I2P_Developers/i2p.itoopie
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

2005-04-16 jrandom

Browse Source 
* Migrated to Bouncycastle's SHA256 and HMAC implementations for efficiency
(also lots of udp fixes)
This commit is contained in:
jrandom
2005-04-17 00:59:48 +00:00
committed by zzz
parent 9e5fe7d2b6
commit 7389cec78f
27 changed files with 929 additions and 614 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/routerconsole/jsp/help.jsp
View File

@ -16,10 +16,12 @@ hmm. we should probably have some help text here.<br />
<h2>Legal stuff</h2>
The I2P router (router.jar) and SDK (i2p.jar) are almost entirely public domain, with
a few notable exceptions:<ul>
<li>ElGamal, DSA, and SHA256 code, under the BSD license, written by TheCrypto</li>
<li>ElGamal and DSA code, under the BSD license, written by TheCrypto</li>
<li>SHA256 and HMAC-SHA256, under the MIT license, written by the Legion of the Bouncycastle</li>
<li>AES code, under the Cryptix (MIT) license, written by the Cryptix team</li>
<li>SNTP code, under the BSD license, written by Adam Buckley</li>
<li>The rest is outright public domain, written by jrandom, mihi, hypercubus, oOo, ugha, duck, and shendaras</li>
<li>The rest is outright public domain, written by jrandom, mihi, hypercubus, oOo,
ugha, duck, shendaras, and others.</li>
</ul>
<p>On top of the I2P router are a series of client applications, each with their own set of

9
core/java/src/net/i2p/crypto/AESEngine.java
View File

@ -66,13 +66,11 @@ public class AESEngine {
int padding = ElGamalAESEngine.getPaddingSize(size, paddedSize);
byte data[] = new byte[size + padding];
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(iv.length);
Hash h = _context.sha().calculateHash(iv, cache);
Hash h = _context.sha().calculateHash(iv);
int cur = 0;
System.arraycopy(h.getData(), 0, data, cur, Hash.HASH_LENGTH);
cur += Hash.HASH_LENGTH;
_context.sha().cache().release(cache);
DataHelper.toLong(data, cur, 4, payload.length);
cur += 4;
@ -96,18 +94,15 @@ public class AESEngine {
}
int cur = 0;
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(iv.length);
byte h[] = _context.sha().calculateHash(iv, cache).getData();
byte h[] = _context.sha().calculateHash(iv).getData();
for (int i = 0; i < Hash.HASH_LENGTH; i++) {
if (decr[i] != h[i]) {
_log.error("Hash does not match [key=" + sessionKey + " / iv =" + DataHelper.toString(iv, iv.length)
+ "]", new Exception("Hash error"));
_context.sha().cache().release(cache);
return null;
}
}
cur += Hash.HASH_LENGTH;
_context.sha().cache().release(cache);
long len = DataHelper.fromLong(decr, cur, 4);
cur += 4;

32
core/java/src/net/i2p/crypto/ElGamalAESEngine.java
View File

@ -163,11 +163,9 @@ public class ElGamalAESEngine {
//_log.debug("Pre IV for decryptNewSession: " + DataHelper.toString(preIV, 32));
//_log.debug("SessionKey for decryptNewSession: " + DataHelper.toString(key.getData(), 32));
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(preIV.length);
Hash ivHash = _context.sha().calculateHash(preIV, cache);
Hash ivHash = _context.sha().calculateHash(preIV);
byte iv[] = new byte[16];
System.arraycopy(ivHash.getData(), 0, iv, 0, 16);
_context.sha().cache().release(cache);
// feed the extra bytes into the PRNG
_context.random().harvester().feedEntropy("ElG/AES", elgDecr, offset, elgDecr.length - offset);
@ -202,12 +200,10 @@ public class ElGamalAESEngine {
SessionKey usedKey, SessionKey foundKey) throws DataFormatException {
byte preIV[] = new byte[32];
System.arraycopy(data, 0, preIV, 0, preIV.length);
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(32);
Hash ivHash = _context.sha().calculateHash(preIV, cache);
Hash ivHash = _context.sha().calculateHash(preIV);
byte iv[] = new byte[16];
System.arraycopy(ivHash.getData(), 0, iv, 0, 16);
_context.sha().cache().release(cache);
usedKey.setData(key.getData());
//_log.debug("Pre IV for decryptExistingSession: " + DataHelper.toString(preIV, 32));
@ -296,11 +292,9 @@ public class ElGamalAESEngine {
byte unencrData[] = new byte[(int) len];
System.arraycopy(decrypted, cur, unencrData, 0, (int)len);
cur += len;
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(unencrData.length);
Hash calcHash = _context.sha().calculateHash(unencrData, cache);
Hash calcHash = _context.sha().calculateHash(unencrData);
boolean eq = calcHash.equals(readHash);
_context.sha().cache().release(cache);
if (eq) {
// everything matches. w00t.
foundTags.addAll(tags);
@ -410,11 +404,9 @@ public class ElGamalAESEngine {
// should we also feed the encrypted elG block into the harvester?
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(preIV.length);
Hash ivHash = _context.sha().calculateHash(preIV, cache);
Hash ivHash = _context.sha().calculateHash(preIV);
byte iv[] = new byte[16];
System.arraycopy(ivHash.getData(), 0, iv, 0, 16);
_context.sha().cache().release(cache);
byte aesEncr[] = encryptAESBlock(data, key, iv, tagsForDelivery, newKey, paddedSize);
//_log.debug("AES encrypted length: " + aesEncr.length);
@ -448,12 +440,10 @@ public class ElGamalAESEngine {
//_log.debug("Pre IV for encryptExistingSession (aka tag): " + currentTag.toString());
//_log.debug("SessionKey for encryptNewSession: " + DataHelper.toString(key.getData(), 32));
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(rawTag.length);
Hash ivHash = _context.sha().calculateHash(rawTag, cache);
Hash ivHash = _context.sha().calculateHash(rawTag);
byte iv[] = new byte[16];
System.arraycopy(ivHash.getData(), 0, iv, 0, 16);
_context.sha().cache().release(cache);
byte aesEncr[] = encryptAESBlock(data, key, iv, tagsForDelivery, newKey, paddedSize, SessionTag.BYTE_LENGTH);
// that prepended SessionTag.BYTE_LENGTH bytes at the beginning of the buffer
System.arraycopy(rawTag, 0, aesEncr, 0, rawTag.length);
@ -507,12 +497,10 @@ public class ElGamalAESEngine {
DataHelper.toLong(aesData, cur, 4, data.length);
cur += 4;
//_log.debug("data length: " + data.length);
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(data.length);
Hash hash = _context.sha().calculateHash(data, cache);
Hash hash = _context.sha().calculateHash(data);
System.arraycopy(hash.getData(), 0, aesData, cur, Hash.HASH_LENGTH);
cur += Hash.HASH_LENGTH;
_context.sha().cache().release(cache);
//_log.debug("hash of data: " + DataHelper.toString(hash.getData(), 32));
if (newKey == null) {
aesData[cur++] = 0x00; // don't rekey

10
core/java/src/net/i2p/crypto/ElGamalEngine.java
View File

@ -98,10 +98,8 @@ public class ElGamalEngine {
byte d2[] = new byte[1+Hash.HASH_LENGTH+data.length];
d2[0] = (byte)0xFF;
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(data.length);
Hash hash = _context.sha().calculateHash(data, cache);
Hash hash = _context.sha().calculateHash(data);
System.arraycopy(hash.getData(), 0, d2, 1, Hash.HASH_LENGTH);
_context.sha().cache().release(cache);
System.arraycopy(data, 0, d2, 1+Hash.HASH_LENGTH, data.length);
long t0 = _context.clock().now();
@ -194,11 +192,9 @@ public class ElGamalEngine {
byte rv[] = new byte[payloadLen];
System.arraycopy(val, i + 1 + Hash.HASH_LENGTH, rv, 0, rv.length);
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(payloadLen);
Hash calcHash = _context.sha().calculateHash(rv, cache);
Hash calcHash = _context.sha().calculateHash(rv);
boolean ok = calcHash.equals(hash);
_context.sha().cache().release(cache);
long end = _context.clock().now();
long diff = end - start;

103
core/java/src/net/i2p/crypto/HMACSHA256Generator.java
View File

@ -1,64 +1,34 @@
package net.i2p.crypto;
import java.util.Arrays;
import java.util.ArrayList;
import java.util.List;
import net.i2p.I2PAppContext;
import net.i2p.data.DataHelper;
import net.i2p.data.Hash;
import net.i2p.data.SessionKey;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.macs.HMac;
/**
* Calculate the HMAC-SHA256 of a key+message.
* Calculate the HMAC-SHA256 of a key+message. All the good stuff occurs
* in {@link org.bouncycastle.crypto.macs.HMac} and
* {@link org.bouncycastle.crypto.digests.SHA256Digest}.
*
*/
public class HMACSHA256Generator {
private I2PAppContext _context;
private List _available;
public HMACSHA256Generator(I2PAppContext context) {
_context = context;
_available = new ArrayList(32);
}
public static HMACSHA256Generator getInstance() {
return I2PAppContext.getGlobalContext().hmac();
}
private static final int PAD_LENGTH = 64;
private static final byte[] _IPAD = new byte[PAD_LENGTH];
private static final byte[] _OPAD = new byte[PAD_LENGTH];
static {
for (int i = 0; i < _IPAD.length; i++) {
_IPAD[i] = 0x36;
_OPAD[i] = 0x5C;
}
}
public Buffer createBuffer(int dataLen) { return new Buffer(dataLen); }
public class Buffer {
private byte padded[];
private byte innerBuf[];
private SHA256EntryCache.CacheEntry innerEntry;
private byte rv[];
private byte outerBuf[];
private SHA256EntryCache.CacheEntry outerEntry;
public Buffer(int dataLength) {
padded = new byte[PAD_LENGTH];
innerBuf = new byte[dataLength + PAD_LENGTH];
innerEntry = _context.sha().cache().acquire(innerBuf.length);
rv = new byte[Hash.HASH_LENGTH];
outerBuf = new byte[Hash.HASH_LENGTH + PAD_LENGTH];
outerEntry = _context.sha().cache().acquire(outerBuf.length);
}
public void releaseCached() {
_context.sha().cache().release(innerEntry);
_context.sha().cache().release(outerEntry);
}
public byte[] getHash() { return rv; }
}
/**
* Calculate the HMAC of the data with the given key
*/
@ -75,43 +45,26 @@ public class HMACSHA256Generator {
if ((key == null) || (key.getData() == null) || (data == null))
throw new NullPointerException("Null arguments for HMAC");
Buffer buf = new Buffer(length);
calculate(key, data, offset, length, buf);
Hash rv = new Hash(buf.rv);
buf.releaseCached();
return rv;
HMac mac = acquire();
mac.init(key.getData());
mac.update(data, offset, length);
byte rv[] = new byte[Hash.HASH_LENGTH];
mac.doFinal(rv, 0);
release(mac);
return new Hash(rv);
}
/**
* Calculate the HMAC of the data with the given key
*/
public void calculate(SessionKey key, byte data[], Buffer buf) {
calculate(key, data, 0, data.length, buf);
private HMac acquire() {
synchronized (_available) {
if (_available.size() > 0)
return (HMac)_available.remove(0);
}
return new HMac(new SHA256Digest());
}
/**
* Calculate the HMAC of the data with the given key
*/
public void calculate(SessionKey key, byte data[], int offset, int length, Buffer buf) {
// inner hash
padKey(key.getData(), _IPAD, buf.padded);
System.arraycopy(buf.padded, 0, buf.innerBuf, 0, PAD_LENGTH);
System.arraycopy(data, offset, buf.innerBuf, PAD_LENGTH, length);
Hash h = _context.sha().calculateHash(buf.innerBuf, buf.innerEntry);
// outer hash
padKey(key.getData(), _OPAD, buf.padded);
System.arraycopy(buf.padded, 0, buf.outerBuf, 0, PAD_LENGTH);
System.arraycopy(h.getData(), 0, buf.outerBuf, PAD_LENGTH, Hash.HASH_LENGTH);
h = _context.sha().calculateHash(buf.outerBuf, buf.outerEntry);
System.arraycopy(h.getData(), 0, buf.rv, 0, Hash.HASH_LENGTH);
}
private static final void padKey(byte key[], byte pad[], byte out[]) {
for (int i = 0; i < SessionKey.KEYSIZE_BYTES; i++)
out[i] = (byte) (key[i] ^ pad[i]);
Arrays.fill(out, SessionKey.KEYSIZE_BYTES, PAD_LENGTH, pad[0]);
private void release(HMac mac) {
synchronized (_available) {
if (_available.size() < 64)
_available.add(mac);
}
}
}

238
core/java/src/net/i2p/crypto/SHA256EntryCache.java
View File

@ -1,238 +0,0 @@
package net.i2p.crypto;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import net.i2p.I2PAppContext;
import net.i2p.data.Hash;
/**
* Cache the objects used in SHA256Generator's calculate method to reduce
* memory churn. The CacheEntry should be held onto as long as the
* data referenced in it is needed (which often is only one or two lines
* of code)
*
*/
public final class SHA256EntryCache {
private static final int ONE_KB = 0;
private static final int FOUR_KB = 1;
private static final int EIGHT_KB = 2;
private static final int SIXTEEN_KB = 3;
private static final int THIRTYTWO_KB = 4;
private static final int FOURTYEIGHT_KB = 5;
private static final int LARGER = 6;
/**
* Array of Lists of free CacheEntry objects, indexed
* by the payload size they are capable of handling
*/
private List _available[] = new List[6];
/** count up how often we use the cache for each size */
private long _used[] = new long[7];
private int _sizes[] = new int[] { 1024,4*1024,8*1024,16*1024,32*1024,48*1024 };
/** no more than 32 at each size level */
private static final int MAX_CACHED = 64;
public SHA256EntryCache() {
for (int i = 0; i < _available.length; i++) {
_available[i] = new ArrayList(MAX_CACHED);
//for (int j = 0; j < MAX_CACHED; j++)
// _available[i].add(new CacheEntry(_sizes[i]));
}
}
/**
* Get the next available structure, either from the cache or a brand new one
*
*/
public final CacheEntry acquire(int payload) {
int entrySize = getBucket(payload);
switch (entrySize) {
case 1024:
_used[ONE_KB]++;
synchronized (_available[ONE_KB]) {
if (_available[ONE_KB].size() > 0) {
return (CacheEntry)_available[ONE_KB].remove(0);
}
}
break;
case 4*1024:
_used[FOUR_KB]++;
synchronized (_available[FOUR_KB]) {
if (_available[FOUR_KB].size() > 0) {
return (CacheEntry)_available[FOUR_KB].remove(0);
}
}
break;
case 8*1024:
_used[EIGHT_KB]++;
synchronized (_available[EIGHT_KB]) {
if (_available[EIGHT_KB].size() > 0) {
return (CacheEntry)_available[EIGHT_KB].remove(0);
}
}
break;
case 16*1024:
_used[SIXTEEN_KB]++;
synchronized (_available[SIXTEEN_KB]) {
if (_available[SIXTEEN_KB].size() > 0) {
return (CacheEntry)_available[SIXTEEN_KB].remove(0);
}
}
break;
case 32*1024:
_used[THIRTYTWO_KB]++;
synchronized (_available[THIRTYTWO_KB]) {
if (_available[THIRTYTWO_KB].size() > 0) {
return (CacheEntry)_available[THIRTYTWO_KB].remove(0);
}
}
break;
case 48*1024:
_used[FOURTYEIGHT_KB]++;
synchronized (_available[FOURTYEIGHT_KB]) {
if (_available[FOURTYEIGHT_KB].size() > 0) {
return (CacheEntry)_available[FOURTYEIGHT_KB].remove(0);
}
}
break;
default:
_used[LARGER]++;
// not for the bucket, so make it exact
return new CacheEntry(payload);
}
return new CacheEntry(entrySize);
}
/**
* Put this structure back onto the available cache for reuse
*
*/
public final void release(CacheEntry entry) {
entry.reset();
if (false) return;
switch (entry.bucket) {
case 1024:
synchronized (_available[ONE_KB]) {
if (_available[ONE_KB].size() < MAX_CACHED) {
_available[ONE_KB].add(entry);
}
}
return;
case 4*1024:
synchronized (_available[FOUR_KB]) {
if (_available[FOUR_KB].size() < MAX_CACHED) {
_available[FOUR_KB].add(entry);
}
}
return;
case 8*1024:
synchronized (_available[EIGHT_KB]) {
if (_available[EIGHT_KB].size() < MAX_CACHED) {
_available[EIGHT_KB].add(entry);
}
}
return;
case 16*1024:
synchronized (_available[SIXTEEN_KB]) {
if (_available[SIXTEEN_KB].size() < MAX_CACHED) {
_available[SIXTEEN_KB].add(entry);
}
}
return;
case 32*1024:
synchronized (_available[THIRTYTWO_KB]) {
if (_available[THIRTYTWO_KB].size() < MAX_CACHED) {
_available[THIRTYTWO_KB].add(entry);
}
}
return;
case 48*1024:
synchronized (_available[FOURTYEIGHT_KB]) {
if (_available[FOURTYEIGHT_KB].size() < MAX_CACHED) {
_available[FOURTYEIGHT_KB].add(entry);
}
}
return;
}
}
/**
* all the data alloc'ed in a calculateHash call
*/
public static final class CacheEntry {
byte hashbytes[];
int W[];
int M0[];
int H[];
Hash hash;
int wordlength;
int bucket;
public CacheEntry(int payload) {
wordlength = SHA256Generator.getWordlength(payload);
bucket = payload;
hashbytes = new byte[32];
M0 = new int[wordlength];
W = new int[64];
H = new int[8];
hash = new Hash();
hash.setData(hashbytes);
}
public final void reset() {
Arrays.fill(hashbytes, (byte)0x0);
Arrays.fill(M0, (byte)0x0);
Arrays.fill(W, (byte)0x0);
Arrays.fill(H, (byte)0x0);
}
}
private static final int getBucket(int payload) {
if (payload <= 1024)
return 1024;
else if (payload <= 4*1024)
return 4*1024;
else if (payload <= 8*1024)
return 8*1024;
else if (payload <= 16*1024)
return 16*1024;
else if (payload <= 32*1024)
return 32*1024;
else if (payload <= 48*1024)
return 48*1024;
else
return payload;
}
public static void main(String args[]) {
I2PAppContext ctx = new I2PAppContext();
for (int i = 1; i < 20000; i+=2) {
test(ctx, i);
}
}
private static void test(I2PAppContext ctx, int size) {
System.out.print("Size = " + size);
for (int i = 0; i < 2; i++) {
byte orig[] = new byte[size];
ctx.random().nextBytes(orig);
CacheEntry cache = ctx.sha().cache().acquire(orig.length);
try {
Hash h = ctx.sha().calculateHash(orig, cache);
Hash h2 = ctx.sha().calculateHash(orig);
boolean eq = h.equals(h2);
ctx.sha().cache().release(cache);
if (eq) {
System.out.print(".");
} else {
System.out.print("ERROR " + i);
break;
}
} catch (Exception e) {
e.printStackTrace();
}
}
System.out.println();
}
}

