Browse Source

separate decryption between own record and other records

pull/1677/head
orignal 4 years ago
parent
commit
8b35ce3320
  1. 36
      libi2pd/Tunnel.cpp
  2. 23
      libi2pd/TunnelConfig.cpp
  3. 1
      libi2pd/TunnelConfig.h

36
libi2pd/Tunnel.cpp

@ -111,31 +111,31 @@ namespace tunnel @@ -111,31 +111,31 @@ namespace tunnel
TunnelHopConfig * hop = m_Config->GetLastHop ();
while (hop)
{
// decrypt current hop
auto idx = hop->recordIndex;
if (idx >= 0 && idx < msg[0])
{
uint8_t * record = msg + 1 + idx*TUNNEL_BUILD_RECORD_SIZE;
if (!hop->DecryptBuildResponseRecord (record, record))
return false;
}
else
{
LogPrint (eLogWarning, "Tunnel: hop index ", idx, " is out of range");
return false;
}
// decrypt records before current hop
decryption.SetKey (hop->replyKey);
// decrypt records before and current hop
TunnelHopConfig * hop1 = hop;
TunnelHopConfig * hop1 = hop->prev;
while (hop1)
{
auto idx = hop1->recordIndex;
if (idx >= 0 && idx < msg[0])
{
uint8_t * record = msg + 1 + idx*TUNNEL_BUILD_RECORD_SIZE;
if (hop1 == hop && hop1->IsECIES ())
{
uint8_t nonce[12];
memset (nonce, 0, 12);
if (!i2p::crypto::AEADChaCha20Poly1305 (record, TUNNEL_BUILD_RECORD_SIZE - 16,
hop->m_H, 32, hop->m_CK, nonce, record, TUNNEL_BUILD_RECORD_SIZE - 16, false)) // decrypt
{
LogPrint (eLogWarning, "Tunnel: Response AEAD decryption failed");
return false;
}
}
else
{
decryption.SetIV (hop->replyIV);
decryption.Decrypt(record, TUNNEL_BUILD_RECORD_SIZE, record);
}
decryption.SetIV (hop->replyIV);
decryption.Decrypt(record, TUNNEL_BUILD_RECORD_SIZE, record);
}
else
LogPrint (eLogWarning, "Tunnel: hop index ", idx, " is out of range");

23
libi2pd/TunnelConfig.cpp

@ -147,5 +147,28 @@ namespace tunnel @@ -147,5 +147,28 @@ namespace tunnel
}
MixHash (encrypted, ECIES_BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE + 16); // h = SHA256(h || ciphertext)
}
bool TunnelHopConfig::DecryptBuildResponseRecord (const uint8_t * encrypted, uint8_t * clearText)
{
if (IsECIES ())
{
uint8_t nonce[12];
memset (nonce, 0, 12);
if (!i2p::crypto::AEADChaCha20Poly1305 (encrypted, TUNNEL_BUILD_RECORD_SIZE - 16,
m_H, 32, m_CK, nonce, clearText, TUNNEL_BUILD_RECORD_SIZE - 16, false)) // decrypt
{
LogPrint (eLogWarning, "Tunnel: Response AEAD decryption failed");
return false;
}
}
else
{
i2p::crypto::CBCDecryption decryption;
decryption.SetKey (replyKey);
decryption.SetIV (replyIV);
decryption.Decrypt (encrypted, TUNNEL_BUILD_RECORD_SIZE, clearText);
}
return true;
}
}
}

1
libi2pd/TunnelConfig.h

@ -43,6 +43,7 @@ namespace tunnel @@ -43,6 +43,7 @@ namespace tunnel
void CreateBuildRequestRecord (uint8_t * record, uint32_t replyMsgID, BN_CTX * ctx);
void EncryptECIES (std::shared_ptr<i2p::crypto::CryptoKeyEncryptor>& encryptor,
const uint8_t * clearText, uint8_t * encrypted, BN_CTX * ctx);
bool DecryptBuildResponseRecord (const uint8_t * encrypted, uint8_t * clearText);
};
class TunnelConfig

Loading…
Cancel
Save