diff --git a/api/net/sf/briar/api/crypto/CryptoComponent.java b/api/net/sf/briar/api/crypto/CryptoComponent.java
index 75c6b726f90b80bfea4b2844b78f62fc0949b233..a9322319896fd0491abef6f1f96c1e5ab2e6fe92 100644
--- a/api/net/sf/briar/api/crypto/CryptoComponent.java
+++ b/api/net/sf/briar/api/crypto/CryptoComponent.java
@@ -6,26 +6,23 @@ import java.security.Signature;
import javax.crypto.Cipher;
import javax.crypto.Mac;
-import javax.crypto.SecretKey;
public interface CryptoComponent {
- SecretKey deriveIncomingFrameKey(byte[] secret);
+ ErasableKey deriveIncomingFrameKey(byte[] secret);
- SecretKey deriveIncomingIvKey(byte[] secret);
+ ErasableKey deriveIncomingIvKey(byte[] secret);
- SecretKey deriveIncomingMacKey(byte[] secret);
+ ErasableKey deriveIncomingMacKey(byte[] secret);
- SecretKey deriveOutgoingFrameKey(byte[] secret);
+ ErasableKey deriveOutgoingFrameKey(byte[] secret);
- SecretKey deriveOutgoingIvKey(byte[] secret);
+ ErasableKey deriveOutgoingIvKey(byte[] secret);
- SecretKey deriveOutgoingMacKey(byte[] secret);
+ ErasableKey deriveOutgoingMacKey(byte[] secret);
KeyPair generateKeyPair();
- SecretKey generateSecretKey();
-
Cipher getFrameCipher();
Cipher getIvCipher();
@@ -39,4 +36,6 @@ public interface CryptoComponent {
SecureRandom getSecureRandom();
Signature getSignature();
+
+ ErasableKey generateTestKey();
}
diff --git a/api/net/sf/briar/api/crypto/ErasableKey.java b/api/net/sf/briar/api/crypto/ErasableKey.java
new file mode 100644
index 0000000000000000000000000000000000000000..2a46356c95f168670a74a69093e8a32e3d435e1e
--- /dev/null
+++ b/api/net/sf/briar/api/crypto/ErasableKey.java
@@ -0,0 +1,9 @@
+package net.sf.briar.api.crypto;
+
+import javax.crypto.SecretKey;
+
+public interface ErasableKey extends SecretKey {
+
+ /** Erases the key from memory. */
+ void erase();
+}
diff --git a/components/net/sf/briar/crypto/CryptoComponentImpl.java b/components/net/sf/briar/crypto/CryptoComponentImpl.java
index f0b3173dea8144e75c6a9f0d8ba5c3702817f82d..cd64e056554d7063185fef4aaa80082b9da32927 100644
--- a/components/net/sf/briar/crypto/CryptoComponentImpl.java
+++ b/components/net/sf/briar/crypto/CryptoComponentImpl.java
@@ -10,13 +10,11 @@ import java.security.Security;
import java.security.Signature;
import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
import net.sf.briar.api.crypto.CryptoComponent;
+import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.crypto.KeyParser;
import net.sf.briar.api.crypto.MessageDigest;
@@ -32,14 +30,13 @@ class CryptoComponentImpl implements CryptoComponent {
private static final int KEY_PAIR_BITS = 256;
private static final String FRAME_CIPHER_ALGO = "AES/CTR/NoPadding";
private static final String SECRET_KEY_ALGO = "AES";
- private static final int SECRET_KEY_BITS = 256;
+ private static final int SECRET_KEY_BYTES = 32;
private static final String IV_CIPHER_ALGO = "AES/ECB/NoPadding";
private static final String MAC_ALGO = "HMacSHA256";
private static final String SIGNATURE_ALGO = "ECDSA";
private final KeyParser keyParser;
private final KeyPairGenerator keyPairGenerator;
- private final KeyGenerator keyGenerator;
@Inject
CryptoComponentImpl() {
@@ -49,9 +46,6 @@ class CryptoComponentImpl implements CryptoComponent {
keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGO,
PROVIDER);
keyPairGenerator.initialize(KEY_PAIR_BITS);
- keyGenerator = KeyGenerator.getInstance(SECRET_KEY_ALGO,
- PROVIDER);
- keyGenerator.init(SECRET_KEY_BITS);
