2020-01-15 23:13:43 +03:00
|
|
|
#ifndef ECIES_X25519_AEAD_RATCHET_SESSION_H__
|
|
|
|
|
#define ECIES_X25519_AEAD_RATCHET_SESSION_H__
|
|
|
|
|
|
2020-01-17 03:33:00 +03:00
|
|
|
#include <string.h>
|
2020-01-15 23:13:43 +03:00
|
|
|
#include <inttypes.h>
|
|
|
|
|
#include <functional>
|
2020-01-21 22:40:23 +03:00
|
|
|
#include <memory>
|
2020-01-17 19:21:41 +03:00
|
|
|
#include <vector>
|
2020-03-27 02:03:38 +03:00
|
|
|
#include <list>
|
2020-04-17 04:30:18 +03:00
|
|
|
#include <unordered_map>
|
2020-01-15 23:13:43 +03:00
|
|
|
#include "Identity.h"
|
2020-01-17 00:34:13 +03:00
|
|
|
#include "Crypto.h"
|
2020-01-16 22:59:19 +03:00
|
|
|
#include "Garlic.h"
|
2020-04-17 04:30:18 +03:00
|
|
|
#include "Tag.h"
|
2020-01-15 23:13:43 +03:00
|
|
|
|
|
|
|
|
namespace i2p
|
|
|
|
|
{
|
|
|
|
|
namespace garlic
|
|
|
|
|
{
|
2020-04-24 22:46:02 +03:00
|
|
|
class ECIESX25519AEADRatchetSession;
|
2020-01-20 23:17:38 +03:00
|
|
|
class RatchetTagSet
|
|
|
|
|
{
|
|
|
|
|
public:
|
2020-04-24 22:46:02 +03:00
|
|
|
|
|
|
|
|
RatchetTagSet (std::shared_ptr<ECIESX25519AEADRatchetSession> session): m_Session (session) {};
|
|
|
|
|
|
2020-01-20 23:17:38 +03:00
|
|
|
void DHInitialize (const uint8_t * rootKey, const uint8_t * k);
|
|
|
|
|
void NextSessionTagRatchet ();
|
2020-01-21 22:40:23 +03:00
|
|
|
uint64_t GetNextSessionTag ();
|
2020-04-25 04:36:08 +03:00
|
|
|
const uint8_t * GetNextRootKey () const { return m_NextRootKey; };
|
2020-02-05 23:48:51 +03:00
|
|
|
int GetNextIndex () const { return m_NextIndex; };
|
2020-03-08 02:46:40 +03:00
|
|
|
void GetSymmKey (int index, uint8_t * key);
|
2020-04-24 22:46:02 +03:00
|
|
|
|
|
|
|
|
std::shared_ptr<ECIESX25519AEADRatchetSession> GetSession () { return m_Session.lock (); };
|
2020-04-25 04:36:08 +03:00
|
|
|
int GetTagSetID () const { return m_TagSetID; };
|
|
|
|
|
void SetTagSetID (int tagsetID) { m_TagSetID = tagsetID; };
|
2020-04-24 22:46:02 +03:00
|
|
|
|
2020-02-09 05:51:02 +03:00
|
|
|
private:
|
|
|
|
|
|
2020-01-21 22:40:23 +03:00
|
|
|
union
|
|
|
|
|
{
|
|
|
|
|
uint64_t ll[8];
|
|
|
|
|
uint8_t buf[64];
|
|
|
|
|
|
|
|
|
|
const uint8_t * GetSessTagCK () const { return buf; }; // sessTag_chainKey = keydata[0:31]
|
|
|
|
|
const uint8_t * GetSessTagConstant () const { return buf + 32; }; // SESSTAG_CONSTANT = keydata[32:63]
|
|
|
|
|
uint64_t GetTag () const { return ll[4]; }; // tag = keydata[32:39]
|
|
|
|
|
|
|
|
|
|
} m_KeyData;
|
2020-04-25 04:36:08 +03:00
|
|
|
uint8_t m_SessTagConstant[32], m_SymmKeyCK[32], m_CurrentSymmKeyCK[64], m_NextRootKey[32];
|
2020-04-17 04:30:18 +03:00
|
|
|
int m_NextIndex, m_NextSymmKeyIndex;
|
|
|
|
|
std::unordered_map<int, i2p::data::Tag<32> > m_ItermediateSymmKeys;
|
2020-04-24 22:46:02 +03:00
|
|
|
std::weak_ptr<ECIESX25519AEADRatchetSession> m_Session;
|
2020-04-25 04:36:08 +03:00
|
|
|
int m_TagSetID = 0;
|
2020-01-20 23:17:38 +03:00
|
|
|
};
|
|
|
|
|
|
2020-01-15 23:13:43 +03:00
|
|
|
enum ECIESx25519BlockType
|
|
|
|
|
{
|
|
|
|
|
eECIESx25519BlkDateTime = 0,
|
|
|
|
|
eECIESx25519BlkSessionID = 1,
|
|
|
|
|
eECIESx25519BlkTermination = 4,
|
|
|
|
