A group isn't a single number... read the wikipedia page on DSA.
On Sunday 09 September 2007 23:15, you wrote:
> Author: nextgens
> Date: 2007-09-09 22:15:49 +0000 (Sun, 09 Sep 2007)
> New Revision: 15096
>
> Modified:
> branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> Log:
> More work on JFK support (message2 parsing should be tested)... Fix a few
bugs I've introduced
>
> Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> ===================================================================
> --- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> 2007-09-09
21:19:34 UTC (rev 15095)
> +++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> 2007-09-09
22:15:49 UTC (rev 15096)
> @@ -522,7 +522,7 @@
> byte[] hisExponential = new
> byte[DiffieHellman.modulusLengthInBytes()];
> System.arraycopy(payload, 4 + NONCE_SIZE, hisExponential, 0,
DiffieHellman.modulusLengthInBytes());
>
> - NativeBigInteger _hisExponential = new
> NativeBigInteger(hisExponential);
> + NativeBigInteger _hisExponential = new NativeBigInteger(1,
hisExponential);
> if(_hisExponential.compareTo(NativeBigInteger.ONE) > 0)
> sendMessage2(nonceInitiator, hisExponential, pn,
> replyTo);
> else
> @@ -548,7 +548,7 @@
> Logger.error(this, "HUH ??, please report it :"+
> e.getMessage(),e);
> return;
> }
> - byte[] authenticator =
> computeHashedJFKAuthenticator(myExponential,
myNonce, nonceInitator, idR);
> + byte[] authenticator =
> computeHashedJFKAuthenticator(myExponential,
myNonce, nonceInitator, replyTo.getAddress().getAddress());
>
> byte[] message2 = new
byte[NONCE_SIZE*2+DiffieHellman.modulusLengthInBytes()+myDHGroup.length+
> signature.length+
> @@ -561,6 +561,10 @@
> offset += NONCE_SIZE;
> System.arraycopy(myExponential, 0, message2, offset,
myExponential.length);
> offset += myExponential.length;
> + // TODO: are groups modulo something ?
> + message2[offset++] =
> Integer.valueOf(myDHGroup.length).byteValue();
> + System.arraycopy(myDHGroup, 0, message2, offset,
> myDHGroup.length);
> + offset += myDHGroup.length;
> System.arraycopy(idR, 0, message2, offset, idR.length);
> offset += idR.length;
>
> @@ -585,9 +589,9 @@
> System.arraycopy(gR,0,authData,offset,gR.length);
> offset += gR.length;
> System.arraycopy(nR,0,authData,offset,nR.length);
> - offset += nR.length+1;
> + offset += nR.length;
> System.arraycopy(nI,0,authData,offset,nI.length);
> - offset += nI.length+1;
> + offset += nI.length;
> System.arraycopy(address, 0, authData, offset, address.length);
>
> /*
> @@ -624,47 +628,61 @@
> private void ProcessMessage2(byte[] payload,PeerNode pn,Peer
> replyTo,int
phase)
> {
> long t1=System.currentTimeMillis();
> + // FIXME: follow the spec and send IDr' ?
> + if(payload.length-3 < NONCE_SIZE +
> DiffieHellman.modulusLengthInBytes())
{
> + Logger.error(this, "Packet too short from "+pn+":
> "+payload.length+"
after decryption in JFK("+phase+"), should be "+(NONCE_SIZE +
DiffieHellman.modulusLengthInBytes()));
> + return;
> + }
>
> - byte[] Ni = iNonce();
> - byte[] Nr = rNonce();
> - byte[] DHExpr = Gr(pn);
> - byte[] authData=new byte[Ni.length+Nr.length+DHExpr.length+1];
> - System.arraycopy(Ni,0,authData,0,Ni.length);
> - System.arraycopy(Nr,0,authData,Ni.length+1,Nr.length);
> -
> System.arraycopy(DHExpr,0,authData,Ni.length+Nr.length+1,DHExpr.length);
> - byte[] signData=new byte[DHExpr.length+1];
> - System.arraycopy(DHExpr,0,signData,0,DHExpr.length);
> - //Compute the Signature:DSA
> - PKR=new DSAPrivateKey(g, r);
> - //Params: Data,DSAGroup,DSAPrivateKey,randomSource
> - DSASignature sig = crypto.sign(signData,g,PKR,r);
> - byte[] r = sig.getRBytes(Node.SIGNATURE_PARAMETER_LENGTH);
> - byte[] s = sig.getSBytes(Node.SIGNATURE_PARAMETER_LENGTH);
> - Logger.minor(this, "
> r="+HexUtil.bytesToHex(sig.getR().toByteArray())+"
s="+HexUtil.bytesToHex(sig.getS().toByteArray()));
> - if(r.length > 255 || s.length > 255)
> - throw new IllegalStateException("R or S is too long:
r.length="+r.length+" s.length="+s.length);
> - //Data sent in the clear
> - byte[] unVerifiedData=new
> byte[Ni.length+Nr.length+DHExpr.length+1];
> - System.arraycopy(Ni,0,unVerifiedData,0,Ni.length);
> - System.arraycopy(Nr,0,unVerifiedData,Ni.length+1,Nr.length);
> -
System.arraycopy(DHExpr,0,unVerifiedData,Ni.length+Nr.length+1,DHExpr.length);
> - /*
> - * Compute the authenticator
> - * Used by the responder in Message4 to verify the authenticity
> of the
message
> - * The same authenticator is used in Message3 and identified
> using the
DSAPrivateKey
> - */
> - HKrGenerator trKey=new HKrGenerator(node);
> - byte[] hkr=trKey.getNewHKr();
> - HMAC hash=new HMAC(SHA1.getInstance());
> - byte[] authenticator = hash.mac(hkr,authData,hkr.length);
> - authenticatorCache.put(PKR,authenticator);
> - byte[] Message2=new
byte[authenticator.length+unVerifiedData.length+s.length+r.length+1];
> - byte[] signedData=new byte[s.length+r.length];
> - System.arraycopy(signedData,0,Message2,0,signedData.length);
> -
System.arraycopy(unVerifiedData,0,Message2,signData.length+1,unVerifiedData.length);
> -
System.arraycopy(authenticator,0,Message2,signedData.length+unVerifiedData.length+1,authenticator.length);
> - //Send params:Version,negType,phase,data,peernode,peer
> - sendMessage1or2Packet(1,2,1,Message2,pn,replyTo);
> + int inputOffset=3;
> + byte[] nonceInitiator = new byte[NONCE_SIZE];
> + System.arraycopy(payload, inputOffset, nonceInitiator, 0,
> NONCE_SIZE);
> + inputOffset += NONCE_SIZE;
> + byte[] nonceResponder = new byte[NONCE_SIZE];
> + System.arraycopy(payload, inputOffset, nonceResponder, 0,
> NONCE_SIZE);
> + inputOffset += NONCE_SIZE;
> +
> + byte[] hisExponential = new
> byte[DiffieHellman.modulusLengthInBytes()];
> + System.arraycopy(payload, inputOffset, hisExponential, 0,
DiffieHellman.modulusLengthInBytes());
> + inputOffset += DiffieHellman.modulusLengthInBytes();
> + NativeBigInteger _hisExponential = new NativeBigInteger(1,
hisExponential);
> + if(_hisExponential.compareTo(NativeBigInteger.ONE) < 1) {
> + Logger.error(this, "We can't accept the exponential
> "+pn+" sent us; it's
smaller than 1!!");
> + return;
> + }
> +
> + int hisGroupLength = payload[inputOffset++];
> + // FIXME: arbitrary
> + if((hisGroupLength < 1) || (hisGroupLength > 256)) {
> + Logger.error(this, "The proposed group length is too
> big!
