i2pd/libi2pd/SSUSession.cpp

1282 lines
42 KiB
C++
Raw Normal View History

/*
* Copyright (c) 2013-2021, The PurpleI2P Project
*
* This file is part of Purple i2pd project and licensed under BSD3
*
* See full license text in LICENSE file at top of project tree
*/
2019-08-13 21:55:18 +03:00
#include "version.h"
2016-05-11 22:12:38 +03:00
#include "Crypto.h"
2014-10-30 22:13:29 +03:00
#include "Log.h"
#include "Timestamp.h"
#include "RouterContext.h"
#include "Transports.h"
#include "NetDb.hpp"
2014-10-30 22:13:29 +03:00
#include "SSU.h"
#include "SSUSession.h"
namespace i2p
{
namespace transport
{
SSUSession::SSUSession (SSUServer& server, boost::asio::ip::udp::endpoint& remoteEndpoint,
2018-01-06 06:48:51 +03:00
std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest ):
TransportSession (router, SSU_TERMINATION_TIMEOUT),
m_Server (server), m_RemoteEndpoint (remoteEndpoint), m_ConnectTimer (GetService ()),
m_IsPeerTest (peerTest),m_State (eSessionStateUnknown), m_IsSessionKey (false),
2016-12-30 06:06:33 +03:00
m_RelayTag (0), m_SentRelayTag (0), m_Data (*this), m_IsDataReceived (false)
2018-01-06 06:48:51 +03:00
{
2015-11-03 17:15:49 +03:00
if (router)
{
// we are client
2020-11-21 05:48:33 +03:00
auto address = IsV6 () ? router->GetSSUV6Address () : router->GetSSUAddress (true);
if (address) m_IntroKey = address->ssu->key;
2015-11-03 17:15:49 +03:00
m_Data.AdjustPacketSize (router); // mtu
}
else
{
// we are server
2020-11-21 05:48:33 +03:00
auto address = IsV6 () ? i2p::context.GetRouterInfo ().GetSSUV6Address () :
i2p::context.GetRouterInfo ().GetSSUAddress (true);
if (address) m_IntroKey = address->ssu->key;
2015-11-03 17:15:49 +03:00
}
2014-10-30 22:13:29 +03:00
m_CreationTime = i2p::util::GetSecondsSinceEpoch ();
}
SSUSession::~SSUSession ()
2018-01-06 06:48:51 +03:00
{
}
2015-02-07 23:25:06 +03:00
2018-01-06 06:48:51 +03:00
boost::asio::io_service& SSUSession::GetService ()
{
return m_Server.GetService ();
2015-02-07 23:25:06 +03:00
}
2018-01-06 06:48:51 +03:00
2014-10-30 22:13:29 +03:00
void SSUSession::CreateAESandMacKey (const uint8_t * pubKey)
{
uint8_t sharedKey[256];
2015-11-03 17:15:49 +03:00
m_DHKeysPair->Agree (pubKey, sharedKey);
2014-10-30 22:13:29 +03:00
2014-11-01 21:56:13 +03:00
uint8_t * sessionKey = m_SessionKey, * macKey = m_MacKey;
2014-10-30 22:13:29 +03:00
if (sharedKey[0] & 0x80)
{
2014-11-01 21:56:13 +03:00
sessionKey[0] = 0;
memcpy (sessionKey + 1, sharedKey, 31);
memcpy (macKey, sharedKey + 31, 32);
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
else if (sharedKey[0])
{
2014-11-01 21:56:13 +03:00
memcpy (sessionKey, sharedKey, 32);
memcpy (macKey, sharedKey + 32, 32);
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
else
2018-01-06 06:48:51 +03:00
{
2014-10-30 22:13:29 +03:00
// find first non-zero byte
uint8_t * nonZero = sharedKey + 1;
while (!*nonZero)
{
nonZero++;
if (nonZero - sharedKey > 32)
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogWarning, "SSU: first 32 bytes of shared key is all zeros. Ignored");
2014-10-30 22:13:29 +03:00
return;
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
}
2018-01-06 06:48:51 +03:00
2014-11-01 21:56:13 +03:00
memcpy (sessionKey, nonZero, 32);
2015-11-03 17:15:49 +03:00
SHA256(nonZero, 64 - (nonZero - sharedKey), macKey);
2014-10-30 22:13:29 +03:00
}
m_IsSessionKey = true;
m_SessionKeyEncryption.SetKey (m_SessionKey);
m_SessionKeyDecryption.SetKey (m_SessionKey);
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
void SSUSession::ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
{
m_NumReceivedBytes += len;
2015-03-17 02:33:59 +03:00
i2p::transport::transports.UpdateReceivedBytes (len);
2014-10-30 22:13:29 +03:00
if (m_State == eSessionStateIntroduced)
{
// HolePunch received
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: HolePunch of ", len, " bytes received");
2014-10-30 22:13:29 +03:00
m_State = eSessionStateUnknown;
Connect ();
}
else
{
2018-01-06 06:48:51 +03:00
if (!len) return; // ignore zero-length packets
2014-10-30 22:13:29 +03:00
if (m_State == eSessionStateEstablished)
2018-01-06 06:48:51 +03:00
m_LastActivityTimestamp = i2p::util::GetSecondsSinceEpoch ();
2014-10-30 22:13:29 +03:00
if (m_IsSessionKey && Validate (buf, len, m_MacKey)) // try session key first
2018-01-06 06:48:51 +03:00
DecryptSessionKey (buf, len);
else
2014-10-30 22:13:29 +03:00
{
2018-01-06 06:48:51 +03:00
if (m_State == eSessionStateEstablished) Reset (); // new session key required
2014-10-30 22:13:29 +03:00
// try intro key depending on side
2015-11-03 17:15:49 +03:00
if (Validate (buf, len, m_IntroKey))
Decrypt (buf, len, m_IntroKey);
2014-10-30 22:13:29 +03:00
else
2018-01-06 06:48:51 +03:00
{
2014-10-30 22:13:29 +03:00
// try own intro key
auto address = IsV6 () ? i2p::context.GetRouterInfo ().GetSSUV6Address () :
i2p::context.GetRouterInfo ().GetSSUAddress (true);
2014-10-30 22:13:29 +03:00
if (!address)
{
2016-01-28 05:54:42 +03:00
LogPrint (eLogInfo, "SSU is not supported");
2014-10-30 22:13:29 +03:00
return;
2018-01-06 06:48:51 +03:00
}
if (Validate (buf, len, address->ssu->key))
Decrypt (buf, len, address->ssu->key);
2014-10-30 22:13:29 +03:00
else
{
2016-01-28 05:54:42 +03:00
LogPrint (eLogWarning, "SSU: MAC verification failed ", len, " bytes from ", senderEndpoint);
2018-01-06 06:48:51 +03:00
m_Server.DeleteSession (shared_from_this ());
2014-10-30 22:13:29 +03:00
return;
2018-01-06 06:48:51 +03:00
}
}
}
2014-10-30 22:13:29 +03:00
// successfully decrypted
ProcessMessage (buf, len, senderEndpoint);
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
}
size_t SSUSession::GetSSUHeaderSize (const uint8_t * buf) const
2015-11-16 21:27:27 +03:00
{
size_t s = sizeof (SSUHeader);
if (((const SSUHeader *)buf)->IsExtendedOptions ())
2015-11-16 21:27:27 +03:00
s += buf[s] + 1; // byte right after header is extended options length
return s;
}
2014-10-30 22:13:29 +03:00
void SSUSession::ProcessMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
{
len -= (len & 0x0F); // %16, delete extra padding
if (len <= sizeof (SSUHeader)) return; // drop empty message
2014-12-31 17:14:53 +03:00
//TODO: since we are accessing a uint8_t this is unlikely to crash due to alignment but should be improved
2015-11-16 21:27:27 +03:00
auto headerSize = GetSSUHeaderSize (buf);
if (headerSize >= len)
{
LogPrint (eLogError, "SSU header size ", headerSize, " exceeds packet length ", len);
return;
}
2014-10-30 22:13:29 +03:00
SSUHeader * header = (SSUHeader *)buf;
switch (header->GetPayloadType ())
{
case PAYLOAD_TYPE_DATA:
2015-11-16 21:27:27 +03:00
ProcessData (buf + headerSize, len - headerSize);
2014-10-30 22:13:29 +03:00
break;
case PAYLOAD_TYPE_SESSION_REQUEST:
ProcessSessionRequest (buf, len); // buf with header
2014-10-30 22:13:29 +03:00
break;
case PAYLOAD_TYPE_SESSION_CREATED:
ProcessSessionCreated (buf, len); // buf with header
2014-10-30 22:13:29 +03:00
break;
case PAYLOAD_TYPE_SESSION_CONFIRMED:
ProcessSessionConfirmed (buf, len); // buf with header
2018-01-06 06:48:51 +03:00
break;
2014-10-30 22:13:29 +03:00
case PAYLOAD_TYPE_PEER_TEST:
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: peer test received");
2015-11-16 21:27:27 +03:00
ProcessPeerTest (buf + headerSize, len - headerSize, senderEndpoint);
2014-10-30 22:13:29 +03:00
break;
case PAYLOAD_TYPE_SESSION_DESTROYED:
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: session destroy received");
2018-01-06 06:48:51 +03:00
m_Server.DeleteSession (shared_from_this ());
2014-10-30 22:13:29 +03:00
break;
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
case PAYLOAD_TYPE_RELAY_RESPONSE:
ProcessRelayResponse (buf + headerSize, len - headerSize);
2014-10-30 22:13:29 +03:00
if (m_State != eSessionStateEstablished)
2014-11-24 20:26:11 +03:00
m_Server.DeleteSession (shared_from_this ());
2014-10-30 22:13:29 +03:00
break;
case PAYLOAD_TYPE_RELAY_REQUEST:
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: relay request received");
2015-11-16 21:27:27 +03:00
ProcessRelayRequest (buf + headerSize, len - headerSize, senderEndpoint);
2014-10-30 22:13:29 +03:00
break;
case PAYLOAD_TYPE_RELAY_INTRO:
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: relay intro received");
2015-11-16 21:27:27 +03:00
ProcessRelayIntro (buf + headerSize, len - headerSize);
2014-10-30 22:13:29 +03:00
break;
default:
2015-12-17 11:09:54 +03:00
LogPrint (eLogWarning, "SSU: Unexpected payload type ", (int)header->GetPayloadType ());
2014-10-30 22:13:29 +03:00
}
}
void SSUSession::ProcessSessionRequest (const uint8_t * buf, size_t len)
2014-10-30 22:13:29 +03:00
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU message: session request");
2018-01-06 06:48:51 +03:00
bool sendRelayTag = true;
auto headerSize = sizeof (SSUHeader);
if (((SSUHeader *)buf)->IsExtendedOptions ())
{
uint8_t extendedOptionsLen = buf[headerSize];
headerSize++;
2021-03-30 18:31:11 +03:00
if (extendedOptionsLen >= 2) // options are presented
{
uint16_t flags = bufbe16toh (buf + headerSize);
2018-01-06 06:48:51 +03:00
sendRelayTag = flags & EXTENDED_OPTIONS_FLAG_REQUEST_RELAY_TAG;
}
headerSize += extendedOptionsLen;
2018-01-06 06:48:51 +03:00
}
if (headerSize >= len)
{
2019-04-08 22:22:42 +03:00
LogPrint (eLogError, "Session request header size ", headerSize, " exceeds packet length ", len);
2018-01-06 06:48:51 +03:00
return;
}
2014-10-30 22:13:29 +03:00
if (!m_DHKeysPair)
{
auto pair = std::make_shared<i2p::crypto::DHKeys> ();
pair->GenerateKeys ();
m_DHKeysPair = pair;
}
CreateAESandMacKey (buf + headerSize);
SendSessionCreated (buf + headerSize, sendRelayTag);
2014-10-30 22:13:29 +03:00
}
void SSUSession::ProcessSessionCreated (uint8_t * buf, size_t len)
{
2015-11-03 17:15:49 +03:00
if (!IsOutgoing () || !m_DHKeysPair)
2014-10-30 22:13:29 +03:00
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogWarning, "SSU: Unsolicited session created message");
2014-10-30 22:13:29 +03:00
return;
}
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU message: session created");
m_ConnectTimer.cancel (); // connect timer
2018-01-06 06:48:51 +03:00
SignedData s; // x,y, our IP, our port, remote IP, remote port, relayTag, signed on time
auto headerSize = GetSSUHeaderSize (buf);
if (headerSize >= len)
{
LogPrint (eLogError, "Session created header size ", headerSize, " exceeds packet length ", len);
2018-01-06 06:48:51 +03:00
return;
}
uint8_t * payload = buf + headerSize;
2014-10-30 22:13:29 +03:00
uint8_t * y = payload;
CreateAESandMacKey (y);
2015-11-03 17:15:49 +03:00
s.Insert (m_DHKeysPair->GetPublicKey (), 256); // x
2014-10-30 22:13:29 +03:00
s.Insert (y, 256); // y
payload += 256;
boost::asio::ip::address ourIP;
2021-03-19 03:11:24 +03:00
uint16_t ourPort = 0;
auto addressAndPortLen = ExtractIPAddressAndPort (payload, len, ourIP, ourPort);
if (!addressAndPortLen) return;
uint8_t * ourAddressAndPort = payload + 1;
payload += addressAndPortLen;
addressAndPortLen--; // -1 byte address size
s.Insert (ourAddressAndPort, addressAndPortLen); // address + port
2014-10-30 22:13:29 +03:00
if (m_RemoteEndpoint.address ().is_v4 ())
s.Insert (m_RemoteEndpoint.address ().to_v4 ().to_bytes ().data (), 4); // remote IP v4
else
s.Insert (m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data (), 16); // remote IP v6
s.Insert<uint16_t> (htobe16 (m_RemoteEndpoint.port ())); // remote port
2018-01-06 06:48:51 +03:00
s.Insert (payload, 8); // relayTag and signed on time
m_RelayTag = bufbe32toh (payload);
2014-10-30 22:13:29 +03:00
payload += 4; // relayTag
if (ourIP.is_v4 () && i2p::context.GetStatus () == eRouterStatusTesting)
2018-01-06 06:48:51 +03:00
{
2016-09-19 01:42:21 +03:00
auto ts = i2p::util::GetSecondsSinceEpoch ();
uint32_t signedOnTime = bufbe32toh(payload);
if (signedOnTime < ts - SSU_CLOCK_SKEW || signedOnTime > ts + SSU_CLOCK_SKEW)
{
2018-01-06 06:48:51 +03:00
LogPrint (eLogError, "SSU: clock skew detected ", (int)ts - signedOnTime, ". Check your clock");
2016-09-20 04:37:04 +03:00
i2p::context.SetError (eRouterErrorClockSkew);
2016-09-19 01:42:21 +03:00
}
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
payload += 4; // signed on time
// decrypt signature
2015-11-03 17:15:49 +03:00
size_t signatureLen = m_RemoteIdentity->GetSignatureLen ();
2014-10-30 22:13:29 +03:00
size_t paddingSize = signatureLen & 0x0F; // %16
if (paddingSize > 0) signatureLen += (16 - paddingSize);
2014-12-31 17:14:53 +03:00
//TODO: since we are accessing a uint8_t this is unlikely to crash due to alignment but should be improved
2014-10-30 22:13:29 +03:00
m_SessionKeyDecryption.SetIV (((SSUHeader *)buf)->iv);
m_SessionKeyDecryption.Decrypt (payload, signatureLen, payload); // TODO: non-const payload
// verify signature
if (s.Verify (m_RemoteIdentity, payload))
{
LogPrint (eLogInfo, "SSU: Our external address is ", ourIP.to_string (), ":", ourPort);
2021-04-17 02:31:49 +03:00
if (!i2p::util::net::IsInReservedRange (ourIP))
{
i2p::context.UpdateAddress (ourIP);
SendSessionConfirmed (y, ourAddressAndPort, addressAndPortLen);
}
else
{
LogPrint (eLogError, "SSU: Wrong external address ", ourIP.to_string ());
Failed ();
}
}
else
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: message 'created' signature verification failed");
Failed ();
}
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
void SSUSession::ProcessSessionConfirmed (const uint8_t * buf, size_t len)
2014-10-30 22:13:29 +03:00
{
2018-01-06 06:48:51 +03:00
LogPrint (eLogDebug, "SSU: Session confirmed received");
m_ConnectTimer.cancel ();
2018-01-06 06:48:51 +03:00
auto headerSize = GetSSUHeaderSize (buf);
if (headerSize >= len)
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: Session confirmed header size ", len, " exceeds packet length ", len);
2018-01-06 06:48:51 +03:00
return;
}
const uint8_t * payload = buf + headerSize;
2014-10-30 22:13:29 +03:00
payload++; // identity fragment info
2018-01-06 06:48:51 +03:00
uint16_t identitySize = bufbe16toh (payload);
2014-10-30 22:13:29 +03:00
payload += 2; // size of identity fragment
auto identity = std::make_shared<i2p::data::IdentityEx> (payload, identitySize);
auto existing = i2p::data::netdb.FindRouter (identity->GetIdentHash ()); // check if exists already
SetRemoteIdentity (existing ? existing->GetRouterIdentity () : identity);
2015-11-03 17:15:49 +03:00
m_Data.UpdatePacketSize (m_RemoteIdentity->GetIdentHash ());
2018-01-06 06:48:51 +03:00
payload += identitySize; // identity
2016-09-19 01:42:21 +03:00
auto ts = i2p::util::GetSecondsSinceEpoch ();
2018-01-06 06:48:51 +03:00
uint32_t signedOnTime = bufbe32toh(payload);
2016-09-19 01:42:21 +03:00
if (signedOnTime < ts - SSU_CLOCK_SKEW || signedOnTime > ts + SSU_CLOCK_SKEW)
{
2018-01-06 06:48:51 +03:00
LogPrint (eLogError, "SSU message 'confirmed' time difference ", (int)ts - signedOnTime, " exceeds clock skew");
2016-09-19 01:42:21 +03:00
Failed ();
return;
2018-01-06 06:48:51 +03:00
}
2015-11-03 17:15:49 +03:00
if (m_SignedData)
m_SignedData->Insert (payload, 4); // insert Alice's signed on time
2014-10-30 22:13:29 +03:00
payload += 4; // signed-on time
2015-11-03 17:15:49 +03:00
size_t paddingSize = (payload - buf) + m_RemoteIdentity->GetSignatureLen ();
paddingSize &= 0x0F; // %16
2014-10-30 22:13:29 +03:00
if (paddingSize > 0) paddingSize = 16 - paddingSize;
payload += paddingSize;
// verify signature
if (m_SignedData && m_SignedData->Verify (m_RemoteIdentity, payload))
{
m_Data.Send (CreateDeliveryStatusMsg (0));
Established ();
}
2018-01-06 06:48:51 +03:00
else
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU message 'confirmed' signature verification failed");
Failed ();
}
2014-10-30 22:13:29 +03:00
}
void SSUSession::SendSessionRequest ()
2018-01-06 06:48:51 +03:00
{
uint8_t buf[320 + 18] = {0}; // 304 bytes for ipv4, 320 for ipv6
2014-10-30 22:13:29 +03:00
uint8_t * payload = buf + sizeof (SSUHeader);
2016-02-26 02:40:40 +03:00
uint8_t flag = 0;
// fill extended options, 3 bytes extended options don't change message size
bool isV4 = m_RemoteEndpoint.address ().is_v4 ();
if ((isV4 && i2p::context.GetStatus () == eRouterStatusOK) ||
(!isV4 && i2p::context.GetStatusV6 () == eRouterStatusOK)) // we don't need relays
2018-01-06 06:48:51 +03:00
{
// tell out peer to now assign relay tag
2016-02-26 02:40:40 +03:00
flag = SSU_HEADER_EXTENDED_OPTIONS_INCLUDED;
*payload = 2; payload++; // 1 byte length
uint16_t flags = 0; // clear EXTENDED_OPTIONS_FLAG_REQUEST_RELAY_TAG
2018-01-06 06:48:51 +03:00
htobe16buf (payload, flags);
payload += 2;
2018-01-06 06:48:51 +03:00
}
// fill payload
2015-11-03 17:15:49 +03:00
memcpy (payload, m_DHKeysPair->GetPublicKey (), 256); // x
2014-10-30 22:13:29 +03:00
if (isV4)
{
2018-01-06 06:48:51 +03:00
payload[256] = 4;
memcpy (payload + 257, m_RemoteEndpoint.address ().to_v4 ().to_bytes ().data(), 4);
2014-10-30 22:13:29 +03:00
}
else
{
2018-01-06 06:48:51 +03:00
payload[256] = 16;
memcpy (payload + 257, m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data(), 16);
}
// encrypt and send
2014-10-30 22:13:29 +03:00
uint8_t iv[16];
2015-11-03 17:15:49 +03:00
RAND_bytes (iv, 16); // random iv
2016-02-26 02:40:40 +03:00
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_REQUEST, buf, isV4 ? 304 : 320, m_IntroKey, iv, m_IntroKey, flag);
2014-10-30 22:13:29 +03:00
m_Server.Send (buf, isV4 ? 304 : 320, m_RemoteEndpoint);
}
2015-12-10 06:17:43 +03:00
void SSUSession::SendRelayRequest (const i2p::data::RouterInfo::Introducer& introducer, uint32_t nonce)
2014-10-30 22:13:29 +03:00
{
auto address = IsV6 () ? i2p::context.GetRouterInfo ().GetSSUV6Address () :
i2p::context.GetRouterInfo ().GetSSUAddress (true);
2014-10-30 22:13:29 +03:00
if (!address)
{
2016-01-28 05:54:42 +03:00
LogPrint (eLogInfo, "SSU is not supported");
2014-10-30 22:13:29 +03:00
return;
}
2018-01-06 06:48:51 +03:00
uint8_t buf[96 + 18] = {0};
2014-10-30 22:13:29 +03:00
uint8_t * payload = buf + sizeof (SSUHeader);
2015-11-03 17:15:49 +03:00
htobe32buf (payload, introducer.iTag);
2014-10-30 22:13:29 +03:00
payload += 4;
*payload = 0; // no address
payload++;
htobuf16(payload, 0); // port = 0
2014-10-30 22:13:29 +03:00
payload += 2;
*payload = 0; // challenge
2018-01-06 06:48:51 +03:00
payload++;
memcpy (payload, (const uint8_t *)address->ssu->key, 32);
2014-10-30 22:13:29 +03:00
payload += 32;
2018-01-06 06:48:51 +03:00
htobe32buf (payload, nonce); // nonce
2014-10-30 22:13:29 +03:00
uint8_t iv[16];
2015-11-03 17:15:49 +03:00
RAND_bytes (iv, 16); // random iv
2014-10-30 22:13:29 +03:00
if (m_State == eSessionStateEstablished)
FillHeaderAndEncrypt (PAYLOAD_TYPE_RELAY_REQUEST, buf, 96, m_SessionKey, iv, m_MacKey);
else
2018-01-06 06:48:51 +03:00
FillHeaderAndEncrypt (PAYLOAD_TYPE_RELAY_REQUEST, buf, 96, introducer.iKey, iv, introducer.iKey);
2014-10-30 22:13:29 +03:00
m_Server.Send (buf, 96, m_RemoteEndpoint);
2021-03-29 22:16:39 +03:00
LogPrint (eLogDebug, "SSU: relay request sent");
2014-10-30 22:13:29 +03:00
}
void SSUSession::SendSessionCreated (const uint8_t * x, bool sendRelayTag)
2014-10-30 22:13:29 +03:00
{
auto address = IsV6 () ? i2p::context.GetRouterInfo ().GetSSUV6Address () :
i2p::context.GetRouterInfo ().GetSSUAddress (true); //v4 only
2015-11-03 17:15:49 +03:00
if (!address)
2014-10-30 22:13:29 +03:00
{
2016-01-28 05:54:42 +03:00
LogPrint (eLogInfo, "SSU is not supported");
2014-10-30 22:13:29 +03:00
return;
}
2018-01-06 06:48:51 +03:00
SignedData s; // x,y, remote IP, remote port, our IP, our port, relayTag, signed on time
2014-10-30 22:13:29 +03:00
s.Insert (x, 256); // x
uint8_t buf[384 + 18] = {0};
2014-10-30 22:13:29 +03:00
uint8_t * payload = buf + sizeof (SSUHeader);
2015-11-03 17:15:49 +03:00
memcpy (payload, m_DHKeysPair->GetPublicKey (), 256);
2014-10-30 22:13:29 +03:00
s.Insert (payload, 256); // y
payload += 256;
if (m_RemoteEndpoint.address ().is_v4 ())
{
// ipv4
*payload = 4;
payload++;
2018-01-06 06:48:51 +03:00
memcpy (payload, m_RemoteEndpoint.address ().to_v4 ().to_bytes ().data(), 4);
2014-10-30 22:13:29 +03:00
s.Insert (payload, 4); // remote endpoint IP V4
payload += 4;
}
else
{
// ipv6
*payload = 16;
payload++;
2018-01-06 06:48:51 +03:00
memcpy (payload, m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data(), 16);
2014-10-30 22:13:29 +03:00
s.Insert (payload, 16); // remote endpoint IP V6
payload += 16;
}
htobe16buf (payload, m_RemoteEndpoint.port ());
2014-10-30 22:13:29 +03:00
s.Insert (payload, 2); // remote port
payload += 2;
if (address->host.is_v4 ())
s.Insert (address->host.to_v4 ().to_bytes ().data (), 4); // our IP V4
else
s.Insert (address->host.to_v6 ().to_bytes ().data (), 16); // our IP V6
s.Insert<uint16_t> (htobe16 (address->port)); // our port
2021-03-30 18:31:11 +03:00
if (sendRelayTag && i2p::context.GetRouterInfo ().IsIntroducer (!IsV6 ()))
2014-10-30 22:13:29 +03:00
{
2016-12-30 06:06:33 +03:00
RAND_bytes((uint8_t *)&m_SentRelayTag, 4);
if (!m_SentRelayTag) m_SentRelayTag = 1;
2014-10-30 22:13:29 +03:00
}
2018-01-06 06:48:51 +03:00
htobe32buf (payload, m_SentRelayTag);
payload += 4; // relay tag
htobe32buf (payload, i2p::util::GetSecondsSinceEpoch ()); // signed on time
2014-10-30 22:13:29 +03:00
payload += 4;
2018-01-06 06:48:51 +03:00
s.Insert (payload - 8, 4); // relayTag
2015-11-03 17:15:49 +03:00
// we have to store this signed data for session confirmed
2018-01-06 06:48:51 +03:00
// same data but signed on time, it will Alice's there
m_SignedData = std::unique_ptr<SignedData>(new SignedData (s));
s.Insert (payload - 4, 4); // BOB's signed on time
2014-10-30 22:13:29 +03:00
s.Sign (i2p::context.GetPrivateKeys (), payload); // DSA signature
uint8_t iv[16];
2015-11-03 17:15:49 +03:00
RAND_bytes (iv, 16); // random iv
2018-01-06 06:48:51 +03:00
// encrypt signature and padding with newly created session key
2015-11-03 17:15:49 +03:00
size_t signatureLen = i2p::context.GetIdentity ()->GetSignatureLen ();
2014-10-30 22:13:29 +03:00
size_t paddingSize = signatureLen & 0x0F; // %16
if (paddingSize > 0)
{
// fill random padding
RAND_bytes(payload + signatureLen, (16 - paddingSize));
signatureLen += (16 - paddingSize);
}
2014-10-30 22:13:29 +03:00
m_SessionKeyEncryption.SetIV (iv);
m_SessionKeyEncryption.Encrypt (payload, signatureLen, payload);
payload += signatureLen;
size_t msgLen = payload - buf;
2018-01-06 06:48:51 +03:00
2014-10-30 22:13:29 +03:00
// encrypt message with intro key
2018-01-06 06:48:51 +03:00
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_CREATED, buf, msgLen, m_IntroKey, iv, m_IntroKey);
2014-10-30 22:13:29 +03:00
Send (buf, msgLen);
}
void SSUSession::SendSessionConfirmed (const uint8_t * y, const uint8_t * ourAddress, size_t ourAddressLen)
{
uint8_t buf[512 + 18] = {0};
2014-10-30 22:13:29 +03:00
uint8_t * payload = buf + sizeof (SSUHeader);
*payload = 1; // 1 fragment
payload++; // info
2015-11-03 17:15:49 +03:00
size_t identLen = i2p::context.GetIdentity ()->GetFullLen (); // 387+ bytes
htobe16buf (payload, identLen);
2014-10-30 22:13:29 +03:00
payload += 2; // cursize
2015-11-03 17:15:49 +03:00
i2p::context.GetIdentity ()->ToBuffer (payload, identLen);
2014-10-30 22:13:29 +03:00
