Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-13 19:29:06 +01:00
Code Issues Projects Releases Wiki Activity
1,957 Commits 133 Branches 200 Tags
8a20f330beb22dcd2b5705684ec6b45b8ffab8d6
Commit Graph

64 Commits

Author SHA1 Message Date
str4d
c822623677 Migrate Bluetooth protocol to BQP's master secret derivation 2016-02-02 02:45:49 +00:00
str4d
77e4ec381a Implement BQP crypto 2016-02-02 02:45:49 +00:00
str4d
4d7a23779a Rename crypto methods and constants for Bluetooth key agreement 2016-02-02 02:45:49 +00:00
akwizgran
88475bdd54 Transport properties client. #229 2016-01-27 12:51:55 +00:00
akwizgran
5355951466 Separate the sync layer from its clients. #112 2016-01-20 10:35:09 +00:00
akwizgran
3c6ead0603 Code clarity, more unit tests for ByteUtils. 
Addresses comments for !48.
 2016-01-12 11:10:22 +00:00
akwizgran
99f8d21eea Fixed a typo. 2016-01-04 12:47:49 +00:00
akwizgran
6a4aea77fb Final crypto changes for BTPv2. #111 
Use BLAKE2s to generate tags.
KDF arguments for key rotation.
Frame IV format.
 2016-01-04 12:42:30 +00:00
akwizgran
7e115fed6d Allow output shorter than getDigestSize(). 2016-01-01 14:28:38 +00:00
akwizgran
7c1ee9ce87 Restored accidentally deleted javadoc. 2015-12-31 17:46:18 +00:00
akwizgran
90af176810 Use BLAKE2s for hashing, key derivation and signatures. 
SHA-256 is still used for password-based key derivation (will be replaced with Argon2) and Fortuna.
 2015-12-31 17:42:11 +00:00
str4d
d5b347e6c9 BLAKE2s implementation 
Implementation is based on the BLAKE2b implementation from BouncyCastle, and is
therefore licensed under the BouncyCastle license (which will make future
upstreaming of the code easier).
 2015-12-31 16:01:33 +00:00
akwizgran
d7f204019d Merge branch 'use-xsalsa20-poly1305' into 'master' 
Use XSalsa20-Poly1305 instead of AES-GCM for transport encryption and password storage.

This patch integrates @str4d's new authenticated cipher implementation. It depends on !18.

See merge request !35
 2015-12-28 18:07:20 +00:00
str4d
efa7ac00ea Merge branch '190-key-manager-duplicates' into 'master' 
Fix off-by-one error in key rotation

Fixes #190.

See merge request !32
 2015-12-23 19:41:21 +00:00
akwizgran
73bb3b0065 Fixed return value of process(). 2015-12-18 16:47:01 +00:00
akwizgran
fc897bd1b9 Use XSalsa20-Poly1305 instead of AES-GCM. #111 2015-12-18 16:47:01 +00:00
akwizgran
6fab0e87e0 Better variable names. 2015-12-18 16:47:01 +00:00
akwizgran
a3ecd93999 Merge branch '169-blake2' into 'master' 
Switch KDF from SHA-256 to Blake2. #169

The BTP spec calls for Blake2s, but there's no Java implementation available. I suggest we go with Blake2b for now. If it turns out to be a performance bottleneck on 32-bit platforms we can consider implementing Blake2s and merging it upstream.

This depends on !13.

See merge request !21
 2015-12-18 16:43:45 +00:00
akwizgran
f2efe7f2ea Implement stream header for BTPv2. #111 2015-12-18 13:34:02 +00:00
akwizgran
d2dea42cec Fixed off-by-one error in key rotation. #190 2015-12-18 11:29:13 +00:00
akwizgran
c7e4d5ffa9 Merge branch '147-crypto_secretbox' into 'master' 
147 crypto secretbox

Closes #147

See merge request !27
 2015-12-17 09:23:26 +00:00
str4d
d9808c48f0 Implement XSalsa20/Poly1305 2015-12-16 19:51:14 +00:00
str4d
20b2bcb86f Expand JavaDocs for AuthenticatedCipher 2015-12-16 19:50:57 +00:00
akwizgran
b29ff927b0 Switch KDF from SHA-256 to Blake2. #169 2015-12-15 13:21:06 +00:00
akwizgran
9868feeb2a Refactor KeyManager and TagRecogniser. #55 2015-12-14 11:02:49 +00:00
akwizgran
8529c976c2 Renamed a bunch of lock variables. 
"synchLock" will become confusing when we have lots of objects with "sync" in the name.
 2015-12-03 16:39:53 +00:00
akwizgran
027ae8340f Whitespace-only code formatting changes. 2015-11-30 09:38:25 +00:00
akwizgran
f8a4a4920d Merge branch 'AbrahamKiggundu/briar-master': better lock encapsulation 2015-01-29 11:28:48 +00:00
akwizgran
0dbfd7073f Comments to indicate which locks guard which variables. 2015-01-29 11:12:41 +00:00
akwizgran
47bd84122e Code formatting and small cleanups. 2015-01-28 21:18:31 +00:00
akwizgran
7fbad8dc26 Use FortunaGenerator to implement PseudoRandom. 2015-01-14 20:46:03 +00:00
akwizgran
1c7432cac4 Use a provider to instantiate AuthenticatedCipher. 2015-01-14 19:59:38 +00:00
akwizgran
03247aedd6 Log how long it takes to generate and verify signatures. 2015-01-14 19:09:37 +00:00
akwizgran
112d80420c Downgrade to 256-bit curve for performance. 
Also reduced hash function to 256 bits because our target security level
is now 128 bits.
 2015-01-09 13:23:44 +00:00
akwizgran
5d46d3a4b4 AuthenticatedCipher interface isn't needed outside crypto package. 2015-01-09 13:06:44 +00:00
akwizgran
dc5e37a96d Remove AAD from AuthenticatedCipher interface. 2015-01-09 13:01:02 +00:00
Abraham Kiggundu
851151041e Pull-Merge of latest changes from main repo 2015-01-08 11:54:47 +03:00
akwizgran
4e57029d98 Use constant-time GCM multiplier. 2015-01-06 19:30:11 +00:00
akwizgran
1f69f0d2f6 Variable-length frames (untested). 2015-01-05 17:35:45 +00:00
akwizgran
d3bf2d59a1 Use the same maximum frame length for all transports. 2015-01-05 16:24:44 +00:00
akwizgran
358166bc12 Don't try to erase secrets from memory. 
1. The things we're really trying to protect - contact identities,
message contents, etc - can't be erased from memory because they're
encapsulated inside objects we don't control.

2. Long-term secrets can't be protected by erasing them from memory
because they're stored in the database and the database key has to be
held in memory whenever the app's running.

3. If the runtime uses a compacting garbage collector then we have no
way to ensure an object is erased from memory.

4. Trying to erase secrets from memory makes the code more complex.

Conclusion: Let's not try to protect secrets from an attacker who can
read arbitrary memory locations.
 2014-12-29 21:08:27 +00:00
akwizgran
f316d64afa Moved stream crypto to crypto component. 2014-12-29 19:55:05 +00:00
Abraham Kiggundu
9a2e93ebb9 cleanup 2014-12-26 17:35:37 +03:00
Abraham Kiggundu
b074978472 Improved encapsulation of thread synchronisation as follows 
- replaced use of Object instance mutex with a private final Lock object
- replaced Object signaling with specific condition signalling
 2014-12-26 16:40:46 +03:00
akwizgran
8584194138 Removed redundant parameter checks. 2014-11-09 16:59:08 +00:00
akwizgran
9dbabdeceb Document the contract of DatabaseExecutor. 2014-11-08 16:40:22 +00:00
akwizgran
7b8181e309 Massive refactoring to merge handling of simplex and duplex connections. 2014-11-04 16:51:25 +00:00
akwizgran
b24f153704 Renamed a load of things from 'connection' to 'stream'. 2014-10-08 16:21:55 +01:00
akwizgran
3dab4543e6 Combine the system's PRNG with Fortuna, in case either one is flawed. 2014-10-08 15:03:19 +01:00
akwizgran
bb38911dc8 SecureRandom impl that XORs the outputs of other impls (not yet used). 
This can be used to combine e.g. the platform's SecureRandom
implementation with our own, so that a weakness in either source doesn't
harm security as long as the other source is strong.
 2014-10-08 15:03:02 +01:00