Package freenet.crypt.ciphers

Examples of freenet.crypt.ciphers.Rijndael


    int modulusLength = getModulusLength(negType);
    int nonceSize = getNonceSize(negType);
    if(logMINOR) Logger.minor(this, "Got a JFK(3) message, processing it - "+pn);

    BlockCipher c = null;
    try { c = new Rijndael(256, 256); } catch (UnsupportedCipherException e) { throw new RuntimeException(e); }

    final int expectedLength =
      nonceSize*2 + // Ni, Nr
      modulusLength*2 + // g^i, g^r
      HASH_LENGTH + // authenticator
      HASH_LENGTH + // HMAC of the cyphertext
      (c.getBlockSize() >> 3) + // IV
      HASH_LENGTH + // it's at least a signature
      8 +        // a bootid
      8 + // packet tracker ID
      1;        // znoderefI* is at least 1 byte long

    if(payload.length < expectedLength + 3) {
      Logger.error(this, "Packet too short from "+pn+": "+payload.length+" after decryption in JFK(3), should be "+(expectedLength + 3));
      return;
    }

    // Ni
    byte[] nonceInitiator = new byte[nonceSize];
    System.arraycopy(payload, inputOffset, nonceInitiator, 0, nonceSize);
    inputOffset += nonceSize;
    if(logDEBUG) Logger.debug(this, "We are receiving Ni : " + HexUtil.bytesToHex(nonceInitiator));
    // Before negtype 9 we didn't hash it!
    byte[] nonceInitiatorHashed = (negType > 8 ? SHA256.digest(nonceInitiator) : nonceInitiator);
       
    // Nr
    byte[] nonceResponder = new byte[nonceSize];
    System.arraycopy(payload, inputOffset, nonceResponder, 0, nonceSize);
    inputOffset += nonceSize;
    // g^i
    byte[] initiatorExponential = Arrays.copyOfRange(payload, inputOffset, inputOffset+modulusLength);
    inputOffset += modulusLength;
    // g^r
    byte[] responderExponential = Arrays.copyOfRange(payload, inputOffset, inputOffset+modulusLength);
    inputOffset += modulusLength;

    byte[] authenticator = Arrays.copyOfRange(payload, inputOffset, inputOffset+HASH_LENGTH);
    inputOffset += HASH_LENGTH;

    // We *WANT* to check the hmac before we do the lookup on the hashmap
    // @see https://bugs.freenetproject.org/view.php?id=1604
    if(!HMAC.verifyWithSHA256(getTransientKey(), assembleJFKAuthenticator(responderExponential, initiatorExponential, nonceResponder, nonceInitiatorHashed, replyTo.getAddress().getAddress()) , authenticator)) {
      if(shouldLogErrorInHandshake(t1)) {
          if(logDEBUG) Logger.debug(this, "We received the following HMAC : " + HexUtil.bytesToHex(authenticator));
          if(logDEBUG) Logger.debug(this, "We have Ni' : " + HexUtil.bytesToHex(nonceInitiatorHashed));
        Logger.normal(this, "The HMAC doesn't match; let's discard the packet (either we rekeyed or we are victim of forgery) - JFK3 - "+pn);
      }
      return;
    }
    // Check try to find the authenticator in the cache.
    // If authenticator is already present, indicates duplicate/replayed message3
    // Now simply transmit the corresponding message4
    Object message4 = null;
    synchronized (authenticatorCache) {
      message4 = authenticatorCache.get(new ByteArrayWrapper(authenticator));
    }
    if(message4 != null) {
      Logger.normal(this, "We replayed a message from the cache (shouldn't happen often) - "+pn);
      // We are replaying a JFK(4).
      // Therefore if it is anon-initiator it is encrypted with our setup key.
      if(unknownInitiator) {
        sendAnonAuthPacket(1,negType,3,setupType, (byte[]) message4, null, replyTo, crypto.anonSetupCipher);
      } else {
        sendAuthPacket(1, negType, 3, (byte[]) message4, pn, replyTo);
      }
      return;
    } else {
      if(logDEBUG) Logger.debug(this, "No message4 found for "+HexUtil.bytesToHex(authenticator)+" responderExponential "+Fields.hashCode(responderExponential)+" initiatorExponential "+Fields.hashCode(initiatorExponential)+" nonceResponder "+Fields.hashCode(nonceResponder)+" nonceInitiator "+Fields.hashCode(nonceInitiatorHashed)+" address "+HexUtil.bytesToHex(replyTo.getAddress().getAddress()));
    }

