From c41081d35c237dcf79bb7f714ed876ea7cf4df94 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Wed, 15 Aug 2018 11:42:56 -0400
Subject: [PATCH] check timestamps

---
 libi2pd/NTCP2.cpp | 26 +++++++++++++++++++++-----
 libi2pd/NTCP2.h   |  2 ++
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp
index 325af961..0cac7efa 100644
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@@ -259,12 +259,20 @@ namespace transport
 		memset (nonce, 0, 12); // set nonce to zero
 		if (i2p::crypto::AEADChaCha20Poly1305 (m_SessionRequestBuffer + 32, 16, m_H, 32, m_K, nonce, options, 16, false)) // decrypt
 		{
-			if (options[1] == 2)
+			// options
+			if (options[1] == 2) // ver is always 2 
 			{
 				paddingLen = bufbe16toh (options + 2);
 				m_SessionRequestBufferLen = paddingLen + 64;
 				m3p2Len = bufbe16toh (options + 4);
-				// TODO: check tsA
+				// check timestamp
+				auto ts = i2p::util::GetSecondsSinceEpoch ();
+				uint32_t tsA = bufbe32toh (options + 8); 	
+				if (tsA < ts - NTCP2_CLOCK_SKEW || tsA > ts + NTCP2_CLOCK_SKEW)
+				{
+					LogPrint (eLogWarning, "NTCP2: SessionRequest time difference ", ts - tsA, " exceeds clock skew");
+					return false;
+				}
 			}
 			else
 			{
@@ -295,9 +303,17 @@ namespace transport
 		uint8_t nonce[12];
 		memset (nonce, 0, 12); // set nonce to zero
 		if (i2p::crypto::AEADChaCha20Poly1305 (m_SessionCreatedBuffer + 32, 16, m_H, 32, m_K, nonce, payload, 16, false)) // decrypt
-		{		
+		{
+			// options		
 			paddingLen = bufbe16toh(payload + 2);
-			// TODO: check tsB
+			// check timestamp
+			auto ts = i2p::util::GetSecondsSinceEpoch ();
+			uint32_t tsB = bufbe32toh (payload + 8); 	
+			if (tsB < ts - NTCP2_CLOCK_SKEW || tsB > ts + NTCP2_CLOCK_SKEW)
+			{
+				LogPrint (eLogWarning, "NTCP2: SessionCreated time difference ", ts - tsB, " exceeds clock skew");
+				return false;
+			}
 		}
 		else
 		{	
@@ -414,7 +430,7 @@ namespace transport
 		m_IsEstablished = true;
 		m_Establisher.reset (nullptr);
 		SetTerminationTimeout (NTCP2_TERMINATION_TIMEOUT);
-		transports.PeerConnected (shared_from_this ());
+	//	transports.PeerConnected (shared_from_this ());
 	}
 
 	void NTCP2Session::CreateNonce (uint64_t seqn, uint8_t * nonce)
diff --git a/libi2pd/NTCP2.h b/libi2pd/NTCP2.h
index 1f5700be..81395e46 100644
--- a/libi2pd/NTCP2.h
+++ b/libi2pd/NTCP2.h
@@ -26,6 +26,8 @@ namespace transport
 	const int NTCP2_TERMINATION_TIMEOUT = 120; // 2 minutes
 	const int NTCP2_TERMINATION_CHECK_TIMEOUT = 30; // 30 seconds
 
+	const int NTCP2_CLOCK_SKEW = 60; // in seconds	
+
 	enum NTCP2BlockType
 	{
 		eNTCP2BlkDateTime = 0,