PurpleI2P/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-22 08:14:15 +00:00
Code Issues Releases Activity

MixHash for SSU2 long header

Browse Source
This commit is contained in:
orignal 2022-03-07 18:20:06 -05:00
parent d4ede6ff01
commit a152f36894
3 changed files with 48 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libi2pd/Crypto.cpp
View File

@ -1305,6 +1305,16 @@ namespace crypto
SHA256_Final (m_H, &ctx); SHA256_Final (m_H, &ctx);
} }
void NoiseSymmetricState::MixHash (const std::vector<std::pair<uint8_t *, size_t> >& bufs)
{
SHA256_CTX ctx;
SHA256_Init (&ctx);
SHA256_Update (&ctx, m_H, 32);
for (const auto& it: bufs)
SHA256_Update (&ctx, it.first, it.second);
SHA256_Final (m_H, &ctx);
}
void NoiseSymmetricState::MixKey (const uint8_t * sharedSecret) void NoiseSymmetricState::MixKey (const uint8_t * sharedSecret)
{ {
HKDF (m_CK, sharedSecret, 32, "", m_CK); HKDF (m_CK, sharedSecret, 32, "", m_CK);

1
libi2pd/Crypto.h
View File

@ -317,6 +317,7 @@ namespace crypto
uint8_t m_H[32] /*h*/, m_CK[64] /*[ck, k]*/; uint8_t m_H[32] /*h*/, m_CK[64] /*[ck, k]*/;
void MixHash (const uint8_t * buf, size_t len); void MixHash (const uint8_t * buf, size_t len);
void MixHash (const std::vector<std::pair<uint8_t *, size_t> >& bufs);
void MixKey (const uint8_t * sharedSecret); void MixKey (const uint8_t * sharedSecret);
}; };

