Changeset 70a8ab1


Ignore:
Timestamp:
Jul 10, 2013 6:59:46 PM (7 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
71038c3
Parents:
f3c4a26
Message:
  • DHSessionKeyBuilder: Fix for session and mac keys if DH key is between 32 and 63 bytes. Was: NPE. Now: mac key is hash of ssession key. Won't ever happen. (Ticket #963) javadocs
File:
1 edited

Legend:

Unmodified
Added
Removed
  • router/java/src/net/i2p/router/transport/crypto/DHSessionKeyBuilder.java

    rf3c4a26 r70a8ab1  
    262262     * Retrieve the extra bytes beyond the session key resulting from the DH exchange.
    263263     * If there aren't enough bytes (with all of them being consumed by the 32 byte key),
    264      * the SHA256 of the key itself is used.
     264     * the SHA256 of the key itself is used - but that won't ever happen.
     265     *
     266     * Used only by UDP. getData() will be non-null and have at least 32 bytes after call to getSessionKey()
    265267     *
    266268     * @return non-null (but rv.getData() may be null)
     
    271273
    272274    /**
    273      * Calculate a session key based on the private value and the public peer value
    274      *
     275     * Calculate a session key based on the private value and the public peer value.
     276     *
     277     * This is the first 32 bytes of the exchanged key (nominally 256 bytes),
     278     * EXCEPT that the first byte will be zero if the most significant bit was a 1
     279     * (Java BigInteger.toByteArray() format)
     280     *
     281     * Side effect - sets extraExchangedBytes to the next 32 bytes.
    275282     */
    276283    private final SessionKey calculateSessionKey(BigInteger myPrivateValue, BigInteger publicPeerValue) {
     
    278285        SessionKey key = new SessionKey();
    279286        BigInteger exchangedKey = publicPeerValue.modPow(myPrivateValue, CryptoConstants.elgp);
     287        // surprise! leading zero byte half the time!
     288        // probably was a mistake, too late now...
    280289        byte buf[] = exchangedKey.toByteArray();
    281         byte val[] = new byte[32];
    282         if (buf.length < val.length) {
    283             System.arraycopy(buf, 0, val, 0, buf.length);
    284             byte remaining[] = SHA256Generator.getInstance().calculateHash(val).getData();
     290        byte val[] = new byte[SessionKey.KEYSIZE_BYTES];
     291        if (buf.length < 2 * SessionKey.KEYSIZE_BYTES) {
     292            // UDP requires at least 32 bytes in _extraExchangedBytes for the mac key
     293            // Won't ever happen, typ buf is 256 or 257 bytes
     294            System.arraycopy(buf, 0, val, 0, Math.min(buf.length, SessionKey.KEYSIZE_BYTES));
     295            byte remaining[] = new byte[SessionKey.KEYSIZE_BYTES];  // == Hash.HASH_LENGTH
     296            // non-caching version
     297            SHA256Generator.getInstance().calculateHash(buf, 0, buf.length, remaining, 0);
    285298            _extraExchangedBytes.setData(remaining);
    286299            //if (_log.shouldLog(Log.DEBUG))
    287300            //    _log.debug("Storing " + remaining.length + " bytes from the DH exchange by SHA256 the session key");
    288         } else { // (buf.length >= val.length)
    289             System.arraycopy(buf, 0, val, 0, val.length);
     301        } else {
     302            // Will always be here, typ buf is 256 or 257 bytes
     303            System.arraycopy(buf, 0, val, 0, SessionKey.KEYSIZE_BYTES);
    290304            // feed the extra bytes into the PRNG
    291305            RandomSource.getInstance().harvester().feedEntropy("DH", buf, val.length, buf.length-val.length);
Note: See TracChangeset for help on using the changeset viewer.