Changeset 6a3e5ec


Ignore:
Timestamp:
Feb 17, 2014 12:56:08 PM (6 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
45997fd
Parents:
18cbf3d
Message:
  • SSU:
    • Use session key for relay request/response if available (ticket #1206)
    • Remove packetAuthTime stats
    • Misc. cleanups and logging
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • history.txt

    r18cbf3d r6a3e5ec  
    44     MessageDigest instead of BC Digest (ticket #1189)
    55   - Use JVM HmacSHA256 instead of I2PHMAC for Syndie since it is standard
     6 * SSU:
     7   - Use session key for relay request/response if available (ticket #1206)
     8   - Remove packetAuthTime stats
    69
    7102014-02-14 zzz
  • router/java/src/net/i2p/router/RouterVersion.java

    r18cbf3d r6a3e5ec  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 5;
     21    public final static long BUILD = 6;
    2222
    2323    /** for example "-test" */
  • router/java/src/net/i2p/router/transport/udp/IntroductionManager.java

    r18cbf3d r6a3e5ec  
    412412
    413413        _context.statManager().addRateData("udp.receiveRelayRequest", 1, 0);
    414         byte key[] = new byte[SessionKey.KEYSIZE_BYTES];
    415         reader.getRelayRequestReader().readAliceIntroKey(key, 0);
    416         SessionKey aliceIntroKey = new SessionKey(key);
     414
    417415        // send that peer an introduction for alice
    418416        _transport.send(_builder.buildRelayIntro(alice, charlie, reader.getRelayRequestReader()));
     417
    419418        // send alice back charlie's info
    420         _transport.send(_builder.buildRelayResponse(alice, charlie, reader.getRelayRequestReader().readNonce(), aliceIntroKey));
     419        // lookup session so we can use session key if available
     420        SessionKey cipherKey = null;
     421        SessionKey macKey = null;
     422        PeerState aliceState = _transport.getPeerState(alice);
     423        if (aliceState != null) {
     424            // established session (since 0.9.12)
     425            cipherKey = aliceState.getCurrentCipherKey();
     426            macKey = aliceState.getCurrentMACKey();
     427        }
     428        if (cipherKey == null || macKey == null) {
     429            // no session, use intro key (was only way before 0.9.12)
     430            byte key[] = new byte[SessionKey.KEYSIZE_BYTES];
     431            reader.getRelayRequestReader().readAliceIntroKey(key, 0);
     432            cipherKey = new SessionKey(key);
     433            macKey = cipherKey;
     434            if (_log.shouldLog(Log.INFO))
     435                _log.info("Sending relay response (w/ intro key) to " + alice);
     436        } else {
     437            if (_log.shouldLog(Log.INFO))
     438                _log.info("Sending relay response (in-session) to " + alice);
     439        }
     440        _transport.send(_builder.buildRelayResponse(alice, charlie, reader.getRelayRequestReader().readNonce(),
     441                                                    cipherKey, macKey));
    421442    }
    422443
  • router/java/src/net/i2p/router/transport/udp/OutboundEstablishState.java

    r18cbf3d r6a3e5ec  
    9797     *  @param claimedAddress an IP/port based RemoteHostId, or null if unknown
    9898     *  @param remoteHostId non-null, == claimedAddress if direct, or a hash-based one if indirect
     99     *  @param introKey Bob's introduction key, as published in the netdb
    99100     *  @param addr non-null
    100101     */
     
    164165   
    165166    public RouterIdentity getRemoteIdentity() { return _remotePeer; }
     167
     168    /**
     169     *  Bob's introduction key, as published in the netdb
     170     */
    166171    public SessionKey getIntroKey() { return _introKey; }
    167172   
     
    328333    private void decryptSignature() {
    329334        if (_receivedEncryptedSignature == null) throw new NullPointerException("encrypted signature is null! this=" + this.toString());
    330         else if (_sessionKey == null) throw new NullPointerException("SessionKey is null!");
    331         else if (_receivedIV == null) throw new NullPointerException("IV is null!");
     335        if (_sessionKey == null) throw new NullPointerException("SessionKey is null!");
     336        if (_receivedIV == null) throw new NullPointerException("IV is null!");
    332337        _context.aes().decrypt(_receivedEncryptedSignature, 0, _receivedEncryptedSignature, 0,
    333338                               _sessionKey, _receivedIV, _receivedEncryptedSignature.length);
  • router/java/src/net/i2p/router/transport/udp/PacketBuilder.java

    r18cbf3d r6a3e5ec  
    958958     * @return ready to send packet, or null if there was a problem
    959959     */
    960     public UDPPacket buildPeerTestToAlice(InetAddress aliceIP, int alicePort, SessionKey aliceIntroKey, SessionKey charlieIntroKey, long nonce) {
     960    public UDPPacket buildPeerTestToAlice(InetAddress aliceIP, int alicePort,
     961                                          SessionKey aliceIntroKey, SessionKey charlieIntroKey, long nonce) {
    961962        UDPPacket packet = buildPacketHeader(PEER_TEST_FLAG_BYTE);
    962963        DatagramPacket pkt = packet.getPacket();
     
    10321033     * @return ready to send packet, or null if there was a problem
    10331034     */
    1034     public UDPPacket buildPeerTestToBob(InetAddress bobIP, int bobPort, InetAddress aliceIP, int alicePort, SessionKey aliceIntroKey, long nonce, SessionKey bobCipherKey, SessionKey bobMACKey) {
     1035    public UDPPacket buildPeerTestToBob(InetAddress bobIP, int bobPort, InetAddress aliceIP, int alicePort,
     1036                                        SessionKey aliceIntroKey, long nonce,
     1037                                        SessionKey bobCipherKey, SessionKey bobMACKey) {
    10351038        UDPPacket packet = buildPacketHeader(PEER_TEST_FLAG_BYTE);
    10361039        DatagramPacket pkt = packet.getPacket();
     
    11011104                continue;
    11021105            }
    1103             rv.add(buildRelayRequest(iaddr, iport, ikey, tag, ourIntroKey, state.getIntroNonce(), true));
     1106
     1107            // lookup session so we can use session key if available
     1108            SessionKey cipherKey = null;
     1109            SessionKey macKey = null;
     1110            // first look up by ikey, it is equal to router hash for now
     1111            PeerState bobState = transport.getPeerState(Hash.create(ikey));
     1112            if (bobState == null) {
     1113                RemoteHostId rhid = new RemoteHostId(iaddr.getAddress(), iport);
     1114                bobState = transport.getPeerState(rhid);
     1115            }
     1116            if (bobState != null) {
     1117                // established session (since 0.9.12)
     1118                cipherKey = bobState.getCurrentCipherKey();
     1119                macKey = bobState.getCurrentMACKey();
     1120            }
     1121            if (cipherKey == null || macKey == null) {
     1122                // no session, use intro key (was only way before 0.9.12)
     1123                cipherKey = new SessionKey(ikey);
     1124                macKey = cipherKey;
     1125                if (_log.shouldLog(Log.INFO))
     1126                    _log.info("Sending relay request (w/ intro key) to " + iaddr + ":" + iport);
     1127            } else {
     1128                if (_log.shouldLog(Log.INFO))
     1129                    _log.info("Sending relay request (in-session) to " + iaddr + ":" + iport);
     1130            }
     1131
     1132            rv.add(buildRelayRequest(iaddr, iport, cipherKey, macKey, tag,
     1133                                     ourIntroKey, state.getIntroNonce()));
    11041134        }
    11051135        return rv;
     
    11111141     *
    11121142     */
    1113     private UDPPacket buildRelayRequest(InetAddress introHost, int introPort, byte introKey[],
    1114                                         long introTag, SessionKey ourIntroKey, long introNonce, boolean encrypt) {
     1143    private UDPPacket buildRelayRequest(InetAddress introHost, int introPort,
     1144                                        SessionKey cipherKey, SessionKey macKey,
     1145                                        long introTag, SessionKey ourIntroKey, long introNonce) {
    11151146        UDPPacket packet = buildPacketHeader(PEER_RELAY_REQUEST_FLAG_BYTE);
    11161147        DatagramPacket pkt = packet.getPacket();
     
    11211152        byte ourIP[] = getOurExplicitIP();
    11221153        int ourPort = getOurExplicitPort();
    1123        
    1124         if (_log.shouldLog(Log.INFO))
    1125             _log.info("Sending intro relay request to " + introHost + ":" + introPort); // + " regarding " + state.getRemoteIdentity().calculateHash().toBase64());
    11261154       
    11271155        // now for the body
     
    11611189        off = pad2(data, off);
    11621190        pkt.setLength(off);
    1163         if (encrypt)
    1164             authenticate(packet, new SessionKey(introKey), new SessionKey(introKey));
     1191        authenticate(packet, cipherKey, macKey);
    11651192        setTo(packet, introHost, introPort);
    11661193        packet.setMessageType(TYPE_RREQ);
     
    12151242    private static final byte PEER_RELAY_RESPONSE_FLAG_BYTE = (UDPPacket.PAYLOAD_TYPE_RELAY_RESPONSE << 4);
    12161243   
    1217     UDPPacket buildRelayResponse(RemoteHostId alice, PeerState charlie, long nonce, SessionKey aliceIntroKey) {
     1244    UDPPacket buildRelayResponse(RemoteHostId alice, PeerState charlie, long nonce,
     1245                                 SessionKey cipherKey, SessionKey macKey) {
    12181246        InetAddress aliceAddr = null;
    12191247        try {
     
    12291257       
    12301258        if (_log.shouldLog(Log.INFO))
    1231             _log.info("Sending relay response to " + alice + " for " + charlie + " with alice's intro key " + aliceIntroKey);
     1259            _log.info("Sending relay response to " + alice + " for " + charlie + " with key " + cipherKey);
    12321260
    12331261        // now for the body
     
    12561284        off = pad2(data, off);
    12571285        pkt.setLength(off);
    1258         authenticate(packet, aliceIntroKey, aliceIntroKey);
     1286        authenticate(packet, cipherKey, macKey);
    12591287        setTo(packet, aliceAddr, alice.getPort());
    12601288        packet.setMessageType(TYPE_RESP);
     
    14171445     */
    14181446    private void authenticate(UDPPacket packet, SessionKey cipherKey, SessionKey macKey, byte[] iv) {
    1419         long before = System.currentTimeMillis();
     1447        //long before = System.currentTimeMillis();
    14201448        DatagramPacket pkt = packet.getPacket();
    14211449        int off = pkt.getOffset();
     
    14551483        SimpleByteCache.release(ba);
    14561484        System.arraycopy(iv, 0, data, hmacOff + UDPPacket.MAC_SIZE, UDPPacket.IV_SIZE);
    1457         long timeToAuth = System.currentTimeMillis() - before;
    1458         _context.statManager().addRateData("udp.packetAuthTime", timeToAuth, timeToAuth);
    1459         if (timeToAuth > 100)
    1460             _context.statManager().addRateData("udp.packetAuthTimeSlow", timeToAuth, timeToAuth);
     1485        // avg. 0.06 ms on a 2005-era PC
     1486        //long timeToAuth = System.currentTimeMillis() - before;
     1487        //_context.statManager().addRateData("udp.packetAuthTime", timeToAuth, timeToAuth);
     1488        //if (timeToAuth > 100)
     1489        //    _context.statManager().addRateData("udp.packetAuthTimeSlow", timeToAuth, timeToAuth);
    14611490    }
    14621491}
  • router/java/src/net/i2p/router/transport/udp/PeerTestManager.java

    r18cbf3d r6a3e5ec  
    267267            if (_log.shouldLog(Log.DEBUG))
    268268                _log.debug("Sending test to Bob: " + test);
    269             _transport.send(_packetBuilder.buildPeerTestFromAlice(test.getBobIP(), test.getBobPort(), test.getBobCipherKey(), test.getBobMACKey(), //_bobIntroKey,
    270                             test.getNonce(), _transport.getIntroKey()));
     269            _transport.send(_packetBuilder.buildPeerTestFromAlice(test.getBobIP(), test.getBobPort(),
     270                                                                  test.getBobCipherKey(), test.getBobMACKey(), //_bobIntroKey,
     271                                                                  test.getNonce(), _transport.getIntroKey()));
    271272        } else {
    272273            _currentTest = null;
     
