Author: kryptos
Date: 2007-06-20 17:52:51 +0000 (Wed, 20 Jun 2007)
New Revision: 13658
Added:
branches/freenet-jfk/devnotes/crypto_Notes.txt
branches/freenet-jfk/src/freenet/crypt/crypto_Random/
branches/freenet-jfk/src/freenet/crypt/crypto_Random/session_Key.java
branches/freenet-jfk/src/freenet/crypt/crypto_Random/sharedSecretKey1.java
branches/freenet-jfk/src/freenet/crypt/crypto_Random/sharedSecretKey2.java
Modified:
branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
Log:
Shared KeysJFK
Added: branches/freenet-jfk/devnotes/crypto_Notes.txt
===================================================================
--- branches/freenet-jfk/devnotes/crypto_Notes.txt
(rev 0)
+++ branches/freenet-jfk/devnotes/crypto_Notes.txt 2007-06-20 17:52:51 UTC
(rev 13658)
@@ -0,0 +1,23 @@
+//////////////////////Just fast Keying//////////////////////////
+
+ Message 1, I->R: Ni, g^i
+
+ Message 2, R->I: Ni, Nr, g^r, GRPINFOr, IDr,
+ SIG{r}(g^r, GRPINFOr), HMAC{HKr}(Ni, Nr, g^i, g^r)
+
+ Message 3, I->R: Ni, Nr, g^i, g^r, HMAC{HKr}(Ni, Nr, g^i, g^r),
+ E{Ke}(IDi, sa, SIG{i}(Ni, Nr, g^i, g^r, IDr, sa))
+
+ Message 4, R->I: E{Ke}(SIG{r}(Ni, Nr, g^i, g^r , IDi, sa, sa'), sa')
+
+
+ HKr: A transient hash key private to the Responder; this is a
+ global parameter for the Responder (i.e., it is not different
+ for every different protocol run), which changes periodically:
+ the Responder must pick a new g^r every time HKr changes.
+
+ Kir: A shared key derived from g^ir, Ni, and Nr, used as part of
+ the application SA
+
+ Ke: A shared key derived from g^ir, Ni, and Nr, used to protect
+ messages 3 and 4 of the protocol.
Added: branches/freenet-jfk/src/freenet/crypt/crypto_Random/session_Key.java
===================================================================
--- branches/freenet-jfk/src/freenet/crypt/crypto_Random/session_Key.java
(rev 0)
+++ branches/freenet-jfk/src/freenet/crypt/crypto_Random/session_Key.java
2007-06-20 17:52:51 UTC (rev 13658)
@@ -0,0 +1,34 @@
+package freenet.crypt;
+import java.io.*;
+import java.util.*;
+import java.lang.*;
+public class session_Key
+{
+ /*
+ * Constructor
+ */
+ private session_Key{
+ }
+ /**
+ *Session key.
+ *The key is generated from Hash of Message:(Ni, Nr, 0) using the DF
exponentials
+ *@param Ni: nonce from the initiator
+ *@param Nr: nonce from the responder
+ */
+ public static byte[] getSessionKey(byte[] DFExp,byte[] Ni, byte[] Nr)
+ {
+ try
+ {
+ byte[] byteArray=new byte[Ni.length + Nr.length + 1];
+ System.arraycopy(Ni,0,byteArray,0,Ni.length);
+ System.arraycopy(Nr,0,byteArray,Ni.length,Nr.length);
+ byteArray[Ni.length + Nr.length]=Integer(0).byteValue();
+ HMAC s = new HMAC(SHA1.getInstance());
+ return s.mac(DFExp,byteArray,DFExp.length);
+ }catch(Exception e){
+ System.err.println("Exception:" + e);
+ System.exit(1);
+ return null;
+ }
+ }
+}
Added:
branches/freenet-jfk/src/freenet/crypt/crypto_Random/sharedSecretKey1.java
===================================================================
--- branches/freenet-jfk/src/freenet/crypt/crypto_Random/sharedSecretKey1.java
(rev 0)
+++ branches/freenet-jfk/src/freenet/crypt/crypto_Random/sharedSecretKey1.java
2007-06-20 17:52:51 UTC (rev 13658)
@@ -0,0 +1,35 @@
+package freenet.crypt;
+import java.lang.*;
+import java.util.*;
+import java.io.*;
+public class sharedSecretKey1
+{
+ /*
+ * Constructor
+ */
+ private sharedSecretKey1{
+ }
+ /**
+ *Shared key.
+ *The key is generated from Hash of Message:(Ni, Nr, 1) using the DF
exponentials
+ *@param Ni: nonce from the initiator
+ *@param Nr: nonce from the responder
+ */
+ public static byte[] getSharedKey1(byte[] DFExp,byte[] Ni, byte[] Nr)
+ {
+ try
+ {
+ byte[] byteArray=new byte[Ni.length + Nr.length + 1];
+ System.arraycopy(Ni,0,byteArray,0,Ni.length);
+ System.arraycopy(Nr,0,byteArray,Ni.length,Nr.length);
+ byteArray[Ni.length +
Nr.length]=Integer(0).byteValue();
+ HMAC s = new HMAC(SHA1.getInstance());
+ return s.mac(DFExp,byteArray,DFExp.length);
+ }catch(Exception e){
+ System.err.println("Exception:" + e);
+ System.exit(1);
+ return null;
+ }
+ }
+}
+
Added:
branches/freenet-jfk/src/freenet/crypt/crypto_Random/sharedSecretKey2.java
===================================================================
--- branches/freenet-jfk/src/freenet/crypt/crypto_Random/sharedSecretKey2.java
(rev 0)
+++ branches/freenet-jfk/src/freenet/crypt/crypto_Random/sharedSecretKey2.java
2007-06-20 17:52:51 UTC (rev 13658)
@@ -0,0 +1,35 @@
+package freenet.crypt;
+import java.lang.*;
+import java.util.*;
+import java.io.*;
+public class sharedSecretKey2
+{
+ /*
+ * Constructor
+ */
+ private sharedSecretKey2{
+ }
+ /**
+ *Shared key.
+ *The key is generated from Hash of Message:(Ni, Nr, 2) using the DF
exponentials
+ *@param Ni: nonce from the initiator
+ *@param Nr: nonce from the responder
+ */
+ public static byte[] getSharedKey2(byte[] DFExp,byte[] Ni, byte[] Nr)
+ {
+ try
+ {
+ byte[] byteArray=new byte[Ni.length + Nr.length + 1];
+ System.arraycopy(Ni,0,byteArray,0,Ni.length);
+ System.arraycopy(Nr,0,byteArray,Ni.length,Nr.length);
+ byteArray[Ni.length +
Nr.length]=Integer(0).byteValue();
+ HMAC s = new HMAC(SHA1.getInstance());
+ return s.mac(DFExp,byteArray,DFExp.length);
+ }catch(Exception e){
+ System.err.println("Exception:" + e);
+ System.exit(1);
+ return null;
+ }
+ }
+}
+
Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
===================================================================
--- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java 2007-06-19
23:05:21 UTC (rev 13657)
+++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java 2007-06-20
17:52:51 UTC (rev 13658)
@@ -249,10 +249,10 @@
return;
}
- if((negType < 0) || (negType > 1)) {
+ if((negType == 0)) {
Logger.error(this, "Decrypted auth packet but unknown negotiation
type "+negType+" from "+replyTo+" possibly from "+pn);
return;
- }else if (negType == 0 || negType == 1){
+ }else if ( negType == 1){
// Four stage Diffie-Hellman. 0 = ephemeral, 1 = payload stages
are signed (not quite STS)
// FIXME reduce to 3 stages and implement STS properly (we have
a separate validation mechanism in PeerNode)
// AFAICS this (with negType=1) is equivalent in security to
STS; it expands the second phase into a second and a fourth phase.
@@ -310,6 +310,38 @@
processSignedDHTwoOrThree(3, payload, pn, replyTo,
false);
}
}
+ else if (negType==2){
+ /*
+ * We implement Just Fast Keying key management protocol with
active identity * protection for the initiator and no
identity protection for the responder
+ * Refer devNotes for detailed explanation of the protocol
+ */
+ if(packetType<0 || packetType>3){
+ Logger.error(this,"Unknown PacketType" + packetType +
"from" + replyTo + "from" +pn);
+ return ;
+ }
+ else if(packetType==0){
+ /*
+ * Initiator- This is a straightforward DiffieHellman
exponential. The Init * iator Nonce serves two
purposes;it allows the initiator to use the same *
exponentials during different sessions while ensuring that the resulting
* session key will be different,can be used to differentiate
between
+ * parallel sessions
+ */
+ }
+ else if(packetType==1){
+ /*
+ * Responder replies with a signed copy of his own
exponential, a random
+ * nonce and an authenticator calculated from a transient
hash key private
+ * to the responder
+ */
+ }
+ else if(packetType==2){
+ // Initiator echoes the data sent by the responder
+
+ }
+ else if(packetType==3){
+ /*
+ * Encrypted message of the signature on both nonces,
both exponentials
+ * using the same keys as in the previous message
+ */
+ }
}
/**
@@ -337,6 +369,20 @@
byte[] hisExp = ctx.getHisExponential().toByteArray();
MessageDigest md = SHA256.getMessageDigest();
+
+ private void sendSignedDHCompletion(int phase, BlockCipher cipher,
PeerNode pn, Peer replyTo, DiffieHellmanContext ctx) {
+ PCFBMode pcfb = PCFBMode.create(cipher);
+ byte[] iv = new byte[pcfb.lengthIV()];
+
+ byte[] myRef = node.myCompressedSetupRef();
+ byte[] data = new byte[myRef.length + 8];
+ System.arraycopy(Fields.longToBytes(node.bootID), 0, data, 0, 8);
+ System.arraycopy(myRef, 0, data, 8, myRef.length);
+
+ byte[] myExp = ctx.getOurExponential().toByteArray();
+ byte[] hisExp = ctx.getHisExponential().toByteArray();
+
+ MessageDigest md = SHA256.getMessageDigest();
md.update(myExp);
md.update(hisExp);
md.update(data);
@@ -1454,20 +1500,6 @@
}
long firstTime = System.currentTimeMillis();
handshakeIPs = pn.getHandshakeIPs();
- long secondTime = System.currentTimeMillis();
- if((secondTime - firstTime) > 1000)
- Logger.error(this, "getHandshakeIPs() took more than a second to
execute ("+(secondTime - firstTime)+") working on "+pn.getName());
- if(handshakeIPs.length == 0) {
- pn.couldNotSendHandshake();
- long thirdTime = System.currentTimeMillis();
- if((thirdTime - secondTime) > 1000)
- Logger.error(this, "couldNotSendHandshake() (after
getHandshakeIPs()) took more than a second to execute ("+(thirdTime -
secondTime)+") working on "+pn.getName());
- return;
- } else {
- long DHTime1 = System.currentTimeMillis();
- ctx = DiffieHellman.generateContext();
- long DHTime2 = System.currentTimeMillis();
- if((DHTime2 - DHTime1) > 1000)
Logger.error(this, "DHTime2 is more than a second after
DHTime1 ("+(DHTime2 - DHTime1)+") working on "+pn.getName());
pn.setKeyAgreementSchemeContext(ctx);
long DHTime3 = System.currentTimeMillis();
