[freenet-dev] [freenet-cvs] r15096 - branches/freenet-jfk/src/freenet/node

Matthew Toseland toad at amphibian.dyndns.org
Fri Sep 21 12:09:41 UTC 2007 

A group isn't a single number... read the wikipedia page on DSA.

On Sunday 09 September 2007 23:15, you wrote:
> Author: nextgens
> Date: 2007-09-09 22:15:49 +0000 (Sun, 09 Sep 2007)
> New Revision: 15096
> 
> Modified:
>    branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> Log:
> More work on JFK support (message2 parsing should be tested)... Fix a few 
bugs I've introduced
> 
> Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> ===================================================================
> --- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java	2007-09-09 
21:19:34 UTC (rev 15095)
> +++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java	2007-09-09 
22:15:49 UTC (rev 15096)
> @@ -522,7 +522,7 @@
>  		byte[] hisExponential = new byte[DiffieHellman.modulusLengthInBytes()];
>  		System.arraycopy(payload, 4 + NONCE_SIZE, hisExponential, 0, 
DiffieHellman.modulusLengthInBytes());
>  		
> -		NativeBigInteger _hisExponential = new NativeBigInteger(hisExponential);
> +		NativeBigInteger _hisExponential = new NativeBigInteger(1, 
hisExponential);
>  		if(_hisExponential.compareTo(NativeBigInteger.ONE) > 0)
>  			sendMessage2(nonceInitiator, hisExponential, pn, replyTo);
>  		else
> @@ -548,7 +548,7 @@
>  			Logger.error(this, "HUH ??, please report it :"+ e.getMessage(),e);
>  			return;
>  		}
> -		byte[] authenticator = computeHashedJFKAuthenticator(myExponential, 
myNonce, nonceInitator, idR);
> +		byte[] authenticator = computeHashedJFKAuthenticator(myExponential, 
myNonce, nonceInitator, replyTo.getAddress().getAddress());
>  		
>  		byte[] message2 = new 
byte[NONCE_SIZE*2+DiffieHellman.modulusLengthInBytes()+myDHGroup.length+
>  		                           signature.length+
> @@ -561,6 +561,10 @@
>  		offset += NONCE_SIZE;
>  		System.arraycopy(myExponential, 0, message2, offset, 
myExponential.length);
>  		offset += myExponential.length;
> +		// TODO: are groups modulo something ?
> +		message2[offset++] = Integer.valueOf(myDHGroup.length).byteValue();
> +		System.arraycopy(myDHGroup, 0, message2, offset, myDHGroup.length);
> +		offset += myDHGroup.length;
>  		System.arraycopy(idR, 0, message2, offset, idR.length);
>  		offset += idR.length;
>  		
> @@ -585,9 +589,9 @@
>  		System.arraycopy(gR,0,authData,offset,gR.length);
>  		offset += gR.length;
>  		System.arraycopy(nR,0,authData,offset,nR.length);
> -		offset += nR.length+1;
> +		offset += nR.length;
>  		System.arraycopy(nI,0,authData,offset,nI.length);
> -		offset += nI.length+1;
> +		offset += nI.length;
>  		System.arraycopy(address, 0, authData, offset, address.length);
>  		
>  		/*
> @@ -624,47 +628,61 @@
>  	private void ProcessMessage2(byte[] payload,PeerNode pn,Peer replyTo,int 
phase)
>  	{
>  		long t1=System.currentTimeMillis();
> +		// FIXME: follow the spec and send IDr' ?
> +		if(payload.length-3 < NONCE_SIZE + DiffieHellman.modulusLengthInBytes()) 
{
> +			Logger.error(this, "Packet too short from "+pn+": "+payload.length+" 
after decryption in JFK("+phase+"), should be "+(NONCE_SIZE + 
DiffieHellman.modulusLengthInBytes()));
> +			return;
> +		}
>  		
> -		byte[] Ni = iNonce();
> -		byte[] Nr = rNonce();
> -		byte[] DHExpr = Gr(pn);
> -		byte[] authData=new byte[Ni.length+Nr.length+DHExpr.length+1];
> -		System.arraycopy(Ni,0,authData,0,Ni.length);
> -		System.arraycopy(Nr,0,authData,Ni.length+1,Nr.length);
> -		System.arraycopy(DHExpr,0,authData,Ni.length+Nr.length+1,DHExpr.length);
> -		byte[] signData=new byte[DHExpr.length+1];
> -		System.arraycopy(DHExpr,0,signData,0,DHExpr.length);
> -		//Compute the Signature:DSA
> -		PKR=new DSAPrivateKey(g, r);
> -		//Params: Data,DSAGroup,DSAPrivateKey,randomSource
> -		DSASignature sig = crypto.sign(signData,g,PKR,r);
> -		byte[] r = sig.getRBytes(Node.SIGNATURE_PARAMETER_LENGTH);
> -		byte[] s = sig.getSBytes(Node.SIGNATURE_PARAMETER_LENGTH);
> -		Logger.minor(this, " r="+HexUtil.bytesToHex(sig.getR().toByteArray())+" 
s="+HexUtil.bytesToHex(sig.getS().toByteArray()));
> -		if(r.length > 255 || s.length > 255)
> -			throw new IllegalStateException("R or S is too long: 
r.length="+r.length+" s.length="+s.length);
> -		//Data sent in the clear
> -		byte[] unVerifiedData=new byte[Ni.length+Nr.length+DHExpr.length+1];
> -		System.arraycopy(Ni,0,unVerifiedData,0,Ni.length);
> -		System.arraycopy(Nr,0,unVerifiedData,Ni.length+1,Nr.length);
> -		
System.arraycopy(DHExpr,0,unVerifiedData,Ni.length+Nr.length+1,DHExpr.length);
> -		/*
> -		 * Compute the authenticator
> -		 * Used by the responder in Message4 to verify the authenticity of the 
message
> -		 * The same authenticator is used in Message3 and identified using the 
DSAPrivateKey 
> -		 */
> -		HKrGenerator trKey=new HKrGenerator(node);
> -		byte[] hkr=trKey.getNewHKr();
> -		HMAC hash=new HMAC(SHA1.getInstance());
> -		byte[] authenticator = hash.mac(hkr,authData,hkr.length);
> -		authenticatorCache.put(PKR,authenticator);
> -		byte[] Message2=new 
byte[authenticator.length+unVerifiedData.length+s.length+r.length+1];
> -		byte[] signedData=new byte[s.length+r.length];
> -		System.arraycopy(signedData,0,Message2,0,signedData.length);
> -		
System.arraycopy(unVerifiedData,0,Message2,signData.length+1,unVerifiedData.length);
> -		
System.arraycopy(authenticator,0,Message2,signedData.length+unVerifiedData.length+1,authenticator.length);
> -		//Send params:Version,negType,phase,data,peernode,peer
> -		sendMessage1or2Packet(1,2,1,Message2,pn,replyTo);
> +		int inputOffset=3;
> +		byte[] nonceInitiator = new byte[NONCE_SIZE];
> +		System.arraycopy(payload, inputOffset, nonceInitiator, 0, NONCE_SIZE);
> +		inputOffset += NONCE_SIZE;
> +		byte[] nonceResponder = new byte[NONCE_SIZE];
> +		System.arraycopy(payload, inputOffset, nonceResponder, 0, NONCE_SIZE);
> +		inputOffset += NONCE_SIZE;
> +		
> +		byte[] hisExponential = new byte[DiffieHellman.modulusLengthInBytes()];
> +		System.arraycopy(payload, inputOffset, hisExponential, 0, 
DiffieHellman.modulusLengthInBytes());
> +		inputOffset += DiffieHellman.modulusLengthInBytes();
> +		NativeBigInteger _hisExponential = new NativeBigInteger(1, 
hisExponential);
> +		if(_hisExponential.compareTo(NativeBigInteger.ONE) < 1) {
> +			Logger.error(this, "We can't accept the exponential "+pn+" sent us; it's 
smaller than 1!!");
> +			return;
> +		}
> +		
> +		int hisGroupLength = payload[inputOffset++];
> +		// FIXME: arbitrary
> +		if((hisGroupLength < 1) || (hisGroupLength > 256)) {
> +			Logger.error(this, "The proposed group length is too big! 