} catch(NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} catch(NoSuchProviderException e) {
@@ -59,58 +53,59 @@ class CryptoComponentImpl implements CryptoComponent {
}
}
- public SecretKey deriveIncomingFrameKey(byte[] secret) {
+ public ErasableKey deriveIncomingFrameKey(byte[] secret) {
SharedSecret s = new SharedSecret(secret);
return deriveFrameKey(s, !s.getAlice());
}
- private SecretKey deriveFrameKey(SharedSecret s, boolean alice) {
+ private ErasableKey deriveFrameKey(SharedSecret s, boolean alice) {
if(alice) return deriveKey("F_A", s.getSecret());
else return deriveKey("F_B", s.getSecret());
}
- private SecretKey deriveKey(String name, byte[] secret) {
+ private ErasableKey deriveKey(String name, byte[] secret) {
MessageDigest digest = getMessageDigest();
+ assert digest.getDigestLength() == SECRET_KEY_BYTES;
try {
digest.update(name.getBytes("UTF-8"));
} catch(UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
digest.update(secret);
- return new SecretKeySpec(digest.digest(), SECRET_KEY_ALGO);
+ return new ErasableKeyImpl(digest.digest(), SECRET_KEY_ALGO);
}
- public SecretKey deriveIncomingIvKey(byte[] secret) {
+ public ErasableKey deriveIncomingIvKey(byte[] secret) {
SharedSecret s = new SharedSecret(secret);
return deriveIvKey(s, !s.getAlice());
}
- private SecretKey deriveIvKey(SharedSecret s, boolean alice) {
+ private ErasableKey deriveIvKey(SharedSecret s, boolean alice) {
if(alice) return deriveKey("I_A", s.getSecret());
else return deriveKey("I_B", s.getSecret());
}
- public SecretKey deriveIncomingMacKey(byte[] secret) {
+ public ErasableKey deriveIncomingMacKey(byte[] secret) {
SharedSecret s = new SharedSecret(secret);
return deriveMacKey(s, !s.getAlice());
}
- private SecretKey deriveMacKey(SharedSecret s, boolean alice) {
+ private ErasableKey deriveMacKey(SharedSecret s, boolean alice) {
if(alice) return deriveKey("M_A", s.getSecret());
else return deriveKey("M_B", s.getSecret());
}
- public SecretKey deriveOutgoingFrameKey(byte[] secret) {
+ public ErasableKey deriveOutgoingFrameKey(byte[] secret) {
SharedSecret s = new SharedSecret(secret);
return deriveFrameKey(s, s.getAlice());
}
- public SecretKey deriveOutgoingIvKey(byte[] secret) {
+ public ErasableKey deriveOutgoingIvKey(byte[] secret) {
SharedSecret s = new SharedSecret(secret);
return deriveIvKey(s, s.getAlice());
}
- public SecretKey deriveOutgoingMacKey(byte[] secret) {
+ public ErasableKey deriveOutgoingMacKey(byte[] secret) {
SharedSecret s = new SharedSecret(secret);
return deriveMacKey(s, s.getAlice());
}
@@ -119,10 +114,6 @@ class CryptoComponentImpl implements CryptoComponent {
return keyPairGenerator.generateKeyPair();
}
- public SecretKey generateSecretKey() {
- return keyGenerator.generateKey();
- }
-
public Cipher getFrameCipher() {
try {
return Cipher.getInstance(FRAME_CIPHER_ALGO, PROVIDER);
@@ -186,4 +177,10 @@ class CryptoComponentImpl implements CryptoComponent {
throw new RuntimeException(e);
}
}
+
+ public ErasableKey generateTestKey() {
+ byte[] b = new byte[SECRET_KEY_BYTES];
+ getSecureRandom().nextBytes(b);
+ return new ErasableKeyImpl(b, SECRET_KEY_ALGO);
+ }
}
diff --git a/components/net/sf/briar/crypto/ErasableKeyImpl.java b/components/net/sf/briar/crypto/ErasableKeyImpl.java
new file mode 100644
index 0000000000000000000000000000000000000000..209699a3c56525d2fbd33e8cbeed75d9cf4a3c59
--- /dev/null
+++ b/components/net/sf/briar/crypto/ErasableKeyImpl.java
@@ -0,0 +1,55 @@
