diff --git a/libi2pd/SSU2.cpp b/libi2pd/SSU2.cpp index 32fe087f..3642a806 100644 --- a/libi2pd/SSU2.cpp +++ b/libi2pd/SSU2.cpp @@ -35,6 +35,11 @@ namespace transport // outgoing InitNoiseXKState1 (*m_NoiseState, addr->s); } + else + { + // incoming + InitNoiseXKState1 (*m_NoiseState, i2p::context.GetSSU2StaticPublicKey ()); + } } SSU2Session::~SSU2Session () @@ -44,7 +49,6 @@ namespace transport void SSU2Session::SendSessionRequest () { m_EphemeralKeys = i2p::transport::transports.GetNextX25519KeysPair (); - m_NoiseState->MixHash (m_Address->s, 32); // h = SHA256(h || bpk) Header header; uint8_t headerX[48], payload[1200]; // TODO: correct payload size @@ -69,18 +73,53 @@ namespace transport m_EphemeralKeys->Agree (m_Address->s, sharedSecret); m_NoiseState->MixKey (sharedSecret); // encrypt + const uint8_t nonce[12] = {0}; + i2p::crypto::AEADChaCha20Poly1305 (payload, payloadSize, m_NoiseState->m_H, 32, m_NoiseState->m_CK + 32, nonce, payload, payloadSize + 16, true); header.ll[0] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 24)); header.ll[1] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 12)); - const uint8_t nonce[12] = {0}; i2p::crypto::ChaCha20 (headerX, 48, m_Address->i, nonce, headerX); - i2p::crypto::AEADChaCha20Poly1305 (payload, payloadSize, m_NoiseState->m_H, 32, m_NoiseState->m_CK + 32, nonce, payload, payloadSize + 16, true); payloadSize += 16; // send m_Server.Send (header.buf, 16, headerX, 48, payload, payloadSize, boost::asio::ip::udp::endpoint (m_Address->host, m_Address->port)); } + void SSU2Session::ProcessSessionRequest (uint64_t connID, uint8_t * buf, size_t len) + { + // we are Bob + m_SourceConnID = connID; + Header2 h2; + memcpy (h2.buf, buf, 8); + h2.ll ^= CreateHeaderMask (i2p::context.GetSSU2IntroKey (), buf + (len - 12)); + if (h2.h.type != eSSU2SessionRequest) + { + LogPrint (eLogWarning, "SSU2: Unexpected message type ", (int)h2.h.type); + return; + } + const uint8_t nonce[12] = {0}; + uint8_t headerX[48]; + i2p::crypto::ChaCha20 (buf + 16, 48, i2p::context.GetSSU2IntroKey (), nonce, headerX); + memcpy (&m_DestConnID, headerX, 8); + // KDF for session request + //m_NoiseState->MixHash (header.buf, 16); // h = SHA256(h || header) TODO: long header + m_NoiseState->MixHash (headerX + 16, 32); // h = SHA256(h || aepk); + uint8_t sharedSecret[32]; + i2p::context.GetSSU2StaticKeys ().Agree (headerX + 16, sharedSecret); + m_NoiseState->MixKey (sharedSecret); + // decrypt + uint8_t * payload = buf + 64; + if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len - 80, m_NoiseState->m_H, 32, m_NoiseState->m_CK + 32, nonce, payload, len - 80, false)) + { + LogPrint (eLogWarning, "SSU2: SessionRequest AEAD verification failed "); + return; + } + // process payload + + m_Server.AddSession (m_SourceConnID, shared_from_this ()); + } + bool SSU2Session::ProcessSessionCreated (uint8_t * buf, size_t len) { + // we are Alice Header2 h2; memcpy (h2.buf, buf, 8); uint8_t kh2[32]; @@ -147,6 +186,8 @@ namespace transport else { // assume new incoming session + auto session = std::make_shared (*this); + session->ProcessSessionRequest (connID, buf, len); } } } diff --git a/libi2pd/SSU2.h b/libi2pd/SSU2.h index e5f69c1b..613617bc 100644 --- a/libi2pd/SSU2.h +++ b/libi2pd/SSU2.h @@ -62,6 +62,10 @@ namespace transport std::shared_ptr addr = nullptr, bool peerTest = false); ~SSU2Session (); + void Done () override {}; + void SendI2NPMessages (const std::vector >& msgs) override {}; + + void ProcessSessionRequest (uint64_t connID, uint8_t * buf, size_t len); bool ProcessSessionCreated (uint8_t * buf, size_t len); private: