deccrypt and handle garlic message for ECIES router

4 years ago · e2fcab34b7
3 changed files with 40 additions and 2 deletions
--- a/libi2pd/ECIESX25519AEADRatchetSession.cpp
+++ b/libi2pd/ECIESX25519AEADRatchetSession.cpp
@ -503,7 +503,7 @@ namespace garlic
				@@ -503,7 +503,7 @@ namespace garlic
 		m_EphemeralKeys->Agree (m_RemoteStaticKey, sharedSecret); // x25519(aesk, bpk)
 		MixKey (sharedSecret); 
 		uint8_t nonce[12];
-		memset (nonce, 0, 12);
+		CreateNonce (0, nonce);
 		// encrypt payload
 		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len, m_H, 32, m_CK + 32, nonce, out + offset, len + 16, true)) // encrypt
 		{
@ -770,6 +770,28 @@ namespace garlic
				@@ -770,6 +770,28 @@ namespace garlic
 		return true;
 	}

+	bool ECIESX25519AEADRatchetSession::HandleNextMessageForRouter (const uint8_t * buf, size_t len)
+	{
+		if (!GetOwner ()) return false;
+		// we are Bob
+		i2p::crypto::InitNoiseNState (*this, GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)); // bpk
+		MixHash (buf, 32);
+		uint8_t sharedSecret[32];
+		GetOwner ()->Decrypt (buf, sharedSecret, nullptr, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD); // x25519(bsk, aepk)
+		MixKey (sharedSecret);
+		buf += 32; len -= 32;	
+		uint8_t nonce[12];
+		CreateNonce (0, nonce);
+		std::vector<uint8_t> payload (len - 16); 
+		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, len - 16, m_H, 32, m_CK + 32, nonce, payload.data (), len - 16, false)) // decrypt
+		{
+			LogPrint (eLogWarning, "Garlic: Payload for router AEAD verification failed");
+			return false;
+		}
+		HandlePayload (payload.data (), len - 16, nullptr, 0);
+		return true;
+	}	
+		
 	std::shared_ptr<I2NPMessage> ECIESX25519AEADRatchetSession::WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg)
 	{
 		auto payload = CreatePayload (msg, m_State != eSessionStateEstablished);
--- a/libi2pd/ECIESX25519AEADRatchetSession.h
+++ b/libi2pd/ECIESX25519AEADRatchetSession.h
@ -158,6 +158,7 @@ namespace garlic
				@@ -158,6 +158,7 @@ namespace garlic
 			~ECIESX25519AEADRatchetSession ();

 			bool HandleNextMessage (uint8_t * buf, size_t len, std::shared_ptr<RatchetTagSet> receiveTagset, int index = 0);
+			bool HandleNextMessageForRouter (const uint8_t * buf, size_t len);
 			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg);
 			std::shared_ptr<I2NPMessage> WrapOneTimeMessage (std::shared_ptr<const I2NPMessage> msg, bool isForRouter = false);
 			
--- a/libi2pd/RouterContext.cpp
+++ b/libi2pd/RouterContext.cpp
@ -19,6 +19,7 @@
				@@ -19,6 +19,7 @@
 #include "version.h"
 #include "Log.h"
 #include "Family.h"
+#include "ECIESX25519AEADRatchetSession.h"
 #include "RouterContext.h"

 namespace i2p
@ -672,7 +673,21 @@ namespace i2p
				@@ -672,7 +673,21 @@ namespace i2p
 	void RouterContext::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		std::unique_lock<std::mutex> l(m_GarlicMutex);
-		i2p::garlic::GarlicDestination::ProcessGarlicMessage (msg);
+		if (IsECIES ())
+		{
+			uint8_t * buf = msg->GetPayload ();
+			uint32_t len = bufbe32toh (buf);
+			if (len > msg->GetLength ())
+			{
+				LogPrint (eLogWarning, "Router: garlic message length ", len, " exceeds I2NP message length ", msg->GetLength ());
+				return;
+			}
+			buf += 4;
+			auto session = std::make_shared<i2p::garlic::ECIESX25519AEADRatchetSession>(this, false);
+			session->HandleNextMessageForRouter (buf, len);
+		}	
+		else	
+			i2p::garlic::GarlicDestination::ProcessGarlicMessage (msg);
 	}

 	void RouterContext::ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)