[freenet-dev] [freenet-cvs] r15096 - branches/freenet-jfk/src/freenet/node
Florent Daignière
nextgens at freenetproject.org
Fri Sep 21 12:37:10 UTC 2007
* Matthew Toseland <toad at amphibian.dyndns.org> [2007-09-21 13:30:53]:
> On Friday 21 September 2007 13:23, you wrote:
> > * Matthew Toseland <toad at amphibian.dyndns.org> [2007-09-21 13:09:41]:
> >
> > > A group isn't a single number... read the wikipedia page on DSA.
> >
> > We don't actually use the group we pass through iirc ... as we are
> > already sharing it. I use it just to ensure that we are sharing the same
> > and to avoid sending "nothing"... In message 2 we are supposed to send
> > S_R(g^r, grpinfoR) ... I don't think we want to send only S_R(g^r).
>
> Okay. Yes, we should compute the signature exactly as specified. But there's
> no reason to actually *send* the group since we already know it.
Ok, will get rid of it then...
> >
> > >
> > > On Sunday 09 September 2007 23:15, you wrote:
> > > > Author: nextgens
> > > > Date: 2007-09-09 22:15:49 +0000 (Sun, 09 Sep 2007)
> > > > New Revision: 15096
> > > >
> > > > Modified:
> > > > branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > > > Log:
> > > > More work on JFK support (message2 parsing should be tested)... Fix a
> few
> > > bugs I've introduced
> > > >
> > > > Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > > > ===================================================================
> > > > --- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> 2007-09-09
> > > 21:19:34 UTC (rev 15095)
> > > > +++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> 2007-09-09
> > > 22:15:49 UTC (rev 15096)
> > > > @@ -522,7 +522,7 @@
> > > > byte[] hisExponential = new
> byte[DiffieHellman.modulusLengthInBytes()];
> > > > System.arraycopy(payload, 4 + NONCE_SIZE, hisExponential, 0,
> > > DiffieHellman.modulusLengthInBytes());
> > > >
> > > > - NativeBigInteger _hisExponential = new
> NativeBigInteger(hisExponential);
> > > > + NativeBigInteger _hisExponential = new NativeBigInteger(1,
> > > hisExponential);
> > > > if(_hisExponential.compareTo(NativeBigInteger.ONE) > 0)
> > > > sendMessage2(nonceInitiator, hisExponential, pn, replyTo);
> > > > else
> > > > @@ -548,7 +548,7 @@
> > > > Logger.error(this, "HUH ??, please report it :"+ e.getMessage(),e);
> > > > return;
> > > > }
> > > > - byte[] authenticator = computeHashedJFKAuthenticator(myExponential,
> > > myNonce, nonceInitator, idR);
> > > > + byte[] authenticator = computeHashedJFKAuthenticator(myExponential,
> > > myNonce, nonceInitator, replyTo.getAddress().getAddress());
> > > >
> > > > byte[] message2 = new
> > > byte[NONCE_SIZE*2+DiffieHellman.modulusLengthInBytes()+myDHGroup.length+
> > > > signature.length+
> > > > @@ -561,6 +561,10 @@
> > > > offset += NONCE_SIZE;
> > > > System.arraycopy(myExponential, 0, message2, offset,
> > > myExponential.length);
> > > > offset += myExponential.length;
> > > > + // TODO: are groups modulo something ?
> > > > + message2[offset++] = Integer.valueOf(myDHGroup.length).byteValue();
> > > > + System.arraycopy(myDHGroup, 0, message2, offset, myDHGroup.length);
> > > > + offset += myDHGroup.length;
> > > > System.arraycopy(idR, 0, message2, offset, idR.length);
> > > > offset += idR.length;
> > > >
> > > > @@ -585,9 +589,9 @@
> > > > System.arraycopy(gR,0,authData,offset,gR.length);
> > > > offset += gR.length;
> > > > System.arraycopy(nR,0,authData,offset,nR.length);
> > > > - offset += nR.length+1;
> > > > + offset += nR.length;
> > > > System.arraycopy(nI,0,authData,offset,nI.length);
> > > > - offset += nI.length+1;
> > > > + offset += nI.length;
> > > > System.arraycopy(address, 0, authData, offset, address.length);
> > > >
> > > > /*
> > > > @@ -624,47 +628,61 @@
> > > > private void ProcessMessage2(byte[] payload,PeerNode pn,Peer
> replyTo,int
> > > phase)
> > > > {
> > > > long t1=System.currentTimeMillis();
> > > > + // FIXME: follow the spec and send IDr' ?
> > > > + if(payload.length-3 < NONCE_SIZE +
> DiffieHellman.modulusLengthInBytes())
> > > {
> > > > + Logger.error(this, "Packet too short from "+pn+": "+payload.length+"
> > > after decryption in JFK("+phase+"), should be "+(NONCE_SIZE +
> > > DiffieHellman.modulusLengthInBytes()));
> > > > + return;
> > > > + }
> > > >
> > > > - byte[] Ni = iNonce();
> > > > - byte[] Nr = rNonce();
> > > > - byte[] DHExpr = Gr(pn);
> > > > - byte[] authData=new byte[Ni.length+Nr.length+DHExpr.length+1];
> > > > - System.arraycopy(Ni,0,authData,0,Ni.length);
> > > > - System.arraycopy(Nr,0,authData,Ni.length+1,Nr.length);
> > > > -
> System.arraycopy(DHExpr,0,authData,Ni.length+Nr.length+1,DHExpr.length);
> > > > - byte[] signData=new byte[DHExpr.length+1];
> > > > - System.arraycopy(DHExpr,0,signData,0,DHExpr.length);
> > > > - //Compute the Signature:DSA
> > > > - PKR=new DSAPrivateKey(g, r);
> > > > - //Params: Data,DSAGroup,DSAPrivateKey,randomSource
> > > > - DSASignature sig = crypto.sign(signData,g,PKR,r);
> > > > - byte[] r = sig.getRBytes(Node.SIGNATURE_PARAMETER_LENGTH);
> > > > - byte[] s = sig.getSBytes(Node.SIGNATURE_PARAMETER_LENGTH);
> > > > - Logger.minor(this, "
> r="+HexUtil.bytesToHex(sig.getR().toByteArray())+"
> > > s="+HexUtil.bytesToHex(sig.getS().toByteArray()));
> > > > - if(r.length > 255 || s.length > 255)
> > > > - throw new IllegalStateException("R or S is too long:
> > > r.length="+r.length+" s.length="+s.length);
> > > > - //Data sent in the clear
> > > > - byte[] unVerifiedData=new byte[Ni.length+Nr.length+DHExpr.length+1];
> > > > - System.arraycopy(Ni,0,unVerifiedData,0,Ni.length);
> > > > - System.arraycopy(Nr,0,unVerifiedData,Ni.length+1,Nr.length);
> > > > -
> > >
> System.arraycopy(DHExpr,0,unVerifiedData,Ni.length+Nr.length+1,DHExpr.length);
> > > > - /*
> > > > - * Compute the authenticator
> > > > - * Used by the responder in Message4 to verify the authenticity of
> the
> > > message
> > > > - * The same authenticator is used in Message3 and identified using
> the
> > > DSAPrivateKey
> > > > - */
> > > > - HKrGenerator trKey=new HKrGenerator(node);
> > > > - byte[] hkr=trKey.getNewHKr();
> > > > - HMAC hash=new HMAC(SHA1.getInstance());
> > > > - byte[] authenticator = hash.mac(hkr,authData,hkr.length);
> > > > - authenticatorCache.put(PKR,authenticator);
> > > > - byte[] Message2=new
> > > byte[authenticator.length+unVerifiedData.length+s.length+r.length+1];
> > > > - byte[] signedData=new byte[s.length+r.length];
> > > > - System.arraycopy(signedData,0,Message2,0,signedData.length);
> > > > -
> > >
> System.arraycopy(unVerifiedData,0,Message2,signData.length+1,unVerifiedData.length);
> > > > -
> > >
> System.arraycopy(authenticator,0,Message2,signedData.length+unVerifiedData.length+1,authenticator.length);
> > > > - //Send params:Version,negType,phase,data,peernode,peer
> > > > - sendMessage1or2Packet(1,2,1,Message2,pn,replyTo);
> > > > + int inputOffset=3;
> > > > + byte[] nonceInitiator = new byte[NONCE_SIZE];
> > > > + System.arraycopy(payload, inputOffset, nonceInitiator, 0,
> NONCE_SIZE);
> > > > + inputOffset += NONCE_SIZE;
> > > > + byte[] nonceResponder = new byte[NONCE_SIZE];
> > > > + System.arraycopy(payload, inputOffset, nonceResponder, 0,
> NONCE_SIZE);
> > > > + inputOffset += NONCE_SIZE;
> > > > +
> > > > + byte[] hisExponential = new
> byte[DiffieHellman.modulusLengthInBytes()];
> > > > + System.arraycopy(payload, inputOffset, hisExponential, 0,
> > > DiffieHellman.modulusLengthInBytes());
> > > > + inputOffset += DiffieHellman.modulusLengthInBytes();
> > > > + NativeBigInteger _hisExponential = new NativeBigInteger(1,
> > > hisExponential);
> > > > + if(_hisExponential.compareTo(NativeBigInteger.ONE) < 1) {
> > > > + Logger.error(this, "We can't accept the exponential "+pn+" sent us;
> it's
> > > smaller than 1!!");
> > > > + return;
> > > > + }
> > > > +
> > > > + int hisGroupLength = payload[inputOffset++];
> > > > + // FIXME: arbitrary
> > > > + if((hisGroupLength < 1) || (hisGroupLength > 256)) {
> > > > + Logger.error(this, "The proposed group length is too big!
> > > ("+hisGroupLength+')');
> > > > + return;
> > > > + }
> > > > + byte[] hisGroup = new byte[hisGroupLength];
> > > > + System.arraycopy(payload, inputOffset, hisGroup, 0, hisGroupLength);
> > > > + inputOffset += hisGroupLength;
> > > > +
> > > > + //TODO: implement
> > > > + byte[] hisID = new byte[0];
> > > > +
> > > > + byte[] remoteSignedExponentials = new
> > > byte[Node.SIGNATURE_PARAMETER_LENGTH];
> > > > + System.arraycopy(payload, inputOffset, remoteSignedExponentials, 0,
> > > Node.SIGNATURE_PARAMETER_LENGTH);
> > > > + inputOffset += Node.SIGNATURE_PARAMETER_LENGTH;
> > > > + // At that point we don't know if it's "him"; let's check it out
> > > > + byte[] locallyExpectedExponentials = new
> > > byte[hisExponential.length+hisGroupLength];
> > > > + System.arraycopy(hisExponential, 0, locallyExpectedExponentials, 0,
> > > hisExponential.length);
> > > > + System.arraycopy(hisGroup, 0, locallyExpectedExponentials,
> > > hisExponential.length, hisGroupLength);
> > > > + DSASignature signatureToCheck = new DSASignature(new
> > > String(remoteSignedExponentials));
> > > > + if(!DSA.verify(pn.peerPubKey, signatureToCheck, new
> > > NativeBigInteger(1,locallyExpectedExponentials), false)) {
> > > > + Logger.error(this, "The signature verification has failed!!");
> > > > + return;
> > > > + }
> > > > +
> > > > + byte[] remoteHashedAuthenticator = new byte[HASH_LENGTH];
> > > > + System.arraycopy(payload, inputOffset, remoteHashedAuthenticator, 0,
> > > HASH_LENGTH);
> > > > + inputOffset += HASH_LENGTH;
> > > > + // FIXME: maybe the cache should be checked before verifying the
> > > signature
> > > > + sendMessage3Packet(1, 2, 3, nonceInitiator, nonceResponder,
> > > hisExponential, remoteHashedAuthenticator, pn, replyTo);
> > > > +
> > > > long t2=System.currentTimeMillis();
> > > > if((t2-t1)>500)
> > > > Logger.error(this,"Message1 timeout error:Sending packet
> > > for"+pn.getPeer());
> > > > @@ -768,7 +786,7 @@
> > > >
> > > > byte[] address = replyTo.getAddress().getAddress();
> > > > // FIXME: feed computeJFKAuthenticator with the right parameters ^-^
> > > > - sendMessage3Packet(1,2,2,data,pn,replyTo,
> > > computeHashedJFKAuthenticator(null, null, null, null));
> > > > + sendMessage3Packet(1,2,2,data,null,null, null,
> > > computeHashedJFKAuthenticator(null, null, null, null), pn, replyTo);
