PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

session key decryption

pull/72/head
orignal 11 years ago
parent
0a53555ac7
commit
d3812786fa
2 changed files with 37 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 41
      SSU.cpp
  2. 9
      SSU.h

41
SSU.cpp
Unescape View File

@ -29,7 +29,7 @@ namespace ssu
delete m_DHKeysPair; delete m_DHKeysPair;
} }
void SSUSession::CreateAESandMacKey (const uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey) void SSUSession::CreateAESandMacKey (const uint8_t * pubKey)
{ {
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg); CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
uint8_t sharedKey[256]; uint8_t sharedKey[256];
@ -41,14 +41,14 @@ namespace ssu
if (sharedKey[0] & 0x80) if (sharedKey[0] & 0x80)
{ {
aesKey[0] = 0; m_SessionKey[0] = 0;
memcpy (aesKey + 1, sharedKey, 31); memcpy (m_SessionKey + 1, sharedKey, 31);
memcpy (macKey, sharedKey + 31, 32); memcpy (m_MacKey, sharedKey + 31, 32);
} }
else if (sharedKey[0]) else if (sharedKey[0])
{ {
memcpy (aesKey, sharedKey, 32); memcpy (m_SessionKey, sharedKey, 32);
memcpy (macKey, sharedKey + 32, 32); memcpy (m_MacKey, sharedKey + 32, 32);
} }
else else
{ {
@ -64,10 +64,11 @@ namespace ssu
} }
} }
memcpy (aesKey, nonZero, 32); memcpy (m_SessionKey, nonZero, 32);
CryptoPP::SHA256().CalculateDigest(macKey, nonZero, 64 - (nonZero - sharedKey)); CryptoPP::SHA256().CalculateDigest(m_MacKey, nonZero, 64 - (nonZero - sharedKey));
} }
m_IsSessionKey = true; m_IsSessionKey = true;
m_SessionKeyDecryption.SetKey (m_SessionKey);
} }
void SSUSession::ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint) void SSUSession::ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
@ -83,7 +84,7 @@ namespace ssu
{ {
ScheduleTermination (); ScheduleTermination ();
if (m_IsSessionKey && Validate (buf, len, m_MacKey)) // try session key first if (m_IsSessionKey && Validate (buf, len, m_MacKey)) // try session key first
Decrypt (buf, len, m_SessionKey); DecryptSessionKey (buf, len);
else else
{ {
// try intro key depending on side // try intro key depending on side
@ -164,7 +165,7 @@ namespace ssu
m_State = eSessionStateRequestReceived; m_State = eSessionStateRequestReceived;
LogPrint ("Session request received"); LogPrint ("Session request received");
m_RemoteEndpoint = senderEndpoint; m_RemoteEndpoint = senderEndpoint;
CreateAESandMacKey (buf + sizeof (SSUHeader), m_SessionKey, m_MacKey); CreateAESandMacKey (buf + sizeof (SSUHeader));
SendSessionCreated (buf + sizeof (SSUHeader)); SendSessionCreated (buf + sizeof (SSUHeader));
} }
@ -182,7 +183,7 @@ namespace ssu
uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, signed on time uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, signed on time
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
uint8_t * y = payload; uint8_t * y = payload;
CreateAESandMacKey (y, m_SessionKey, m_MacKey); CreateAESandMacKey (y);
memcpy (signedData, m_DHKeysPair->publicKey, 256); // x memcpy (signedData, m_DHKeysPair->publicKey, 256); // x
memcpy (signedData + 256, y, 256); // y memcpy (signedData + 256, y, 256); // y
payload += 256; payload += 256;
@ -523,6 +524,24 @@ namespace ssu
m_Decryption.ProcessData (encrypted, encrypted, encryptedLen); m_Decryption.ProcessData (encrypted, encrypted, encryptedLen);
} }
void SSUSession::DecryptSessionKey (uint8_t * buf, size_t len)
{
if (len < sizeof (SSUHeader))
{
LogPrint ("Unexpected SSU packet length ", len);
return;
}
SSUHeader * header = (SSUHeader *)buf;
uint8_t * encrypted = &header->flag;
uint16_t encryptedLen = len - (encrypted - buf);
encryptedLen = (encryptedLen>>4)<<4; // make sure 16 bytes boundary
if (encryptedLen > 0)
{
m_SessionKeyDecryption.SetIV (header->iv);
m_SessionKeyDecryption.Decrypt (encrypted, encryptedLen, encrypted);
}
}
bool SSUSession::Validate (uint8_t * buf, size_t len, const uint8_t * macKey) bool SSUSession::Validate (uint8_t * buf, size_t len, const uint8_t * macKey)
{ {
if (len < sizeof (SSUHeader)) if (len < sizeof (SSUHeader))

9
SSU.h
Unescape View File

@ -9,6 +9,7 @@
#include <boost/asio.hpp> #include <boost/asio.hpp>
#include <cryptopp/modes.h> #include <cryptopp/modes.h>
#include <cryptopp/aes.h> #include <cryptopp/aes.h>
#include "aes.h"
#include "I2PEndian.h" #include "I2PEndian.h"
#include "Identity.h" #include "Identity.h"
#include "RouterInfo.h" #include "RouterInfo.h"
@ -85,7 +86,7 @@ namespace ssu
private: private:
void CreateAESandMacKey (const uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey); void CreateAESandMacKey (const uint8_t * pubKey);
void ProcessMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint); // call for established session void ProcessMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint); // call for established session
void ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint); void ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
@ -113,6 +114,7 @@ namespace ssu
void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, const uint8_t * aesKey, const uint8_t * iv, const uint8_t * macKey); void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, const uint8_t * aesKey, const uint8_t * iv, const uint8_t * macKey);
void Decrypt (uint8_t * buf, size_t len, const uint8_t * aesKey); void Decrypt (uint8_t * buf, size_t len, const uint8_t * aesKey);
void DecryptSessionKey (uint8_t * buf, size_t len);
bool Validate (uint8_t * buf, size_t len, const uint8_t * macKey); bool Validate (uint8_t * buf, size_t len, const uint8_t * macKey);
const uint8_t * GetIntroKey () const; const uint8_t * GetIntroKey () const;
@ -132,8 +134,9 @@ namespace ssu
bool m_IsSessionKey; bool m_IsSessionKey;
uint32_t m_RelayTag; uint32_t m_RelayTag;
std::set<uint32_t> m_PeerTestNonces; std::set<uint32_t> m_PeerTestNonces;
CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption; CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption; // TODO: remove
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption; CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption; // TODO: remove
i2p::crypto::CBCDecryption m_SessionKeyDecryption;
uint8_t m_SessionKey[32], m_MacKey[32]; uint8_t m_SessionKey[32], m_MacKey[32];
std::list<i2p::I2NPMessage *> m_DelayedMessages; std::list<i2p::I2NPMessage *> m_DelayedMessages;
SSUData m_Data; SSUData m_Data;

Write Preview
Loading…
Cancel
Save