    280281            if (_log.shouldLog(Log.DEBUG))
    281282                _log.debug("Sending test to Charlie: " + test);
    282             _transport.send(_packetBuilder.buildPeerTestFromAlice(test.getCharlieIP(), test.getCharliePort(), test.getCharlieIntroKey(),
    283                             test.getNonce(), _transport.getIntroKey()));
     283            _transport.send(_packetBuilder.buildPeerTestFromAlice(test.getCharlieIP(), test.getCharliePort(),
     284                                                                  test.getCharlieIntroKey(),
     285                                                                  test.getNonce(), _transport.getIntroKey()));
    284286        } else {
    285287            _currentTest = null;
     
    696698            }
    697699
    698             UDPPacket packet = _packetBuilder.buildPeerTestToBob(bobIP, from.getPort(), aliceIP, alicePort, aliceIntroKey, nonce, state.getBobCipherKey(), state.getBobMACKey());
     700            UDPPacket packet = _packetBuilder.buildPeerTestToBob(bobIP, from.getPort(), aliceIP, alicePort,
     701                                                                 aliceIntroKey, nonce,
     702                                                                 state.getBobCipherKey(), state.getBobMACKey());
    699703            _transport.send(packet);
    700704           
    701             packet = _packetBuilder.buildPeerTestToAlice(aliceIP, alicePort, aliceIntroKey, _transport.getIntroKey(), nonce);
     705            packet = _packetBuilder.buildPeerTestToAlice(aliceIP, alicePort, aliceIntroKey,
     706                                                         _transport.getIntroKey(), nonce);
    702707            _transport.send(packet);
    703708        } catch (UnknownHostException uhe) {
  • router/java/src/net/i2p/router/transport/udp/UDPPacket.java

    r18cbf3d r6a3e5ec  
    88
    99import net.i2p.I2PAppContext;
     10import net.i2p.data.Base64;
    1011import net.i2p.data.DataHelper;
    1112import net.i2p.data.SessionKey;
     13import net.i2p.router.RouterContext;
    1214import net.i2p.router.util.CDQEntry;
    1315import net.i2p.util.Addresses;
     
    207209
    208210            eq = _context.hmac().verify(macKey, _validateBuf, 0, off, _data, _packet.getOffset(), MAC_SIZE);
    209             /*
    210             Hash hmac = _context.hmac().calculate(macKey, buf.getData(), 0, off);
    211 
    212             if (_log.shouldLog(Log.DEBUG)) {
    213                 StringBuilder str = new StringBuilder(128);
    214                 str.append(_packet.getLength()).append(" byte packet received, payload length ");
    215                 str.append(payloadLength);
    216                 str.append("\nIV: ").append(Base64.encode(buf.getData(), payloadLength, IV_SIZE));
    217                 str.append("\nIV2: ").append(Base64.encode(_data, MAC_SIZE, IV_SIZE));
    218                 str.append("\nlen: ").append(DataHelper.fromLong(buf.getData(), payloadLength + IV_SIZE, 2));
    219                 str.append("\nMAC key: ").append(macKey.toBase64());
    220                 str.append("\ncalc HMAC: ").append(Base64.encode(hmac.getData()));
    221                 str.append("\nread HMAC: ").append(Base64.encode(_data, _packet.getOffset(), MAC_SIZE));
    222                 str.append("\nraw: ").append(Base64.encode(_data, _packet.getOffset(), _packet.getLength()));
    223                 _log.debug(str.toString());
     211
     212            if (!eq) {
     213                // this is relatively frequent, as you can get old keys in PacketHandler.
     214                Log log = _context.logManager().getLog(UDPPacket.class);
     215                if (log.shouldLog(Log.INFO)) {
     216                    byte[] calc = new byte[32];
     217                    _context.hmac().calculate(macKey, _validateBuf, 0, off, calc, 0);
     218                    StringBuilder str = new StringBuilder(512);
     219                    str.append("Bad HMAC:\n\t");
     220                    str.append(_packet.getLength()).append(" byte pkt, ");
     221                    str.append(payloadLength).append(" byte payload");
     222                    str.append("\n\tFrom: ").append(getRemoteHost().toString());
     223                    str.append("\n\tIV:   ").append(Base64.encode(_validateBuf, payloadLength, IV_SIZE));
     224                    str.append("\n\tIV2:  ").append(Base64.encode(_data, MAC_SIZE, IV_SIZE));
     225                    str.append("\n\tGiven Len: ").append(DataHelper.fromLong(_validateBuf, payloadLength + IV_SIZE, 2));
     226                    str.append("\n\tCalc HMAC: ").append(Base64.encode(calc, 0, MAC_SIZE));
     227                    str.append("\n\tRead HMAC: ").append(Base64.encode(_data, _packet.getOffset(), MAC_SIZE));
     228                    str.append("\n\tUsing key: ").append(macKey.toBase64());
     229                    if (DataHelper.eq(macKey.getData(), 0, ((RouterContext)_context).routerHash().getData(), 0, 32))
     230                        str.append(" (Intro)");
     231                    else
     232                        str.append(" (Session)");
     233                    str.append("\n\tRaw:       ").append(Base64.encode(_data, _packet.getOffset(), _packet.getLength()));
     234                    log.info(str.toString(), new Exception());
     235                }
    224236            }
    225             eq = DataHelper.eq(hmac.getData(), 0, _data, _packet.getOffset(), MAC_SIZE);
    226              */
    227237        } else {
    228238            //if (_log.shouldLog(Log.WARN))
  • router/java/src/net/i2p/router/transport/udp/UDPPacketReader.java

    r18cbf3d r6a3e5ec  
    5252    }
    5353   
    54     public void initialize(byte message[], int payloadOffset, int payloadLength) {
     54    private void initialize(byte message[], int payloadOffset, int payloadLength) {
    5555        _message = message;
    5656        _payloadBeginOffset = payloadOffset;
     
    107107    @Override
    108108    public String toString() {
    109         switch (readPayloadType()) {
     109        int type = readPayloadType();
     110        switch (type) {
    110111            case UDPPacket.PAYLOAD_TYPE_DATA:
    111112                return _dataReader.toString();
     
    127128                return "Session destroyed packet";
    128129            default:
    129                 return "Other packet type...";
     130                return "Unknown packet type " + type;
    130131        }
    131132    }
  • router/java/src/net/i2p/router/transport/udp/UDPTransport.java

    r18cbf3d r6a3e5ec  
    262262        _context.statManager().createRateStat("udp.dropPeerConsecutiveFailures", "How many consecutive failed sends to a peer did we attempt before giving up and reestablishing a new session (lifetime is inactivity perood)", "udp", RATES);
    263263        // following are for PacketBuider
    264         _context.statManager().createRateStat("udp.packetAuthTime", "How long it takes to encrypt and MAC a packet for sending", "udp", RATES);
    265         _context.statManager().createRateStat("udp.packetAuthTimeSlow", "How long it takes to encrypt and MAC a packet for sending (when its slow)", "udp", RATES);
     264        //_context.statManager().createRateStat("udp.packetAuthTime", "How long it takes to encrypt and MAC a packet for sending", "udp", RATES);
     265        //_context.statManager().createRateStat("udp.packetAuthTimeSlow", "How long it takes to encrypt and MAC a packet for sending (when its slow)", "udp", RATES);
    266266
    267267        _context.simpleScheduler().addPeriodicEvent(new PingIntroducers(), MIN_EXPIRE_TIMEOUT * 3 / 4);
Note: See TracChangeset for help on using the changeset viewer.