From e1c68d22a30a61abf976f7fb8e78ff65e3eb4650 Mon Sep 17 00:00:00 2001 From: zzz Date: Thu, 6 Jun 2013 15:24:01 +0000 Subject: [PATCH] - Correct errors in the specification of the BuildResponseRecord. The first 32 bytes are not random; they are the hash of the following 496 bytes. - Don't waste entropy on bytes we are going to overwrite in the BRR --- router/java/src/net/i2p/data/i2np/BuildResponseRecord.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/router/java/src/net/i2p/data/i2np/BuildResponseRecord.java b/router/java/src/net/i2p/data/i2np/BuildResponseRecord.java index ddd037bcf9..5b2ee944ae 100644 --- a/router/java/src/net/i2p/data/i2np/BuildResponseRecord.java +++ b/router/java/src/net/i2p/data/i2np/BuildResponseRecord.java @@ -10,7 +10,8 @@ import net.i2p.data.SessionKey; * Read and write the reply to a tunnel build message record. * * The reply record is the same size as the request record (528 bytes). - * Bytes 0-526 contain random data. + * Bytes 0-31 contain the hash of bytes 32-527 + * Bytes 32-526 contain random data. * Byte 527 contains the reply. */ public class BuildResponseRecord { @@ -18,14 +19,14 @@ public class BuildResponseRecord { /** * Create a new encrypted response * - * @param status the response + * @param status the response 0-255 * @param responseMessageId unused except for debugging * @return a 528-byte response record */ public static byte[] create(I2PAppContext ctx, int status, SessionKey replyKey, byte replyIV[], long responseMessageId) { //Log log = ctx.logManager().getLog(BuildResponseRecord.class); byte rv[] = new byte[TunnelBuildReplyMessage.RECORD_SIZE]; - ctx.random().nextBytes(rv); + ctx.random().nextBytes(rv, Hash.HASH_LENGTH, TunnelBuildReplyMessage.RECORD_SIZE - Hash.HASH_LENGTH - 1); DataHelper.toLong(rv, TunnelBuildMessage.RECORD_SIZE-1, 1, status); // rv = AES(SHA256(padding+status) + padding + status, replyKey, replyIV) ctx.sha().calculateHash(rv, Hash.HASH_LENGTH, rv.length - Hash.HASH_LENGTH, rv, 0);