* Matthew Toseland <toad at amphibian.dyndns.org> [2007-09-21 13:09:41]:
> A group isn't a single number... read the wikipedia page on DSA.
We don't actually use the group we pass through iirc ... as we are
already sharing it. I use it just to ensure that we are sharing the same
and to avoid sending "nothing"... In message 2 we are supposed to send
S_R(g^r, grpinfoR) ... I don't think we want to send only S_R(g^r).
>
> On Sunday 09 September 2007 23:15, you wrote:
> > Author: nextgens
> > Date: 2007-09-09 22:15:49 +0000 (Sun, 09 Sep 2007)
> > New Revision: 15096
> >
> > Modified:
> > branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > Log:
> > More work on JFK support (message2 parsing should be tested)... Fix a few
> bugs I've introduced
> >
> > Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > ===================================================================
> > --- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > 2007-09-09
> 21:19:34 UTC (rev 15095)
> > +++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > 2007-09-09
> 22:15:49 UTC (rev 15096)
> > @@ -522,7 +522,7 @@
> > byte[] hisExponential = new
> > byte[DiffieHellman.modulusLengthInBytes()];
> > System.arraycopy(payload, 4 + NONCE_SIZE, hisExponential, 0,
> DiffieHellman.modulusLengthInBytes());
> >
> > - NativeBigInteger _hisExponential = new
> > NativeBigInteger(hisExponential);
> > + NativeBigInteger _hisExponential = new NativeBigInteger(1,
> hisExponential);
> > if(_hisExponential.compareTo(NativeBigInteger.ONE) > 0)
> > sendMessage2(nonceInitiator, hisExponential, pn,
> > replyTo);
> > else
> > @@ -548,7 +548,7 @@
> > Logger.error(this, "HUH ??, please report it :"+
> > e.getMessage(),e);
> > return;
> > }
> > - byte[] authenticator =
> > computeHashedJFKAuthenticator(myExponential,
> myNonce, nonceInitator, idR);
> > + byte[] authenticator =
> > computeHashedJFKAuthenticator(myExponential,
> myNonce, nonceInitator, replyTo.getAddress().getAddress());
> >
> > byte[] message2 = new
> byte[NONCE_SIZE*2+DiffieHellman.modulusLengthInBytes()+myDHGroup.length+
> > signature.length+
> > @@ -561,6 +561,10 @@
> > offset += NONCE_SIZE;
> > System.arraycopy(myExponential, 0, message2, offset,
> myExponential.length);
> > offset += myExponential.length;
> > + // TODO: are groups modulo something ?
> > + message2[offset++] =
> > Integer.valueOf(myDHGroup.length).byteValue();
> > + System.arraycopy(myDHGroup, 0, message2, offset,
> > myDHGroup.length);
> > + offset += myDHGroup.length;
> > System.arraycopy(idR, 0, message2, offset, idR.length);
> > offset += idR.length;
> >
> > @@ -585,9 +589,9 @@
> > System.arraycopy(gR,0,authData,offset,gR.length);
> > offset += gR.length;
> > System.arraycopy(nR,0,authData,offset,nR.length);
> > - offset += nR.length+1;
> > + offset += nR.length;
> > System.arraycopy(nI,0,authData,offset,nI.length);
> > - offset += nI.length+1;
> > + offset += nI.length;
> > System.arraycopy(address, 0, authData, offset, address.length);
> >
> > /*
> > @@ -624,47 +628,61 @@
> > private void ProcessMessage2(byte[] payload,PeerNode pn,Peer
> > replyTo,int
> phase)
> > {
> > long t1=System.currentTimeMillis();
> > + // FIXME: follow the spec and send IDr' ?
