Examples of freenet.crypt.PCFBMode

• freenet.crypt.PCFBMode
  treamsec.com/pcfb1.pdf NOTE: This is identical to CFB if block size = key size. As of Freenet 0.7, we use it with block size = key size. Which is not recommended, but is as safe as CFB. We will get rid of this eventually, and move to 128-bit block size (i.e. standard AES) with a more standard mode (e.g. CTR or CBC). @author Scott

          // Impossible
          throw new Error(e);
        }
//        System.err.println("Outer key: "+HexUtil.bytesToHex(outerKey));
        cipher.initialize(outerKey);
        PCFBMode pcfb = PCFBMode.create(cipher, iv);
        pcfb.blockDecipher(dataAndHash, 0, dataAndHash.length);
//        System.err.println("Decrypted data and hash: "+HexUtil.bytesToHex(dataAndHash));
        byte[] data = Arrays.copyOf(dataAndHash, dataAndHash.length - HASH_LENGTH);
        byte[] hash = Arrays.copyOfRange(dataAndHash, data.length, dataAndHash.length);
//        System.err.println("Data: "+HexUtil.bytesToHex(data));
//        System.err.println("Hash: "+HexUtil.bytesToHex(hash));

            // Impossible
            throw new Error(e);
        }
//      System.err.println("Outer key: "+HexUtil.bytesToHex(outerKey));
        cipher.initialize(outerKey);
        PCFBMode pcfb = PCFBMode.create(cipher, iv);
        pcfb.blockDecipher(dataAndHash, 0, dataAndHash.length);
//      System.err.println("Decrypted data and hash: "+HexUtil.bytesToHex(dataAndHash));
        byte[] data = Arrays.copyOf(dataAndHash, dataAndHash.length - OLD_HASH_LENGTH);
        byte[] hash = Arrays.copyOfRange(dataAndHash, data.length, dataAndHash.length);
//      System.err.println("Data: "+HexUtil.bytesToHex(data));
//      System.err.println("Hash: "+HexUtil.bytesToHex(hash));

    } catch (UnsupportedCipherException e) {
      // Impossible
      throw new Error(e);
    }
    cipher.initialize(outerKey);
    PCFBMode pcfb = PCFBMode.create(cipher, iv);
    pcfb.blockEncipher(data, hashedStart, data.length - hashedStart);

    RandomAccessFile raf = new RandomAccessFile(masterKeysFile, "rw");

    raf.seek(0);
    raf.write(data);

    byte[] payload = Arrays.copyOfRange(buf, offset + hmacLength, offset + length);
    byte[] hash = Arrays.copyOfRange(buf, offset, offset + hmacLength);

    if(!HMAC.verifyWithSHA256(sessionKey.hmacKey, payload, hash)) return null;

    PCFBMode payloadCipher = PCFBMode.create(sessionKey.incommingCipher, IV);
    payloadCipher.blockDecipher(payload, 0, payload.length);

    NPFPacket p = NPFPacket.create(payload, pn);

    NewPacketFormatKeyContext keyContext = sessionKey.packetContext;
    synchronized(this) {

    byte[] IV = new byte[ivCipher.getBlockSize() / 8];
    System.arraycopy(sessionKey.ivNonce, 0, IV, 0, IV.length);
    System.arraycopy(seqNumBytes, 0, IV, IV.length - seqNumBytes.length, seqNumBytes.length);
    ivCipher.encipher(IV, IV);

    PCFBMode cipher = PCFBMode.create(sessionKey.incommingCipher, IV);
    cipher.blockEncipher(seqNumBytes, 0, seqNumBytes.length);

    return seqNumBytes;
  }

    System.arraycopy(sessionKey.ivNonce, 0, IV, 0, IV.length);
    System.arraycopy(data, hmacLength, IV, IV.length - 4, 4);

    ivCipher.encipher(IV, IV);

    PCFBMode payloadCipher = PCFBMode.create(sessionKey.outgoingCipher, IV);
    payloadCipher.blockEncipher(data, hmacLength, paddedLen - hmacLength);

    //Add hash
    byte[] text = new byte[paddedLen - hmacLength];
    System.arraycopy(data, hmacLength, text, 0, text.length);

