The Request packet now contains a list of message IDs, rather than a
bitmap referring to the list of messages IDs in the Offer. This allows
the Request to be understood out of context, e.g. if the Offer and
Request are sent over separate connections or a connection is replayed.
We don't need to call HMAC-SHA-384 more than once to get 256 bits of key
material. The code will throw a RuntimeException if CIPHER_KEY_BYTES is
changed in future so that one iteration's no longer enough.
Fixes bug #25. CMAC is used as the PRF. Note that we're currently using
a version of Spongy Castle with a CMAC implementation that's vulnerable
to a side-channel attack - this has been reported and fixed upstream but
we haven't yet upgraded to the fixed version.
Both devices try to make outgoing connections and accept incoming
connections simultaneously. This should lead to faster connection
establishment when there are asymmetrical connectivity problems, such as
devices that are unable to receive LAN multicast packets or make
themselves discoverable via Bluetooth.
Various thread safety fixes, saner use of exceptions, and code
reformatting. The Tor plugin now creates a single control connection at
startup and closes it at shutdown. Fixes issue #3611962.
To fix issue #3611966, KeyManagerImpl's handling of TransportAddedEvent
was made asynchronous. This made it possible for a thread to call
KeyManager.endpointAdded() before the KeyManager had asynchronously
handled the TransportAddedEvent from a previous call to
DatabaseComponent.addTransport().
CryptoExecutor and DatabaseExecutor now use bounded thread pools with
unbounded queues, since running too many tasks in parallel is likely to
harm performance; IncomingConnectionExecutor, PluginExecutor and
ReliabilityExecutor use unbounded thread pools with direct handoff,
since their tasks may run indefinitely. There are no longer any bounded
executors, and all executors discard tasks when shutting down, which
fixes issue #3612189.
Responsibility for starting and stopping services has been moved from
BriarService in briar-android to LifecycleManagerImpl in briar-core.
However, BriarService is still responsible for stopping the
Android-specific executors, which is ugly. It would be better if
executors registered themselves with LifecycleManager.
Android doesn't currently store bundles persistently, so it's premature
to protect against accidental information leaks through persistent
bundle storage. Protecting against deliberate information leaks by the
OS is probably futile, so there's currently no need for bundle
encryption.
