mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-11-04 00:20:46 +00:00
generate DH keys pair per NTCP session
This commit is contained in:
orignal
parent
15299aa42d
commit
7bdf52a774
6 changed files with 37 additions and 5 deletions
|
|
@ -53,6 +53,14 @@ namespace data
|
||||||
return keys;
|
return keys;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void CreateRandomDHKeysPair (DHKeysPair * keys)
|
||||||
|
{
|
||||||
|
if (!keys) return;
|
||||||
|
CryptoPP::AutoSeededRandomPool rnd;
|
||||||
|
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
|
||||||
|
dh.GenerateKeyPair(rnd, keys->privateKey, keys->publicKey);
|
||||||
|
}
|
||||||
|
|
||||||
RoutingKey CreateRoutingKey (const IdentHash& ident)
|
RoutingKey CreateRoutingKey (const IdentHash& ident)
|
||||||
{
|
{
|
||||||
uint8_t buf[41]; // ident + yyyymmdd
|
uint8_t buf[41]; // ident + yyyymmdd
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,12 @@ namespace data
|
||||||
{
|
{
|
||||||
#pragma pack(1)
|
#pragma pack(1)
|
||||||
|
|
||||||
|
struct DHKeysPair // transient keys for transport sessions
|
||||||
|
{
|
||||||
|
uint8_t publicKey[256];
|
||||||
|
uint8_t privateKey[256];
|
||||||
|
};
|
||||||
|
|
||||||
struct Keys
|
struct Keys
|
||||||
{
|
{
|
||||||
uint8_t privateKey[256];
|
uint8_t privateKey[256];
|
||||||
|
|
@ -71,6 +77,7 @@ namespace data
|
||||||
|
|
||||||
IdentHash CalculateIdentHash (const Identity& identity);
|
IdentHash CalculateIdentHash (const Identity& identity);
|
||||||
Keys CreateRandomKeys ();
|
Keys CreateRandomKeys ();
|
||||||
|
void CreateRandomDHKeysPair (DHKeysPair * keys); // for transport sessions
|
||||||
|
|
||||||
// kademlia
|
// kademlia
|
||||||
struct RoutingKey
|
struct RoutingKey
|
||||||
|
|
|
||||||
|
|
@ -24,13 +24,19 @@ namespace ntcp
|
||||||
m_Socket (service), m_TerminationTimer (service), m_IsEstablished (false),
|
m_Socket (service), m_TerminationTimer (service), m_IsEstablished (false),
|
||||||
m_RemoteRouterInfo (in_RemoteRouterInfo), m_ReceiveBufferOffset (0), m_NextMessage (nullptr)
|
m_RemoteRouterInfo (in_RemoteRouterInfo), m_ReceiveBufferOffset (0), m_NextMessage (nullptr)
|
||||||
{
|
{
|
||||||
|
m_DHKeysPair = i2p::transports.GetNextDHKeysPair ();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NTCPSession::~NTCPSession ()
|
||||||
|
{
|
||||||
|
delete m_DHKeysPair;
|
||||||
|
}
|
||||||
|
|
||||||
void NTCPSession::CreateAESKey (uint8_t * pubKey, uint8_t * aesKey)
|
void NTCPSession::CreateAESKey (uint8_t * pubKey, uint8_t * aesKey)
|
||||||
{
|
{
|
||||||
CryptoPP::DH dh (elgp, elgg);
|
CryptoPP::DH dh (elgp, elgg);
|
||||||
CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength());
|
CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength());
|
||||||
if (!dh.Agree (secretKey, i2p::context.GetPrivateKey (), pubKey))
|
if (!dh.Agree (secretKey, m_DHKeysPair->privateKey, pubKey))
|
||||||
{
|
{
|
||||||
LogPrint ("Couldn't create shared key");
|
LogPrint ("Couldn't create shared key");
|
||||||
Terminate ();
|
Terminate ();
|
||||||
|
|
@ -78,7 +84,7 @@ namespace ntcp
|
||||||
void NTCPSession::ClientLogin ()
|
void NTCPSession::ClientLogin ()
|
||||||
{
|
{
|
||||||
// send Phase1
|
// send Phase1
|
||||||
const uint8_t * x = i2p::context.GetRouterIdentity ().publicKey;
|
const uint8_t * x = m_DHKeysPair->publicKey;
|
||||||
memcpy (m_Phase1.pubKey, x, 256);
|
memcpy (m_Phase1.pubKey, x, 256);
|
||||||
CryptoPP::SHA256().CalculateDigest(m_Phase1.HXxorHI, x, 256);
|
CryptoPP::SHA256().CalculateDigest(m_Phase1.HXxorHI, x, 256);
|
||||||
const uint8_t * ident = m_RemoteRouterInfo.GetIdentHash ();
|
const uint8_t * ident = m_RemoteRouterInfo.GetIdentHash ();
|
||||||
|
|
@ -143,7 +149,7 @@ namespace ntcp
|
||||||
|
|
||||||
void NTCPSession::SendPhase2 ()
|
void NTCPSession::SendPhase2 ()
|
||||||
{
|
{
|
||||||
const uint8_t * y = i2p::context.GetRouterIdentity ().publicKey;
|
const uint8_t * y = m_DHKeysPair->publicKey;
|
||||||
memcpy (m_Phase2.pubKey, y, 256);
