = frame.getBuffer();
|
||||
if(!HeaderEncoder.validateHeader(buf, frameNumber))
|
||||
throw new FormatException();
|
||||
// Check that the payload and padding lengths are correct
|
||||
int payload = HeaderEncoder.getPayloadLength(buf);
|
||||
int padding = HeaderEncoder.getPaddingLength(buf);
|
||||
if(frameLength != FRAME_HEADER_LENGTH + payload + padding + MAC_LENGTH)
|
||||
throw new FormatException();
|
||||
if(frame.getLength() != FRAME_HEADER_LENGTH + payload + padding
|
||||
+ MAC_LENGTH) throw new FormatException();
|
||||
// Check that the padding is all zeroes
|
||||
int paddingStart = FRAME_HEADER_LENGTH + payload;
|
||||
for(int i = paddingStart; i < paddingStart + padding; i++) {
|
||||
@@ -96,7 +99,7 @@ class ConnectionReaderImpl extends InputStream implements ConnectionReader {
|
||||
}
|
||||
offset = FRAME_HEADER_LENGTH;
|
||||
length = payload;
|
||||
frame++;
|
||||
frameNumber++;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -103,7 +103,7 @@ DatabaseListener {
|
||||
private Bytes calculateTag(Context ctx, byte[] secret) {
|
||||
ErasableKey tagKey = crypto.deriveTagKey(secret, true);
|
||||
byte[] tag = new byte[TAG_LENGTH];
|
||||
TagEncoder.encodeTag(tag, 0, tagCipher, tagKey);
|
||||
TagEncoder.encodeTag(tag, 0L, tagCipher, tagKey);
|
||||
tagKey.erase();
|
||||
return new Bytes(tag);
|
||||
}
|
||||
|
||||
@@ -29,12 +29,12 @@ class ConnectionWriterFactoryImpl implements ConnectionWriterFactory {
|
||||
|
||||
public ConnectionWriter createConnectionWriter(OutputStream out,
|
||||
long capacity, byte[] secret, byte[] tag) {
|
||||
// Decrypt the tag
|
||||
// Validate the tag
|
||||
Cipher tagCipher = crypto.getTagCipher();
|
||||
ErasableKey tagKey = crypto.deriveTagKey(secret, true);
|
||||
boolean valid = TagEncoder.validateTag(tag, 0, tagCipher, tagKey);
|
||||
long segmentNumber = TagEncoder.decodeTag(tag, tagCipher, tagKey);
|
||||
tagKey.erase();
|
||||
if(!valid) throw new IllegalArgumentException();
|
||||
if(segmentNumber != 0) throw new IllegalArgumentException();
|
||||
return createConnectionWriter(out, capacity, false, secret);
|
||||
}
|
||||
|
||||
|
||||
25
components/net/sf/briar/transport/Frame.java
Normal file
25
components/net/sf/briar/transport/Frame.java
Normal file
@@ -0,0 +1,25 @@
|
||||
package net.sf.briar.transport;
|
||||
|
||||
import static net.sf.briar.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
|
||||
class Frame {
|
||||
|
||||
private final byte[] buf = new byte[MAX_FRAME_LENGTH];
|
||||
|
||||
private int length = -1;
|
||||
|
||||
public byte[] getBuffer() {
|
||||
return buf;
|
||||
}
|
||||
|
||||
public int getLength() {
|
||||
if(length == -1) throw new IllegalStateException();
|
||||
return length;
|
||||
}
|
||||
|
||||
public void setLength(int length) {
|
||||
if(length < 0 || length > buf.length)
|
||||
throw new IllegalArgumentException();
|
||||
this.length = length;
|
||||
}
|
||||
}
|
||||
@@ -2,11 +2,13 @@ package net.sf.briar.transport;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import net.sf.briar.api.plugins.Segment;
|
||||
|
||||
interface IncomingEncryptionLayer {
|
||||
|
||||
/**
|
||||
* Reads a frame into the given buffer and returns its length, or -1 if no
|
||||
* more frames can be read.
|
||||
* Reads a segment, excluding its tag, into the given buffer. Returns false
|
||||
* if no more segments can be read from the connection.
|
||||
*/
|
||||
int readFrame(byte[] b) throws IOException;
|
||||
boolean readSegment(Segment s) throws IOException;
|
||||
}
|
||||
|
||||
@@ -2,8 +2,9 @@ package net.sf.briar.transport;
|
||||
|
||||
import static net.sf.briar.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.MAX_FRAME_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.MAX_SEGMENT_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.TAG_LENGTH;
|
||||
import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
|
||||
|
||||
import java.io.EOFException;
|
||||
import java.io.IOException;
|
||||
@@ -15,6 +16,7 @@ import javax.crypto.spec.IvParameterSpec;
|
||||
|
||||
import net.sf.briar.api.FormatException;
|
||||
import net.sf.briar.api.crypto.ErasableKey;
|
||||
import net.sf.briar.api.plugins.Segment;
|
||||
|
||||
class IncomingEncryptionLayerImpl implements IncomingEncryptionLayer {
|
||||
|
||||
@@ -22,10 +24,11 @@ class IncomingEncryptionLayerImpl implements IncomingEncryptionLayer {
|
||||
private final Cipher tagCipher, frameCipher;
|
||||
private final ErasableKey tagKey, frameKey;
|
||||
private final int blockSize;
|
||||
private final byte[] iv;
|
||||
private final byte[] iv, ciphertext;
|
||||
private final boolean tagEverySegment;
|
||||
|
||||
private long frame = 0L;
|
||||
private boolean firstSegment = true;
|
||||
private long segmentNumber = 0L;
|
||||
|
||||
IncomingEncryptionLayerImpl(InputStream in, Cipher tagCipher,
|
||||
Cipher frameCipher, ErasableKey tagKey, ErasableKey frameKey,
|
||||
@@ -40,71 +43,73 @@ class IncomingEncryptionLayerImpl implements IncomingEncryptionLayer {
|
||||
if(blockSize < FRAME_HEADER_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
iv = IvEncoder.encodeIv(0, blockSize);
|
||||
ciphertext = new byte[MAX_SEGMENT_LENGTH];
|
||||
}
|
||||
|
||||
public int readFrame(byte[] b) throws IOException {
|
||||
if(frame > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
|
||||
boolean tag = tagEverySegment && frame > 0;
|
||||
// Clear the buffer before exposing it to the transport plugin
|
||||
for(int i = 0; i < b.length; i++) b[i] = 0;
|
||||
public boolean readSegment(Segment s) throws IOException {
|
||||
boolean tag = tagEverySegment && !firstSegment;
|
||||
try {
|
||||
// If a tag is expected then read, decrypt and validate it
|
||||
if(tag) {
|
||||
int offset = 0;
|
||||
while(offset < TAG_LENGTH) {
|
||||
int read = in.read(b, offset, TAG_LENGTH - offset);
|
||||
int read = in.read(ciphertext, offset, TAG_LENGTH - offset);
|
||||
if(read == -1) {
|
||||
if(offset == 0) return -1;
|
||||
if(offset == 0) return false;
|
||||
throw new EOFException();
|
||||
}
|
||||
offset += read;
|
||||
}
|
||||
if(!TagEncoder.validateTag(b, frame, tagCipher, tagKey))
|
||||
throw new FormatException();
|
||||
long seg = TagEncoder.decodeTag(ciphertext, tagCipher, tagKey);
|
||||
if(seg == -1) throw new FormatException();
|
||||
segmentNumber = seg;
|
||||
}
|
||||
// Read the first block
|
||||
// Read the first block of the frame/segment
|
||||
int offset = 0;
|
||||
while(offset < blockSize) {
|
||||
int read = in.read(b, offset, blockSize - offset);
|
||||
int read = in.read(ciphertext, offset, blockSize - offset);
|
||||
if(read == -1) {
|
||||
if(offset == 0 && !tag) return -1;
|
||||
if(offset == 0 && !tag && !firstSegment) return false;
|
||||
throw new EOFException();
|
||||
}
|
||||
offset += read;
|
||||
}
|
||||
// Decrypt the first block
|
||||
// Decrypt the first block of the frame/segment
|
||||
byte[] plaintext = s.getBuffer();
|
||||
try {
|
||||
