From 5bb20cb0392ab637df2cc7f6690e98d0d7c8b629 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Sun, 19 Jun 2022 08:52:47 -0400
Subject: [PATCH] token expiration threshold

---
 libi2pd/SSU2.cpp        |  4 ++++
 libi2pd/SSU2Session.cpp | 16 ++++++++++------
 libi2pd/SSU2Session.h   |  1 +
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/libi2pd/SSU2.cpp b/libi2pd/SSU2.cpp
index a62f9980..4889f4ed 100644
--- a/libi2pd/SSU2.cpp
+++ b/libi2pd/SSU2.cpp
@@ -588,7 +588,11 @@ namespace transport
 	{
 		auto it = m_OutgoingTokens.find (ep);
 		if (it != m_OutgoingTokens.end ())
+		{
+			if (i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_THRESHOLD > it->second.second)
+				return 0; // token expired
 			return it->second.first;
+		}	
 		return 0;
 	}
 
diff --git a/libi2pd/SSU2Session.cpp b/libi2pd/SSU2Session.cpp
index 0cfc8826..4682c2b4 100644
--- a/libi2pd/SSU2Session.cpp
+++ b/libi2pd/SSU2Session.cpp
@@ -424,9 +424,10 @@ namespace transport
 		memset (headerX + 8, 0, 8); // token = 0
 		memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // Y
 		// payload
+		auto ts = i2p::util::GetSecondsSinceEpoch ();
 		payload[0] = eSSU2BlkDateTime;
 		htobe16buf (payload + 1, 4);
-		htobe32buf (payload + 3, i2p::util::GetSecondsSinceEpoch ());
+		htobe32buf (payload + 3, ts);
 		size_t payloadSize = 7;
 		payloadSize += CreateAddressBlock (payload + payloadSize, 80 - payloadSize, m_RemoteEndpoint);
 		if (m_RelayTag)
@@ -437,11 +438,14 @@ namespace transport
 			payloadSize += 7;
 		}
 		auto token = m_Server.NewIncomingToken (m_RemoteEndpoint);
-		payload[payloadSize] = eSSU2BlkNewToken;
-		htobe16buf (payload + payloadSize + 1, 12);
-		htobe32buf (payload + payloadSize + 3, token.second); // expires
-		memcpy (payload + payloadSize + 7, &token.first, 8); // token
-		payloadSize += 15;
+		if (ts + SSU2_TOKEN_EXPIRATION_THRESHOLD > token.second) // not expired?
+		{	
+			payload[payloadSize] = eSSU2BlkNewToken;
+			htobe16buf (payload + payloadSize + 1, 12);
+			htobe32buf (payload + payloadSize + 3, token.second - SSU2_TOKEN_EXPIRATION_THRESHOLD); // expires
+			memcpy (payload + payloadSize + 7, &token.first, 8); // token
+			payloadSize += 15;
+		}	
 		payloadSize += CreatePaddingBlock (payload + payloadSize, 80 - payloadSize);
 		// KDF for SessionCreated
 		m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)
diff --git a/libi2pd/SSU2Session.h b/libi2pd/SSU2Session.h
index 328a5076..dcec4f98 100644
--- a/libi2pd/SSU2Session.h
+++ b/libi2pd/SSU2Session.h
@@ -27,6 +27,7 @@ namespace transport
 	const int SSU2_TERMINATION_TIMEOUT = 330; // 5.5 minutes
 	const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // for Retry message, in seconds
 	const int SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT = 52*60; // for next token block, in seconds
+	const int SSU2_TOKEN_EXPIRATION_THRESHOLD = 2; // in seconds
 	const int SSU2_RELAY_NONCE_EXPIRATION_TIMEOUT = 10; // in seconds
 	const int SSU2_PEER_TEST_EXPIRATION_TIMEOUT = 60; // 60 seconds
 	const size_t SSU2_MTU = 1488;