("+hisGroupLength+')');
> +			return;
> +		}
> +		byte[] hisGroup = new byte[hisGroupLength];
> +		System.arraycopy(payload, inputOffset, hisGroup, 0, hisGroupLength);
> +		inputOffset += hisGroupLength;
> +		
> +		//TODO: implement
> +		byte[] hisID = new byte[0];
> +		
> +		byte[] remoteSignedExponentials = new 
byte[Node.SIGNATURE_PARAMETER_LENGTH];
> +		System.arraycopy(payload, inputOffset, remoteSignedExponentials, 0, 
Node.SIGNATURE_PARAMETER_LENGTH);
> +		inputOffset += Node.SIGNATURE_PARAMETER_LENGTH;
> +		// At that point we don't know if it's "him"; let's check it out
> +		byte[] locallyExpectedExponentials = new 
byte[hisExponential.length+hisGroupLength];
> +		System.arraycopy(hisExponential, 0, locallyExpectedExponentials, 0, 
hisExponential.length);
> +		System.arraycopy(hisGroup, 0, locallyExpectedExponentials, 
hisExponential.length, hisGroupLength);
> +		DSASignature signatureToCheck = new DSASignature(new 
String(remoteSignedExponentials));
> +		if(!DSA.verify(pn.peerPubKey, signatureToCheck, new 
NativeBigInteger(1,locallyExpectedExponentials), false)) {
> +			Logger.error(this, "The signature verification has failed!!");
> +			return;
> +		}
> +		
> +		byte[] remoteHashedAuthenticator = new byte[HASH_LENGTH];
> +		System.arraycopy(payload, inputOffset, remoteHashedAuthenticator, 0, 
HASH_LENGTH);
> +		inputOffset += HASH_LENGTH;
> +		// FIXME: maybe the cache should be checked before verifying the 
signature
> +		sendMessage3Packet(1, 2, 3, nonceInitiator, nonceResponder, 
hisExponential, remoteHashedAuthenticator, pn, replyTo);
> +		
>  		long t2=System.currentTimeMillis();
>  		if((t2-t1)>500)
>  			Logger.error(this,"Message1 timeout error:Sending packet 
for"+pn.getPeer());
> @@ -768,7 +786,7 @@
>  		
>  		byte[] address = replyTo.getAddress().getAddress();
>  		// FIXME: feed computeJFKAuthenticator with the right parameters ^-^
> -		sendMessage3Packet(1,2,2,data,pn,replyTo, 
computeHashedJFKAuthenticator(null, null, null, null));
> +		sendMessage3Packet(1,2,2,data,null,null, null, 
computeHashedJFKAuthenticator(null, null, null, null), pn, replyTo);
>  	}
>  
>  	/*
> @@ -886,12 +904,16 @@
>  	 * @param The peer to which we need to send the packet
>  	 */
>  
> -	private void sendMessage3Packet(int version,int negType,int phase,byte[] 
data,PeerNode pn,Peer replyTo, byte[] hashedAuthenticator)
> +	private void sendMessage3Packet(int version,int negType,int phase,byte[] 
nonceInitiator,byte[] nonceResponder,byte[] hisExponential, byte[] 
hashedAuthenticator, PeerNode pn, Peer replyTo)
>  	{
>  		long now = System.currentTimeMillis();
>  		long delta = now - pn.lastSentPacketTime();
> -		byte[] output = new byte[data.length+3];
> -		if((data.length+3) > sock.getMaxPacketSize())
> +		
> +		DiffieHellmanLightContext dhContext = getLightDiffieHellmanContext();
> +		byte[] ourExponential = dhContext.myExponential.toByteArray();
> +		
> +		byte[] output = new byte[nonceInitiator.length+3];
> +		if((nonceInitiator.length+3) > sock.getMaxPacketSize())
>  			throw new IllegalStateException("Packet length too long");
>  		/*
>  		 * The key for looking up messages in the cache is the authenticator
> @@ -908,7 +930,7 @@
>  			}
>  			if(result != null) {
>  				synchronized(message3Cache) {
> -					message3Cache.put(hashedAuthenticator,data);
> +					message3Cache.put(hashedAuthenticator,nonceInitiator);
>  				}
>  				// We don't want to keep the lock while sending
>  				try
> @@ -922,7 +944,7 @@
>  			sendProcessMessage3(pn,replyTo,phase);       
>  		}
>  		else if(phase==3){
> -			message4Cache.put(hashedAuthenticator,data.toString());
> +			message4Cache.put(hashedAuthenticator,nonceInitiator.toString());
>  		}
>  		else{ 
>  			Logger.error(this,"Wrong message");
> @@ -931,8 +953,8 @@
>  		output[0] = (byte) version;
>  		output[1] = (byte) negType;
>  		output[2] = (byte) phase;
> -		System.arraycopy(data, 0, output, 3, data.length);
> -		if(logMINOR) Logger.minor(this, "Sending auth packet for "+pn.getPeer()+" 
(phase="+phase+", ver="+version+", nt="+negType+") (last packet 
sent "+TimeUtil.formatTime(delta, 2, true)+" ago) to "+replyTo+" 
data.length="+data.length);
> +		System.arraycopy(nonceInitiator, 0, output, 3, nonceInitiator.length);
> +		if(logMINOR) Logger.minor(this, "Sending auth packet for "+pn.getPeer()+" 
(phase="+phase+", ver="+version+", nt="+negType+") (last packet 
sent "+TimeUtil.formatTime(delta, 2, true)+" ago) to "+replyTo+" 
data.length="+nonceInitiator.length);
>  		try
>  		{
>  			sendPacket(output,replyTo,pn,0);
> 
> _______________________________________________
> cvs mailing list
> cvs at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070921/4884752a/attachment.pgp

More information about the Devl mailing list