2020-05-22 15:18:41 +02:00
/*
2024-10-29 02:10:30 +01:00
* Copyright ( c ) 2013 - 2024 , The PurpleI2P Project
2020-05-22 15:18:41 +02:00
*
* This file is part of Purple i2pd project and licensed under BSD3
*
* See full license text in LICENSE file at top of project tree
*/
2013-11-11 00:19:49 +01:00
# include <string.h>
2014-01-09 20:56:07 +01:00
# include "I2PEndian.h"
2024-11-08 01:00:11 +01:00
# include "Crypto.h"
2013-11-11 00:19:49 +01:00
# include "Log.h"
# include "RouterContext.h"
# include "I2NPProtocol.h"
2024-11-08 01:00:11 +01:00
# include "Garlic.h"
# include "ECIESX25519AEADRatchetSession.h"
2013-11-11 00:19:49 +01:00
# include "Tunnel.h"
# include "Transports.h"
# include "TransitTunnel.h"
namespace i2p
{
namespace tunnel
2018-01-06 04:48:51 +01:00
{
TransitTunnel : : TransitTunnel ( uint32_t receiveTunnelID ,
2022-12-25 15:36:16 +01:00
const i2p : : data : : IdentHash & nextIdent , uint32_t nextTunnelID ,
const i2p : : crypto : : AESKey & layerKey , const i2p : : crypto : : AESKey & ivKey ) :
TunnelBase ( receiveTunnelID , nextTunnelID , nextIdent ) ,
m_LayerKey ( layerKey ) , m_IVKey ( ivKey )
2018-01-06 04:48:51 +01:00
{
}
2013-11-11 00:19:49 +01:00
2015-06-25 04:19:56 +02:00
void TransitTunnel : : EncryptTunnelMsg ( std : : shared_ptr < const I2NPMessage > in , std : : shared_ptr < I2NPMessage > out )
2018-01-06 04:48:51 +01:00
{
2022-12-25 15:36:16 +01:00
if ( ! m_Encryption )
{
m_Encryption . reset ( new i2p : : crypto : : TunnelEncryption ) ;
m_Encryption - > SetKeys ( m_LayerKey , m_IVKey ) ;
2023-01-03 19:25:19 +01:00
}
2022-12-25 15:36:16 +01:00
m_Encryption - > Encrypt ( in - > GetPayload ( ) + 4 , out - > GetPayload ( ) + 4 ) ;
2017-05-02 20:20:00 +02:00
i2p : : transport : : transports . UpdateTotalTransitTransmittedBytes ( TUNNEL_DATA_MSG_SIZE ) ;
2018-01-06 04:48:51 +01:00
}
2015-01-22 03:50:46 +01:00
TransitTunnelParticipant : : ~ TransitTunnelParticipant ( )
{
2018-01-06 04:48:51 +01:00
}
2021-10-15 20:01:41 +02:00
void TransitTunnelParticipant : : HandleTunnelDataMsg ( std : : shared_ptr < i2p : : I2NPMessage > & & tunnelMsg )
2013-11-11 00:19:49 +01:00
{
2021-10-15 20:01:41 +02:00
EncryptTunnelMsg ( tunnelMsg , tunnelMsg ) ;
2018-01-06 04:48:51 +01:00
2014-08-02 16:06:38 +02:00
m_NumTransmittedBytes + = tunnelMsg - > GetLength ( ) ;
2021-10-15 20:01:41 +02:00
htobe32buf ( tunnelMsg - > GetPayload ( ) , GetNextTunnelID ( ) ) ;
tunnelMsg - > FillI2NPMessageHeader ( eI2NPTunnelData ) ;
m_TunnelDataMsgs . push_back ( tunnelMsg ) ;
2013-11-11 00:19:49 +01:00
}
2015-01-22 03:50:46 +01:00
void TransitTunnelParticipant : : FlushTunnelDataMsgs ( )
{
if ( ! m_TunnelDataMsgs . empty ( ) )
2018-01-06 04:48:51 +01:00
{
2015-04-11 01:58:32 +02:00
auto num = m_TunnelDataMsgs . size ( ) ;
