Browse Source

create next tagset

pull/1515/head
orignal 5 years ago
parent
commit
51e3d5f7bc
  1. 68
      libi2pd/ECIESX25519AEADRatchetSession.cpp
  2. 9
      libi2pd/ECIESX25519AEADRatchetSession.h

68
libi2pd/ECIESX25519AEADRatchetSession.cpp

@ -38,7 +38,11 @@ namespace garlic
{ {
i2p::crypto::HKDF (m_KeyData.GetSessTagCK (), m_SessTagConstant, 32, "SessionTagKeyGen", m_KeyData.buf); // [sessTag_ck, tag] = HKDF(sessTag_chainkey, SESSTAG_CONSTANT, "SessionTagKeyGen", 64) i2p::crypto::HKDF (m_KeyData.GetSessTagCK (), m_SessTagConstant, 32, "SessionTagKeyGen", m_KeyData.buf); // [sessTag_ck, tag] = HKDF(sessTag_chainkey, SESSTAG_CONSTANT, "SessionTagKeyGen", 64)
m_NextIndex++; m_NextIndex++;
if (m_NextIndex >= 65535) m_NextIndex = 0; // TODO: dirty hack, should create new tagset if (m_NextIndex >= 65535)
{
LogPrint (eLogError, "Garlic: Tagset ", GetTagSetID (), " is empty");
return 0;
}
return m_KeyData.GetTag (); return m_KeyData.GetTag ();
} }
@ -251,7 +255,26 @@ namespace garlic
uint8_t flag = buf[0]; buf++; // flag uint8_t flag = buf[0]; buf++; // flag
if (flag & ECIESX25519_NEXT_KEY_REVERSE_KEY_FLAG) if (flag & ECIESX25519_NEXT_KEY_REVERSE_KEY_FLAG)
{ {
// TODO: implement if (!m_NextSendRatchet) return;
uint16_t keyID = bufbe16toh (buf); buf += 2; // keyID
if (((!m_NextSendRatchet->newKey || !m_NextSendRatchet->keyID) && keyID == m_NextSendRatchet->keyID) ||
(m_NextSendRatchet->newKey && keyID == m_NextSendRatchet->keyID -1))
{
if (flag & ECIESX25519_NEXT_KEY_REQUEST_REVERSE_KEY_FLAG)
memcpy (m_NextSendRatchet->remote, buf, 32);
uint8_t sharedSecret[32], tagsetKey[32];
m_NextSendRatchet->key.Agree (m_NextSendRatchet->remote, sharedSecret);
i2p::crypto::HKDF (sharedSecret, nullptr, 0, "XDHRatchetTagSet", tagsetKey, 32); // tagsetKey = HKDF(sharedSecret, ZEROLEN, "XDHRatchetTagSet", 32)
auto newTagset = std::make_shared<RatchetTagSet> (shared_from_this ());
newTagset->SetTagSetID (1 + m_NextSendRatchet->keyID + keyID);
newTagset->DHInitialize (m_SendTagset->GetNextRootKey (), tagsetKey);
newTagset->NextSessionTagRatchet ();
m_SendTagset = newTagset;
m_SendForwardKey = false;
LogPrint (eLogDebug, "Garlic: next send tagset ", newTagset->GetTagSetID (), " created");
}
else
LogPrint (eLogDebug, "Garlic: Unexpected next key ", keyID);
} }
else else
{ {
@ -293,6 +316,26 @@ namespace garlic
} }
} }
void ECIESX25519AEADRatchetSession::NewNextSendRatchet ()
{
auto newTagset = new DHRatchet ();
if (m_NextSendRatchet)
{
newTagset->keyID = m_NextSendRatchet->keyID;
if (!newTagset->newKey || !newTagset->keyID)
{
newTagset->keyID++;
newTagset->newKey = true;
}
else
newTagset->newKey = false;
}
if (newTagset->newKey)
newTagset->key.GenerateKeys ();
m_NextSendRatchet.reset (newTagset);
m_SendForwardKey = true;
}
bool ECIESX25519AEADRatchetSession::NewOutgoingSessionMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen) bool ECIESX25519AEADRatchetSession::NewOutgoingSessionMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen)
{ {
ResetKeys (); ResetKeys ();
@ -488,6 +531,8 @@ namespace garlic
LogPrint (eLogWarning, "Garlic: Payload section AEAD encryption failed"); LogPrint (eLogWarning, "Garlic: Payload section AEAD encryption failed");
return false; return false;
} }
if (index >= ECIESX25519_TAGSET_MAX_NUM_TAGS && !m_SendForwardKey)
NewNextSendRatchet ();
return true; return true;
} }
@ -601,6 +646,11 @@ namespace garlic
payloadLen += 6; payloadLen += 6;
if (m_NextReceiveRatchet->newKey) payloadLen += 32; if (m_NextReceiveRatchet->newKey) payloadLen += 32;
} }
if (m_SendForwardKey)
{
payloadLen += 6;
if (m_NextSendRatchet->newKey) payloadLen += 32;
}
uint8_t paddingSize; uint8_t paddingSize;
RAND_bytes (&paddingSize, 1); RAND_bytes (&paddingSize, 1);
paddingSize &= 0x0F; paddingSize++; // 1 - 16 paddingSize &= 0x0F; paddingSize++; // 1 - 16
@ -662,6 +712,20 @@ namespace garlic
} }
m_SendReverseKey = false; m_SendReverseKey = false;
} }
if (m_SendForwardKey)
{
v[offset] = eECIESx25519BlkNextKey; offset++;
htobe16buf (v.data () + offset, m_NextSendRatchet->newKey ? 35 : 3); offset += 2;
v[offset] = m_NextSendRatchet->newKey ? ECIESX25519_NEXT_KEY_KEY_PRESENT_FLAG : ECIESX25519_NEXT_KEY_REQUEST_REVERSE_KEY_FLAG;
if (!m_NextSendRatchet->keyID) v[offset] |= ECIESX25519_NEXT_KEY_REQUEST_REVERSE_KEY_FLAG; // for first key only
offset++; // flag
htobe16buf (v.data () + offset, m_NextSendRatchet->keyID); offset += 2; // keyid
if (m_NextSendRatchet->newKey)
{
memcpy (v.data () + offset, m_NextSendRatchet->key.GetPublicKey (), 32);
offset += 32; // public key
}
}
// padding // padding
v[offset] = eECIESx25519BlkPadding; offset++; v[offset] = eECIESx25519BlkPadding; offset++;
htobe16buf (v.data () + offset, paddingSize); offset += 2; htobe16buf (v.data () + offset, paddingSize); offset += 2;