payload += identLen;
uint32_t signedOnTime = i2p::util::GetSecondsSinceEpoch ();
htobe32buf (payload, signedOnTime); // signed on time
2014-10-30 22:13:29 +03:00
payload += 4;
2015-11-03 17:15:49 +03:00
auto signatureLen = i2p::context.GetIdentity ()->GetSignatureLen ();
2014-10-30 22:13:29 +03:00
size_t paddingSize = ((payload - buf) + signatureLen)%16;
if (paddingSize > 0) paddingSize = 16 - paddingSize;
RAND_bytes(payload, paddingSize); // fill padding with random
2014-10-30 22:13:29 +03:00
payload += paddingSize; // padding size
2018-01-06 06:48:51 +03:00
// signature
SignedData s; // x,y, our IP, our port, remote IP, remote port, relayTag, our signed on time
2015-11-03 17:15:49 +03:00
s.Insert (m_DHKeysPair->GetPublicKey (), 256); // x
2014-10-30 22:13:29 +03:00
s.Insert (y, 256); // y
s.Insert (ourAddress, ourAddressLen); // our address/port as seem by party
if (m_RemoteEndpoint.address ().is_v4 ())
s.Insert (m_RemoteEndpoint.address ().to_v4 ().to_bytes ().data (), 4); // remote IP V4
else
2018-01-06 06:48:51 +03:00
s.Insert (m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data (), 16); // remote IP V6
s.Insert<uint16_t> (htobe16 (m_RemoteEndpoint.port ())); // remote port
2014-10-30 22:13:29 +03:00
s.Insert (htobe32 (m_RelayTag)); // relay tag
s.Insert (htobe32 (signedOnTime)); // signed on time
2018-01-06 06:48:51 +03:00
s.Sign (i2p::context.GetPrivateKeys (), payload); // DSA signature
2014-10-30 22:13:29 +03:00
payload += signatureLen;
2018-01-06 06:48:51 +03:00
2014-10-30 22:13:29 +03:00
size_t msgLen = payload - buf;
uint8_t iv[16];
2015-11-03 17:15:49 +03:00
RAND_bytes (iv, 16); // random iv
2014-10-30 22:13:29 +03:00
// encrypt message with session key
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_CONFIRMED, buf, msgLen, m_SessionKey, iv, m_MacKey);
Send (buf, msgLen);
}
void SSUSession::ProcessRelayRequest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& from)
2014-10-30 22:13:29 +03:00
{
uint32_t relayTag = bufbe32toh (buf);
2014-10-30 22:13:29 +03:00
auto session = m_Server.FindRelaySession (relayTag);
if (session)
{
2018-01-06 06:48:51 +03:00
buf += 4; // relay tag
2014-10-30 22:13:29 +03:00
uint8_t size = *buf;
buf++; // size
buf += size; // address
buf += 2; // port
uint8_t challengeSize = *buf;
buf++; // challenge size
buf += challengeSize;
const uint8_t * introKey = buf;
2014-10-30 22:13:29 +03:00
buf += 32; // introkey
uint32_t nonce = bufbe32toh (buf);
2014-10-30 22:13:29 +03:00
SendRelayResponse (nonce, from, introKey, session->m_RemoteEndpoint);
2015-11-30 18:23:05 +03:00
SendRelayIntro (session, from);
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
}
void SSUSession::SendRelayResponse (uint32_t nonce, const boost::asio::ip::udp::endpoint& from,
const uint8_t * introKey, const boost::asio::ip::udp::endpoint& to)
{
bool isV4 = to.address ().is_v4 (); // Charle's
bool isV4A = from.address ().is_v4 (); // Alice's
if ((isV4 && !isV4A) || (!isV4 && isV4A))
2014-10-30 22:13:29 +03:00
{
LogPrint (eLogWarning, "SSU: Charlie's IP and Alice's IP belong to different networks for relay response");
2014-10-30 22:13:29 +03:00
return;
}
uint8_t buf[80 + 18] = {0}; // 64 for ipv4 and 80 for ipv6
uint8_t * payload = buf + sizeof (SSUHeader);
// Charlie
if (isV4)
{
*payload = 4;
payload++; // size
memcpy (payload, to.address ().to_v4 ().to_bytes ().data (), 4); // Charlie's IP V4
payload += 4; // address
}
else
{
*payload = 16;
payload++; // size
memcpy (payload, to.address ().to_v6 ().to_bytes ().data (), 16); // Alice's IP V6
payload += 16; // address
}
htobe16buf (payload, to.port ()); // Charlie's port
2014-10-30 22:13:29 +03:00
payload += 2; // port
// Alice
if (isV4)
{
*payload = 4;
payload++; // size
memcpy (payload, from.address ().to_v4 ().to_bytes ().data (), 4); // Alice's IP V4
2018-01-06 06:48:51 +03:00
payload += 4; // address
2014-10-30 22:13:29 +03:00
}
else
{
*payload = 16;
payload++; // size
memcpy (payload, from.address ().to_v6 ().to_bytes ().data (), 16); // Alice's IP V6
2018-01-06 06:48:51 +03:00
payload += 16; // address
2014-10-30 22:13:29 +03:00
}
htobe16buf (payload, from.port ()); // Alice's port
2014-10-30 22:13:29 +03:00
payload += 2; // port
2018-01-06 06:48:51 +03:00
htobe32buf (payload, nonce);
2014-10-30 22:13:29 +03:00
if (m_State == eSessionStateEstablished)
2018-01-06 06:48:51 +03:00
{
2014-10-30 22:13:29 +03:00
// encrypt with session key
FillHeaderAndEncrypt (PAYLOAD_TYPE_RELAY_RESPONSE, buf, isV4 ? 64 : 80);
Send (buf, isV4 ? 64 : 80);
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
else
{
// ecrypt with Alice's intro key
uint8_t iv[16];
2015-11-03 17:15:49 +03:00
RAND_bytes (iv, 16); // random iv
2014-10-30 22:13:29 +03:00
FillHeaderAndEncrypt (PAYLOAD_TYPE_RELAY_RESPONSE, buf, isV4 ? 64 : 80, introKey, iv, introKey);
m_Server.Send (buf, isV4 ? 64 : 80, from);
2018-01-06 06:48:51 +03:00
}
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: relay response sent");
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
2015-11-30 18:23:05 +03:00
void SSUSession::SendRelayIntro (std::shared_ptr<SSUSession> session, const boost::asio::ip::udp::endpoint& from)
2014-10-30 22:13:29 +03:00
{
2018-01-06 06:48:51 +03:00
if (!session) return;
bool isV4 = from.address ().is_v4 (); // Alice's
bool isV4C = session->m_RemoteEndpoint.address ().is_v4 (); // Charlie's
if ((isV4 && !isV4C) || (!isV4 && isV4C))
2014-10-30 22:13:29 +03:00
{
LogPrint (eLogWarning, "SSU: Charlie's IP and Alice's IP belong to different networks for relay intro");
2014-10-30 22:13:29 +03:00
return;
2018-01-06 06:48:51 +03:00
}
uint8_t buf[64 + 18] = {0}; // 48 for ipv4 and 64 for ipv6
2014-10-30 22:13:29 +03:00
uint8_t * payload = buf + sizeof (SSUHeader);
if (isV4)
{
*payload = 4;
payload++; // size
memcpy (payload, from.address ().to_v4 ().to_bytes ().data (), 4); // Alice's IP V4
payload += 4; // address
}
else
{
*payload = 16;
payload++; // size
memcpy (payload, from.address ().to_v6 ().to_bytes ().data (), 16); // Alice's IP V6
payload += 16; // address
}
htobe16buf (payload, from.port ()); // Alice's port
2014-10-30 22:13:29 +03:00
payload += 2; // port
2018-01-06 06:48:51 +03:00
*payload = 0; // challenge size
2014-10-30 22:13:29 +03:00
uint8_t iv[16];
2015-11-03 17:15:49 +03:00
RAND_bytes (iv, 16); // random iv
FillHeaderAndEncrypt (PAYLOAD_TYPE_RELAY_INTRO, buf, isV4 ? 48 : 64, session->m_SessionKey, iv, session->m_MacKey);
m_Server.Send (buf, isV4 ? 48 : 64, session->m_RemoteEndpoint);
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: relay intro sent");
2014-10-30 22:13:29 +03:00
}
2018-01-06 06:48:51 +03:00
void SSUSession::ProcessRelayResponse (const uint8_t * buf, size_t len)
2014-10-30 22:13:29 +03:00
{
2018-01-06 06:48:51 +03:00
LogPrint (eLogDebug, "SSU message: Relay response received");
2021-03-19 04:29:39 +03:00
boost::asio::ip::address remoteIP;
uint16_t remotePort = 0;
auto remoteSize = ExtractIPAddressAndPort (buf, len, remoteIP, remotePort);
if (!remoteSize) return;
buf += remoteSize; len -= remoteSize;
2014-10-30 22:13:29 +03:00
boost::asio::ip::address ourIP;
2021-03-19 04:29:39 +03:00
uint16_t ourPort = 0;
auto ourSize = ExtractIPAddressAndPort (buf, len, ourIP, ourPort);
if (!ourSize) return;
buf += ourSize; len -= ourSize;
2015-12-17 11:09:54 +03:00
LogPrint (eLogInfo, "SSU: Our external address is ", ourIP.to_string (), ":", ourPort);
2021-04-17 02:31:49 +03:00
if (!i2p::util::net::IsInReservedRange (ourIP))
i2p::context.UpdateAddress (ourIP);
else
LogPrint (eLogWarning, "SSU: Wrong external address ", ourIP.to_string ());
if (ourIP.is_v4 ())
2021-03-13 01:41:41 +03:00
{
if (ourPort != m_Server.GetPort ())
{
if (i2p::context.GetStatus () == eRouterStatusTesting)
i2p::context.SetError (eRouterErrorSymmetricNAT);
}
else if (i2p::context.GetStatus () == eRouterStatusError && i2p::context.GetError () == eRouterErrorSymmetricNAT)
i2p::context.SetStatus (eRouterStatusTesting);
}
uint32_t nonce = bufbe32toh (buf);
buf += 4; // nonce
2015-12-10 06:17:43 +03:00
auto it = m_RelayRequests.find (nonce);
if (it != m_RelayRequests.end ())
2018-01-06 06:48:51 +03:00
{
2015-12-10 06:17:43 +03:00
// check if we are waiting for introduction
boost::asio::ip::udp::endpoint remoteEndpoint (remoteIP, remotePort);
if (!m_Server.FindSession (remoteEndpoint))
{
// we didn't have correct endpoint when sent relay request
// now we do
2015-12-17 11:09:54 +03:00
LogPrint (eLogInfo, "SSU: RelayReponse connecting to endpoint ", remoteEndpoint);
if ((remoteIP.is_v4 () && i2p::context.GetStatus () == eRouterStatusFirewalled) ||
(remoteIP.is_v6 () && i2p::context.GetStatusV6 () == eRouterStatusFirewalled))
2015-12-10 06:17:43 +03:00
m_Server.Send (buf, 0, remoteEndpoint); // send HolePunch
2021-03-29 22:16:39 +03:00
// we assume that HolePunch has been sent by this time and our SessionRequest will go through
2015-12-10 06:17:43 +03:00
m_Server.CreateDirectSession (it->second, remoteEndpoint, false);
2018-01-06 06:48:51 +03:00
}
2015-12-10 06:17:43 +03:00
// delete request
m_RelayRequests.erase (it);
// cancel connect timer
m_ConnectTimer.cancel ();
2018-01-06 06:48:51 +03:00
}
2015-12-10 06:17:43 +03:00
else
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: Unsolicited RelayResponse, nonce=", nonce);
2014-10-30 22:13:29 +03:00
}
void SSUSession::ProcessRelayIntro (const uint8_t * buf, size_t len)
2014-10-30 22:13:29 +03:00
{
2021-03-19 01:37:02 +03:00
boost::asio::ip::address ip;
2021-03-19 03:11:24 +03:00
uint16_t port = 0;
ExtractIPAddressAndPort (buf, len, ip, port);
if (!ip.is_unspecified () && port)
// send hole punch of 0 bytes
m_Server.Send (buf, 0, boost::asio::ip::udp::endpoint (ip, port));
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
2018-01-06 06:48:51 +03:00
void SSUSession::FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len,
2016-02-26 02:40:40 +03:00
const i2p::crypto::AESKey& aesKey, const uint8_t * iv, const i2p::crypto::MACKey& macKey, uint8_t flag)
2018-01-06 06:48:51 +03:00
{
2014-10-30 22:13:29 +03:00
if (len < sizeof (SSUHeader))
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: Unexpected packet length ", len);
2014-10-30 22:13:29 +03:00
return;
}
SSUHeader * header = (SSUHeader *)buf;
memcpy (header->iv, iv, 16);
2016-02-26 02:40:40 +03:00
header->flag = flag | (payloadType << 4); // MSB is 0
2016-01-10 03:24:52 +03:00
htobe32buf (header->time, i2p::util::GetSecondsSinceEpoch ());
2014-10-30 22:13:29 +03:00
uint8_t * encrypted = &header->flag;
uint16_t encryptedLen = len - (encrypted - buf);
i2p::crypto::CBCEncryption encryption;
encryption.SetKey (aesKey);
encryption.SetIV (iv);
encryption.Encrypt (encrypted, encryptedLen, encrypted);
// assume actual buffer size is 18 (16 + 2) bytes more
memcpy (buf + len, iv, 16);
2019-08-13 21:55:18 +03:00
uint16_t netid = i2p::context.GetNetID ();
htobe16buf (buf + len + 16, (netid == I2PD_NET_ID) ? encryptedLen : encryptedLen ^ ((netid - 2) << 8));
2014-10-30 22:13:29 +03:00
i2p::crypto::HMACMD5Digest (encrypted, encryptedLen + 18, macKey, header->mac);
}
void SSUSession::FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len)
2020-08-09 02:01:55 +03:00
{
FillHeaderAndEncrypt (payloadType, buf, len, buf);
}
void SSUSession::FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * in, size_t len, uint8_t * out)
2014-10-30 22:13:29 +03:00
{
if (len < sizeof (SSUHeader))
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: Unexpected packet length ", len);
2014-10-30 22:13:29 +03:00
return;
}
2020-08-09 02:01:55 +03:00
SSUHeader * header = (SSUHeader *)out;
2015-11-03 17:15:49 +03:00
RAND_bytes (header->iv, 16); // random iv
2014-10-30 22:13:29 +03:00
m_SessionKeyEncryption.SetIV (header->iv);
2020-08-09 02:01:55 +03:00
SSUHeader * inHeader = (SSUHeader *)in;
inHeader->flag = payloadType << 4; // MSB is 0
htobe32buf (inHeader->time, i2p::util::GetSecondsSinceEpoch ());
uint8_t * encrypted = &header->flag, * clear = &inHeader->flag;
uint16_t encryptedLen = len - (encrypted - out);
m_SessionKeyEncryption.Encrypt (clear, encryptedLen, encrypted);
// assume actual out buffer size is 18 (16 + 2) bytes more
memcpy (out + len, header->iv, 16);
2019-08-13 21:55:18 +03:00
uint16_t netid = i2p::context.GetNetID ();
2020-08-09 02:01:55 +03:00
htobe16buf (out + len + 16, (netid == I2PD_NET_ID) ? encryptedLen : encryptedLen ^ ((netid - 2) << 8));
2014-10-30 22:13:29 +03:00
i2p::crypto::HMACMD5Digest (encrypted, encryptedLen + 18, m_MacKey, header->mac);
2018-01-06 06:48:51 +03:00
}
2020-08-09 02:01:55 +03:00
2015-11-03 17:15:49 +03:00
void SSUSession::Decrypt (uint8_t * buf, size_t len, const i2p::crypto::AESKey& aesKey)
2014-10-30 22:13:29 +03:00
{
if (len < sizeof (SSUHeader))
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: Unexpected packet length ", len);
2014-10-30 22:13:29 +03:00
return;
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
SSUHeader * header = (SSUHeader *)buf;
uint8_t * encrypted = &header->flag;
2018-01-06 06:48:51 +03:00
uint16_t encryptedLen = len - (encrypted - buf);
2014-10-30 22:13:29 +03:00
i2p::crypto::CBCDecryption decryption;
decryption.SetKey (aesKey);
decryption.SetIV (header->iv);
decryption.Decrypt (encrypted, encryptedLen, encrypted);
}
void SSUSession::DecryptSessionKey (uint8_t * buf, size_t len)
{
if (len < sizeof (SSUHeader))
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: Unexpected packet length ", len);
2014-10-30 22:13:29 +03:00
return;
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
SSUHeader * header = (SSUHeader *)buf;
uint8_t * encrypted = &header->flag;
2018-01-06 06:48:51 +03:00
uint16_t encryptedLen = len - (encrypted - buf);
2014-10-30 22:13:29 +03:00
if (encryptedLen > 0)
2018-01-06 06:48:51 +03:00
{
2014-10-30 22:13:29 +03:00
m_SessionKeyDecryption.SetIV (header->iv);
m_SessionKeyDecryption.Decrypt (encrypted, encryptedLen, encrypted);
2018-01-06 06:48:51 +03:00
}
}
2015-11-03 17:15:49 +03:00
bool SSUSession::Validate (uint8_t * buf, size_t len, const i2p::crypto::MACKey& macKey)
2014-10-30 22:13:29 +03:00
{
if (len < sizeof (SSUHeader))
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: Unexpected packet length ", len);
2014-10-30 22:13:29 +03:00
return false;
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
SSUHeader * header = (SSUHeader *)buf;
uint8_t * encrypted = &header->flag;
uint16_t encryptedLen = len - (encrypted - buf);
// assume actual buffer size is 18 (16 + 2) bytes more
memcpy (buf + len, header->iv, 16);
2019-08-13 21:55:18 +03:00
uint16_t netid = i2p::context.GetNetID ();
htobe16buf (buf + len + 16, (netid == I2PD_NET_ID) ? encryptedLen : encryptedLen ^ ((netid - 2) << 8));
2014-10-30 22:13:29 +03:00
uint8_t digest[16];
i2p::crypto::HMACMD5Digest (encrypted, encryptedLen + 18, macKey, digest);
return !memcmp (header->mac, digest, 16);
}
void SSUSession::Connect ()
{
if (m_State == eSessionStateUnknown)
2018-01-06 06:48:51 +03:00
{
ScheduleConnectTimer (); // set connect timer
m_DHKeysPair = std::make_shared<i2p::crypto::DHKeys> ();
m_DHKeysPair->GenerateKeys ();
2014-10-30 22:13:29 +03:00
SendSessionRequest ();
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
}
void SSUSession::WaitForConnect ()
{
2015-11-03 17:15:49 +03:00
if (!IsOutgoing ()) // incoming session
ScheduleConnectTimer ();
else
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: wait for connect for outgoing session");
}
2014-10-30 22:13:29 +03:00
void SSUSession::ScheduleConnectTimer ()
{
m_ConnectTimer.cancel ();
m_ConnectTimer.expires_from_now (boost::posix_time::seconds(SSU_CONNECT_TIMEOUT));
m_ConnectTimer.async_wait (std::bind (&SSUSession::HandleConnectTimer,
2018-01-06 06:48:51 +03:00
shared_from_this (), std::placeholders::_1));
2014-10-30 22:13:29 +03:00
}
void SSUSession::HandleConnectTimer (const boost::system::error_code& ecode)
{
if (!ecode)
{
// timeout expired
2016-06-27 16:00:00 +03:00
LogPrint (eLogWarning, "SSU: session with ", m_RemoteEndpoint, " was not established after ", SSU_CONNECT_TIMEOUT, " seconds");
2014-10-30 22:13:29 +03:00
Failed ();
2018-01-06 06:48:51 +03:00
}
}
2015-12-10 06:17:43 +03:00
void SSUSession::Introduce (const i2p::data::RouterInfo::Introducer& introducer,
std::shared_ptr<const i2p::data::RouterInfo> to)
2014-10-30 22:13:29 +03:00
{
if (m_State == eSessionStateUnknown)
2018-01-06 06:48:51 +03:00
{
2014-10-30 22:13:29 +03:00
// set connect timer
m_ConnectTimer.expires_from_now (boost::posix_time::seconds(SSU_CONNECT_TIMEOUT));
m_ConnectTimer.async_wait (std::bind (&SSUSession::HandleConnectTimer,
2014-11-24 20:26:11 +03:00
shared_from_this (), std::placeholders::_1));
2015-12-10 06:17:43 +03:00
}
uint32_t nonce;
RAND_bytes ((uint8_t *)&nonce, 4);
m_RelayRequests[nonce] = to;
SendRelayRequest (introducer, nonce);
2014-10-30 22:13:29 +03:00
}
void SSUSession::WaitForIntroduction ()
{
m_State = eSessionStateIntroduced;
// set connect timer
m_ConnectTimer.expires_from_now (boost::posix_time::seconds(SSU_CONNECT_TIMEOUT));
m_ConnectTimer.async_wait (std::bind (&SSUSession::HandleConnectTimer,
2018-01-06 06:48:51 +03:00
shared_from_this (), std::placeholders::_1));
2014-10-30 22:13:29 +03:00
}
void SSUSession::Close ()
{
SendSessionDestroyed ();
Reset ();
2015-02-07 23:25:06 +03:00
m_State = eSessionStateClosed;
2018-01-06 06:48:51 +03:00
}
void SSUSession::Reset ()
