2022-02-04 20:01:18 +00:00
|
|
|
/*
|
2022-02-18 06:20:06 +00:00
|
|
|
* Copyright (c) 2022, The PurpleI2P Project
|
2022-02-04 20:01:18 +00:00
|
|
|
*
|
|
|
|
* This file is part of Purple i2pd project and licensed under BSD3
|
|
|
|
*
|
|
|
|
* See full license text in LICENSE file at top of project tree
|
|
|
|
*/
|
|
|
|
|
2022-02-12 00:21:04 +00:00
|
|
|
#include <string.h>
|
|
|
|
#include <openssl/rand.h>
|
2022-02-28 01:15:14 +00:00
|
|
|
#include "RouterContext.h"
|
2022-02-05 20:58:39 +00:00
|
|
|
#include "Transports.h"
|
2022-02-04 20:01:18 +00:00
|
|
|
#include "SSU2.h"
|
|
|
|
|
|
|
|
namespace i2p
|
|
|
|
{
|
|
|
|
namespace transport
|
|
|
|
{
|
2022-02-28 01:15:14 +00:00
|
|
|
SSU2Session::SSU2Session (SSU2Server& server, std::shared_ptr<const i2p::data::RouterInfo> in_RemoteRouter,
|
2022-02-04 20:01:18 +00:00
|
|
|
std::shared_ptr<const i2p::data::RouterInfo::Address> addr, bool peerTest):
|
2022-02-10 19:03:09 +00:00
|
|
|
TransportSession (in_RemoteRouter, SSU2_TERMINATION_TIMEOUT),
|
2022-02-28 01:15:14 +00:00
|
|
|
m_Server (server), m_Address (addr)
|
2022-02-04 20:01:18 +00:00
|
|
|
{
|
2022-02-05 20:58:39 +00:00
|
|
|
m_NoiseState.reset (new i2p::crypto::NoiseSymmetricState);
|
|
|
|
if (in_RemoteRouter && addr)
|
|
|
|
{
|
|
|
|
// outgoing
|
2022-02-05 22:14:25 +00:00
|
|
|
InitNoiseXKState1 (*m_NoiseState, addr->s);
|
2022-02-05 20:58:39 +00:00
|
|
|
}
|
2022-02-04 20:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
SSU2Session::~SSU2Session ()
|
|
|
|
{
|
|
|
|
}
|
2022-02-10 19:03:09 +00:00
|
|
|
|
|
|
|
void SSU2Session::SendSessionRequest ()
|
|
|
|
{
|
|
|
|
m_EphemeralKeys = i2p::transport::transports.GetNextX25519KeysPair ();
|
|
|
|
m_NoiseState->MixHash (m_EphemeralKeys->GetPublicKey (), 32);
|
|
|
|
uint8_t sharedSecret[32];
|
|
|
|
m_EphemeralKeys->Agree (m_Address->s, sharedSecret);
|
|
|
|
m_NoiseState->MixKey (sharedSecret);
|
2022-02-12 00:21:04 +00:00
|
|
|
|
|
|
|
Header header;
|
2022-02-28 01:15:14 +00:00
|
|
|
uint64_t headerX[6];
|
|
|
|
uint8_t payload[1200]; // TODO: correct payload size
|
2022-02-12 00:21:04 +00:00
|
|
|
size_t payloadSize = 8;
|
2022-02-10 19:03:09 +00:00
|
|
|
// fill packet
|
2022-02-12 00:21:04 +00:00
|
|
|
RAND_bytes (header.h.connID, 8);
|
|
|
|
memset (header.h.packetNum, 0, 4);
|
|
|
|
header.h.type = eSSU2SessionRequest;
|
|
|
|
header.h.flags[0] = 2; // ver
|
|
|
|
header.h.flags[1] = 2; // netID TODO:
|
|
|
|
header.h.flags[2] = 0; // flag
|
2022-02-28 01:15:14 +00:00
|
|
|
RAND_bytes ((uint8_t *)headerX, 8); // source id
|
|
|
|
memset (headerX + 1, 0, 8); // token
|
|
|
|
memcpy (headerX + 2, m_EphemeralKeys->GetPublicKey (), 32); // X
|
|
|
|
m_Server.AddSession (headerX[0], shared_from_this ());
|
2022-02-10 19:03:09 +00:00
|
|
|
// encrypt
|
2022-02-12 00:21:04 +00:00
|
|
|
const uint8_t nonce[12] = {0};
|
|
|
|
i2p::crypto::AEADChaCha20Poly1305 (payload, payloadSize, m_NoiseState->m_H, 32, m_NoiseState->m_CK + 32, nonce, payload, payloadSize + 16, true);
|
|
|
|
payloadSize += 16;
|
|
|
|
CreateHeaderMask (m_Address->i, payload + (payloadSize - 24), m_Address->i, payload + (payloadSize - 12));
|
|
|
|
EncryptHeader (header);
|
2022-02-28 01:15:14 +00:00
|
|
|
i2p::crypto::ChaCha20 ((uint8_t *)headerX, 48, m_Address->i, nonce, (uint8_t *)headerX);
|
2022-02-12 00:21:04 +00:00
|
|
|
|
2022-02-10 19:03:09 +00:00
|
|
|
}
|
|
|
|
|
2022-02-12 00:21:04 +00:00
|
|
|
void SSU2Session::EncryptHeader (Header& h)
|
2022-02-10 19:03:09 +00:00
|
|
|
{
|
2022-02-12 00:21:04 +00:00
|
|
|
h.ll[0] ^= m_HeaderMask.ll[0];
|
|
|
|
h.ll[1] ^= m_HeaderMask.ll[1];
|
2022-02-10 19:03:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void SSU2Session::CreateHeaderMask (const uint8_t * kh1, const uint8_t * nonce1, const uint8_t * kh2, const uint8_t * nonce2)
|
|
|
|
{
|
|
|
|
// Header Encryption KDF
|
|
|
|
uint8_t data[8] = {0};
|
|
|
|
i2p::crypto::ChaCha20 (data, 8, kh1, nonce1, m_HeaderMask.buf);
|
|
|
|
i2p::crypto::ChaCha20 (data, 8, kh2, nonce2, m_HeaderMask.buf + 8);
|
|
|
|
}
|
2022-02-28 01:15:14 +00:00
|
|
|
|
|
|
|
void SSU2Server::AddSession (uint64_t connID, std::shared_ptr<SSU2Session> session)
|
|
|
|
{
|
|
|
|
m_Sessions.emplace (connID, session);
|
|
|
|
}
|
|
|
|
|
|
|
|
void SSU2Server::ProcessNextPacket (uint8_t * buf, size_t len)
|
|
|
|
{
|
|
|
|
uint64_t key = 0, connID;
|
|
|
|
i2p::crypto::ChaCha20 ((uint8_t *)&key, 8, i2p::context.GetNTCP2IV (), buf + (len - 24), (uint8_t *)&key); // TODO: use SSU2 intro key
|
|
|
|
memcpy (&connID, buf, 8);
|
|
|
|
connID ^= key;
|
|
|
|
auto it = m_Sessions.find (connID);
|
|
|
|
if (it != m_Sessions.end ())
|
|
|
|
{
|
|
|
|
}
|
|
|
|
}
|
2022-02-04 20:01:18 +00:00
|
|
|
}
|
|
|
|
}
|