    byte[] hmac = Arrays.copyOfRange(payload, inputOffset, inputOffset+HASH_LENGTH);
    inputOffset += HASH_LENGTH;

    byte[] computedExponential;
    if(negType < 8) { // Legacy DH
      NativeBigInteger _hisExponential = new NativeBigInteger(1, initiatorExponential);
      NativeBigInteger _ourExponential = new NativeBigInteger(1, responderExponential);

      DiffieHellmanLightContext ctx = findContextByExponential(_ourExponential);
      if(ctx == null) {
        Logger.error(this, "WTF? the HMAC verified but we don't know about that exponential! SHOULDN'T HAPPEN! - JFK3 - "+pn);
        // Possible this is a replay or severely delayed? We don't keep every exponential we ever use.
        return;
      }
      computedExponential = ctx.getHMACKey(_hisExponential);
        } else {
            ECPublicKey initiatorKey = ECDH.getPublicKey(initiatorExponential, ecdhCurveToUse);
            ECPublicKey responderKey = ECDH.getPublicKey(responderExponential, ecdhCurveToUse);
            ECDHLightContext ctx = findECDHContextByPubKey(responderKey);
            if (ctx == null) {
                Logger.error(this, "WTF? the HMAC verified but we don't know about that exponential! SHOULDN'T HAPPEN! - JFK3 - "+pn);
                // Possible this is a replay or severely delayed? We don't keep
                // every exponential we ever use.
                return;
            }
            computedExponential = ctx.getHMACKey(initiatorKey);
        }
    if(logDEBUG) Logger.debug(this, "The shared Master secret is : "+HexUtil.bytesToHex(computedExponential) +" for " + pn);
   
    /* 0 is the outgoing key for the initiator, 7 for the responder */
    byte[] outgoingKey = computeJFKSharedKey(computedExponential, nonceInitiatorHashed, nonceResponder, "7");
    byte[] incommingKey = computeJFKSharedKey(computedExponential, nonceInitiatorHashed, nonceResponder, "0");
    byte[] Ke = computeJFKSharedKey(computedExponential, nonceInitiatorHashed, nonceResponder, "1");
    byte[] Ka = computeJFKSharedKey(computedExponential, nonceInitiatorHashed, nonceResponder, "2");

    byte[] hmacKey = computeJFKSharedKey(computedExponential, nonceInitiatorHashed, nonceResponder, "3");
    byte[] ivKey = computeJFKSharedKey(computedExponential, nonceInitiatorHashed, nonceResponder, "4");
    byte[] ivNonce = computeJFKSharedKey(computedExponential, nonceInitiatorHashed, nonceResponder, "5");

    /* Bytes  1-4:  Initial sequence number for the initiator
     * Bytes  5-8:  Initial sequence number for the responder
     * Bytes  9-12: Initial message id for the initiator
     * Bytes 13-16: Initial message id for the responder
     * Note that we are the responder */
    byte[] sharedData = computeJFKSharedKey(computedExponential, nonceInitiatorHashed, nonceResponder, "6");
    Arrays.fill(computedExponential, (byte)0);
    int theirInitialSeqNum = ((sharedData[0] & 0xFF) << 24)
        | ((sharedData[1] & 0xFF) << 16)
        | ((sharedData[2] & 0xFF) << 8)
        | (sharedData[3] & 0xFF);
    int ourInitialSeqNum = ((sharedData[4] & 0xFF) << 24)
        | ((sharedData[5] & 0xFF) << 16)
        | ((sharedData[6] & 0xFF) << 8)
        | (sharedData[7] & 0xFF);
    int theirInitialMsgID, ourInitialMsgID;
    if(negType >= 7) {
      theirInitialMsgID =
        unknownInitiator ? getInitialMessageID(crypto.myIdentity) :
          getInitialMessageID(pn.identity, crypto.myIdentity);
      ourInitialMsgID =
        unknownInitiator ? getInitialMessageID(crypto.myIdentity) :
          getInitialMessageID(crypto.myIdentity, pn.identity);
    } else {
      theirInitialMsgID= ((sharedData[8] & 0xFF) << 24)
        | ((sharedData[9] & 0xFF) << 16)
        | ((sharedData[10] & 0xFF) << 8)
        | (sharedData[11] & 0xFF);
      ourInitialMsgID= ((sharedData[12] & 0xFF) << 24)
        | ((sharedData[13] & 0xFF) << 16)
        | ((sharedData[14] & 0xFF) << 8)
        | (sharedData[15] & 0xFF);
    }
    if(logMINOR)
      Logger.minor(this, "Their initial message ID: "+theirInitialMsgID+" ours "+ourInitialMsgID);

    c.initialize(Ke);
    int ivLength = PCFBMode.lengthIV(c);
    int decypheredPayloadOffset = 0;
    // We compute the HMAC of ("I"+cyphertext) : the cyphertext includes the IV!
    byte[] decypheredPayload = Arrays.copyOf(JFK_PREFIX_INITIATOR, JFK_PREFIX_INITIATOR.length + payload.length - inputOffset);
    decypheredPayloadOffset += JFK_PREFIX_INITIATOR.length;
    System.arraycopy(payload, inputOffset, decypheredPayload, decypheredPayloadOffset, decypheredPayload.length-decypheredPayloadOffset);
    if(!HMAC.verifyWithSHA256(Ka, decypheredPayload, hmac)) {
      Logger.error(this, "The inner-HMAC doesn't match; let's discard the packet JFK(3) - "+pn);
      return;
    }

    final PCFBMode pk = PCFBMode.create(c, decypheredPayload, decypheredPayloadOffset);
    // Get the IV
    decypheredPayloadOffset += ivLength;
    // Decrypt the payload
    pk.blockDecipher(decypheredPayload, decypheredPayloadOffset, decypheredPayload.length-decypheredPayloadOffset);
    /*
     * DecipheredData Format:
     * Signature
     * Node Data (starting with BootID)
     */
    int sigLength = getSignatureLength(negType);
    byte[] sig = new byte[sigLength];
    System.arraycopy(decypheredPayload, decypheredPayloadOffset, sig, 0, sigLength);
    decypheredPayloadOffset += sigLength;
    byte[] data = new byte[decypheredPayload.length - decypheredPayloadOffset];
    System.arraycopy(decypheredPayload, decypheredPayloadOffset, data, 0, decypheredPayload.length - decypheredPayloadOffset);
    int ptr = 0;
    long trackerID;
    trackerID = Fields.bytesToLong(data, ptr);
    if(trackerID < 0) trackerID = -1;
    ptr += 8;
    long bootID = Fields.bytesToLong(data, ptr);
    ptr += 8;
    byte[] hisRef = Arrays.copyOfRange(data, ptr, data.length);

    // construct the peernode
    if(unknownInitiator) {
      pn = getPeerNodeFromUnknownInitiator(hisRef, setupType, pn, replyTo);
    }
    if(pn == null) {
      if(unknownInitiator) {
        // Reject
        Logger.normal(this, "Rejecting... unable to construct PeerNode");
      } else {
        Logger.error(this, "PeerNode is null and unknownInitiator is false!");
      }
      return;
    }

