This makes us Suite B compliant and saves 32 bytes per frame. The
AES/GCM implementation refuses to decrypt the frame header before
checking the MAC, so we have to use AES/CTR to peek at the header. The
header is still covered by the MAC, and we still check it after peeking!
Unidirectional transports and connections are now called
simplex rather than batch. Bidirectional transports and connections
are now called duplex rather than stream.
LockFairnessTest passes on Windows, Mac and Linux, so it's safe to use
ReadWriteLockDatabaseComponent on all those platforms. We can revisit
this issue for Android if necessary, but for now it's a waste of
effort to have two parallel implementations.
This should provide acceptable memory usage and database locking
granularity, while making subscription and transport updates large
enough for the incremental update issue to be kicked into the long
grass.
Removed awareness of the serialisation format from the protocol
component wherever possible, and added tests to ensure that the
constants defined in the protocol package's API are compatible with
the serialisation format.
authenticate each frame before parsing its contents. Each connection
starts with a tag, followed by any number of frames, each starting
with the frame number (32 bits) and payload length (16 bits), and
ending with a MAC (256 bits).
Tags have the following format: 32 bits reserved, 16 bits for the
transport ID, 32 bits for the connection number, 32 bits (set to zero
in the tag) for the frame number, and 16 bits (set to zero in the tag)
for the block number. The tag is encrypted with the tag key in
ECB mode.
Frame numbers for each connection must start from zero and must be
contiguous and strictly increasing. Each frame is encrypted with the
frame key in CTR mode, using the plaintext tag with the appropriate
frame number to initialise the counter.
The maximum frame size is 64 KiB, including header and footer. The
maximum amount of data that can be sent over a connection is 2^32
frames - roughly 2^48 bytes, or 8 terabytes, with the maximum frame
size of 64 KiB. If that isn't sufficient we can add another 16 bits to
the frame counter.
allow writers to starve. If this test passes on Java 5 and 6, we can
get rid of SynchronizedDatabaseComponent and merge
ReadWriteLockDatabaseComponent with DatabaseComponentImpl.
