From 96411cc93eda6582b795e91e4ddf67c82646ae39 Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 21 Jun 2018 12:39:24 -0400 Subject: [PATCH] derive keys for siphash --- libi2pd/NTCP2.cpp | 26 +++++++++++++++++++------- libi2pd/NTCP2.h | 4 +++- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp index 462c3ad1..a925e62f 100644 --- a/libi2pd/NTCP2.cpp +++ b/libi2pd/NTCP2.cpp @@ -7,6 +7,7 @@ #include "I2PEndian.h" #include "Crypto.h" #include "Ed25519.h" +#include "Siphash.h" #include "RouterContext.h" #include "NTCP2.h" @@ -127,16 +128,26 @@ namespace transport MixKey (inputKeyMaterial, derived); } - void NTCP2Session::KeyDerivationFunctionDataPhase (bool isAlice, uint8_t * derived) + void NTCP2Session::KeyDerivationFunctionDataPhase () { uint8_t tempKey[32]; unsigned int len; - HMAC(EVP_sha256(), m_CK, 32, nullptr, 0, tempKey, &len); // zerolen + HMAC(EVP_sha256(), m_CK, 32, nullptr, 0, tempKey, &len); // temp_key = HMAC-SHA256(ck, zerolen) static uint8_t one[1] = { 1 }; - uint8_t k_ab[33], k_ba[32]; - HMAC(EVP_sha256(), tempKey, 32, one, 1, k_ab, &len); - k_ab[32] = 2; - HMAC(EVP_sha256(), k_ab, 33, one, 1, k_ba, &len); - memcpy (derived, isAlice ? k_ab : k_ba, 32); + HMAC(EVP_sha256(), tempKey, 32, one, 1, m_Kab, &len); // k_ab = HMAC-SHA256(temp_key, byte(0x01)). + m_Kab[32] = 2; + HMAC(EVP_sha256(), tempKey, 32, m_Kab, 33, m_Kba, &len); // k_ba = HMAC-SHA256(temp_key, k_ab || byte(0x02)). + + static uint8_t ask[4] = { 'a', 's', 'k', 1 }, master[32]; + HMAC(EVP_sha256(), tempKey, 32, ask, 4, master, &len); // ask_master = HMAC-SHA256(temp_key, "ask" || byte(0x01)) + uint8_t h[39]; + memcpy (h, m_H, 32); + memcpy (h + 32, "siphash", 7); + HMAC(EVP_sha256(), master, 32, h, 39, tempKey, &len); // temp_key = HMAC-SHA256(ask_master, h || "siphash") + HMAC(EVP_sha256(), tempKey, 32, one, 1, master, &len); // sip_master = HMAC-SHA256(temp_key, byte(0x01)) + HMAC(EVP_sha256(), master, 32, nullptr, 0, tempKey, &len); // temp_key = HMAC-SHA256(sip_master, zerolen) + HMAC(EVP_sha256(), tempKey, 32, one, 1, m_Siphashab, &len); // sipkeys_ab = HMAC-SHA256(temp_key, byte(0x01)). + m_Siphashab[32] = 2; + HMAC(EVP_sha256(), tempKey, 32, m_Siphashab, 33, m_Siphashba, &len); // sipkeys_ba = HMAC-SHA256(temp_key, sipkeys_ab || byte(0x02)) } void NTCP2Session::CreateEphemeralKey (uint8_t * pub) @@ -392,6 +403,7 @@ namespace transport void NTCP2Session::HandleSessionConfirmedSent (const boost::system::error_code& ecode, std::size_t bytes_transferred) { LogPrint (eLogDebug, "NTCP2: SessionConfirmed sent"); + KeyDerivationFunctionDataPhase (); Terminate (); // TODO } diff --git a/libi2pd/NTCP2.h b/libi2pd/NTCP2.h index 076a12d4..57556674 100644 --- a/libi2pd/NTCP2.h +++ b/libi2pd/NTCP2.h @@ -34,7 +34,7 @@ namespace transport void KeyDerivationFunction1 (const uint8_t * rs, const uint8_t * priv, const uint8_t * pub, uint8_t * derived); // for SessionRequest void KeyDerivationFunction2 (const uint8_t * priv, const uint8_t * pub, const uint8_t * sessionRequest, size_t sessionRequestLen, uint8_t * derived); // for SessionCreate void KeyDerivationFunction3 (const uint8_t * staticPrivKey, uint8_t * derived); // for SessionConfirmed part 2 - void KeyDerivationFunctionDataPhase (bool isAlice, uint8_t * derived); + void KeyDerivationFunctionDataPhase (); void CreateEphemeralKey (uint8_t * pub); void SendSessionRequest (); @@ -59,6 +59,8 @@ namespace transport uint8_t m_RemoteStaticKey[32], m_IV[16], m_H[32] /*h*/, m_CK[33] /*ck*/, m_K[32] /* derived after SessionCreated */, m_Y[32] /* or X for Bob */; uint8_t * m_SessionRequestBuffer, * m_SessionCreatedBuffer, * m_SessionConfirmedBuffer; size_t m_SessionRequestBufferLen, m_SessionCreatedBufferLen; + // data phase + uint8_t m_Kab[33], m_Kba[32], m_Siphashab[33], m_Siphashba[32]; }; class NTCP2Server