[freenet-cvs] r14857 - in branches/freenet-jfk/src/freenet: crypt/crypto_Random node

Thu Aug 23 12:28:04 UTC 2007

Author: kryptos
Date: 2007-08-23 12:28:03 +0000 (Thu, 23 Aug 2007)
New Revision: 14857

Added:
   branches/freenet-jfk/src/freenet/node/HKrGenerator.java
Modified:
   branches/freenet-jfk/src/freenet/crypt/crypto_Random/session_Key.java
   branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
Log:
JFK branch compilation errors sorted

Modified: branches/freenet-jfk/src/freenet/crypt/crypto_Random/session_Key.java
===================================================================

--- branches/freenet-jfk/src/freenet/crypt/crypto_Random/session_Key.java	2007-08-23 04:20:50 UTC (rev 14856)
+++ branches/freenet-jfk/src/freenet/crypt/crypto_Random/session_Key.java	2007-08-23 12:28:03 UTC (rev 14857)
@@ -6,6 +6,9 @@
 public class session_Key
 {
 	
+        public session_Key(){
+            
+        }
 	/**
           *Session key.
           *The key is generated from Hash of Message:(Ni, Nr, 0) using the DF exponentials

Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
===================================================================
--- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java	2007-08-23 04:20:50 UTC (rev 14856)
+++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java	2007-08-23 12:28:03 UTC (rev 14857)
@@ -4,35 +4,39 @@
  * http://www.gnu.org/ for further details of the GPL. */
 package freenet.node;
 
+import com.sun.java_cup.internal.version;
+import freenet.io.comm.SocketHandler;
 import java.security.MessageDigest;
 import java.util.Arrays;
-import java.lang.*;
-import java.util.ArrayList;
-import java.util.*;
 import net.i2p.util.NativeBigInteger;
-import freenet.crypt.crypto_Random.*;
 import freenet.crypt.BlockCipher;
-import freenet.crypt.DSAGroup;
-import freenet.crypt.DSAPrivateKey;
-import freenet.crypt.DSAPublicKey;
 import freenet.crypt.DSASignature;
 import freenet.crypt.DiffieHellman;
 import freenet.crypt.DiffieHellmanContext;
-import freenet.crypt.DummyRandomSource;
 import freenet.crypt.EntropySource;
-import freenet.crypt.Global;
+import freenet.crypt.HMAC;
+import freenet.crypt.SHA1;
 import freenet.crypt.PCFBMode;
 import freenet.crypt.SHA256;
-import freenet.crypt.crypto_Random.*;
+import freenet.io.comm.AsyncMessageCallback;
+import freenet.io.comm.FreenetInetAddress;
+import freenet.io.comm.IncomingPacketFilter;
+import freenet.io.comm.Message;
 import freenet.io.comm.*;
+import freenet.io.comm.MessageCore;
+import freenet.io.comm.NotConnectedException;
 import freenet.io.comm.Peer.LocalAddressException;
 import freenet.support.Fields;
+import freenet.io.comm.PacketSocketHandler;
+import freenet.io.comm.Peer;
+import freenet.io.comm.PeerContext;
 import freenet.support.HexUtil;
 import freenet.support.Logger;
 import freenet.support.StringArray;
 import freenet.support.TimeUtil;
 import freenet.support.WouldBlockException;
 
