Browse Source

handle and send SessionRequest message

pull/16/head
orignal 11 years ago
parent
commit
21693fc1e5
  1. 131
      SSU.cpp
  2. 22
      SSU.h

131
SSU.cpp

@ -1,6 +1,10 @@
#include <string.h> #include <string.h>
#include <boost/bind.hpp> #include <boost/bind.hpp>
#include <cryptopp/dh.h>
#include <cryptopp/secblock.h>
#include "CryptoConst.h"
#include "Log.h" #include "Log.h"
#include "Timestamp.h"
#include "RouterContext.h" #include "RouterContext.h"
#include "hmac.h" #include "hmac.h"
#include "SSU.h" #include "SSU.h"
@ -12,24 +16,110 @@ namespace ssu
SSUSession::SSUSession (SSUServer * server, const boost::asio::ip::udp::endpoint& remoteEndpoint, SSUSession::SSUSession (SSUServer * server, const boost::asio::ip::udp::endpoint& remoteEndpoint,
i2p::data::RouterInfo * router): m_Server (server), m_RemoteEndpoint (remoteEndpoint), i2p::data::RouterInfo * router): m_Server (server), m_RemoteEndpoint (remoteEndpoint),
m_State (eSessionStateUnknown) m_RemoteRouter (router), m_State (eSessionStateUnknown)
{ {
} }
void SSUSession::ProcessNextMessage (uint8_t * buf, size_t len) void SSUSession::CreateAESKey (uint8_t * pubKey, uint8_t * aesKey) // TODO: move it to base class for NTCP and SSU
{
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength());
if (!dh.Agree (secretKey, i2p::context.GetPrivateKey (), pubKey))
{
LogPrint ("Couldn't create shared key");
return;
};
if (secretKey[0] & 0x80)
{
aesKey[0] = 0;
memcpy (aesKey + 1, secretKey, 31);
}
else
memcpy (aesKey, secretKey, 32);
}
void SSUSession::ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
{ {
switch (m_State) switch (m_State)
{ {
case eSessionStateUnknown: case eSessionStateUnknown:
// we assume session request // session request
ProcessSessionRequest (buf, len); ProcessSessionRequest (buf, len, senderEndpoint);
break;
case eSessionStateRequestSent:
// session created
ProcessSessionCreated (buf, len);
break; break;
default: default:
LogPrint ("SSU state not implemented yet"); LogPrint ("SSU state not implemented yet");
} }
} }
void SSUSession::ProcessSessionRequest (uint8_t * buf, size_t len) void SSUSession::ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
{
LogPrint ("Process session request");
if (ProcessIntroKeyEncryptedMessage (PAYLOAD_TYPE_SESSION_REQUEST, buf, len))
{
m_State = eSessionStateRequestReceived;
LogPrint ("Session request received");
SendSessionCreated (senderEndpoint);
}
}
void SSUSession::ProcessSessionCreated (uint8_t * buf, size_t len)
{
LogPrint ("Process session created");
if (ProcessIntroKeyEncryptedMessage (PAYLOAD_TYPE_SESSION_CREATED, buf, len))
{
m_State = eSessionStateCreatedReceived;
LogPrint ("Session request received");
// TODO:
}
}
void SSUSession::SendSessionRequest ()
{
auto address = m_RemoteRouter ? m_RemoteRouter->GetSSUAddress () : nullptr;
if (!address)
{
LogPrint ("Missing remote SSU address");
return;
}
uint8_t buf[304 + 18]; // 304 bytes for ipv4 (320 for ipv6)
uint8_t * payload = buf + sizeof (SSUHeader);
memcpy (payload, i2p::context.GetRouterIdentity ().publicKey, 256);
payload[256] = 4; // we assume ipv4
*(uint32_t *)(payload + 257) = address->host.to_v4 ().to_ulong (); // network bytes order already
uint8_t iv[16];
CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
rnd.GenerateBlock (iv, 16); // random iv
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_REQUEST, buf, 304, address->key, iv, address->key);
m_State = eSessionStateRequestSent;
m_Server->Send (buf, 304, m_RemoteEndpoint);
}
void SSUSession::SendSessionCreated (const boost::asio::ip::udp::endpoint& senderEndpoint)
{
auto address = m_RemoteRouter ? m_RemoteRouter->GetSSUAddress () : nullptr;
