marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

SSU2: Consolidate dup encrypt header keys in IES2/OES2

Browse Source
This commit is contained in:
zzz
2022-12-14 14:15:56 -05:00
parent 9f9a88cf32
commit a112c3a1ed
2 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
router/java/src/net/i2p/router/transport/udp/InboundEstablishState2.java
View File

@ -48,7 +48,6 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
private final long _token;
private final HandshakeState _handshakeState;
private byte[] _sendHeaderEncryptKey1;
private final byte[] _rcvHeaderEncryptKey1;
private byte[] _sendHeaderEncryptKey2;
private byte[] _rcvHeaderEncryptKey2;
private byte[] _sessCrForReTX;
@ -86,7 +85,6 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
transport.getSSU2StaticPubKey(), 0);
byte[] introKey = transport.getSSU2StaticIntroKey();
_sendHeaderEncryptKey1 = introKey;
_rcvHeaderEncryptKey1 = introKey;
//_sendHeaderEncryptKey2 set below
//_rcvHeaderEncryptKey2 set below
int off = pkt.getOffset();
@ -104,7 +102,7 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
_currentState = InboundState.IB_STATE_TOKEN_REQUEST_RECEIVED;
// decrypt in-place
ChaChaPolyCipherState chacha = new ChaChaPolyCipherState();
chacha.initializeKey(_rcvHeaderEncryptKey1, 0);
chacha.initializeKey(introKey, 0);
long n = DataHelper.fromLong(data, off + PKT_NUM_OFFSET, 4);
chacha.setNonce(n);
chacha.decryptWithAd(data, off, LONG_HEADER_SIZE,
@ -119,6 +117,7 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
} else if (type == SESSION_REQUEST_FLAG_BYTE &&
(token == 0 ||
(ENFORCE_TOKEN && !_transport.getEstablisher().isInboundTokenValid(_remoteHostId, token)))) {
// i2pd thru 0.9.55 ignores zero token + termination in retry
if (_log.shouldInfo())
_log.info("Invalid token " + token + " in session request from: " + _aliceSocketAddress);
if (token == 0)
@ -178,7 +177,7 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
}
packetReceived();
if (_log.shouldDebug())
_log.debug("New " + this);
_log.debug("New req type " + type + " len " + len + " on " + this);
}
@Override
@ -428,8 +427,8 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
}
public void gotTermination(int reason, long count) {
if (_log.shouldInfo())
_log.info("Got TERMINATION block, reason: " + reason + " count: " + count);
if (_log.shouldWarn())
_log.warn("Got TERMINATION block, reason: " + reason + " count: " + count + " on " + this);
// this sets the state to FAILED
fail();
_transport.getEstablisher().receiveSessionDestroy(_remoteHostId);
@ -479,7 +478,7 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
}
public HandshakeState getHandshakeState() { return _handshakeState; }
public byte[] getSendHeaderEncryptKey1() { return _sendHeaderEncryptKey1; }
public byte[] getRcvHeaderEncryptKey1() { return _rcvHeaderEncryptKey1; }
public byte[] getRcvHeaderEncryptKey1() { return _transport.getSSU2StaticIntroKey(); }
public byte[] getSendHeaderEncryptKey2() { return _sendHeaderEncryptKey2; }
public synchronized byte[] getRcvHeaderEncryptKey2() { return _rcvHeaderEncryptKey2; }
public InetSocketAddress getSentAddress() { return _aliceSocketAddress; }
@ -574,6 +573,8 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
if (_log.shouldWarn())
_log.warn("Got retx token request on: " + this);
// Est. mgr will resend retry and call retryPacketSent()
// Note that Java I2P < 0.9.57 doesn't handle retransmitted retries correctly,
// so this won't work for them
long now = _context.clock().now();
// rate limit
_nextSend = Math.max(now, _lastSend + 750);
@ -912,6 +913,7 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
buf.append(" lifetime: ").append(DataHelper.formatDuration(getLifetime()));
buf.append(" Rcv ID: ").append(_rcvConnID);
buf.append(" Send ID: ").append(_sendConnID);
buf.append(" Token: ").append(_token);
if (_sentRelayTag > 0)
buf.append(" RelayTag: ").append(_sentRelayTag);
buf.append(' ').append(_currentState);