231
core/java/src/net/i2p/crypto/SHA256Generator.java
View File

@ -1,236 +1,47 @@
package net.i2p.crypto;
/*
* Copyright (c) 2003, TheCrypto
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* - Neither the name of the TheCrypto may be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
import java.util.Arrays;
import net.i2p.I2PAppContext;
import net.i2p.data.Hash;
/** Defines a wrapper for SHA-256 operation
*
* This is done. Takes data of any size and hashes it.
import org.bouncycastle.crypto.digests.SHA256Digest;
/**
* Defines a wrapper for SHA-256 operation. All the good stuff occurs
* in the Bouncycastle {@link org.bouncycastle.crypto.digests.SHA256Digest}
*
* @author thecrypto,jrandom
*/
public final class SHA256Generator {
private final SHA256EntryCache _cache = new SHA256EntryCache();
public SHA256Generator(I2PAppContext context) { // nop
}
public SHA256Generator(I2PAppContext context) {}
public static final SHA256Generator getInstance() {
return I2PAppContext.getGlobalContext().sha();
}
public final SHA256EntryCache cache() { return _cache; }
static final int[] K = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
static final int[] H0 = { 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19};
public static final int getWordlength(int sourceLength) {
long length = sourceLength * 8;
int k = 448 - (int) ((length + 1) % 512);
if (k < 0) {
k += 512;
}
int padbytes = k / 8;
int rv = sourceLength / 4 + padbytes / 4 + 3;
return rv;
}
private final SHA256EntryCache.CacheEntry getNewEntry(int payloadSize) {
return new SHA256EntryCache.CacheEntry(payloadSize);
}
/** Calculate the SHA-256 has of the source
* @param source what to hash
* @return hash of the source
*/
public final Hash calculateHash(byte[] source) {
byte rv[] = new byte[Hash.HASH_LENGTH];
SHA256EntryCache.CacheEntry cache = _cache.acquire(source.length);
Hash hash = calculateHash(source, 0, source.length, cache);
System.arraycopy(hash.getData(), 0, rv, 0, Hash.HASH_LENGTH);
_cache.release(cache);
return new Hash(rv);
}
public final Hash calculateHash(byte[] source, SHA256EntryCache.CacheEntry cache) {
return calculateHash(source, 0, source.length, cache);
return calculateHash(source, 0, source.length);
}
public final Hash calculateHash(byte[] source, int start, int len) {
byte rv[] = new byte[Hash.HASH_LENGTH];
SHA256EntryCache.CacheEntry cache = _cache.acquire(len);
Hash hash = calculateHash(source, start, len, cache);
System.arraycopy(hash.getData(), 0, rv, 0, Hash.HASH_LENGTH);
_cache.release(cache);
SHA256Digest digest = new SHA256Digest();
digest.update(source, start, len);
digest.doFinal(rv, 0);
return new Hash(rv);
}
public final Hash calculateHash(byte[] source, int start, int len, SHA256EntryCache.CacheEntry cache) {
if (cache == null)
return calculateHash(source, start, len);
long length = len * 8;
int k = 448 - (int) ((length + 1) % 512);
if (k < 0) {
k += 512;
}
int padbytes = k / 8;
int wordlength = len / 4 + padbytes / 4 + 3;
if (wordlength != getWordlength(len))
throw new RuntimeException("len = " + len + " wordlength = " + wordlength
+ " getWordlength = " + getWordlength(len));
int[] M0 = cache.M0;
int wordcount = 0;
int x = 0;
for (x = 0; x < (len / 4) * 4; x += 4) {
M0[wordcount] = source[x+start] << 24 >>> 24 << 24;
M0[wordcount] |= source[x+start + 1] << 24 >>> 24 << 16;
M0[wordcount] |= source[x+start + 2] << 24 >>> 24 << 8;
M0[wordcount] |= source[x+start + 3] << 24 >>> 24 << 0;
wordcount++;
}
switch (len - (wordcount + 1) * 4 + 4) {
case 0:
M0[wordcount] |= 0x80000000;
break;
case 1:
M0[wordcount] = source[x+start] << 24 >>> 24 << 24;
M0[wordcount] |= 0x00800000;
break;
case 2:
M0[wordcount] = source[x+start] << 24 >>> 24 << 24;
M0[wordcount] |= source[x+start + 1] << 24 >>> 24 << 16;
M0[wordcount] |= 0x00008000;
break;
case 3:
M0[wordcount] = source[x+start] << 24 >>> 24 << 24;
M0[wordcount] |= source[x+start + 1] << 24 >>> 24 << 16;
M0[wordcount] |= source[x+start + 2] << 24 >>> 24 << 8;
M0[wordcount] |= 0x00000080;
break;
}
M0[wordlength - 2] = (int) (length >>> 32);
M0[wordlength - 1] = (int) (length);
int[] H = cache.H;
for (x = 0; x < 8; x++) {
H[x] = H0[x];
}
int blocks = wordlength / 16;
int[] W = cache.W;
for (int bl = 0; bl < blocks; bl++) {
int a = H[0];
int b = H[1];
int c = H[2];
int d = H[3];
int e = H[4];
int f = H[5];
int g = H[6];
int h = H[7];
Arrays.fill(W, 0);
for (x = 0; x < 64; x++) {
if (x < 16) {
W[x] = M0[bl * 16 + x];
} else {
W[x] = add(o1(W[x - 2]), add(W[x - 7], add(o0(W[x - 15]), W[x - 16])));
}
}
for (x = 0; x < 64; x++) {
int T1 = add(h, add(e1(e), add(Ch(e, f, g), add(K[x], W[x]))));
int T2 = add(e0(a), Maj(a, b, c));
h = g;
g = f;
f = e;
e = add(d, T1);
d = c;
c = b;
b = a;
a = add(T1, T2);
}
H[0] = add(a, H[0]);
H[1] = add(b, H[1]);
H[2] = add(c, H[2]);
H[3] = add(d, H[3]);
H[4] = add(e, H[4]);
H[5] = add(f, H[5]);
H[6] = add(g, H[6]);
H[7] = add(h, H[7]);
}
byte[] hashbytes = cache.hashbytes;
for (x = 0; x < 8; x++) {
hashbytes[x * 4] = (byte) (H[x] << 0 >>> 24);
hashbytes[x * 4 + 1] = (byte) (H[x] << 8 >>> 24);
hashbytes[x * 4 + 2] = (byte) (H[x] << 16 >>> 24);
hashbytes[x * 4 + 3] = (byte) (H[x] << 24 >>> 24);
}
return cache.hash;
}
private static final int Ch(int x, int y, int z) {
return (x & y) ^ (~x & z);
}
private static final int Maj(int x, int y, int z) {
return (x & y) ^ (x & z) ^ (y & z);
}
private static final int ROTR(int x, int n) {
return (x >>> n) | (x << 32 - n);
}
private static final int e0(int x) {
return ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22);
}
private static final int e1(int x) {
return ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25);
}
private static final int SHR(int x, int n) {
return x >>> n;
}
private static final int o0(int x) {
return ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3);
}
private static final int o1(int x) {
return ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10);
}
private static final int add(int x, int y) {
return x + y;
public static void main(String args[]) {
I2PAppContext ctx = I2PAppContext.getGlobalContext();
byte orig[] = new byte[4096];
ctx.random().nextBytes(orig);
Hash old = ctx.sha().calculateHash(orig);
SHA256Digest d = new SHA256Digest();
d.update(orig, 0, orig.length);
byte out[] = new byte[Hash.HASH_LENGTH];
d.doFinal(out, 0);
System.out.println("eq? " + net.i2p.data.DataHelper.eq(out, old.getData()));
}
}

77
core/java/src/org/bouncycastle/crypto/Digest.java Normal file
View File

@ -0,0 +1,77 @@
package org.bouncycastle.crypto;
/*
* Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
* (http://www.bouncycastle.org)
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software
* without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
*/
/**
* interface that a message digest conforms to.
*/
public interface Digest
{
/**
* return the algorithm name
*
* @return the algorithm name
*/
public String getAlgorithmName();
/**
* return the size, in bytes, of the digest produced by this message digest.
*
* @return the size, in bytes, of the digest produced by this message digest.
*/
public int getDigestSize();
/**
* update the message digest with a single byte.
*
* @param in the input byte to be entered.
*/
public void update(byte in);
/**
* update the message digest with a block of bytes.
*
* @param in the byte array containing the data.
* @param inOff the offset into the byte array where the data starts.
* @param len the length of the data.
*/
public void update(byte[] in, int inOff, int len);
/**
* close the digest, producing the final digest value. The doFinal
* call leaves the digest reset.
*
* @param out the array the digest is to be copied into.
* @param outOff the offset into the out array the digest is to start at.
*/
public int doFinal(byte[] out, int outOff);
/**
* reset the digest back to it's initial state.
*/
public void reset();
}

97
core/java/src/org/bouncycastle/crypto/Mac.java Normal file
View File

@ -0,0 +1,97 @@
package org.bouncycastle.crypto;
/*
* Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
* (http://www.bouncycastle.org)
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software
* without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
*/
/**
* The base interface for implementations of message authentication codes (MACs).
*
* modified by jrandom to use the session key byte array directly
*/
public interface Mac
{
/**
* Initialise the MAC.
*
* @param key the key required by the MAC.
* @exception IllegalArgumentException if the params argument is
* inappropriate.
*/
public void init(byte key[])
throws IllegalArgumentException;
/**
* Return the name of the algorithm the MAC implements.
*
* @return the name of the algorithm the MAC implements.
*/
public String getAlgorithmName();
/**
* Return the block size for this cipher (in bytes).
*
* @return the block size for this cipher in bytes.
*/
public int getMacSize();
/**
* add a single byte to the mac for processing.
*
* @param in the byte to be processed.
* @exception IllegalStateException if the MAC is not initialised.
*/
public void update(byte in)
throws IllegalStateException;
/**
* @param in the array containing the input.
* @param inOff the index in the array the data begins at.
* @param len the length of the input starting at inOff.
* @exception IllegalStateException if the MAC is not initialised.
*/
public void update(byte[] in, int inOff, int len)
throws IllegalStateException;
/**
* Compute the final statge of the MAC writing the output to the out
* parameter.
* <p>
* doFinal leaves the MAC in the same state it was after the last init.
*
* @param out the array the MAC is to be output to.
* @param outOff the offset into the out buffer the output is to start at.
* @exception IllegalStateException if the MAC is not initialised.
*/
public int doFinal(byte[] out, int outOff)
throws IllegalStateException;
/**
* Reset the MAC. At the end of resetting the MAC should be in the
* in the same state it was after the last init (if there was one).
*/
public void reset();
}

154
core/java/src/org/bouncycastle/crypto/digests/GeneralDigest.java Normal file
View File