if (!address)
{
LogPrint ("Missing remote SSU address");
return;
}
uint8_t buf[368 + 18];
uint8_t * payload = buf + sizeof (SSUHeader);
memcpy (payload, i2p::context.GetRouterIdentity ().publicKey, 256);
m_State = eSessionStateRequestSent;
m_Server->Send (buf, 368, m_RemoteEndpoint);
}
bool SSUSession::ProcessIntroKeyEncryptedMessage (uint8_t expectedPayloadType, uint8_t * buf, size_t len)
{ {
auto address = i2p::context.GetRouterInfo ().GetSSUAddress (); auto address = i2p::context.GetRouterInfo ().GetSSUAddress ();
if (address) if (address)
@ -37,19 +127,25 @@ namespace ssu
// use intro key for verification and decryption // use intro key for verification and decryption
if (Validate (buf, len, address->key)) if (Validate (buf, len, address->key))
{ {
m_State = eSessionStateRequestReceived;
LogPrint ("Session request received");
Decrypt (buf, len, address->key); Decrypt (buf, len, address->key);
// TODO: SSUHeader * header = (SSUHeader *)buf;
if ((header->flag >> 4) == expectedPayloadType)
{
CreateAESKey (buf + sizeof (SSUHeader), m_SessionKey);
return true;
}
else
LogPrint ("Unexpected payload type ", (int)(header->flag >> 4));
} }
else else
LogPrint ("MAC verifcation failed"); LogPrint ("MAC verifcation failed");
} }
else else
LogPrint ("SSU is not supported"); LogPrint ("SSU is not supported");
} return false;
}
void SSUSession::Encrypt (uint8_t * buf, size_t len, uint8_t * aesKey, uint8_t * iv, uint8_t * macKey) void SSUSession::FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, uint8_t * aesKey, uint8_t * iv, uint8_t * macKey)
{ {
if (len < sizeof (SSUHeader)) if (len < sizeof (SSUHeader))
{ {
@ -58,6 +154,8 @@ namespace ssu
} }
SSUHeader * header = (SSUHeader *)buf; SSUHeader * header = (SSUHeader *)buf;
memcpy (header->iv, iv, 16); memcpy (header->iv, iv, 16);
header->flag = payloadType << 4; // MSB is 0
header->time = htobe32 (i2p::util::GetSecondsSinceEpoch ());
uint8_t * encrypted = &header->flag; uint8_t * encrypted = &header->flag;
uint16_t encryptedLen = len - (encrypted - buf); uint16_t encryptedLen = len - (encrypted - buf);
m_Encryption.SetKeyWithIV (aesKey, 32, iv); m_Encryption.SetKeyWithIV (aesKey, 32, iv);
@ -100,6 +198,16 @@ namespace ssu
return !memcmp (header->mac, digest, 16); return !memcmp (header->mac, digest, 16);
} }
void SSUSession::Connect ()
{
SendSessionRequest ();
}
void SSUSession::SendI2NPMessage (I2NPMessage * msg)
{
// TODO:
}
SSUServer::SSUServer (boost::asio::io_service& service, int port): SSUServer::SSUServer (boost::asio::io_service& service, int port):
m_Socket (service, boost::asio::ip::udp::v4 (), port) m_Socket (service, boost::asio::ip::udp::v4 (), port)
{ {
@ -147,7 +255,7 @@ namespace ssu
m_Sessions[m_SenderEndpoint] = session; m_Sessions[m_SenderEndpoint] = session;
LogPrint ("New SSU session from ", m_SenderEndpoint.address ().to_string (), ":", m_SenderEndpoint.port (), " created"); LogPrint ("New SSU session from ", m_SenderEndpoint.address ().to_string (), ":", m_SenderEndpoint.port (), " created");
} }
session->ProcessNextMessage (m_ReceiveBuffer, bytes_transferred); session->ProcessNextMessage (m_ReceiveBuffer, bytes_transferred, m_SenderEndpoint);
Receive (); Receive ();
} }
else else
@ -173,6 +281,7 @@ namespace ssu
m_Sessions[remoteEndpoint] = session; m_Sessions[remoteEndpoint] = session;
LogPrint ("New SSU session to [", router->GetIdentHashAbbreviation (), "] ", LogPrint ("New SSU session to [", router->GetIdentHashAbbreviation (), "] ",
remoteEndpoint.address ().to_string (), ":", remoteEndpoint.port (), " created"); remoteEndpoint.address ().to_string (), ":", remoteEndpoint.port (), " created");
session->Connect ();
} }
} }
else else

22
SSU.h

@ -8,6 +8,7 @@
#include <cryptopp/aes.h> #include <cryptopp/aes.h>
#include "I2PEndian.h" #include "I2PEndian.h"
#include "RouterInfo.h" #include "RouterInfo.h"
#include "I2NPProtocol.h"
namespace i2p namespace i2p
{ {
@ -25,7 +26,7 @@ namespace ssu
const int SSU_MTU = 1484; const int SSU_MTU = 1484;
// payload types (4 bits) // payload types (3 bits)
const uint8_t PAYLOAD_TYPE_SESSION_REQUEST = 0; const uint8_t PAYLOAD_TYPE_SESSION_REQUEST = 0;
const uint8_t PAYLOAD_TYPE_SESSION_CREATED = 1; const uint8_t PAYLOAD_TYPE_SESSION_CREATED = 1;
const uint8_t PAYLOAD_TYPE_SESSION_CONFIRMED = 2; const uint8_t PAYLOAD_TYPE_SESSION_CONFIRMED = 2;
@ -54,13 +55,22 @@ namespace ssu
SSUSession (SSUServer * server, const boost::asio::ip::udp::endpoint& remoteEndpoint, SSUSession (SSUServer * server, const boost::asio::ip::udp::endpoint& remoteEndpoint,
i2p::data::RouterInfo * router = nullptr); i2p::data::RouterInfo * router = nullptr);
void ProcessNextMessage (uint8_t * buf, size_t len); void ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
void Connect ();
void SendI2NPMessage (I2NPMessage * msg);
private: private:
void ProcessSessionRequest (uint8_t * buf, size_t len); void CreateAESKey (uint8_t * pubKey, uint8_t * aesKey); // TODO: shouldn't be here
void ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
void SendSessionRequest ();
void ProcessSessionCreated (uint8_t * buf, size_t len);
void SendSessionCreated (const boost::asio::ip::udp::endpoint& senderEndpoint);
void Encrypt (uint8_t * buf, size_t len, uint8_t * aesKey, uint8_t * iv, uint8_t * macKey); bool ProcessIntroKeyEncryptedMessage (uint8_t expectedPayloadType, uint8_t * buf, size_t len);
void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, uint8_t * aesKey, uint8_t * iv, uint8_t * macKey);
void Decrypt (uint8_t * buf, size_t len, uint8_t * aesKey); void Decrypt (uint8_t * buf, size_t len, uint8_t * aesKey);
bool Validate (uint8_t * buf, size_t len, uint8_t * macKey); bool Validate (uint8_t * buf, size_t len, uint8_t * macKey);
@ -68,9 +78,11 @@ namespace ssu
SSUServer * m_Server; SSUServer * m_Server;
boost::asio::ip::udp::endpoint m_RemoteEndpoint; boost::asio::ip::udp::endpoint m_RemoteEndpoint;
i2p::data::RouterInfo * m_RemoteRouter;
SessionState m_State; SessionState m_State;
CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption; CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption;
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption; CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption;
uint8_t m_SessionKey[32];
}; };
class SSUServer class SSUServer

Loading…
Cancel
Save