* 2005-03-29 0.5.0.5 released

2005-03-29  jrandom
    * Decreased the initial RTT estimate to 10s to allow more retries.
    * Increased the default netDb store replication factor from 2 to 6 to take
      into consideration tunnel failures.
    * Address some statistical anonymity attacks against the netDb that could
      be mounted by an active internal adversary by only answering lookups for
      leaseSets we received through an unsolicited store.
    * Don't throttle lookup responses (we throttle enough elsewhere)
    * Fix the NewsFetcher so that it doesn't incorrectly resume midway through
      the file (thanks nickster!)
    * Updated the I2PTunnel HTML (thanks postman!)
    * Added support to the I2PTunnel pages for the URL parameter "passphrase",
      which, if matched against the router.config "i2ptunnel.passphrase" value,
      skips the nonce check.  If the config prop doesn't exist or is blank, no
      passphrase is accepted.
    * Implemented HMAC-SHA256.
    * Enable the tunnel batching with a 500ms delay by default
    * Dropped compatability with 0.5.0.3 and earlier releases

core/java/src/net/i2p/CoreVersion.java

@@ -14,8 +14,8 @@ package net.i2p;
  *
  */
 public class CoreVersion {
-    public final static String ID = "$Revision: 1.31 $ $Date: 2005/03/18 17:34:53 $";
-    public final static String VERSION = "0.5.0.4";
+    public final static String ID = "$Revision: 1.32 $ $Date: 2005/03/24 02:29:28 $";
+    public final static String VERSION = "0.5.0.5";
 
     public static void main(String args[]) {
         System.out.println("I2P Core version: " + VERSION);

core/java/src/net/i2p/crypto/HMACSHA256Generator.java

@@ -1,33 +1,101 @@
 package net.i2p.crypto;
 
+import java.util.Arrays;
 import net.i2p.I2PAppContext;
 import net.i2p.data.DataHelper;
 import net.i2p.data.Hash;
 import net.i2p.data.SessionKey;
 
 /**
- * Calculate the HMAC-SHA256 of a key+message.  Currently FAKE - returns a stupid
- * kludgy hash: H(H(key) XOR H(data)).  Fix me!
+ * Calculate the HMAC-SHA256 of a key+message.
  *
  */
 public class HMACSHA256Generator {
-    public HMACSHA256Generator(I2PAppContext context) { // nop
+    private I2PAppContext _context;
+    public HMACSHA256Generator(I2PAppContext context) {
+        _context = context;
     }
     
     public static HMACSHA256Generator getInstance() {
         return I2PAppContext.getGlobalContext().hmac();
     }
     
