From b93be8bb4a3b1a2eb74ecbbf688fc4b7234d3da8 Mon Sep 17 00:00:00 2001 From: zzz Date: Sun, 25 Nov 2018 15:23:17 +0000 Subject: [PATCH] Crypto: Define ElG length constants --- .../src/net/i2p/crypto/ElGamalEngine.java | 27 ++++++++++--------- .../i2p/router/crypto/ElGamalAESEngine.java | 23 +++++++++------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/core/java/src/net/i2p/crypto/ElGamalEngine.java b/core/java/src/net/i2p/crypto/ElGamalEngine.java index 5bbf92751..67dadf0f8 100644 --- a/core/java/src/net/i2p/crypto/ElGamalEngine.java +++ b/core/java/src/net/i2p/crypto/ElGamalEngine.java @@ -58,6 +58,9 @@ public final class ElGamalEngine { private final YKGenerator _ykgen; private static final BigInteger ELGPM1 = CryptoConstants.elgp.subtract(BigInteger.ONE); + private static final int ELG_CLEARTEXT_LENGTH = 222; + private static final int ELG_ENCRYPTED_LENGTH = 514; + private static final int ELG_HALF_LENGTH = ELG_ENCRYPTED_LENGTH / 2; /** @@ -113,8 +116,8 @@ public final class ElGamalEngine { * the cleartext to 222 bytes with random data. */ public byte[] encrypt(byte data[], PublicKey publicKey) { - if ((data == null) || (data.length >= 223)) - throw new IllegalArgumentException("Data to encrypt must be < 223 bytes at the moment"); + if ((data == null) || (data.length > ELG_CLEARTEXT_LENGTH)) + throw new IllegalArgumentException("Data to encrypt must be <= 222 bytes"); if (publicKey == null) throw new IllegalArgumentException("Null public key specified"); long start = _context.clock().now(); @@ -149,11 +152,11 @@ public final class ElGamalEngine { byte[] ybytes = y.toByteArray(); byte[] dbytes = d.toByteArray(); - byte[] out = new byte[514]; - System.arraycopy(ybytes, 0, out, (ybytes.length < 257 ? 257 - ybytes.length : 0), - (ybytes.length > 257 ? 257 : ybytes.length)); - System.arraycopy(dbytes, 0, out, (dbytes.length < 257 ? 514 - dbytes.length : 257), - (dbytes.length > 257 ? 257 : dbytes.length)); + byte[] out = new byte[ELG_ENCRYPTED_LENGTH]; + System.arraycopy(ybytes, 0, out, (ybytes.length < ELG_HALF_LENGTH ? ELG_HALF_LENGTH - ybytes.length : 0), + (ybytes.length > ELG_HALF_LENGTH ? ELG_HALF_LENGTH : ybytes.length)); + System.arraycopy(dbytes, 0, out, (dbytes.length < ELG_HALF_LENGTH ? ELG_ENCRYPTED_LENGTH - dbytes.length : ELG_HALF_LENGTH), + (dbytes.length > ELG_HALF_LENGTH ? ELG_HALF_LENGTH : dbytes.length)); /* StringBuilder buf = new StringBuilder(1024); buf.append("Timing\n"); @@ -190,18 +193,18 @@ public final class ElGamalEngine { * @return unencrypted data or null on failure */ public byte[] decrypt(byte encrypted[], PrivateKey privateKey) { - if ((encrypted == null) || (encrypted.length != 514)) - throw new IllegalArgumentException("Data to decrypt must be exactly 514 bytes"); + if ((encrypted == null) || (encrypted.length != ELG_ENCRYPTED_LENGTH)) + throw new IllegalArgumentException("Data to decrypt must be exactly ELG_ENCRYPTED_LENGTH bytes"); long start = _context.clock().now(); BigInteger a = new NativeBigInteger(1, privateKey.getData()); BigInteger y1p = ELGPM1.subtract(a); // we use this buf first for Y, then for D, then for the hash - byte[] buf = SimpleByteCache.acquire(257); - System.arraycopy(encrypted, 0, buf, 0, 257); + byte[] buf = SimpleByteCache.acquire(ELG_HALF_LENGTH); + System.arraycopy(encrypted, 0, buf, 0, ELG_HALF_LENGTH); NativeBigInteger y = new NativeBigInteger(1, buf); BigInteger ya = y.modPowCT(y1p, CryptoConstants.elgp); - System.arraycopy(encrypted, 257, buf, 0, 257); + System.arraycopy(encrypted, ELG_HALF_LENGTH, buf, 