don't encrypt ShortTunnelBuild and ShortTunnelBuildReply if on the same router

libi2pd/I2NPProtocol.cpp

@@ -713,6 +713,9 @@ namespace i2p
 					auto replyMsg = NewI2NPShortMessage ();
 					replyMsg->Concat (buf, len);
 					replyMsg->FillI2NPMessageHeader (eI2NPShortTunnelBuildReply, bufbe32toh (clearText + SHORT_REQUEST_RECORD_SEND_MSG_ID_OFFSET));
+					if (memcmp ((const uint8_t *)i2p::context.GetIdentHash (), 
+						clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET, 32)) // reply IBGW is not local?
+					{
 						i2p::crypto::HKDF (noiseState.m_CK, nullptr, 0, "RGarlicKeyAndTag", noiseState.m_CK); 		
 						uint64_t tag;
 						memcpy (&tag, noiseState.m_CK, 8);
@@ -721,6 +724,17 @@ namespace i2p
 						CreateTunnelGatewayMsg (bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
 							i2p::garlic::WrapECIESX25519Message (replyMsg,  noiseState.m_CK + 32, tag)));
 					}	
+					else
+					{
+						// IBGW is local
+						uint32_t tunnelID = bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET);
+						auto tunnel = i2p::tunnel::tunnels.GetTunnel (tunnelID);
+						if (tunnel)
+							tunnel->SendTunnelDataMsg (replyMsg);
+						else
+							LogPrint (eLogWarning, "I2NP: Tunnel ", tunnelID, " not found for short tunnel build reply");
+					}	
+				}	
 				else	
 					transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,
 						CreateI2NPMessage (eI2NPShortTunnelBuild, buf, len,

libi2pd/Tunnel.cpp

@@ -96,7 +96,7 @@ namespace tunnel
 			if (m_Config->IsShort ())
 			{
 				auto ident = m_Config->GetFirstHop () ? m_Config->GetFirstHop ()->ident : nullptr;
-				if (ident)
+				if (ident && ident->GetIdentHash () != outboundTunnel->GetNextIdentHash ()) // don't encrypt if IBGW = OBEP
 				{	
 					auto msg1 = i2p::garlic::WrapECIESX25519MessageForRouter (msg, ident->GetEncryptionPublicKey ());
 					if (msg1) msg = msg1;