mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-01-22 21:37:17 +01:00
token expiration threshold
This commit is contained in:
parent
dd602a27b5
commit
5bb20cb039
|
@ -588,7 +588,11 @@ namespace transport
|
||||||
{
|
{
|
||||||
auto it = m_OutgoingTokens.find (ep);
|
auto it = m_OutgoingTokens.find (ep);
|
||||||
if (it != m_OutgoingTokens.end ())
|
if (it != m_OutgoingTokens.end ())
|
||||||
|
{
|
||||||
|
if (i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_THRESHOLD > it->second.second)
|
||||||
|
return 0; // token expired
|
||||||
return it->second.first;
|
return it->second.first;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -424,9 +424,10 @@ namespace transport
|
||||||
memset (headerX + 8, 0, 8); // token = 0
|
memset (headerX + 8, 0, 8); // token = 0
|
||||||
memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // Y
|
memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // Y
|
||||||
// payload
|
// payload
|
||||||
|
auto ts = i2p::util::GetSecondsSinceEpoch ();
|
||||||
payload[0] = eSSU2BlkDateTime;
|
payload[0] = eSSU2BlkDateTime;
|
||||||
htobe16buf (payload + 1, 4);
|
htobe16buf (payload + 1, 4);
|
||||||
htobe32buf (payload + 3, i2p::util::GetSecondsSinceEpoch ());
|
htobe32buf (payload + 3, ts);
|
||||||
size_t payloadSize = 7;
|
size_t payloadSize = 7;
|
||||||
payloadSize += CreateAddressBlock (payload + payloadSize, 80 - payloadSize, m_RemoteEndpoint);
|
payloadSize += CreateAddressBlock (payload + payloadSize, 80 - payloadSize, m_RemoteEndpoint);
|
||||||
if (m_RelayTag)
|
if (m_RelayTag)
|
||||||
|
@ -437,11 +438,14 @@ namespace transport
|
||||||
payloadSize += 7;
|
payloadSize += 7;
|
||||||
}
|
}
|
||||||
auto token = m_Server.NewIncomingToken (m_RemoteEndpoint);
|
auto token = m_Server.NewIncomingToken (m_RemoteEndpoint);
|
||||||
payload[payloadSize] = eSSU2BlkNewToken;
|
if (ts + SSU2_TOKEN_EXPIRATION_THRESHOLD > token.second) // not expired?
|
||||||
htobe16buf (payload + payloadSize + 1, 12);
|
{
|
||||||
htobe32buf (payload + payloadSize + 3, token.second); // expires
|
payload[payloadSize] = eSSU2BlkNewToken;
|
||||||
memcpy (payload + payloadSize + 7, &token.first, 8); // token
|
htobe16buf (payload + payloadSize + 1, 12);
|
||||||
payloadSize += 15;
|
htobe32buf (payload + payloadSize + 3, token.second - SSU2_TOKEN_EXPIRATION_THRESHOLD); // expires
|
||||||
|
memcpy (payload + payloadSize + 7, &token.first, 8); // token
|
||||||
|
payloadSize += 15;
|
||||||
|
}
|
||||||
payloadSize += CreatePaddingBlock (payload + payloadSize, 80 - payloadSize);
|
payloadSize += CreatePaddingBlock (payload + payloadSize, 80 - payloadSize);
|
||||||
// KDF for SessionCreated
|
// KDF for SessionCreated
|
||||||
m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)
|
m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)
|
||||||
|
|
|
@ -27,6 +27,7 @@ namespace transport
|
||||||
const int SSU2_TERMINATION_TIMEOUT = 330; // 5.5 minutes
|
const int SSU2_TERMINATION_TIMEOUT = 330; // 5.5 minutes
|
||||||
const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // for Retry message, in seconds
|
const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // for Retry message, in seconds
|
||||||
const int SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT = 52*60; // for next token block, in seconds
|
const int SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT = 52*60; // for next token block, in seconds
|
||||||
|
const int SSU2_TOKEN_EXPIRATION_THRESHOLD = 2; // in seconds
|
||||||
const int SSU2_RELAY_NONCE_EXPIRATION_TIMEOUT = 10; // in seconds
|
const int SSU2_RELAY_NONCE_EXPIRATION_TIMEOUT = 10; // in seconds
|
||||||
const int SSU2_PEER_TEST_EXPIRATION_TIMEOUT = 60; // 60 seconds
|
const int SSU2_PEER_TEST_EXPIRATION_TIMEOUT = 60; // 60 seconds
|
||||||
const size_t SSU2_MTU = 1488;
|
const size_t SSU2_MTU = 1488;
|
||||||
|
|
Loading…
Reference in a new issue