Examples of PCFBMode

• freenet.crypt.PCFBMode
  treamsec.com/pcfb1.pdf NOTE: This is identical to CFB if block size = key size. As of Freenet 0.7, we use it with block size = key size. Which is not recommended, but is as safe as CFB. We will get rid of this eventually, and move to 128-bit block size (i.e. standard AES) with a more standard mode (e.g. CTR or CBC). @author Scott

Examples of freenet.crypt.PCFBMode

      Logger.normal(this, "We got a replayed message4 (first handled at "+TimeUtil.formatTime(t1-Fields.bytesToLong(message4Timestamp))+") from - "+pn);
      return true;
    }

    // Get the IV
    final PCFBMode pk = PCFBMode.create(c, decypheredPayload, decypheredPayloadOffset);
    decypheredPayloadOffset += ivLength;
    // Decrypt the payload
    pk.blockDecipher(decypheredPayload, decypheredPayloadOffset, decypheredPayload.length - decypheredPayloadOffset);
    /*
     * DecipheredData Format:
     * Signature-r,s
     * bootID, znoderef
     */

Examples of freenet.crypt.PCFBMode

    c.initialize(pn.jfkKe);
    int ivLength = PCFBMode.lengthIV(c);
    byte[] iv = new byte[ivLength];
    node.random.nextBytes(iv);
    PCFBMode pcfb = PCFBMode.create(c, iv);
    int cleartextOffset = 0;
    byte[] cleartext = new byte[JFK_PREFIX_INITIATOR.length + ivLength + sig.length + data.length];
    System.arraycopy(JFK_PREFIX_INITIATOR, 0, cleartext, cleartextOffset, JFK_PREFIX_INITIATOR.length);
    cleartextOffset += JFK_PREFIX_INITIATOR.length;
    System.arraycopy(iv, 0, cleartext, cleartextOffset, ivLength);
    cleartextOffset += ivLength;
    System.arraycopy(sig, 0, cleartext, cleartextOffset, sig.length);
    cleartextOffset += sig.length;
    System.arraycopy(data, 0, cleartext, cleartextOffset, data.length);
    cleartextOffset += data.length;

    int cleartextToEncypherOffset = JFK_PREFIX_INITIATOR.length + ivLength;
    pcfb.blockEncipher(cleartext, cleartextToEncypherOffset, cleartext.length-cleartextToEncypherOffset);

    // We compute the HMAC of (prefix + cyphertext) Includes the IV!
    byte[] hmac = HMAC.macWithSHA256(pn.jfkKa, cleartext, HASH_LENGTH);

    // copy stuffs back to the message

Examples of freenet.crypt.PCFBMode

    byte[] sig = (negType < 9 ? crypto.sign(SHA256.digest(params)) : crypto.ecdsaSign(params));

    int ivLength = PCFBMode.lengthIV(c);
    byte[] iv=new byte[ivLength];
    node.random.nextBytes(iv);
    PCFBMode pk=PCFBMode.create(c, iv);
    // Don't include the last bit
    int dataLength = data.length - hisRef.length;
    byte[] cyphertext = new byte[JFK_PREFIX_RESPONDER.length + ivLength + sig.length + dataLength];
    int cleartextOffset = 0;
    System.arraycopy(JFK_PREFIX_RESPONDER, 0, cyphertext, cleartextOffset, JFK_PREFIX_RESPONDER.length);
    cleartextOffset += JFK_PREFIX_RESPONDER.length;
    System.arraycopy(iv, 0, cyphertext, cleartextOffset, ivLength);
    cleartextOffset += ivLength;
    System.arraycopy(sig, 0, cyphertext, cleartextOffset, sig.length);
    cleartextOffset += sig.length;
    System.arraycopy(data, 0, cyphertext, cleartextOffset, dataLength);
    cleartextOffset += dataLength;
    // Now encrypt the cleartext[Signature]
    int cleartextToEncypherOffset = JFK_PREFIX_RESPONDER.length + ivLength;
    pk.blockEncipher(cyphertext, cleartextToEncypherOffset, cyphertext.length - cleartextToEncypherOffset);

    // We compute the HMAC of (prefix + iv + signature)
    byte[] hmac = HMAC.macWithSHA256(Ka, cyphertext, HASH_LENGTH);

    // Message4 = hmac + IV + encryptedSignature

Examples of freenet.crypt.PCFBMode

      // Tell the devs, this shouldn't happen.
      Logger.error(this, "Warning: sending oversize auth packet (anonAuth="+anonAuth+") of "+prePaddingLength+" bytes!");
    }
    if(paddingLength < 0) paddingLength = 0;
    byte[] data = new byte[prePaddingLength + paddingLength];
    PCFBMode pcfb = PCFBMode.create(cipher, iv);
    System.arraycopy(iv, 0, data, 0, iv.length);
    pcfb.blockEncipher(hash, 0, hash.length);
    System.arraycopy(hash, 0, data, iv.length, hash.length);
    if(logMINOR) Logger.minor(this, "Payload length: "+length+" padded length "+data.length);
    data[hash.length+iv.length] = (byte) pcfb.encipher((byte)(length>>8));
    data[hash.length+iv.length+1] = (byte) pcfb.encipher((byte)length);
    pcfb.blockEncipher(output, 0, output.length);
    System.arraycopy(output, 0, data, hash.length+iv.length+2, output.length);

    Util.randomBytes(node.fastWeakRandom, data, hash.length+iv.length+2+output.length, paddingLength);
    try {
      sendPacket(data, replyTo, pn);

Examples of freenet.crypt.PCFBMode

    } catch (UnsupportedCipherException e) {
      throw new Error(e);
    }
    aes.initialize(key.cryptoKey);
    // ECB-encrypted E(H(docname)) serves as IV.
    PCFBMode pcfb = PCFBMode.create(aes, key.ehDocname);
    pcfb.blockDecipher(decryptedHeaders, 0, decryptedHeaders.length);
    // First 32 bytes are the key
    byte[] dataDecryptKey = Arrays.copyOf(decryptedHeaders, DATA_DECRYPT_KEY_LENGTH);
    aes.initialize(dataDecryptKey);
    byte[] dataOutput = block.data.clone();
    // Data decrypt key should be unique, so use it as IV
    pcfb.reset(dataDecryptKey);
    pcfb.blockDecipher(dataOutput, 0, dataOutput.length);
    // 2 bytes - data length
    int dataLength = ((decryptedHeaders[DATA_DECRYPT_KEY_LENGTH] & 0xff) << 8) +
      (decryptedHeaders[DATA_DECRYPT_KEY_LENGTH+1] & 0xff);
    // Metadata flag is top bit
    if((dataLength & 32768) != 0) {

Examples of freenet.crypt.PCFBMode

      }

      // Encrypt data. Data encryption key = H(plaintext data).

      aes.initialize(origDataHash);
      PCFBMode pcfb = PCFBMode.create(aes, origDataHash);

      pcfb.blockEncipher(data, 0, data.length);

      byte[] encryptedDataHash = md256.digest(data);

      // Create headers

      byte[] headers = new byte[SSKBlock.TOTAL_HEADERS_LENGTH];
      // First two bytes = hash ID
      int x = 0;
      headers[x++] = (byte) (KeyBlock.HASH_SHA256 >> 8);
      headers[x++] = (byte) (KeyBlock.HASH_SHA256);
      // Then crypto ID
      headers[x++] = (byte) (Key.ALGO_AES_PCFB_256_SHA256 >> 8);
      headers[x++] = Key.ALGO_AES_PCFB_256_SHA256;
      // Then E(H(docname))
      // Copy to headers
      System.arraycopy(ehDocname, 0, headers, x, ehDocname.length);
      x += ehDocname.length;
      // Now the encrypted headers
      byte[] encryptedHeaders = Arrays.copyOf(origDataHash, SSKBlock.ENCRYPTED_HEADERS_LENGTH);
      int y = origDataHash.length;
      short len = (short) compressedData.length;
      if (asMetadata)
        len |= 32768;
      encryptedHeaders[y++] = (byte) (len >> 8);
      encryptedHeaders[y++] = (byte) len;
      encryptedHeaders[y++] = (byte) (compressionAlgo >> 8);
      encryptedHeaders[y++] = (byte) compressionAlgo;
      if (encryptedHeaders.length != y)
        throw new IllegalStateException("Have more bytes to generate encoding SSK");
      aes.initialize(cryptoKey);
      pcfb.reset(ehDocname);
      pcfb.blockEncipher(encryptedHeaders, 0, encryptedHeaders.length);
      System.arraycopy(encryptedHeaders, 0, headers, x, encryptedHeaders.length);
      x += encryptedHeaders.length;
      // Generate implicit overall hash.
      md256.update(headers, 0, x);
      md256.update(encryptedDataHash);

Examples of freenet.crypt.PCFBMode

        }
        byte[] cryptoKey = key.cryptoKey;
        if(cryptoKey.length < Node.SYMMETRIC_KEY_LENGTH)
            throw new CHKDecodeException("Crypto key too short");
        cipher.initialize(key.cryptoKey);
        PCFBMode pcfb = PCFBMode.create(cipher);
        byte[] headers = block.headers;
        byte[] data = block.data;
    byte[] hbuf = Arrays.copyOfRange(headers, 2, headers.length);
        byte[] dbuf = Arrays.copyOf(data, data.length);
        // Decipher header first - functions as IV
        pcfb.blockDecipher(hbuf, 0, hbuf.length);
        pcfb.blockDecipher(dbuf, 0, dbuf.length);
        MessageDigest md256 = SHA256.getMessageDigest();
        byte[] dkey = key.cryptoKey;
        // Check: IV == hash of decryption key
        byte[] predIV = md256.digest(dkey);
        SHA256.returnMessageDigest(md256); md256 = null;

Examples of freenet.crypt.PCFBMode

        // So the plaintext *and* ciphertext IV is always the same.
        // And the following 32 bytes are always XORed with the same value.
        // Ouch!
        // Those bytes being 2 bytes for the length, followed by the first 30 bytes of the data.

        PCFBMode pcfb = PCFBMode.create(cipher);
        pcfb.blockEncipher(header, 2, header.length-2);
        pcfb.blockEncipher(data, 0, data.length);

        // Now calculate the final hash
        md256.update(header);
        byte[] finalHash = md256.digest(data);

Examples of freenet.crypt.PCFBMode

      return;

    entry.dataEncryptIV = new byte[16];
    random.nextBytes(entry.dataEncryptIV);

    PCFBMode cipher = makeCipher(entry.dataEncryptIV, entry.plainRoutingKey);
    cipher.blockEncipher(entry.header, 0, entry.header.length);
    cipher.blockEncipher(entry.data, 0, entry.data.length);

    entry.getDigestedRoutingKey();
    entry.isEncrypted = true;
  }

Examples of freenet.crypt.PCFBMode

        return false;
    }

    entry.plainRoutingKey = routingKey;

    PCFBMode cipher = makeCipher(entry.dataEncryptIV, entry.plainRoutingKey);
    cipher.blockDecipher(entry.header, 0, entry.header.length);
    cipher.blockDecipher(entry.data, 0, entry.data.length);

    entry.isEncrypted = false;

    return true;
  }