From c280e213c8722326f770e3d1159bacb3dd54032d Mon Sep 17 00:00:00 2001
From: akwizgran <akwizgran@users.sourceforge.net>
Date: Sun, 9 Nov 2014 17:11:16 +0000
Subject: [PATCH] Don't send tags for invitation connections.

---
 .../invitation/AliceConnector.java            |  4 +-
 .../briarproject/invitation/BobConnector.java |  4 +-
 .../transport/OutgoingEncryptionLayer.java    |  2 +-
 .../transport/StreamWriterFactoryImpl.java    |  6 +--
 .../OutgoingEncryptionLayerTest.java          | 38 ++++++++++++++++---
 5 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/briar-core/src/org/briarproject/invitation/AliceConnector.java b/briar-core/src/org/briarproject/invitation/AliceConnector.java
index 1b8a9d61f0..9c7fd31f3a 100644
--- a/briar-core/src/org/briarproject/invitation/AliceConnector.java
+++ b/briar-core/src/org/briarproject/invitation/AliceConnector.java
@@ -133,11 +133,11 @@ class AliceConnector extends Connector {
 		int maxFrameLength = conn.getReader().getMaxFrameLength();
 		StreamReader streamReader =
 				streamReaderFactory.createInvitationStreamReader(in,
-						maxFrameLength, secret, false);
+						maxFrameLength, secret, false); // Bob's stream
 		r = readerFactory.createReader(streamReader.getInputStream());
 		StreamWriter streamWriter =
 				streamWriterFactory.createInvitationStreamWriter(out,
-						maxFrameLength, secret, true);
+						maxFrameLength, secret, true); // Alice's stream
 		w = writerFactory.createWriter(streamWriter.getOutputStream());
 		// Derive the invitation nonces
 		byte[][] nonces = crypto.deriveInvitationNonces(secret);
diff --git a/briar-core/src/org/briarproject/invitation/BobConnector.java b/briar-core/src/org/briarproject/invitation/BobConnector.java
index 5af921cfe3..205b3446dd 100644
--- a/briar-core/src/org/briarproject/invitation/BobConnector.java
+++ b/briar-core/src/org/briarproject/invitation/BobConnector.java
@@ -133,11 +133,11 @@ class BobConnector extends Connector {
 		int maxFrameLength = conn.getReader().getMaxFrameLength();
 		StreamReader streamReader =
 				streamReaderFactory.createInvitationStreamReader(in,
-						maxFrameLength, secret, true);
+						maxFrameLength, secret, true); // Alice's stream
 		r = readerFactory.createReader(streamReader.getInputStream());
 		StreamWriter streamWriter =
 				streamWriterFactory.createInvitationStreamWriter(out,
-						maxFrameLength, secret, false);
+						maxFrameLength, secret, false); // Bob's stream
 		w = writerFactory.createWriter(streamWriter.getOutputStream());
 		// Derive the nonces
 		byte[][] nonces = crypto.deriveInvitationNonces(secret);
diff --git a/briar-core/src/org/briarproject/transport/OutgoingEncryptionLayer.java b/briar-core/src/org/briarproject/transport/OutgoingEncryptionLayer.java
index 0d6d6ace97..1bb90c1e8c 100644
--- a/briar-core/src/org/briarproject/transport/OutgoingEncryptionLayer.java
+++ b/briar-core/src/org/briarproject/transport/OutgoingEncryptionLayer.java
@@ -35,7 +35,7 @@ class OutgoingEncryptionLayer implements FrameWriter {
 		aad = new byte[AAD_LENGTH];
 		ciphertext = new byte[frameLength];
 		frameNumber = 0;
-		writeTag = true;
+		writeTag = (tag != null);
 	}
 
 	public void writeFrame(byte[] frame, int payloadLength, boolean finalFrame)
diff --git a/briar-core/src/org/briarproject/transport/StreamWriterFactoryImpl.java b/briar-core/src/org/briarproject/transport/StreamWriterFactoryImpl.java
index 80185d74b0..638ecdff03 100644
--- a/briar-core/src/org/briarproject/transport/StreamWriterFactoryImpl.java
+++ b/briar-core/src/org/briarproject/transport/StreamWriterFactoryImpl.java
@@ -38,13 +38,9 @@ class StreamWriterFactoryImpl implements StreamWriterFactory {
 
 	public StreamWriter createInvitationStreamWriter(OutputStream out,
 			int maxFrameLength, byte[] secret, boolean alice) {
-		byte[] tag = new byte[TAG_LENGTH];
-		SecretKey tagKey = crypto.deriveTagKey(secret, alice);
-		crypto.encodeTag(tag, tagKey, 0);
-		tagKey.erase();
 		SecretKey frameKey = crypto.deriveFrameKey(secret, 0, alice);
 		FrameWriter frameWriter = new OutgoingEncryptionLayer(out,
-				crypto.getFrameCipher(), frameKey, maxFrameLength, tag);
+				crypto.getFrameCipher(), frameKey, maxFrameLength, null);
 		return new StreamWriterImpl(frameWriter, maxFrameLength);
 	}
 }
\ No newline at end of file
diff --git a/briar-tests/src/org/briarproject/transport/OutgoingEncryptionLayerTest.java b/briar-tests/src/org/briarproject/transport/OutgoingEncryptionLayerTest.java
index 93f0a53f9b..d9b7340335 100644
--- a/briar-tests/src/org/briarproject/transport/OutgoingEncryptionLayerTest.java
+++ b/briar-tests/src/org/briarproject/transport/OutgoingEncryptionLayerTest.java
@@ -7,6 +7,7 @@ import static org.briarproject.api.transport.TransportConstants.MAC_LENGTH;
 import static org.briarproject.api.transport.TransportConstants.TAG_LENGTH;
 
 import java.io.ByteArrayOutputStream;
+import java.util.Random;
 
 import org.briarproject.BriarTestCase;
 import org.briarproject.TestLifecycleModule;
@@ -28,18 +29,42 @@ public class OutgoingEncryptionLayerTest extends BriarTestCase {
 
 	private final CryptoComponent crypto;
 	private final AuthenticatedCipher frameCipher;
-	private final byte[] tag;
 
 	public OutgoingEncryptionLayerTest() {
 		Injector i = Guice.createInjector(new CryptoModule(),
 				new TestLifecycleModule(), new TestSystemModule());
 		crypto = i.getInstance(CryptoComponent.class);
 		frameCipher = crypto.getFrameCipher();
-		tag = new byte[TAG_LENGTH];
 	}
 
 	@Test
-	public void testEncryption() throws Exception {
+	public void testEncryptionWithoutTag() throws Exception {
+		int payloadLength = 123;
+		byte[] iv = new byte[IV_LENGTH], aad = new byte[AAD_LENGTH];
+		byte[] plaintext = new byte[FRAME_LENGTH - MAC_LENGTH];
+		byte[] ciphertext = new byte[FRAME_LENGTH];
+		SecretKey frameKey = crypto.generateSecretKey();
+		// Calculate the expected ciphertext
+		FrameEncoder.encodeIv(iv, 0);
+		FrameEncoder.encodeAad(aad, 0, plaintext.length);
+		frameCipher.init(true, frameKey, iv, aad);
+		FrameEncoder.encodeHeader(plaintext, false, payloadLength);
+		frameCipher.doFinal(plaintext, 0, plaintext.length, ciphertext, 0);
+		// Check that the actual ciphertext matches what's expected
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		OutgoingEncryptionLayer o = new OutgoingEncryptionLayer(out,
+				frameCipher, frameKey, FRAME_LENGTH, null);
+		o.writeFrame(new byte[FRAME_LENGTH - MAC_LENGTH], payloadLength, false);
+		byte[] actual = out.toByteArray();
+		assertEquals(FRAME_LENGTH, actual.length);
+		for(int i = 0; i < FRAME_LENGTH; i++)
+			assertEquals(ciphertext[i], actual[i]);
+	}
+
+	@Test
+	public void testEncryptionWithTag() throws Exception {
+		byte[] tag = new byte[TAG_LENGTH];
+		new Random().nextBytes(tag);
 		int payloadLength = 123;
 		byte[] iv = new byte[IV_LENGTH], aad = new byte[AAD_LENGTH];
 		byte[] plaintext = new byte[FRAME_LENGTH - MAC_LENGTH];
@@ -59,13 +84,14 @@ public class OutgoingEncryptionLayerTest extends BriarTestCase {
 		byte[] actual = out.toByteArray();
 		assertEquals(TAG_LENGTH + FRAME_LENGTH, actual.length);
 		for(int i = 0; i < TAG_LENGTH; i++) assertEquals(tag[i], actual[i]);
-		for(int i = 0; i < FRAME_LENGTH; i++) {
-			assertEquals("" + i, ciphertext[i], actual[TAG_LENGTH + i]);
-		}
+		for(int i = 0; i < FRAME_LENGTH; i++)
+			assertEquals(ciphertext[i], actual[TAG_LENGTH + i]);
 	}
 
 	@Test
 	public void testCloseConnectionWithoutWriting() throws Exception {
+		byte[] tag = new byte[TAG_LENGTH];
+		new Random().nextBytes(tag);
 		ByteArrayOutputStream out = new ByteArrayOutputStream();
 		// Initiator's constructor
 		OutgoingEncryptionLayer o = new OutgoingEncryptionLayer(out,
-- 
GitLab