Browse Source

don't encrypt ShortTunnelBuild and ShortTunnelBuildReply if on the same router

pull/1677/head
orignal 3 years ago
parent
commit
9a3c22f47d
  1. 30
      libi2pd/I2NPProtocol.cpp
  2. 2
      libi2pd/Tunnel.cpp

30
libi2pd/I2NPProtocol.cpp

@ -709,17 +709,31 @@ namespace i2p
} }
// send reply // send reply
if (isEndpoint) if (isEndpoint)
{ {
auto replyMsg = NewI2NPShortMessage (); auto replyMsg = NewI2NPShortMessage ();
replyMsg->Concat (buf, len); replyMsg->Concat (buf, len);
replyMsg->FillI2NPMessageHeader (eI2NPShortTunnelBuildReply, bufbe32toh (clearText + SHORT_REQUEST_RECORD_SEND_MSG_ID_OFFSET)); replyMsg->FillI2NPMessageHeader (eI2NPShortTunnelBuildReply, bufbe32toh (clearText + SHORT_REQUEST_RECORD_SEND_MSG_ID_OFFSET));
i2p::crypto::HKDF (noiseState.m_CK, nullptr, 0, "RGarlicKeyAndTag", noiseState.m_CK); if (memcmp ((const uint8_t *)i2p::context.GetIdentHash (),
uint64_t tag; clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET, 32)) // reply IBGW is not local?
memcpy (&tag, noiseState.m_CK, 8); {
// we send it to reply tunnel i2p::crypto::HKDF (noiseState.m_CK, nullptr, 0, "RGarlicKeyAndTag", noiseState.m_CK);
transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET, uint64_t tag;
CreateTunnelGatewayMsg (bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET), memcpy (&tag, noiseState.m_CK, 8);
i2p::garlic::WrapECIESX25519Message (replyMsg, noiseState.m_CK + 32, tag))); // we send it to reply tunnel
transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,
CreateTunnelGatewayMsg (bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
i2p::garlic::WrapECIESX25519Message (replyMsg, noiseState.m_CK + 32, tag)));
}
else
{
// IBGW is local
uint32_t tunnelID = bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET);
auto tunnel = i2p::tunnel::tunnels.GetTunnel (tunnelID);
if (tunnel)
tunnel->SendTunnelDataMsg (replyMsg);
else
LogPrint (eLogWarning, "I2NP: Tunnel ", tunnelID, " not found for short tunnel build reply");
}
} }
else else
transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET, transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,

2
libi2pd/Tunnel.cpp

@ -96,7 +96,7 @@ namespace tunnel
if (m_Config->IsShort ()) if (m_Config->IsShort ())
{ {
auto ident = m_Config->GetFirstHop () ? m_Config->GetFirstHop ()->ident : nullptr; auto ident = m_Config->GetFirstHop () ? m_Config->GetFirstHop ()->ident : nullptr;
if (ident) if (ident && ident->GetIdentHash () != outboundTunnel->GetNextIdentHash ()) // don't encrypt if IBGW = OBEP
{ {
auto msg1 = i2p::garlic::WrapECIESX25519MessageForRouter (msg, ident->GetEncryptionPublicKey ()); auto msg1 = i2p::garlic::WrapECIESX25519MessageForRouter (msg, ident->GetEncryptionPublicKey ());
if (msg1) msg = msg1; if (msg1) msg = msg1;

Loading…
Cancel
Save