|
|
@ -1,7 +1,7 @@ |
|
|
|
#include <string.h> |
|
|
|
#include <string.h> |
|
|
|
#include <boost/bind.hpp> |
|
|
|
#include <boost/bind.hpp> |
|
|
|
#include <cryptopp/dh.h> |
|
|
|
#include <cryptopp/dh.h> |
|
|
|
#include <cryptopp/secblock.h> |
|
|
|
#include <cryptopp/sha.h> |
|
|
|
#include "CryptoConst.h" |
|
|
|
#include "CryptoConst.h" |
|
|
|
#include "Log.h" |
|
|
|
#include "Log.h" |
|
|
|
#include "Timestamp.h" |
|
|
|
#include "Timestamp.h" |
|
|
@ -38,23 +38,40 @@ namespace ssu |
|
|
|
void SSUSession::CreateAESandMacKey (const uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey) |
|
|
|
void SSUSession::CreateAESandMacKey (const uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey) |
|
|
|
{ |
|
|
|
{ |
|
|
|
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg); |
|
|
|
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg); |
|
|
|
CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength()); |
|
|
|
uint8_t sharedKey[64]; |
|
|
|
if (!dh.Agree (secretKey, m_DHKeysPair->privateKey, pubKey)) |
|
|
|
if (!dh.Agree (sharedKey, m_DHKeysPair->privateKey, pubKey)) |
|
|
|
{ |
|
|
|
{ |
|
|
|
LogPrint ("Couldn't create shared key"); |
|
|
|
LogPrint ("Couldn't create shared key"); |
|
|
|
return; |
|
|
|
return; |
|
|
|
}; |
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
if (secretKey[0] & 0x80) |
|
|
|
if (sharedKey[0] & 0x80) |
|
|
|
{ |
|
|
|
{ |
|
|
|
aesKey[0] = 0; |
|
|
|
aesKey[0] = 0; |
|
|
|
memcpy (aesKey + 1, secretKey, 31); |
|
|
|
memcpy (aesKey + 1, sharedKey, 31); |
|
|
|
memcpy (macKey, secretKey + 31, 32); |
|
|
|
memcpy (macKey, sharedKey + 31, 32); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
else if (sharedKey[0]) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
memcpy (aesKey, sharedKey, 32); |
|
|
|
|
|
|
|
memcpy (macKey, sharedKey + 32, 32); |
|
|
|
} |
|
|
|
} |
|
|
|
else |
|
|
|
else |
|
|
|
{ |
|
|
|
{ |
|
|
|
memcpy (aesKey, secretKey, 32); |
|
|
|
// find first non-zero byte
|
|
|
|
memcpy (macKey, secretKey + 32, 32); |
|
|
|
uint8_t * nonZero = sharedKey + 1; |
|
|
|
|
|
|
|
while (!*nonZero) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
nonZero++; |
|
|
|
|
|
|
|
if (nonZero - sharedKey > 32) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
LogPrint ("First 32 bytes of shared key is all zeros. Ignored"); |
|
|
|
|
|
|
|
return; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
memcpy (aesKey, nonZero, 32); |
|
|
|
|
|
|
|
CryptoPP::SHA256().CalculateDigest(macKey, nonZero, 64 - (nonZero - sharedKey)); |
|
|
|
} |
|
|
|
} |
|
|
|
m_IsSessionKey = true; |
|
|
|
m_IsSessionKey = true; |
|
|
|
} |
|
|
|
} |
|
|
|