[freenet-cvs] r15396 - in trunk/freenet: devnotes src/freenet/crypt

Sat, 29 Sep 2007 19:29:05 +0000 (UTC) 

Author: nextgens
Date: 2007-09-29 19:29:05 +0000 (Sat, 29 Sep 2007)
New Revision: 15396

Added:
   trunk/freenet/devnotes/cryptoNotes.txt
   trunk/freenet/src/freenet/crypt/DiffieHellmanLightContext.java
Log:
Of course I forgot some files from the branch

Added: trunk/freenet/devnotes/cryptoNotes.txt
===================================================================
--- trunk/freenet/devnotes/cryptoNotes.txt                              (rev 0)
+++ trunk/freenet/devnotes/cryptoNotes.txt      2007-09-29 19:29:05 UTC (rev 
15396)
@@ -0,0 +1,17 @@
+1 Initiator-Responder:
+This is a straightforward DiffieHellman exponential along with a random nonce.
+The Initiator Nonce serves two purposes;it allows the initiator to use the 
same exponentials during different sessions while ensuring that the resulting 
session key will be different,can be used to differentiate between parallel 
sessions
+2 Responder-Initiator:
+Responder replies with a signed copy of his own exponential, a random nonce 
and an authenticator calculated from a transient hash key private to the 
responder.
+3 Initiator-Responder:
+Initiator echoes the data sent by the responder including the authenticator. 
This helps the responder verify the authenticity of the returned data. The 
authenticator is sufficient defense against forgery; replays, however, could 
cause considerable computation. The defense against this is to cache the 
corresponding Message (4); if a duplicate Message (3) is seen, the cached 
response is retransmitted; The key for looking up Message 3's in the cache is 
the authenticator; this prevents DoS attacks where the attacker randomly 
modifies the encrypted
+blocks of a valid message, causing a cache miss and thus more processing to be 
done at the Responder. Rejection messages do not concern us because group 
information which is sent in Message2 indicates which groups and algorithms are 
acceptable avoiding the need for explicit message rejection.
+4 Responder-Initiator:
+Encrypted message of the signature on both nonces, both exponentials using the 
same keys as in the previous message.The Initiator can verify that the 
Responder is present and participating in the session, by decrypting the 
message and verifying the enclosed signature.
+
+DOS Mitigation
+Responder does not keep state on receiving Msg 1
+HMAC is produced/verified by the Responder only
+HMAC is used to quickly discard DoS packets
+This lookup can done in O(n) using a Patricia trie (Specialized Set data 
structure based on a prefix tree,they find particular application in the area 
of IP routing where the ability to contain large ranges of values with a few 
exceptions is particularly suited to the hierarchical organization of IP 
Addresses)
+Responder (and Initiator) can reuse g^r and g^i, key but material still changes

Added: trunk/freenet/src/freenet/crypt/DiffieHellmanLightContext.java
===================================================================
--- trunk/freenet/src/freenet/crypt/DiffieHellmanLightContext.java              
                (rev 0)
+++ trunk/freenet/src/freenet/crypt/DiffieHellmanLightContext.java      
2007-09-29 19:29:05 UTC (rev 15396)
@@ -0,0 +1,120 @@
+package freenet.crypt;
+
+import java.math.BigInteger;
+
+import freenet.support.HexUtil;
+import freenet.support.Logger;
+
+import net.i2p.util.NativeBigInteger;
+
+public class DiffieHellmanLightContext {
+
+       /** My exponent.*/
+       public final NativeBigInteger myExponent;
+       /** My exponential. This is group.g ^ myExponent mod group.p */
+       public final NativeBigInteger myExponential;
+       /** The signature of (g^r, grpR) */
+       public DSASignature signature = null;
+       
+       private final boolean logMINOR;
+
+       public String toString() {
+               StringBuffer sb = new StringBuffer();
+               sb.append(super.toString());
+               sb.append(": myExponent=");
+               sb.append(myExponent.toHexString());
+               sb.append(", myExponential=");
+               sb.append(myExponential.toHexString());
+               
+               return sb.toString();
+       }
+
+       public DiffieHellmanLightContext(NativeBigInteger myExponent, 
NativeBigInteger myExponential) {
+               this.myExponent = myExponent;
+               this.myExponential = myExponential;
+               logMINOR = Logger.shouldLog(Logger.MINOR, this);
+       }
+       
+       public void setSignature(DSASignature sig) {
+               this.signature = sig;
+       }
+       
+       /*
+        * Calling the following is costy; avoid
+        */
+       public NativeBigInteger getHMACKey(NativeBigInteger peerExponential, 
DHGroup group) {
+               BigInteger P = group.getP();
+               NativeBigInteger sharedSecret =
+                       (NativeBigInteger) peerExponential.modPow(myExponent, 
P);
+
+               if(logMINOR) {
+                       Logger.minor(this, "P: "+HexUtil.biToHex(P));
+                       Logger.minor(this, "My exponent: 
"+myExponent.toHexString());
+                       Logger.minor(this, "My exponential: 
"+myExponential.toHexString());
+                       Logger.minor(this, "Peer's exponential: 
"+peerExponential.toHexString());
+                       Logger.minor(this, "g^ir mod p = " + 
sharedSecret.toHexString());
+               }
+               
+               return sharedSecret;
+       }
+}
+package freenet.crypt;
+
+import java.math.BigInteger;
+
+import freenet.support.HexUtil;
+import freenet.support.Logger;
+
+import net.i2p.util.NativeBigInteger;
+
+public class DiffieHellmanLightContext {
+
+       /** My exponent.*/
+       public final NativeBigInteger myExponent;
+       /** My exponential. This is group.g ^ myExponent mod group.p */
+       public final NativeBigInteger myExponential;
+       /** The signature of (g^r, grpR) */
+       public DSASignature signature = null;
+       
+       private final boolean logMINOR;
+
+       public String toString() {
+               StringBuffer sb = new StringBuffer();
+               sb.append(super.toString());
+               sb.append(": myExponent=");
+               sb.append(myExponent.toHexString());
+               sb.append(", myExponential=");
+               sb.append(myExponential.toHexString());
+               
+               return sb.toString();
+       }
+
+       public DiffieHellmanLightContext(NativeBigInteger myExponent, 
NativeBigInteger myExponential) {
+               this.myExponent = myExponent;
+               this.myExponential = myExponential;
+               logMINOR = Logger.shouldLog(Logger.MINOR, this);
+       }
+       
+       public void setSignature(DSASignature sig) {
+               this.signature = sig;
+       }
+       
+       /*
+        * Calling the following is costy; avoid
+        */
+       public NativeBigInteger getHMACKey(NativeBigInteger peerExponential, 
DHGroup group) {
+               BigInteger P = group.getP();
+               NativeBigInteger sharedSecret =
+                       (NativeBigInteger) peerExponential.modPow(myExponent, 
P);
+
+               if(logMINOR) {
+                       Logger.minor(this, "P: "+HexUtil.biToHex(P));
+                       Logger.minor(this, "My exponent: 
"+myExponent.toHexString());
+                       Logger.minor(this, "My exponential: 
"+myExponential.toHexString());
+                       Logger.minor(this, "Peer's exponential: 
"+peerExponential.toHexString());
+                       Logger.minor(this, "g^ir mod p = " + 
sharedSecret.toHexString());
+               }
+               
+               return sharedSecret;
+       }
+}
\ No newline at end of file

Reply via email to