|
eECIESx25519BlkOptions = 5,
|
2020-04-25 04:36:08 +03:00
|
|
|
eECIESx25519BlkNextKey = 7,
|
2020-03-27 02:03:38 +03:00
|
|
|
eECIESx25519BlkAck = 8,
|
|
|
|
|
eECIESx25519BlkAckRequest = 9,
|
2020-01-15 23:13:43 +03:00
|
|
|
eECIESx25519BlkGalicClove = 11,
|
|
|
|
|
eECIESx25519BlkPadding = 254
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-25 04:36:08 +03:00
|
|
|
const uint8_t ECIESX25519_NEXT_KEY_KEY_PRESENT_FLAG = 0x01;
|
|
|
|
|
const uint8_t ECIESX25519_NEXT_KEY_REVERSE_KEY_FLAG = 0x02;
|
|
|
|
|
const uint8_t ECIESX25519_NEXT_KEY_REQUEST_REVERSE_KEY_FLAG = 0x04;
|
|
|
|
|
|
2020-02-20 23:44:09 +03:00
|
|
|
const int ECIESX25519_RESTART_TIMEOUT = 120; // number of second of inactivity we should restart after
|
|
|
|
|
const int ECIESX25519_EXPIRATION_TIMEOUT = 600; // in seconds
|
|
|
|
|
|
2020-01-21 22:40:23 +03:00
|
|
|
class ECIESX25519AEADRatchetSession: public GarlicRoutingSession, public std::enable_shared_from_this<ECIESX25519AEADRatchetSession>
|
2020-01-15 23:13:43 +03:00
|
|
|
{
|
2020-01-17 19:21:41 +03:00
|
|
|
enum SessionState
|
|
|
|
|
{
|
|
|
|
|
eSessionStateNew =0,
|
2020-01-29 23:54:11 +03:00
|
|
|
eSessionStateNewSessionReceived,
|
2020-02-04 00:21:07 +03:00
|
|
|
eSessionStateNewSessionSent,
|
2020-04-03 04:48:39 +03:00
|
|
|
eSessionStateNewSessionReplySent,
|
2020-02-04 00:21:07 +03:00
|
|
|
eSessionStateEstablished
|
2020-01-17 19:21:41 +03:00
|
|
|
};
|
|
|
|
|
|
2020-01-15 23:13:43 +03:00
|
|
|
public:
|
|
|
|
|
|
2020-04-19 22:00:51 +03:00
|
|
|
ECIESX25519AEADRatchetSession (GarlicDestination * owner, bool attachLeaseSet);
|
2020-01-15 23:13:43 +03:00
|
|
|
~ECIESX25519AEADRatchetSession ();
|
|
|
|
|
|
2020-04-25 04:36:08 +03:00
|
|
|
bool HandleNextMessage (const uint8_t * buf, size_t len, std::shared_ptr<RatchetTagSet> receiveTagset, int index = 0);
|
2020-01-16 22:59:19 +03:00
|
|
|
std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg);
|
|
|
|
|
|
2020-01-17 03:33:00 +03:00
|
|
|
const uint8_t * GetRemoteStaticKey () const { return m_RemoteStaticKey; }
|
|
|
|
|
void SetRemoteStaticKey (const uint8_t * key) { memcpy (m_RemoteStaticKey, key, 32); }
|
2020-01-15 23:13:43 +03:00
|
|
|
|
2020-01-30 19:48:32 +03:00
|
|
|
void SetDestination (const i2p::data::IdentHash& dest) // TODO:
|
|
|
|
|
{
|
|
|
|
|
if (!m_Destination) m_Destination.reset (new i2p::data::IdentHash (dest));
|
|
|
|
|
}
|
2020-02-10 01:19:42 +03:00
|
|
|
|
2020-03-14 23:35:34 +03:00
|
|
|
bool CheckExpired (uint64_t ts); // true is expired
|
2020-02-20 23:44:09 +03:00
|
|
|
bool CanBeRestarted (uint64_t ts) const { return ts > m_LastActivityTimestamp + ECIESX25519_RESTART_TIMEOUT; }
|
|
|
|
|
|
2020-01-15 23:13:43 +03:00
|
|
|
private:
|
|
|
|
|
|
2020-01-23 05:42:30 +03:00
|
|
|
void ResetKeys ();
|
2020-01-15 23:13:43 +03:00
|
|
|
void MixHash (const uint8_t * buf, size_t len);
|
2020-02-05 23:48:51 +03:00
|
|
|
void CreateNonce (uint64_t seqn, uint8_t * nonce);
|
2020-01-21 20:19:20 +03:00
|
|
|
bool GenerateEphemeralKeysAndEncode (uint8_t * buf); // buf is 32 bytes
|
2020-04-24 22:46:02 +03:00
|
|
|
std::shared_ptr<RatchetTagSet> CreateNewSessionTagset ();