+package net.sf.briar.crypto;
+
+import java.util.Arrays;
+
+import net.sf.briar.api.crypto.ErasableKey;
+
+class ErasableKeyImpl implements ErasableKey {
+
+ private static final long serialVersionUID = -4438380720846443120L;
+
+ private final byte[] key;
+ private final String algorithm;
+ private boolean erased = false;
+
+ ErasableKeyImpl(byte[] key, String algorithm) {
+ this.key = key;
+ this.algorithm = algorithm;
+ }
+
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ public byte[] getEncoded() {
+ if(erased) throw new IllegalStateException();
+ byte[] b = new byte[key.length];
+ System.arraycopy(key, 0, b, 0, key.length);
+ return b;
+ }
+
+ public String getFormat() {
+ return "RAW";
+ }
+
+ public void erase() {
+ if(erased) throw new IllegalStateException();
+ for(int i = 0; i < key.length; i++) key[i] = 0;
+ erased = true;
+ }
+
+ @Override
+ public int hashCode() {
+ // Not good, but the array can't be used because it's mutable
+ return algorithm.hashCode();
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if(o instanceof ErasableKeyImpl) {
+ ErasableKeyImpl e = (ErasableKeyImpl) o;
+ return algorithm.equals(e.algorithm) && Arrays.equals(key, e.key);
+ }
+ return false;
+ }
+}
diff --git a/components/net/sf/briar/transport/ConnectionDecrypterImpl.java b/components/net/sf/briar/transport/ConnectionDecrypterImpl.java
index 99c1389910ed2a70a4f93f5ff88ca62d5018600b..3f6f426baa95681b357a159b86787fd73c91823f 100644
--- a/components/net/sf/briar/transport/ConnectionDecrypterImpl.java
+++ b/components/net/sf/briar/transport/ConnectionDecrypterImpl.java
@@ -13,7 +13,7 @@ import java.security.InvalidKeyException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
@@ -21,7 +21,7 @@ class ConnectionDecrypterImpl extends FilterInputStream
implements ConnectionDecrypter {
private final Cipher frameCipher;
- private final SecretKey frameKey;
+ private final ErasableKey frameKey;
private final byte[] iv, buf;
private int bufOff = 0, bufLen = 0;
@@ -29,7 +29,7 @@ implements ConnectionDecrypter {
private boolean betweenFrames = true;
ConnectionDecrypterImpl(InputStream in, byte[] iv, Cipher frameCipher,
- SecretKey frameKey) {
+ ErasableKey frameKey) {
super(in);
if(iv.length != IV_LENGTH) throw new IllegalArgumentException();
this.iv = iv;
diff --git a/components/net/sf/briar/transport/ConnectionEncrypterImpl.java b/components/net/sf/briar/transport/ConnectionEncrypterImpl.java
index 5c8c473ad4ed64f3483b836bf91a26e15584777d..5494b84bc1fbb1435389dd0188f381b3a1940614 100644
--- a/components/net/sf/briar/transport/ConnectionEncrypterImpl.java
+++ b/components/net/sf/briar/transport/ConnectionEncrypterImpl.java
@@ -12,22 +12,22 @@ import java.security.InvalidKeyException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import javax.crypto.spec.IvParameterSpec;
class ConnectionEncrypterImpl extends FilterOutputStream
implements ConnectionEncrypter {
private final Cipher frameCipher;
- private final SecretKey frameKey;
+ private final ErasableKey frameKey;
private final byte[] iv, encryptedIv;
private long capacity, frame = 0L;
private boolean ivWritten = false, betweenFrames = false;
ConnectionEncrypterImpl(OutputStream out, long capacity, byte[] iv,
- Cipher ivCipher, Cipher frameCipher, SecretKey ivKey,
- SecretKey frameKey) {
+ Cipher ivCipher, Cipher frameCipher, ErasableKey ivKey,
+ ErasableKey frameKey) {
super(out);
this.capacity = capacity;
this.iv = iv;