IvEncoder.updateIv(iv, frame);
|
||||
IvEncoder.updateIv(iv, segmentNumber);
|
||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||
frameCipher.init(Cipher.DECRYPT_MODE, frameKey, ivSpec);
|
||||
int decrypted = frameCipher.update(b, 0, blockSize, b);
|
||||
int decrypted = frameCipher.update(ciphertext, 0, blockSize,
|
||||
plaintext);
|
||||
if(decrypted != blockSize) throw new RuntimeException();
|
||||
} catch(GeneralSecurityException badCipher) {
|
||||
throw new RuntimeException(badCipher);
|
||||
}
|
||||
// Validate and parse the header
|
||||
if(!HeaderEncoder.validateHeader(b, frame))
|
||||
throw new FormatException();
|
||||
int payload = HeaderEncoder.getPayloadLength(b);
|
||||
int padding = HeaderEncoder.getPaddingLength(b);
|
||||
// Parse the frame header
|
||||
int payload = HeaderEncoder.getPayloadLength(plaintext);
|
||||
int padding = HeaderEncoder.getPaddingLength(plaintext);
|
||||
int length = FRAME_HEADER_LENGTH + payload + padding + MAC_LENGTH;
|
||||
// Read the remainder of the frame
|
||||
if(length > MAX_FRAME_LENGTH) throw new FormatException();
|
||||
// Read the remainder of the frame/segment
|
||||
while(offset < length) {
|
||||
int read = in.read(b, offset, length - offset);
|
||||
int read = in.read(ciphertext, offset, length - offset);
|
||||
if(read == -1) throw new EOFException();
|
||||
offset += read;
|
||||
}
|
||||
// Decrypt the remainder of the frame
|
||||
// Decrypt the remainder of the frame/segment
|
||||
try {
|
||||
int decrypted = frameCipher.doFinal(b, blockSize,
|
||||
length - blockSize, b, blockSize);
|
||||
int decrypted = frameCipher.doFinal(ciphertext, blockSize,
|
||||
length - blockSize, plaintext, blockSize);
|
||||
if(decrypted != length - blockSize)
|
||||
throw new RuntimeException();
|
||||
} catch(GeneralSecurityException badCipher) {
|
||||
throw new RuntimeException(badCipher);
|
||||
}
|
||||
frame++;
|
||||
return length;
|
||||
s.setLength(length);
|
||||
s.setSegmentNumber(segmentNumber++);
|
||||
firstSegment = false;
|
||||
return true;
|
||||
} catch(IOException e) {
|
||||
frameKey.erase();
|
||||
tagKey.erase();
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
package net.sf.briar.transport;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
|
||||
interface IncomingErrorCorrectionLayer {
|
||||
|
||||
/**
|
||||
* Reads a frame into the given buffer. The frame number must be contained
|
||||
* in the given window. Returns false if no more frames can be read from
|
||||
* the connection.
|
||||
*/
|
||||
boolean readFrame(Frame f, Collection<Long> window) throws IOException;
|
||||
}
|
||||
@@ -4,7 +4,6 @@ import static net.sf.briar.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.MAC_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.MAX_SEGMENT_LENGTH;
|
||||
import static net.sf.briar.api.transport.TransportConstants.TAG_LENGTH;
|
||||
import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.GeneralSecurityException;
|
||||
@@ -27,7 +26,8 @@ class IncomingSegmentedEncryptionLayer implements IncomingEncryptionLayer {
|
||||
private final Segment segment;
|
||||
private final boolean tagEverySegment;
|
||||
|
||||
private long frame = 0L;
|
||||
private boolean firstSegment = true;
|
||||
private long segmentNumber = 0L;
|
||||
|
||||
IncomingSegmentedEncryptionLayer(SegmentSource in, Cipher tagCipher,
|
||||
Cipher frameCipher, ErasableKey tagKey, ErasableKey frameKey,
|
||||
@@ -45,41 +45,37 @@ class IncomingSegmentedEncryptionLayer implements IncomingEncryptionLayer {
|
||||
segment = new SegmentImpl();
|
||||
}
|
||||
|
||||
public int readFrame(byte[] b) throws IOException {
|
||||
if(frame > MAX_32_BIT_UNSIGNED) throw new IllegalStateException();
|
||||
boolean tag = tagEverySegment && frame > 0;
|
||||
// Clear the buffer before exposing it to the transport plugin
|
||||
segment.clear();
|
||||
public boolean readSegment(Segment s) throws IOException {
|
||||
boolean tag = tagEverySegment && !firstSegment;
|
||||
try {
|
||||
// Read the segment
|
||||
if(!in.readSegment(segment)) return -1;
|
||||
if(!in.readSegment(segment)) return false;
|
||||
int offset = tag ? TAG_LENGTH : 0, length = segment.getLength();
|
||||
if(length > MAX_SEGMENT_LENGTH) throw new FormatException();
|
||||
if(length < offset + FRAME_HEADER_LENGTH + MAC_LENGTH)
|
||||
throw new FormatException();
|
||||
// If a tag is expected, decrypt and validate it
|
||||
if(tag && !TagEncoder.validateTag(segment.getBuffer(), frame,
|
||||
tagCipher, tagKey)) throw new FormatException();
|
||||
// Decrypt the frame
|
||||
byte[] ciphertext = segment.getBuffer();
|
||||
// If a tag is expected then decrypt and validate it
|
||||
if(tag) {
|
||||
long seg = TagEncoder.decodeTag(ciphertext, tagCipher, tagKey);
|
||||
if(seg == -1) throw new FormatException();
|
||||
segmentNumber = seg;
|
||||
}
|
||||
// Decrypt the segment
|
||||
try {
|
||||
IvEncoder.updateIv(iv, frame);
|
||||
IvEncoder.updateIv(iv, segmentNumber);
|
||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||
frameCipher.init(Cipher.DECRYPT_MODE, frameKey, ivSpec);
|
||||
int decrypted = frameCipher.doFinal(segment.getBuffer(), offset,
|
||||
length - offset, b);
|
||||
int decrypted = frameCipher.doFinal(ciphertext, offset,
|
||||
length - offset, s.getBuffer());
|
||||
if(decrypted != length - offset) throw new RuntimeException();
|
||||
} catch(GeneralSecurityException badCipher) {
|
||||
throw new RuntimeException(badCipher);
|
||||
}
|
||||
// Validate and parse the header
|
||||
if(!HeaderEncoder.validateHeader(b, frame))
|
||||
throw new FormatException();
|
||||
int payload = HeaderEncoder.getPayloadLength(b);
|
||||
int padding = HeaderEncoder.getPaddingLength(b);
|
||||
if(length != offset + FRAME_HEADER_LENGTH + payload + padding
|
||||
+ MAC_LENGTH) throw new FormatException();
|
||||
frame++;
|
||||
return length - offset;
|
||||
s.setLength(length - offset);
|
||||
s.setSegmentNumber(segmentNumber++);
|
||||
firstSegment = false;
|
||||
return true;
|
||||
} catch(IOException e) {
|
||||
frameKey.erase();
|
||||
tagKey.erase();
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
package net.sf.briar.transport;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
|
||||
import net.sf.briar.api.plugins.Segment;
|
||||
|
||||
class NullIncomingErrorCorrectionLayer implements IncomingErrorCorrectionLayer {
|
||||
|
||||
private final IncomingEncryptionLayer in;
|
||||
private final Segment segment;
|
||||
|
||||
NullIncomingErrorCorrectionLayer(IncomingEncryptionLayer in) {
|
||||
this.in = in;
|
||||
segment = new SegmentImpl();
|
||||
}
|
||||
|
||||
public boolean readFrame(Frame f, Collection<Long> window)
|
||||
throws IOException {
|
||||
while(true) {
|
||||
if(!in.readSegment(segment)) return false;
|
||||
byte[] buf = segment.getBuffer();
|
||||
if(window.contains(HeaderEncoder.getFrameNumber(buf))) break;
|
||||
}
|
||||
int length = segment.getLength();
|
||||
// FIXME: Unnecessary copy
|
||||
System.arraycopy(segment.getBuffer(), 0, f.getBuffer(), 0, length);
|
||||
