Browse Source

separate decryptor for tunnel builds and floodfill requests

pull/1638/head
orignal 4 years ago
parent
commit
40f7e9d33e
  1. 13
      libi2pd/RouterContext.cpp
  2. 2
      libi2pd/RouterContext.h

13
libi2pd/RouterContext.cpp

@ -41,6 +41,7 @@ namespace i2p
if (!Load ()) if (!Load ())
CreateNewRouter (); CreateNewRouter ();
m_Decryptor = m_Keys.CreateDecryptor (nullptr); m_Decryptor = m_Keys.CreateDecryptor (nullptr);
m_TunnelDecryptor = m_Keys.CreateDecryptor (nullptr);
UpdateRouterInfo (); UpdateRouterInfo ();
if (IsECIES ()) if (IsECIES ())
{ {
@ -105,7 +106,7 @@ namespace i2p
if (ssu) if (ssu)
{ {
routerInfo.AddSSUAddress (host.c_str(), port, nullptr); routerInfo.AddSSUAddress (host.c_str(), port, nullptr);
caps |= i2p::data::RouterInfo::eReachable | i2p::data::RouterInfo::eSSUTesting | i2p::data::RouterInfo::eSSUIntroducer; // R, BC caps |= i2p::data::RouterInfo::eReachable; // R
} }
} }
if (ipv6) if (ipv6)
@ -424,7 +425,6 @@ namespace i2p
caps &= ~i2p::data::RouterInfo::eReachable; caps &= ~i2p::data::RouterInfo::eReachable;
caps |= i2p::data::RouterInfo::eUnreachable; caps |= i2p::data::RouterInfo::eUnreachable;
caps &= ~i2p::data::RouterInfo::eFloodfill; // can't be floodfill caps &= ~i2p::data::RouterInfo::eFloodfill; // can't be floodfill
caps &= ~i2p::data::RouterInfo::eSSUIntroducer; // can't be introducer
m_RouterInfo.SetCaps (caps); m_RouterInfo.SetCaps (caps);
uint16_t port = 0; uint16_t port = 0;
// delete previous introducers // delete previous introducers
@ -432,6 +432,7 @@ namespace i2p
for (auto& addr : addresses) for (auto& addr : addresses)
if (addr->ssu) if (addr->ssu)
{ {
addr->caps &= ~i2p::data::RouterInfo::eSSUIntroducer; // can't be introducer
addr->ssu->introducers.clear (); addr->ssu->introducers.clear ();
port = addr->port; port = addr->port;
} }
@ -449,7 +450,6 @@ namespace i2p
uint8_t caps = m_RouterInfo.GetCaps (); uint8_t caps = m_RouterInfo.GetCaps ();
caps &= ~i2p::data::RouterInfo::eUnreachable; caps &= ~i2p::data::RouterInfo::eUnreachable;
caps |= i2p::data::RouterInfo::eReachable; caps |= i2p::data::RouterInfo::eReachable;
caps |= i2p::data::RouterInfo::eSSUIntroducer;
if (m_IsFloodfill) if (m_IsFloodfill)
caps |= i2p::data::RouterInfo::eFloodfill; caps |= i2p::data::RouterInfo::eFloodfill;
m_RouterInfo.SetCaps (caps); m_RouterInfo.SetCaps (caps);
@ -459,6 +459,7 @@ namespace i2p
for (auto& addr : addresses) for (auto& addr : addresses)
if (addr->ssu) if (addr->ssu)
{ {
addr->caps |= i2p::data::RouterInfo::eSSUIntroducer;
addr->ssu->introducers.clear (); addr->ssu->introducers.clear ();
port = addr->port; port = addr->port;
} }
@ -771,7 +772,7 @@ namespace i2p
bool RouterContext::DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) bool RouterContext::DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx)
{ {
if (!m_Decryptor) return false; if (!m_TunnelDecryptor) return false;
if (IsECIES ()) if (IsECIES ())
{ {
if (!m_InitialNoiseState) return false; if (!m_InitialNoiseState) return false;
@ -779,7 +780,7 @@ namespace i2p
m_CurrentNoiseState.reset (new i2p::crypto::NoiseSymmetricState (*m_InitialNoiseState)); m_CurrentNoiseState.reset (new i2p::crypto::NoiseSymmetricState (*m_InitialNoiseState));
m_CurrentNoiseState->MixHash (encrypted, 32); // h = SHA256(h || sepk) m_CurrentNoiseState->MixHash (encrypted, 32); // h = SHA256(h || sepk)
uint8_t sharedSecret[32]; uint8_t sharedSecret[32];
if (!m_Decryptor->Decrypt (encrypted, sharedSecret, ctx, false)) if (!m_TunnelDecryptor->Decrypt (encrypted, sharedSecret, ctx, false))
{ {
LogPrint (eLogWarning, "Router: Incorrect ephemeral public key"); LogPrint (eLogWarning, "Router: Incorrect ephemeral public key");
return false; return false;
@ -798,7 +799,7 @@ namespace i2p
return true; return true;
} }
else else
return m_Decryptor->Decrypt (encrypted, data, ctx, false); return m_TunnelDecryptor->Decrypt (encrypted, data, ctx, false);
} }
i2p::crypto::X25519Keys& RouterContext::GetStaticKeys () i2p::crypto::X25519Keys& RouterContext::GetStaticKeys ()

2
libi2pd/RouterContext.h

@ -153,7 +153,7 @@ namespace i2p
i2p::data::RouterInfo m_RouterInfo; i2p::data::RouterInfo m_RouterInfo;
i2p::data::PrivateKeys m_Keys; i2p::data::PrivateKeys m_Keys;
std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> m_Decryptor; std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> m_Decryptor, m_TunnelDecryptor;
uint64_t m_LastUpdateTime; // in seconds uint64_t m_LastUpdateTime; // in seconds
bool m_AcceptsTunnels, m_IsFloodfill; bool m_AcceptsTunnels, m_IsFloodfill;
std::chrono::time_point<std::chrono::steady_clock> m_StartupTime; std::chrono::time_point<std::chrono::steady_clock> m_StartupTime;

Loading…
Cancel
Save