        }
      }
      return false;
    }
    // IV at the beginning
    PCFBMode pcfb = PCFBMode.create(authKey, buf, offset);
    // Then the hash, then the data
    // => Data starts at ivLength + digestLength
    // Decrypt the hash
    byte[] hash = Arrays.copyOfRange(buf, offset+ivLength, offset+ivLength+digestLength);
    pcfb.blockDecipher(hash, 0, hash.length);

    int dataStart = ivLength + digestLength + offset+2;

    int byte1 = ((pcfb.decipher(buf[dataStart-2])) & 0xff);
    int byte2 = ((pcfb.decipher(buf[dataStart-1])) & 0xff);
    int dataLength = (byte1 << 8) + byte2;
    if(logDEBUG) Logger.debug(this, "Data length: "+dataLength+" (1 = "+byte1+" 2 = "+byte2+ ')');
    if(dataLength > length - (ivLength+hash.length+2)) {
      if(logDEBUG) Logger.debug(this, "Invalid data length "+dataLength+" ("+(length - (ivLength+hash.length+2))+") in tryProcessAuth");
      return false;
    }
    // Decrypt the data
    byte[] payload = Arrays.copyOfRange(buf, dataStart, dataStart+dataLength);
    pcfb.blockDecipher(payload, 0, payload.length);

    byte[] realHash = SHA256.digest(payload);

    if(MessageDigest.isEqual(realHash, hash)) {
      // Got one

    if(length < digestLength + ivLength + 5) {
      if(logMINOR) Logger.minor(this, "Too short: "+length+" should be at least "+(digestLength + ivLength + 5));
      return false;
    }
    // IV at the beginning
    PCFBMode pcfb = PCFBMode.create(authKey, buf, offset);
    // Then the hash, then the data
    // => Data starts at ivLength + digestLength
    // Decrypt the hash
    byte[] hash = Arrays.copyOfRange(buf, offset+ivLength, offset+ivLength+digestLength);
    pcfb.blockDecipher(hash, 0, hash.length);

    int dataStart = ivLength + digestLength + offset+2;

    int byte1 = ((pcfb.decipher(buf[dataStart-2])) & 0xff);
    int byte2 = ((pcfb.decipher(buf[dataStart-1])) & 0xff);
    int dataLength = (byte1 << 8) + byte2;
    if(logMINOR) Logger.minor(this, "Data length: "+dataLength+" (1 = "+byte1+" 2 = "+byte2+ ')');
    if(dataLength > length - (ivLength+hash.length+2)) {
      if(logMINOR) Logger.minor(this, "Invalid data length "+dataLength+" ("+(length - (ivLength+hash.length+2))+") in tryProcessAuthAnon");
      return false;
    }
    // Decrypt the data
    byte[] payload = Arrays.copyOfRange(buf, dataStart, dataStart+dataLength);
    pcfb.blockDecipher(payload, 0, payload.length);

    byte[] realHash = SHA256.digest(payload);

    if(MessageDigest.isEqual(realHash, hash)) {
      // Got one

    if(length < digestLength + ivLength + 5) {
      if(logDEBUG) Logger.debug(this, "Too short: "+length+" should be at least "+(digestLength + ivLength + 5));
      return false;
    }
    // IV at the beginning
    PCFBMode pcfb = PCFBMode.create(authKey, buf, offset);
    // Then the hash, then the data
    // => Data starts at ivLength + digestLength
    // Decrypt the hash
    byte[] hash = Arrays.copyOfRange(buf, offset+ivLength, offset+ivLength+digestLength);
    pcfb.blockDecipher(hash, 0, hash.length);

    int dataStart = ivLength + digestLength + offset+2;

    int byte1 = ((pcfb.decipher(buf[dataStart-2])) & 0xff);
    int byte2 = ((pcfb.decipher(buf[dataStart-1])) & 0xff);
    int dataLength = (byte1 << 8) + byte2;
    if(logDEBUG) Logger.minor(this, "Data length: "+dataLength+" (1 = "+byte1+" 2 = "+byte2+ ')');
    if(dataLength > length - (ivLength+hash.length+2)) {
      if(logDEBUG) Logger.debug(this, "Invalid data length "+dataLength+" ("+(length - (ivLength+hash.length+2))+") in tryProcessAuth");
      return false;
    }
    // Decrypt the data
    byte[] payload = Arrays.copyOfRange(buf, dataStart, dataStart+dataLength);
    pcfb.blockDecipher(payload, 0, payload.length);

    byte[] realHash = SHA256.digest(payload);

    if(MessageDigest.isEqual(realHash, hash)) {
      // Got one

    if(!HMAC.verifyWithSHA256(Ka, decypheredPayload, hmac)) {
      Logger.error(this, "The inner-HMAC doesn't match; let's discard the packet JFK(3) - "+pn);
      return;
    }

    final PCFBMode pk = PCFBMode.create(c, decypheredPayload, decypheredPayloadOffset);
    // Get the IV
    decypheredPayloadOffset += ivLength;
    // Decrypt the payload
    pk.blockDecipher(decypheredPayload, decypheredPayloadOffset, decypheredPayload.length-decypheredPayloadOffset);
    /*
     * DecipheredData Format:
     * Signature
     * Node Data (starting with BootID)
     */