Browse Source

token expiration threshold

pull/1769/head
orignal 3 years ago
parent
commit
5bb20cb039
  1. 4
      libi2pd/SSU2.cpp
  2. 8
      libi2pd/SSU2Session.cpp
  3. 1
      libi2pd/SSU2Session.h

4
libi2pd/SSU2.cpp

@ -588,7 +588,11 @@ namespace transport @@ -588,7 +588,11 @@ namespace transport
{
auto it = m_OutgoingTokens.find (ep);
if (it != m_OutgoingTokens.end ())
{
if (i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_THRESHOLD > it->second.second)
return 0; // token expired
return it->second.first;
}
return 0;
}

8
libi2pd/SSU2Session.cpp

@ -424,9 +424,10 @@ namespace transport @@ -424,9 +424,10 @@ namespace transport
memset (headerX + 8, 0, 8); // token = 0
memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // Y
// payload
auto ts = i2p::util::GetSecondsSinceEpoch ();
payload[0] = eSSU2BlkDateTime;
htobe16buf (payload + 1, 4);
htobe32buf (payload + 3, i2p::util::GetSecondsSinceEpoch ());
htobe32buf (payload + 3, ts);
size_t payloadSize = 7;
payloadSize += CreateAddressBlock (payload + payloadSize, 80 - payloadSize, m_RemoteEndpoint);
if (m_RelayTag)
@ -437,11 +438,14 @@ namespace transport @@ -437,11 +438,14 @@ namespace transport
payloadSize += 7;
}
auto token = m_Server.NewIncomingToken (m_RemoteEndpoint);
if (ts + SSU2_TOKEN_EXPIRATION_THRESHOLD > token.second) // not expired?
{
payload[payloadSize] = eSSU2BlkNewToken;
htobe16buf (payload + payloadSize + 1, 12);
htobe32buf (payload + payloadSize + 3, token.second); // expires
htobe32buf (payload + payloadSize + 3, token.second - SSU2_TOKEN_EXPIRATION_THRESHOLD); // expires
memcpy (payload + payloadSize + 7, &token.first, 8); // token
payloadSize += 15;
}
payloadSize += CreatePaddingBlock (payload + payloadSize, 80 - payloadSize);
// KDF for SessionCreated
m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)

1
libi2pd/SSU2Session.h

@ -27,6 +27,7 @@ namespace transport @@ -27,6 +27,7 @@ namespace transport
const int SSU2_TERMINATION_TIMEOUT = 330; // 5.5 minutes
const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // for Retry message, in seconds
const int SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT = 52*60; // for next token block, in seconds
const int SSU2_TOKEN_EXPIRATION_THRESHOLD = 2; // in seconds
const int SSU2_RELAY_NONCE_EXPIRATION_TIMEOUT = 10; // in seconds
const int SSU2_PEER_TEST_EXPIRATION_TIMEOUT = 60; // 60 seconds
const size_t SSU2_MTU = 1488;

Loading…
Cancel
Save