+
 /**
  * @author amphibian
  * 
@@ -51,7 +55,7 @@
     final PacketSocketHandler sock;
     final EntropySource fnpTimingSource;
     final EntropySource myPacketDataSource;
-    final nonceGen ng;
+    
     private static final int MAX_PACKETS_IN_FLIGHT = 256; 
     private static final int RANDOM_BYTES_LENGTH = 12;
     private static final int HASH_LENGTH = 32;
@@ -330,8 +334,18 @@
         }
         else if (negType==2){
     		/*
-    		 * We implement Just Fast Keying key management protocol with active identity     		  * protection for the initiator and no identity protection for the responder
-    		 * Refer devNotes for detailed explanation of the protocol
+    		 * We implement Just Fast Keying key management protocol with active identity protection for the initiator and no identity protection for the responder
+    		 * M1:
+                 * This is a straightforward DiffieHellman exponential.
+                 * The Initiator Nonce serves two purposes;it allows the initiator to use the same exponentials during different sessions while ensuring that the resulting session key will be different,can be used to differentiate between parallel sessions 
+                 * M2:
+                 * Responder replies with a signed copy of his own exponential, a random nonce and an authenticator calculated from a transient hash key private to the responder.
+                 * We slightly deviate JFK here;we do not send any public key information as specified in the JFK docs 
+                 * M3:
+                 * Initiator echoes the data sent by the responder including the authenticator. 
+                 * This helps the responder verify the authenticity of the returned data. 
+                 * M4:
+                 * Encrypted message of the signature on both nonces, both exponentials using the same keys as in the previous message
     		 */ 
     		if(packetType<0 || packetType>3){
     			Logger.error(this,"Unknown PacketType" + packetType + "from" + replyTo + "from" +pn); 
@@ -343,7 +357,7 @@
                        * The Initiator Nonce serves two purposes;it allows the initiator to use the same 			 * exponentials during different sessions while ensuring that the resulting 			  * session key will be different,can be used to differentiate between
     		       * parallel sessions
     		       */
-    			ProcessMessage1(pn,payload,0);			
+    			ProcessMessage1(pn,replyTo,payload,0);			
     			
     		}
     		else if(packetType==1){
@@ -353,21 +367,21 @@
     		       * to the responder. We slightly deviate JFK here;we do not send any public
                        * key information as specified in the JFK docs
     		       */
-    			ProcessMessage2(pn,payload,1);
+    			ProcessMessage2(pn,replyTo,payload,1);
     		}
     		else if(packetType==2){
     		      /* Initiator echoes the data sent by the responder.These messages are
                        * cached by the Responder.Receiving a duplicate message simply causes
                        * the responder to Re-transmit the corresponding message4
                        */
-                        ProcessMessage3(pn,payload,2);
+                        ProcessMessage3(pn,replyTo,payload,2);
     		}
     		else if(packetType==3){
     		      /*
     		       * Encrypted message of the signature on both nonces, both exponentials 
     		       * using the same keys as in the previous message
     		       */
-    			ProcessMessage4(pn,payload,3);
+    			ProcessMessage4(pn,replyTo,payload,3);
     		}
         }
         else {
@@ -378,7 +392,7 @@
     /*
      * Initiator DH Exponential
      */
-    private byte[] Gi(){
+    private byte[] Gi(PeerNode pn){
                 DiffieHellmanContext dh=(DiffieHellmanContext)pn.getKeyAgreementSchemeContext();
                 if(dh==null)
                 {
@@ -391,7 +405,7 @@
     /*
      * Responder DH Exponential
      */
-    private byte[] Gr(){
+    private byte[] Gr(PeerNode pn){
                 DiffieHellmanContext dh=(DiffieHellmanContext)pn.getKeyAgreementSchemeContext();
                 if(dh==null)
                 {
@@ -420,31 +434,33 @@
      * @param The peerNode we are talking to
      * @param Payload
      */	
-    private void ProcessMessage1(PeerNode pn,byte[] payload,int phase)
+    private void ProcessMessage1(PeerNode pn,Peer replyTo,byte[] payload,int phase)
     {
                 long t1=System.currentTimeMillis();
-                byte[] message1=new byte[iNonce().length + Gi().length+1];
+                              
+                byte[] message1=new byte[iNonce().length + Gi(pn).length+1];
                 System.arraycopy(iNonce(),0,message1,0,iNonce().length);
-                System.arraycopy(Gi(),0,message1,iNonce().length+1,Gi().length);
+                System.arraycopy(Gi(pn),0,message1,iNonce().length+1,Gi(pn).length);
                 //Send params:Version,negType,phase,data,peernode,peer
                 sendMessage1or2Packet(1,2,0,message1,pn,replyTo);
                 long t2=System.currentTimeMillis();
                 if((t2-t1)>500)
-                        Logger.error(this,"Message1 timeout error "+" replyto "+pn.getName());
+                        Logger.error(this,"Message1 timeout error:Sending packet for"+pn.getPeer());
 
