memcpy(m_NSREncodedKey,out+offset,56);// for possible next NSR
memcpy(m_NSRH,m_H,32);
offset+=32;
offset+=32;
// KDF for Reply Key Section
// KDF for Reply Key Section
MixHash((constuint8_t*)&tag,8);// h = SHA256(h || tag)
MixHash((constuint8_t*)&tag,8);// h = SHA256(h || tag)
@ -408,14 +411,13 @@ namespace garlic
uint8_tnonce[12];
uint8_tnonce[12];
CreateNonce(0,nonce);
CreateNonce(0,nonce);
// calulate hash for zero length
// calulate hash for zero length
if(!i2p::crypto::AEADChaCha20Poly1305(sharedSecret/* can be anything */,0,m_H,32,m_CK+32,nonce,out+offset,16,true))// encrypt, ciphertext = ENCRYPT(k, n, ZEROLEN, ad)
if(!i2p::crypto::AEADChaCha20Poly1305(nonce/* can be anything */,0,m_H,32,m_CK+32,nonce,out+offset,16,true))// encrypt, ciphertext = ENCRYPT(k, n, ZEROLEN, ad)
uint64_ttag=m_NSRTagset->GetNextSessionTag();// next tag
memcpy(out,&tag,8);
memcpy(out+8,m_NSREncodedKey,32);
// recalculte h with new tag
memcpy(m_H,m_NSRH,32);
MixHash((constuint8_t*)&tag,8);// h = SHA256(h || tag)
MixHash(m_EphemeralKeys.GetPublicKey(),32);// h = SHA256(h || bepk)
uint8_tnonce[12];
uint8_tnonce[12];
CreateNonce(0,nonce);
CreateNonce(0,nonce);
if(!i2p::crypto::AEADChaCha20Poly1305(nonce/* can be anything */,0,m_H,32,m_CK+32,nonce,out+40,16,true))// encrypt, ciphertext = ENCRYPT(k, n, ZEROLEN, ad)