f.setLength(length);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -11,12 +11,6 @@ class SegmentImpl implements Segment {
|
||||
private int length = -1;
|
||||
private long segmentNumber = -1;
|
||||
|
||||
public void clear() {
|
||||
for(int i = 0; i < buf.length; i++) buf[i] = 0;
|
||||
length = -1;
|
||||
segmentNumber = -1;
|
||||
}
|
||||
|
||||
public byte[] getBuffer() {
|
||||
return buf;
|
||||
}
|
||||
|
||||
@@ -6,28 +6,22 @@ import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
|
||||
import net.sf.briar.api.crypto.ErasableKey;
|
||||
import net.sf.briar.util.ByteUtils;
|
||||
|
||||
class TagEncoder {
|
||||
|
||||
private static final byte[] BLANK = new byte[TAG_LENGTH];
|
||||
|
||||
static void encodeTag(byte[] tag, long frame, Cipher tagCipher,
|
||||
static void encodeTag(byte[] tag, long segmentNumber, Cipher tagCipher,
|
||||
ErasableKey tagKey) {
|
||||
if(tag.length < TAG_LENGTH) throw new IllegalArgumentException();
|
||||
if(frame < 0 || frame > MAX_32_BIT_UNSIGNED)
|
||||
if(segmentNumber < 0 || segmentNumber > MAX_32_BIT_UNSIGNED)
|
||||
throw new IllegalArgumentException();
|
||||
// Encode the frame number as a uint32 at the end of the IV
|
||||
byte[] iv = new byte[tagCipher.getBlockSize()];
|
||||
if(iv.length != TAG_LENGTH) throw new IllegalArgumentException();
|
||||
ByteUtils.writeUint32(frame, iv, iv.length - 4);
|
||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||
// Encode the segment number as a uint32 at the end of the tag
|
||||
ByteUtils.writeUint32(segmentNumber, tag, TAG_LENGTH - 4);
|
||||
try {
|
||||
tagCipher.init(Cipher.ENCRYPT_MODE, tagKey, ivSpec);
|
||||
int encrypted = tagCipher.doFinal(BLANK, 0, TAG_LENGTH, tag);
|
||||
tagCipher.init(Cipher.ENCRYPT_MODE, tagKey);
|
||||
int encrypted = tagCipher.doFinal(tag, 0, TAG_LENGTH, tag);
|
||||
if(encrypted != TAG_LENGTH) throw new IllegalArgumentException();
|
||||
} catch(GeneralSecurityException e) {
|
||||
// Unsuitable cipher or key
|
||||
@@ -35,26 +29,18 @@ class TagEncoder {
|
||||
}
|
||||
}
|
||||
|
||||
static boolean validateTag(byte[] tag, long frame, Cipher tagCipher,
|
||||
ErasableKey tagKey) {
|
||||
if(frame < 0 || frame > MAX_32_BIT_UNSIGNED)
|
||||
throw new IllegalArgumentException();
|
||||
if(tag.length < TAG_LENGTH) return false;
|
||||
// Encode the frame number as a uint32 at the end of the IV
|
||||
byte[] iv = new byte[tagCipher.getBlockSize()];
|
||||
if(iv.length != TAG_LENGTH) throw new IllegalArgumentException();
|
||||
ByteUtils.writeUint32(frame, iv, iv.length - 4);
|
||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||
static long decodeTag(byte[] tag, Cipher tagCipher, ErasableKey tagKey) {
|
||||
if(tag.length < TAG_LENGTH) throw new IllegalArgumentException();
|
||||
try {
|
||||
tagCipher.init(Cipher.DECRYPT_MODE, tagKey, ivSpec);
|
||||
tagCipher.init(Cipher.DECRYPT_MODE, tagKey);
|
||||
byte[] plaintext = tagCipher.doFinal(tag, 0, TAG_LENGTH);
|
||||
if(plaintext.length != TAG_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
// The plaintext should be blank
|
||||
for(int i = 0; i < plaintext.length; i++) {
|
||||
if(plaintext[i] != 0) return false;
|
||||
// All but the last four bytes of the plaintext should be blank
|
||||
for(int i = 0; i < TAG_LENGTH - 4; i++) {
|
||||
if(plaintext[i] != 0) return -1;
|
||||
}
|
||||
return true;
|
||||
return ByteUtils.readUint32(plaintext, TAG_LENGTH - 4);
|
||||
} catch(GeneralSecurityException e) {
|
||||
// Unsuitable cipher or key
|
||||
throw new IllegalArgumentException(e);
|
||||
|
||||
Reference in New Issue
Block a user