2018-06-05 16:53:13 +00:00
# include <openssl/rand.h>
2018-06-05 19:37:08 +00:00
# include <openssl/sha.h>
# include <openssl/hmac.h>
2018-06-06 19:38:18 +00:00
# include <stdlib.h>
2018-06-13 20:16:23 +00:00
# include <vector>
2018-06-06 19:38:18 +00:00
# include "Log.h"
# include "I2PEndian.h"
2018-06-05 16:53:13 +00:00
# include "Crypto.h"
# include "Ed25519.h"
2018-06-21 16:39:24 +00:00
# include "Siphash.h"
2018-06-15 18:56:03 +00:00
# include "RouterContext.h"
2018-07-13 19:59:28 +00:00
# include "Transports.h"
2018-07-18 19:57:18 +00:00
# include "NetDb.hpp"
2018-06-05 16:53:13 +00:00
# include "NTCP2.h"
namespace i2p
{
namespace transport
{
2018-08-09 16:53:36 +00:00
NTCP2Establisher : : NTCP2Establisher ( ) :
m_SessionRequestBuffer ( nullptr ) , m_SessionCreatedBuffer ( nullptr ) , m_SessionConfirmedBuffer ( nullptr )
2018-07-04 18:15:40 +00:00
{
m_Ctx = BN_CTX_new ( ) ;
CreateEphemeralKey ( ) ;
}
NTCP2Establisher : : ~ NTCP2Establisher ( )
{
BN_CTX_free ( m_Ctx ) ;
2018-08-09 16:53:36 +00:00
delete [ ] m_SessionRequestBuffer ;
delete [ ] m_SessionCreatedBuffer ;
delete [ ] m_SessionConfirmedBuffer ;
2018-07-04 18:15:40 +00:00
}
2018-07-03 20:26:02 +00:00
void NTCP2Establisher : : MixKey ( const uint8_t * inputKeyMaterial , uint8_t * derived )
2018-06-14 19:29:36 +00:00
{
// temp_key = HMAC-SHA256(ck, input_key_material)
uint8_t tempKey [ 32 ] ; unsigned int len ;
HMAC ( EVP_sha256 ( ) , m_CK , 32 , inputKeyMaterial , 32 , tempKey , & len ) ;
// ck = HMAC-SHA256(temp_key, byte(0x01))
static uint8_t one [ 1 ] = { 1 } ;
HMAC ( EVP_sha256 ( ) , tempKey , 32 , one , 1 , m_CK , & len ) ;
// derived = HMAC-SHA256(temp_key, ck || byte(0x02))
m_CK [ 32 ] = 2 ;
HMAC ( EVP_sha256 ( ) , tempKey , 32 , m_CK , 33 , derived , & len ) ;
}
2018-07-31 19:41:13 +00:00
void NTCP2Establisher : : KeyDerivationFunction1 ( const uint8_t * pub , const uint8_t * priv , const uint8_t * rs , const uint8_t * epub )
2018-06-05 19:37:08 +00:00
{
2018-06-20 20:09:22 +00:00
static const uint8_t protocolNameHash [ ] =
{
0x72 , 0xe8 , 0x42 , 0xc5 , 0x45 , 0xe1 , 0x80 , 0x80 , 0xd3 , 0x9c , 0x44 , 0x93 , 0xbb , 0x91 , 0xd7 , 0xed ,
0xf2 , 0x28 , 0x98 , 0x17 , 0x71 , 0x21 , 0x8c , 0x1f , 0x62 , 0x4e , 0x20 , 0x6f , 0x28 , 0xd3 , 0x2f , 0x71
} ; // SHA256 ("Noise_XKaesobfse+hs2+hs3_25519_ChaChaPoly_SHA256")
2018-07-18 20:27:43 +00:00
static const uint8_t hh [ 32 ] =
2018-06-20 20:09:22 +00:00
{
0x49 , 0xff , 0x48 , 0x3f , 0xc4 , 0x04 , 0xb9 , 0xb2 , 0x6b , 0x11 , 0x94 , 0x36 , 0x72 , 0xff , 0x05 , 0xb5 ,
0x61 , 0x27 , 0x03 , 0x31 , 0xba , 0x89 , 0xb8 , 0xfc , 0x33 , 0x15 , 0x93 , 0x87 , 0x57 , 0xdd , 0x3d , 0x1e
} ; // SHA256 (protocolNameHash)
memcpy ( m_CK , protocolNameHash , 32 ) ;
2018-07-19 13:27:59 +00:00
// h = SHA256(hh || rs)
SHA256_CTX ctx ;
SHA256_Init ( & ctx ) ;
SHA256_Update ( & ctx , hh , 32 ) ;
SHA256_Update ( & ctx , rs , 32 ) ;
SHA256_Final ( m_H , & ctx ) ;
2018-07-31 19:41:13 +00:00
// h = SHA256(h || epub)
2018-07-19 13:27:59 +00:00
SHA256_Init ( & ctx ) ;
SHA256_Update ( & ctx , m_H , 32 ) ;
2018-07-31 19:41:13 +00:00
SHA256_Update ( & ctx , epub , 32 ) ;
2018-07-19 13:27:59 +00:00
SHA256_Final ( m_H , & ctx ) ;
2018-06-05 19:37:08 +00:00
// x25519 between rs and priv
uint8_t inputKeyMaterial [ 32 ] ;
2018-07-31 19:41:13 +00:00
i2p : : crypto : : GetEd25519 ( ) - > ScalarMul ( pub , priv , inputKeyMaterial , m_Ctx ) ; // rs*priv
2018-07-04 18:15:40 +00:00
MixKey ( inputKeyMaterial , m_K ) ;
}
void NTCP2Establisher : : KDF1Alice ( )
{
2018-07-31 19:41:13 +00:00
KeyDerivationFunction1 ( m_RemoteStaticKey , GetPriv ( ) , m_RemoteStaticKey , GetPub ( ) ) ;
2018-07-04 18:15:40 +00:00
}
void NTCP2Establisher : : KDF1Bob ( )
{
2018-07-31 19:41:13 +00:00
KeyDerivationFunction1 ( GetRemotePub ( ) , i2p : : context . GetNTCP2StaticPrivateKey ( ) , i2p : : context . GetNTCP2StaticPublicKey ( ) , GetRemotePub ( ) ) ;
2018-06-13 20:16:23 +00:00
}
2018-07-31 19:41:13 +00:00
void NTCP2Establisher : : KeyDerivationFunction2 ( const uint8_t * sessionRequest , size_t sessionRequestLen , const uint8_t * epub )
2018-07-19 13:27:59 +00:00
{
SHA256_CTX ctx ;
SHA256_Init ( & ctx ) ;
SHA256_Update ( & ctx , m_H , 32 ) ;
SHA256_Update ( & ctx , sessionRequest + 32 , 32 ) ; // encrypted payload
SHA256_Final ( m_H , & ctx ) ;
2018-06-13 20:16:23 +00:00
int paddingLength = sessionRequestLen - 64 ;
if ( paddingLength > 0 )
{
2018-07-04 18:15:40 +00:00
SHA256_Init ( & ctx ) ;
2018-07-19 13:27:59 +00:00
SHA256_Update ( & ctx , m_H , 32 ) ;
2018-07-04 18:15:40 +00:00
SHA256_Update ( & ctx , sessionRequest + 64 , paddingLength ) ;
2018-07-19 13:27:59 +00:00
SHA256_Final ( m_H , & ctx ) ;
2018-06-13 20:16:23 +00:00
}
2018-07-19 13:27:59 +00:00
SHA256_Init ( & ctx ) ;
SHA256_Update ( & ctx , m_H , 32 ) ;
2018-07-31 19:41:13 +00:00
SHA256_Update ( & ctx , epub , 32 ) ;
2018-07-19 13:27:59 +00:00
SHA256_Final ( m_H , & ctx ) ;
2018-06-14 14:45:25 +00:00
2018-06-13 20:16:23 +00:00
// x25519 between remote pub and priv
uint8_t inputKeyMaterial [ 32 ] ;
2018-07-04 18:15:40 +00:00
i2p : : crypto : : GetEd25519 ( ) - > ScalarMul ( GetRemotePub ( ) , GetPriv ( ) , inputKeyMaterial , m_Ctx ) ;
MixKey ( inputKeyMaterial , m_K ) ;
2018-06-14 19:29:36 +00:00
}
2018-08-09 16:53:36 +00:00
void NTCP2Establisher : : KDF2Alice ( )
2018-07-31 19:41:13 +00:00
{
2018-08-09 16:53:36 +00:00
KeyDerivationFunction2 ( m_SessionRequestBuffer , m_SessionRequestBufferLen , GetRemotePub ( ) ) ;
2018-07-31 19:41:13 +00:00
}
2018-08-09 16:53:36 +00:00
void NTCP2Establisher : : KDF2Bob ( )
2018-07-31 19:41:13 +00:00
{
2018-08-09 16:53:36 +00:00
KeyDerivationFunction2 ( m_SessionRequestBuffer , m_SessionRequestBufferLen , GetPub ( ) ) ;
2018-07-31 19:41:13 +00:00
}
2018-07-09 19:56:23 +00:00
void NTCP2Establisher : : KDF3Alice ( )
2018-07-04 18:15:40 +00:00
{
uint8_t inputKeyMaterial [ 32 ] ;
2018-07-09 19:56:23 +00:00
i2p : : crypto : : GetEd25519 ( ) - > ScalarMul ( GetRemotePub ( ) , i2p : : context . GetNTCP2StaticPrivateKey ( ) , inputKeyMaterial , m_Ctx ) ;
MixKey ( inputKeyMaterial , m_K ) ;
}
void NTCP2Establisher : : KDF3Bob ( )
{
uint8_t inputKeyMaterial [ 32 ] ;
i2p : : crypto : : GetEd25519 ( ) - > ScalarMul ( m_RemoteStaticKey , m_EphemeralPrivateKey , inputKeyMaterial , m_Ctx ) ;
2018-07-04 18:15:40 +00:00
MixKey ( inputKeyMaterial , m_K ) ;
}
void NTCP2Establisher : : CreateEphemeralKey ( )
2018-07-03 20:26:02 +00:00
{
RAND_bytes ( m_EphemeralPrivateKey , 32 ) ;
2018-07-04 18:15:40 +00:00
i2p : : crypto : : GetEd25519 ( ) - > ScalarMulB ( m_EphemeralPrivateKey , m_EphemeralPublicKey , m_Ctx ) ;
2018-07-03 20:26:02 +00:00
}
2018-08-10 14:53:34 +00:00
void NTCP2Establisher : : CreateSessionRequestMessage ( )
2018-08-09 16:53:36 +00:00
{
2018-08-10 14:53:34 +00:00
// create buffer and fill padding
auto paddingLength = rand ( ) % ( 287 - 64 ) ; // message length doesn't exceed 287 bytes
m_SessionRequestBufferLen = paddingLength + 64 ;
2018-08-09 16:53:36 +00:00
m_SessionRequestBuffer = new uint8_t [ m_SessionRequestBufferLen ] ;
2018-08-10 14:53:34 +00:00
RAND_bytes ( m_SessionRequestBuffer + 64 , paddingLength ) ;
// encrypt X
i2p : : crypto : : CBCEncryption encryption ;
encryption . SetKey ( m_RemoteIdentHash ) ;
encryption . SetIV ( m_IV ) ;
encryption . Encrypt ( GetPub ( ) , 32 , m_SessionRequestBuffer ) ; // X
encryption . GetIV ( m_IV ) ; // save IV for SessionCreated
// encryption key for next block
KDF1Alice ( ) ;
// fill options
uint8_t options [ 32 ] ; // actual options size is 16 bytes
memset ( options , 0 , 16 ) ;
options [ 1 ] = 2 ; // ver
htobe16buf ( options + 2 , paddingLength ) ; // padLen
m3p2Len = i2p : : context . GetRouterInfo ( ) . GetBufferLen ( ) + 20 ; // (RI header + RI + MAC for now) TODO: implement options
htobe16buf ( options + 4 , m3p2Len ) ;
// 2 bytes reserved
htobe32buf ( options + 8 , i2p : : util : : GetSecondsSinceEpoch ( ) ) ; // tsA
// 4 bytes reserved
// sign and encrypt options, use m_H as AD
uint8_t nonce [ 12 ] ;
memset ( nonce , 0 , 12 ) ; // set nonce to zero
i2p : : crypto : : AEADChaCha20Poly1305 ( options , 16 , m_H , 32 , m_K , nonce , m_SessionRequestBuffer + 32 , 32 , true ) ; // encrypt
2018-08-09 16:53:36 +00:00
}
2018-08-10 14:53:34 +00:00
void NTCP2Establisher : : CreateSessionCreatedMessage ( )
2018-08-09 16:53:36 +00:00
{
2018-08-10 14:53:34 +00:00
auto paddingLen = rand ( ) % ( 287 - 64 ) ;
2018-08-09 16:53:36 +00:00
m_SessionCreatedBufferLen = paddingLen + 64 ;
m_SessionCreatedBuffer = new uint8_t [ m_SessionCreatedBufferLen ] ;
RAND_bytes ( m_SessionCreatedBuffer + 64 , paddingLen ) ;
2018-08-10 14:53:34 +00:00
// encrypt Y
i2p : : crypto : : CBCEncryption encryption ;
encryption . SetKey ( i2p : : context . GetIdentHash ( ) ) ;
encryption . SetIV ( m_IV ) ;
encryption . Encrypt ( GetPub ( ) , 32 , m_SessionCreatedBuffer ) ; // Y
// encryption key for next block (m_K)
KDF2Bob ( ) ;
uint8_t options [ 16 ] ;
memset ( options , 0 , 16 ) ;
htobe16buf ( options + 2 , paddingLen ) ; // padLen
htobe32buf ( options + 8 , i2p : : util : : GetSecondsSinceEpoch ( ) ) ; // tsB
// sign and encrypt options, use m_H as AD
uint8_t nonce [ 12 ] ;
memset ( nonce , 0 , 12 ) ; // set nonce to zero
i2p : : crypto : : AEADChaCha20Poly1305 ( options , 16 , m_H , 32 , m_K , nonce , m_SessionCreatedBuffer + 32 , 32 , true ) ; // encrypt
2018-08-09 16:53:36 +00:00
}
2018-08-10 14:53:34 +00:00
void NTCP2Establisher : : CreateSessionConfirmedMessagePart1 ( const uint8_t * nonce )
{
// update AD
SHA256_CTX ctx ;
SHA256_Init ( & ctx ) ;
SHA256_Update ( & ctx , m_H , 32 ) ;
SHA256_Update ( & ctx , m_SessionCreatedBuffer + 32 , 32 ) ; // encrypted payload
SHA256_Final ( m_H , & ctx ) ;
int paddingLength = m_SessionCreatedBufferLen - 64 ;
if ( paddingLength > 0 )
{
SHA256_CTX ctx1 ;
SHA256_Init ( & ctx1 ) ;
SHA256_Update ( & ctx1 , m_H , 32 ) ;
SHA256_Update ( & ctx1 , m_SessionCreatedBuffer + 64 , paddingLength ) ;
SHA256_Final ( m_H , & ctx1 ) ;
}
// part1 48 bytes
m_SessionConfirmedBuffer = new uint8_t [ m3p2Len + 48 ] ;
i2p : : crypto : : AEADChaCha20Poly1305 ( i2p : : context . GetNTCP2StaticPublicKey ( ) , 32 , m_H , 32 , m_K , nonce , m_SessionConfirmedBuffer , 48 , true ) ; // encrypt
}
void NTCP2Establisher : : CreateSessionConfirmedMessagePart2 ( const uint8_t * nonce )
{
// part 2
// update AD again
SHA256_CTX ctx ;
SHA256_Init ( & ctx ) ;
SHA256_Update ( & ctx , m_H , 32 ) ;
SHA256_Update ( & ctx , m_SessionConfirmedBuffer , 48 ) ;
SHA256_Final ( m_H , & ctx ) ;
// fill and encrypt
uint8_t * buf = m_SessionConfirmedBuffer + 48 ;
buf [ 0 ] = eNTCP2BlkRouterInfo ; // block
htobe16buf ( buf + 1 , i2p : : context . GetRouterInfo ( ) . GetBufferLen ( ) + 1 ) ; // flag + RI
buf [ 3 ] = 0 ; // flag
memcpy ( buf + 4 , i2p : : context . GetRouterInfo ( ) . GetBuffer ( ) , i2p : : context . GetRouterInfo ( ) . GetBufferLen ( ) ) ;
KDF3Alice ( ) ;
i2p : : crypto : : AEADChaCha20Poly1305 ( buf , m3p2Len - 16 , m_H , 32 , m_K , nonce , buf , m3p2Len , true ) ; // encrypt
// update h again
SHA256_Init ( & ctx ) ;
SHA256_Update ( & ctx , m_H , 32 ) ;
SHA256_Update ( & ctx , buf , m3p2Len ) ;
SHA256_Final ( m_H , & ctx ) ; //h = SHA256(h || ciphertext)
}
2018-07-03 20:26:02 +00:00
NTCP2Session : : NTCP2Session ( NTCP2Server & server , std : : shared_ptr < const i2p : : data : : RouterInfo > in_RemoteRouter ) :
2018-08-03 17:10:32 +00:00
TransportSession ( in_RemoteRouter , NTCP2_ESTABLISH_TIMEOUT ) ,
2018-07-03 20:26:02 +00:00
m_Server ( server ) , m_Socket ( m_Server . GetService ( ) ) ,
m_IsEstablished ( false ) , m_IsTerminated ( false ) ,
2018-08-08 20:23:44 +00:00
m_NextReceivedLen ( 0 ) , m_NextReceivedBuffer ( nullptr ) , m_NextSendBuffer ( nullptr ) ,
2018-07-18 15:16:40 +00:00
m_ReceiveSequenceNumber ( 0 ) , m_SendSequenceNumber ( 0 ) , m_IsSending ( false )
2018-07-03 20:26:02 +00:00
{
m_Establisher . reset ( new NTCP2Establisher ) ;
2018-07-31 19:41:13 +00:00
if ( in_RemoteRouter ) // Alice
2018-07-03 20:26:02 +00:00
{
2018-08-10 14:53:34 +00:00
m_Establisher - > m_RemoteIdentHash = GetRemoteIdentity ( ) - > GetIdentHash ( ) ;
2018-08-04 12:47:58 +00:00
auto addr = in_RemoteRouter - > GetNTCP2Address ( true ) ; // we need a published address
2018-08-02 17:58:47 +00:00
if ( addr )
2018-07-31 19:41:13 +00:00
{
memcpy ( m_Establisher - > m_RemoteStaticKey , addr - > ntcp2 - > staticKey , 32 ) ;
memcpy ( m_Establisher - > m_IV , addr - > ntcp2 - > iv , 16 ) ;
}
else
LogPrint ( eLogWarning , " NTCP2: Missing NTCP2 parameters " ) ;
2018-07-03 20:26:02 +00:00
}
}
NTCP2Session : : ~ NTCP2Session ( )
{
delete [ ] m_NextReceivedBuffer ;
delete [ ] m_NextSendBuffer ;
}
void NTCP2Session : : Terminate ( )
{
if ( ! m_IsTerminated )
{
m_IsTerminated = true ;
m_IsEstablished = false ;
m_Socket . close ( ) ;
2018-07-18 16:58:29 +00:00
transports . PeerDisconnected ( shared_from_this ( ) ) ;
m_Server . RemoveNTCP2Session ( shared_from_this ( ) ) ;
m_SendQueue . clear ( ) ;
2018-07-03 20:26:02 +00:00
LogPrint ( eLogDebug , " NTCP2: session terminated " ) ;
}
}
2018-08-03 17:10:32 +00:00
void NTCP2Session : : TerminateByTimeout ( )
{
SendTerminationAndTerminate ( eNTCP2IdleTimeout ) ;
}
2018-07-03 20:26:02 +00:00
void NTCP2Session : : Done ( )
{
m_Server . GetService ( ) . post ( std : : bind ( & NTCP2Session : : Terminate , shared_from_this ( ) ) ) ;
}
2018-07-13 19:59:28 +00:00
void NTCP2Session : : Established ( )
{
m_IsEstablished = true ;
m_Establisher . reset ( nullptr ) ;
2018-08-03 17:10:32 +00:00
SetTerminationTimeout ( NTCP2_TERMINATION_TIMEOUT ) ;
2018-07-18 15:16:40 +00:00
transports . PeerConnected ( shared_from_this ( ) ) ;
2018-07-13 19:59:28 +00:00
}
2018-07-03 20:26:02 +00:00
void NTCP2Session : : CreateNonce ( uint64_t seqn , uint8_t * nonce )
{
memset ( nonce , 0 , 4 ) ;
htole64buf ( nonce + 4 , seqn ) ;
}
2018-06-21 16:39:24 +00:00
void NTCP2Session : : KeyDerivationFunctionDataPhase ( )
2018-06-20 20:09:22 +00:00
{
uint8_t tempKey [ 32 ] ; unsigned int len ;
2018-07-03 20:26:02 +00:00
HMAC ( EVP_sha256 ( ) , m_Establisher - > GetCK ( ) , 32 , nullptr , 0 , tempKey , & len ) ; // temp_key = HMAC-SHA256(ck, zerolen)
2018-06-20 20:09:22 +00:00
static uint8_t one [ 1 ] = { 1 } ;
2018-06-21 16:39:24 +00:00
HMAC ( EVP_sha256 ( ) , tempKey , 32 , one , 1 , m_Kab , & len ) ; // k_ab = HMAC-SHA256(temp_key, byte(0x01)).
m_Kab [ 32 ] = 2 ;
2018-06-21 20:24:19 +00:00
HMAC ( EVP_sha256 ( ) , tempKey , 32 , m_Kab , 33 , m_Kba , & len ) ; // k_ba = HMAC-SHA256(temp_key, k_ab || byte(0x02))
2018-06-21 16:39:24 +00:00
static uint8_t ask [ 4 ] = { ' a ' , ' s ' , ' k ' , 1 } , master [ 32 ] ;
HMAC ( EVP_sha256 ( ) , tempKey , 32 , ask , 4 , master , & len ) ; // ask_master = HMAC-SHA256(temp_key, "ask" || byte(0x01))
uint8_t h [ 39 ] ;
2018-07-03 20:26:02 +00:00
memcpy ( h , m_Establisher - > GetH ( ) , 32 ) ;
2018-06-21 16:39:24 +00:00
memcpy ( h + 32 , " siphash " , 7 ) ;
HMAC ( EVP_sha256 ( ) , master , 32 , h , 39 , tempKey , & len ) ; // temp_key = HMAC-SHA256(ask_master, h || "siphash")
HMAC ( EVP_sha256 ( ) , tempKey , 32 , one , 1 , master , & len ) ; // sip_master = HMAC-SHA256(temp_key, byte(0x01))
HMAC ( EVP_sha256 ( ) , master , 32 , nullptr , 0 , tempKey , & len ) ; // temp_key = HMAC-SHA256(sip_master, zerolen)
2018-06-21 20:24:19 +00:00
HMAC ( EVP_sha256 ( ) , tempKey , 32 , one , 1 , m_Sipkeysab , & len ) ; // sipkeys_ab = HMAC-SHA256(temp_key, byte(0x01)).
m_Sipkeysab [ 32 ] = 2 ;
HMAC ( EVP_sha256 ( ) , tempKey , 32 , m_Sipkeysab , 33 , m_Sipkeysba , & len ) ; // sipkeys_ba = HMAC-SHA256(temp_key, sipkeys_ab || byte(0x02))
2018-06-20 20:09:22 +00:00
}
2018-06-05 16:53:13 +00:00
2018-06-06 19:38:18 +00:00
void NTCP2Session : : SendSessionRequest ( )
2018-06-05 16:53:13 +00:00
{
2018-08-10 14:53:34 +00:00
m_Establisher - > CreateSessionRequestMessage ( ) ;
2018-06-06 19:38:18 +00:00
// send message
2018-08-09 16:53:36 +00:00
boost : : asio : : async_write ( m_Socket , boost : : asio : : buffer ( m_Establisher - > m_SessionRequestBuffer , m_Establisher - > m_SessionRequestBufferLen ) , boost : : asio : : transfer_all ( ) ,
2018-06-06 19:38:18 +00:00
std : : bind ( & NTCP2Session : : HandleSessionRequestSent , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
2018-06-05 16:53:13 +00:00
}
2018-06-06 19:38:18 +00:00
void NTCP2Session : : HandleSessionRequestSent ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
( void ) bytes_transferred ;
if ( ecode )
{
2018-06-13 18:56:51 +00:00
LogPrint ( eLogWarning , " NTCP2: couldn't send SessionRequest message: " , ecode . message ( ) ) ;
2018-06-11 16:29:30 +00:00
Terminate ( ) ;
}
else
{
2018-08-09 16:53:36 +00:00
m_Establisher - > m_SessionCreatedBuffer = new uint8_t [ 287 ] ; // TODO: determine actual max size
2018-06-20 20:09:22 +00:00
// we receive first 64 bytes (32 Y, and 32 ChaCha/Poly frame) first
2018-08-09 16:53:36 +00:00
boost : : asio : : async_read ( m_Socket , boost : : asio : : buffer ( m_Establisher - > m_SessionCreatedBuffer , 64 ) , boost : : asio : : transfer_all ( ) ,
2018-06-11 16:29:30 +00:00
std : : bind ( & NTCP2Session : : HandleSessionCreatedReceived , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
2018-06-06 19:38:18 +00:00
}
}
2018-06-19 19:43:47 +00:00
void NTCP2Session : : HandleSessionRequestReceived ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
( void ) bytes_transferred ;
if ( ecode )
{
LogPrint ( eLogWarning , " NTCP2: SessionRequest read error: " , ecode . message ( ) ) ;
Terminate ( ) ;
}
else
{
// decrypt X
i2p : : crypto : : CBCDecryption decryption ;
decryption . SetKey ( i2p : : context . GetIdentHash ( ) ) ;
decryption . SetIV ( i2p : : context . GetNTCP2IV ( ) ) ;
2018-08-09 16:53:36 +00:00
decryption . Decrypt ( m_Establisher - > m_SessionRequestBuffer , 32 , m_Establisher - > GetRemotePub ( ) ) ;
2018-07-03 20:26:02 +00:00
decryption . GetIV ( m_Establisher - > m_IV ) ; // save IV for SessionCreated
2018-06-19 19:43:47 +00:00
// decryption key for next block
2018-07-04 18:15:40 +00:00
m_Establisher - > KDF1Bob ( ) ;
2018-06-19 19:43:47 +00:00
// verify MAC and decrypt options block (32 bytes), use m_H as AD
uint8_t nonce [ 12 ] , options [ 16 ] ;
memset ( nonce , 0 , 12 ) ; // set nonce to zero
2018-08-09 16:53:36 +00:00
if ( i2p : : crypto : : AEADChaCha20Poly1305 ( m_Establisher - > m_SessionRequestBuffer + 32 , 16 , m_Establisher - > GetH ( ) , 32 , m_Establisher - > GetK ( ) , nonce , options , 16 , false ) ) // decrypt
2018-06-19 19:43:47 +00:00
{
2018-06-20 20:09:22 +00:00
if ( options [ 1 ] = = 2 )
2018-06-19 19:43:47 +00:00
{
uint16_t paddingLen = bufbe16toh ( options + 2 ) ;
2018-08-09 16:53:36 +00:00
m_Establisher - > m_SessionRequestBufferLen = paddingLen + 64 ;
2018-07-09 19:56:23 +00:00
m_Establisher - > m3p2Len = bufbe16toh ( options + 4 ) ;
2018-06-19 19:43:47 +00:00
// TODO: check tsA
if ( paddingLen > 0 )
2018-08-09 16:53:36 +00:00
{
if ( paddingLen < = 287 - 64 ) // session request is 287 bytes max
{
boost : : asio : : async_read ( m_Socket , boost : : asio : : buffer ( m_Establisher - > m_SessionRequestBuffer + 64 , paddingLen ) , boost : : asio : : transfer_all ( ) ,
std : : bind ( & NTCP2Session : : HandleSessionRequestPaddingReceived , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