    // verify the signature
    byte[] toVerify = assembleDHParams(nonceInitiatorHashed, nonceResponder, initiatorExponential, responderExponential, crypto.getIdentity(negType, false), data);
    if(negType < 9) {
        byte[] r = new byte[Node.SIGNATURE_PARAMETER_LENGTH];
        System.arraycopy(sig, 0, r, 0, Node.SIGNATURE_PARAMETER_LENGTH);
            byte[] s = new byte[Node.SIGNATURE_PARAMETER_LENGTH];
            System.arraycopy(sig, Node.SIGNATURE_PARAMETER_LENGTH, s, 0, Node.SIGNATURE_PARAMETER_LENGTH);
        DSASignature remoteSignature = new DSASignature(new NativeBigInteger(1,r), new NativeBigInteger(1,s));
        if(!DSA.verify(pn.peerPubKey, remoteSignature, new NativeBigInteger(1, SHA256.digest(toVerify)), false)) {
            Logger.error(this, "The signature verification has failed!! JFK(3) - "+pn.getPeer());
            return;
        }
    } else {
        if(!ECDSA.verify(Curves.P256, pn.peerECDSAPubKey(), sig, toVerify)) {
                Logger.error(this, "The ECDSA signature verification has failed!! JFK(3) - "+pn.getPeer());
                  return;
        }
    }

    // At this point we know it's from the peer, so we can report a packet received.
    pn.receivedPacket(true, false);

    BlockCipher outgoingCipher = null;
    BlockCipher incommingCipher = null;
    BlockCipher ivCipher = null;
    try {
      outgoingCipher = new Rijndael(256, 256);
      incommingCipher = new Rijndael(256, 256);
      ivCipher = new Rijndael(256, 256);
    } catch (UnsupportedCipherException e) {
      throw new RuntimeException(e);
    }
    outgoingCipher.initialize(outgoingKey);
    incommingCipher.initialize(incommingKey);
View Full Code Here


      } else {
        Logger.error(this, error);
      }
    }
    BlockCipher c = null;
    try { c = new Rijndael(256, 256); } catch (UnsupportedCipherException e) { throw new RuntimeException(e); }

    final int expectedLength =
      HASH_LENGTH + // HMAC of the cyphertext
      (c.getBlockSize() >> 3) + // IV
      signLength + // the signature
      9 + // ID of packet tracker, plus boolean byte
      8+ // bootID
      1; // znoderefR

    if(payload.length - inputOffset < expectedLength + 3) {
      Logger.error(this, "Packet too short from "+pn.getPeer()+": "+payload.length+" after decryption in JFK(4), should be "+(expectedLength + 3));
      return false;
    }
    byte[] jfkBuffer = pn.getJFKBuffer();
    if(jfkBuffer == null) {
      Logger.normal(this, "We have already handled this message... might be a replay or a bug - "+pn);
      return false;
    }

    byte[] hmac = Arrays.copyOfRange(payload, inputOffset, inputOffset+HASH_LENGTH);
    inputOffset += HASH_LENGTH;

    c.initialize(pn.jfkKe);
    int ivLength = PCFBMode.lengthIV(c);
    int decypheredPayloadOffset = 0;
    // We compute the HMAC of ("R"+cyphertext) : the cyphertext includes the IV!
    byte[] decypheredPayload = Arrays.copyOf(JFK_PREFIX_RESPONDER, JFK_PREFIX_RESPONDER.length + payload.length - inputOffset);
    decypheredPayloadOffset += JFK_PREFIX_RESPONDER.length;
    System.arraycopy(payload, inputOffset, decypheredPayload, decypheredPayloadOffset, payload.length-inputOffset);
    if(!HMAC.verifyWithSHA256(pn.jfkKa, decypheredPayload, hmac)) {
      Logger.normal(this, "The digest-HMAC doesn't match; let's discard the packet - "+pn.getPeer());
      return false;
    }

