I2P_Developers/i2p.itoopie
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

add some whitening to the IV as it goes down the path

Browse Source
This commit is contained in:
jrandom
2005-01-14 22:43:43 +00:00
committed by zzz
parent 34a2bc8590
commit ffdcae47e3
3 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
router/doc/tunnel.html
View File

@ -1,4 +1,4 @@
<code>$Id: tunnel.html,v 1.3 2005/01/12 14:22:40 jrandom Exp $</code> <code>$Id: tunnel.html,v 1.4 2005/01/12 19:57:36 jrandom Exp $</code>
<pre> <pre>
1) <a href="#tunnel.overview">Tunnel overview</a> 1) <a href="#tunnel.overview">Tunnel overview</a>
2) <a href="#tunnel.operation">Tunnel operation</a> 2) <a href="#tunnel.operation">Tunnel operation</a>
@ -248,9 +248,9 @@ for certain whether any of the checksum blocks have been tagged, as that would
corrupt the verification block (V[7]).</p> corrupt the verification block (V[7]).</p>
<p>The IV[0] is a random 16 byte value, and IV[i] is the first 16 bytes of <p>The IV[0] is a random 16 byte value, and IV[i] is the first 16 bytes of
H(D(IV[i-1], K[i-1])). We don't use the same IV along the path, as that would H(D(IV[i-1], K[i-1]) xor IV_WHITENER). We don't use the same IV along the path, as that would
allow trivial collusion, and we use the hash of the decrypted value to propogate allow trivial collusion, and we use the hash of the decrypted value to propogate
the IV so as to hamper key leakage.</p> the IV so as to hamper key leakage. IV_WHITENER is a fixed 16 byte value.</p>
<p>When the gateway wants to send the message, they export the right row for the <p>When the gateway wants to send the message, they export the right row for the
peer who is the first hop (usually the peer1.recv row) and forward that entirely.</p> peer who is the first hop (usually the peer1.recv row) and forward that entirely.</p>

7
router/java/src/net/i2p/router/tunnel/GatewayMessage.java
View File

@ -54,6 +54,12 @@ public class GatewayMessage {
private static final int COLUMNS = HOPS; private static final int COLUMNS = HOPS;
private static final int HASH_ROWS = HOPS; private static final int HASH_ROWS = HOPS;
/** used to munge the IV during per-hop translations */
static final byte IV_WHITENER[] = new byte[] { (byte)0x31, (byte)0xd6, (byte)0x74, (byte)0x17,
(byte)0xa0, (byte)0xb6, (byte)0x28, (byte)0xed,
(byte)0xdf, (byte)0xee, (byte)0x5b, (byte)0x86,
(byte)0x74, (byte)0x61, (byte)0x50, (byte)0x7d };
public GatewayMessage(I2PAppContext ctx) { public GatewayMessage(I2PAppContext ctx) {
_context = ctx; _context = ctx;
_log = ctx.logManager().getLog(GatewayMessage.class); _log = ctx.logManager().getLog(GatewayMessage.class);
@ -135,6 +141,7 @@ public class GatewayMessage {
// decrypt, since we're simulating what the participants do // decrypt, since we're simulating what the participants do
_context.aes().decryptBlock(_iv[i-1], 0, key, _iv[i], 0); _context.aes().decryptBlock(_iv[i-1], 0, key, _iv[i], 0);
DataHelper.xor(_iv[i], 0, IV_WHITENER, 0, _iv[i], 0, IV_SIZE);
Hash h = _context.sha().calculateHash(_iv[i]); Hash h = _context.sha().calculateHash(_iv[i]);
System.arraycopy(h.getData(), 0, _iv[i], 0, IV_SIZE); System.arraycopy(h.getData(), 0, _iv[i], 0, IV_SIZE);
} }

2
router/java/src/net/i2p/router/tunnel/TunnelMessageProcessor.java
View File

@ -87,7 +87,9 @@ public class TunnelMessageProcessor {
} }
// update the IV for the next layer // update the IV for the next layer
ctx.aes().decryptBlock(data, 0, layerKey, data, 0); ctx.aes().decryptBlock(data, 0, layerKey, data, 0);
DataHelper.xor(data, 0, GatewayMessage.IV_WHITENER, 0, data, 0, IV_SIZE);
Hash h = ctx.sha().calculateHash(data, 0, IV_SIZE); Hash h = ctx.sha().calculateHash(data, 0, IV_SIZE);
System.arraycopy(h.getData(), 0, data, 0, IV_SIZE); System.arraycopy(h.getData(), 0, data, 0, IV_SIZE);