|
2020-01-15 23:13:43 +03:00
|
|
|
|
2020-02-04 00:21:07 +03:00
|
|
|
bool HandleNewIncomingSession (const uint8_t * buf, size_t len);
|
|
|
|
|
bool HandleNewOutgoingSessionReply (const uint8_t * buf, size_t len);
|
2020-04-25 04:36:08 +03:00
|
|
|
bool HandleExistingSessionMessage (const uint8_t * buf, size_t len, std::shared_ptr<RatchetTagSet> receiveTagset, int index);
|
|
|
|
|
void HandlePayload (const uint8_t * buf, size_t len, const std::shared_ptr<RatchetTagSet>& receiveTagset, int index);
|
|
|
|
|
void HandleNextKey (const uint8_t * buf, size_t len, const std::shared_ptr<RatchetTagSet>& receiveTagset);
|
|
|
|
|
|
2020-01-17 00:34:13 +03:00
|
|
|
bool NewOutgoingSessionMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen);
|
2020-01-17 22:11:15 +03:00
|
|
|
bool NewSessionReplyMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen);
|
2020-04-03 04:48:39 +03:00
|
|
|
bool NextNewSessionReplyMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen);
|
2020-02-05 23:48:51 +03:00
|
|
|
bool NewExistingSessionMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen);
|
|
|
|
|
|
2020-04-19 22:00:51 +03:00
|
|
|
std::vector<uint8_t> CreatePayload (std::shared_ptr<const I2NPMessage> msg, bool first);
|
2020-01-30 19:48:32 +03:00
|
|
|
size_t CreateGarlicClove (std::shared_ptr<const I2NPMessage> msg, uint8_t * buf, size_t len, bool isDestination = false);
|
2020-03-09 01:13:41 +03:00
|
|
|
size_t CreateDeliveryStatusClove (std::shared_ptr<const I2NPMessage> msg, uint8_t * buf, size_t len);
|
2020-01-17 00:34:13 +03:00
|
|
|
|
2020-04-25 04:36:08 +03:00
|
|
|
void GenerateMoreReceiveTags (std::shared_ptr<RatchetTagSet> receiveTagset, int numTags);
|
2020-02-10 01:19:42 +03:00
|
|
|
|
2020-01-15 23:13:43 +03:00
|
|
|
private:
|
|
|
|
|
|
2020-01-17 03:33:00 +03:00
|
|
|
uint8_t m_H[32], m_CK[64] /* [chainkey, key] */, m_RemoteStaticKey[32];
|
2020-04-03 04:48:39 +03:00
|
|
|
uint8_t m_Aepk[32]; // Alice's ephemeral keys, for incoming only
|
|
|
|
|
uint8_t m_NSRHeader[56], m_NSRKey[32]; // new session reply, for incoming only
|
2020-01-17 00:34:13 +03:00
|
|
|
i2p::crypto::X25519Keys m_EphemeralKeys;
|
2020-01-17 19:21:41 +03:00
|
|
|
SessionState m_State = eSessionStateNew;
|
2020-02-20 23:44:09 +03:00
|
|
|
uint64_t m_LastActivityTimestamp = 0; // incoming
|
2020-04-25 04:36:08 +03:00
|
|
|
std::shared_ptr<RatchetTagSet> m_SendTagset;
|
2020-01-30 19:48:32 +03:00
|
|
|
std::unique_ptr<i2p::data::IdentHash> m_Destination;// TODO: might not need it
|
2020-04-01 00:35:51 +03:00
|
|
|
std::list<std::pair<uint16_t, int> > m_AckRequests; // (tagsetid, index)
|
2020-04-25 21:45:53 +03:00
|
|
|
int m_SendKeyID = 0, m_ReceiveKeyID = 0;
|
|
|
|
|
bool m_IsReverseKeyRequested = false;
|
|
|
|
|
std::unique_ptr<i2p::crypto::X25519Keys> m_NextReceiveKey;
|
2020-04-25 04:36:08 +03:00
|
|
|
};
|
2020-04-07 18:40:18 +03:00
|
|
|
|
|
|
|
|
std::shared_ptr<I2NPMessage> WrapECIESX25519AEADRatchetMessage (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag);
|
2020-01-15 23:13:43 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