if ( num > 1 )
2015-12-21 03:20:36 +01:00
LogPrint ( eLogDebug , " TransitTunnel: " , GetTunnelID ( ) , " -> " , GetNextTunnelID ( ) , " " , num ) ;
2024-10-29 02:10:30 +01:00
i2p : : transport : : transports . SendMessages ( GetNextIdentHash ( ) , m_TunnelDataMsgs ) ; // send and clear
2018-01-06 04:48:51 +01:00
}
}
2015-06-19 20:38:31 +02:00
void TransitTunnel : : SendTunnelDataMsg ( std : : shared_ptr < i2p : : I2NPMessage > msg )
2018-01-06 04:48:51 +01:00
{
2015-12-21 03:20:36 +01:00
LogPrint ( eLogError , " TransitTunnel: We are not a gateway for " , GetTunnelID ( ) ) ;
2018-01-06 04:48:51 +01:00
}
2013-11-29 13:52:09 +01:00
2021-10-15 20:01:41 +02:00
void TransitTunnel : : HandleTunnelDataMsg ( std : : shared_ptr < i2p : : I2NPMessage > & & tunnelMsg )
2015-01-22 03:50:46 +01:00
{
2015-12-21 03:20:36 +01:00
LogPrint ( eLogError , " TransitTunnel: Incoming tunnel message is not supported " , GetTunnelID ( ) ) ;
2018-01-06 04:48:51 +01:00
}
2015-06-19 20:38:31 +02:00
void TransitTunnelGateway : : SendTunnelDataMsg ( std : : shared_ptr < i2p : : I2NPMessage > msg )
2013-11-29 13:52:09 +01:00
{
2014-02-20 04:08:57 +01:00
TunnelMessageBlock block ;
block . deliveryType = eDeliveryTypeLocal ;
block . data = msg ;
2014-06-26 21:41:12 +02:00
std : : unique_lock < std : : mutex > l ( m_SendMutex ) ;
2015-01-24 04:05:33 +01:00
m_Gateway . PutTunnelDataMsg ( block ) ;
2018-01-06 04:48:51 +01:00
}
2013-11-29 13:52:09 +01:00
2015-01-24 04:05:33 +01:00
void TransitTunnelGateway : : FlushTunnelDataMsgs ( )
{
2015-02-12 00:47:20 +01:00
std : : unique_lock < std : : mutex > l ( m_SendMutex ) ;
2015-01-24 04:05:33 +01:00
m_Gateway . SendBuffer ( ) ;
2018-01-06 04:48:51 +01:00
}
2021-10-15 20:01:41 +02:00
void TransitTunnelEndpoint : : HandleTunnelDataMsg ( std : : shared_ptr < i2p : : I2NPMessage > & & tunnelMsg )
2013-11-29 13:52:09 +01:00
{
2021-06-27 21:49:57 +02:00
auto newMsg = CreateEmptyTunnelDataMsg ( true ) ;
2015-06-26 03:49:16 +02:00
EncryptTunnelMsg ( tunnelMsg , newMsg ) ;
2018-01-06 04:48:51 +01:00
2015-12-21 03:20:36 +01:00
LogPrint ( eLogDebug , " TransitTunnel: handle msg for endpoint " , GetTunnelID ( ) ) ;
2018-01-06 04:48:51 +01:00
m_Endpoint . HandleDecryptedTunnelDataMsg ( newMsg ) ;
2013-11-29 13:52:09 +01:00
}
2018-01-06 04:48:51 +01:00
2016-03-01 21:22:36 +01:00
std : : shared_ptr < TransitTunnel > CreateTransitTunnel ( uint32_t receiveTunnelID ,
2022-12-25 15:36:16 +01:00
const i2p : : data : : IdentHash & nextIdent , uint32_t nextTunnelID ,
const i2p : : crypto : : AESKey & layerKey , const i2p : : crypto : : AESKey & ivKey ,
2013-11-29 13:52:09 +01:00
bool isGateway , bool isEndpoint )
2013-11-11 00:19:49 +01:00
{
2013-11-29 13:52:09 +01:00
if ( isEndpoint )
2018-01-06 04:48:51 +01:00
{
2016-06-27 15:00:00 +02:00
LogPrint ( eLogDebug , " TransitTunnel: endpoint " , receiveTunnelID , " created " ) ;
2016-03-01 21:22:36 +01:00
return std : : make_shared < TransitTunnelEndpoint > ( receiveTunnelID , nextIdent , nextTunnelID , layerKey , ivKey ) ;
2018-01-06 04:48:51 +01:00
}
2013-11-29 13:52:09 +01:00
else if ( isGateway )
2018-01-06 04:48:51 +01:00
{
2015-12-21 03:20:36 +01:00
LogPrint ( eLogInfo , " TransitTunnel: gateway " , receiveTunnelID , " created " ) ;
2016-03-01 21:22:36 +01:00
return std : : make_shared < TransitTunnelGateway > ( receiveTunnelID , nextIdent , nextTunnelID , layerKey , ivKey ) ;
2018-01-06 04:48:51 +01:00
}
else
{
2016-06-27 15:00:00 +02:00
LogPrint ( eLogDebug , " TransitTunnel: " , receiveTunnelID , " -> " , nextTunnelID , " created " ) ;
2016-03-01 21:22:36 +01:00
return std : : make_shared < TransitTunnelParticipant > ( receiveTunnelID , nextIdent , nextTunnelID , layerKey , ivKey ) ;
2018-01-06 04:48:51 +01:00
}
}
2024-11-08 01:00:11 +01:00
2024-11-20 01:11:09 +01:00
TransitTunnels : : TransitTunnels ( ) :
m_IsRunning ( false )
{
}
TransitTunnels : : ~ TransitTunnels ( )
{
Stop ( ) ;
}
2024-11-17 02:56:35 +01:00
void TransitTunnels : : Start ( )
{
2024-11-20 01:11:09 +01:00
m_IsRunning = true ;
m_Thread . reset ( new std : : thread ( std : : bind ( & TransitTunnels : : Run , this ) ) ) ;
2024-11-17 02:56:35 +01:00
}
void TransitTunnels : : Stop ( )
{
2024-11-20 01:11:09 +01:00
m_IsRunning = false ;
m_TunnelBuildMsgQueue . WakeUp ( ) ;
if ( m_Thread )
{
m_Thread - > join ( ) ;
m_Thread = nullptr ;
}
2024-11-17 02:56:35 +01:00
m_TransitTunnels . clear ( ) ;
}
2024-11-20 01:11:09 +01:00
void TransitTunnels : : Run ( )
{
i2p : : util : : SetThreadName ( " TBM " ) ;
uint64_t lastTs = 0 ;
std : : list < std : : shared_ptr < I2NPMessage > > msgs ;
while ( m_IsRunning )
{
try
{
if ( m_TunnelBuildMsgQueue . Wait ( TRANSIT_TUNNELS_QUEUE_WAIT_INTERVAL , 0 ) )
{
m_TunnelBuildMsgQueue . GetWholeQueue ( msgs ) ;
while ( ! msgs . empty ( ) )
{
auto msg = msgs . front ( ) ; msgs . pop_front ( ) ;
if ( ! msg ) continue ;
uint8_t typeID = msg - > GetTypeID ( ) ;
switch ( typeID )
{
case eI2NPShortTunnelBuild :
HandleShortTransitTunnelBuildMsg ( std : : move ( msg ) ) ;
break ;
case eI2NPVariableTunnelBuild :
HandleVariableTransitTunnelBuildMsg ( std : : move ( msg ) ) ;
break ;
default :
LogPrint ( eLogWarning , " TransitTunnel: Unexpected message type " , ( int ) typeID ) ;
}
if ( ! m_IsRunning ) break ;
}
}
if ( m_IsRunning )
{
uint64_t ts = i2p : : util : : GetSecondsSinceEpoch ( ) ;
if ( ts > = lastTs + TUNNEL_MANAGE_INTERVAL | | ts + TUNNEL_MANAGE_INTERVAL < lastTs )
{
ManageTransitTunnels ( ts ) ;
lastTs = ts ;
}
}
}
catch ( std : : exception & ex )
{
