PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

MixHash for SSU2 long header

pull/1742/head
orignal 2 years ago
parent
d4ede6ff01
commit
a152f36894
3 changed files with 48 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      libi2pd/Crypto.cpp
  2. 1
      libi2pd/Crypto.h
  3. 51
      libi2pd/SSU2.cpp

10
libi2pd/Crypto.cpp
Unescape View File

@ -1305,6 +1305,16 @@ namespace crypto
SHA256_Final (m_H, &ctx); SHA256_Final (m_H, &ctx);
} }
void NoiseSymmetricState::MixHash (const std::vector<std::pair<uint8_t *, size_t> >& bufs)
{
SHA256_CTX ctx;
SHA256_Init (&ctx);
SHA256_Update (&ctx, m_H, 32);
for (const auto& it: bufs)
SHA256_Update (&ctx, it.first, it.second);
SHA256_Final (m_H, &ctx);
}
void NoiseSymmetricState::MixKey (const uint8_t * sharedSecret) void NoiseSymmetricState::MixKey (const uint8_t * sharedSecret)
{ {
HKDF (m_CK, sharedSecret, 32, "", m_CK); HKDF (m_CK, sharedSecret, 32, "", m_CK);

1
libi2pd/Crypto.h
Unescape View File

@ -317,6 +317,7 @@ namespace crypto
uint8_t m_H[32] /*h*/, m_CK[64] /*[ck, k]*/; uint8_t m_H[32] /*h*/, m_CK[64] /*[ck, k]*/;
void MixHash (const uint8_t * buf, size_t len); void MixHash (const uint8_t * buf, size_t len);
void MixHash (const std::vector<std::pair<uint8_t *, size_t> >& bufs);
void MixKey (const uint8_t * sharedSecret); void MixKey (const uint8_t * sharedSecret);
}; };