     }
     /*
      * Authenticator computed over the Responder exponentials and the Nonces
      * Used by the responder to verify the authenticity of the received data
      */
-    private void sendMessage2and3Auth(){
-                byte[] authData=new byte[iNonce().length+rNonce().length+Gr().length+1];
+    private byte[] processMessageAuth(PeerNode pn){
+                byte[] authData=new byte[iNonce().length+rNonce().length+Gr(pn).length+1];
                 System.arraycopy(iNonce(),0,authData,0,iNonce().length);
                 System.arraycopy(rNonce(),0,authData,iNonce().length+1,rNonce().length);
-		System.arraycopy(Gr(),0,authData,iNonce().length+rNonce().length+1,Gr().length);
+		System.arraycopy(Gr(pn),0,authData,iNonce().length+rNonce().length+1,Gr(pn).length);
 		//Calculate the Hash of the Concatenated data(Responder exponentials and nonces
 		//using a key that will be private to the responder
-		HKrGenerator trKey=new HKrGenerator(20);
+		HKrGenerator trKey=new HKrGenerator();
+                byte[] hkr=new byte[16];
 		hkr=trKey.getNewHKr();
 		HMAC hash=new HMAC(SHA1.getInstance());
                 /*
@@ -465,10 +481,10 @@
      * @param Payload
      */
 
-    private void ProcessMessage2(PeerNode pn,byte[] payload,int phase)
+    private void ProcessMessage2(PeerNode pn,Peer replyTo,byte[] payload,int phase)
     {
 		long t1=System.currentTimeMillis();
-		byte[] signData=new byte[Gr().length+1];
+		byte[] signData=new byte[Gr(pn).length+1];
 		//COmpute the Signature:DSA
 		DSASignature sig = crypto.sign(signData);
                 byte[] r = sig.getRBytes(Node.SIGNATURE_PARAMETER_LENGTH);
@@ -477,25 +493,25 @@
                 if(r.length > 255 || s.length > 255)
                     throw new IllegalStateException("R or S is too long: r.length="+r.length+" s.length="+s.length);
 		//Data sent in the clear
-		byte[] unVerifiedData=new byte[iNonce().length+rNonce().length+Gr().length+1];
+		byte[] unVerifiedData=new byte[iNonce().length+rNonce().length+Gr(pn).length+1];
                 System.arraycopy(iNonce(),0,unVerifiedData,0,iNonce().length);
                 System.arraycopy(rNonce(),0,unVerifiedData,iNonce().length+1,rNonce().length);
-		System.arraycopy(Gr(),0,unVerifiedData,iNonce().length+rNonce().length+1,Gr().length);
+		System.arraycopy(Gr(pn),0,unVerifiedData,iNonce().length+rNonce().length+1,Gr(pn).length);
 		/*
                  * Compute the authenticator
                  * Used by the responder in Message3 to verify the authenticity of the message
                  */
-		byte[] authenticator=sendMessage2and3Auth();
+		byte[] authenticator=processMessageAuth(pn);
 		byte[] Message2=new byte[authenticator.length+unVerifiedData.length+s.length+r.length+1];
 		byte[] signedData=new byte[s.length+r.length];
 		System.arraycopy(signedData,0,Message2,0,signedData.length);
 		System.arraycopy(unVerifiedData,0,Message2,signData.length+1,unVerifiedData.length);
 		System.arraycopy(authenticator,0,Message2,signedData.length+unVerifiedData.length+1,authenticator.length);
-		sendMessage1or2Packet(1,negType,phase,message2,pn,replyTo);
+                //Send params:Version,negType,phase,data,peernode,peer
+		sendMessage1or2Packet(1,2,1,Message2,pn,replyTo);
 		long t2=System.currentTimeMillis();
                 if((t2-t1)>500)
-                        Logger.error(this,"Message2 timeout error "+" replyto "+pn.getName());
-
+                        Logger.error(this,"Message1 timeout error:Sending packet for"+pn.getPeer());
 		