LogPrint ( eLogError , " TransitTunnel: Runtime exception: " , ex . what ( ) ) ;
}
}
}
void TransitTunnels : : PostTransitTunnelBuildMsg ( std : : shared_ptr < I2NPMessage > & & msg )
{
if ( msg ) m_TunnelBuildMsgQueue . Put ( msg ) ;
}
2024-11-17 02:56:35 +01:00
void TransitTunnels : : HandleShortTransitTunnelBuildMsg ( std : : shared_ptr < I2NPMessage > & & msg )
2024-11-08 01:00:11 +01:00
{
2024-11-09 23:25:43 +01:00
if ( ! msg ) return ;
uint8_t * buf = msg - > GetPayload ( ) ;
size_t len = msg - > GetPayloadLength ( ) ;
2024-11-08 01:00:11 +01:00
int num = buf [ 0 ] ;
LogPrint ( eLogDebug , " TransitTunnel: ShortTunnelBuild " , num , " records " ) ;
if ( num > i2p : : tunnel : : MAX_NUM_RECORDS )
{
LogPrint ( eLogError , " TransitTunnel: Too many records in ShortTunnelBuild message " , num ) ;
return ;
}
if ( len < num * SHORT_TUNNEL_BUILD_RECORD_SIZE + 1 )
{
LogPrint ( eLogError , " TransitTunnel: ShortTunnelBuild message of " , num , " records is too short " , len ) ;
return ;
}
const uint8_t * record = buf + 1 ;
for ( int i = 0 ; i < num ; i + + )
{
if ( ! memcmp ( record , ( const uint8_t * ) i2p : : context . GetRouterInfo ( ) . GetIdentHash ( ) , 16 ) )
{
LogPrint ( eLogDebug , " TransitTunnel: Short request record " , i , " is ours " ) ;
uint8_t clearText [ SHORT_REQUEST_RECORD_CLEAR_TEXT_SIZE ] ;
if ( ! i2p : : context . DecryptTunnelShortRequestRecord ( record + SHORT_REQUEST_RECORD_ENCRYPTED_OFFSET , clearText ) )
{
LogPrint ( eLogWarning , " TransitTunnel: Can't decrypt short request record " , i ) ;
return ;
}
if ( clearText [ SHORT_REQUEST_RECORD_LAYER_ENCRYPTION_TYPE ] ) // not AES
{
LogPrint ( eLogWarning , " TransitTunnel: Unknown layer encryption type " , clearText [ SHORT_REQUEST_RECORD_LAYER_ENCRYPTION_TYPE ] , " in short request record " ) ;
return ;
}
auto & noiseState = i2p : : context . GetCurrentNoiseState ( ) ;
uint8_t replyKey [ 32 ] ; // AEAD/Chacha20/Poly1305
i2p : : crypto : : AESKey layerKey , ivKey ; // AES
i2p : : crypto : : HKDF ( noiseState . m_CK , nullptr , 0 , " SMTunnelReplyKey " , noiseState . m_CK ) ;
memcpy ( replyKey , noiseState . m_CK + 32 , 32 ) ;
i2p : : crypto : : HKDF ( noiseState . m_CK , nullptr , 0 , " SMTunnelLayerKey " , noiseState . m_CK ) ;
memcpy ( layerKey , noiseState . m_CK + 32 , 32 ) ;
bool isEndpoint = clearText [ SHORT_REQUEST_RECORD_FLAG_OFFSET ] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG ;
if ( isEndpoint )
{
i2p : : crypto : : HKDF ( noiseState . m_CK , nullptr , 0 , " TunnelLayerIVKey " , noiseState . m_CK ) ;
memcpy ( ivKey , noiseState . m_CK + 32 , 32 ) ;
}
else
{
if ( ! memcmp ( ( const uint8_t * ) i2p : : context . GetIdentHash ( ) , clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET , 32 ) ) // if next ident is now ours
{