20
router/java/src/net/i2p/router/transport/udp/OutboundEstablishState2.java
View File

@ -49,8 +49,8 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
private final Map<Hash, IntroState> _introducers;
private long _token;
private HandshakeState _handshakeState;
private final byte[] _sendHeaderEncryptKey1;
private final byte[] _rcvHeaderEncryptKey1;
// Bob's intro key, same for send and receive
private final byte[] _headerEncryptKey1;
private byte[] _sendHeaderEncryptKey2;
private byte[] _rcvHeaderEncryptKey2;
private final byte[] _rcvRetryHeaderEncryptKey2;
@ -211,8 +211,7 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
_rcvConnID = rcid;
byte[] ik = introKey.getData();
_sendHeaderEncryptKey1 = ik;
_rcvHeaderEncryptKey1 = ik;
_headerEncryptKey1 = ik;
_sendHeaderEncryptKey2 = ik;
//_rcvHeaderEncryptKey2 will be set after the Session Request message is created
_rcvRetryHeaderEncryptKey2 = ik;
@ -343,7 +342,7 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
public void gotTermination(int reason, long count) {
if (_log.shouldWarn())
_log.warn("Got TERMINATION block, reason: " + reason + " count: " + count);
_log.warn("Got TERMINATION block, reason: " + reason + " count: " + count + " on " + this);
// this sets the state to FAILED
fail();
_transport.getEstablisher().receiveSessionDestroy(_remoteHostId, this);
@ -450,8 +449,8 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
return _transport.getEstablisher().getInboundToken(_remoteHostId);
}
public HandshakeState getHandshakeState() { return _handshakeState; }
public byte[] getSendHeaderEncryptKey1() { return _sendHeaderEncryptKey1; }
public byte[] getRcvHeaderEncryptKey1() { return _rcvHeaderEncryptKey1; }
public byte[] getSendHeaderEncryptKey1() { return _headerEncryptKey1; }
public byte[] getRcvHeaderEncryptKey1() { return _headerEncryptKey1; }
public byte[] getSendHeaderEncryptKey2() { return _sendHeaderEncryptKey2; }
/**
* @return null before Session Request is sent (i.e. we sent a Token Request first)
@ -509,7 +508,7 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
_token = token;
_timeReceived = 0;
ChaChaPolyCipherState chacha = new ChaChaPolyCipherState();
chacha.initializeKey(_rcvHeaderEncryptKey1, 0);
chacha.initializeKey(_headerEncryptKey1, 0);
long n = DataHelper.fromLong(data, off + PKT_NUM_OFFSET, 4);
chacha.setNonce(n);
try {
@ -536,7 +535,7 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
throw new GeneralSecurityException("Skew exceeded in Retry: " + _skew);
createNewState(_routerAddress);
if (_log.shouldDebug())
_log.debug("Received a retry on " + this);
_log.debug("Received a retry token " + token + " on " + this);
_currentState = OutboundState.OB_STATE_RETRY_RECEIVED;
}
@ -718,7 +717,7 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
_remotePeer.calculateHash(),
false, _rtt, sender, rcvr,
_sendConnID, _rcvConnID,
_sendHeaderEncryptKey1, h_ab, h_ba);
_headerEncryptKey1, h_ab, h_ba);
_currentState = OutboundState.OB_STATE_CONFIRMED_COMPLETELY;
_pstate.confirmedPacketsSent(_sessConfForReTX);
// PS2.super adds CLOCK_SKEW_FUDGE that doesn't apply here
@ -806,6 +805,7 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
" lifetime: " + DataHelper.formatDuration(getLifetime()) +
" Rcv ID: " + _rcvConnID +
" Send ID: " + _sendConnID +
" Token: " + _token +
' ' + _currentState +
(_introducers != null ? (" Introducers: " + _introducers.toString()) : "");
}