Changeset bb100de


Ignore:
Timestamp:
Jun 21, 2013 7:21:02 PM (7 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
f91f8115
Parents:
322e76d
Message:
  • SSU:
    • Ignore padding beyond last multiple of 16 (prep for obfuscation)
    • Comment out xor with 0 (version)
    • Don't need to zero IV buf before overwriting
  • AES:
    • Decrypt speedup by XOR in place
    • Log if decrypt not mod 16
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/CryptixAESEngine.java

    r322e76d rbb100de  
    128128    /**
    129129     *  @param iv 16 bytes
     130     *  @param length must be a multiple of 16 (will overrun to next mod 16 if not)
    130131     */
    131132    @Override
     
    136137    /**
    137138     *  @param iv 16 bytes starting at ivOffset
     139     *  @param length must be a multiple of 16 (will overrun to next mod 16 if not)
    138140     */
    139141    @Override
     
    170172
    171173        int numblock = length / 16;
    172         if (length % 16 != 0) numblock++;
     174        if (length % 16 != 0) {
     175            // may not work, it will overrun payload length and could AIOOBE
     176            numblock++;
     177            if (_log.shouldLog(Log.WARN))
     178                _log.warn("not %16 " + length, new Exception());
     179        }
    173180
    174181        byte prev[] = SimpleByteCache.acquire(16);
     
    177184       
    178185        for (int x = 0; x < numblock; x++) {
    179             System.arraycopy(payload, payloadIndex + (x * 16), cur, 0, 16);
    180             decryptBlock(payload, payloadIndex + (x * 16), sessionKey, out, outIndex + (x * 16));
    181             DataHelper.xor(out, outIndex + x * 16, prev, 0, out, outIndex + x * 16, 16);
     186            System.arraycopy(payload, payloadIndex, cur, 0, 16);
     187            decryptBlock(payload, payloadIndex, sessionKey, out, outIndex);
     188            payloadIndex += 16;
     189            //DataHelper.xor(out, outIndex + x * 16, prev, 0, out, outIndex + x * 16, 16);
     190            for (int i = 0; i < 16; i++) {
     191                out[outIndex++] ^= prev[i];
     192            }
    182193            iv = prev; // just use IV to switch 'em around
    183194            prev = cur;
  • router/java/src/net/i2p/router/transport/udp/PacketBuilder.java

    r322e76d rbb100de  
    122122    static final int TYPE_CREAT = 53;
    123123
    124     /** we only talk to people of the right version */
     124    /** we only talk to people of the right version
     125     *  Commented out to prevent findbugs noop complaint
     126     *  If we ever change this, uncomment below and in UDPPacket
    125127    static final int PROTOCOL_VERSION = 0;
     128     */
    126129   
    127130    /** if no extended options or rekey data, which we don't support  = 37 */
     
    13181321        System.arraycopy(iv, 0, data, off, UDPPacket.IV_SIZE);
    13191322        off += UDPPacket.IV_SIZE;
    1320         DataHelper.toLong(data, off, 2, encryptSize ^ PROTOCOL_VERSION);
     1323        DataHelper.toLong(data, off, 2, encryptSize /* ^ PROTOCOL_VERSION */ );
    13211324       
    13221325        int hmacOff = packet.getPacket().getOffset();
  • router/java/src/net/i2p/router/transport/udp/UDPPacket.java

    r322e76d rbb100de  
    203203            System.arraycopy(_data, _packet.getOffset() + MAC_SIZE, _validateBuf, off, IV_SIZE);
    204204            off += IV_SIZE;
    205             DataHelper.toLong(_validateBuf, off, 2, payloadLength ^ PacketBuilder.PROTOCOL_VERSION);
     205            DataHelper.toLong(_validateBuf, off, 2, payloadLength /* ^ PacketBuilder.PROTOCOL_VERSION */ );
    206206            off += 2;
    207207
     
    242242    public void decrypt(SessionKey cipherKey) {
    243243        verifyNotReleased();
    244         Arrays.fill(_ivBuf, (byte)0);
    245244        System.arraycopy(_data, MAC_SIZE, _ivBuf, 0, IV_SIZE);
    246245        int len = _packet.getLength();
    247         _context.aes().decrypt(_data, _packet.getOffset() + MAC_SIZE + IV_SIZE, _data, _packet.getOffset() + MAC_SIZE + IV_SIZE, cipherKey, _ivBuf, len - MAC_SIZE - IV_SIZE);
     246        // As of 0.9.7, ignore padding beyond the last mod 16,
     247        // it could otherwise blow up in decryption.
     248        // This allows for better obfuscation.
     249        // Probably works without this since _data is bigger than necessary, but let's not
     250        // bother decrypting and risk overrun.
     251        int rem = len & 0x0f;
     252        if (rem != 0)
     253            len -= rem;
     254        int off = _packet.getOffset() + MAC_SIZE + IV_SIZE;
     255        _context.aes().decrypt(_data, off, _data, off, cipherKey, _ivBuf, len - MAC_SIZE - IV_SIZE);
    248256    }
    249257
Note: See TracChangeset for help on using the changeset viewer.