LogPrint ( eLogWarning , " TransitTunnel: Next ident is ours in short request record " ) ;
return ;
}
memcpy ( ivKey , noiseState . m_CK , 32 ) ;
}
// check if we accept this tunnel
std : : shared_ptr < i2p : : tunnel : : TransitTunnel > transitTunnel ;
uint8_t retCode = 0 ;
if ( ! i2p : : context . AcceptsTunnels ( ) | | i2p : : context . GetCongestionLevel ( false ) > = CONGESTION_LEVEL_FULL )
retCode = 30 ;
if ( ! retCode )
{
// create new transit tunnel
transitTunnel = i2p : : tunnel : : CreateTransitTunnel (
bufbe32toh ( clearText + SHORT_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET ) ,
clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET ,
bufbe32toh ( clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET ) ,
layerKey , ivKey ,
clearText [ SHORT_REQUEST_RECORD_FLAG_OFFSET ] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG ,
clearText [ SHORT_REQUEST_RECORD_FLAG_OFFSET ] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG ) ;
2024-11-17 02:56:35 +01:00
if ( ! AddTransitTunnel ( transitTunnel ) )
2024-11-08 01:00:11 +01:00
retCode = 30 ;
}
// encrypt reply
uint8_t nonce [ 12 ] ;
memset ( nonce , 0 , 12 ) ;
uint8_t * reply = buf + 1 ;
for ( int j = 0 ; j < num ; j + + )
{
nonce [ 4 ] = j ; // nonce is record #
if ( j = = i )
{
memset ( reply + SHORT_RESPONSE_RECORD_OPTIONS_OFFSET , 0 , 2 ) ; // no options
reply [ SHORT_RESPONSE_RECORD_RET_OFFSET ] = retCode ;
if ( ! i2p : : crypto : : AEADChaCha20Poly1305 ( reply , SHORT_TUNNEL_BUILD_RECORD_SIZE - 16 ,
noiseState . m_H , 32 , replyKey , nonce , reply , SHORT_TUNNEL_BUILD_RECORD_SIZE , true ) ) // encrypt
{
LogPrint ( eLogWarning , " TransitTunnel: Short reply AEAD encryption failed " ) ;
return ;
}
}
else
i2p : : crypto : : ChaCha20 ( reply , SHORT_TUNNEL_BUILD_RECORD_SIZE , replyKey , nonce , reply ) ;
reply + = SHORT_TUNNEL_BUILD_RECORD_SIZE ;
}
// send reply
auto onDrop = [ transitTunnel ] ( )
{
if ( transitTunnel )
{
2024-11-20 01:11:09 +01:00
LogPrint ( eLogDebug , " TransitTunnel: Failed to send reply for transit tunnel " , transitTunnel - > GetTunnelID ( ) ) ;
2024-11-08 01:00:11 +01:00
auto t = transitTunnel - > GetCreationTime ( ) ;
if ( t > i2p : : tunnel : : TUNNEL_EXPIRATION_TIMEOUT )
// make transit tunnel expired
transitTunnel - > SetCreationTime ( t - i2p : : tunnel : : TUNNEL_EXPIRATION_TIMEOUT ) ;
}
} ;
if ( isEndpoint )
{
auto replyMsg = NewI2NPShortMessage ( ) ;
replyMsg - > Concat ( buf , len ) ;
replyMsg - > FillI2NPMessageHeader ( eI2NPShortTunnelBuildReply , bufbe32toh ( clearText + SHORT_REQUEST_RECORD_SEND_MSG_ID_OFFSET ) ) ;
if ( transitTunnel ) replyMsg - > onDrop = onDrop ;
if ( memcmp ( ( const uint8_t * ) i2p : : context . GetIdentHash ( ) ,
clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET , 32 ) ) // reply IBGW is not local?
{
i2p : : crypto : : HKDF ( noiseState . m_CK , nullptr , 0 , " RGarlicKeyAndTag " , noiseState . m_CK ) ;
uint64_t tag ;
memcpy ( & tag , noiseState . m_CK , 8 ) ;
// we send it to reply tunnel
i2p : : transport : : transports . SendMessage ( clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET ,
CreateTunnelGatewayMsg ( bufbe32toh ( clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET ) ,
i2p : : garlic : : WrapECIESX25519Message ( replyMsg , noiseState . m_CK + 32 , tag ) ) ) ;
}
else
{
// IBGW is local
uint32_t tunnelID = bufbe32toh ( clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET ) ;
auto tunnel = i2p : : tunnel : : tunnels . GetTunnel ( tunnelID ) ;
if ( tunnel )
{
tunnel - > SendTunnelDataMsg ( replyMsg ) ;
tunnel - > FlushTunnelDataMsgs ( ) ;
}
else
LogPrint ( eLogWarning , " I2NP: Tunnel " , tunnelID , " not found for short tunnel build reply " ) ;
}
}
else
{
auto msg = CreateI2NPMessage ( eI2NPShortTunnelBuild , buf , len ,
bufbe32toh ( clearText + SHORT_REQUEST_RECORD_SEND_MSG_ID_OFFSET ) ) ;
if ( transitTunnel ) msg - > onDrop = onDrop ;
i2p : : transport : : transports . SendMessage ( clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET , msg ) ;
}
return ;
}
record + = SHORT_TUNNEL_BUILD_RECORD_SIZE ;
}
}
2024-11-17 02:56:35 +01:00
bool TransitTunnels : : HandleBuildRequestRecords ( int num , uint8_t * records , uint8_t * clearText )
2024-11-08 01:00:11 +01:00
{
for ( int i = 0 ; i < num ; i + + )
{
uint8_t * record = records + i * TUNNEL_BUILD_RECORD_SIZE ;
if ( ! memcmp ( record + BUILD_REQUEST_RECORD_TO_PEER_OFFSET , ( const uint8_t * ) i2p : : context . GetRouterInfo ( ) . GetIdentHash ( ) , 16 ) )
{
LogPrint ( eLogDebug , " TransitTunnel: Build request record " , i , " is ours " ) ;
if ( ! i2p : : context . DecryptTunnelBuildRecord ( record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET , clearText ) )
{
LogPrint ( eLogWarning , " TransitTunnel: Failed to decrypt tunnel build record " ) ;
return false ;
}
if ( ! memcmp ( ( const uint8_t * ) i2p : : context . GetIdentHash ( ) , clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET , 32 ) & & // if next ident is now ours
! ( clearText [ ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET ] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG ) ) // and not endpoint
{
LogPrint ( eLogWarning , " TransitTunnel: Next ident is ours in tunnel build record " ) ;
return false ;
}
uint8_t retCode = 0 ;
// decide if we should accept tunnel
bool accept = i2p : : context . AcceptsTunnels ( ) ;
if ( accept )
{
auto congestionLevel = i2p : : context . GetCongestionLevel ( false ) ;
if ( congestionLevel > = CONGESTION_LEVEL_MEDIUM )
{
if ( congestionLevel < CONGESTION_LEVEL_FULL )
{
// random reject depending on congestion level
int level = i2p : : tunnel : : tunnels . GetRng ( ) ( ) % ( CONGESTION_LEVEL_FULL - CONGESTION_LEVEL_MEDIUM ) + CONGESTION_LEVEL_MEDIUM ;
if ( congestionLevel > level )
accept = false ;
}
else
accept = false ;
}
}
// replace record to reply
if ( accept )
{
auto transitTunnel = i2p : : tunnel : : CreateTransitTunnel (
bufbe32toh ( clearText + ECIES_BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET ) ,
clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET ,
bufbe32toh ( clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET ) ,
clearText + ECIES_BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET ,
clearText + ECIES_BUILD_REQUEST_RECORD_IV_KEY_OFFSET ,
clearText [ ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET ] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG ,
clearText [ ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET ] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG ) ;
2024-11-17 02:56:35 +01:00
if ( ! AddTransitTunnel ( transitTunnel ) )
2024-11-08 01:00:11 +01:00
retCode = 30 ;
}
else
retCode = 30 ; // always reject with bandwidth reason (30)
memset ( record + ECIES_BUILD_RESPONSE_RECORD_OPTIONS_OFFSET , 0 , 2 ) ; // no options
record [ ECIES_BUILD_RESPONSE_RECORD_RET_OFFSET ] = retCode ;
