- Correct errors in the specification of the BuildResponseRecord.

The first 32 bytes are not random; they are the hash of the following 496 bytes.
- Don't waste entropy on bytes we are going to overwrite in the BRR

router/java/src/net/i2p/data/i2np/BuildResponseRecord.java

@@ -10,7 +10,8 @@ import net.i2p.data.SessionKey;
  * Read and write the reply to a tunnel build message record.
  *
  * The reply record is the same size as the request record (528 bytes).
- * Bytes 0-526 contain random data.
+ * Bytes 0-31 contain the hash of bytes 32-527
+ * Bytes 32-526 contain random data.
  * Byte 527 contains the reply.
  */
 public class BuildResponseRecord {
@@ -18,14 +19,14 @@ public class BuildResponseRecord {
     /**
      * Create a new encrypted response
      *
-     * @param status the response
+     * @param status the response 0-255
      * @param responseMessageId unused except for debugging
      * @return a 528-byte response record
      */
     public static byte[] create(I2PAppContext ctx, int status, SessionKey replyKey, byte replyIV[], long responseMessageId) {
         //Log log = ctx.logManager().getLog(BuildResponseRecord.class);
         byte rv[] = new byte[TunnelBuildReplyMessage.RECORD_SIZE];
-        ctx.random().nextBytes(rv);
+        ctx.random().nextBytes(rv, Hash.HASH_LENGTH, TunnelBuildReplyMessage.RECORD_SIZE - Hash.HASH_LENGTH - 1);
         DataHelper.toLong(rv, TunnelBuildMessage.RECORD_SIZE-1, 1, status);
         // rv = AES(SHA256(padding+status) + padding + status, replyKey, replyIV)
         ctx.sha().calculateHash(rv, Hash.HASH_LENGTH, rv.length - Hash.HASH_LENGTH, rv, 0);