> > > > }
> > > >
> > > > /*
> > > > @@ -886,12 +904,16 @@
> > > > * @param The peer to which we need to send the packet
> > > > */
> > > >
> > > > - private void sendMessage3Packet(int version,int negType,int
> phase,byte[]
> > > data,PeerNode pn,Peer replyTo, byte[] hashedAuthenticator)
> > > > + private void sendMessage3Packet(int version,int negType,int
> phase,byte[]
> > > nonceInitiator,byte[] nonceResponder,byte[] hisExponential, byte[]
> > > hashedAuthenticator, PeerNode pn, Peer replyTo)
> > > > {
> > > > long now = System.currentTimeMillis();
> > > > long delta = now - pn.lastSentPacketTime();
> > > > - byte[] output = new byte[data.length+3];
> > > > - if((data.length+3) > sock.getMaxPacketSize())
> > > > +
> > > > + DiffieHellmanLightContext dhContext = getLightDiffieHellmanContext();
> > > > + byte[] ourExponential = dhContext.myExponential.toByteArray();
> > > > +
> > > > + byte[] output = new byte[nonceInitiator.length+3];
> > > > + if((nonceInitiator.length+3) > sock.getMaxPacketSize())
> > > > throw new IllegalStateException("Packet length too long");
> > > > /*
> > > > * The key for looking up messages in the cache is the authenticator
> > > > @@ -908,7 +930,7 @@
> > > > }
> > > > if(result != null) {
> > > > synchronized(message3Cache) {
> > > > - message3Cache.put(hashedAuthenticator,data);
> > > > + message3Cache.put(hashedAuthenticator,nonceInitiator);
> > > > }
> > > > // We don't want to keep the lock while sending
> > > > try
> > > > @@ -922,7 +944,7 @@
> > > > sendProcessMessage3(pn,replyTo,phase);
> > > > }
> > > > else if(phase==3){
> > > > - message4Cache.put(hashedAuthenticator,data.toString());
> > > > + message4Cache.put(hashedAuthenticator,nonceInitiator.toString());
> > > > }
> > > > else{
> > > > Logger.error(this,"Wrong message");
> > > > @@ -931,8 +953,8 @@
> > > > output[0] = (byte) version;
> > > > output[1] = (byte) negType;
> > > > output[2] = (byte) phase;
> > > > - System.arraycopy(data, 0, output, 3, data.length);
> > > > - if(logMINOR) Logger.minor(this, "Sending auth packet
> for "+pn.getPeer()+"
> > > (phase="+phase+", ver="+version+", nt="+negType+") (last packet
> > > sent "+TimeUtil.formatTime(delta, 2, true)+" ago) to "+replyTo+"
> > > data.length="+data.length);
> > > > + System.arraycopy(nonceInitiator, 0, output, 3,
> nonceInitiator.length);
> > > > + if(logMINOR) Logger.minor(this, "Sending auth packet
> for "+pn.getPeer()+"
> > > (phase="+phase+", ver="+version+", nt="+negType+") (last packet
> > > sent "+TimeUtil.formatTime(delta, 2, true)+" ago) to "+replyTo+"
> > > data.length="+nonceInitiator.length);
> > > > try
> > > > {
> > > > sendPacket(output,replyTo,pn,0);
> > > >
> > > > _______________________________________________
> > > > cvs mailing list
> > > > cvs at freenetproject.org
> > > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> > > >
> > > >
> >
> >
> >
> > > _______________________________________________
> > > Devl mailing list
> > > Devl at freenetproject.org
> > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
> >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070921/b764bba2/attachment.pgp
More information about the Devl
mailing list