    // Try to find the HMAC in the cache:
    // If it is already present it indicates duplicate/replayed message4 and we can discard
    // If it's not, we can add it with a timestamp
    byte[] message4Timestamp = null;
    synchronized (authenticatorCache) {
      ByteArrayWrapper hmacBAW = new ByteArrayWrapper(hmac);
      message4Timestamp = authenticatorCache.get(hmacBAW);
      if(message4Timestamp == null) { // normal behaviour
        authenticatorCache.put(hmacBAW, Fields.longToBytes(t1));
      }
    }
    if(message4Timestamp != null) {
      Logger.normal(this, "We got a replayed message4 (first handled at "+TimeUtil.formatTime(t1-Fields.bytesToLong(message4Timestamp))+") from - "+pn);
      return true;
    }

    // Get the IV
    final PCFBMode pk = PCFBMode.create(c, decypheredPayload, decypheredPayloadOffset);
    decypheredPayloadOffset += ivLength;
    // Decrypt the payload
    pk.blockDecipher(decypheredPayload, decypheredPayloadOffset, decypheredPayload.length - decypheredPayloadOffset);
    /*
     * DecipheredData Format:
     * Signature-r,s
     * bootID, znoderef
     */
        byte[] sig = new byte[signLength];
        System.arraycopy(decypheredPayload, decypheredPayloadOffset, sig, 0, signLength);
        decypheredPayloadOffset += signLength;
    byte[] data = new byte[decypheredPayload.length - decypheredPayloadOffset];
    System.arraycopy(decypheredPayload, decypheredPayloadOffset, data, 0, decypheredPayload.length - decypheredPayloadOffset);
    int ptr = 0;
    long trackerID;
    boolean reusedTracker;
    trackerID = Fields.bytesToLong(data, ptr);
    ptr += 8;
    reusedTracker = data[ptr++] != 0;
    long bootID = Fields.bytesToLong(data, ptr);
    ptr += 8;
    byte[] hisRef = Arrays.copyOfRange(data, ptr, data.length);

    // verify the signature
    int dataLen = hisRef.length + 8 + 9;
    int nonceSize = getNonceSize(negType);
    int nonceSizeHashed = (negType > 8 ? HASH_LENGTH : nonceSize);
      byte[] identity = crypto.getIdentity(negType, unknownInitiator);
    byte[] locallyGeneratedText = new byte[nonceSizeHashed + nonceSize + modulusLength * 2 + identity.length + dataLen + pn.jfkMyRef.length];
    int bufferOffset = nonceSizeHashed + nonceSize + modulusLength*2;
    System.arraycopy(jfkBuffer, 0, locallyGeneratedText, 0, bufferOffset);
    System.arraycopy(identity, 0, locallyGeneratedText, bufferOffset, identity.length);
    bufferOffset += identity.length;
    // bootID
    System.arraycopy(data, 0, locallyGeneratedText, bufferOffset, dataLen);
    bufferOffset += dataLen;
    System.arraycopy(pn.jfkMyRef, 0, locallyGeneratedText, bufferOffset, pn.jfkMyRef.length);
      if(negType < 9) { // DSA sig    
          byte[] r = new byte[Node.SIGNATURE_PARAMETER_LENGTH];
          System.arraycopy(sig, 0, r, 0, Node.SIGNATURE_PARAMETER_LENGTH);
          byte[] s = new byte[Node.SIGNATURE_PARAMETER_LENGTH];
          System.arraycopy(sig, Node.SIGNATURE_PARAMETER_LENGTH, s, 0, Node.SIGNATURE_PARAMETER_LENGTH);
          DSASignature remoteSignature = new DSASignature(new NativeBigInteger(1,r), new NativeBigInteger(1,s));
          byte[] messageHash = SHA256.digest(locallyGeneratedText);
          if(!DSA.verify(pn.peerPubKey, remoteSignature, new NativeBigInteger(1, messageHash), false)) {
              String error = "The signature verification has failed!! JFK(4) -"+pn.getPeer()+" message hash "+HexUtil.bytesToHex(messageHash)+" length "+locallyGeneratedText.length+" hisRef "+hisRef.length+" hash "+Fields.hashCode(hisRef)+" myRef "+pn.jfkMyRef.length+" hash "+Fields.hashCode(pn.jfkMyRef)+" boot ID "+bootID;
              Logger.error(this, error);
              return true;
          }
      } else { // ECDSA sig
          if(!ECDSA.verify(Curves.P256, pn.peerECDSAPubKey(), sig, locallyGeneratedText)) {
              Logger.error(this, "The ECDSA signature verification has failed!! JFK(4) - "+pn.getPeer()+" length "+locallyGeneratedText.length+" hisRef "+hisRef.length+" hash "+Fields.hashCode(hisRef)+" myRef "+pn.jfkMyRef.length+" hash "+Fields.hashCode(pn.jfkMyRef)+" boot ID "+bootID);
              return true;
          }
      }