else
{
LogPrint ( eLogWarning , " NTCP2: SessionRequest padding length " , ( int ) paddingLen , " is too long " ) ;
Terminate ( ) ;
}
}
2018-06-19 19:43:47 +00:00
else
SendSessionCreated ( ) ;
}
else
{
2018-06-20 20:09:22 +00:00
LogPrint ( eLogWarning , " NTCP2: SessionRequest version mismatch " , ( int ) options [ 1 ] ) ;
2018-06-19 19:43:47 +00:00
Terminate ( ) ;
}
}
else
{
LogPrint ( eLogWarning , " NTCP2: SessionRequest AEAD verification failed " ) ;
Terminate ( ) ;
}
}
}
void NTCP2Session : : HandleSessionRequestPaddingReceived ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
if ( ecode )
{
LogPrint ( eLogWarning , " NTCP2: SessionRequest padding read error: " , ecode . message ( ) ) ;
Terminate ( ) ;
}
else
SendSessionCreated ( ) ;
}
void NTCP2Session : : SendSessionCreated ( )
{
2018-08-10 14:53:34 +00:00
m_Establisher - > CreateSessionCreatedMessage ( ) ;
2018-06-19 19:43:47 +00:00
// send message
2018-08-09 16:53:36 +00:00
boost : : asio : : async_write ( m_Socket , boost : : asio : : buffer ( m_Establisher - > m_SessionCreatedBuffer , m_Establisher - > m_SessionCreatedBufferLen ) , boost : : asio : : transfer_all ( ) ,
2018-06-19 19:43:47 +00:00
std : : bind ( & NTCP2Session : : HandleSessionCreatedSent , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
2018-06-11 16:29:30 +00:00
void NTCP2Session : : HandleSessionCreatedReceived ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
if ( ecode )
2018-06-13 18:56:51 +00:00
{
LogPrint ( eLogWarning , " NTCP2: SessionCreated read error: " , ecode . message ( ) ) ;
Terminate ( ) ;
}
else
{
2018-06-14 19:29:36 +00:00
LogPrint ( eLogDebug , " NTCP2: SessionCreated received " , bytes_transferred ) ;
2018-08-09 16:53:36 +00:00
m_Establisher - > m_SessionCreatedBufferLen = 64 ;
2018-06-13 18:56:51 +00:00
// decrypt Y
i2p : : crypto : : CBCDecryption decryption ;
decryption . SetKey ( GetRemoteIdentity ( ) - > GetIdentHash ( ) ) ;
2018-07-03 20:26:02 +00:00
decryption . SetIV ( m_Establisher - > m_IV ) ;
2018-08-09 16:53:36 +00:00
decryption . Decrypt ( m_Establisher - > m_SessionCreatedBuffer , 32 , m_Establisher - > GetRemotePub ( ) ) ;
2018-06-14 19:29:36 +00:00
// decryption key for next block (m_K)
2018-08-09 16:53:36 +00:00
m_Establisher - > KDF2Alice ( ) ;
2018-06-13 20:16:23 +00:00
// decrypt and verify MAC
2018-06-20 20:09:22 +00:00
uint8_t payload [ 16 ] ;
2018-06-13 20:16:23 +00:00
uint8_t nonce [ 12 ] ;
memset ( nonce , 0 , 12 ) ; // set nonce to zero
2018-08-09 16:53:36 +00:00
if ( i2p : : crypto : : AEADChaCha20Poly1305 ( m_Establisher - > m_SessionCreatedBuffer + 32 , 16 , m_Establisher - > GetH ( ) , 32 , m_Establisher - > GetK ( ) , nonce , payload , 16 , false ) ) // decrypt
2018-06-13 20:16:23 +00:00
{
2018-06-20 20:09:22 +00:00
uint16_t paddingLen = bufbe16toh ( payload + 2 ) ;
2018-06-14 19:29:36 +00:00
LogPrint ( eLogDebug , " NTCP2: padding length " , paddingLen ) ;
2018-06-20 20:09:22 +00:00
// TODO: check tsB
2018-06-14 19:29:36 +00:00
if ( paddingLen > 0 )
{
2018-08-11 20:08:21 +00:00
if ( paddingLen < = 287 - 64 ) // session created is 287 bytes max
{
boost : : asio : : async_read ( m_Socket , boost : : asio : : buffer ( m_Establisher - > m_SessionCreatedBuffer + 64 , paddingLen ) , boost : : asio : : transfer_all ( ) ,
std : : bind ( & NTCP2Session : : HandleSessionCreatedPaddingReceived , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
else
{
LogPrint ( eLogWarning , " NTCP2: SessionCreated padding length " , ( int ) paddingLen , " is too long " ) ;
Terminate ( ) ;
}
2018-06-14 19:29:36 +00:00
}
else
SendSessionConfirmed ( ) ;
2018-06-13 20:16:23 +00:00
}
else
{
2018-07-31 19:41:13 +00:00
LogPrint ( eLogWarning , " NTCP2: SessionCreated AEAD verification failed " ) ;
2018-06-13 20:16:23 +00:00
Terminate ( ) ;
}
2018-06-13 18:56:51 +00:00
}
2018-06-11 16:29:30 +00:00
}
2018-06-14 19:29:36 +00:00
void NTCP2Session : : HandleSessionCreatedPaddingReceived ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
if ( ecode )
{
LogPrint ( eLogWarning , " NTCP2: SessionCreated padding read error: " , ecode . message ( ) ) ;
Terminate ( ) ;
}
else
{
2018-08-09 16:53:36 +00:00
m_Establisher - > m_SessionCreatedBufferLen + = bytes_transferred ;
2018-06-14 19:29:36 +00:00
SendSessionConfirmed ( ) ;
}
}
void NTCP2Session : : SendSessionConfirmed ( )
{
uint8_t nonce [ 12 ] ;
2018-08-10 14:53:34 +00:00
CreateNonce ( 1 , nonce ) ; // set nonce to 1
m_Establisher - > CreateSessionConfirmedMessagePart1 ( nonce ) ;
memset ( nonce , 0 , 12 ) ; // set nonce back to 0
m_Establisher - > CreateSessionConfirmedMessagePart2 ( nonce ) ;
2018-06-14 19:29:36 +00:00
// send message
2018-08-09 16:53:36 +00:00
boost : : asio : : async_write ( m_Socket , boost : : asio : : buffer ( m_Establisher - > m_SessionConfirmedBuffer , m_Establisher - > m3p2Len + 48 ) , boost : : asio : : transfer_all ( ) ,
2018-06-14 19:29:36 +00:00
std : : bind ( & NTCP2Session : : HandleSessionConfirmedSent , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
void NTCP2Session : : HandleSessionConfirmedSent ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
LogPrint ( eLogDebug , " NTCP2: SessionConfirmed sent " ) ;
2018-06-21 16:39:24 +00:00
KeyDerivationFunctionDataPhase ( ) ;
2018-08-02 17:58:47 +00:00
// Alice data phase keys
2018-07-09 19:56:23 +00:00
m_SendKey = m_Kab ;
m_ReceiveKey = m_Kba ;
m_SendSipKey = m_Sipkeysab ;
m_ReceiveSipKey = m_Sipkeysba ;
memcpy ( m_ReceiveIV , m_Sipkeysba + 16 , 8 ) ;
memcpy ( m_SendIV , m_Sipkeysab + 16 , 8 ) ;
2018-07-13 19:59:28 +00:00
Established ( ) ;
2018-06-21 20:24:19 +00:00
ReceiveLength ( ) ;
2018-06-25 16:28:07 +00:00
// TODO: remove
2018-07-18 15:16:40 +00:00
//m_SendQueue.push_back (CreateDeliveryStatusMsg (1));
//SendQueue ();
2018-06-14 19:29:36 +00:00
}
2018-06-19 19:43:47 +00:00
void NTCP2Session : : HandleSessionCreatedSent ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
2018-07-09 19:56:23 +00:00
( void ) bytes_transferred ;
if ( ecode )
{
LogPrint ( eLogWarning , " NTCP2: couldn't send SessionCreated message: " , ecode . message ( ) ) ;
Terminate ( ) ;
}
else
{
LogPrint ( eLogDebug , " NTCP2: SessionCreated sent " ) ;
2018-08-09 16:53:36 +00:00
m_Establisher - > m_SessionConfirmedBuffer = new uint8_t [ m_Establisher - > m3p2Len + 48 ] ;
boost : : asio : : async_read ( m_Socket , boost : : asio : : buffer ( m_Establisher - > m_SessionConfirmedBuffer , m_Establisher - > m3p2Len + 48 ) , boost : : asio : : transfer_all ( ) ,