|
memcpy (m_Phase2.pubKey, y, 256);
|
||||||
uint8_t xy[512];
|
uint8_t xy[512];
|
||||||
memcpy (xy, m_Phase1.pubKey, 256);
|
memcpy (xy, m_Phase1.pubKey, 256);
|
||||||
|
|
@ -200,7 +206,7 @@ namespace ntcp
|
||||||
m_Decryption.ProcessData((uint8_t *)&m_Phase2.encrypted, (uint8_t *)&m_Phase2.encrypted, sizeof(m_Phase2.encrypted));
|
m_Decryption.ProcessData((uint8_t *)&m_Phase2.encrypted, (uint8_t *)&m_Phase2.encrypted, sizeof(m_Phase2.encrypted));
|
||||||
// verify
|
// verify
|
||||||
uint8_t xy[512], hxy[32];
|
uint8_t xy[512], hxy[32];
|
||||||
memcpy (xy, i2p::context.GetRouterIdentity ().publicKey, 256);
|
memcpy (xy, m_DHKeysPair->publicKey, 256);
|
||||||
memcpy (xy + 256, m_Phase2.pubKey, 256);
|
memcpy (xy + 256, m_Phase2.pubKey, 256);
|
||||||
CryptoPP::SHA256().CalculateDigest(hxy, xy, 512);
|
CryptoPP::SHA256().CalculateDigest(hxy, xy, 512);
|
||||||
if (memcmp (hxy, m_Phase2.encrypted.hxy, 32))
|
if (memcmp (hxy, m_Phase2.encrypted.hxy, 32))
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@
|
||||||
#include <cryptopp/modes.h>
|
#include <cryptopp/modes.h>
|
||||||
#include <cryptopp/aes.h>
|
#include <cryptopp/aes.h>
|
||||||
#include <cryptopp/adler32.h>
|
#include <cryptopp/adler32.h>
|
||||||
|
#include "Identity.h"
|
||||||
#include "RouterInfo.h"
|
#include "RouterInfo.h"
|
||||||
#include "I2NPProtocol.h"
|
#include "I2NPProtocol.h"
|
||||||
|
|
||||||
|
|
@ -66,7 +67,7 @@ namespace ntcp
|
||||||
public:
|
public:
|
||||||
|
|
||||||
NTCPSession (boost::asio::io_service& service, i2p::data::RouterInfo& in_RemoteRouterInfo);
|
NTCPSession (boost::asio::io_service& service, i2p::data::RouterInfo& in_RemoteRouterInfo);
|
||||||
virtual ~NTCPSession () {};
|
virtual ~NTCPSession ();
|
||||||
|
|
||||||
boost::asio::ip::tcp::socket& GetSocket () { return m_Socket; };
|
boost::asio::ip::tcp::socket& GetSocket () { return m_Socket; };
|
||||||
bool IsEstablished () const { return m_IsEstablished; };
|
bool IsEstablished () const { return m_IsEstablished; };
|
||||||
|
|
@ -120,6 +121,7 @@ namespace ntcp
|
||||||
boost::asio::ip::tcp::socket m_Socket;
|
boost::asio::ip::tcp::socket m_Socket;
|
||||||
boost::asio::deadline_timer m_TerminationTimer;
|
boost::asio::deadline_timer m_TerminationTimer;
|
||||||
bool m_IsEstablished;
|
bool m_IsEstablished;
|
||||||
|
i2p::data::DHKeysPair * m_DHKeysPair; // X - for client and Y - for server
|
||||||
|
|
||||||
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption;
|
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption;
|
||||||
CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption;
|
CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption;
|
||||||
|
|
|
||||||
|
|
@ -221,4 +221,11 @@ namespace i2p
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
i2p::data::DHKeysPair * Transports::GetNextDHKeysPair ()
|
||||||
|
{
|
||||||
|
// TODO: use supplier with separate thread
|
||||||
|
i2p::data::DHKeysPair * pair = new i2p::data::DHKeysPair ();
|
||||||
|
i2p::data::CreateRandomDHKeysPair (pair);
|
||||||
|
return pair;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@
|
||||||
#include "SSU.h"
|
#include "SSU.h"
|
||||||
#include "RouterInfo.h"
|
#include "RouterInfo.h"
|
||||||
#include "I2NPProtocol.h"
|
#include "I2NPProtocol.h"
|
||||||
|
#include "Identity.h"
|
||||||
|
|
||||||
namespace i2p
|
namespace i2p
|
||||||
{
|
{
|
||||||
|
|
@ -24,6 +25,7 @@ namespace i2p
|
||||||
void Stop ();
|
void Stop ();
|
||||||
|
|
||||||
boost::asio::io_service& GetService () { return m_Service; };
|
boost::asio::io_service& GetService () { return m_Service; };
|
||||||
|
i2p::data::DHKeysPair * GetNextDHKeysPair ();
|
||||||
|
|
||||||
void AddNTCPSession (i2p::ntcp::NTCPSession * session);
|
void AddNTCPSession (i2p::ntcp::NTCPSession * session);
|
||||||
void RemoveNTCPSession (i2p::ntcp::NTCPSession * session);
|
void RemoveNTCPSession (i2p::ntcp::NTCPSession * session);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue