[freenet-cvs] r15453 - in trunk/freenet/src/freenet: crypt node

nextgens at freenetproject.org nextgens at freenetproject.org
Sat Oct 20 13:24:49 UTC 2007 

Author: nextgens
Date: 2007-10-20 13:24:49 +0000 (Sat, 20 Oct 2007)
New Revision: 15453

Modified:
   trunk/freenet/src/freenet/crypt/DiffieHellman.java
   trunk/freenet/src/freenet/crypt/DiffieHellmanLightContext.java
   trunk/freenet/src/freenet/node/FNPPacketMangler.java
   trunk/freenet/src/freenet/node/Node.java
   trunk/freenet/src/freenet/node/NodeCrypto.java
   trunk/freenet/src/freenet/node/NodeStarter.java
   trunk/freenet/src/freenet/node/PeerNode.java
Log:
JFK: compute the sig of the DH exponent off-thread.

*It might break opennet.*

Yes it sucks but I'm not sure on how to do to improve it. Do we really need/want one additional thread per mangler ?

Modified: trunk/freenet/src/freenet/crypt/DiffieHellman.java
===================================================================
--- trunk/freenet/src/freenet/crypt/DiffieHellman.java	2007-10-20 11:42:17 UTC (rev 15452)
+++ trunk/freenet/src/freenet/crypt/DiffieHellman.java	2007-10-20 13:24:49 UTC (rev 15453)
@@ -9,6 +9,8 @@
 import java.util.Random;
 import java.util.Stack;
 
+import freenet.node.FNPPacketMangler;
+import freenet.node.NodeCrypto;
 import freenet.support.Logger;
 import net.i2p.util.NativeBigInteger;
 
@@ -31,9 +33,11 @@
 	private static final int PRECALC_TIMEOUT = 193 * 1000;
 
 	private static Random r;
-	private static DHGroup group = Global.DHgroupA;
-	private static Stack precalcBuffer = new Stack();
-	private static Object precalcerWaitObj = new Object();
+	private static NodeCrypto crypt;
+	private static DSAGroup dsaGr;
+	private final static DHGroup group = Global.DHgroupA;
+	private final static Stack precalcBuffer = new Stack();
+	private final static Object precalcerWaitObj = new Object();
 
 	private static Thread precalcThread;
 
@@ -78,8 +82,10 @@
 			}
 		}
 
-	public static void init(Random random) {
-	    r = random;
+	public static void init(Random random, NodeCrypto crypto, DSAGroup dsaGroup) {
+		crypt = crypto;
+		dsaGr = dsaGroup;
+		r = random;
 		precalcThread.start();
 	}
 
@@ -120,7 +126,7 @@
 		if((time2 - time1) > 300) {
 			Logger.error(null, "DiffieHellman.generateLightContext(): time2 is more than 300ms after time1 ("+(time2 - time1)+ ')');
 		}
-		return new DiffieHellmanLightContext(params[0], params[1]);
+		return new DiffieHellmanLightContext(params[0], params[1], new DSASignature(params[2], params[3]));
 	}
 	
 	public static NativeBigInteger[] getParams() {
@@ -137,10 +143,16 @@
 	}
 
 	private static NativeBigInteger[] genParams() {
-		NativeBigInteger params[] = new NativeBigInteger[2];
-		// Don't need NativeBigInteger?
+		NativeBigInteger params[] = new NativeBigInteger[4];
+		
 		params[0] = new NativeBigInteger(256, r);
-		params[1] = (NativeBigInteger) group.getG().modPow(params[0], group.getP());
+		NativeBigInteger exponential = (NativeBigInteger) group.getG().modPow(params[0], group.getP());
+		params[1] = exponential;
+		
+		DSASignature sig = crypt.sign(SHA256.digest(FNPPacketMangler.assembleDHParams(exponential, dsaGr)));
+		params[2] = new NativeBigInteger(sig.getR());
+		params[3] = new NativeBigInteger(sig.getS());
+		
 		return params;
 	}
 

Modified: trunk/freenet/src/freenet/crypt/DiffieHellmanLightContext.java
===================================================================
--- trunk/freenet/src/freenet/crypt/DiffieHellmanLightContext.java	2007-10-20 11:42:17 UTC (rev 15452)
+++ trunk/freenet/src/freenet/crypt/DiffieHellmanLightContext.java	2007-10-20 13:24:49 UTC (rev 15453)
@@ -29,16 +29,13 @@
 		return sb.toString();
 	}
 
-	public DiffieHellmanLightContext(NativeBigInteger myExponent, NativeBigInteger myExponential) {
+	public DiffieHellmanLightContext(NativeBigInteger myExponent, NativeBigInteger myExponential, DSASignature sig) {
 		this.myExponent = myExponent;
 		this.myExponential = myExponential;
+		this.signature = sig;
 		logMINOR = Logger.shouldLog(Logger.MINOR, this);
 	}
 	
-	public void setSignature(DSASignature sig) {
-		this.signature = sig;
-	}
-	
 	/*
 	 * Calling the following is costy; avoid
 	 */

Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java
===================================================================
--- trunk/freenet/src/freenet/node/FNPPacketMangler.java	2007-10-20 11:42:17 UTC (rev 15452)
+++ trunk/freenet/src/freenet/node/FNPPacketMangler.java	2007-10-20 13:24:49 UTC (rev 15453)
@@ -2335,6 +2335,10 @@
 	 * @see freenet.node.OutgoingPacketMangler#sendHandshake(freenet.node.PeerNode)
 	 */
 	public void sendHandshake(PeerNode pn) {
+		if(!node.isHasStarted()) {
+			Logger.normal(this, "Attempting to send a handshake while the node is starting up... cancel it.");
+			return;
+		}
 		int negType = pn.selectNegType(this);
 		if(negType == -1) {
 			if(pn.isRoutingCompatible())
@@ -2419,7 +2423,7 @@
 	}
 
 	public int[] supportedNegTypes() {
-		return new int[] { 2, 1 };
+		return new int[] { 1, 2 };
 	}
 
 	public int fullHeadersLengthOneMessage() {
@@ -2449,7 +2453,6 @@
 			if((currentDHContext == null) || (currentDHContextLifetime + 1800000 /*30mins*/) < now) {
 				currentDHContextLifetime = now;
 				currentDHContext = DiffieHellman.generateLightContext();
-				currentDHContext.setSignature(crypto.sign(SHA256.digest(assembleDHParams(currentDHContext.myExponential, crypto.getCryptoGroup()))));
 			}
 		}
 		return currentDHContext;
@@ -2458,7 +2461,7 @@
 	/*
 	 * Prepare DH parameters of message2 for them to be signed (useful in message3 to check the sig)
 	 */
-	private byte[] assembleDHParams(BigInteger exponential, DSAGroup group) {
+	public static byte[] assembleDHParams(NativeBigInteger exponential, DSAGroup group) {
 		byte[] _myExponential = stripBigIntegerToNetworkFormat(exponential);
 		byte[] _myGroup = group.getP().toByteArray();
 		byte[] toSign = new byte[_myExponential.length + _myGroup.length];
@@ -2523,7 +2526,7 @@
 		}
 	}
 
-	private byte[] stripBigIntegerToNetworkFormat(BigInteger exponential) {
+	public static byte[] stripBigIntegerToNetworkFormat(BigInteger exponential) {
 		byte[] data = exponential.toByteArray();
 		int targetLength = DiffieHellman.modulusLengthInBytes();
 

