mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-02-02 02:54:01 +01:00
handle and send SessionRequest message
This commit is contained in:
orignal
parent
58386bb88e
commit
21693fc1e5
131
SSU.cpp
131
SSU.cpp
|
|
@ -1,6 +1,10 @@
|
|||
#include <string.h>
|
||||
#include <boost/bind.hpp>
|
||||
#include <cryptopp/dh.h>
|
||||
#include <cryptopp/secblock.h>
|
||||
#include "CryptoConst.h"
|
||||
#include "Log.h"
|
||||
#include "Timestamp.h"
|
||||
#include "RouterContext.h"
|
||||
#include "hmac.h"
|
||||
#include "SSU.h"
|
||||
|
|
@ -12,24 +16,110 @@ namespace ssu
|
|||
|
||||
SSUSession::SSUSession (SSUServer * server, const boost::asio::ip::udp::endpoint& remoteEndpoint,
|
||||
i2p::data::RouterInfo * router): m_Server (server), m_RemoteEndpoint (remoteEndpoint),
|
||||
m_State (eSessionStateUnknown)
|
||||
m_RemoteRouter (router), m_State (eSessionStateUnknown)
|
||||
{
|
||||
}
|
||||
|
||||
void SSUSession::ProcessNextMessage (uint8_t * buf, size_t len)
|
||||
void SSUSession::CreateAESKey (uint8_t * pubKey, uint8_t * aesKey) // TODO: move it to base class for NTCP and SSU
|
||||
{
|
||||
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
|
||||
CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength());
|
||||
if (!dh.Agree (secretKey, i2p::context.GetPrivateKey (), pubKey))
|
||||
{
|
||||
LogPrint ("Couldn't create shared key");
|
||||
return;
|
||||
};
|
||||
|
||||
if (secretKey[0] & 0x80)
|
||||
{
|
||||
aesKey[0] = 0;
|
||||
memcpy (aesKey + 1, secretKey, 31);
|
||||
}
|
||||
else
|
||||
memcpy (aesKey, secretKey, 32);
|
||||
}
|
||||
|
||||
void SSUSession::ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
|
||||
{
|
||||
switch (m_State)
|
||||
{
|
||||
case eSessionStateUnknown:
|
||||
// we assume session request
|
||||
ProcessSessionRequest (buf, len);
|
||||
// session request
|
||||
ProcessSessionRequest (buf, len, senderEndpoint);
|
||||
break;
|
||||
case eSessionStateRequestSent:
|
||||
// session created
|
||||
ProcessSessionCreated (buf, len);
|
||||
break;
|
||||
default:
|
||||
LogPrint ("SSU state not implemented yet");
|
||||
}
|
||||
}
|
||||
|
||||
void SSUSession::ProcessSessionRequest (uint8_t * buf, size_t len)
|
||||
void SSUSession::ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
|
||||
{
|
||||
LogPrint ("Process session request");
|
||||
if (ProcessIntroKeyEncryptedMessage (PAYLOAD_TYPE_SESSION_REQUEST, buf, len))
|
||||
{
|
||||
m_State = eSessionStateRequestReceived;
|
||||
LogPrint ("Session request received");
|
||||
SendSessionCreated (senderEndpoint);
|
||||
}
|
||||
}
|
||||
|
||||
void SSUSession::ProcessSessionCreated (uint8_t * buf, size_t len)
|
||||
{
|
||||
LogPrint ("Process session created");
|
||||
if (ProcessIntroKeyEncryptedMessage (PAYLOAD_TYPE_SESSION_CREATED, buf, len))
|
||||
{
|
||||
m_State = eSessionStateCreatedReceived;
|
||||
LogPrint ("Session request received");
|
||||
// TODO:
|
||||
}
|
||||
}
|
||||
|
||||
void SSUSession::SendSessionRequest ()
|
||||
{
|
||||
auto address = m_RemoteRouter ? m_RemoteRouter->GetSSUAddress () : nullptr;
|
||||
if (!address)
|
||||
{
|
||||
LogPrint ("Missing remote SSU address");
|
||||
return;
|
||||
}
|
||||
|
||||
uint8_t buf[304 + 18]; // 304 bytes for ipv4 (320 for ipv6)