 }
    /*
@@ -509,19 +525,20 @@
     * @param The peerNode we are talking to
     * @param Payload
     */
-    private void ProcessMessage3(PeerNode pn,byte[] payload,int phase)			
+    private void ProcessMessage3(PeerNode pn,Peer replyTo,byte[] payload,int phase)			
     {
-    	
-	byte[] unVerifiedData=new byte[iNonce().length+rNonce().length+Gr().length+Gi().length+1];
+
+        long t1=System.currentTimeMillis();
+	byte[] unVerifiedData=new byte[iNonce().length+rNonce().length+Gr(pn).length+Gi(pn).length+1];
         System.arraycopy(iNonce(),0,unVerifiedData,0,iNonce().length);
         System.arraycopy(rNonce(),0,unVerifiedData,iNonce().length+1,rNonce().length);
-	System.arraycopy(Gi(),0,unVerifiedData,iNonce().length+rNonce().length+1,Gi().length);
-        System.arraycopy(Gr(),0,unVerifiedData,iNonce().length+rNonce().length+Gi().length+1,Gr().length);
+	System.arraycopy(Gi(pn),0,unVerifiedData,iNonce().length+rNonce().length+1,Gi(pn).length);
+        System.arraycopy(Gr(pn),0,unVerifiedData,iNonce().length+rNonce().length+Gi(pn).length+1,Gr(pn).length);
         DSASignature sig = crypto.sign(unVerifiedData);
         byte[] r = sig.getRBytes(Node.SIGNATURE_PARAMETER_LENGTH);
         byte[] s = sig.getSBytes(Node.SIGNATURE_PARAMETER_LENGTH);
         Logger.minor(this, " r="+HexUtil.bytesToHex(sig.getR().toByteArray())+" s="+HexUtil.bytesToHex(sig.getS().toByteArray()));
-        byte[] authenticator=sendMessage2and3Auth();
+        byte[] authenticator=processMessageAuth(pn);
         BlockCipher c=pn.outgoingSetupCipher;
         if(logMINOR)
             Logger.minor(this,"Cipher"+HexUtil.bytesToHex(pn.outgoingSetupKey));
@@ -547,7 +564,12 @@
         System.arraycopy(output,0,message3,0,output.length);
         System.arraycopy(authenticator,0,message3,output.length+1,authenticator.length);
 	System.arraycopy(unVerifiedData,0,message3,output.length+authenticator.length+1,unVerifiedData.length);
-        sendMessage3and4Packet(version,negType,phase,message3,pn,replyTo);
+        //Send params:Version,negType,phase,data,peernode,peer
+        sendMessage3or4Packet(1,2,2,message3,pn,replyTo);
+        long t2=System.currentTimeMillis();
+        if((t2-t1)>500)
+                Logger.error(this,"Message1 timeout error:Sending packet for"+pn.getPeer());
+
     }
     /*
      * Responder Method:Message4
@@ -561,17 +583,17 @@
      * @param Payload
      */
  	
-    private void ProcessMessage4(PeerNode pn,byte[] payload,int phase)
+    private void ProcessMessage4(PeerNode pn,Peer replyTo,byte[] payload,int phase)
     {
 	//Responder keeps a copy of recently received message3 and corresponding message4
         //Receiving a duplicated message simply causes the responder to retransmit the
 	//corresponding message4 without creating a new state
     	