> > + if(payload.length-3 < NONCE_SIZE +
> > DiffieHellman.modulusLengthInBytes())
> {
> > + Logger.error(this, "Packet too short from "+pn+":
> > "+payload.length+"
> after decryption in JFK("+phase+"), should be "+(NONCE_SIZE +
> DiffieHellman.modulusLengthInBytes()));
> > + return;
> > + }
> >
> > - byte[] Ni = iNonce();
> > - byte[] Nr = rNonce();
> > - byte[] DHExpr = Gr(pn);
> > - byte[] authData=new byte[Ni.length+Nr.length+DHExpr.length+1];
> > - System.arraycopy(Ni,0,authData,0,Ni.length);
> > - System.arraycopy(Nr,0,authData,Ni.length+1,Nr.length);
> > -
> > System.arraycopy(DHExpr,0,authData,Ni.length+Nr.length+1,DHExpr.length);
> > - byte[] signData=new byte[DHExpr.length+1];
> > - System.arraycopy(DHExpr,0,signData,0,DHExpr.length);
> > - //Compute the Signature:DSA
> > - PKR=new DSAPrivateKey(g, r);
> > - //Params: Data,DSAGroup,DSAPrivateKey,randomSource
> > - DSASignature sig = crypto.sign(signData,g,PKR,r);
> > - byte[] r = sig.getRBytes(Node.SIGNATURE_PARAMETER_LENGTH);
> > - byte[] s = sig.getSBytes(Node.SIGNATURE_PARAMETER_LENGTH);
> > - Logger.minor(this, "
> > r="+HexUtil.bytesToHex(sig.getR().toByteArray())+"
> s="+HexUtil.bytesToHex(sig.getS().toByteArray()));
> > - if(r.length > 255 || s.length > 255)
> > - throw new IllegalStateException("R or S is too long:
> r.length="+r.length+" s.length="+s.length);
> > - //Data sent in the clear
> > - byte[] unVerifiedData=new
> > byte[Ni.length+Nr.length+DHExpr.length+1];
> > - System.arraycopy(Ni,0,unVerifiedData,0,Ni.length);
> > - System.arraycopy(Nr,0,unVerifiedData,Ni.length+1,Nr.length);
> > -
> System.arraycopy(DHExpr,0,unVerifiedData,Ni.length+Nr.length+1,DHExpr.length);
> > - /*
> > - * Compute the authenticator
> > - * Used by the responder in Message4 to verify the authenticity
> > of the
> message
> > - * The same authenticator is used in Message3 and identified
> > using the
> DSAPrivateKey
> > - */
> > - HKrGenerator trKey=new HKrGenerator(node);
> > - byte[] hkr=trKey.getNewHKr();
> > - HMAC hash=new HMAC(SHA1.getInstance());
> > - byte[] authenticator = hash.mac(hkr,authData,hkr.length);
> > - authenticatorCache.put(PKR,authenticator);
> > - byte[] Message2=new
> byte[authenticator.length+unVerifiedData.length+s.length+r.length+1];
> > - byte[] signedData=new byte[s.length+r.length];
> > - System.arraycopy(signedData,0,Message2,0,signedData.length);
> > -
> System.arraycopy(unVerifiedData,0,Message2,signData.length+1,unVerifiedData.length);
> > -
> System.arraycopy(authenticator,0,Message2,signedData.length+unVerifiedData.length+1,authenticator.length);
> > - //Send params:Version,negType,phase,data,peernode,peer
> > - sendMessage1or2Packet(1,2,1,Message2,pn,replyTo);
> > + int inputOffset=3;
> > + byte[] nonceInitiator = new byte[NONCE_SIZE];
> > + System.arraycopy(payload, inputOffset, nonceInitiator, 0,
> > NONCE_SIZE);
> > + inputOffset += NONCE_SIZE;
> > + byte[] nonceResponder = new byte[NONCE_SIZE];
> > + System.arraycopy(payload, inputOffset, nonceResponder, 0,
> > NONCE_SIZE);
> > + inputOffset += NONCE_SIZE;
> > +
> > + byte[] hisExponential = new
> > byte[DiffieHellman.modulusLengthInBytes()];
> > + System.arraycopy(payload, inputOffset, hisExponential, 0,
> DiffieHellman.modulusLengthInBytes());
> > + inputOffset += DiffieHellman.modulusLengthInBytes();
> > + NativeBigInteger _hisExponential = new NativeBigInteger(1,
> hisExponential);
> > + if(_hisExponential.compareTo(NativeBigInteger.ONE) < 1) {
> > + Logger.error(this, "We can't accept the exponential
> > "+pn+" sent us; it's
> smaller than 1!!");
> > + return;
> > + }
> > +
> > + int hisGroupLength = payload[inputOffset++];
> > + // FIXME: arbitrary
> > + if((hisGroupLength < 1) || (hisGroupLength > 256)) {
> > + Logger.error(this, "The proposed group length is too
> > big!
