forked from I2P_Developers/i2p.i2p
dont return next IV to cache
This commit is contained in:
@@ -640,9 +640,8 @@ class EstablishState {
|
|||||||
prepareExtra(src);
|
prepareExtra(src);
|
||||||
byte nextWriteIV[] = _curEncrypted; // reuse buf
|
byte nextWriteIV[] = _curEncrypted; // reuse buf
|
||||||
System.arraycopy(_prevEncrypted, _prevEncrypted.length-AES_SIZE, nextWriteIV, 0, AES_SIZE);
|
System.arraycopy(_prevEncrypted, _prevEncrypted.length-AES_SIZE, nextWriteIV, 0, AES_SIZE);
|
||||||
byte nextReadIV[] = _curDecrypted; // reuse buf
|
// this does not copy the nextWriteIV, do not release to cache
|
||||||
System.arraycopy(_e_bobSig, _e_bobSig.length-AES_SIZE, nextReadIV, 0, nextReadIV.length);
|
_con.finishOutboundEstablishment(_dh.getSessionKey(), (_tsA-_tsB), nextWriteIV, _e_bobSig); // skew in seconds
|
||||||
_con.finishOutboundEstablishment(_dh.getSessionKey(), (_tsA-_tsB), nextWriteIV, nextReadIV); // skew in seconds
|
|
||||||
releaseBufs();
|
releaseBufs();
|
||||||
// if socket gets closed this will be null - prevent NPE
|
// if socket gets closed this will be null - prevent NPE
|
||||||
InetAddress ia = _con.getChannel().socket().getInetAddress();
|
InetAddress ia = _con.getChannel().socket().getInetAddress();
|
||||||
@@ -821,8 +820,9 @@ class EstablishState {
|
|||||||
_con.setRemotePeer(_aliceIdent);
|
_con.setRemotePeer(_aliceIdent);
|
||||||
if (_log.shouldLog(Log.DEBUG))
|
if (_log.shouldLog(Log.DEBUG))
|
||||||
_log.debug(prefix()+"e_bobSig is " + _e_bobSig.length + " bytes long");
|
_log.debug(prefix()+"e_bobSig is " + _e_bobSig.length + " bytes long");
|
||||||
byte iv[] = _curDecrypted; // reuse buf
|
byte iv[] = _curEncrypted; // reuse buf
|
||||||
System.arraycopy(_e_bobSig, _e_bobSig.length-AES_SIZE, iv, 0, AES_SIZE);
|
System.arraycopy(_e_bobSig, _e_bobSig.length-AES_SIZE, iv, 0, AES_SIZE);
|
||||||
|
// this does not copy the IV, do not release to cache
|
||||||
_con.finishInboundEstablishment(_dh.getSessionKey(), (tsA-_tsB), iv, _prevEncrypted); // skew in seconds
|
_con.finishInboundEstablishment(_dh.getSessionKey(), (tsA-_tsB), iv, _prevEncrypted); // skew in seconds
|
||||||
releaseBufs();
|
releaseBufs();
|
||||||
if (_log.shouldLog(Log.INFO))
|
if (_log.shouldLog(Log.INFO))
|
||||||
@@ -936,7 +936,10 @@ class EstablishState {
|
|||||||
// null or longer for OB
|
// null or longer for OB
|
||||||
if (_prevEncrypted != null && _prevEncrypted.length == AES_SIZE)
|
if (_prevEncrypted != null && _prevEncrypted.length == AES_SIZE)
|
||||||
SimpleByteCache.release(_prevEncrypted);
|
SimpleByteCache.release(_prevEncrypted);
|
||||||
SimpleByteCache.release(_curEncrypted);
|
// Do not release _curEncrypted if verified, it is passed to
|
||||||
|
// NTCPConnection to use as the IV
|
||||||
|
if (_state != State.VERIFIED)
|
||||||
|
SimpleByteCache.release(_curEncrypted);
|
||||||
SimpleByteCache.release(_curDecrypted);
|
SimpleByteCache.release(_curDecrypted);
|
||||||
SimpleByteCache.release(_hX_xor_bobIdentHash);
|
SimpleByteCache.release(_hX_xor_bobIdentHash);
|
||||||
if (_dh.getPeerPublicValue() == null)
|
if (_dh.getPeerPublicValue() == null)
|
||||||
|
|||||||
@@ -266,6 +266,8 @@ class NTCPConnection {
|
|||||||
/**
|
/**
|
||||||
* @param clockSkew alice's clock minus bob's clock in seconds (may be negative, obviously, but |val| should
|
* @param clockSkew alice's clock minus bob's clock in seconds (may be negative, obviously, but |val| should
|
||||||
* be under 1 minute)
|
* be under 1 minute)
|
||||||
|
* @param prevWriteEnd exactly 16 bytes, not copied, do not corrupt
|
||||||
|
* @param prevReadEnd 16 or more bytes, last 16 bytes copied
|
||||||
*/
|
*/
|
||||||
public void finishInboundEstablishment(SessionKey key, long clockSkew, byte prevWriteEnd[], byte prevReadEnd[]) {
|
public void finishInboundEstablishment(SessionKey key, long clockSkew, byte prevWriteEnd[], byte prevReadEnd[]) {
|
||||||
NTCPConnection toClose = locked_finishInboundEstablishment(key, clockSkew, prevWriteEnd, prevReadEnd);
|
NTCPConnection toClose = locked_finishInboundEstablishment(key, clockSkew, prevWriteEnd, prevReadEnd);
|
||||||
@@ -278,6 +280,12 @@ class NTCPConnection {
|
|||||||
enqueueInfoMessage();
|
enqueueInfoMessage();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param clockSkew alice's clock minus bob's clock in seconds (may be negative, obviously, but |val| should
|
||||||
|
* be under 1 minute)
|
||||||
|
* @param prevWriteEnd exactly 16 bytes, not copied, do not corrupt
|
||||||
|
* @param prevReadEnd 16 or more bytes, last 16 bytes copied
|
||||||
|
*/
|
||||||
private synchronized NTCPConnection locked_finishInboundEstablishment(
|
private synchronized NTCPConnection locked_finishInboundEstablishment(
|
||||||
SessionKey key, long clockSkew, byte prevWriteEnd[], byte prevReadEnd[]) {
|
SessionKey key, long clockSkew, byte prevWriteEnd[], byte prevReadEnd[]) {
|
||||||
_sessionKey = key;
|
_sessionKey = key;
|
||||||
@@ -582,6 +590,8 @@ class NTCPConnection {
|
|||||||
/**
|
/**
|
||||||
* @param clockSkew alice's clock minus bob's clock in seconds (may be negative, obviously, but |val| should
|
* @param clockSkew alice's clock minus bob's clock in seconds (may be negative, obviously, but |val| should
|
||||||
* be under 1 minute)
|
* be under 1 minute)
|
||||||
|
* @param prevWriteEnd exactly 16 bytes, not copied, do not corrupt
|
||||||
|
* @param prevReadEnd 16 or more bytes, last 16 bytes copied
|
||||||
*/
|
*/
|
||||||
public synchronized void finishOutboundEstablishment(SessionKey key, long clockSkew, byte prevWriteEnd[], byte prevReadEnd[]) {
|
public synchronized void finishOutboundEstablishment(SessionKey key, long clockSkew, byte prevWriteEnd[], byte prevReadEnd[]) {
|
||||||
if (_log.shouldLog(Log.DEBUG))
|
if (_log.shouldLog(Log.DEBUG))
|
||||||
|
|||||||
Reference in New Issue
Block a user