51
libi2pd/SSU2.cpp
Unescape View File

@ -59,15 +59,15 @@ namespace transport
memset (header.h.h2.h.packetNum, 0, 4); memset (header.h.h2.h.packetNum, 0, 4);
header.h.h2.h.type = eSSU2SessionRequest; header.h.h2.h.type = eSSU2SessionRequest;
header.h.h2.h.flags[0] = 2; // ver header.h.h2.h.flags[0] = 2; // ver
header.h.h2.h.flags[1] = 2; // netID TODO: header.h.h2.h.flags[1] = (uint8_t)i2p::context.GetNetID (); // netID
header.h.h2.h.flags[2] = 0; // flag header.h.h2.h.flags[2] = 0; // flag
RAND_bytes ((uint8_t *)&m_SourceConnID, 8); RAND_bytes ((uint8_t *)&m_SourceConnID, 8);
memcpy (headerX, &m_SourceConnID, 8); // source id memcpy (headerX, &m_SourceConnID, 8); // source id
memset (headerX + 8, 0, 8); // token RAND_bytes (headerX + 8, 8); // token
memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // X memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // X
m_Server.AddPendingOutgoingSession (boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port), shared_from_this ()); m_Server.AddPendingOutgoingSession (boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port), shared_from_this ());
// KDF for session request // KDF for session request
m_NoiseState->MixHash (header.buf, 16); // h = SHA256(h || header) TODO: long header m_NoiseState->MixHash ({ {header.buf, 16}, {headerX, 16} }); // h = SHA256(h || header)
m_NoiseState->MixHash (m_EphemeralKeys->GetPublicKey (), 32); // h = SHA256(h || aepk); m_NoiseState->MixHash (m_EphemeralKeys->GetPublicKey (), 32); // h = SHA256(h || aepk);
uint8_t sharedSecret[32]; uint8_t sharedSecret[32];
m_EphemeralKeys->Agree (m_Address->s, sharedSecret); m_EphemeralKeys->Agree (m_Address->s, sharedSecret);
@ -79,6 +79,7 @@ namespace transport
header.ll[1] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 12)); header.ll[1] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 12));
i2p::crypto::ChaCha20 (headerX, 48, m_Address->i, nonce, headerX); i2p::crypto::ChaCha20 (headerX, 48, m_Address->i, nonce, headerX);
payloadSize += 16; payloadSize += 16;
m_NoiseState->MixHash (payload, 32); // h = SHA256(h || 32 byte encrypted payload from Session Request) for SessionCreated
// send // send
m_Server.Send (header.buf, 16, headerX, 48, payload, payloadSize, boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port)); m_Server.Send (header.buf, 16, headerX, 48, payload, payloadSize, boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port));
} }
@ -87,12 +88,13 @@ namespace transport
{ {
// we are Bob // we are Bob
m_SourceConnID = connID; m_SourceConnID = connID;
Header2 h2; Header header;
memcpy (h2.buf, buf, 8); header.h.connID = connID;
h2.ll ^= CreateHeaderMask (i2p::context.GetSSU2IntroKey (), buf + (len - 12)); memcpy (header.h.h2.buf, buf, 8);
if (h2.h.type != eSSU2SessionRequest) header.h.h2.ll ^= CreateHeaderMask (i2p::context.GetSSU2IntroKey (), buf + (len - 12));
if (header.h.h2.h.type != eSSU2SessionRequest)
{ {
LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)h2.h.type); LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)header.h.h2.h.type);
return; return;
} }
const uint8_t nonce[12] = {0}; const uint8_t nonce[12] = {0};
@ -100,7 +102,7 @@ namespace transport
i2p::crypto::ChaCha20 (buf + 16, 48, i2p::context.GetSSU2IntroKey (), nonce, headerX); i2p::crypto::ChaCha20 (buf + 16, 48, i2p::context.GetSSU2IntroKey (), nonce, headerX);
memcpy (&m_DestConnID, headerX, 8); memcpy (&m_DestConnID, headerX, 8);
// KDF for session request // KDF for session request
//m_NoiseState->MixHash (header.buf, 16); // h = SHA256(h || header) TODO: long header m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)
m_NoiseState->MixHash (headerX + 16, 32); // h = SHA256(h || aepk); m_NoiseState->MixHash (headerX + 16, 32); // h = SHA256(h || aepk);
uint8_t sharedSecret[32]; uint8_t sharedSecret[32];
i2p::context.GetSSU2StaticKeys ().Agree (headerX + 16, sharedSecret); i2p::context.GetSSU2StaticKeys ().Agree (headerX + 16, sharedSecret);
@ -120,16 +122,37 @@ namespace transport
bool SSU2Session::ProcessSessionCreated (uint8_t * buf, size_t len) bool SSU2Session::ProcessSessionCreated (uint8_t * buf, size_t len)
{ {
// we are Alice // we are Alice
Header2 h2; Header header;
memcpy (h2.buf, buf, 8); header.h.connID = m_SourceConnID;
memcpy (header.h.h2.buf, buf, 8);
uint8_t kh2[32]; uint8_t kh2[32];
i2p::crypto::HKDF (m_NoiseState->m_CK, nullptr, 0, "SessCreateHeader", kh2, 32); // k_header_2 = HKDF(chainKey, ZEROLEN, "SessCreateHeader", 32) i2p::crypto::HKDF (m_NoiseState->m_CK, nullptr, 0, "SessCreateHeader", kh2, 32); // k_header_2 = HKDF(chainKey, ZEROLEN, "SessCreateHeader", 32)
h2.ll ^= CreateHeaderMask (kh2, buf + (len - 12)); header.h.h2.ll ^= CreateHeaderMask (kh2, buf + (len - 12));
if (h2.h.type != eSSU2SessionCreated) if (header.h.h2.h.type != eSSU2SessionCreated)
{
LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)header.h.h2.h.type);
return false;
}
const uint8_t nonce[12] = {0};
uint8_t headerX[48];
i2p::crypto::ChaCha20 (buf + 16, 48, kh2, nonce, headerX);
// KDF for SessionCreated
m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)
m_NoiseState->MixHash (headerX + 16, 32); // h = SHA256(h || bepk);
uint8_t sharedSecret[32];
m_EphemeralKeys->Agree (headerX + 16, sharedSecret);
m_NoiseState->MixKey (sharedSecret);
// decrypt
uint8_t * payload = buf + 64;
if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len - 80, m_NoiseState->m_H, 32, m_NoiseState->m_CK + 32, nonce, payload, len - 80, false))
{ {
LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)h2.h.type); LogPrint (eLogWarning, "SSU2: SessionCreated AEAD verification failed ");
return false; return false;
} }
// process payload
m_Server.AddSession (m_SourceConnID, shared_from_this ());
return true; return true;
} }

Write Preview
Loading…
Cancel
Save