From 67252b90b33f8e631672e9af7f89127cc328f8df Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 16 Jun 2022 22:37:33 -0400 Subject: [PATCH] generate new token with longer expiration time --- libi2pd/SSU2.cpp | 17 +++++++++++++---- libi2pd/SSU2.h | 4 +++- libi2pd/SSU2Session.cpp | 6 +++--- libi2pd/SSU2Session.h | 3 ++- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/libi2pd/SSU2.cpp b/libi2pd/SSU2.cpp index 9290a714..fbdb52bd 100644 --- a/libi2pd/SSU2.cpp +++ b/libi2pd/SSU2.cpp @@ -582,16 +582,25 @@ namespace transport return 0; } - std::pair SSU2Server::GetIncomingToken (const boost::asio::ip::udp::endpoint& ep) + uint64_t SSU2Server::GetIncomingToken (const boost::asio::ip::udp::endpoint& ep) { auto it = m_IncomingTokens.find (ep); if (it != m_IncomingTokens.end ()) - return it->second; + return it->second.first; uint64_t token; RAND_bytes ((uint8_t *)&token, 8); - auto ret = std::make_pair (token, i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_TIMEOUT); + m_IncomingTokens.emplace (ep, std::make_pair (token, i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_TIMEOUT)); + return token; + } + + std::pair SSU2Server::NewIncomingToken (const boost::asio::ip::udp::endpoint& ep) + { + m_IncomingTokens.erase (ep); // drop previous + uint64_t token; + RAND_bytes ((uint8_t *)&token, 8); + auto ret = std::make_pair (token, i2p::util::GetSecondsSinceEpoch () + SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT); m_IncomingTokens.emplace (ep, ret); return ret; - } + } } } diff --git a/libi2pd/SSU2.h b/libi2pd/SSU2.h index d924dffe..4dfe8485 100644 --- a/libi2pd/SSU2.h +++ b/libi2pd/SSU2.h @@ -71,7 +71,9 @@ namespace transport void UpdateOutgoingToken (const boost::asio::ip::udp::endpoint& ep, uint64_t token, uint32_t exp); uint64_t FindOutgoingToken (const boost::asio::ip::udp::endpoint& ep) const; - std::pair GetIncomingToken (const boost::asio::ip::udp::endpoint& ep); + uint64_t GetIncomingToken (const boost::asio::ip::udp::endpoint& ep); + std::pair NewIncomingToken (const boost::asio::ip::udp::endpoint& ep); + private: diff --git a/libi2pd/SSU2Session.cpp b/libi2pd/SSU2Session.cpp index 175ece2a..12950855 100644 --- a/libi2pd/SSU2Session.cpp +++ b/libi2pd/SSU2Session.cpp @@ -376,7 +376,7 @@ namespace transport memcpy (&m_DestConnID, headerX, 8); uint64_t token; memcpy (&token, headerX + 8, 8); - if (!token || token != m_Server.GetIncomingToken (m_RemoteEndpoint).first) + if (!token || token != m_Server.GetIncomingToken (m_RemoteEndpoint)) { LogPrint (eLogDebug, "SSU2: SessionRequest token mismatch. Retry"); SendRetry (); @@ -436,7 +436,7 @@ namespace transport htobe32buf (payload + payloadSize + 3, m_RelayTag); payloadSize += 7; } - auto token = m_Server.GetIncomingToken (m_RemoteEndpoint); + auto token = m_Server.NewIncomingToken (m_RemoteEndpoint); payload[payloadSize] = eSSU2BlkNewToken; htobe16buf (payload + payloadSize + 1, 12); htobe32buf (payload + payloadSize + 3, token.second); // expires @@ -735,7 +735,7 @@ namespace transport header.h.flags[2] = 0; // flag memcpy (h, header.buf, 16); memcpy (h + 16, &m_SourceConnID, 8); // source id - uint64_t token = m_Server.GetIncomingToken (m_RemoteEndpoint).first; + uint64_t token = m_Server.GetIncomingToken (m_RemoteEndpoint); memcpy (h + 24, &token, 8); // token // payload payload[0] = eSSU2BlkDateTime; diff --git a/libi2pd/SSU2Session.h b/libi2pd/SSU2Session.h index bb8c48d0..8a1ce0f0 100644 --- a/libi2pd/SSU2Session.h +++ b/libi2pd/SSU2Session.h @@ -25,7 +25,8 @@ namespace transport { const int SSU2_CONNECT_TIMEOUT = 5; // 5 seconds const int SSU2_TERMINATION_TIMEOUT = 330; // 5.5 minutes - const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // in seconds + const int SSU2_TOKEN_EXPIRATION_TIMEOUT = 9; // for Retry message, in seconds + const int SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT = 52*60; // for next token block, in seconds const int SSU2_RELAY_NONCE_EXPIRATION_TIMEOUT = 10; // in seconds const int SSU2_PEER_TEST_EXPIRATION_TIMEOUT = 60; // 60 seconds const size_t SSU2_MTU = 1488;