2018-07-09 19:56:23 +00:00
std : : bind ( & NTCP2Session : : HandleSessionConfirmedReceived , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
}
void NTCP2Session : : HandleSessionConfirmedReceived ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
if ( ecode )
{
2018-08-09 16:53:36 +00:00
LogPrint ( eLogWarning , " NTCP2: SessionConfirmed read error: " , ecode . message ( ) ) ;
2018-07-09 19:56:23 +00:00
Terminate ( ) ;
}
else
{
2018-08-09 16:53:36 +00:00
LogPrint ( eLogDebug , " NTCP2: SessionConfirmed received " ) ;
2018-07-09 19:56:23 +00:00
// update AD
uint8_t h [ 80 ] ;
memcpy ( h , m_Establisher - > GetH ( ) , 32 ) ;
2018-08-09 16:53:36 +00:00
memcpy ( h + 32 , m_Establisher - > m_SessionCreatedBuffer + 32 , 32 ) ; // encrypted payload
2018-07-09 19:56:23 +00:00
SHA256 ( h , 64 , h ) ;
2018-08-09 16:53:36 +00:00
int paddingLength = m_Establisher - > m_SessionCreatedBufferLen - 64 ;
2018-07-09 19:56:23 +00:00
if ( paddingLength > 0 )
{
SHA256_CTX ctx ;
SHA256_Init ( & ctx ) ;
SHA256_Update ( & ctx , h , 32 ) ;
2018-08-09 16:53:36 +00:00
SHA256_Update ( & ctx , m_Establisher - > m_SessionCreatedBuffer + 64 , paddingLength ) ;
2018-07-09 19:56:23 +00:00
SHA256_Final ( h , & ctx ) ;
}
// part 1
uint8_t nonce [ 12 ] ;
CreateNonce ( 1 , nonce ) ;
2018-08-09 16:53:36 +00:00
if ( i2p : : crypto : : AEADChaCha20Poly1305 ( m_Establisher - > m_SessionConfirmedBuffer , 32 , h , 32 , m_Establisher - > GetK ( ) , nonce , m_Establisher - > m_RemoteStaticKey , 32 , false ) ) // decrypt S
2018-07-18 19:57:18 +00:00
{
2018-07-31 19:41:13 +00:00
// part 2
// update AD again
2018-08-09 16:53:36 +00:00
memcpy ( h + 32 , m_Establisher - > m_SessionConfirmedBuffer , 48 ) ;
2018-07-31 19:41:13 +00:00
SHA256 ( h , 80 , m_Establisher - > m_H ) ;
std : : vector < uint8_t > buf ( m_Establisher - > m3p2Len - 16 ) ; // -MAC
m_Establisher - > KDF3Bob ( ) ;
memset ( nonce , 0 , 12 ) ; // set nonce to 0 again
2018-08-09 16:53:36 +00:00
if ( i2p : : crypto : : AEADChaCha20Poly1305 ( m_Establisher - > m_SessionConfirmedBuffer + 48 , m_Establisher - > m3p2Len - 16 , m_Establisher - > GetH ( ) , 32 , m_Establisher - > GetK ( ) , nonce , buf . data ( ) , m_Establisher - > m3p2Len - 16 , false ) ) // decrypt
2018-07-18 19:57:18 +00:00
{
2018-07-31 19:41:13 +00:00
// caclulate new h again for KDF data
2018-08-09 16:53:36 +00:00
memcpy ( m_Establisher - > m_SessionConfirmedBuffer + 16 , m_Establisher - > GetH ( ) , 32 ) ; // h || ciphertext
SHA256 ( m_Establisher - > m_SessionConfirmedBuffer + 16 , m_Establisher - > m3p2Len + 32 , m_Establisher - > m_H ) ; //h = SHA256(h || ciphertext);
2018-07-31 19:41:13 +00:00
KeyDerivationFunctionDataPhase ( ) ;
2018-08-02 17:58:47 +00:00
// Bob data phase keys
2018-07-31 19:41:13 +00:00
m_SendKey = m_Kba ;
m_ReceiveKey = m_Kab ;
m_SendSipKey = m_Sipkeysba ;
m_ReceiveSipKey = m_Sipkeysab ;
memcpy ( m_ReceiveIV , m_Sipkeysab + 16 , 8 ) ;
memcpy ( m_SendIV , m_Sipkeysba + 16 , 8 ) ;
2018-08-02 17:58:47 +00:00
// process RI
if ( buf [ 0 ] ! = eNTCP2BlkRouterInfo )
{
LogPrint ( eLogWarning , " NTCP2: unexpected block " , ( int ) buf [ 0 ] , " in SessionConfirmed " ) ;
Terminate ( ) ;
return ;
}
auto size = bufbe16toh ( buf . data ( ) + 1 ) ;
if ( size > buf . size ( ) - 3 )
{
LogPrint ( eLogError , " NTCP2: Unexpected RouterInfo size " , size , " in SessionConfirmed " ) ;
Terminate ( ) ;
return ;
}
// TODO: check flag
i2p : : data : : RouterInfo ri ( buf . data ( ) + 4 , size - 1 ) ; // 1 byte block type + 2 bytes size + 1 byte flag
if ( ri . IsUnreachable ( ) )
{
2018-08-02 19:31:15 +00:00
LogPrint ( eLogError , " NTCP2: Signature verification failed in SessionConfirmed " ) ;
SendTerminationAndTerminate ( eNTCP2RouterInfoSignatureVerificationFail ) ;
2018-08-02 17:58:47 +00:00
return ;
}
2018-08-04 12:47:58 +00:00
auto addr = ri . GetNTCP2Address ( false ) ; // any NTCP2 address
2018-08-02 17:58:47 +00:00
if ( ! addr )
{
LogPrint ( eLogError , " NTCP2: No NTCP2 address found in SessionConfirmed " ) ;
Terminate ( ) ;
return ;
}
if ( memcmp ( addr - > ntcp2 - > staticKey , m_Establisher - > m_RemoteStaticKey , 32 ) )
{
2018-08-02 19:31:15 +00:00
LogPrint ( eLogError , " NTCP2: Static key mistmatch in SessionConfirmed " ) ;
SendTerminationAndTerminate ( eNTCP2IncorrectSParameter ) ;
2018-08-02 17:58:47 +00:00
return ;
}
i2p : : data : : netdb . AddRouterInfo ( buf . data ( ) + 4 , size - 1 ) ; // TODO: should insert ri and not parse it twice
// TODO: process options
// ready to communicate
auto existing = i2p : : data : : netdb . FindRouter ( ri . GetRouterIdentity ( ) - > GetIdentHash ( ) ) ; // check if exists already
SetRemoteIdentity ( existing ? existing - > GetRouterIdentity ( ) : ri . GetRouterIdentity ( ) ) ;
2018-08-09 18:20:10 +00:00
m_Server . AddNTCP2Session ( shared_from_this ( ) ) ;
2018-07-31 19:41:13 +00:00
Established ( ) ;
2018-08-02 16:42:39 +00:00
SendRouterInfo ( ) ;
2018-08-02 17:58:47 +00:00
ReceiveLength ( ) ;
2018-07-31 19:41:13 +00:00
}
2018-07-18 19:57:18 +00:00
else
2018-07-31 19:41:13 +00:00
{
LogPrint ( eLogWarning , " NTCP2: SessionConfirmed Part2 AEAD verification failed " ) ;
Terminate ( ) ;
}
2018-07-18 19:57:18 +00:00
}
else
2018-07-31 19:41:13 +00:00
{
LogPrint ( eLogWarning , " NTCP2: SessionConfirmed Part1 AEAD verification failed " ) ;
Terminate ( ) ;
}
2018-07-09 19:56:23 +00:00
}
2018-06-19 19:43:47 +00:00
}
2018-06-06 19:38:18 +00:00
void NTCP2Session : : ClientLogin ( )
{
SendSessionRequest ( ) ;
}
2018-06-11 16:29:30 +00:00
2018-06-19 19:43:47 +00:00
void NTCP2Session : : ServerLogin ( )
{
2018-08-09 16:53:36 +00:00
m_Establisher - > m_SessionRequestBuffer = new uint8_t [ 287 ] ; // 287 bytes max for now
boost : : asio : : async_read ( m_Socket , boost : : asio : : buffer ( m_Establisher - > m_SessionRequestBuffer , 64 ) , boost : : asio : : transfer_all ( ) ,
2018-06-19 19:43:47 +00:00
std : : bind ( & NTCP2Session : : HandleSessionRequestReceived , shared_from_this ( ) ,
std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
2018-06-21 20:24:19 +00:00
void NTCP2Session : : ReceiveLength ( )
{
2018-08-02 16:42:39 +00:00
if ( IsTerminated ( ) ) return ;
2018-06-21 20:24:19 +00:00
boost : : asio : : async_read ( m_Socket , boost : : asio : : buffer ( & m_NextReceivedLen , 2 ) , boost : : asio : : transfer_all ( ) ,
std : : bind ( & NTCP2Session : : HandleReceivedLength , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
void NTCP2Session : : HandleReceivedLength ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
if ( ecode )
{
2018-08-11 20:08:21 +00:00
if ( ecode ! = boost : : asio : : error : : operation_aborted )
LogPrint ( eLogWarning , " NTCP2: receive length read error: " , ecode . message ( ) ) ;
2018-06-21 20:24:19 +00:00
Terminate ( ) ;
}
else
{
2018-08-08 20:23:44 +00:00
i2p : : crypto : : Siphash < 8 > ( m_ReceiveIV , m_ReceiveIV , 8 , m_ReceiveSipKey ) ;
2018-06-22 16:20:35 +00:00
m_NextReceivedLen = be16toh ( m_NextReceivedLen ^ bufbe16toh ( m_ReceiveIV ) ) ;
2018-06-21 20:24:19 +00:00
LogPrint ( eLogDebug , " NTCP2: received length " , m_NextReceivedLen ) ;
2018-08-09 16:53:36 +00:00
if ( m_NextReceivedBuffer ) delete [ ] m_NextReceivedBuffer ;
2018-08-08 21:38:21 +00:00
m_NextReceivedBuffer = new uint8_t [ m_NextReceivedLen ] ;
2018-06-21 20:24:19 +00:00
Receive ( ) ;
}
}
void NTCP2Session : : Receive ( )
{
2018-08-02 16:42:39 +00:00
if ( IsTerminated ( ) ) return ;
2018-06-21 20:24:19 +00:00
boost : : asio : : async_read ( m_Socket , boost : : asio : : buffer ( m_NextReceivedBuffer , m_NextReceivedLen ) , boost : : asio : : transfer_all ( ) ,
std : : bind ( & NTCP2Session : : HandleReceived , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
void NTCP2Session : : HandleReceived ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
if ( ecode )
{
2018-08-11 20:08:21 +00:00
if ( ecode ! = boost : : asio : : error : : operation_aborted )
LogPrint ( eLogWarning , " NTCP2: receive read error: " , ecode . message ( ) ) ;
2018-06-21 20:24:19 +00:00
Terminate ( ) ;
}
2018-06-22 19:02:49 +00:00
else
{
2018-08-03 17:10:32 +00:00
m_LastActivityTimestamp = i2p : : util : : GetSecondsSinceEpoch ( ) ;
2018-07-18 19:57:18 +00:00
m_NumReceivedBytes + = bytes_transferred + 2 ; // + length
i2p : : transport : : transports . UpdateReceivedBytes ( bytes_transferred ) ;
2018-06-22 19:02:49 +00:00
uint8_t nonce [ 12 ] ;
2018-06-25 16:28:07 +00:00
CreateNonce ( m_ReceiveSequenceNumber , nonce ) ; m_ReceiveSequenceNumber + + ;
2018-08-09 19:47:02 +00:00
if ( i2p : : crypto : : AEADChaCha20Poly1305 ( m_NextReceivedBuffer , m_NextReceivedLen - 16 , nullptr , 0 , m_ReceiveKey , nonce , m_NextReceivedBuffer , m_NextReceivedLen , false ) )
2018-06-22 19:02:49 +00:00
{
2018-07-18 18:19:12 +00:00
LogPrint ( eLogDebug , " NTCP2: received message decrypted " ) ;
2018-08-09 19:47:02 +00:00
ProcessNextFrame ( m_NextReceivedBuffer , m_NextReceivedLen - 16 ) ;
2018-08-09 16:53:36 +00:00
delete [ ] m_NextReceivedBuffer ; m_NextReceivedBuffer = nullptr ; // we don't need received buffer anymore
2018-06-22 19:02:49 +00:00
ReceiveLength ( ) ;
}
else
{
2018-08-03 17:10:32 +00:00
LogPrint ( eLogWarning , " NTCP2: Received AEAD verification failed " ) ;
SendTerminationAndTerminate ( eNTCP2DataPhaseAEADFailure ) ;
2018-06-22 19:02:49 +00:00
}
}
}
void NTCP2Session : : ProcessNextFrame ( const uint8_t * frame , size_t len )
{
size_t offset = 0 ;
while ( offset < len )
{
uint8_t blk = frame [ offset ] ;
offset + + ;
auto size = bufbe16toh ( frame + offset ) ;
offset + = 2 ;
LogPrint ( eLogDebug , " NTCP2: Block type " , ( int ) blk , " of size " , size ) ;
if ( size > len )
{
LogPrint ( eLogError , " NTCP2: Unexpected block length " , size ) ;
break ;
}
2018-07-17 19:17:05 +00:00
switch ( blk )
{
case eNTCP2BlkDateTime :
LogPrint ( eLogDebug , " NTCP2: datetime " ) ;
break ;
case eNTCP2BlkOptions :
LogPrint ( eLogDebug , " NTCP2: options " ) ;
break ;
case eNTCP2BlkRouterInfo :
2018-07-18 19:57:18 +00:00
{
2018-07-18 20:27:43 +00:00
LogPrint ( eLogDebug , " NTCP2: RouterInfo flag= " , ( int ) frame [ offset ] ) ;
2018-07-18 19:57:18 +00:00
i2p : : data : : netdb . AddRouterInfo ( frame + offset + 1 , size - 1 ) ;
break ;
}
2018-07-17 19:17:05 +00:00
case eNTCP2BlkI2NPMessage :
{
LogPrint ( eLogDebug , " NTCP2: I2NP " ) ;
auto nextMsg = NewI2NPMessage ( size ) ;
nextMsg - > len = nextMsg - > offset + size + 7 ; // 7 more bytes for full I2NP header
memcpy ( nextMsg - > GetNTCP2Header ( ) , frame + offset , size ) ;
nextMsg - > FromNTCP2 ( ) ;
m_Handler . PutNextMessage ( nextMsg ) ;
break ;
}
case eNTCP2BlkTermination :
2018-08-01 13:43:48 +00:00
if ( size > = 9 )
{
2018-08-02 19:31:15 +00:00
LogPrint ( eLogDebug , " NTCP2: termination. reason= " , ( int ) ( frame [ offset + 8 ] ) ) ;
2018-08-01 13:43:48 +00:00
Terminate ( ) ;
}
else
LogPrint ( eLogWarning , " NTCP2: Unexpected temination block size " , size ) ;
2018-07-17 19:17:05 +00:00
break ;
case eNTCP2BlkPadding :
LogPrint ( eLogDebug , " NTCP2: padding " ) ;
break ;
default :
LogPrint ( eLogWarning , " NTCP2: Unknown block type " , ( int ) blk ) ;
}
2018-06-22 19:02:49 +00:00
offset + = size ;
}
2018-07-17 19:17:05 +00:00
m_Handler . Flush ( ) ;
2018-06-21 20:24:19 +00:00
}
2018-06-25 16:28:07 +00:00
void NTCP2Session : : SendNextFrame ( const uint8_t * payload , size_t len )
{
2018-08-02 16:42:39 +00:00
if ( IsTerminated ( ) ) return ;
2018-06-25 16:28:07 +00:00
uint8_t nonce [ 12 ] ;
CreateNonce ( m_SendSequenceNumber , nonce ) ; m_SendSequenceNumber + + ;
m_NextSendBuffer = new uint8_t [ len + 16 + 2 ] ;
2018-07-09 19:56:23 +00:00
i2p : : crypto : : AEADChaCha20Poly1305 ( payload , len , nullptr , 0 , m_SendKey , nonce , m_NextSendBuffer + 2 , len + 16 , true ) ;
i2p : : crypto : : Siphash < 8 > ( m_SendIV , m_SendIV , 8 , m_SendSipKey ) ;
2018-06-25 16:28:07 +00:00
htobuf16 ( m_NextSendBuffer , bufbe16toh ( m_SendIV ) ^ htobe16 ( len + 16 ) ) ;
LogPrint ( eLogDebug , " NTCP2: sent length " , len + 16 ) ;
// send message
2018-07-18 15:16:40 +00:00
m_IsSending = true ;
2018-06-25 16:28:07 +00:00
boost : : asio : : async_write ( m_Socket , boost : : asio : : buffer ( m_NextSendBuffer , len + 16 + 2 ) , boost : : asio : : transfer_all ( ) ,
std : : bind ( & NTCP2Session : : HandleNextFrameSent , shared_from_this ( ) , std : : placeholders : : _1 , std : : placeholders : : _2 ) ) ;
}
void NTCP2Session : : HandleNextFrameSent ( const boost : : system : : error_code & ecode , std : : size_t bytes_transferred )
{
2018-07-18 15:16:40 +00:00
m_IsSending = false ;
2018-08-11 20:08:21 +00:00
delete [ ] m_NextSendBuffer ; m_NextSendBuffer = nullptr ;
if ( ecode )
{
LogPrint ( eLogWarning , " NTCP2: Couldn't send frame " , ecode . message ( ) ) ;
}
else
{
m_LastActivityTimestamp = i2p : : util : : GetSecondsSinceEpoch ( ) ;
m_NumSentBytes + = bytes_transferred ;
i2p : : transport : : transports . UpdateSentBytes ( bytes_transferred ) ;
LogPrint ( eLogDebug , " NTCP2: Next frame sent " ) ;
SendQueue ( ) ;
}
2018-07-18 15:16:40 +00:00
}
void NTCP2Session : : SendQueue ( )
{
if ( ! m_SendQueue . empty ( ) )
{
2018-08-08 20:23:44 +00:00
auto buf = m_Server . NewNTCP2FrameBuffer ( ) ;
uint8_t * payload = buf - > data ( ) ;
2018-07-18 15:16:40 +00:00
size_t s = 0 ;
// add I2NP blocks
while ( ! m_SendQueue . empty ( ) )
{
auto msg = m_SendQueue . front ( ) ;
size_t len = msg - > GetNTCP2Length ( ) ;
if ( s + len + 3 < = NTCP2_UNENCRYPTED_FRAME_MAX_SIZE ) // 3 bytes block header
{
payload [ s ] = eNTCP2BlkI2NPMessage ; // blk
htobe16buf ( payload + s + 1 , len ) ; // size
s + = 3 ;
msg - > ToNTCP2 ( ) ;
memcpy ( payload + s , msg - > GetNTCP2Header ( ) , len ) ;
s + = len ;
m_SendQueue . pop_front ( ) ;
}
else
break ;
}
// add padding block
int paddingSize = ( s * NTCP2_MAX_PADDING_RATIO ) / 100 ;
if ( s + paddingSize + 3 > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE ) paddingSize = NTCP2_UNENCRYPTED_FRAME_MAX_SIZE - s - 3 ;
if ( paddingSize ) paddingSize = rand ( ) % paddingSize ;
payload [ s ] = eNTCP2BlkPadding ; // blk
htobe16buf ( payload + s + 1 , paddingSize ) ; // size
s + = 3 ;
RAND_bytes ( payload + s , paddingSize ) ;
s + = paddingSize ;
// send
SendNextFrame ( payload , s ) ;
2018-08-08 20:23:44 +00:00
m_Server . DeleteNTCP2FrameBuffer ( buf ) ;
2018-07-18 15:16:40 +00:00
}
}
2018-08-02 16:42:39 +00:00
void NTCP2Session : : SendRouterInfo ( )
{
auto riLen = i2p : : context . GetRouterInfo ( ) . GetBufferLen ( ) ;
int paddingSize = ( riLen * NTCP2_MAX_PADDING_RATIO ) / 100 ;
size_t payloadLen = riLen + paddingSize + 7 ; // 7 = 2*3 bytes header + 1 byte RI flag
uint8_t * payload = new uint8_t [ payloadLen ] ;
payload [ 0 ] = eNTCP2BlkRouterInfo ;
htobe16buf ( payload + 1 , riLen + 1 ) ; // size
payload [ 3 ] = 0 ; // flag
memcpy ( payload + 4 , i2p : : context . GetRouterInfo ( ) . GetBuffer ( ) , riLen ) ;
payload [ riLen + 4 ] = eNTCP2BlkPadding ;
htobe16buf ( payload + riLen + 5 , paddingSize ) ;
RAND_bytes ( payload + riLen + 7 , paddingSize ) ;
SendNextFrame ( payload , payloadLen ) ;
delete [ ] payload ;
}
2018-08-02 19:31:15 +00:00
void NTCP2Session : : SendTermination ( NTCP2TerminationReason reason )
{
uint8_t payload [ 12 ] = { eNTCP2BlkTermination , 0 , 9 } ;
htobe64buf ( payload + 3 , m_ReceiveSequenceNumber ) ;
payload [ 11 ] = ( uint8_t ) reason ;
SendNextFrame ( payload , 12 ) ;
}
void NTCP2Session : : SendTerminationAndTerminate ( NTCP2TerminationReason reason )
{
SendTermination ( reason ) ;
m_Server . GetService ( ) . post ( std : : bind ( & NTCP2Session : : Terminate , shared_from_this ( ) ) ) ; // let termination message go
}
2018-07-18 15:16:40 +00:00
void NTCP2Session : : SendI2NPMessages ( const std : : vector < std : : shared_ptr < I2NPMessage > > & msgs )
{
2018-07-19 16:46:19 +00:00
m_Server . GetService ( ) . post ( std : : bind ( & NTCP2Session : : PostI2NPMessages , shared_from_this ( ) , msgs ) ) ;
}
void NTCP2Session : : PostI2NPMessages ( std : : vector < std : : shared_ptr < I2NPMessage > > msgs )
{
if ( m_IsTerminated ) return ;
2018-07-18 15:16:40 +00:00
for ( auto it : msgs )
m_SendQueue . push_back ( it ) ;
2018-07-19 16:46:19 +00:00
if ( ! m_IsSending )
SendQueue ( ) ;
2018-06-25 16:28:07 +00:00
}
2018-06-11 16:29:30 +00:00
NTCP2Server : : NTCP2Server ( ) :
2018-08-03 17:10:32 +00:00
m_IsRunning ( false ) , m_Thread ( nullptr ) , m_Work ( m_Service ) ,
m_TerminationTimer ( m_Service )
2018-06-11 16:29:30 +00:00
{
}
NTCP2Server : : ~ NTCP2Server ( )
{
Stop ( ) ;
}
void NTCP2Server : : Start ( )
{
if ( ! m_IsRunning )
{
m_IsRunning = true ;
m_Thread = new std : : thread ( std : : bind ( & NTCP2Server : : Run , this ) ) ;
2018-07-23 19:30:51 +00:00
auto & addresses = context . GetRouterInfo ( ) . GetAddresses ( ) ;
for ( const auto & address : addresses )
{
if ( ! address ) continue ;
if ( address - > IsPublishedNTCP2 ( ) )
{
if ( address - > host . is_v4 ( ) )
{
try
{
m_NTCP2Acceptor . reset ( new boost : : asio : : ip : : tcp : : acceptor ( m_Service , boost : : asio : : ip : : tcp : : endpoint ( boost : : asio : : ip : : tcp : : v4 ( ) , address - > port ) ) ) ;
}
catch ( std : : exception & ex )
{
LogPrint ( eLogError , " NTCP2: Failed to bind to ip4 port " , address - > port , ex . what ( ) ) ;
continue ;
}
2018-07-31 19:41:13 +00:00
LogPrint ( eLogInfo , " NTCP2: Start listening TCP port " , address - > port ) ;
2018-07-23 19:30:51 +00:00
auto conn = std : : make_shared < NTCP2Session > ( * this ) ;
m_NTCP2Acceptor - > async_accept ( conn - > GetSocket ( ) , std : : bind ( & NTCP2Server : : HandleAccept , this , conn , std : : placeholders : : _1 ) ) ;
}
else if ( address - > host . is_v6 ( ) & & context . SupportsV6 ( ) )
{
m_NTCP2V6Acceptor . reset ( new boost : : asio : : ip : : tcp : : acceptor ( m_Service ) ) ;
try
{
m_NTCP2V6Acceptor - > open ( boost : : asio : : ip : : tcp : : v6 ( ) ) ;
m_NTCP2V6Acceptor - > set_option ( boost : : asio : : ip : : v6_only ( true ) ) ;
m_NTCP2V6Acceptor - > bind ( boost : : asio : : ip : : tcp : : endpoint ( boost : : asio : : ip : : tcp : : v6 ( ) , address - > port ) ) ;
m_NTCP2V6Acceptor - > listen ( ) ;
LogPrint ( eLogInfo , " NTCP2: Start listening V6 TCP port " , address - > port ) ;
auto conn = std : : make_shared < NTCP2Session > ( * this ) ;
m_NTCP2V6Acceptor - > async_accept ( conn - > GetSocket ( ) , std : : bind ( & NTCP2Server : : HandleAcceptV6 , this , conn , std : : placeholders : : _1 ) ) ;
} catch ( std : : exception & ex ) {
LogPrint ( eLogError , " NTCP: failed to bind to ip6 port " , address - > port ) ;
continue ;
}
}
}
}
2018-08-03 17:10:32 +00:00
ScheduleTermination ( ) ;
2018-06-11 16:29:30 +00:00
}
}
void NTCP2Server : : Stop ( )
{
2018-07-18 16:58:29 +00:00
{
// we have to copy it because Terminate changes m_NTCP2Sessions
auto ntcpSessions = m_NTCP2Sessions ;
for ( auto & it : ntcpSessions )
it . second - > Terminate ( ) ;
2018-07-23 19:30:51 +00:00
for ( auto & it : m_PendingIncomingSessions )
it - > Terminate ( ) ;
2018-07-18 16:58:29 +00:00
}
m_NTCP2Sessions . clear ( ) ;
2018-06-11 16:29:30 +00:00
if ( m_IsRunning )
{
m_IsRunning = false ;
2018-08-03 17:19:35 +00:00
m_TerminationTimer . cancel ( ) ;
2018-06-11 16:29:30 +00:00
m_Service . stop ( ) ;
if ( m_Thread )
{
m_Thread - > join ( ) ;
delete m_Thread ;
m_Thread = nullptr ;
}
}
}
void NTCP2Server : : Run ( )
{
while ( m_IsRunning )
{
try
{
m_Service . run ( ) ;
}
catch ( std : : exception & ex )
{
LogPrint ( eLogError , " NTCP2: runtime exception: " , ex . what ( ) ) ;
}
}
}
2018-07-18 16:58:29 +00:00
bool NTCP2Server : : AddNTCP2Session ( std : : shared_ptr < NTCP2Session > session )
{
if ( ! session | | ! session - > GetRemoteIdentity ( ) ) return false ;
auto & ident = session - > GetRemoteIdentity ( ) - > GetIdentHash ( ) ;
auto it = m_NTCP2Sessions . find ( ident ) ;
if ( it ! = m_NTCP2Sessions . end ( ) )
{
LogPrint ( eLogWarning , " NTCP2: session to " , ident . ToBase64 ( ) , " already exists " ) ;
session - > Terminate ( ) ;
return false ;
}
m_NTCP2Sessions . insert ( std : : make_pair ( ident , session ) ) ;
return true ;
}
void NTCP2Server : : RemoveNTCP2Session ( std : : shared_ptr < NTCP2Session > session )
{
if ( session & & session - > GetRemoteIdentity ( ) )
m_NTCP2Sessions . erase ( session - > GetRemoteIdentity ( ) - > GetIdentHash ( ) ) ;
}
std : : shared_ptr < NTCP2Session > NTCP2Server : : FindNTCP2Session ( const i2p : : data : : IdentHash & ident )
{
auto it = m_NTCP2Sessions . find ( ident ) ;
if ( it ! = m_NTCP2Sessions . end ( ) )
return it - > second ;
return nullptr ;
}
2018-06-11 16:29:30 +00:00
void NTCP2Server : : Connect ( const boost : : asio : : ip : : address & address , uint16_t port , std : : shared_ptr < NTCP2Session > conn )
{
2018-06-11 18:05:30 +00:00
LogPrint ( eLogDebug , " NTCP2: Connecting to " , address , " : " , port ) ;
2018-06-11 16:29:30 +00:00
m_Service . post ( [ this , address , port , conn ] ( )
{
2018-07-18 16:58:29 +00:00
if ( this - > AddNTCP2Session ( conn ) )
{
2018-08-03 17:10:32 +00:00
auto timer = std : : make_shared < boost : : asio : : deadline_timer > ( m_Service ) ;
auto timeout = NTCP2_CONNECT_TIMEOUT * 5 ;
conn - > SetTerminationTimeout ( timeout * 2 ) ;
timer - > expires_from_now ( boost : : posix_time : : seconds ( timeout ) ) ;
timer - > async_wait ( [ conn , timeout ] ( const boost : : system : : error_code & ecode )
{
if ( ecode ! = boost : : asio : : error : : operation_aborted )
{
LogPrint ( eLogInfo , " NTCP2: Not connected in " , timeout , " seconds " ) ;
//i2p::data::netdb.SetUnreachable (conn->GetRemoteIdentity ()->GetIdentHash (), true);
conn - > Terminate ( ) ;
}
} ) ;
conn - > GetSocket ( ) . async_connect ( boost : : asio : : ip : : tcp : : endpoint ( address , port ) , std : : bind ( & NTCP2Server : : HandleConnect , this , std : : placeholders : : _1 , conn , timer ) ) ;
2018-07-18 16:58:29 +00:00
}
2018-06-11 16:29:30 +00:00
} ) ;
}
2018-08-03 17:10:32 +00:00
void NTCP2Server : : HandleConnect ( const boost : : system : : error_code & ecode , std : : shared_ptr < NTCP2Session > conn , std : : shared_ptr < boost : : asio : : deadline_timer > timer )
2018-06-11 16:29:30 +00:00
{
2018-08-03 17:10:32 +00:00
timer - > cancel ( ) ;
2018-06-11 16:29:30 +00:00
if ( ecode )
{
LogPrint ( eLogInfo , " NTCP2: Connect error " , ecode . message ( ) ) ;
conn - > Terminate ( ) ;
}
else
{
LogPrint ( eLogDebug , " NTCP2: Connected to " , conn - > GetSocket ( ) . remote_endpoint ( ) ) ;
conn - > ClientLogin ( ) ;
}
}
2018-07-23 19:30:51 +00:00
void NTCP2Server : : HandleAccept ( std : : shared_ptr < NTCP2Session > conn , const boost : : system : : error_code & error )
{
if ( ! error )
{
boost : : system : : error_code ec ;
auto ep = conn - > GetSocket ( ) . remote_endpoint ( ec ) ;
if ( ! ec )
{
LogPrint ( eLogDebug , " NTCP2: Connected from " , ep ) ;
if ( conn )
{
conn - > ServerLogin ( ) ;
2018-08-03 17:10:32 +00:00
m_PendingIncomingSessions . push_back ( conn ) ;
2018-07-23 19:30:51 +00:00
}
}
else
LogPrint ( eLogError , " NTCP2: Connected from error " , ec . message ( ) ) ;
}
if ( error ! = boost : : asio : : error : : operation_aborted )
{
conn = std : : make_shared < NTCP2Session > ( * this ) ;
m_NTCP2Acceptor - > async_accept ( conn - > GetSocket ( ) , std : : bind ( & NTCP2Server : : HandleAccept , this ,
conn , std : : placeholders : : _1 ) ) ;
}
}
void NTCP2Server : : HandleAcceptV6 ( std : : shared_ptr < NTCP2Session > conn , const boost : : system : : error_code & error )
{
if ( ! error )
{
boost : : system : : error_code ec ;
auto ep = conn - > GetSocket ( ) . remote_endpoint ( ec ) ;
if ( ! ec )
{
LogPrint ( eLogDebug , " NTCP2: Connected from " , ep ) ;
if ( conn )
{
conn - > ServerLogin ( ) ;
2018-08-03 17:10:32 +00:00
m_PendingIncomingSessions . push_back ( conn ) ;
2018-07-23 19:30:51 +00:00
}
}
else
LogPrint ( eLogError , " NTCP2: Connected from error " , ec . message ( ) ) ;
}
if ( error ! = boost : : asio : : error : : operation_aborted )
{
conn = std : : make_shared < NTCP2Session > ( * this ) ;
m_NTCP2V6Acceptor - > async_accept ( conn - > GetSocket ( ) , std : : bind ( & NTCP2Server : : HandleAcceptV6 , this ,
conn , std : : placeholders : : _1 ) ) ;
}
}
2018-08-03 17:10:32 +00:00
void NTCP2Server : : ScheduleTermination ( )
{
m_TerminationTimer . expires_from_now ( boost : : posix_time : : seconds ( NTCP2_TERMINATION_CHECK_TIMEOUT ) ) ;
m_TerminationTimer . async_wait ( std : : bind ( & NTCP2Server : : HandleTerminationTimer ,
this , std : : placeholders : : _1 ) ) ;
}
void NTCP2Server : : HandleTerminationTimer ( const boost : : system : : error_code & ecode )
{
if ( ecode ! = boost : : asio : : error : : operation_aborted )
{
auto ts = i2p : : util : : GetSecondsSinceEpoch ( ) ;
// established
for ( auto & it : m_NTCP2Sessions )
if ( it . second - > IsTerminationTimeoutExpired ( ts ) )
{
auto session = it . second ;
LogPrint ( eLogDebug , " NTCP2: No activity for " , session - > GetTerminationTimeout ( ) , " seconds " ) ;
session - > TerminateByTimeout ( ) ; // it doesn't change m_NTCP2Session right a way
}
// pending
for ( auto it = m_PendingIncomingSessions . begin ( ) ; it ! = m_PendingIncomingSessions . end ( ) ; )
{
if ( ( * it ) - > IsEstablished ( ) | | ( * it ) - > IsTerminated ( ) )
it = m_PendingIncomingSessions . erase ( it ) ; // established or terminated
else if ( ( * it ) - > IsTerminationTimeoutExpired ( ts ) )
{
( * it ) - > Terminate ( ) ;
it = m_PendingIncomingSessions . erase ( it ) ; // expired
}
else
it + + ;
}
ScheduleTermination ( ) ;
}
}
2018-06-05 16:53:13 +00:00
}
}