PurpleI2P/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-08 22:57:52 +00:00
Code Issues Releases Activity

common code for signing and verifing exchanged data

Browse Source
This commit is contained in:
orignal 2014-10-28 11:34:50 -04:00
parent b89daaa58b
commit 659edf2590
3 changed files with 55 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
NTCPSession.cpp
View File

@ -282,12 +282,11 @@ namespace transport
m_Establisher->phase3.timestamp = tsA; m_Establisher->phase3.timestamp = tsA;
SignedData s; SignedData s;
memcpy (s.x, m_Establisher->phase1.pubKey, 256); s.Insert (m_Establisher->phase1.pubKey, 256); // x
memcpy (s.y, m_Establisher->phase2.pubKey, 256); s.Insert (m_Establisher->phase2.pubKey, 256); // y
memcpy (s.ident, m_RemoteIdentity.GetIdentHash (), 32); s.Insert (tsA); // tsA
s.tsA = tsA; s.Insert (m_Establisher->phase2.encrypted.timestamp); // tsB
s.tsB = m_Establisher->phase2.encrypted.timestamp; s.Sign (i2p::context.GetPrivateKeys (), m_Establisher->phase3.signature);
i2p::context.Sign ((uint8_t *)&s, sizeof (s), m_Establisher->phase3.signature);
m_Encryption.Encrypt((uint8_t *)&m_Establisher->phase3, sizeof(NTCPPhase3), (uint8_t *)&m_Establisher->phase3); m_Encryption.Encrypt((uint8_t *)&m_Establisher->phase3, sizeof(NTCPPhase3), (uint8_t *)&m_Establisher->phase3);
@ -327,13 +326,12 @@ namespace transport
m_RemoteIdentity = m_Establisher->phase3.ident; m_RemoteIdentity = m_Establisher->phase3.ident;
SignedData s; SignedData s;
memcpy (s.x, m_Establisher->phase1.pubKey, 256); s.Insert (m_Establisher->phase1.pubKey, 256); // x
memcpy (s.y, m_Establisher->phase2.pubKey, 256); s.Insert (m_Establisher->phase2.pubKey, 256); // y
memcpy (s.ident, i2p::context.GetRouterInfo ().GetIdentHash (), 32); s.Insert (i2p::context.GetRouterInfo ().GetIdentHash (), 32); // ident
s.tsA = m_Establisher->phase3.timestamp; s.Insert (m_Establisher->phase3.timestamp); // tsA
s.tsB = tsB; s.Insert (tsB); // tsB
if (!s.Verify (m_RemoteIdentity, m_Establisher->phase3.signature))
if (!m_RemoteIdentity.Verify ((uint8_t *)&s, sizeof(s), m_Establisher->phase3.signature))
{ {
LogPrint ("signature verification failed"); LogPrint ("signature verification failed");
Terminate (); Terminate ();
@ -347,12 +345,12 @@ namespace transport
void NTCPSession::SendPhase4 (uint32_t tsB) void NTCPSession::SendPhase4 (uint32_t tsB)
{ {
SignedData s; SignedData s;
memcpy (s.x, m_Establisher->phase1.pubKey, 256); s.Insert (m_Establisher->phase1.pubKey, 256); // x
memcpy (s.y, m_Establisher->phase2.pubKey, 256); s.Insert (m_Establisher->phase2.pubKey, 256); // y
memcpy (s.ident, m_RemoteIdentity.GetIdentHash (), 32); s.Insert (m_RemoteIdentity.GetIdentHash (), 32); // ident
s.tsA = m_Establisher->phase3.timestamp; s.Insert (m_Establisher->phase3.timestamp); // tsA
s.tsB = tsB; s.Insert (tsB); // tsB
i2p::context.Sign ((uint8_t *)&s, sizeof (s), m_Establisher->phase4.signature); s.Sign (i2p::context.GetPrivateKeys (), m_Establisher->phase4.signature);
m_Encryption.Encrypt ((uint8_t *)&m_Establisher->phase4, sizeof(NTCPPhase4), (uint8_t *)&m_Establisher->phase4); m_Encryption.Encrypt ((uint8_t *)&m_Establisher->phase4, sizeof(NTCPPhase4), (uint8_t *)&m_Establisher->phase4);
boost::asio::async_write (m_Socket, boost::asio::buffer (&m_Establisher->phase4, sizeof (NTCPPhase4)), boost::asio::transfer_all (), boost::asio::async_write (m_Socket, boost::asio::buffer (&m_Establisher->phase4, sizeof (NTCPPhase4)), boost::asio::transfer_all (),
@ -396,13 +394,13 @@ namespace transport
// verify signature // verify signature
SignedData s; SignedData s;
memcpy (s.x, m_Establisher->phase1.pubKey, 256); s.Insert (m_Establisher->phase1.pubKey, 256); // x
memcpy (s.y, m_Establisher->phase2.pubKey, 256); s.Insert (m_Establisher->phase2.pubKey, 256); // y
memcpy (s.ident, i2p::context.GetRouterInfo ().GetIdentHash (), 32); s.Insert (i2p::context.GetRouterInfo ().GetIdentHash (), 32); // ident
s.tsA = tsA; s.Insert (tsA); // tsA
s.tsB = m_Establisher->phase2.encrypted.timestamp; s.Insert (m_Establisher->phase2.encrypted.timestamp); // tsB
if (!m_RemoteIdentity.Verify ((uint8_t *)&s, sizeof(s), m_Establisher->phase4.signature)) if (!s.Verify (m_RemoteIdentity, m_Establisher->phase4.signature))
{ {
LogPrint ("signature verification failed"); LogPrint ("signature verification failed");
Terminate (); Terminate ();

9
NTCPSession.h
View File

@ -51,15 +51,6 @@ namespace transport
uint8_t signature[40]; uint8_t signature[40];
uint8_t padding[8]; uint8_t padding[8];
}; };
struct SignedData // used for signature in Phase3 and Phase4
{
uint8_t x[256];
uint8_t y[256];
uint8_t ident[32];
uint32_t tsA;
uint32_t tsB;
};
#pragma pack() #pragma pack()

32
TransportSession.h
View File

@ -2,6 +2,7 @@
#define TRANSPORT_SESSION_H__ #define TRANSPORT_SESSION_H__
#include <inttypes.h> #include <inttypes.h>
#include <iostream>
#include "Identity.h" #include "Identity.h"
#include "RouterInfo.h" #include "RouterInfo.h"
@ -15,6 +16,37 @@ namespace transport
uint8_t privateKey[256]; uint8_t privateKey[256];
}; };
class SignedData
{
public:
SignedData () {};
void Insert (const uint8_t * buf, size_t len)
{
m_Stream.write ((char *)buf, len);
}
template<typename T>
void Insert (T t)
{
m_Stream.write ((char *)&t, sizeof (T));
}
bool Verify (const i2p::data::IdentityEx& ident, const uint8_t * signature) const
{
return ident.Verify ((const uint8_t *)m_Stream.str ().c_str (), m_Stream.str ().size (), signature);
}
void Sign (const i2p::data::PrivateKeys& keys, uint8_t * signature) const
{
keys.Sign ((const uint8_t *)m_Stream.str ().c_str (), m_Stream.str ().size (), signature);
}
private:
std::stringstream m_Stream;
};
class TransportSession class TransportSession
{ {
public: public: