From a70d0edf2e8b80f7553c709c07aa93f96e36082a Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 5 Jun 2018 16:15:33 -0400 Subject: [PATCH] encrypt SessionRequest options block --- libi2pd/NTCP2.cpp | 16 ++++++++++++---- libi2pd/NTCP2.h | 2 +- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp index e6072207..8b33eb0d 100644 --- a/libi2pd/NTCP2.cpp +++ b/libi2pd/NTCP2.cpp @@ -24,8 +24,8 @@ namespace transport { static const char protocolName[] = "Noise_XK_25519_ChaChaPoly_SHA256"; // 32 bytes uint8_t h[64], ck[33]; - SHA256 ((const uint8_t *)protocolName, 32, h); - memcpy (ck, h, 32); + memcpy (ck, protocolName, 32); + SHA256 ((const uint8_t *)protocolName, 32, h); // h = SHA256(h || rs) memcpy (h + 32, rs, 32); SHA256 (h, 64, h); @@ -60,7 +60,7 @@ namespace transport BN_CTX_free (ctx); } - void NTCP2Session::SendSessionRequest (const uint8_t * iv) + void NTCP2Session::SendSessionRequest (const uint8_t * iv, const uint8_t * rs) { i2p::crypto::AESAlignedBuffer<32> x; CreateEphemeralKey (x); @@ -68,7 +68,15 @@ namespace transport i2p::crypto::CBCEncryption encryption; encryption.SetKey (GetRemoteIdentity ()->GetIdentHash ()); encryption.SetIV (iv); - encryption.Encrypt (2, x.GetChipherBlock (), x.GetChipherBlock ()); + encryption.Encrypt (2, x.GetChipherBlock (), x.GetChipherBlock ()); + // encryption key for next block + uint8_t key[32]; + KeyDerivationFunction (rs, x, key); + // options + uint8_t options[32]; + // TODO: fill 16 bytes options + i2p::crypto::Poly1305HMAC (((uint32_t *)options) + 4, (uint32_t *)key, options, 16); // calculate MAC first + i2p::crypto::chacha20 (options, 16, 0, key); // then encrypt } } } diff --git a/libi2pd/NTCP2.h b/libi2pd/NTCP2.h index 11bb2674..52319db3 100644 --- a/libi2pd/NTCP2.h +++ b/libi2pd/NTCP2.h @@ -21,7 +21,7 @@ namespace transport bool KeyDerivationFunction (const uint8_t * rs, const uint8_t * pub, uint8_t * derived); void CreateEphemeralKey (uint8_t * pub); - void SendSessionRequest (const uint8_t * iv); + void SendSessionRequest (const uint8_t * iv, const uint8_t * rs); private: