Ratchet: mixHash() not required after message for N pattern

2020-12-29 14:15:00 -05:00
parent 9fc97764c5
commit 62fce859b9
2 changed files with 38 additions and 5 deletions
--- a/router/java/src/com/southernstorm/noise/protocol/HandshakeState.java
+++ b/router/java/src/com/southernstorm/noise/protocol/HandshakeState.java
@@ -648,10 +648,19 @@ public class HandshakeState implements Destroyable, Cloneable {
 			}
 			
 			// Add the payload to the message buffer and encrypt it.
-			if (payload != null)
-				messagePosn += symmetric.encryptAndHash(payload, payloadOffset, message, messagePosn, payloadLength);
-			else
-				messagePosn += symmetric.encryptAndHash(message, messagePosn, message, messagePosn, 0);
+			if (payload != null) {
+				// no need to hash for N, we don't split() and no more messages follow
+				if (patternId.equals(PATTERN_ID_N))
+					messagePosn += symmetric.encryptOnly(payload, payloadOffset, message, messagePosn, payloadLength);
+				else
+					messagePosn += symmetric.encryptAndHash(payload, payloadOffset, message, messagePosn, payloadLength);
+			} else {
+				// no need to hash for N, we don't split() and no more messages follow
+				if (patternId.equals(PATTERN_ID_N))
+					messagePosn += symmetric.encryptOnly(message, messagePosn, message, messagePosn, 0);
+				else
+					messagePosn += symmetric.encryptAndHash(message, messagePosn, message, messagePosn, 0);
+			}
 			success = true;
 		} finally {
 			// If we failed, then clear any sensitive data that may have
@@ -819,7 +828,12 @@ public class HandshakeState implements Destroyable, Cloneable {
 			}
 			
 			// Decrypt the message payload.
-			int payloadLength = symmetric.decryptAndHash(message, messageOffset, payload, payloadOffset, messageEnd - messageOffset);
+			int payloadLength;
+			// no need to hash for N, we don't split() and no more messages follow
+			if (patternId.equals(PATTERN_ID_N))
+				payloadLength = symmetric.decryptOnly(message, messageOffset, payload, payloadOffset, messageEnd - messageOffset);
+			else
+				payloadLength = symmetric.decryptAndHash(message, messageOffset, payload, payloadOffset, messageEnd - messageOffset);
 			success = true;
 			return payloadLength;
 		} finally {
--- a/router/java/src/com/southernstorm/noise/protocol/SymmetricState.java
+++ b/router/java/src/com/southernstorm/noise/protocol/SymmetricState.java
@@ -273,6 +273,16 @@ class SymmetricState implements Destroyable, Cloneable {
 		return ciphertextLength;
 	}

+	/**
+	 * I2P - Same as encryptAndHash() but without the post-mixHash(), for N only.
+	 * @since 0.9.49
+	 */
+	public int encryptOnly(byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length) throws ShortBufferException
+	{
+		int ciphertextLength = cipher.encryptWithAd(h, plaintext, plaintextOffset, ciphertext, ciphertextOffset, length);
+		return ciphertextLength;
+	}
+
 	/**
 	 * Decrypts a block of ciphertext and mixes it into the handshake hash.
 	 * 
@@ -302,6 +312,15 @@ class SymmetricState implements Destroyable, Cloneable {
 		return cipher.decryptWithAd(prev_h, ciphertext, ciphertextOffset, plaintext, plaintextOffset, length);
 	}

+	/**
+	 * I2P - Same as decryptAndHash() but without the post-mixHash(), for N only.
+	 * @since 0.9.49
+	 */
+	public int decryptOnly(byte[] ciphertext, int ciphertextOffset, byte[] plaintext, int plaintextOffset, int length) throws ShortBufferException, BadPaddingException
+	{
+		return cipher.decryptWithAd(h, ciphertext, ciphertextOffset, plaintext, plaintextOffset, length);
+	}
+
 	/**
 	 * Splits the symmetric state into two ciphers for session encryption.
 	 *