// encrypt reply
i2p : : crypto : : CBCEncryption encryption ;
for ( int j = 0 ; j < num ; j + + )
{
uint8_t * reply = records + j * TUNNEL_BUILD_RECORD_SIZE ;
if ( j = = i )
{
uint8_t nonce [ 12 ] ;
memset ( nonce , 0 , 12 ) ;
auto & noiseState = i2p : : context . GetCurrentNoiseState ( ) ;
if ( ! i2p : : crypto : : AEADChaCha20Poly1305 ( reply , TUNNEL_BUILD_RECORD_SIZE - 16 ,
noiseState . m_H , 32 , noiseState . m_CK , nonce , reply , TUNNEL_BUILD_RECORD_SIZE , true ) ) // encrypt
{
LogPrint ( eLogWarning , " TransitTunnel: Reply AEAD encryption failed " ) ;
return false ;
}
}
else
{
encryption . SetKey ( clearText + ECIES_BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET ) ;
2024-12-08 17:08:17 +01:00
encryption . Encrypt ( reply , TUNNEL_BUILD_RECORD_SIZE , clearText + ECIES_BUILD_REQUEST_RECORD_REPLY_IV_OFFSET , reply ) ;
2024-11-08 01:00:11 +01:00
}
}
return true ;
}
}
return false ;
}
2024-11-17 02:56:35 +01:00
void TransitTunnels : : HandleVariableTransitTunnelBuildMsg ( std : : shared_ptr < I2NPMessage > & & msg )
2024-11-08 01:00:11 +01:00
{
2024-11-09 23:25:43 +01:00
if ( ! msg ) return ;
uint8_t * buf = msg - > GetPayload ( ) ;
size_t len = msg - > GetPayloadLength ( ) ;
2024-11-08 01:00:11 +01:00
int num = buf [ 0 ] ;
LogPrint ( eLogDebug , " TransitTunnel: VariableTunnelBuild " , num , " records " ) ;
if ( num > i2p : : tunnel : : MAX_NUM_RECORDS )
{
LogPrint ( eLogError , " TransitTunnle: Too many records in VaribleTunnelBuild message " , num ) ;
return ;
}
if ( len < num * TUNNEL_BUILD_RECORD_SIZE + 1 )
{
LogPrint ( eLogError , " TransitTunnel: VaribleTunnelBuild message of " , num , " records is too short " , len ) ;
return ;
}
uint8_t clearText [ ECIES_BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE ] ;
if ( HandleBuildRequestRecords ( num , buf + 1 , clearText ) )
{
if ( clearText [ ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET ] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG ) // we are endpoint of outboud tunnel
{
// so we send it to reply tunnel
i2p : : transport : : transports . SendMessage ( clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET ,
CreateTunnelGatewayMsg ( bufbe32toh ( clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET ) ,
eI2NPVariableTunnelBuildReply , buf , len ,
bufbe32toh ( clearText + ECIES_BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET ) ) ) ;
}
else
i2p : : transport : : transports . SendMessage ( clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET ,
CreateI2NPMessage ( eI2NPVariableTunnelBuild , buf , len ,
bufbe32toh ( clearText + ECIES_BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET ) ) ) ;
}
}
2024-11-17 02:56:35 +01:00
bool TransitTunnels : : AddTransitTunnel ( std : : shared_ptr < TransitTunnel > tunnel )
{
if ( tunnels . AddTunnel ( tunnel ) )
m_TransitTunnels . push_back ( tunnel ) ;
else
{
LogPrint ( eLogError , " TransitTunnel: Tunnel with id " , tunnel - > GetTunnelID ( ) , " already exists " ) ;
return false ;
}
return true ;
}
void TransitTunnels : : ManageTransitTunnels ( uint64_t ts )
{
for ( auto it = m_TransitTunnels . begin ( ) ; it ! = m_TransitTunnels . end ( ) ; )
{
auto tunnel = * it ;
if ( ts > tunnel - > GetCreationTime ( ) + TUNNEL_EXPIRATION_TIMEOUT | |
ts + TUNNEL_EXPIRATION_TIMEOUT < tunnel - > GetCreationTime ( ) )
{
LogPrint ( eLogDebug , " TransitTunnel: Transit tunnel with id " , tunnel - > GetTunnelID ( ) , " expired " ) ;
tunnels . RemoveTunnel ( tunnel - > GetTunnelID ( ) ) ;
it = m_TransitTunnels . erase ( it ) ;
}
else
{
tunnel - > Cleanup ( ) ;
it + + ;
}
}
}
int TransitTunnels : : GetTransitTunnelsExpirationTimeout ( )
{
int timeout = 0 ;
uint32_t ts = i2p : : util : : GetSecondsSinceEpoch ( ) ;
// TODO: possible race condition with I2PControl
for ( const auto & it : m_TransitTunnels )
{
int t = it - > GetCreationTime ( ) + TUNNEL_EXPIRATION_TIMEOUT - ts ;
if ( t > timeout ) timeout = t ;
}
return timeout ;
}
2013-11-11 00:19:49 +01:00
}
2014-06-26 21:41:12 +02:00
}