[freenet-cvs] r18278 - trunk/freenet/src/freenet/node

Sat Mar 1 01:50:43 UTC 2008

Author: toad
Date: 2008-03-01 01:50:42 +0000 (Sat, 01 Mar 2008)
New Revision: 18278

Modified:
   trunk/freenet/src/freenet/node/FNPPacketMangler.java
Log:
Revert 18276: restore compatibility with nodes that send bothNoderefs still (most nodes...)

Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java
===================================================================

--- trunk/freenet/src/freenet/node/FNPPacketMangler.java	2008-03-01 00:26:34 UTC (rev 18277)
+++ trunk/freenet/src/freenet/node/FNPPacketMangler.java	2008-03-01 01:50:42 UTC (rev 18278)
@@ -407,7 +407,7 @@
 		int dataLength = (byte1 << 8) + byte2;
 		if(logMINOR) Logger.minor(this, "Data length: "+dataLength+" (1 = "+byte1+" 2 = "+byte2+ ')');
 		if(dataLength > length - (ivLength+hash.length+2)) {
-			if(logMINOR) Logger.minor(this, "Invalid data length "+dataLength+" ("+(length - (ivLength+hash.length+2))+") in tryProcessAuth");
+			if(logMINOR) Logger.minor(this, "Invalid data length "+dataLength+" ("+(length - (ivLength+hash.length+2))+") in tryProcessAuthAnon");
 			SHA256.returnMessageDigest(md);
 			return false;
 		}
@@ -425,7 +425,7 @@
 			processDecryptedAuthAnon(payload, peer);
 			return true;
 		} else {
-			if(logMINOR) Logger.minor(this, "Incorrect hash in tryProcessAuth for "+peer+" (length="+dataLength+"): \nreal hash="+HexUtil.bytesToHex(realHash)+"\n bad hash="+HexUtil.bytesToHex(hash));
+			if(logMINOR) Logger.minor(this, "Incorrect hash in tryProcessAuthAnon for "+peer+" (length="+dataLength+"): \nreal hash="+HexUtil.bytesToHex(realHash)+"\n bad hash="+HexUtil.bytesToHex(hash));
 			return false;
 		}
 	}
@@ -581,7 +581,8 @@
 			processJFKMessage2(payload, 4, pn, replyTo, true, setupType);
 		} else if(packetType == 3) {
 			// Phase 4
-			processJFKMessage4(payload, 4, pn, replyTo, false, true, setupType);
+			if(!processJFKMessage4(payload, 4, pn, replyTo, false, true, setupType, true))
+				processJFKMessage4(payload, 4, pn, replyTo, false, true, setupType, false);
 		} else {
 			Logger.error(this, "Invalid phase "+packetType+" for anonymous-initiator (we are the responder)");
 		}
@@ -683,7 +684,8 @@
 				 * using the same keys as in the previous message.
 				 * The signature is non-message recovering
 				 */
-				processJFKMessage4(payload, 3, pn, replyTo, oldOpennetPeer, false, -1);
+				if(!processJFKMessage4(payload, 3, pn, replyTo, oldOpennetPeer, false, -1, true))
+					processJFKMessage4(payload, 3, pn, replyTo, oldOpennetPeer, false, -1, false);
 			}
 		} else {
 			Logger.error(this, "Decrypted auth packet but unknown negotiation type "+negType+" from "+replyTo+" possibly from "+pn);
@@ -1127,8 +1129,7 @@
 		
 		// Send reply
 		sendJFKMessage4(1, 2, 3, nonceInitiator, nonceResponder,initiatorExponential, responderExponential, 
-				c, Ke, Ka, authenticator, hisRef, pn, replyTo, unknownInitiator, setupType, !unknownInitiator);
-		// FIXME change last argument to FALSE when this build is mandatory.
+				c, Ke, Ka, authenticator, hisRef, pn, replyTo, unknownInitiator, setupType);
 		
 		c.initialize(Ks);
 		
@@ -1212,7 +1213,7 @@
 	 * @param pn The PeerNode we are talking to. Cannot be null as we are the initiator.
 	 * @param replyTo The Peer we are replying to.
 	 */
-	private boolean processJFKMessage4(byte[] payload, int inputOffset, PeerNode pn, Peer replyTo, boolean oldOpennetPeer, boolean unknownInitiator, int setupType)
+	private boolean processJFKMessage4(byte[] payload, int inputOffset, PeerNode pn, Peer replyTo, boolean oldOpennetPeer, boolean unknownInitiator, int setupType, boolean bothNoderefs)
 	{
 		final long t1 = System.currentTimeMillis();
 		if(logMINOR) Logger.minor(this, "Got a JFK(4) message, processing it - "+pn.getPeer());
@@ -1228,7 +1229,8 @@
 		
