|
|
|
@ -54,14 +54,17 @@ namespace transport |
|
|
|
0x61, 0x27, 0x03, 0x31, 0xba, 0x89, 0xb8, 0xfc, 0x33, 0x15, 0x93, 0x87, 0x57, 0xdd, 0x3d, 0x1e |
|
|
|
0x61, 0x27, 0x03, 0x31, 0xba, 0x89, 0xb8, 0xfc, 0x33, 0x15, 0x93, 0x87, 0x57, 0xdd, 0x3d, 0x1e |
|
|
|
}; // SHA256 (protocolNameHash)
|
|
|
|
}; // SHA256 (protocolNameHash)
|
|
|
|
memcpy (m_CK, protocolNameHash, 32); |
|
|
|
memcpy (m_CK, protocolNameHash, 32); |
|
|
|
// h = SHA256(h || rs)
|
|
|
|
// h = SHA256(hh || rs)
|
|
|
|
uint8_t h[64]; |
|
|
|
SHA256_CTX ctx; |
|
|
|
memcpy (h, hh, 32); |
|
|
|
SHA256_Init (&ctx); |
|
|
|
memcpy (h + 32, rs, 32); |
|
|
|
SHA256_Update (&ctx, hh, 32); |
|
|
|
SHA256 (h, 64, h); |
|
|
|
SHA256_Update (&ctx, rs, 32); |
|
|
|
|
|
|
|
SHA256_Final (m_H, &ctx); |
|
|
|
// h = SHA256(h || pub)
|
|
|
|
// h = SHA256(h || pub)
|
|
|
|
memcpy (h + 32, pub, 32); |
|
|
|
SHA256_Init (&ctx); |
|
|
|
SHA256 (h, 64, m_H); |
|
|
|
SHA256_Update (&ctx, m_H, 32); |
|
|
|
|
|
|
|
SHA256_Update (&ctx, pub, 32); |
|
|
|
|
|
|
|
SHA256_Final (m_H, &ctx); |
|
|
|
// x25519 between rs and priv
|
|
|
|
// x25519 between rs and priv
|
|
|
|
uint8_t inputKeyMaterial[32]; |
|
|
|
uint8_t inputKeyMaterial[32]; |
|
|
|
i2p::crypto::GetEd25519 ()->ScalarMul (rs, priv, inputKeyMaterial, m_Ctx); // rs*priv
|
|
|
|
i2p::crypto::GetEd25519 ()->ScalarMul (rs, priv, inputKeyMaterial, m_Ctx); // rs*priv
|
|
|
|
@ -80,21 +83,24 @@ namespace transport |
|
|
|
|
|
|
|
|
|
|
|
void NTCP2Establisher::KeyDerivationFunction2 (const uint8_t * sessionRequest, size_t sessionRequestLen) |
|
|
|
void NTCP2Establisher::KeyDerivationFunction2 (const uint8_t * sessionRequest, size_t sessionRequestLen) |
|
|
|
{ |
|
|
|
{ |
|
|
|
uint8_t h[64]; |
|
|
|
SHA256_CTX ctx; |
|
|
|
memcpy (h, m_H, 32); |
|
|
|
SHA256_Init (&ctx); |
|
|
|
memcpy (h + 32, sessionRequest + 32, 32); // encrypted payload
|
|
|
|
SHA256_Update (&ctx, m_H, 32); |
|
|
|
SHA256 (h, 64, h); |
|
|
|
SHA256_Update (&ctx, sessionRequest + 32, 32); // encrypted payload
|
|
|
|
|
|
|
|
SHA256_Final (m_H, &ctx); |
|
|
|
|
|
|
|
|
|
|
|
int paddingLength = sessionRequestLen - 64; |
|
|
|
int paddingLength = sessionRequestLen - 64; |
|
|
|
if (paddingLength > 0) |
|
|
|
if (paddingLength > 0) |
|
|
|
{ |
|
|
|
{ |
|
|
|
SHA256_CTX ctx; |
|
|
|
|
|
|
|
SHA256_Init (&ctx); |
|
|
|
SHA256_Init (&ctx); |
|
|
|
SHA256_Update (&ctx, h, 32); |
|
|
|
SHA256_Update (&ctx, m_H, 32); |
|
|
|
SHA256_Update (&ctx, sessionRequest + 64, paddingLength); |
|
|
|
SHA256_Update (&ctx, sessionRequest + 64, paddingLength); |
|
|
|
SHA256_Final (h, &ctx); |
|
|
|
SHA256_Final (m_H, &ctx); |
|
|
|
} |
|
|
|
} |
|
|
|
memcpy (h + 32, GetRemotePub (), 32); |
|
|
|
SHA256_Init (&ctx); |
|
|
|
SHA256 (h, 64, m_H); |
|
|
|
SHA256_Update (&ctx, m_H, 32); |
|
|
|
|
|
|
|
SHA256_Update (&ctx, GetRemotePub (), 32); |
|
|
|
|
|
|
|
SHA256_Final (m_H, &ctx); |
|
|
|
|
|
|
|
|
|
|
|
// x25519 between remote pub and priv
|
|
|
|
// x25519 between remote pub and priv
|
|
|
|
uint8_t inputKeyMaterial[32]; |
|
|
|
uint8_t inputKeyMaterial[32]; |
|
|
|
|
orignal
6 years ago