0, ELG_HALF_LENGTH); BigInteger d = new NativeBigInteger(1, buf); BigInteger m = ya.multiply(d); m = m.mod(CryptoConstants.elgp); diff --git a/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java b/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java index 8e4ac8d7f..067ac3de8 100644 --- a/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java +++ b/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java @@ -42,6 +42,8 @@ public final class ElGamalAESEngine { private final I2PAppContext _context; /** enforced since release 0.6 */ public static final int MAX_TAGS_RECEIVED = 200; + private static final int ELG_CLEARTEXT_LENGTH = 222; + private static final int ELG_ENCRYPTED_LENGTH = 514; public ElGamalAESEngine(I2PAppContext ctx) { _context = ctx; @@ -178,15 +180,15 @@ public final class ElGamalAESEngine { if (data == null) { //if (_log.shouldLog(Log.WARN)) _log.warn("Data is null, unable to decrypt new session"); return null; - } else if (data.length < 514) { + } else if (data.length < ELG_ENCRYPTED_LENGTH) { //if (_log.shouldLog(Log.WARN)) _log.warn("Data length is too small (" + data.length + ")"); return null; } - byte elgEncr[] = new byte[514]; - if (data.length > 514) { - System.arraycopy(data, 0, elgEncr, 0, 514); + byte elgEncr[] = new byte[ELG_ENCRYPTED_LENGTH]; + if (data.length > ELG_ENCRYPTED_LENGTH) { + System.arraycopy(data, 0, elgEncr, 0, ELG_ENCRYPTED_LENGTH); } else { - System.arraycopy(data, 0, elgEncr, 514 - data.length, data.length); + System.arraycopy(data, 0, elgEncr, ELG_ENCRYPTED_LENGTH - data.length, data.length); } byte elgDecr[] = _context.elGamalEngine().decrypt(elgEncr, targetPrivateKey); if (elgDecr == null) { @@ -217,7 +219,8 @@ public final class ElGamalAESEngine { // feed the extra bytes into the PRNG _context.random().harvester().feedEntropy("ElG/AES", elgDecr, offset, elgDecr.length - offset); - byte aesDecr[] = decryptAESBlock(data, 514, data.length-514, usedKey, iv, null, foundTags, foundKey); + byte aesDecr[] = decryptAESBlock(data, ELG_ENCRYPTED_LENGTH, data.length - ELG_ENCRYPTED_LENGTH, + usedKey, iv, null, foundTags, foundKey); SimpleByteCache.release(iv); //if (_log.shouldLog(Log.DEBUG)) @@ -508,10 +511,10 @@ public final class ElGamalAESEngine { private byte[] encryptNewSession(byte data[], PublicKey target, SessionKey key, Set tagsForDelivery, SessionKey newKey, long paddedSize) { //_log.debug("Encrypting to a NEW session"); - byte elgSrcData[] = new byte[SessionKey.KEYSIZE_BYTES+32+158]; + byte elgSrcData[] = new byte[ELG_CLEARTEXT_LENGTH]; System.arraycopy(key.getData(), 0, elgSrcData, 0, SessionKey.KEYSIZE_BYTES); // get both the preIV and the padding at once, then copy to the preIV array - _context.random().nextBytes(elgSrcData, SessionKey.KEYSIZE_BYTES, 32 + 158); + _context.random().nextBytes(elgSrcData, SessionKey.KEYSIZE_BYTES, ELG_CLEARTEXT_LENGTH - SessionKey.KEYSIZE_BYTES); byte preIV[] = SimpleByteCache.acquire(32); System.arraycopy(elgSrcData, SessionKey.KEYSIZE_BYTES, preIV, 0, 32); @@ -523,9 +526,9 @@ public final class ElGamalAESEngine { long after = _context.clock().now(); _log.info("elgEngine.encrypt of the session key took " + (after - before) + "ms"); } - if (elgEncr.length < 514) { + if (elgEncr.length < ELG_ENCRYPTED_LENGTH) { // ??? ElGamalEngine.encrypt() always returns 514 bytes - byte elg[] = new byte[514]; + byte elg[] = new byte[ELG_ENCRYPTED_LENGTH]; int diff = elg.length - elgEncr.length; //if (_log.shouldLog(Log.DEBUG)) _log.debug("Difference in size: " + diff); System.arraycopy(elgEncr, 0, elg, diff, elgEncr.length);