From 4e57029d9819b7611df3fadb4f9b41fbe0d4d2de Mon Sep 17 00:00:00 2001
From: akwizgran <akwizgran@users.sourceforge.net>
Date: Tue, 6 Jan 2015 19:30:11 +0000
Subject: [PATCH] Use constant-time GCM multiplier.

---
 .../briarproject/api/crypto/CryptoComponent.java |  2 +-
 .../briarproject/crypto/CryptoComponentImpl.java | 16 +++++++++-------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/briar-api/src/org/briarproject/api/crypto/CryptoComponent.java b/briar-api/src/org/briarproject/api/crypto/CryptoComponent.java
index 558077ae48..0f448daef8 100644
--- a/briar-api/src/org/briarproject/api/crypto/CryptoComponent.java
+++ b/briar-api/src/org/briarproject/api/crypto/CryptoComponent.java
@@ -65,7 +65,7 @@ public interface CryptoComponent {
 
 	/**
 	 * Derives a tag key from the given temporary secret.
-	 * @param alice indicates whether the key is for connections initiated by
+	 * @param alice indicates whether the key is for streams initiated by
 	 * Alice or Bob.
 	 */
 	SecretKey deriveTagKey(byte[] secret, boolean alice);
diff --git a/briar-core/src/org/briarproject/crypto/CryptoComponentImpl.java b/briar-core/src/org/briarproject/crypto/CryptoComponentImpl.java
index 10c2c0cffc..5612c40776 100644
--- a/briar-core/src/org/briarproject/crypto/CryptoComponentImpl.java
+++ b/briar-core/src/org/briarproject/crypto/CryptoComponentImpl.java
@@ -43,6 +43,7 @@ import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
 import org.spongycastle.crypto.macs.HMac;
 import org.spongycastle.crypto.modes.AEADBlockCipher;
 import org.spongycastle.crypto.modes.GCMBlockCipher;
+import org.spongycastle.crypto.modes.gcm.BasicGCMMultiplier;
 import org.spongycastle.crypto.params.ECKeyGenerationParameters;
 import org.spongycastle.crypto.params.ECPrivateKeyParameters;
 import org.spongycastle.crypto.params.ECPublicKeyParameters;
@@ -294,7 +295,12 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	public AuthenticatedCipher getFrameCipher() {
-		AEADBlockCipher a = new GCMBlockCipher(new AESLightEngine());
+		return getAuthenticatedCipher();
+	}
+
+	private AuthenticatedCipher getAuthenticatedCipher() {
+		AEADBlockCipher a = new GCMBlockCipher(new AESLightEngine(),
+				new BasicGCMMultiplier());
 		return new AuthenticatedCipherImpl(a, MAC_BYTES);
 	}
 
@@ -329,10 +335,8 @@ class CryptoComponentImpl implements CryptoComponent {
 		ByteUtils.writeUint32(iterations, output, salt.length);
 		System.arraycopy(iv, 0, output, salt.length + 4, iv.length);
 		// Initialise the cipher and encrypt the plaintext
+		AuthenticatedCipher cipher = getAuthenticatedCipher();
 		try {
-			AEADBlockCipher a = new GCMBlockCipher(new AESLightEngine());
-			AuthenticatedCipher cipher = new AuthenticatedCipherImpl(a,
-					MAC_BYTES);
 			cipher.init(true, key, iv, null);
 			int outputOff = salt.length + 4 + iv.length;
 			cipher.process(input, 0, input.length, output, outputOff);
@@ -356,10 +360,8 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Derive the key from the password
 		SecretKey key = new SecretKey(pbkdf2(password, salt, (int) iterations));
 		// Initialise the cipher
-		AuthenticatedCipher cipher;
+		AuthenticatedCipher cipher = getAuthenticatedCipher();
 		try {
-			AEADBlockCipher a = new GCMBlockCipher(new AESLightEngine());
-			cipher = new AuthenticatedCipherImpl(a, MAC_BYTES);
 			cipher.init(false, key, iv, null);
 		} catch(GeneralSecurityException e) {
 			throw new RuntimeException(e);
-- 
GitLab