 		final int expectedLength =	HASH_LENGTH + // HMAC of the cyphertext
 									(c.getBlockSize() >> 3) + // IV
-									HASH_LENGTH // the signature
+									HASH_LENGTH + // the signature
+									(bothNoderefs ? pn.jfkMyRef.length : 0) // my reference
 									;
 		if(payload.length < expectedLength + 3) {
 			Logger.error(this, "Packet too short from "+pn.getPeer()+": "+payload.length+" after decryption in JFK(4), should be "+(expectedLength + 3));
@@ -1276,7 +1278,7 @@
 		byte[] data = new byte[decypheredPayload.length - decypheredPayloadOffset];
 		System.arraycopy(decypheredPayload, decypheredPayloadOffset, data, 0, decypheredPayload.length - decypheredPayloadOffset);
 		long bootID = Fields.bytesToLong(data);
-		byte[] hisRef = new byte[data.length - 8];
+		byte[] hisRef = new byte[data.length - (bothNoderefs ? pn.jfkMyRef.length : 0) - 8];
 		System.arraycopy(data, 8, hisRef, 0, hisRef.length);
 		
 		// verify the signature
@@ -1293,7 +1295,7 @@
 		System.arraycopy(pn.jfkMyRef, 0, locallyGeneratedText, bufferOffset, pn.jfkMyRef.length);
 		byte[] messageHash = SHA256.digest(locallyGeneratedText);
 		if(!DSA.verify(pn.peerPubKey, remoteSignature, new NativeBigInteger(1, messageHash), false)) {
-			Logger.error(this, "The signature verification has failed!! JFK(4) -"+pn.getPeer()+" message hash "+HexUtil.bytesToHex(messageHash));
+			Logger.error(this, "The signature verification has failed!! JFK(4) -"+pn.getPeer()+" message hash "+HexUtil.bytesToHex(messageHash)+" length "+locallyGeneratedText.length+" hisRef "+hisRef.length+" hash "+Fields.hashCode(hisRef)+" myRef "+pn.jfkMyRef.length+" hash "+Fields.hashCode(pn.jfkMyRef)+" boot ID "+bootID);
 			return false;
 		}
 		
@@ -1477,7 +1479,7 @@
 	 * @param pn The PeerNode to encrypt the auth packet to. Cannot be null, because even in anonymous initiator,
 	 * we will have created one before calling this method.
 	 */
-	private void sendJFKMessage4(int version,int negType,int phase,byte[] nonceInitiator,byte[] nonceResponder,byte[] initiatorExponential,byte[] responderExponential, BlockCipher c, byte[] Ke, byte[] Ka, byte[] authenticator, byte[] hisRef, PeerNode pn, Peer replyTo, boolean unknownInitiator, int setupType, boolean bothNoderefs)
+	private void sendJFKMessage4(int version,int negType,int phase,byte[] nonceInitiator,byte[] nonceResponder,byte[] initiatorExponential,byte[] responderExponential, BlockCipher c, byte[] Ke, byte[] Ka, byte[] authenticator, byte[] hisRef, PeerNode pn, Peer replyTo, boolean unknownInitiator, int setupType)
 	{
 		if(logMINOR)
 			Logger.minor(this, "Sending a JFK(4) message to "+pn.getPeer());
@@ -1491,9 +1493,10 @@
 		System.arraycopy(myRef, 0, data, 8, myRef.length);
 		System.arraycopy(hisRef, 0, data, 8 + myRef.length, hisRef.length);
 		
-		byte[] messageHash = SHA256.digest(assembleDHParams(nonceInitiator, nonceResponder, _initiatorExponential, _responderExponential, pn.identity, data));
+		byte[] params = assembleDHParams(nonceInitiator, nonceResponder, _initiatorExponential, _responderExponential, pn.identity, data);
+		byte[] messageHash = SHA256.digest(params);
 		if(logMINOR)
-			Logger.minor(this, "Message hash: "+HexUtil.bytesToHex(messageHash));
+			Logger.minor(this, "Message hash: "+HexUtil.bytesToHex(messageHash)+" length "+params.length+" myRef: "+myRef.length+" hash "+Fields.hashCode(myRef)+" hisRef: "+hisRef.length+" hash "+Fields.hashCode(hisRef)+" boot ID "+node.bootID);
 		DSASignature localSignature = crypto.sign(messageHash);
 		byte[] r = localSignature.getRBytes(Node.SIGNATURE_PARAMETER_LENGTH);
 		byte[] s = localSignature.getSBytes(Node.SIGNATURE_PARAMETER_LENGTH);
@@ -1503,8 +1506,8 @@
 		byte[] iv=new byte[ivLength];
 		node.random.nextBytes(iv);
 		pk.reset(iv);
-		// If !bothNoderefs, then don't include the last bit
-		int dataLength = data.length - (bothNoderefs ? 0 : hisRef.length);
+		// Don't include the last bit
+		int dataLength = data.length - hisRef.length;
 		byte[] cyphertext = new byte[JFK_PREFIX_RESPONDER.length + ivLength + Node.SIGNATURE_PARAMETER_LENGTH * 2 +
 		                             dataLength];
 		int cleartextOffset = 0;