@ -0,0 +1,154 @@
package org.bouncycastle.crypto.digests;
/*
* Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
* (http://www.bouncycastle.org)
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software
* without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
*/
import org.bouncycastle.crypto.Digest;
/**
* base implementation of MD4 family style digest as outlined in
* "Handbook of Applied Cryptography", pages 344 - 347.
*/
public abstract class GeneralDigest
implements Digest
{
private byte[] xBuf;
private int xBufOff;
private long byteCount;
/**
* Standard constructor
*/
protected GeneralDigest()
{
xBuf = new byte[4];
xBufOff = 0;
}
/**
* Copy constructor. We are using copy constructors in place
* of the Object.clone() interface as this interface is not
* supported by J2ME.
*/
protected GeneralDigest(GeneralDigest t)
{
xBuf = new byte[t.xBuf.length];
System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length);
xBufOff = t.xBufOff;
byteCount = t.byteCount;
}
public void update(
byte in)
{
xBuf[xBufOff++] = in;
if (xBufOff == xBuf.length)
{
processWord(xBuf, 0);
xBufOff = 0;
}
byteCount++;
}
public void update(
byte[] in,
int inOff,
int len)
{
//
// fill the current word
//
while ((xBufOff != 0) && (len > 0))
{
update(in[inOff]);
inOff++;
len--;
}
//
// process whole words.
//
while (len > xBuf.length)
{
processWord(in, inOff);
inOff += xBuf.length;
len -= xBuf.length;
byteCount += xBuf.length;
}
//
// load in the remainder.
//
while (len > 0)
{
update(in[inOff]);
inOff++;
len--;
}
}
public void finish()
{
long bitLength = (byteCount << 3);
//
// add the pad bytes.
//
update((byte)128);
while (xBufOff != 0)
{
update((byte)0);
}
processLength(bitLength);
processBlock();
}
public void reset()
{
byteCount = 0;
xBufOff = 0;
for ( int i = 0; i < xBuf.length; i++ ) {
xBuf[i] = 0;
}
}
protected abstract void processWord(byte[] in, int inOff);
protected abstract void processLength(long bitLength);
protected abstract void processBlock();
}

292
core/java/src/org/bouncycastle/crypto/digests/SHA256Digest.java Normal file
View File

@ -0,0 +1,292 @@
package org.bouncycastle.crypto.digests;
/*
* Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
* (http://www.bouncycastle.org)
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software
* without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
*/
/**
* FIPS 180-2 implementation of SHA-256.
*
* <pre>
* block word digest
* SHA-1 512 32 160
* SHA-256 512 32 256
* SHA-384 1024 64 384
* SHA-512 1024 64 512
* </pre>
*/
public class SHA256Digest
extends GeneralDigest
{
private static final int DIGEST_LENGTH = 32;
private int H1, H2, H3, H4, H5, H6, H7, H8;
private int[] X = new int[64];
private int xOff;
/**
* Standard constructor
*/
public SHA256Digest()
{
reset();
}
/**
* Copy constructor. This will copy the state of the provided
* message digest.
*/
public SHA256Digest(SHA256Digest t)
{
super(t);
H1 = t.H1;
H2 = t.H2;
H3 = t.H3;
H4 = t.H4;
H5 = t.H5;
H6 = t.H6;
H7 = t.H7;
H8 = t.H8;
System.arraycopy(t.X, 0, X, 0, t.X.length);
xOff = t.xOff;
}
public String getAlgorithmName()
{
return "SHA-256";
}
public int getDigestSize()
{
return DIGEST_LENGTH;
}
protected void processWord(
byte[] in,
int inOff)
{
X[xOff++] = ((in[inOff] & 0xff) << 24) | ((in[inOff + 1] & 0xff) << 16)
| ((in[inOff + 2] & 0xff) << 8) | ((in[inOff + 3] & 0xff));
if (xOff == 16)
{
processBlock();
}
}
private void unpackWord(
int word,
byte[] out,
int outOff)
{
out[outOff] = (byte)(word >>> 24);
out[outOff + 1] = (byte)(word >>> 16);
out[outOff + 2] = (byte)(word >>> 8);
out[outOff + 3] = (byte)word;
}
protected void processLength(
long bitLength)
{
if (xOff > 14)
{
processBlock();
}
X[14] = (int)(bitLength >>> 32);
X[15] = (int)(bitLength & 0xffffffff);
}
public int doFinal(
byte[] out,
int outOff)
{
finish();
unpackWord(H1, out, outOff);
unpackWord(H2, out, outOff + 4);
unpackWord(H3, out, outOff + 8);
unpackWord(H4, out, outOff + 12);
unpackWord(H5, out, outOff + 16);
unpackWord(H6, out, outOff + 20);
unpackWord(H7, out, outOff + 24);
unpackWord(H8, out, outOff + 28);
reset();
return DIGEST_LENGTH;
}
/**
* reset the chaining variables
*/
public void reset()
{
super.reset();
/* SHA-256 initial hash value
* The first 32 bits of the fractional parts of the square roots
* of the first eight prime numbers
*/
H1 = 0x6a09e667;
H2 = 0xbb67ae85;
H3 = 0x3c6ef372;
H4 = 0xa54ff53a;
H5 = 0x510e527f;
H6 = 0x9b05688c;
H7 = 0x1f83d9ab;
H8 = 0x5be0cd19;
xOff = 0;
for (int i = 0; i != X.length; i++)
{
X[i] = 0;
}
}
protected void processBlock()
{
//
// expand 16 word block into 64 word blocks.
//
for (int t = 16; t <= 63; t++)
{
X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16];
}
//
// set up working variables.
//
int a = H1;
int b = H2;
int c = H3;
int d = H4;
int e = H5;
int f = H6;
int g = H7;
int h = H8;
for (int t = 0; t <= 63; t++)
{
int T1, T2;
T1 = h + Sum1(e) + Ch(e, f, g) + K[t] + X[t];
T2 = Sum0(a) + Maj(a, b, c);
h = g;
g = f;
f = e;
e = d + T1;
d = c;
c = b;
b = a;
a = T1 + T2;
}
H1 += a;
H2 += b;
H3 += c;
H4 += d;
H5 += e;
H6 += f;
H7 += g;
H8 += h;
//
// reset the offset and clean out the word buffer.
//
xOff = 0;
for (int i = 0; i != X.length; i++)
{
X[i] = 0;
}
}
private int rotateRight(
int x,
int n)
{
return (x >>> n) | (x << (32 - n));
}
/* SHA-256 functions */
private int Ch(
int x,
int y,
int z)
{
return ((x & y) ^ ((~x) & z));
}
private int Maj(
int x,
int y,
int z)
{
return ((x & y) ^ (x & z) ^ (y & z));
}
private int Sum0(
int x)
{
return rotateRight(x, 2) ^ rotateRight(x, 13) ^ rotateRight(x, 22);
}
private int Sum1(
int x)
{
return rotateRight(x, 6) ^ rotateRight(x, 11) ^ rotateRight(x, 25);
}
private int Theta0(
int x)
{
return rotateRight(x, 7) ^ rotateRight(x, 18) ^ (x >>> 3);
}
private int Theta1(
int x)
{
return rotateRight(x, 17) ^ rotateRight(x, 19) ^ (x >>> 10);
}
/* SHA-256 Constants
* (represent the first 32 bits of the fractional parts of the
* cube roots of the first sixty-four prime numbers)
*/
static final int K[] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
}

168
core/java/src/org/bouncycastle/crypto/macs/HMac.java Normal file
View File

@ -0,0 +1,168 @@
package org.bouncycastle.crypto.macs;
/*
* Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
* (http://www.bouncycastle.org)
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software
* without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
*/
//import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Mac;
//import org.bouncycastle.crypto.params.KeyParameter;
import java.util.Arrays;
/**
* HMAC implementation based on RFC2104
*
* H(K XOR opad, H(K XOR ipad, text))
*
* modified by jrandom to use the session key byte array directly
*/
public class HMac
implements Mac
{
private final static int BLOCK_LENGTH = 64;
private final static byte IPAD = (byte)0x36;
private final static byte OPAD = (byte)0x5C;
private Digest digest;
private int digestSize;
private byte[] inputPad = new byte[BLOCK_LENGTH];
private byte[] outputPad = new byte[BLOCK_LENGTH];
public HMac(
Digest digest)
{
this.digest = digest;
digestSize = digest.getDigestSize();
}
public String getAlgorithmName()
{
return digest.getAlgorithmName() + "/HMAC";
}
public Digest getUnderlyingDigest()
{
return digest;
}
//public void init(
// CipherParameters params)
//{
public void init(byte key[])
{
digest.reset();
//byte[] key = ((KeyParameter)params).getKey();
if (key.length > BLOCK_LENGTH)
{
digest.update(key, 0, key.length);
digest.doFinal(inputPad, 0);
for (int i = digestSize; i < inputPad.length; i++)
{
inputPad[i] = 0;
}
}
else
{
System.arraycopy(key, 0, inputPad, 0, key.length);
for (int i = key.length; i < inputPad.length; i++)
{
inputPad[i] = 0;
}
}
// why reallocate? it hasn't changed sizes, and the arraycopy
// below fills it completely...
//outputPad = new byte[inputPad.length];
System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length);
for (int i = 0; i < inputPad.length; i++)
{
inputPad[i] ^= IPAD;
}
for (int i = 0; i < outputPad.length; i++)
{
outputPad[i] ^= OPAD;
}
digest.update(inputPad, 0, inputPad.length);
}
public int getMacSize()
{
return digestSize;
}
public void update(
byte in)
{
digest.update(in);
}
public void update(
byte[] in,
int inOff,
int len)
{
digest.update(in, inOff, len);
}
public int doFinal(
byte[] out,
int outOff)
{
byte[] tmp = new byte[digestSize];
digest.doFinal(tmp, 0);
digest.update(outputPad, 0, outputPad.length);
digest.update(tmp, 0, tmp.length);
int len = digest.doFinal(out, outOff);
reset();
return len;
}
/**
* Reset the mac generator.
*/
public void reset()
{
/*
* reset the underlying digest.
*/
digest.reset();
/*
* reinitialize the digest.
*/
digest.update(inputPad, 0, inputPad.length);
}
}

5
history.txt
View File

@ -1,4 +1,7 @@
$Id: history.txt,v 1.191 2005/04/08 22:16:05 smeghead Exp $
$Id: history.txt,v 1.192 2005/04/12 10:22:11 jrandom Exp $
2005-04-16 jrandom
* Migrated to Bouncycastle's SHA256 and HMAC implementations for efficiency
2005-04-12 jrandom
* Make sure we don't get cached updates (thanks smeghead!)

1
installer/resources/readme.license.txt
View File

@ -13,6 +13,7 @@ The base I2P router and SDK make use of the
following non-public domain code:
* TheCrypto's cryptographic routines (BSD)
* Bouncycastle's hash routines (MIT license)
* Cryptix's AES routines (Cryptix license)
* Adam Buckley's SNTP routines (BSD)

13
router/java/src/net/i2p/data/i2np/I2NPMessageImpl.java
View File

@ -13,7 +13,6 @@ import java.io.InputStream;
import java.io.OutputStream;
import net.i2p.I2PAppContext;
import net.i2p.crypto.SHA256EntryCache;
import net.i2p.data.DataFormatException;
import net.i2p.data.DataHelper;
import net.i2p.data.DataStructureImpl;
@ -80,11 +79,9 @@ public abstract class I2NPMessageImpl extends DataStructureImpl implements I2NPM
cur += numRead;
}
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(size);
Hash calc = _context.sha().calculateHash(buffer, 0, size, cache);
Hash calc = _context.sha().calculateHash(buffer, 0, size);
//boolean eq = calc.equals(h);
boolean eq = DataHelper.eq(checksum, 0, calc.getData(), 0, CHECKSUM_LENGTH);
_context.sha().cache().release(cache);
if (!eq)
throw new I2NPMessageException("Hash does not match for " + getClass().getName());
@ -125,11 +122,9 @@ public abstract class I2NPMessageImpl extends DataStructureImpl implements I2NPM
+ " cur=" + cur
+ " wanted=" + size + "]: " + getClass().getName());
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(size);
Hash calc = _context.sha().calculateHash(data, cur, size, cache);
Hash calc = _context.sha().calculateHash(data, cur, size);
//boolean eq = calc.equals(h);
boolean eq = DataHelper.eq(hdata, 0, calc.getData(), 0, CHECKSUM_LENGTH);
_context.sha().cache().release(cache);
if (!eq)
throw new I2NPMessageException("Hash does not match for " + getClass().getName());
@ -204,8 +199,7 @@ public abstract class I2NPMessageImpl extends DataStructureImpl implements I2NPM
try {
int writtenLen = writeMessageBody(buffer, prefixLen);
int payloadLen = writtenLen - prefixLen;
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(payloadLen);
Hash h = _context.sha().calculateHash(buffer, prefixLen, payloadLen, cache);
Hash h = _context.sha().calculateHash(buffer, prefixLen, payloadLen);
int off = 0;
DataHelper.toLong(buffer, off, 1, getType());
@ -217,7 +211,6 @@ public abstract class I2NPMessageImpl extends DataStructureImpl implements I2NPM
DataHelper.toLong(buffer, off, 2, payloadLen);
off += 2;
System.arraycopy(h.getData(), 0, buffer, off, CHECKSUM_LENGTH);
_context.sha().cache().release(cache);
long time = _context.clock().now() - start;
//if (time > 50)

4
router/java/src/net/i2p/router/RouterVersion.java
View File

@ -15,9 +15,9 @@ import net.i2p.CoreVersion;
*
*/
public class RouterVersion {
public final static String ID = "$Revision: 1.183 $ $Date: 2005/04/06 11:38:38 $";
public final static String ID = "$Revision: 1.184 $ $Date: 2005/04/12 10:22:12 $";
public final static String VERSION = "0.5.0.6";
public final static long BUILD = 1;
public final static long BUILD = 2;
public static void main(String args[]) {
System.out.println("I2P Router version: " + VERSION);
System.out.println("Router ID: " + RouterVersion.ID);

2
router/java/src/net/i2p/router/transport/udp/InboundMessageState.java
View File

@ -27,7 +27,7 @@ public class InboundMessageState {
private long _receiveBegin;
/** expire after 30s */
private static final long MAX_RECEIVE_TIME = 30*1000;
private static final long MAX_RECEIVE_TIME = 10*1000;
private static final int MAX_FRAGMENTS = 32;
private static final ByteCache _fragmentCache = ByteCache.getInstance(64, 2048);

12
router/java/src/net/i2p/router/transport/udp/OutboundMessageFragments.java
View File

@ -119,6 +119,7 @@ public class OutboundMessageFragments {
if (state.isComplete()) {
_activeMessages.remove(i);
_transport.succeeded(state.getMessage());
state.releaseResources();
i--;
} else if (state.isExpired()) {
_activeMessages.remove(i);
@ -132,6 +133,7 @@ public class OutboundMessageFragments {
if (_log.shouldLog(Log.WARN))
_log.warn("Unable to send an expired direct message: " + state);
}
state.releaseResources();
i--;
} else if (state.getPushCount() > MAX_VOLLEYS) {
_activeMessages.remove(i);
@ -147,8 +149,8 @@ public class OutboundMessageFragments {
if (_log.shouldLog(Log.WARN))
_log.warn("Unable to send a direct message after too many volleys: " + state);
}
state.releaseResources();
i--;
}
}
}
@ -182,6 +184,7 @@ public class OutboundMessageFragments {
_transport.failed(state.getMessage());
if (_log.shouldLog(Log.WARN))
_log.warn("Peer disconnected for " + state);
state.releaseResources();
i--;
} else {
if (!state.isFragmented()) {
@ -210,7 +213,7 @@ public class OutboundMessageFragments {
if (state.getPushCount() != oldVolley) {
_context.statManager().addRateData("udp.sendVolleyTime", state.getLifetime(), state.getFragmentCount());
state.setNextSendTime(now + (1000-(now%1000)) + _context.random().nextInt(2000));
state.setNextSendTime(now + (1000-(now%1000)) + _context.random().nextInt(4000));
} else {
if (peer.getSendWindowBytesRemaining() > 0)
state.setNextSendTime(now);
@ -316,7 +319,9 @@ public class OutboundMessageFragments {
if ( (numSends > 1) && (state.getPeer() != null) )
state.getPeer().congestionOccurred();
_transport.succeeded(state.getMessage());
return state.getFragmentCount();
int numFragments = state.getFragmentCount();
state.releaseResources();
return numFragments;
} else {
if (_log.shouldLog(Log.ERROR))
_log.error("Received an ACK for a message not pending: " + messageId);
@ -360,6 +365,7 @@ public class OutboundMessageFragments {
_context.statManager().addRateData("udp.sendConfirmTime", state.getLifetime(), state.getLifetime());
_context.statManager().addRateData("udp.sendConfirmFragments", state.getFragmentCount(), state.getLifetime());
_transport.succeeded(state.getMessage());
state.releaseResources();
}
}
}

5
router/java/src/net/i2p/router/transport/udp/OutboundMessageState.java
View File

@ -91,6 +91,11 @@ public class OutboundMessageState {
_log.debug("Raw byte array for " + _messageId + ": " + Base64.encode(_messageBuf.getData(), 0, len));
}
public void releaseResources() {
_cache.release(_messageBuf);
_messageBuf = null;
}
public OutNetMessage getMessage() { return _message; }
public long getMessageId() { return _messageId; }
public PeerState getPeer() { return _peer; }

31
router/java/src/net/i2p/router/transport/udp/PacketBuilder.java
View File

@ -77,7 +77,7 @@ public class PacketBuilder {
off += 16 - (off % 16);
packet.getPacket().setLength(off);
authenticate(packet, peer.getCurrentCipherKey(), peer.getCurrentMACKey());
setTo(packet, peer.getRemoteIP(), peer.getRemotePort());
setTo(packet, peer.getRemoteIPAddress(), peer.getRemotePort());
return packet;
}
@ -119,7 +119,7 @@ public class PacketBuilder {
off += 16 - (off % 16);
packet.getPacket().setLength(off);
authenticate(packet, peer.getCurrentCipherKey(), peer.getCurrentMACKey());
setTo(packet, peer.getRemoteIP(), peer.getRemotePort());
setTo(packet, peer.getRemoteIPAddress(), peer.getRemotePort());
return packet;
}
@ -137,8 +137,9 @@ public class PacketBuilder {
*/
public UDPPacket buildSessionCreatedPacket(InboundEstablishState state, int externalPort, SessionKey ourIntroKey) {
UDPPacket packet = UDPPacket.acquire(_context);
InetAddress to = null;
try {
packet.getPacket().setAddress(InetAddress.getByAddress(state.getSentIP()));
to = InetAddress.getByAddress(state.getSentIP());
} catch (UnknownHostException uhe) {
if (_log.shouldLog(Log.ERROR))
_log.error("How did we think this was a valid IP? " + state.getRemoteHostInfo());
@ -209,7 +210,7 @@ public class PacketBuilder {
off += 16 - (off % 16);
packet.getPacket().setLength(off);
authenticate(packet, ourIntroKey, ourIntroKey, iv);
setTo(packet, state.getSentIP(), state.getSentPort());
setTo(packet, to, state.getSentPort());
_ivCache.release(iv);
return packet;
}
@ -228,8 +229,9 @@ public class PacketBuilder {
*/
public UDPPacket buildSessionRequestPacket(OutboundEstablishState state) {
UDPPacket packet = UDPPacket.acquire(_context);
InetAddress to = null;
try {
packet.getPacket().setAddress(InetAddress.getByAddress(state.getSentIP()));
to = InetAddress.getByAddress(state.getSentIP());
} catch (UnknownHostException uhe) {
if (_log.shouldLog(Log.ERROR))
_log.error("How did we think this was a valid IP? " + state.getRemoteHostInfo());
@ -266,7 +268,7 @@ public class PacketBuilder {
off += 16 - (off % 16);
packet.getPacket().setLength(off);
authenticate(packet, state.getIntroKey(), state.getIntroKey());
setTo(packet, state.getSentIP(), state.getSentPort());
setTo(packet, to, state.getSentPort());
return packet;
}
@ -303,8 +305,9 @@ public class PacketBuilder {
*/
public UDPPacket buildSessionConfirmedPacket(OutboundEstablishState state, int fragmentNum, int numFragments, byte identity[]) {
UDPPacket packet = UDPPacket.acquire(_context);
InetAddress to = null;
try {
packet.getPacket().setAddress(InetAddress.getByAddress(state.getSentIP()));
to = InetAddress.getByAddress(state.getSentIP());
} catch (UnknownHostException uhe) {
if (_log.shouldLog(Log.ERROR))
_log.error("How did we think this was a valid IP? " + state.getRemoteHostInfo());
@ -370,19 +373,13 @@ public class PacketBuilder {
authenticate(packet, state.getIntroKey(), state.getIntroKey());
}
setTo(packet, state.getSentIP(), state.getSentPort());
setTo(packet, to, state.getSentPort());
return packet;
}
private void setTo(UDPPacket packet, byte ip[], int port) {
try {
InetAddress to = InetAddress.getByAddress(ip);
packet.getPacket().setAddress(to);
packet.getPacket().setPort(port);
} catch (UnknownHostException uhe) {
if (_log.shouldLog(Log.ERROR))
_log.error("Invalid IP? ", uhe);
}
private void setTo(UDPPacket packet, InetAddress ip, int port) {
packet.getPacket().setAddress(ip);
packet.getPacket().setPort(port);
}
/**

2
router/java/src/net/i2p/router/transport/udp/PacketHandler.java
View File

@ -29,7 +29,7 @@ public class PacketHandler {
private InboundMessageFragments _inbound;
private boolean _keepReading;
private static final int NUM_HANDLERS = 4;
private static final int NUM_HANDLERS = 1;
public PacketHandler(RouterContext ctx, UDPTransport transport, UDPEndpoint endpoint, EstablishmentManager establisher, InboundMessageFragments inbound) {
_context = ctx;

17
router/java/src/net/i2p/router/transport/udp/PeerState.java
View File

@ -4,6 +4,7 @@ import java.util.ArrayList;
import java.util.List;
import java.net.InetAddress;
import java.net.UnknownHostException;
import net.i2p.I2PAppContext;
import net.i2p.data.Hash;
@ -89,6 +90,8 @@ public class PeerState {
private int _slowStartThreshold;
/** what IP is the peer sending and receiving packets on? */
private byte[] _remoteIP;
/** cached IP address */
private transient InetAddress _remoteIPAddress;
/** what port is the peer sending and receiving packets on? */
private int _remotePort;
/** cached remoteIP + port, used to find the peerState by remote info */
@ -214,6 +217,17 @@ public class PeerState {
public int getSendWindowBytesRemaining() { return _sendWindowBytesRemaining; }
/** what IP is the peer sending and receiving packets on? */
public byte[] getRemoteIP() { return _remoteIP; }
public InetAddress getRemoteIPAddress() {
if (_remoteIPAddress == null) {
try {
_remoteIPAddress = InetAddress.getByAddress(_remoteIP);
} catch (UnknownHostException uhe) {
if (_log.shouldLog(Log.ERROR))
_log.error("Invalid IP? ", uhe);
}
}
return _remoteIPAddress;
}
/** what port is the peer sending and receiving packets on? */
public int getRemotePort() { return _remotePort; }
/** if we need to contact them, do we need to talk to an introducer? */
@ -325,6 +339,7 @@ public class PeerState {
/** what IP+port is the peer sending and receiving packets on? */
public void setRemoteAddress(byte ip[], int port) {
_remoteIP = ip;
_remoteIPAddress = null;
_remotePort = port;
_remoteHostString = calculateRemoteHostString(ip, port);
}
@ -391,7 +406,7 @@ public class PeerState {
if (_sendWindowBytes <= _slowStartThreshold) {
_sendWindowBytes += bytesACKed;
} else {
double prob = bytesACKed / _sendWindowBytes;
double prob = ((double)bytesACKed) / ((double)_sendWindowBytes);
if (_context.random().nextDouble() <= prob)
_sendWindowBytes += bytesACKed;
}

6
router/java/src/net/i2p/router/transport/udp/UDPFlooder.java
View File

@ -19,12 +19,14 @@ class UDPFlooder implements Runnable {
private UDPTransport _transport;
private List _peers;
private boolean _alive;
private static final byte _floodData[] = new byte[4096];
public UDPFlooder(RouterContext ctx, UDPTransport transport) {
_context = ctx;
_log = ctx.logManager().getLog(UDPFlooder.class);
_transport = transport;
_peers = new ArrayList(4);
ctx.random().nextBytes(_floodData);
}
public void addPeer(PeerState peer) {
@ -61,8 +63,8 @@ class UDPFlooder implements Runnable {
for (int i = 0; i < _peers.size(); i++) {
PeerState peer = (PeerState)_peers.get(i);
DataMessage m = new DataMessage(_context);
byte data[] = new byte[4096];
_context.random().nextBytes(data);
byte data[] = _floodData; // new byte[4096];
//_context.random().nextBytes(data);
m.setData(data);
m.setMessageExpiration(_context.clock().now() + 10*1000);
m.setUniqueId(_context.random().nextLong(I2NPMessage.MAX_ID_VALUE));

15
router/java/src/net/i2p/router/transport/udp/UDPPacket.java
View File

@ -8,6 +8,7 @@ import java.util.ArrayList;
import java.util.List;
import net.i2p.I2PAppContext;
import net.i2p.crypto.HMACSHA256Generator;
import net.i2p.data.Base64;
import net.i2p.data.ByteArray;
import net.i2p.data.DataHelper;
@ -29,6 +30,7 @@ public class UDPPacket {
private long _initializeTime;
private long _expiration;
private byte[] _data;
private ByteArray _dataBuf;
private static final List _packetCache;
static {
@ -61,11 +63,13 @@ public class UDPPacket {
private static final int MAX_VALIDATE_SIZE = MAX_PACKET_SIZE;
private static final ByteCache _validateCache = ByteCache.getInstance(16, MAX_VALIDATE_SIZE);
private static final ByteCache _ivCache = ByteCache.getInstance(16, IV_SIZE);
private static final ByteCache _dataCache = ByteCache.getInstance(64, MAX_PACKET_SIZE);
private UDPPacket(I2PAppContext ctx) {
_context = ctx;
_log = ctx.logManager().getLog(UDPPacket.class);
_data = new byte[MAX_PACKET_SIZE];
_dataBuf = _dataCache.acquire();
_data = _dataBuf.getData();
_packet = new DatagramPacket(_data, MAX_PACKET_SIZE);
_initializeTime = _context.clock().now();
}
@ -113,7 +117,7 @@ public class UDPPacket {
DataHelper.toLong(buf.getData(), off, 2, payloadLength);
off += 2;
Hash calculated = _context.hmac().calculate(macKey, buf.getData(), 0, off);
Hash hmac = _context.hmac().calculate(macKey, buf.getData(), 0, off);
if (_log.shouldLog(Log.DEBUG)) {
StringBuffer str = new StringBuffer(128);
@ -123,12 +127,12 @@ public class UDPPacket {
str.append("\nIV2: ").append(Base64.encode(_data, MAC_SIZE, IV_SIZE));
str.append("\nlen: ").append(DataHelper.fromLong(buf.getData(), payloadLength + IV_SIZE, 2));
str.append("\nMAC key: ").append(macKey.toBase64());
str.append("\ncalc HMAC: ").append(calculated.toBase64());
str.append("\ncalc HMAC: ").append(Base64.encode(hmac.getData()));
str.append("\nread HMAC: ").append(Base64.encode(_data, _packet.getOffset(), MAC_SIZE));
str.append("\nraw: ").append(Base64.encode(_data, _packet.getOffset(), _packet.getLength()));
_log.debug(str.toString());
}
eq = DataHelper.eq(calculated.getData(), 0, _data, _packet.getOffset(), MAC_SIZE);
eq = DataHelper.eq(hmac.getData(), 0, _data, _packet.getOffset(), MAC_SIZE);
} else {
if (_log.shouldLog(Log.WARN))
_log.warn("Payload length is " + payloadLength);
@ -177,6 +181,7 @@ public class UDPPacket {
}
public void release() {
_dataCache.release(_dataBuf);
if (!CACHE) return;
synchronized (_packetCache) {
_packet.setLength(0);

2
router/java/src/net/i2p/router/transport/udp/UDPSender.java
View File

@ -139,7 +139,7 @@ public class UDPSender {
}
// back to the cache
//packet.release();
packet.release();
}
}
}

5
router/java/src/net/i2p/router/tunnel/FragmentHandler.java
View File

@ -5,7 +5,6 @@ import java.util.HashMap;
import java.util.Map;
import net.i2p.I2PAppContext;
import net.i2p.crypto.SHA256EntryCache;
import net.i2p.data.Base64;
import net.i2p.data.ByteArray;
import net.i2p.data.DataHelper;
@ -138,8 +137,7 @@ public class FragmentHandler {
if (_log.shouldLog(Log.DEBUG))
_log.debug("endpoint IV: " + Base64.encode(preV, validLength - HopProcessor.IV_LENGTH, HopProcessor.IV_LENGTH));
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(TrivialPreprocessor.PREPROCESSED_SIZE);
Hash v = _context.sha().calculateHash(preV, 0, validLength, cache);
Hash v = _context.sha().calculateHash(preV, 0, validLength);
//Hash v = _context.sha().calculateHash(preV, 0, validLength);
boolean eq = DataHelper.eq(v.getData(), 0, preprocessed, offset + HopProcessor.IV_LENGTH, 4);
@ -152,7 +150,6 @@ public class FragmentHandler {
+ Base64.encode(preprocessed, offset, length));
}
_context.sha().cache().release(cache);
_validateCache.release(ba);
if (eq) {

6
router/java/src/net/i2p/router/tunnel/TrivialPreprocessor.java
View File

@ -4,7 +4,6 @@ import java.util.ArrayList;
import java.util.List;
import net.i2p.I2PAppContext;
import net.i2p.crypto.SHA256EntryCache;
import net.i2p.data.Base64;
import net.i2p.data.ByteArray;
import net.i2p.data.DataHelper;
@ -103,11 +102,9 @@ public class TrivialPreprocessor implements TunnelGateway.QueuePreprocessor {
byte iv[] = ivBuf.getData(); // new byte[IV_SIZE];
_context.random().nextBytes(iv);
SHA256EntryCache.CacheEntry cache = _context.sha().cache().acquire(PREPROCESSED_SIZE);
// payload ready, now H(instructions+payload+IV)
System.arraycopy(iv, 0, fragments, fragmentLength, IV_SIZE);
Hash h = _context.sha().calculateHash(fragments, 0, fragmentLength + IV_SIZE, cache);
Hash h = _context.sha().calculateHash(fragments, 0, fragmentLength + IV_SIZE);
//Hash h = _context.sha().calculateHash(target, 0, offset + IV_SIZE);
//_log.debug("before shift: " + Base64.encode(target));
// now shiiiiiift
@ -128,7 +125,6 @@ public class TrivialPreprocessor implements TunnelGateway.QueuePreprocessor {
offset += 4;
//_log.debug("before pad : " + Base64.encode(target));
_context.sha().cache().release(cache);
_ivCache.release(ivBuf);
// fits in a single message, so may be smaller than the full size