token expiration threshold

This commit is contained in:
orignal 2022-06-19 08:52:47 -04:00
parent dd602a27b5
commit 5bb20cb039
3 changed files with 15 additions and 6 deletions

View file

@ -588,7 +588,11 @@ namespace transport
{ {
auto it = m_OutgoingTokens.find (ep); auto it = m_OutgoingTokens.find (ep);
if (it != m_OutgoingTokens.end ()) if (it != m_OutgoingTokens.end ())
{
if (i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_THRESHOLD > it->second.second)
return 0; // token expired
return it->second.first; return it->second.first;
}
return 0; return 0;
} }

View file

@ -424,9 +424,10 @@ namespace transport
memset (headerX + 8, 0, 8); // token = 0 memset (headerX + 8, 0, 8); // token = 0
memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // Y memcpy (headerX + 16, m_EphemeralKeys->GetPublicKey (), 32); // Y
// payload // payload
auto ts = i2p::util::GetSecondsSinceEpoch ();
payload[0] = eSSU2BlkDateTime; payload[0] = eSSU2BlkDateTime;
htobe16buf (payload + 1, 4); htobe16buf (payload + 1, 4);
htobe32buf (payload + 3, i2p::util::GetSecondsSinceEpoch ()); htobe32buf (payload + 3, ts);
size_t payloadSize = 7; size_t payloadSize = 7;
payloadSize += CreateAddressBlock (payload + payloadSize, 80 - payloadSize, m_RemoteEndpoint); payloadSize += CreateAddressBlock (payload + payloadSize, 80 - payloadSize, m_RemoteEndpoint);
if (m_RelayTag) if (m_RelayTag)
@ -437,11 +438,14 @@ namespace transport
payloadSize += 7; payloadSize += 7;
} }
auto token = m_Server.NewIncomingToken (m_RemoteEndpoint); auto token = m_Server.NewIncomingToken (m_RemoteEndpoint);
payload[payloadSize] = eSSU2BlkNewToken; if (ts + SSU2_TOKEN_EXPIRATION_THRESHOLD > token.second) // not expired?
htobe16buf (payload + payloadSize + 1, 12); {
htobe32buf (payload + payloadSize + 3, token.second); // expires payload[payloadSize] = eSSU2BlkNewToken;
memcpy (payload + payloadSize + 7, &token.first, 8); // token htobe16buf (payload + payloadSize + 1, 12);
payloadSize += 15; htobe32buf (payload + payloadSize + 3, token.second - SSU2_TOKEN_EXPIRATION_THRESHOLD); // expires
memcpy (payload + payloadSize + 7, &token.first, 8); // token
payloadSize += 15;
}
payloadSize += CreatePaddingBlock (payload + payloadSize, 80 - payloadSize); payloadSize += CreatePaddingBlock (payload + payloadSize, 80 - payloadSize);
// KDF for SessionCreated // KDF for SessionCreated
m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header) m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)

View file

@ -27,6 +27,7 @@ namespace transport
const int SSU2_TERMINATION_TIMEOUT = 330; // 5.5 minutes const int SSU2_TERMINATION_TIMEOUT = 330; // 5.5 minutes
const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // for Retry message, in seconds const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // for Retry message, in seconds
const int SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT = 52*60; // for next token block, in seconds const int SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT = 52*60; // for next token block, in seconds
const int SSU2_TOKEN_EXPIRATION_THRESHOLD = 2; // in seconds
const int SSU2_RELAY_NONCE_EXPIRATION_TIMEOUT = 10; // in seconds const int SSU2_RELAY_NONCE_EXPIRATION_TIMEOUT = 10; // in seconds
const int SSU2_PEER_TEST_EXPIRATION_TIMEOUT = 60; // 60 seconds const int SSU2_PEER_TEST_EXPIRATION_TIMEOUT = 60; // 60 seconds
const size_t SSU2_MTU = 1488; const size_t SSU2_MTU = 1488;