Modified: trunk/freenet/src/freenet/node/Node.java
===================================================================
--- trunk/freenet/src/freenet/node/Node.java	2007-10-20 11:42:17 UTC (rev 15452)
+++ trunk/freenet/src/freenet/node/Node.java	2007-10-20 13:24:49 UTC (rev 15453)
@@ -45,6 +45,7 @@
 import freenet.config.PersistentConfig;
 import freenet.config.SubConfig;
 import freenet.crypt.DSAPublicKey;
+import freenet.crypt.DiffieHellman;
 import freenet.crypt.RandomSource;
 import freenet.crypt.SHA256;
 import freenet.crypt.Yarrow;
@@ -425,6 +426,11 @@
 		}
 		
 		darknetCrypto.readCrypto(fs);
+		//TODO: That sucks. It breaks layering rules and will eventually break opennet as the key isn't likely to be the same.
+		// Tell me if you know how to improve it.
+		// No, generating two sigs isn't an option as it's sub-optimal.
+		// running one additionnal thread per mangler might be one.
+		DiffieHellman.init(random, darknetCrypto, darknetCrypto.getCryptoGroup());
 		
 		swapIdentifier = Fields.bytesToLong(darknetCrypto.identityHashHash);
 		String loc = fs.get("location");

Modified: trunk/freenet/src/freenet/node/NodeCrypto.java
===================================================================
--- trunk/freenet/src/freenet/node/NodeCrypto.java	2007-10-20 11:42:17 UTC (rev 15452)
+++ trunk/freenet/src/freenet/node/NodeCrypto.java	2007-10-20 13:24:49 UTC (rev 15453)
@@ -37,7 +37,7 @@
  * Cryptographic and transport level node identity. 
  * @author toad
  */
-class NodeCrypto {
+public class NodeCrypto {
 
 	final Node node;
 	final boolean isOpennet;
@@ -88,7 +88,6 @@
 		logMINOR = Logger.shouldLog(Logger.MINOR, this);
 		
 		config.starting(this);
-		
 		try {
 		
 		int port = config.getPort();
@@ -135,7 +134,6 @@
 		socket.setLowLevelFilter(packetMangler = new FNPPacketMangler(node, this, socket));
 		
 		detector = new NodeIPPortDetector(node, node.ipDetector, this);
-		
 		} catch (NodeInitException e) {
 			config.stopping(this);
 			throw e;
@@ -386,7 +384,7 @@
 	}
 
 	/** Sign a hash */
-	DSASignature sign(byte[] hash) {
+	public DSASignature sign(byte[] hash) {
 		return DSA.sign(cryptoGroup, privKey, new NativeBigInteger(1, hash), random);
 	}
 

Modified: trunk/freenet/src/freenet/node/NodeStarter.java
===================================================================
--- trunk/freenet/src/freenet/node/NodeStarter.java	2007-10-20 11:42:17 UTC (rev 15452)
+++ trunk/freenet/src/freenet/node/NodeStarter.java	2007-10-20 13:24:49 UTC (rev 15453)
@@ -13,7 +13,6 @@
 import freenet.config.InvalidConfigValueException;
 import freenet.config.PersistentConfig;
 import freenet.config.SubConfig;
-import freenet.crypt.DiffieHellman;
 import freenet.crypt.RandomSource;
 import freenet.crypt.Yarrow;
 import freenet.support.Executor;
@@ -115,8 +114,6 @@
     	
     	// Setup RNG
     	RandomSource random = new Yarrow();
-    	
-    	DiffieHellman.init(random);
     	 
 		// Thread to keep the node up.
 		// JVM deadlocks losing a lock when two threads of different types (daemon|app)
@@ -284,7 +281,6 @@
     	// Setup RNG
     	RandomSource random = new Yarrow();
     	
-    	DiffieHellman.init(random);
    	 
 		// Thread to keep the node up.
 		// JVM deadlocks losing a lock when two threads of different types (daemon|app)

Modified: trunk/freenet/src/freenet/node/PeerNode.java
===================================================================
--- trunk/freenet/src/freenet/node/PeerNode.java	2007-10-20 11:42:17 UTC (rev 15452)
+++ trunk/freenet/src/freenet/node/PeerNode.java	2007-10-20 13:24:49 UTC (rev 15453)
@@ -2642,7 +2642,7 @@
 	
 	/**
 	 * Select the most appropriate negType, taking the user's preference into account
-	 * order matters
+	 * order matters: last is best
 	 * 
 	 * @param mangler
 	 * @return -1 if no common negType has been found

More information about the cvs mailing list