+    private static final int PAD_LENGTH = 64;
+    
+    private static final byte[] _IPAD = new byte[PAD_LENGTH];
+    private static final byte[] _OPAD = new byte[PAD_LENGTH];
+    static {
+        for (int i = 0; i < _IPAD.length; i++) {
+            _IPAD[i] = 0x36;
+            _OPAD[i] = 0x5C;
+        }
+    }
+    
+
+    public Buffer createBuffer(int dataLen) { return new Buffer(dataLen); }
+    
+    public class Buffer {
+        private byte padded[];
+        private byte innerBuf[];
+        private SHA256EntryCache.CacheEntry innerEntry;
+        private byte rv[];
+        private byte outerBuf[];
+        private SHA256EntryCache.CacheEntry outerEntry;
+
+        public Buffer(int dataLength) {
+            padded = new byte[PAD_LENGTH];
+            innerBuf = new byte[dataLength + PAD_LENGTH];
+            innerEntry = _context.sha().cache().acquire(innerBuf.length);
+            rv = new byte[Hash.HASH_LENGTH];
+            outerBuf = new byte[Hash.HASH_LENGTH + PAD_LENGTH];
+            outerEntry = _context.sha().cache().acquire(outerBuf.length);
+        }
+        
+        public void releaseCached() {
+            _context.sha().cache().release(innerEntry);
+            _context.sha().cache().release(outerEntry);
+        }
+        
+        public byte[] getHash() { return rv; }
+    }
+    
     /**
-     * This should calculate the HMAC/SHA256, but it DOESNT.  Its just a kludge.
-     * Fix me.
+     * Calculate the HMAC of the data with the given key
      */
     public Hash calculate(SessionKey key, byte data[]) {
         if ((key == null) || (key.getData() == null) || (data == null))
             throw new NullPointerException("Null arguments for HMAC");
-
-        Hash hkey = SHA256Generator.getInstance().calculateHash(key.getData());
-        Hash hdata = SHA256Generator.getInstance().calculateHash(data);
-        return SHA256Generator.getInstance().calculateHash(DataHelper.xor(hkey.getData(), hdata.getData()));
+        
+        Buffer buf = new Buffer(data.length);
+        calculate(key, data, buf);
+        Hash rv = new Hash(buf.rv);
+        buf.releaseCached();
+        return rv;
+    }
+    
+    /**
+     * Calculate the HMAC of the data with the given key
+     */
+    public void calculate(SessionKey key, byte data[], Buffer buf) {
+        // inner hash
+        padKey(key.getData(), _IPAD, buf.padded);
+        System.arraycopy(buf.padded, 0, buf.innerBuf, 0, PAD_LENGTH);
+        System.arraycopy(data, 0, buf.innerBuf, PAD_LENGTH, data.length);
+        
+        Hash h = _context.sha().calculateHash(buf.innerBuf, buf.innerEntry);
+        
+        // outer hash
+        padKey(key.getData(), _OPAD, buf.padded);
+        System.arraycopy(buf.padded, 0, buf.outerBuf, 0, PAD_LENGTH);
+        System.arraycopy(h.getData(), 0, buf.outerBuf, PAD_LENGTH, Hash.HASH_LENGTH);
+        
+        h = _context.sha().calculateHash(buf.outerBuf, buf.outerEntry);
+        System.arraycopy(h.getData(), 0, buf.rv, 0, Hash.HASH_LENGTH);
+    }
+    
+    private static final void padKey(byte key[], byte pad[], byte out[]) {
+        for (int i = 0; i < SessionKey.KEYSIZE_BYTES; i++)
+            out[i] = (byte) (key[i] ^ pad[i]);
+        Arrays.fill(out, SessionKey.KEYSIZE_BYTES, PAD_LENGTH, pad[0]);
     }
 }

core/java/src/net/i2p/data/Base64.java

@@ -329,6 +329,8 @@ public class Base64 {
      * replacing / with ~, and + with -
      */
     private static String safeEncode(byte[] source, int off, int len, boolean useStandardAlphabet) {
+        if (len + off > source.length)
+            throw new ArrayIndexOutOfBoundsException("Trying to encode too much!  source.len=" + source.length + " off=" + off + " len=" + len);
         String encoded = encodeBytes(source, off, len, false);
         if (useStandardAlphabet) {
             // noop

core/java/src/net/i2p/data/LeaseSet.java

@@ -35,6 +35,7 @@ public class LeaseSet extends DataStructureImpl {
     private Signature _signature;
     private volatile Hash _currentRoutingKey;
     private volatile byte[] _routingKeyGenMod;
+    private boolean _receivedAsPublished;
 
     /** um, no lease can last more than a year.  */
     private final static long MAX_FUTURE_EXPIRATION = 365 * 24 * 60 * 60 * 1000L;
@@ -47,6 +48,7 @@ public class LeaseSet extends DataStructureImpl {
         setRoutingKey(null);
         _leases = new ArrayList();
         _routingKeyGenMod = null;
+        _receivedAsPublished = false;
     }
 
     public Destination getDestination() {
@@ -72,6 +74,14 @@ public class LeaseSet extends DataStructureImpl {
     public void setSigningKey(SigningPublicKey key) {
         _signingKey = key;
     }
+    
+    /**
+     * If true, we received this LeaseSet by a remote peer publishing it to
+     * us, rather than by searching for it ourselves or locally creating it.
+     *
+     */
+    public boolean getReceivedAsPublished() { return _receivedAsPublished; }
+    public void setReceivedAsPublished(boolean received) { _receivedAsPublished = received; }
 
     public void addLease(Lease lease) {
         if (lease == null) throw new IllegalArgumentException("erm, null lease");