[freenet-cvs] r15085 - branches/freenet-jfk/src/freenet/node

[nextgens at freenetproject.org]

Author: nextgens
Date: 2007-09-09 16:39:30 +0000 (Sun, 09 Sep 2007)
New Revision: 15085

Modified:
   branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
Log:
finish/fix the authenticator's computation (message 2 and 3)

Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
===================================================================
--- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java	2007-09-09 15:59:07 UTC (rev 15084)
+++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java	2007-09-09 16:39:30 UTC (rev 15085)
@@ -405,7 +405,7 @@
 				 * cached by the Responder.Receiving a duplicate message simply causes
 				 * the responder to Re-transmit the corresponding message4
 				 */
-				sendProcessMessage3(pn,replyTo,2);
+				ProcessMessage3(pn, replyTo, version);
 			}
 			else if(packetType==3){
 				/*
@@ -504,24 +504,30 @@
 	/*
 	 * Authenticator computed over the Responder exponentials and the Nonces
 	 * Used by the responder to verify the authenticity of the received data
+	 * 
+	 * (costs a HMAC and the allocation of a few bytes)
 	 */
-	private byte[] processMessageAuth(PeerNode pn){
-		byte[] Ni = iNonce();
-		byte[] Nr = rNonce();
-		byte[] DHExpr = Gr(pn);
-		byte[] authData=new byte[Ni.length+Nr.length+DHExpr.length+1];
+	private byte[] computeJFKAuthenticator(byte[] gR, byte[] nR, byte[] nI, byte[] address){
+		byte[] authData=new byte[gR.length+nR.length+nI.length+address.length];
 		int offset = 0;
-		System.arraycopy(Ni,0,authData,offset,Ni.length);
-		offset += Ni.length+1;
-		System.arraycopy(Nr,0,authData,offset,Nr.length);
-		offset += Nr.length+1;
-		System.arraycopy(DHExpr,0,authData,offset,DHExpr.length);
+		
+		System.arraycopy(gR,0,authData,offset,gR.length);
+		offset += gR.length;
+		System.arraycopy(nR,0,authData,offset,nR.length);
+		offset += nR.length+1;
+		System.arraycopy(nI,0,authData,offset,nI.length);
+		offset += nI.length+1;
+		System.arraycopy(address, 0, authData, offset, address.length);
+		
 		/*
 		 * Calculate the Hash of the Concatenated data(Responder exponentials, nonces)
 		 * using a key that will be private to the responder
 		 */
-		return authData;
+		HMAC hash = new HMAC(SHA1.getInstance());
+		// TODO: is that 512 LSB ?
+		return hash.mac(gR, authData, 9);
 	}
+
 	/*
 	 * Responder Method:Message2
 	 * Process Message2: Must involve only minimal work for the responder since at that point
@@ -681,7 +687,11 @@
 		 * from message3 because an active attacker cannot complete the DH computation.
 		 */
 		byte[] data = ProcessMessage3(pn,replyTo,phase);
-		sendMessage3Packet(1,2,2,data,pn,replyTo);
+		
+		byte[] address = replyTo.getAddress().getAddress();
+		// FIXME: feed computeJFKAuthenticator with the right parameters ^-^
+		byte[] authenticator = computeJFKAuthenticator(data, data, data, address);
+		sendMessage3Packet(1,2,2,data,pn,replyTo, SHA256.digest(authenticator));
 	}
 
 	/*
@@ -799,7 +809,7 @@
 	 * @param The peer to which we need to send the packet
 	 */
 
-	private void sendMessage3Packet(int version,int negType,int phase,byte[] data,PeerNode pn,Peer replyTo)
+	private void sendMessage3Packet(int version,int negType,int phase,byte[] data,PeerNode pn,Peer replyTo, byte[] hashedAuthenticator)
 	{
 		long now = System.currentTimeMillis();
 		long delta = now - pn.lastSentPacketTime();
@@ -812,22 +822,21 @@
 		 * of a valid message causing a cache miss
 		 * This would result in increased processing on the Responder side->CPU exhaustion attacks
 		 */
-		byte[] cacheKey=processMessageAuth(pn);
 		Object result;
 		//All recent messages 3 and 4 are cached
 		if(phase==2){
 			// Intrinsic lock provided by the object message3Cache
 			synchronized(message3Cache) {
-				result = message3Cache.get(cacheKey);
+				result = message3Cache.get(hashedAuthenticator);
 			}
 			if(result != null) {
 				synchronized(message3Cache) {
-					message3Cache.put(cacheKey,data);
+					message3Cache.put(hashedAuthenticator,data);
 				}
 				// We don't want to keep the lock while sending
 				try
 				{
-					sendMessage4Packet(1,2,3,getBytes(message4Cache.get(cacheKey)),pn,replyTo);
+					sendMessage4Packet(1,2,3,getBytes(message4Cache.get(hashedAuthenticator)),pn,replyTo);
 				}
 				catch(IOException e){
 					Logger.error(this,"Error getting bytes");
@@ -836,7 +845,7 @@
 			sendProcessMessage3(pn,replyTo,phase);       
 		}
 		else if(phase==3){
-			message4Cache.put(cacheKey,data.toString());
+			message4Cache.put(hashedAuthenticator,data.toString());
 		}
 		else{ 
 			Logger.error(this,"Wrong message");