diff --git a/components/net/sf/briar/transport/ConnectionReaderFactoryImpl.java b/components/net/sf/briar/transport/ConnectionReaderFactoryImpl.java
index 588837758dfb3f87304aa75c11779b7c51a5e0fb..b48a564badfc33136bec625a8492eae10402b8e3 100644
--- a/components/net/sf/briar/transport/ConnectionReaderFactoryImpl.java
+++ b/components/net/sf/briar/transport/ConnectionReaderFactoryImpl.java
@@ -7,7 +7,7 @@ import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.crypto.CryptoComponent;
import net.sf.briar.api.protocol.TransportIndex;
@@ -29,7 +29,7 @@ class ConnectionReaderFactoryImpl implements ConnectionReaderFactory {
TransportIndex i, byte[] encryptedIv, byte[] secret) {
// Decrypt the IV
Cipher ivCipher = crypto.getIvCipher();
- SecretKey ivKey = crypto.deriveIncomingIvKey(secret);
+ ErasableKey ivKey = crypto.deriveIncomingIvKey(secret);
byte[] iv;
try {
ivCipher.init(Cipher.DECRYPT_MODE, ivKey);
@@ -60,12 +60,12 @@ class ConnectionReaderFactoryImpl implements ConnectionReaderFactory {
byte[] iv = IvEncoder.encodeIv(initiator, i, connection);
// Create the decrypter
Cipher frameCipher = crypto.getFrameCipher();
- SecretKey frameKey = crypto.deriveIncomingFrameKey(secret);
+ ErasableKey frameKey = crypto.deriveIncomingFrameKey(secret);
ConnectionDecrypter decrypter = new ConnectionDecrypterImpl(in, iv,
frameCipher, frameKey);
// Create the reader
Mac mac = crypto.getMac();
- SecretKey macKey = crypto.deriveIncomingMacKey(secret);
+ ErasableKey macKey = crypto.deriveIncomingMacKey(secret);
return new ConnectionReaderImpl(decrypter, mac, macKey);
}
}
diff --git a/components/net/sf/briar/transport/ConnectionReaderImpl.java b/components/net/sf/briar/transport/ConnectionReaderImpl.java
index a41559e8d3d9f50f69bc52b781552fc27f3002eb..c637458f14d8510bba7604d6f1d14aa148a1b3cd 100644
--- a/components/net/sf/briar/transport/ConnectionReaderImpl.java
+++ b/components/net/sf/briar/transport/ConnectionReaderImpl.java
@@ -11,7 +11,7 @@ import java.security.InvalidKeyException;
import java.util.Arrays;
import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.FormatException;
import net.sf.briar.api.transport.ConnectionReader;
@@ -30,7 +30,7 @@ implements ConnectionReader {
private boolean betweenFrames = true;
ConnectionReaderImpl(ConnectionDecrypter decrypter, Mac mac,
- SecretKey macKey) {
+ ErasableKey macKey) {
super(decrypter.getInputStream());
this.decrypter = decrypter;
this.mac = mac;
diff --git a/components/net/sf/briar/transport/ConnectionRecogniserImpl.java b/components/net/sf/briar/transport/ConnectionRecogniserImpl.java
index b82bbec12a7f4f5a1d161e8252db6ca00fa2089f..34bd3a2e1552f9d513193d0f8c0bd7f227d73a7c 100644
--- a/components/net/sf/briar/transport/ConnectionRecogniserImpl.java
+++ b/components/net/sf/briar/transport/ConnectionRecogniserImpl.java
@@ -14,7 +14,7 @@ import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.Bytes;
import net.sf.briar.api.ContactId;
@@ -75,7 +75,7 @@ DatabaseListener {
}
private synchronized void calculateIvs(ContactId c) throws DbException {
- SecretKey ivKey = crypto.deriveIncomingIvKey(db.getSharedSecret(c));
+ ErasableKey ivKey = crypto.deriveIncomingIvKey(db.getSharedSecret(c));
for(TransportId t : localTransportIds) {
TransportIndex i = db.getRemoteIndex(c, t);
if(i != null) {
@@ -86,7 +86,7 @@ DatabaseListener {
}
private synchronized void calculateIvs(ContactId c, TransportId t,
- TransportIndex i, SecretKey ivKey, ConnectionWindow w)
+ TransportIndex i, ErasableKey ivKey, ConnectionWindow w)
