From f9175db28e98ed487bfa1696409fe79ea3c9c71b Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Thu, 16 Apr 2020 21:30:18 -0400
Subject: [PATCH] store intermediate symmetric keys

---
 libi2pd/ECIESX25519AEADRatchetSession.cpp | 33 ++++++++++++++---------
 libi2pd/ECIESX25519AEADRatchetSession.h   |  9 +++----
 2 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/libi2pd/ECIESX25519AEADRatchetSession.cpp b/libi2pd/ECIESX25519AEADRatchetSession.cpp
index 35ccbd34..84ee9d5e 100644
--- a/libi2pd/ECIESX25519AEADRatchetSession.cpp
+++ b/libi2pd/ECIESX25519AEADRatchetSession.cpp
@@ -44,27 +44,36 @@ namespace garlic
 
 	void RatchetTagSet::GetSymmKey (int index, uint8_t * key)
 	{
-		if (m_NextSymmKeyIndex > 0 && index >= m_NextSymmKeyIndex)
+		if (index >= m_NextSymmKeyIndex)
 		{	
 			auto num = index + 1 - m_NextSymmKeyIndex;
+			if (!m_NextSymmKeyIndex)
+			{
+				i2p::crypto::HKDF (m_SymmKeyCK, nullptr, 0, "SymmetricRatchet", m_CurrentSymmKeyCK); // keydata_0 = HKDF(symmKey_ck, SYMMKEY_CONSTANT, "SymmetricRatchet", 64)
+				m_NextSymmKeyIndex = 1;
+				num--;
+			}	
 			for (int i = 0; i < num; i++)
+			{	
 				i2p::crypto::HKDF (m_CurrentSymmKeyCK, nullptr, 0, "SymmetricRatchet", m_CurrentSymmKeyCK);
+				if (i < num - 1)
+					m_ItermediateSymmKeys.emplace (m_NextSymmKeyIndex + i, m_CurrentSymmKeyCK + 32);
+			}	
 			m_NextSymmKeyIndex += num;
 			memcpy (key, m_CurrentSymmKeyCK + 32, 32);
 		}
 		else
-			CalculateSymmKeyCK (index, key);			
+		{
+			auto it = m_ItermediateSymmKeys.find (index);
+			if (it != m_ItermediateSymmKeys.end ())
+			{	
+				memcpy (key, it->second, 32);
+				m_ItermediateSymmKeys.erase (it);
+			}	
+			else
+				LogPrint (eLogError, "Garlic: Missing symmetric key for index ", index);
+		}	
 	}	
-
-	void RatchetTagSet::CalculateSymmKeyCK (int index, uint8_t * key)
-	{
-		// TODO: store intermediate keys	
-		uint8_t currentSymmKeyCK[64];
-		i2p::crypto::HKDF (m_SymmKeyCK, nullptr, 0, "SymmetricRatchet", currentSymmKeyCK); // keydata_0 = HKDF(symmKey_ck, SYMMKEY_CONSTANT, "SymmetricRatchet", 64)
-		for (int i = 0; i < index; i++)
-			i2p::crypto::HKDF (currentSymmKeyCK, nullptr, 0, "SymmetricRatchet", currentSymmKeyCK); // keydata_n = HKDF(symmKey_chainKey_(n-1), SYMMKEY_CONSTANT, "SymmetricRatchet", 64)
-		memcpy (key, currentSymmKeyCK + 32, 32);
-	}
 	
     ECIESX25519AEADRatchetSession::ECIESX25519AEADRatchetSession (GarlicDestination * owner):
         GarlicRoutingSession (owner, true)
diff --git a/libi2pd/ECIESX25519AEADRatchetSession.h b/libi2pd/ECIESX25519AEADRatchetSession.h
index 3185a7fc..bc9d9eea 100644
--- a/libi2pd/ECIESX25519AEADRatchetSession.h
+++ b/libi2pd/ECIESX25519AEADRatchetSession.h
@@ -7,9 +7,11 @@
 #include <memory>
 #include <vector>
 #include <list>
+#include <unordered_map>
 #include "Identity.h"
 #include "Crypto.h"
 #include "Garlic.h"
+#include "Tag.h"
 
 namespace i2p
 {
@@ -24,10 +26,6 @@ namespace garlic
             uint64_t GetNextSessionTag ();
 			int GetNextIndex () const { return m_NextIndex; }; 
 			void GetSymmKey (int index, uint8_t * key);
-
-        private:
-
-			void CalculateSymmKeyCK (int index, uint8_t * key);
 				
 		private:
 			
@@ -42,7 +40,8 @@ namespace garlic
              
            } m_KeyData;  
            uint8_t m_SessTagConstant[32], m_SymmKeyCK[32], m_CurrentSymmKeyCK[64];   
-		   int m_NextIndex, m_NextSymmKeyIndex;		
+		   int m_NextIndex, m_NextSymmKeyIndex;
+		   std::unordered_map<int, i2p::data::Tag<32> > m_ItermediateSymmKeys;
     };       
 
     enum ECIESx25519BlockType