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
memcpy (payload, i2p::context.GetRouterIdentity ().publicKey, 256);
|
||||
payload[256] = 4; // we assume ipv4
|
||||
*(uint32_t *)(payload + 257) = address->host.to_v4 ().to_ulong (); // network bytes order already
|
||||
|
||||
uint8_t iv[16];
|
||||
CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
|
||||
rnd.GenerateBlock (iv, 16); // random iv
|
||||
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_REQUEST, buf, 304, address->key, iv, address->key);
|
||||
|
||||
m_State = eSessionStateRequestSent;
|
||||
m_Server->Send (buf, 304, m_RemoteEndpoint);
|
||||
}
|
||||
|
||||
void SSUSession::SendSessionCreated (const boost::asio::ip::udp::endpoint& senderEndpoint)
|
||||
{
|
||||
auto address = m_RemoteRouter ? m_RemoteRouter->GetSSUAddress () : nullptr;
|
||||
if (!address)
|
||||
{
|
||||
LogPrint ("Missing remote SSU address");
|
||||
return;
|
||||
}
|
||||
|
||||
uint8_t buf[368 + 18];
|
||||
uint8_t * payload = buf + sizeof (SSUHeader);
|
||||
memcpy (payload, i2p::context.GetRouterIdentity ().publicKey, 256);
|
||||
|
||||
m_State = eSessionStateRequestSent;
|
||||
m_Server->Send (buf, 368, m_RemoteEndpoint);
|
||||
}
|
||||
|
||||
bool SSUSession::ProcessIntroKeyEncryptedMessage (uint8_t expectedPayloadType, uint8_t * buf, size_t len)
|
||||
{
|
||||
auto address = i2p::context.GetRouterInfo ().GetSSUAddress ();
|
||||
if (address)
|
||||
|
|
@ -37,19 +127,25 @@ namespace ssu
|
|||
// use intro key for verification and decryption
|
||||
if (Validate (buf, len, address->key))
|
||||
{
|
||||
m_State = eSessionStateRequestReceived;
|
||||
LogPrint ("Session request received");
|
||||
Decrypt (buf, len, address->key);
|
||||
// TODO:
|
||||
SSUHeader * header = (SSUHeader *)buf;
|
||||
if ((header->flag >> 4) == expectedPayloadType)
|
||||
{
|
||||
CreateAESKey (buf + sizeof (SSUHeader), m_SessionKey);
|
||||
return true;
|
||||
}
|
||||
else
|
||||
LogPrint ("Unexpected payload type ", (int)(header->flag >> 4));
|
||||
}
|
||||
else
|
||||
LogPrint ("MAC verifcation failed");
|
||||
}
|
||||
else
|
||||
LogPrint ("SSU is not supported");
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
void SSUSession::Encrypt (uint8_t * buf, size_t len, uint8_t * aesKey, uint8_t * iv, uint8_t * macKey)
|
||||
void SSUSession::FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, uint8_t * aesKey, uint8_t * iv, uint8_t * macKey)
|
||||
{
|
||||
if (len < sizeof (SSUHeader))
|
||||
{
|
||||
|
|
@ -58,6 +154,8 @@ namespace ssu
|
|||
}
|
||||
SSUHeader * header = (SSUHeader *)buf;
|
||||
memcpy (header->iv, iv, 16);
|
||||
header->flag = payloadType << 4; // MSB is 0
|
||||
header->time = htobe32 (i2p::util::GetSecondsSinceEpoch ());
|
||||
uint8_t * encrypted = &header->flag;
|
||||
uint16_t encryptedLen = len - (encrypted - buf);
|
||||
m_Encryption.SetKeyWithIV (aesKey, 32, iv);
|
||||
|
|
@ -100,6 +198,16 @@ namespace ssu
|
|||
return !memcmp (header->mac, digest, 16);
|
||||
}
|
||||
|
||||
void SSUSession::Connect ()
|
||||
{
|
||||
SendSessionRequest ();
|
||||
}
|
||||
|
||||
void SSUSession::SendI2NPMessage (I2NPMessage * msg)
|
||||
{
|
||||
// TODO:
|
||||
}
|
||||
|
||||
SSUServer::SSUServer (boost::asio::io_service& service, int port):
