try ratchets tag first

This commit is contained in:
orignal 2020-12-04 19:15:06 -05:00
parent 36473e3889
commit a843165cb4

View file

@ -485,26 +485,7 @@ namespace garlic
}
auto mod = length & 0x0f; // %16
buf += 4; // length
auto it = !mod ? m_Tags.find (SessionTag(buf)) : m_Tags.end (); // AES block is multiple of 16
// AES tag might be used even if encryption type is not ElGamal/AES
if (it != m_Tags.end ())
{
// tag found. Use AES
auto decryption = it->second;
m_Tags.erase (it); // tag might be used only once
if (length >= 32)
{
uint8_t iv[32]; // IV is first 16 bytes
SHA256(buf, 32, iv);
decryption->SetIV (iv);
decryption->Decrypt (buf + 32, length - 32, buf + 32);
HandleAESBlock (buf + 32, length - 32, decryption, msg->from);
}
else
LogPrint (eLogWarning, "Garlic: message length ", length, " is less than 32 bytes");
}
else
{
bool found = false;
if (SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD))
{
@ -520,7 +501,27 @@ namespace garlic
m_ECIESx25519Tags.erase (it1);
}
}
if (!found)
{
auto it = !mod ? m_Tags.find (SessionTag(buf)) : m_Tags.end (); // AES block is multiple of 16
// AES tag might be used even if encryption type is not ElGamal/AES
if (it != m_Tags.end ()) // try AES tag
{
// tag found. Use AES
auto decryption = it->second;
m_Tags.erase (it); // tag might be used only once
if (length >= 32)
{
uint8_t iv[32]; // IV is first 16 bytes
SHA256(buf, 32, iv);
decryption->SetIV (iv);
decryption->Decrypt (buf + 32, length - 32, buf + 32);
HandleAESBlock (buf + 32, length - 32, decryption, msg->from);
found = true;
}
else
LogPrint (eLogWarning, "Garlic: message length ", length, " is less than 32 bytes");
}
if (!found) // assume new session
{
// AES tag not found. Handle depending on encryption type