garlic encryption of inbound tunnel build message

2025-01-11 13:27:52 +00:00 · 2021-07-10 14:33:23 -04:00 · 2021-07-10 14:33:23 -04:00 · 1e9eb30aa3
commit 1e9eb30aa3
parent d47bf1bada
5 changed files with 18 additions and 4 deletions
--- a/libi2pd/ECIESX25519AEADRatchetSession.cpp
+++ b/libi2pd/ECIESX25519AEADRatchetSession.cpp
@ -1133,7 +1133,7 @@ namespace garlic
 		return true;
 	}	
 		
-	std::shared_ptr<I2NPMessage> WrapECIESX25519AEADRatchetMessage (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag)
+	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag)
 	{
 		auto m = NewI2NPMessage ();
 		m->Align (12); // in order to get buf aligned to 16 (12 + 4)
@ -1167,5 +1167,12 @@ namespace garlic
 		return m;
 	}

+	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<const I2NPMessage> msg, const uint8_t * routerPublicKey)
+	{
+		// TODO: implement without session
+		auto session = std::make_shared<ECIESX25519AEADRatchetSession>(nullptr, false);
+		session->SetRemoteStaticKey (routerPublicKey);
+		return session->WrapOneTimeMessage (msg, true);
+	}	
 }
 }
--- a/libi2pd/ECIESX25519AEADRatchetSession.h
+++ b/libi2pd/ECIESX25519AEADRatchetSession.h
@ -256,7 +256,8 @@ namespace garlic
 			i2p::crypto::NoiseSymmetricState m_CurrentNoiseState;
 	};	
 	
-	std::shared_ptr<I2NPMessage> WrapECIESX25519AEADRatchetMessage (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag);
+	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag);
+	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<const I2NPMessage> msg, const uint8_t * routerPublicKey);
 }
 }

--- a/libi2pd/I2NPProtocol.cpp
+++ b/libi2pd/I2NPProtocol.cpp
@ -675,7 +675,7 @@ namespace i2p
 					// send garlic to reply tunnel
 					transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,
 						CreateTunnelGatewayMsg (bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
-							i2p::garlic::WrapECIESX25519AEADRatchetMessage (otbrm,  noiseState.m_CK + 32, tag)));
+							i2p::garlic::WrapECIESX25519Message (otbrm,  noiseState.m_CK + 32, tag)));
 				}
 				else
 				{	
--- a/libi2pd/NetDb.cpp
+++ b/libi2pd/NetDb.cpp
@ -988,7 +988,7 @@ namespace data
 						{
 							uint64_t tag;
 							memcpy (&tag, excluded + 33, 8);
-							replyMsg = i2p::garlic::WrapECIESX25519AEADRatchetMessage (replyMsg, sessionKey, tag);
+							replyMsg = i2p::garlic::WrapECIESX25519Message (replyMsg, sessionKey, tag);
 						}
 						else
 						{
--- a/libi2pd/Tunnel.cpp
+++ b/libi2pd/Tunnel.cpp
@ -23,6 +23,7 @@
 #include "Tunnel.h"
 #include "TunnelPool.h"
 #include "util.h"
+#include "ECIESX25519AEADRatchetSession.h"

 namespace i2p
 {
@ -91,7 +92,12 @@ namespace tunnel

 		// send message
 		if (outboundTunnel)
+		{
+			auto ident = m_Config->GetFirstHop () ? m_Config->GetFirstHop ()->ident : nullptr;
+			if (ident && ident->GetCryptoKeyType () == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)
+				msg = i2p::garlic::WrapECIESX25519MessageForRouter (msg, ident->GetEncryptionPublicKey ());	
 			outboundTunnel->SendTunnelDataMsg (GetNextIdentHash (), 0, msg);
+		}	
 		else
 			i2p::transport::transports.SendMessage (GetNextIdentHash (), msg);
 	}