From 7f357e285fecc11c2001e8226f65dd7485f0a163 Mon Sep 17 00:00:00 2001
From: orignal <romakoshelkin@yandex.ru>
Date: Fri, 4 Apr 2014 14:56:46 -0400
Subject: [PATCH] generate DH keys pair per SSU session

---
 SSU.cpp | 13 ++++++++-----
 SSU.h   |  2 ++
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/SSU.cpp b/SSU.cpp
index 73c42464..a43e04f6 100644
--- a/SSU.cpp
+++ b/SSU.cpp
@@ -6,6 +6,7 @@
 #include "Log.h"
 #include "Timestamp.h"
 #include "RouterContext.h"
+#include "Transports.h"
 #include "hmac.h"
 #include "SSU.h"
 
@@ -18,17 +19,19 @@ namespace ssu
 		const i2p::data::RouterInfo * router): m_Server (server), m_RemoteEndpoint (remoteEndpoint), 
 		m_RemoteRouter (router), m_Timer (m_Server.GetService ()), m_State (eSessionStateUnknown)
 	{
+		m_DHKeysPair = i2p::transports.GetNextDHKeysPair ();
 	}
 
 	SSUSession::~SSUSession ()
 	{
+		delete m_DHKeysPair;
 	}	
 	
 	void SSUSession::CreateAESandMacKey (uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey)
 	{
 		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
 		CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength());
-		if (!dh.Agree (secretKey, i2p::context.GetPrivateKey (), pubKey))
+		if (!dh.Agree (secretKey, m_DHKeysPair->privateKey, pubKey))
 		{    
 		    LogPrint ("Couldn't create shared key");
 			return;
@@ -167,7 +170,7 @@ namespace ssu
 			uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, signed on time 
 			uint8_t * payload = buf + sizeof (SSUHeader);
 			uint8_t * y = payload;
-			memcpy (signedData, i2p::context.GetRouterIdentity ().publicKey, 256); // x
+			memcpy (signedData, m_DHKeysPair->publicKey, 256); // x
 			memcpy (signedData + 256, y, 256); // y
 			payload += 256;
 			payload += 1; // size, assume 4
@@ -232,7 +235,7 @@ namespace ssu
 	
 		uint8_t buf[304 + 18]; // 304 bytes for ipv4 (320 for ipv6)
 		uint8_t * payload = buf + sizeof (SSUHeader);
-		memcpy (payload, i2p::context.GetRouterIdentity ().publicKey, 256);
+		memcpy (payload, m_DHKeysPair->publicKey, 256); // x
 		payload[256] = 4; // we assume ipv4
 		*(uint32_t *)(payload + 257) =  htobe32 (m_RemoteEndpoint.address ().to_v4 ().to_ulong ()); 
 		
@@ -290,7 +293,7 @@ namespace ssu
 
 		uint8_t buf[368 + 18];	
 		uint8_t * payload = buf + sizeof (SSUHeader);
-		memcpy (payload, i2p::context.GetRouterIdentity ().publicKey, 256);
+		memcpy (payload, m_DHKeysPair->publicKey, 256);
 		memcpy (signedData + 256, payload, 256); // y
 		payload += 256;
 		*payload = 4; // we assume ipv4
@@ -344,7 +347,7 @@ namespace ssu
 
 		// signature		
 		uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, our signed on time 
-		memcpy (signedData, i2p::context.GetRouterIdentity ().publicKey, 256); // x
+		memcpy (signedData, m_DHKeysPair->publicKey, 256); // x
 		memcpy (signedData + 256, y, 256); // y
 		memcpy (signedData + 512, ourAddress, 6); // our address/port as seem by party
 		*(uint32_t *)(signedData + 518) = htobe32 (m_RemoteEndpoint.address ().to_v4 ().to_ulong ()); // remote IP
diff --git a/SSU.h b/SSU.h
index 40c377c6..e528d30b 100644
--- a/SSU.h
+++ b/SSU.h
@@ -8,6 +8,7 @@
 #include <cryptopp/modes.h>
 #include <cryptopp/aes.h>
 #include "I2PEndian.h"
+#include "Identity.h"
 #include "RouterInfo.h"
 #include "I2NPProtocol.h"
 
@@ -113,6 +114,7 @@ namespace ssu
 			boost::asio::ip::udp::endpoint m_RemoteEndpoint;
 			const i2p::data::RouterInfo * m_RemoteRouter;
 			boost::asio::deadline_timer m_Timer;
+			i2p::data::DHKeysPair * m_DHKeysPair; // X - for client and Y - for server
 			SessionState m_State;	
 			CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption;	
 			CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption;