mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-12 18:59:06 +01:00
d6b260ed61
This makes us Suite B compliant and saves 32 bytes per frame. The AES/GCM implementation refuses to decrypt the frame header before checking the MAC, so we have to use AES/CTR to peek at the header. The header is still covered by the MAC, and we still check it after peeking!
21 lines
557 B
Java
21 lines
557 B
Java
package net.sf.briar.crypto;
|
|
|
|
import net.sf.briar.util.ByteUtils;
|
|
|
|
class FramePeekingIvEncoder extends FrameIvEncoder {
|
|
|
|
// AES/CTR uses a 128-bit IV; to match the AES/GCM IV we have to append
|
|
// the bytes 0x00, 0x00, 0x00, 0x02 (see NIST SP 800-38D, section 7.1)
|
|
private static final int IV_LENGTH = 16;
|
|
|
|
@Override
|
|
public byte[] encodeIv(long frame) {
|
|
if(frame < 0 || frame > ByteUtils.MAX_32_BIT_UNSIGNED)
|
|
throw new IllegalArgumentException();
|
|
byte[] iv = new byte[IV_LENGTH];
|
|
iv[IV_LENGTH - 1] = 2;
|
|
updateIv(iv, frame);
|
|
return iv;
|
|
}
|
|
}
|