> ("+hisGroupLength+')');
> > + return;
> > + }
> > + byte[] hisGroup = new byte[hisGroupLength];
> > + System.arraycopy(payload, inputOffset, hisGroup, 0,
> > hisGroupLength);
> > + inputOffset += hisGroupLength;
> > +
> > + //TODO: implement
> > + byte[] hisID = new byte[0];
> > +
> > + byte[] remoteSignedExponentials = new
> byte[Node.SIGNATURE_PARAMETER_LENGTH];
> > + System.arraycopy(payload, inputOffset,
> > remoteSignedExponentials, 0,
> Node.SIGNATURE_PARAMETER_LENGTH);
> > + inputOffset += Node.SIGNATURE_PARAMETER_LENGTH;
> > + // At that point we don't know if it's "him"; let's check it out
> > + byte[] locallyExpectedExponentials = new
> byte[hisExponential.length+hisGroupLength];
> > + System.arraycopy(hisExponential, 0,
> > locallyExpectedExponentials, 0,
> hisExponential.length);
> > + System.arraycopy(hisGroup, 0, locallyExpectedExponentials,
> hisExponential.length, hisGroupLength);
> > + DSASignature signatureToCheck = new DSASignature(new
> String(remoteSignedExponentials));
> > + if(!DSA.verify(pn.peerPubKey, signatureToCheck, new
> NativeBigInteger(1,locallyExpectedExponentials), false)) {
> > + Logger.error(this, "The signature verification has
> > failed!!");
> > + return;
> > + }
> > +
> > + byte[] remoteHashedAuthenticator = new byte[HASH_LENGTH];
> > + System.arraycopy(payload, inputOffset,
> > remoteHashedAuthenticator, 0,
> HASH_LENGTH);
> > + inputOffset += HASH_LENGTH;
> > + // FIXME: maybe the cache should be checked before verifying
> > the
> signature
> > + sendMessage3Packet(1, 2, 3, nonceInitiator, nonceResponder,
> hisExponential, remoteHashedAuthenticator, pn, replyTo);
> > +
> > long t2=System.currentTimeMillis();
> > if((t2-t1)>500)
> > Logger.error(this,"Message1 timeout error:Sending
> > packet
> for"+pn.getPeer());
> > @@ -768,7 +786,7 @@
> >
> > byte[] address = replyTo.getAddress().getAddress();
> > // FIXME: feed computeJFKAuthenticator with the right
> > parameters ^-^
> > - sendMessage3Packet(1,2,2,data,pn,replyTo,
> computeHashedJFKAuthenticator(null, null, null, null));
> > + sendMessage3Packet(1,2,2,data,null,null, null,
> computeHashedJFKAuthenticator(null, null, null, null), pn, replyTo);
> > }
> >
> > /*
> > @@ -886,12 +904,16 @@
> > * @param The peer to which we need to send the packet
> > */
> >
> > - private void sendMessage3Packet(int version,int negType,int
> > phase,byte[]
> data,PeerNode pn,Peer replyTo, byte[] hashedAuthenticator)
> > + private void sendMessage3Packet(int version,int negType,int
> > phase,byte[]
> nonceInitiator,byte[] nonceResponder,byte[] hisExponential, byte[]
> hashedAuthenticator, PeerNode pn, Peer replyTo)
> > {
> > long now = System.currentTimeMillis();
> > long delta = now - pn.lastSentPacketTime();
> > - byte[] output = new byte[data.length+3];
> > - if((data.length+3) > sock.getMaxPacketSize())
> > +
> > + DiffieHellmanLightContext dhContext =
> > getLightDiffieHellmanContext();
> > + byte[] ourExponential = dhContext.myExponential.toByteArray();
> > +
> > + byte[] output = new byte[nonceInitiator.length+3];
> > + if((nonceInitiator.length+3) > sock.getMaxPacketSize())
> > throw new IllegalStateException("Packet length too
> > long");
> > /*
> > * The key for looking up messages in the cache is the
> > authenticator
> > @@ -908,7 +930,7 @@
> > }
> > if(result != null) {
> > synchronized(message3Cache) {
> > -
> > message3Cache.put(hashedAuthenticator,data);
> > +
> > message3Cache.put(hashedAuthenticator,nonceInitiator);
> > }
> > // We don't want to keep the lock while sending
> > try
> > @@ -922,7 +944,7 @@
> > sendProcessMessage3(pn,replyTo,phase);
> > }
> > else if(phase==3){
> > - message4Cache.put(hashedAuthenticator,data.toString());
> > +
> > message4Cache.put(hashedAuthenticator,nonceInitiator.toString());
> > }
> > else{
> > Logger.error(this,"Wrong message");
> > @@ -931,8 +953,8 @@
> > output[0] = (byte) version;
> > output[1] = (byte) negType;
> > output[2] = (byte) phase;
> > - System.arraycopy(data, 0, output, 3, data.length);
> > - if(logMINOR) Logger.minor(this, "Sending auth packet for
> > "+pn.getPeer()+"
> (phase="+phase+", ver="+version+", nt="+negType+") (last packet
> sent "+TimeUtil.formatTime(delta, 2, true)+" ago) to "+replyTo+"
> data.length="+data.length);
> > + System.arraycopy(nonceInitiator, 0, output, 3,
> > nonceInitiator.length);
> > + if(logMINOR) Logger.minor(this, "Sending auth packet for
> > "+pn.getPeer()+"
> (phase="+phase+", ver="+version+", nt="+negType+") (last packet
> sent "+TimeUtil.formatTime(delta, 2, true)+" ago) to "+replyTo+"
> data.length="+nonceInitiator.length);
> > try
> > {
> > sendPacket(output,replyTo,pn,0);
> >
> > _______________________________________________
> > cvs mailing list
> > cvs at freenetproject.org
> > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> >
> >
> _______________________________________________
> Devl mailing list
> Devl at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20070921/a3fdf7a6/attachment.pgp>