("+hisGroupLength+')');
> + return;
> + }
> + byte[] hisGroup = new byte[hisGroupLength];
> + System.arraycopy(payload, inputOffset, hisGroup, 0,
> hisGroupLength);
> + inputOffset += hisGroupLength;
> +
> + //TODO: implement
> + byte[] hisID = new byte[0];
> +
> + byte[] remoteSignedExponentials = new
byte[Node.SIGNATURE_PARAMETER_LENGTH];
> + System.arraycopy(payload, inputOffset,
> remoteSignedExponentials, 0,
Node.SIGNATURE_PARAMETER_LENGTH);
> + inputOffset += Node.SIGNATURE_PARAMETER_LENGTH;
> + // At that point we don't know if it's "him"; let's check it out
> + byte[] locallyExpectedExponentials = new
byte[hisExponential.length+hisGroupLength];
> + System.arraycopy(hisExponential, 0,
> locallyExpectedExponentials, 0,
hisExponential.length);
> + System.arraycopy(hisGroup, 0, locallyExpectedExponentials,
hisExponential.length, hisGroupLength);
> + DSASignature signatureToCheck = new DSASignature(new
String(remoteSignedExponentials));
> + if(!DSA.verify(pn.peerPubKey, signatureToCheck, new
NativeBigInteger(1,locallyExpectedExponentials), false)) {
> + Logger.error(this, "The signature verification has
> failed!!");
> + return;
> + }
> +
> + byte[] remoteHashedAuthenticator = new byte[HASH_LENGTH];
> + System.arraycopy(payload, inputOffset,
> remoteHashedAuthenticator, 0,
HASH_LENGTH);
> + inputOffset += HASH_LENGTH;
> + // FIXME: maybe the cache should be checked before verifying
> the
signature
> + sendMessage3Packet(1, 2, 3, nonceInitiator, nonceResponder,
hisExponential, remoteHashedAuthenticator, pn, replyTo);
> +
> long t2=System.currentTimeMillis();
> if((t2-t1)>500)
> Logger.error(this,"Message1 timeout error:Sending
> packet
for"+pn.getPeer());
> @@ -768,7 +786,7 @@
>
> byte[] address = replyTo.getAddress().getAddress();
> // FIXME: feed computeJFKAuthenticator with the right
> parameters ^-^
> - sendMessage3Packet(1,2,2,data,pn,replyTo,
computeHashedJFKAuthenticator(null, null, null, null));
> + sendMessage3Packet(1,2,2,data,null,null, null,
computeHashedJFKAuthenticator(null, null, null, null), pn, replyTo);
> }
>
> /*
> @@ -886,12 +904,16 @@
> * @param The peer to which we need to send the packet
> */
>
> - private void sendMessage3Packet(int version,int negType,int
> phase,byte[]
data,PeerNode pn,Peer replyTo, byte[] hashedAuthenticator)
> + private void sendMessage3Packet(int version,int negType,int
> phase,byte[]
nonceInitiator,byte[] nonceResponder,byte[] hisExponential, byte[]
hashedAuthenticator, PeerNode pn, Peer replyTo)
> {
> long now = System.currentTimeMillis();
> long delta = now - pn.lastSentPacketTime();
> - byte[] output = new byte[data.length+3];
> - if((data.length+3) > sock.getMaxPacketSize())
> +
> + DiffieHellmanLightContext dhContext =
> getLightDiffieHellmanContext();
> + byte[] ourExponential = dhContext.myExponential.toByteArray();
> +
> + byte[] output = new byte[nonceInitiator.length+3];
> + if((nonceInitiator.length+3) > sock.getMaxPacketSize())
> throw new IllegalStateException("Packet length too
> long");
> /*
> * The key for looking up messages in the cache is the
> authenticator
> @@ -908,7 +930,7 @@
> }
> if(result != null) {
> synchronized(message3Cache) {
> -
> message3Cache.put(hashedAuthenticator,data);
> +
> message3Cache.put(hashedAuthenticator,nonceInitiator);
> }
> // We don't want to keep the lock while sending
> try
> @@ -922,7 +944,7 @@
> sendProcessMessage3(pn,replyTo,phase);
> }
> else if(phase==3){
> - message4Cache.put(hashedAuthenticator,data.toString());
> +
> message4Cache.put(hashedAuthenticator,nonceInitiator.toString());
> }
> else{
> Logger.error(this,"Wrong message");
> @@ -931,8 +953,8 @@
> output[0] = (byte) version;
> output[1] = (byte) negType;
> output[2] = (byte) phase;
> - System.arraycopy(data, 0, output, 3, data.length);
> - if(logMINOR) Logger.minor(this, "Sending auth packet for
> "+pn.getPeer()+"
(phase="+phase+", ver="+version+", nt="+negType+") (last packet
sent "+TimeUtil.formatTime(delta, 2, true)+" ago) to "+replyTo+"
data.length="+data.length);
> + System.arraycopy(nonceInitiator, 0, output, 3,
> nonceInitiator.length);
> + if(logMINOR) Logger.minor(this, "Sending auth packet for
> "+pn.getPeer()+"
(phase="+phase+", ver="+version+", nt="+negType+") (last packet
sent "+TimeUtil.formatTime(delta, 2, true)+" ago) to "+replyTo+"
data.length="+nonceInitiator.length);
> try
> {
> sendPacket(output,replyTo,pn,0);
>
> _______________________________________________
> cvs mailing list
> cvs at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20070921/4884752a/attachment.pgp>