|
||||
m_Socket (service, boost::asio::ip::udp::v4 (), port)
|
||||
{
|
||||
|
|
@ -147,7 +255,7 @@ namespace ssu
|
|||
m_Sessions[m_SenderEndpoint] = session;
|
||||
LogPrint ("New SSU session from ", m_SenderEndpoint.address ().to_string (), ":", m_SenderEndpoint.port (), " created");
|
||||
}
|
||||
session->ProcessNextMessage (m_ReceiveBuffer, bytes_transferred);
|
||||
session->ProcessNextMessage (m_ReceiveBuffer, bytes_transferred, m_SenderEndpoint);
|
||||
Receive ();
|
||||
}
|
||||
else
|
||||
|
|
@ -173,6 +281,7 @@ namespace ssu
|
|||
m_Sessions[remoteEndpoint] = session;
|
||||
LogPrint ("New SSU session to [", router->GetIdentHashAbbreviation (), "] ",
|
||||
remoteEndpoint.address ().to_string (), ":", remoteEndpoint.port (), " created");
|
||||
session->Connect ();
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
|
|||
22
SSU.h
22
SSU.h
|
|
@ -8,6 +8,7 @@
|
|||
#include <cryptopp/aes.h>
|
||||
#include "I2PEndian.h"
|
||||
#include "RouterInfo.h"
|
||||
#include "I2NPProtocol.h"
|
||||
|
||||
namespace i2p
|
||||
{
|
||||
|
|
@ -25,7 +26,7 @@ namespace ssu
|
|||
|
||||
const int SSU_MTU = 1484;
|
||||
|
||||
// payload types (4 bits)
|
||||
// payload types (3 bits)
|
||||
const uint8_t PAYLOAD_TYPE_SESSION_REQUEST = 0;
|
||||
const uint8_t PAYLOAD_TYPE_SESSION_CREATED = 1;
|
||||
const uint8_t PAYLOAD_TYPE_SESSION_CONFIRMED = 2;
|
||||
|
|
@ -54,13 +55,22 @@ namespace ssu
|
|||
|
||||
SSUSession (SSUServer * server, const boost::asio::ip::udp::endpoint& remoteEndpoint,
|
||||
i2p::data::RouterInfo * router = nullptr);
|
||||
void ProcessNextMessage (uint8_t * buf, size_t len);
|
||||
void ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
|
||||
|
||||
void Connect ();
|
||||
void SendI2NPMessage (I2NPMessage * msg);
|
||||
|
||||
private:
|
||||
|
||||
void ProcessSessionRequest (uint8_t * buf, size_t len);
|
||||
void CreateAESKey (uint8_t * pubKey, uint8_t * aesKey); // TODO: shouldn't be here
|
||||
|
||||
void Encrypt (uint8_t * buf, size_t len, uint8_t * aesKey, uint8_t * iv, uint8_t * macKey);
|
||||
void ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
|
||||
void SendSessionRequest ();
|
||||
void ProcessSessionCreated (uint8_t * buf, size_t len);
|
||||
void SendSessionCreated (const boost::asio::ip::udp::endpoint& senderEndpoint);
|
||||
|
||||
bool ProcessIntroKeyEncryptedMessage (uint8_t expectedPayloadType, uint8_t * buf, size_t len);
|
||||
void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, uint8_t * aesKey, uint8_t * iv, uint8_t * macKey);
|
||||
void Decrypt (uint8_t * buf, size_t len, uint8_t * aesKey);
|
||||
bool Validate (uint8_t * buf, size_t len, uint8_t * macKey);
|
||||
|
||||
|
|
@ -68,9 +78,11 @@ namespace ssu
|
|||
|
||||
SSUServer * m_Server;
|
||||
boost::asio::ip::udp::endpoint m_RemoteEndpoint;
|
||||
i2p::data::RouterInfo * m_RemoteRouter;
|
||||
SessionState m_State;
|
||||
CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption;
|
||||
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption;
|
||||
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption;
|
||||
uint8_t m_SessionKey[32];
|
||||
};
|
||||
|
||||
class SSUServer
|
||||
|
|
|
|||
Loading…
Reference in a new issue