Author: nextgens Date: 2008-01-28 10:22:33 +0000 (Mon, 28 Jan 2008) New Revision: 17343
Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java Log: JFK: explain why we are doing the things right ... and why we are immune to hashmap DoSes (https://bugs.freenetproject.org/view.php?id=1604) Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java =================================================================== --- trunk/freenet/src/freenet/node/FNPPacketMangler.java 2008-01-28 09:31:08 UTC (rev 17342) +++ trunk/freenet/src/freenet/node/FNPPacketMangler.java 2008-01-28 10:22:33 UTC (rev 17343) @@ -1034,8 +1034,8 @@ System.arraycopy(payload, inputOffset, authenticator, 0, HASH_LENGTH); inputOffset += HASH_LENGTH; - // FIXME: check the cache before or after the hmac verification ? - // is it cheaper to wait for the lock on authenticatorCache or to verify the hmac ? + // We *WANT* to check the hmac before we do the lookup on the hashmap + // @see https://bugs.freenetproject.org/view.php?id=1604 HMAC mac = new HMAC(SHA256.getInstance()); if(!mac.verify(getTransientKey(), assembleJFKAuthenticator(responderExponential, initiatorExponential, nonceResponder, nonceInitiator, replyTo.getAddress().getAddress()) , authenticator)) { if(shouldLogErrorInHandshake(t1))
