Browse Source

don't use crypto++ AES directly

pull/72/head
orignal 11 years ago
parent
commit
f9cd2f6808
  1. 22
      SSU.cpp
  2. 4
      SSU.h

22
SSU.cpp

@ -204,8 +204,8 @@ namespace ssu @@ -204,8 +204,8 @@ namespace ssu
payload += 4; // relayTag
payload += 4; // signed on time
// decrypt DSA signature
m_Decryption.SetKeyWithIV (m_SessionKey, 32, ((SSUHeader *)buf)->iv);
m_Decryption.ProcessData (payload, payload, 48);
m_SessionKeyDecryption.SetIV (((SSUHeader *)buf)->iv);
m_SessionKeyDecryption.Decrypt (payload, 48, payload);
// verify
CryptoPP::DSA::PublicKey pubKey;
pubKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag, CryptoPP::Integer (m_RemoteRouter->GetRouterIdentity ().signingKey, 128));
@ -329,8 +329,8 @@ namespace ssu @@ -329,8 +329,8 @@ namespace ssu
uint8_t iv[16];
rnd.GenerateBlock (iv, 16); // random iv
// encrypt signature and 8 bytes padding with newly created session key
m_Encryption.SetKeyWithIV (m_SessionKey, 32, iv);
m_Encryption.ProcessData (payload, payload, 48);
m_SessionKeyEncryption.SetIV (iv);
m_SessionKeyEncryption.Encrypt (payload, 48, payload);
// encrypt message with intro key
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_CREATED, buf, 368, introKey, iv, introKey);
@ -501,9 +501,10 @@ namespace ssu @@ -501,9 +501,10 @@ namespace ssu
header->time = htobe32 (i2p::util::GetSecondsSinceEpoch ());
uint8_t * encrypted = &header->flag;
uint16_t encryptedLen = len - (encrypted - buf);
m_Encryption.SetKeyWithIV (aesKey, 32, iv);
encryptedLen = (encryptedLen>>4)<<4; // make sure 16 bytes boundary
m_Encryption.ProcessData (encrypted, encrypted, encryptedLen);
i2p::crypto::CBCEncryption encryption;
encryption.SetKey (aesKey);
encryption.SetIV (iv);
encryption.Encrypt (encrypted, encryptedLen, encrypted);
// assume actual buffer size is 18 (16 + 2) bytes more
memcpy (buf + len, iv, 16);
*(uint16_t *)(buf + len + 16) = htobe16 (encryptedLen);
@ -541,9 +542,10 @@ namespace ssu @@ -541,9 +542,10 @@ namespace ssu
SSUHeader * header = (SSUHeader *)buf;
uint8_t * encrypted = &header->flag;
uint16_t encryptedLen = len - (encrypted - buf);
m_Decryption.SetKeyWithIV (aesKey, 32, header->iv);
encryptedLen = (encryptedLen>>4)<<4; // make sure 16 bytes boundary
m_Decryption.ProcessData (encrypted, encrypted, encryptedLen);
i2p::crypto::CBCDecryption decryption;
decryption.SetKey (aesKey);
decryption.SetIV (header->iv);
decryption.Decrypt (encrypted, encryptedLen, encrypted);
}
void SSUSession::DecryptSessionKey (uint8_t * buf, size_t len)

4
SSU.h

@ -7,8 +7,6 @@ @@ -7,8 +7,6 @@
#include <set>
#include <thread>
#include <boost/asio.hpp>
#include <cryptopp/modes.h>
#include <cryptopp/aes.h>
#include "aes.h"
#include "I2PEndian.h"
#include "Identity.h"
@ -135,8 +133,6 @@ namespace ssu @@ -135,8 +133,6 @@ namespace ssu
bool m_IsSessionKey;
uint32_t m_RelayTag;
std::set<uint32_t> m_PeerTestNonces;
CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption; // TODO: remove
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption; // TODO: remove
i2p::crypto::CBCEncryption m_SessionKeyEncryption;
i2p::crypto::CBCDecryption m_SessionKeyDecryption;
uint8_t m_SessionKey[32], m_MacKey[32];

Loading…
Cancel
Save