9
libi2pd/ECIESX25519AEADRatchetSession.h

@ -73,6 +73,7 @@ namespace garlic
const int ECIESX25519_RESTART_TIMEOUT = 120; // number of second of inactivity we should restart after const int ECIESX25519_RESTART_TIMEOUT = 120; // number of second of inactivity we should restart after
const int ECIESX25519_EXPIRATION_TIMEOUT = 600; // in seconds const int ECIESX25519_EXPIRATION_TIMEOUT = 600; // in seconds
const int ECIESX25519_TAGSET_MAX_NUM_TAGS = 60000; // number of tags we request new tagset after
class ECIESX25519AEADRatchetSession: public GarlicRoutingSession, public std::enable_shared_from_this<ECIESX25519AEADRatchetSession> class ECIESX25519AEADRatchetSession: public GarlicRoutingSession, public std::enable_shared_from_this<ECIESX25519AEADRatchetSession>
{ {
@ -90,7 +91,7 @@ namespace garlic
int keyID = 0; int keyID = 0;
i2p::crypto::X25519Keys key; i2p::crypto::X25519Keys key;
uint8_t remote[32]; // last remote public key uint8_t remote[32]; // last remote public key
bool newKey; bool newKey = true;
}; };
public: public:
@ -136,6 +137,7 @@ namespace garlic
size_t CreateDeliveryStatusClove (std::shared_ptr<const I2NPMessage> msg, uint8_t * buf, size_t len); size_t CreateDeliveryStatusClove (std::shared_ptr<const I2NPMessage> msg, uint8_t * buf, size_t len);
void GenerateMoreReceiveTags (std::shared_ptr<RatchetTagSet> receiveTagset, int numTags); void GenerateMoreReceiveTags (std::shared_ptr<RatchetTagSet> receiveTagset, int numTags);
void NewNextSendRatchet ();
private: private:
@ -148,9 +150,8 @@ namespace garlic
std::shared_ptr<RatchetTagSet> m_SendTagset; std::shared_ptr<RatchetTagSet> m_SendTagset;
std::unique_ptr<i2p::data::IdentHash> m_Destination;// TODO: might not need it std::unique_ptr<i2p::data::IdentHash> m_Destination;// TODO: might not need it
std::list<std::pair<uint16_t, int> > m_AckRequests; // (tagsetid, index) std::list<std::pair<uint16_t, int> > m_AckRequests; // (tagsetid, index)
int m_SendKeyID = 0, m_ReceiveKeyID = 0; bool m_SendReverseKey = false, m_SendForwardKey = false;
bool m_SendReverseKey = false; std::unique_ptr<DHRatchet> m_NextReceiveRatchet, m_NextSendRatchet;
std::unique_ptr<DHRatchet> m_NextReceiveRatchet;
}; };
std::shared_ptr<I2NPMessage> WrapECIESX25519AEADRatchetMessage (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag); std::shared_ptr<I2NPMessage> WrapECIESX25519AEADRatchetMessage (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag);

Loading…
Cancel
Save