51
libi2pd/SSU2.cpp
View File

@ -59,15 +59,15 @@ namespace transport
memset (header.h.h2.h.packetNum, 0, 4); memset (header.h.h2.h.packetNum, 0, 4);
header.h.h2.h.type = eSSU2SessionRequest; header.h.h2.h.type = eSSU2SessionRequest;
header.h.h2.h.flags[0] = 2; // ver header.h.h2.h.flags[0] = 2; // ver
header.h.h2.h.flags[1] = 2; // netID TODO: header.h.h2.h.flags[1] = (uint8_t)i2p::context.GetNetID (); // netID
header.h.h2.h.flags[2] = 0; // flag header.h.h2.h.flags[2] = 0; // flag
RAND_bytes ((uint8_t *)&m_SourceConnID, 8); RAND_bytes ((uint8_t *)&m_SourceConnID, 8);
memcpy (headerX, &m_SourceConnID, 8); // source id memcpy (headerX, &m_SourceConnID, 8); // source id
memset (headerX + 8, 0, 8); // token RAND_bytes (headerX + 8, 8); // token
memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // X memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // X
m_Server.AddPendingOutgoingSession (boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port), shared_from_this ()); m_Server.AddPendingOutgoingSession (boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port), shared_from_this ());
// KDF for session request // KDF for session request
m_NoiseState->MixHash (header.buf, 16); // h = SHA256(h || header) TODO: long header m_NoiseState->MixHash ({ {header.buf, 16}, {headerX, 16} }); // h = SHA256(h || header)
m_NoiseState->MixHash (m_EphemeralKeys->GetPublicKey (), 32); // h = SHA256(h || aepk); m_NoiseState->MixHash (m_EphemeralKeys->GetPublicKey (), 32); // h = SHA256(h || aepk);
uint8_t sharedSecret[32]; uint8_t sharedSecret[32];
m_EphemeralKeys->Agree (m_Address->s, sharedSecret); m_EphemeralKeys->Agree (m_Address->s, sharedSecret);
@ -79,6 +79,7 @@ namespace transport
header.ll[1] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 12)); header.ll[1] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 12));
i2p::crypto::ChaCha20 (headerX, 48, m_Address->i, nonce, headerX); i2p::crypto::ChaCha20 (headerX, 48, m_Address->i, nonce, headerX);
payloadSize += 16; payloadSize += 16;
m_NoiseState->MixHash (payload, 32); // h = SHA256(h || 32 byte encrypted payload from Session Request) for SessionCreated
// send // send
m_Server.Send (header.buf, 16, headerX, 48, payload, payloadSize, boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port)); m_Server.Send (header.buf, 16, headerX, 48, payload, payloadSize, boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port));
} }
@ -87,12 +88,13 @@ namespace transport
{ {
// we are Bob // we are Bob
m_SourceConnID = connID; m_SourceConnID = connID;
Header2 h2; Header header;
memcpy (h2.buf, buf, 8); header.h.connID = connID;
h2.ll ^= CreateHeaderMask (i2p::context.GetSSU2IntroKey (), buf + (len - 12)); memcpy (header.h.h2.buf, buf, 8);
if (h2.h.type != eSSU2SessionRequest) header.h.h2.ll ^= CreateHeaderMask (i2p::context.GetSSU2IntroKey (), buf + (len - 12));
if (header.h.h2.h.type != eSSU2SessionRequest)
{ {
LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)h2.h.type); LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)header.h.h2.h.type);
return; return;
} }
const uint8_t nonce[12] = {0}; const uint8_t nonce[12] = {0};
@ -100,7 +102,7 @@ namespace transport
i2p::crypto::ChaCha20 (buf + 16, 48, i2p::context.GetSSU2IntroKey (), nonce, headerX); i2p::crypto::ChaCha20 (buf + 16, 48, i2p::context.GetSSU2IntroKey (), nonce, headerX);
memcpy (&m_DestConnID, headerX, 8); memcpy (&m_DestConnID, headerX, 8);
// KDF for session request // KDF for session request
//m_NoiseState->MixHash (header.buf, 16); // h = SHA256(h || header) TODO: long header m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)
m_NoiseState->MixHash (headerX + 16, 32); // h = SHA256(h || aepk); m_NoiseState->MixHash (headerX + 16, 32); // h = SHA256(h || aepk);
uint8_t sharedSecret[32]; uint8_t sharedSecret[32];
i2p::context.GetSSU2StaticKeys ().Agree (headerX + 16, sharedSecret); i2p::context.GetSSU2StaticKeys ().Agree (headerX + 16, sharedSecret);
@ -120,16 +122,37 @@ namespace transport
bool SSU2Session::ProcessSessionCreated (uint8_t * buf, size_t len) bool SSU2Session::ProcessSessionCreated (uint8_t * buf, size_t len)
{ {
// we are Alice // we are Alice
Header2 h2; Header header;
memcpy (h2.buf, buf, 8); header.h.connID = m_SourceConnID;
memcpy (header.h.h2.buf, buf, 8);
uint8_t kh2[32]; uint8_t kh2[32];
i2p::crypto::HKDF (m_NoiseState->m_CK, nullptr, 0, "SessCreateHeader", kh2, 32); // k_header_2 = HKDF(chainKey, ZEROLEN, "SessCreateHeader", 32) i2p::crypto::HKDF (m_NoiseState->m_CK, nullptr, 0, "SessCreateHeader", kh2, 32); // k_header_2 = HKDF(chainKey, ZEROLEN, "SessCreateHeader", 32)
h2.ll ^= CreateHeaderMask (kh2, buf + (len - 12)); header.h.h2.ll ^= CreateHeaderMask (kh2, buf + (len - 12));
if (h2.h.type != eSSU2SessionCreated) if (header.h.h2.h.type != eSSU2SessionCreated)
{ {
LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)h2.h.type); LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)header.h.h2.h.type);
return false; return false;
} }
const uint8_t nonce[12] = {0};
uint8_t headerX[48];
i2p::crypto::ChaCha20 (buf + 16, 48, kh2, nonce, headerX);
// KDF for SessionCreated
m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)
m_NoiseState->MixHash (headerX + 16, 32); // h = SHA256(h || bepk);
uint8_t sharedSecret[32];
m_EphemeralKeys->Agree (headerX + 16, sharedSecret);
m_NoiseState->MixKey (sharedSecret);
// decrypt
uint8_t * payload = buf + 64;
if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len - 80, m_NoiseState->m_H, 32, m_NoiseState->m_CK + 32, nonce, payload, len - 80, false))
{
LogPrint (eLogWarning, "SSU2: SessionCreated AEAD verification failed ");
return false;
}
// process payload
m_Server.AddSession (m_SourceConnID, shared_from_this ());
return true; return true;
} }