generate new token with longer expiration time

2025-01-22 13:27:17 +01:00 · 2022-06-16 22:37:33 -04:00 · 2022-06-16 22:37:33 -04:00 · 67252b90b3
parent 079f7e515c
commit 67252b90b3
4 changed files with 21 additions and 9 deletions
--- a/libi2pd/SSU2.cpp
+++ b/libi2pd/SSU2.cpp
@ -582,16 +582,25 @@ namespace transport
 		return 0;
 	}

-	std::pair<uint64_t, uint32_t>  SSU2Server::GetIncomingToken (const boost::asio::ip::udp::endpoint& ep)
+	uint64_t SSU2Server::GetIncomingToken (const boost::asio::ip::udp::endpoint& ep)
 	{
 		auto it = m_IncomingTokens.find (ep);
 		if (it != m_IncomingTokens.end ())
-			return it->second;
+			return it->second.first;
 		uint64_t token;
 		RAND_bytes ((uint8_t *)&token, 8);
-		auto ret = std::make_pair (token, i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_TIMEOUT); 
+		m_IncomingTokens.emplace (ep, std::make_pair (token, i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_TIMEOUT));
+		return token;
+	}
+
+	std::pair<uint64_t, uint32_t> SSU2Server::NewIncomingToken (const boost::asio::ip::udp::endpoint& ep)
+	{
+		m_IncomingTokens.erase (ep); // drop previous
+		uint64_t token;
+		RAND_bytes ((uint8_t *)&token, 8);
+		auto ret = std::make_pair (token, i2p::util::GetSecondsSinceEpoch () + SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT); 
 		m_IncomingTokens.emplace (ep, ret);
 		return ret;
-	}
+	}	
 }
 }
--- a/libi2pd/SSU2.h
+++ b/libi2pd/SSU2.h
@ -71,7 +71,9 @@ namespace transport
 			
 			void UpdateOutgoingToken (const boost::asio::ip::udp::endpoint& ep, uint64_t token, uint32_t exp);
 			uint64_t FindOutgoingToken (const boost::asio::ip::udp::endpoint& ep) const;
-			std::pair<uint64_t, uint32_t> GetIncomingToken (const boost::asio::ip::udp::endpoint& ep);
+			uint64_t GetIncomingToken (const boost::asio::ip::udp::endpoint& ep);
+			std::pair<uint64_t, uint32_t> NewIncomingToken (const boost::asio::ip::udp::endpoint& ep);
+		

 		private:

--- a/libi2pd/SSU2Session.cpp
+++ b/libi2pd/SSU2Session.cpp
@ -376,7 +376,7 @@ namespace transport
 		memcpy (&m_DestConnID, headerX, 8);
 		uint64_t token;
 		memcpy (&token, headerX + 8, 8);
-		if (!token || token != m_Server.GetIncomingToken (m_RemoteEndpoint).first)
+		if (!token || token != m_Server.GetIncomingToken (m_RemoteEndpoint))
 		{
 			LogPrint (eLogDebug, "SSU2: SessionRequest token mismatch. Retry");
 			SendRetry ();
@ -436,7 +436,7 @@ namespace transport
 			htobe32buf (payload + payloadSize + 3, m_RelayTag);
 			payloadSize += 7;
 		}
-		auto token = m_Server.GetIncomingToken (m_RemoteEndpoint);
+		auto token = m_Server.NewIncomingToken (m_RemoteEndpoint);
 		payload[payloadSize] = eSSU2BlkNewToken;
 		htobe16buf (payload + payloadSize + 1, 12);
 		htobe32buf (payload + payloadSize + 3, token.second); // expires
@ -735,7 +735,7 @@ namespace transport
 		header.h.flags[2] = 0; // flag
 		memcpy (h, header.buf, 16);
 		memcpy (h + 16, &m_SourceConnID, 8); // source id
-		uint64_t token = m_Server.GetIncomingToken (m_RemoteEndpoint).first;
+		uint64_t token = m_Server.GetIncomingToken (m_RemoteEndpoint);
 		memcpy (h + 24, &token, 8); // token
 		// payload
 		payload[0] = eSSU2BlkDateTime;
--- a/libi2pd/SSU2Session.h
+++ b/libi2pd/SSU2Session.h
@ -25,7 +25,8 @@ namespace transport
 {
 	const int SSU2_CONNECT_TIMEOUT = 5; // 5 seconds
 	const int SSU2_TERMINATION_TIMEOUT = 330; // 5.5 minutes
-	const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // in seconds
+	const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // for Retry message, in seconds
+	const int SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT = 52*60; // for next token block, in seconds
 	const int SSU2_RELAY_NONCE_EXPIRATION_TIMEOUT = 10; // in seconds
 	const int SSU2_PEER_TEST_EXPIRATION_TIMEOUT = 60; // 60 seconds
 	const size_t SSU2_MTU = 1488;