throws DbException {
for(Long unseen : w.getUnseen()) {
Bytes iv = new Bytes(encryptIv(i, unseen, ivKey));
@@ -95,7 +95,7 @@ DatabaseListener {
}
private synchronized byte[] encryptIv(TransportIndex i, long connection,
- SecretKey ivKey) {
+ ErasableKey ivKey) {
byte[] iv = IvEncoder.encodeIv(true, i, connection);
try {
ivCipher.init(Cipher.ENCRYPT_MODE, ivKey);
@@ -131,7 +131,7 @@ DatabaseListener {
TransportIndex i1 = ctx1.getTransportIndex();
if(c1.equals(c) && i1.equals(i)) it.remove();
}
- SecretKey ivKey = crypto.deriveIncomingIvKey(db.getSharedSecret(c));
+ ErasableKey ivKey = crypto.deriveIncomingIvKey(db.getSharedSecret(c));
calculateIvs(c, ctx.getTransportId(), i, ivKey, w);
} catch(NoSuchContactException e) {
// The contact was removed - clean up when we get the event
@@ -182,7 +182,7 @@ DatabaseListener {
for(ContactId c : db.getContacts()) {
try {
byte[] secret = db.getSharedSecret(c);
- SecretKey ivKey = crypto.deriveIncomingIvKey(secret);
+ ErasableKey ivKey = crypto.deriveIncomingIvKey(secret);
TransportIndex i = db.getRemoteIndex(c, t);
if(i != null) {
ConnectionWindow w = db.getConnectionWindow(c, i);
diff --git a/components/net/sf/briar/transport/ConnectionWriterFactoryImpl.java b/components/net/sf/briar/transport/ConnectionWriterFactoryImpl.java
index cabf922762fd4d7c66e45aacd949f53465399d4e..822f6223b43b311ee6c00969b860350560777476 100644
--- a/components/net/sf/briar/transport/ConnectionWriterFactoryImpl.java
+++ b/components/net/sf/briar/transport/ConnectionWriterFactoryImpl.java
@@ -7,7 +7,7 @@ import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.crypto.CryptoComponent;
import net.sf.briar.api.protocol.TransportIndex;
@@ -36,7 +36,7 @@ class ConnectionWriterFactoryImpl implements ConnectionWriterFactory {
byte[] secret) {
// Decrypt the IV
Cipher ivCipher = crypto.getIvCipher();
- SecretKey ivKey = crypto.deriveIncomingIvKey(secret);
+ ErasableKey ivKey = crypto.deriveIncomingIvKey(secret);
byte[] iv;
try {
ivCipher.init(Cipher.DECRYPT_MODE, ivKey);
@@ -63,14 +63,14 @@ class ConnectionWriterFactoryImpl implements ConnectionWriterFactory {
// Create the encrypter
Cipher ivCipher = crypto.getIvCipher();
Cipher frameCipher = crypto.getFrameCipher();
- SecretKey ivKey = crypto.deriveOutgoingIvKey(secret);
- SecretKey frameKey = crypto.deriveOutgoingFrameKey(secret);
+ ErasableKey ivKey = crypto.deriveOutgoingIvKey(secret);
+ ErasableKey frameKey = crypto.deriveOutgoingFrameKey(secret);
byte[] iv = IvEncoder.encodeIv(initiator, i, connection);
ConnectionEncrypter encrypter = new ConnectionEncrypterImpl(out,
capacity, iv, ivCipher, frameCipher, ivKey, frameKey);
// Create the writer
Mac mac = crypto.getMac();
- SecretKey macKey = crypto.deriveOutgoingMacKey(secret);
+ ErasableKey macKey = crypto.deriveOutgoingMacKey(secret);
return new ConnectionWriterImpl(encrypter, mac, macKey);
}
}
diff --git a/components/net/sf/briar/transport/ConnectionWriterImpl.java b/components/net/sf/briar/transport/ConnectionWriterImpl.java
index 62dc17fcfa5d3c39b0cc81a9a7472e9d046af1d8..e66c373bc836608986039b0b5ff692ca515abd8a 100644
--- a/components/net/sf/briar/transport/ConnectionWriterImpl.java
+++ b/components/net/sf/briar/transport/ConnectionWriterImpl.java
@@ -10,7 +10,7 @@ import java.io.OutputStream;
import java.security.InvalidKeyException;
import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.api.transport.ConnectionWriter;
import net.sf.briar.util.ByteUtils;
@@ -31,7 +31,7 @@ implements ConnectionWriter {
protected long frame = 0L;
ConnectionWriterImpl(ConnectionEncrypter encrypter, Mac mac,
- SecretKey macKey) {
+ ErasableKey macKey) {
super(encrypter.getOutputStream());
this.encrypter = encrypter;
this.mac = mac;
diff --git a/components/net/sf/briar/transport/PaddedConnectionWriter.java b/components/net/sf/briar/transport/PaddedConnectionWriter.java
index d93a922c4fc183019c530c4a059b8f18aff82265..52e4430646df2c134fb4fa9870ffa0ebf7a3e8b7 100644
--- a/components/net/sf/briar/transport/PaddedConnectionWriter.java
+++ b/components/net/sf/briar/transport/PaddedConnectionWriter.java
@@ -5,7 +5,7 @@ import static net.sf.briar.util.ByteUtils.MAX_32_BIT_UNSIGNED;
import java.io.IOException;
import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import net.sf.briar.util.ByteUtils;
@@ -23,7 +23,7 @@ class PaddedConnectionWriter extends ConnectionWriterImpl {
private IOException exception = null;
PaddedConnectionWriter(ConnectionEncrypter encrypter, Mac mac,
- SecretKey macKey) {
+ ErasableKey macKey) {
super(encrypter, mac, macKey);
padding = new byte[maxPayloadLength];
}
diff --git a/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java b/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
index 369ad8c5e0c84daa4b93af3df3af0aceed66d0ac..6f609aeb27642be9b6a5aa51c0541e454c70b73e 100644
--- a/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionDecrypterImplTest.java
@@ -6,7 +6,7 @@ import static org.junit.Assert.assertArrayEquals;
import java.io.ByteArrayInputStream;
import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import javax.crypto.spec.IvParameterSpec;
import junit.framework.TestCase;
@@ -26,7 +26,7 @@ public class ConnectionDecrypterImplTest extends TestCase {
private static final int MAC_LENGTH = 32;
private final Cipher ivCipher, frameCipher;
- private final SecretKey ivKey, frameKey;
+ private final ErasableKey ivKey, frameKey;
private final TransportIndex transportIndex = new TransportIndex(13);
private final long connection = 12345L;
@@ -36,8 +36,8 @@ public class ConnectionDecrypterImplTest extends TestCase {
CryptoComponent crypto = i.getInstance(CryptoComponent.class);
ivCipher = crypto.getIvCipher();
frameCipher = crypto.getFrameCipher();
- ivKey = crypto.generateSecretKey();
- frameKey = crypto.generateSecretKey();
+ ivKey = crypto.generateTestKey();
+ frameKey = crypto.generateTestKey();
}
@Test
diff --git a/test/net/sf/briar/transport/ConnectionEncrypterImplTest.java b/test/net/sf/briar/transport/ConnectionEncrypterImplTest.java
index 9f191da7f2e67880f2bdb4002ed9de1ea04f2547..d6ad51a28c0549a436db6b264f164940b28b0087 100644
--- a/test/net/sf/briar/transport/ConnectionEncrypterImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionEncrypterImplTest.java
@@ -6,7 +6,7 @@ import static org.junit.Assert.assertArrayEquals;
import java.io.ByteArrayOutputStream;
import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import javax.crypto.spec.IvParameterSpec;
import junit.framework.TestCase;
@@ -24,7 +24,7 @@ public class ConnectionEncrypterImplTest extends TestCase {
private static final int MAC_LENGTH = 32;
private final Cipher ivCipher, frameCipher;
- private final SecretKey ivKey, frameKey;
+ private final ErasableKey ivKey, frameKey;
private final TransportIndex transportIndex = new TransportIndex(13);
private final long connection = 12345L;
@@ -34,8 +34,8 @@ public class ConnectionEncrypterImplTest extends TestCase {
