PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

generate DH keys pair per SSU session

pull/59/head
orignal 11 years ago
parent
7bdf52a774
commit
7f357e285f
2 changed files with 10 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      SSU.cpp
  2. 2
      SSU.h

13
SSU.cpp
Unescape View File

@ -6,6 +6,7 @@
#include "Log.h" #include "Log.h"
#include "Timestamp.h" #include "Timestamp.h"
#include "RouterContext.h" #include "RouterContext.h"
#include "Transports.h"
#include "hmac.h" #include "hmac.h"
#include "SSU.h" #include "SSU.h"
@ -18,17 +19,19 @@ namespace ssu
const i2p::data::RouterInfo * router): m_Server (server), m_RemoteEndpoint (remoteEndpoint), const i2p::data::RouterInfo * router): m_Server (server), m_RemoteEndpoint (remoteEndpoint),
m_RemoteRouter (router), m_Timer (m_Server.GetService ()), m_State (eSessionStateUnknown) m_RemoteRouter (router), m_Timer (m_Server.GetService ()), m_State (eSessionStateUnknown)
{ {
m_DHKeysPair = i2p::transports.GetNextDHKeysPair ();
} }
SSUSession::~SSUSession () SSUSession::~SSUSession ()
{ {
delete m_DHKeysPair;
} }
void SSUSession::CreateAESandMacKey (uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey) void SSUSession::CreateAESandMacKey (uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey)
{ {
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg); CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength()); CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength());
if (!dh.Agree (secretKey, i2p::context.GetPrivateKey (), pubKey)) if (!dh.Agree (secretKey, m_DHKeysPair->privateKey, pubKey))
{ {
LogPrint ("Couldn't create shared key"); LogPrint ("Couldn't create shared key");
return; return;
@ -167,7 +170,7 @@ namespace ssu
uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, signed on time uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, signed on time
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
uint8_t * y = payload; uint8_t * y = payload;
memcpy (signedData, i2p::context.GetRouterIdentity ().publicKey, 256); // x memcpy (signedData, m_DHKeysPair->publicKey, 256); // x
memcpy (signedData + 256, y, 256); // y memcpy (signedData + 256, y, 256); // y
payload += 256; payload += 256;
payload += 1; // size, assume 4 payload += 1; // size, assume 4
@ -232,7 +235,7 @@ namespace ssu
uint8_t buf[304 + 18]; // 304 bytes for ipv4 (320 for ipv6) uint8_t buf[304 + 18]; // 304 bytes for ipv4 (320 for ipv6)
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
memcpy (payload, i2p::context.GetRouterIdentity ().publicKey, 256); memcpy (payload, m_DHKeysPair->publicKey, 256); // x
payload[256] = 4; // we assume ipv4 payload[256] = 4; // we assume ipv4
*(uint32_t *)(payload + 257) = htobe32 (m_RemoteEndpoint.address ().to_v4 ().to_ulong ()); *(uint32_t *)(payload + 257) = htobe32 (m_RemoteEndpoint.address ().to_v4 ().to_ulong ());
@ -290,7 +293,7 @@ namespace ssu
uint8_t buf[368 + 18]; uint8_t buf[368 + 18];
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
memcpy (payload, i2p::context.GetRouterIdentity ().publicKey, 256); memcpy (payload, m_DHKeysPair->publicKey, 256);
memcpy (signedData + 256, payload, 256); // y memcpy (signedData + 256, payload, 256); // y
payload += 256; payload += 256;
*payload = 4; // we assume ipv4 *payload = 4; // we assume ipv4
@ -344,7 +347,7 @@ namespace ssu
// signature // signature
uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, our signed on time uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, our signed on time
memcpy (signedData, i2p::context.GetRouterIdentity ().publicKey, 256); // x memcpy (signedData, m_DHKeysPair->publicKey, 256); // x
memcpy (signedData + 256, y, 256); // y memcpy (signedData + 256, y, 256); // y
memcpy (signedData + 512, ourAddress, 6); // our address/port as seem by party memcpy (signedData + 512, ourAddress, 6); // our address/port as seem by party
*(uint32_t *)(signedData + 518) = htobe32 (m_RemoteEndpoint.address ().to_v4 ().to_ulong ()); // remote IP *(uint32_t *)(signedData + 518) = htobe32 (m_RemoteEndpoint.address ().to_v4 ().to_ulong ()); // remote IP

2
SSU.h
Unescape View File

@ -8,6 +8,7 @@
#include <cryptopp/modes.h> #include <cryptopp/modes.h>
#include <cryptopp/aes.h> #include <cryptopp/aes.h>
#include "I2PEndian.h" #include "I2PEndian.h"
#include "Identity.h"
#include "RouterInfo.h" #include "RouterInfo.h"
#include "I2NPProtocol.h" #include "I2NPProtocol.h"
@ -113,6 +114,7 @@ namespace ssu
boost::asio::ip::udp::endpoint m_RemoteEndpoint; boost::asio::ip::udp::endpoint m_RemoteEndpoint;
const i2p::data::RouterInfo * m_RemoteRouter; const i2p::data::RouterInfo * m_RemoteRouter;
boost::asio::deadline_timer m_Timer; boost::asio::deadline_timer m_Timer;
i2p::data::DHKeysPair * m_DHKeysPair; // X - for client and Y - for server
SessionState m_State; SessionState m_State;
CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption; CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption;
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption; CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption;

Write Preview
Loading…
Cancel
Save