Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-03-21 16:49:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

separate decryption between own record and other records

Browse source
This commit is contained in:
orignal 2021-07-02 13:20:24 -04:00
parent ff0e23d2c4
commit 8b35ce3320
3 changed files with 42 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
libi2pd/Tunnel.cpp
View file

@ -111,31 +111,31 @@ namespace tunnel
TunnelHopConfig * hop = m_Config->GetLastHop (); TunnelHopConfig * hop = m_Config->GetLastHop ();
while (hop) while (hop)
{ {
// decrypt current hop
auto idx = hop->recordIndex;
if (idx >= 0 && idx < msg[0])
{
uint8_t * record = msg + 1 + idx*TUNNEL_BUILD_RECORD_SIZE;
if (!hop->DecryptBuildResponseRecord (record, record))
return false;
}
else
{
LogPrint (eLogWarning, "Tunnel: hop index ", idx, " is out of range");
return false;
}
// decrypt records before current hop
decryption.SetKey (hop->replyKey); decryption.SetKey (hop->replyKey);
// decrypt records before and current hop TunnelHopConfig * hop1 = hop->prev;
TunnelHopConfig * hop1 = hop;
while (hop1) while (hop1)
{ {
auto idx = hop1->recordIndex; auto idx = hop1->recordIndex;
if (idx >= 0 && idx < msg[0]) if (idx >= 0 && idx < msg[0])
{ {
uint8_t * record = msg + 1 + idx*TUNNEL_BUILD_RECORD_SIZE; uint8_t * record = msg + 1 + idx*TUNNEL_BUILD_RECORD_SIZE;
if (hop1 == hop && hop1->IsECIES ()) decryption.SetIV (hop->replyIV);
{ decryption.Decrypt(record, TUNNEL_BUILD_RECORD_SIZE, record);
uint8_t nonce[12];
memset (nonce, 0, 12);
if (!i2p::crypto::AEADChaCha20Poly1305 (record, TUNNEL_BUILD_RECORD_SIZE - 16,
hop->m_H, 32, hop->m_CK, nonce, record, TUNNEL_BUILD_RECORD_SIZE - 16, false)) // decrypt
{
LogPrint (eLogWarning, "Tunnel: Response AEAD decryption failed");
return false;
}
}
else
{
decryption.SetIV (hop->replyIV);
decryption.Decrypt(record, TUNNEL_BUILD_RECORD_SIZE, record);
}
} }
else else
LogPrint (eLogWarning, "Tunnel: hop index ", idx, " is out of range"); LogPrint (eLogWarning, "Tunnel: hop index ", idx, " is out of range");

23
libi2pd/TunnelConfig.cpp
View file

@ -147,5 +147,28 @@ namespace tunnel
} }
MixHash (encrypted, ECIES_BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE + 16); // h = SHA256(h || ciphertext) MixHash (encrypted, ECIES_BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE + 16); // h = SHA256(h || ciphertext)
} }
bool TunnelHopConfig::DecryptBuildResponseRecord (const uint8_t * encrypted, uint8_t * clearText)
{
if (IsECIES ())
{
uint8_t nonce[12];
memset (nonce, 0, 12);
if (!i2p::crypto::AEADChaCha20Poly1305 (encrypted, TUNNEL_BUILD_RECORD_SIZE - 16,
m_H, 32, m_CK, nonce, clearText, TUNNEL_BUILD_RECORD_SIZE - 16, false)) // decrypt
{
LogPrint (eLogWarning, "Tunnel: Response AEAD decryption failed");
return false;
}
}
else
{
i2p::crypto::CBCDecryption decryption;
decryption.SetKey (replyKey);
decryption.SetIV (replyIV);
decryption.Decrypt (encrypted, TUNNEL_BUILD_RECORD_SIZE, clearText);
}
return true;
}
} }
} }

1
libi2pd/TunnelConfig.h
View file

@ -43,6 +43,7 @@ namespace tunnel
void CreateBuildRequestRecord (uint8_t * record, uint32_t replyMsgID, BN_CTX * ctx); void CreateBuildRequestRecord (uint8_t * record, uint32_t replyMsgID, BN_CTX * ctx);
void EncryptECIES (std::shared_ptr<i2p::crypto::CryptoKeyEncryptor>& encryptor, void EncryptECIES (std::shared_ptr<i2p::crypto::CryptoKeyEncryptor>& encryptor,
const uint8_t * clearText, uint8_t * encrypted, BN_CTX * ctx); const uint8_t * clearText, uint8_t * encrypted, BN_CTX * ctx);
bool DecryptBuildResponseRecord (const uint8_t * encrypted, uint8_t * clearText);
}; };
class TunnelConfig class TunnelConfig