Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-06-12 17:15:37 +02:00
Code Issues Projects Releases Wiki Activity
1,808 Commits 133 Branches 203 Tags
9aa1bbd1ed5cb4592f0cefd1332721bc48586e18
Commit Graph

59 Commits

Author SHA1 Message Date
akwizgran 3c6ead0603 Code clarity, more unit tests for ByteUtils. 
Addresses comments for !48.
 2016-01-12 11:10:22 +00:00
akwizgran 99f8d21eea Fixed a typo. 2016-01-04 12:47:49 +00:00
akwizgran 6a4aea77fb Final crypto changes for BTPv2. #111 
Use BLAKE2s to generate tags.
KDF arguments for key rotation.
Frame IV format.
 2016-01-04 12:42:30 +00:00
akwizgran 7e115fed6d Allow output shorter than getDigestSize(). 2016-01-01 14:28:38 +00:00
akwizgran 7c1ee9ce87 Restored accidentally deleted javadoc. 2015-12-31 17:46:18 +00:00
akwizgran 90af176810 Use BLAKE2s for hashing, key derivation and signatures. 
SHA-256 is still used for password-based key derivation (will be replaced with Argon2) and Fortuna.
 2015-12-31 17:42:11 +00:00
str4d d5b347e6c9 BLAKE2s implementation 
Implementation is based on the BLAKE2b implementation from BouncyCastle, and is
therefore licensed under the BouncyCastle license (which will make future
upstreaming of the code easier).
 2015-12-31 16:01:33 +00:00
akwizgran d7f204019d Merge branch 'use-xsalsa20-poly1305' into 'master' 
Use XSalsa20-Poly1305 instead of AES-GCM for transport encryption and password storage.

This patch integrates @str4d's new authenticated cipher implementation. It depends on !18.

See merge request !35
 2015-12-28 18:07:20 +00:00
str4d efa7ac00ea Merge branch '190-key-manager-duplicates' into 'master' 
Fix off-by-one error in key rotation

Fixes #190.

See merge request !32
 2015-12-23 19:41:21 +00:00
akwizgran 73bb3b0065 Fixed return value of process(). 2015-12-18 16:47:01 +00:00
akwizgran fc897bd1b9 Use XSalsa20-Poly1305 instead of AES-GCM. #111 2015-12-18 16:47:01 +00:00
akwizgran 6fab0e87e0 Better variable names. 2015-12-18 16:47:01 +00:00
akwizgran a3ecd93999 Merge branch '169-blake2' into 'master' 
Switch KDF from SHA-256 to Blake2. #169

The BTP spec calls for Blake2s, but there's no Java implementation available. I suggest we go with Blake2b for now. If it turns out to be a performance bottleneck on 32-bit platforms we can consider implementing Blake2s and merging it upstream.

This depends on !13.

See merge request !21
 2015-12-18 16:43:45 +00:00
akwizgran f2efe7f2ea Implement stream header for BTPv2. #111 2015-12-18 13:34:02 +00:00
akwizgran d2dea42cec Fixed off-by-one error in key rotation. #190 2015-12-18 11:29:13 +00:00
akwizgran c7e4d5ffa9 Merge branch '147-crypto_secretbox' into 'master' 
147 crypto secretbox

Closes #147

See merge request !27
 2015-12-17 09:23:26 +00:00
str4d d9808c48f0 Implement XSalsa20/Poly1305 2015-12-16 19:51:14 +00:00
str4d 20b2bcb86f Expand JavaDocs for AuthenticatedCipher 2015-12-16 19:50:57 +00:00
akwizgran b29ff927b0 Switch KDF from SHA-256 to Blake2. #169 2015-12-15 13:21:06 +00:00
akwizgran 9868feeb2a Refactor KeyManager and TagRecogniser. #55 2015-12-14 11:02:49 +00:00
akwizgran 8529c976c2 Renamed a bunch of lock variables. 
"synchLock" will become confusing when we have lots of objects with "sync" in the name.
 2015-12-03 16:39:53 +00:00
akwizgran 027ae8340f Whitespace-only code formatting changes. 2015-11-30 09:38:25 +00:00
akwizgran f8a4a4920d Merge branch 'AbrahamKiggundu/briar-master': better lock encapsulation 2015-01-29 11:28:48 +00:00
akwizgran 0dbfd7073f Comments to indicate which locks guard which variables. 2015-01-29 11:12:41 +00:00
akwizgran 47bd84122e Code formatting and small cleanups. 2015-01-28 21:18:31 +00:00
akwizgran 7fbad8dc26 Use FortunaGenerator to implement PseudoRandom. 2015-01-14 20:46:03 +00:00
akwizgran 1c7432cac4 Use a provider to instantiate AuthenticatedCipher. 2015-01-14 19:59:38 +00:00
akwizgran 03247aedd6 Log how long it takes to generate and verify signatures. 2015-01-14 19:09:37 +00:00
akwizgran 112d80420c Downgrade to 256-bit curve for performance. 
Also reduced hash function to 256 bits because our target security level
is now 128 bits.
 2015-01-09 13:23:44 +00:00
akwizgran 5d46d3a4b4 AuthenticatedCipher interface isn't needed outside crypto package. 2015-01-09 13:06:44 +00:00
akwizgran dc5e37a96d Remove AAD from AuthenticatedCipher interface. 2015-01-09 13:01:02 +00:00
Abraham Kiggundu 851151041e Pull-Merge of latest changes from main repo 2015-01-08 11:54:47 +03:00
akwizgran 4e57029d98 Use constant-time GCM multiplier. 2015-01-06 19:30:11 +00:00
akwizgran 1f69f0d2f6 Variable-length frames (untested). 2015-01-05 17:35:45 +00:00
akwizgran d3bf2d59a1 Use the same maximum frame length for all transports. 2015-01-05 16:24:44 +00:00
akwizgran 358166bc12 Don't try to erase secrets from memory. 
1. The things we're really trying to protect - contact identities,
message contents, etc - can't be erased from memory because they're
encapsulated inside objects we don't control.

2. Long-term secrets can't be protected by erasing them from memory
because they're stored in the database and the database key has to be
held in memory whenever the app's running.

3. If the runtime uses a compacting garbage collector then we have no
way to ensure an object is erased from memory.

4. Trying to erase secrets from memory makes the code more complex.

Conclusion: Let's not try to protect secrets from an attacker who can
read arbitrary memory locations.
 2014-12-29 21:08:27 +00:00
akwizgran f316d64afa Moved stream crypto to crypto component. 2014-12-29 19:55:05 +00:00
Abraham Kiggundu 9a2e93ebb9 cleanup 2014-12-26 17:35:37 +03:00
Abraham Kiggundu b074978472 Improved encapsulation of thread synchronisation as follows 
- replaced use of Object instance mutex with a private final Lock object
- replaced Object signaling with specific condition signalling
 2014-12-26 16:40:46 +03:00
akwizgran 8584194138 Removed redundant parameter checks. 2014-11-09 16:59:08 +00:00
akwizgran 9dbabdeceb Document the contract of DatabaseExecutor. 2014-11-08 16:40:22 +00:00
akwizgran 7b8181e309 Massive refactoring to merge handling of simplex and duplex connections. 2014-11-04 16:51:25 +00:00
akwizgran b24f153704 Renamed a load of things from 'connection' to 'stream'. 2014-10-08 16:21:55 +01:00
akwizgran 3dab4543e6 Combine the system's PRNG with Fortuna, in case either one is flawed. 2014-10-08 15:03:19 +01:00
akwizgran bb38911dc8 SecureRandom impl that XORs the outputs of other impls (not yet used). 
This can be used to combine e.g. the platform's SecureRandom
implementation with our own, so that a weakness in either source doesn't
harm security as long as the other source is strong.
 2014-10-08 15:03:02 +01:00
akwizgran 2f9ef8fcaf Log the running time of ECDH shared secret derivation. 2014-03-22 17:06:42 +00:00
akwizgran fc66f6ed8a Log the running time of key validation and message verification. 2014-03-22 00:30:29 +00:00
akwizgran 007ddac880 Use the Montgomery ladder multiplier to avoid side-channel attacks. 2014-03-19 22:52:53 +00:00
akwizgran e5353dc6d4 Replaced AuthenticatedCipher opmode with a boolean. 2014-01-16 18:59:02 +00:00
akwizgran 4ac85e955f Deterministic signatures (RFC 6979). 2014-01-16 18:52:59 +00:00