CryptoComponent crypto = i.getInstance(CryptoComponent.class);
ivCipher = crypto.getIvCipher();
frameCipher = crypto.getFrameCipher();
- ivKey = crypto.generateSecretKey();
- frameKey = crypto.generateSecretKey();
+ ivKey = crypto.generateTestKey();
+ frameKey = crypto.generateTestKey();
}
@Test
diff --git a/test/net/sf/briar/transport/ConnectionRecogniserImplTest.java b/test/net/sf/briar/transport/ConnectionRecogniserImplTest.java
index e01d7e2518cebdbe41016a8bb4803cf31a4a076a..056e478c929aedf827aa51fa2a7adc1367900a77 100644
--- a/test/net/sf/briar/transport/ConnectionRecogniserImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionRecogniserImplTest.java
@@ -6,7 +6,7 @@ import java.util.Collection;
import java.util.Collections;
import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import junit.framework.TestCase;
import net.sf.briar.TestUtils;
@@ -79,7 +79,7 @@ public class ConnectionRecogniserImplTest extends TestCase {
@Test
public void testExpectedIv() throws Exception {
// Calculate the expected IV for connection number 3
- SecretKey ivKey = crypto.deriveIncomingIvKey(secret);
+ ErasableKey ivKey = crypto.deriveIncomingIvKey(secret);
Cipher ivCipher = crypto.getIvCipher();
ivCipher.init(Cipher.ENCRYPT_MODE, ivKey);
byte[] iv = IvEncoder.encodeIv(true, remoteIndex, 3L);
diff --git a/test/net/sf/briar/transport/FrameReadWriteTest.java b/test/net/sf/briar/transport/FrameReadWriteTest.java
index 03d61462254b92cf84a359c2b6947c2b49d13849..aa002a2536b6e10f8e3714d69f78c45919887f9e 100644
--- a/test/net/sf/briar/transport/FrameReadWriteTest.java
+++ b/test/net/sf/briar/transport/FrameReadWriteTest.java
@@ -11,7 +11,7 @@ import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import junit.framework.TestCase;
import net.sf.briar.api.crypto.CryptoComponent;
@@ -29,7 +29,7 @@ public class FrameReadWriteTest extends TestCase {
private final CryptoComponent crypto;
private final Cipher ivCipher, frameCipher;
- private final SecretKey ivKey, frameKey, macKey;
+ private final ErasableKey ivKey, frameKey, macKey;
private final Mac mac;
private final Random random;
private final byte[] secret = new byte[100];
diff --git a/test/net/sf/briar/transport/TransportTest.java b/test/net/sf/briar/transport/TransportTest.java
index 21e8ce23103849946f6a6869a6ab162b297236de..301ca4bd075a91062218d29a454eba526a9af545 100644
--- a/test/net/sf/briar/transport/TransportTest.java
+++ b/test/net/sf/briar/transport/TransportTest.java
@@ -3,7 +3,7 @@ package net.sf.briar.transport;
import static net.sf.briar.api.transport.TransportConstants.MAX_FRAME_LENGTH;
import javax.crypto.Mac;
-import javax.crypto.SecretKey;
+import net.sf.briar.api.crypto.ErasableKey;
import junit.framework.TestCase;
import net.sf.briar.api.crypto.CryptoComponent;
@@ -16,7 +16,7 @@ import com.google.inject.Injector;
public abstract class TransportTest extends TestCase {
protected final Mac mac;
- protected final SecretKey macKey;
+ protected final ErasableKey macKey;
protected final int headerLength = 4, macLength, maxPayloadLength;
public TransportTest() throws Exception {
@@ -24,7 +24,7 @@ public abstract class TransportTest extends TestCase {
Injector i = Guice.createInjector(new CryptoModule());
CryptoComponent crypto = i.getInstance(CryptoComponent.class);
mac = crypto.getMac();
- macKey = crypto.generateSecretKey();
+ macKey = crypto.generateTestKey();
macLength = mac.getMacLength();
maxPayloadLength = MAX_FRAME_LENGTH - headerLength - macLength;
}