    // Received a packet
    pn.receivedPacket(true, false);

    // Promote if necessary
    boolean dontWant = false;
    if(oldOpennetPeer && pn instanceof OpennetPeerNode /* true */) {
        OpennetPeerNode opn = (OpennetPeerNode) pn;
      OpennetManager opennet = node.getOpennet();
      if(opennet == null) {
        Logger.normal(this, "Dumping incoming old-opennet peer as opennet just turned off: "+pn+".");
        return true;
      }
      /* When an old-opennet-peer connects, add it at the top of the LRU, so that it isn't
       * immediately dropped when there is no droppable peer to drop. If it was dropped
       * from the bottom of the LRU list, we would not have added it to the LRU; so it was
       * somewhere in the middle. */
      if(!opennet.wantPeer(opn, false, false, true, ConnectionType.RECONNECT)) {
        Logger.normal(this, "No longer want peer "+pn+" - dumping it after connecting");
        dontWant = true;
        opennet.purgeOldOpennetPeer(opn);
      }
      // wantPeer will call node.peers.addPeer(), we don't have to.
    }
    if((!dontWant) && !crypto.allowConnection(pn, replyTo.getFreenetAddress())) {
      Logger.normal(this, "Rejecting connection because already have something with the same IP");
      dontWant = true;
    }
    // Set acknowledging method acording to negType
    pn.setAcknowledgeType(negType);

    // We change the key
    BlockCipher ivCipher = null;
    BlockCipher outgoingCipher = null;
    BlockCipher incommingCipher = null;
    try {
      ivCipher = new Rijndael(256, 256);
      outgoingCipher = new Rijndael(256, 256);
      incommingCipher = new Rijndael(256, 256);
    } catch (UnsupportedCipherException e) {
      throw new RuntimeException(e);
    }

    outgoingCipher.initialize(pn.outgoingKey);
View Full Code Here

        // Pre negtype 9 we were sending Ni as opposed to Ni'
        byte[] nonceInitiatorHashed = (negType > 8 ? SHA256.digest(nonceInitiator) : nonceInitiator);
       
    long t1=System.currentTimeMillis();
    BlockCipher c = null;
    try { c = new Rijndael(256, 256); } catch (UnsupportedCipherException e) { throw new RuntimeException(e); }
    KeyAgreementSchemeContext ctx = pn.getKeyAgreementSchemeContext();
    if(ctx == null) return;
    byte[] ourExponential = ctx.getPublicKeyNetworkFormat();
    pn.jfkMyRef = unknownInitiator ? crypto.myCompressedHeavySetupRef() : crypto.myCompressedSetupRef();
    byte[] data = new byte[8 + 8 + pn.jfkMyRef.length];
View Full Code Here

  }
 
  /* This checks the output of the sequence number encryption function to
   * make sure it doesn't change accidentally. */
  public void testSequenceNumberEncryption() {
    BlockCipher ivCipher = new Rijndael();
    ivCipher.initialize(new byte[] {
        0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00
    });

    byte[] ivNonce = new byte[16];

    BlockCipher incommingCipher = new Rijndael();
    incommingCipher.initialize(new byte[] {
        0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00
    });
View Full Code Here

      } catch (UnsupportedEncodingException e) {
        throw new Error("Impossible: JVM doesn't support UTF-8: " + e, e);
      }
      byte[] buf = md.digest();
      try {
        Rijndael aes = new Rijndael(256, 256);
        aes.initialize(cryptoKey);
        aes.encipher(buf, buf);
        ehDocname = buf;
      } catch (UnsupportedCipherException e) {
        throw new Error(e);
      }
    } finally {
View Full Code Here

        this.type = type;
        this.key = key;
        try{
            if(type.cipherName.equals("RIJNDAEL")){
                blockCipher = new Rijndael(type.keyType.keySize, type.blockSize);
                blockCipher.initialize(key.getEncoded());
                if(type == CryptByteBufferType.RijndaelPCFB){
                    encryptPCFB = PCFBMode.create(blockCipher, this.iv.getIV());
                    decryptPCFB = PCFBMode.create(blockCipher, this.iv.getIV());
                }
View Full Code Here

      max = max << 1;
    }
  }

  private synchronized Rijndael getRijndael() {
    Rijndael aes;
    try {
      aes = new Rijndael(256, 256);
    } catch (UnsupportedCipherException e) {
      throw new Error(e);
    }
    aes.initialize(key);
    return aes;
  }
View Full Code Here

    return aes;
  }

  @SuppressWarnings("deprecation")
  public PCFBMode getPCFB() {
    Rijndael aes = getRijndael();
    if(iv != null)
      return PCFBMode.create(aes, iv);
    else
      // FIXME CRYPTO We should probably migrate all old buckets automatically so we can get rid of this?
      // Since the key is unique it is actually almost safe to use all zeros IV, but it's better to use a real IV.
View Full Code Here

  public Bucket decode(BucketFactory factory, int maxLength, boolean dontDecompress) throws KeyDecodeException, IOException {
    /* We know the signature is valid because it is checked in the constructor. */
    /* We also know e(h(docname)) is valid */
    byte[] decryptedHeaders = new byte[SSKBlock.ENCRYPTED_HEADERS_LENGTH];
    System.arraycopy(block.headers, block.headersOffset, decryptedHeaders, 0, SSKBlock.ENCRYPTED_HEADERS_LENGTH);
    Rijndael aes;
    try {
      Logger.minor(this, "cryptoAlgorithm="+key.cryptoAlgorithm+" for "+getClientKey().getURI());
      aes = new Rijndael(256,256);
    } catch (UnsupportedCipherException e) {
      throw new Error(e);
    }
    aes.initialize(key.cryptoKey);
    // ECB-encrypted E(H(docname)) serves as IV.
    PCFBMode pcfb = PCFBMode.create(aes, key.ehDocname);
    pcfb.blockDecipher(decryptedHeaders, 0, decryptedHeaders.length);
    // First 32 bytes are the key
    byte[] dataDecryptKey = Arrays.copyOf(decryptedHeaders, DATA_DECRYPT_KEY_LENGTH);
    aes.initialize(dataDecryptKey);
    byte[] dataOutput = block.data.clone();
    // Data decrypt key should be unique, so use it as IV
    pcfb.reset(dataDecryptKey);
    pcfb.blockDecipher(dataOutput, 0, dataOutput.length);
    // 2 bytes - data length
View Full Code Here

        // despite exposing asymmetric and hashes!
       
        // Now encrypt the header, then the data, using the same PCFB instance
        BlockCipher cipher;
        try {
            cipher = new Rijndael(256, 256);
        } catch (UnsupportedCipherException e) {
          Logger.error(ClientCHKBlock.class, "Impossible: "+e, e);
            throw new Error(e);
        }
        cipher.initialize(encKey);
View Full Code Here

TOP

Related Classes of freenet.crypt.ciphers.Rijndael

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.