-        byte[] unVerifiedData=new byte[iNonce().length+rNonce().length+Gr().length+Gi().length+1];
+        byte[] unVerifiedData=new byte[iNonce().length+rNonce().length+Gr(pn).length+Gi(pn).length+1];
         System.arraycopy(iNonce(),0,unVerifiedData,0,iNonce().length);
         System.arraycopy(rNonce(),0,unVerifiedData,iNonce().length+1,rNonce().length);
-	System.arraycopy(Gi(),0,unVerifiedData,iNonce().length+rNonce().length+1,Gi().length);
-        System.arraycopy(Gr(),0,unVerifiedData,iNonce().length+rNonce().length+Gi().length+1,Gr().length);
+	System.arraycopy(Gi(pn),0,unVerifiedData,iNonce().length+rNonce().length+1,Gi(pn).length);
+        System.arraycopy(Gr(pn),0,unVerifiedData,iNonce().length+rNonce().length+Gi(pn).length+1,Gr(pn).length);
         DSASignature sig = crypto.sign(unVerifiedData);
         byte[] r = sig.getRBytes(Node.SIGNATURE_PARAMETER_LENGTH);
         byte[] s = sig.getSBytes(Node.SIGNATURE_PARAMETER_LENGTH);
@@ -583,18 +605,19 @@
         byte[] iv=new byte[pk.lengthIV()];
         int message4Length = r.length + s.length + 2;
         byte[] message4 = new byte[message4Length];
-        System.arraycopy(iv, 0, output, 0, iv.length);
+        System.arraycopy(iv, 0, message4, 0, iv.length);
         int count = iv.length;
         if(r.length > 255 || s.length > 255)
         	throw new IllegalStateException("R or S is too long: r.length="+r.length+" s.length="+s.length);
         message4[count++] = (byte) r.length;
         System.arraycopy(r, 0, message4, count, r.length);
         count += r.length;
-        message[count++] = (byte) s.length;
+        message4[count++] = (byte) s.length;
         System.arraycopy(s, 0, message4, count, s.length);
         count += s.length;
         pk.blockEncipher(message4, 0, message4.length);
-        sendMessage3and4Packet(version,negType,phase,message3,pn,replyTo);
+        //Send params:Version,negType,phase,data,peernode,peer 
+        sendMessage3or4Packet(1,2,3,message4,pn,replyTo);
     }	
 			
     /*
@@ -634,13 +657,14 @@
      * @param The peer to which we need to send the packet
      */
 
-    private void sendMessage3and4Packet(int version,int negType,int phase,byte[] data,PeerNode pn,Peer replyTo)
+    private void sendMessage3or4Packet(int version,int negType,int phase,byte[] data,PeerNode pn,Peer replyTo)
     {
                 long now = System.currentTimeMillis();
                 long delta = now - pn.lastSentPacketTime();
                 byte[] output = new byte[data.length+3];
-                if(data.length > node.usm.getMaxPacketSize())
+                if(data.length > sock.getMaxPacketSize())
                     throw new IllegalStateException("Packet length too long");
+                                  
                 output[0] = (byte) version;
                 output[1] = (byte) negType;
                 output[2] = (byte) phase;
@@ -651,7 +675,7 @@
                         sendPacket(output,replyTo,pn,0);
                 }catch(LocalAddressException e)
                 {
-                        Logger.error(this, "Tried to send auth packet to local address: "+replyTo+" for "+pn);
+                        Logger.error(this, "Tried to send auth packet to local address: "+replyTo+" for "+pn.getPeer());
                 }
                                   
     }

Added: branches/freenet-jfk/src/freenet/node/HKrGenerator.java
===================================================================
--- branches/freenet-jfk/src/freenet/node/HKrGenerator.java	                        (rev 0)
+++ branches/freenet-jfk/src/freenet/node/HKrGenerator.java	2007-08-23 12:28:03 UTC (rev 14857)
@@ -0,0 +1,29 @@
+/*
+ * HKrGenerator.java
+ *
+ * Created on August 23, 2007, 5:36 PM
+ *
+ * To change this template, choose Tools | Template Manager
+ * and open the template in the editor.
+ */
+
+package freenet.node;
+
+/**
+ *
+ * @author root
+ */
+public class HKrGenerator {
+    
+    final Node node;
+    /** Creates a new instance of HKrGenerator */
+    
+    public HKrGenerator(Node node) {
+        this.node=node;
+    }
+    public byte[] getNewHKr(){
+        byte[] n=new byte[16];
+        node.random.nextBytes(n);
+        return n;
+    }
+}