{
m_State = eSessionStateUnknown;
2015-01-13 06:53:35 +03:00
transports.PeerDisconnected (shared_from_this ());
2015-02-08 01:58:29 +03:00
m_Data.Stop ();
m_ConnectTimer.cancel ();
2016-12-30 06:06:33 +03:00
if (m_SentRelayTag)
2018-01-06 06:48:51 +03:00
{
2016-12-30 06:06:33 +03:00
m_Server.RemoveRelay (m_SentRelayTag); // relay tag is not valid anymore
m_SentRelayTag = 0;
2018-01-06 06:48:51 +03:00
}
m_DHKeysPair = nullptr;
m_SignedData = nullptr;
m_IsSessionKey = false;
}
2014-10-30 22:13:29 +03:00
2015-02-07 04:53:48 +03:00
void SSUSession::Done ()
{
2015-02-07 23:25:06 +03:00
GetService ().post (std::bind (&SSUSession::Failed, shared_from_this ()));
}
2014-10-30 22:13:29 +03:00
void SSUSession::Established ()
{
m_State = eSessionStateEstablished;
2015-11-03 17:15:49 +03:00
m_DHKeysPair = nullptr;
m_SignedData = nullptr;
2015-02-08 16:50:05 +03:00
m_Data.Start ();
2015-01-13 06:53:35 +03:00
transports.PeerConnected (shared_from_this ());
2015-11-03 17:15:49 +03:00
if (m_IsPeerTest)
2014-10-30 22:13:29 +03:00
SendPeerTest ();
2016-12-31 21:52:26 +03:00
if (m_SentRelayTag)
m_Server.AddRelay (m_SentRelayTag, shared_from_this ());
m_LastActivityTimestamp = i2p::util::GetSecondsSinceEpoch ();
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
void SSUSession::Failed ()
{
if (m_State != eSessionStateFailed)
2018-01-06 06:48:51 +03:00
{
2014-10-30 22:13:29 +03:00
m_State = eSessionStateFailed;
2018-01-06 06:48:51 +03:00
m_Server.DeleteSession (shared_from_this ());
}
}
2014-10-30 22:13:29 +03:00
void SSUSession::SendI2NPMessages (const std::vector<std::shared_ptr<I2NPMessage> >& msgs)
2015-01-21 05:05:57 +03:00
{
2018-01-06 06:48:51 +03:00
GetService ().post (std::bind (&SSUSession::PostI2NPMessages, shared_from_this (), msgs));
2015-01-21 05:05:57 +03:00
}
void SSUSession::PostI2NPMessages (std::vector<std::shared_ptr<I2NPMessage> > msgs)
2015-01-21 05:05:57 +03:00
{
if (m_State == eSessionStateEstablished)
{
2016-08-09 01:53:37 +03:00
for (const auto& it: msgs)
2018-10-11 18:17:14 +03:00
if (it)
{
if (it->GetLength () <= SSU_MAX_I2NP_MESSAGE_SIZE)
2018-10-11 18:17:14 +03:00
m_Data.Send (it);
else
LogPrint (eLogError, "SSU: I2NP message of size ", it->GetLength (), " can't be sent. Dropped");
}
}
2018-01-06 06:48:51 +03:00
}
2015-01-21 05:05:57 +03:00
2014-10-30 22:13:29 +03:00
void SSUSession::ProcessData (uint8_t * buf, size_t len)
{
m_Data.ProcessMessage (buf, len);
2015-02-15 22:17:55 +03:00
m_IsDataReceived = true;
2014-10-30 22:13:29 +03:00
}
2015-02-15 22:17:55 +03:00
void SSUSession::FlushData ()
{
if (m_IsDataReceived)
2018-01-06 06:48:51 +03:00
{
2015-02-15 22:17:55 +03:00
m_Data.FlushReceivedMessage ();
m_IsDataReceived = false;
2018-01-06 06:48:51 +03:00
}
2015-02-15 22:17:55 +03:00
}
2014-10-30 22:13:29 +03:00
2015-03-26 21:35:20 +03:00
void SSUSession::ProcessPeerTest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
2014-10-30 22:13:29 +03:00
{
2015-03-26 22:05:52 +03:00
uint32_t nonce = bufbe32toh (buf); // 4 bytes
boost::asio::ip::address addr; // Alice's addresss
uint16_t port = 0; // and port
auto size = ExtractIPAddressAndPort (buf + 4, len - 4, addr, port);
if (port && (size != 7) && (size != 19))
2014-10-30 22:13:29 +03:00
{
LogPrint (eLogWarning, "SSU: Address of ", size - 3, " bytes not supported");
2014-10-30 22:13:29 +03:00
return;
2018-01-06 06:48:51 +03:00
}
const uint8_t * introKey = buf + 4 + size;
2015-02-26 05:56:51 +03:00
switch (m_Server.GetPeerTestParticipant (nonce))
2018-01-06 06:48:51 +03:00
{
// existing test
2015-02-26 05:56:51 +03:00
case ePeerTestParticipantAlice1:
2018-01-06 06:48:51 +03:00
{
2016-11-06 04:08:14 +03:00
if (m_Server.GetPeerTestSession (nonce) == shared_from_this ()) // Alice-Bob
2015-02-26 21:44:18 +03:00
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: peer test from Bob. We are Alice");
2021-03-23 22:36:57 +03:00
if (IsV6 ())
{
if (i2p::context.GetStatusV6 () == eRouterStatusTesting)
2021-04-21 03:02:30 +03:00
{
2021-03-23 22:36:57 +03:00
i2p::context.SetStatusV6 (eRouterStatusFirewalled);
2021-04-21 03:02:30 +03:00
m_Server.RescheduleIntroducersUpdateTimerV6 ();
}
2021-03-23 22:36:57 +03:00
}
else if (i2p::context.GetStatus () == eRouterStatusTesting) // still not OK
{
2015-02-26 21:44:18 +03:00
i2p::context.SetStatus (eRouterStatusFirewalled);
m_Server.RescheduleIntroducersUpdateTimer ();
}
2015-02-26 21:44:18 +03:00
}
2015-02-26 00:39:48 +03:00
else
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: first peer test from Charlie. We are Alice");
2016-11-06 04:08:14 +03:00
if (m_State == eSessionStateEstablished)
LogPrint (eLogWarning, "SSU: first peer test from Charlie through established session. We are Alice");
2021-03-23 22:36:57 +03:00
if (IsV6 ())
i2p::context.SetStatusV6 (eRouterStatusOK);
else
i2p::context.SetStatus (eRouterStatusOK);
2015-02-26 05:56:51 +03:00
m_Server.UpdatePeerTest (nonce, ePeerTestParticipantAlice2);
2016-07-22 19:50:03 +03:00
SendPeerTest (nonce, senderEndpoint.address (), senderEndpoint.port (), introKey, true, false); // to Charlie
2015-02-26 00:39:48 +03:00
}
2015-02-26 05:56:51 +03:00
break;
2018-01-06 06:48:51 +03:00
}
2015-02-26 05:56:51 +03:00
case ePeerTestParticipantAlice2:
{
2016-11-06 04:08:14 +03:00
if (m_Server.GetPeerTestSession (nonce) == shared_from_this ()) // Alice-Bob
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: peer test from Bob. We are Alice");
2015-02-26 05:56:51 +03:00
else
{
// peer test successive
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: second peer test from Charlie. We are Alice");
2021-03-23 22:36:57 +03:00
if (IsV6 ())
i2p::context.SetStatusV6 (eRouterStatusOK);
else
i2p::context.SetStatus (eRouterStatusOK);
2015-02-26 05:56:51 +03:00
m_Server.RemovePeerTest (nonce);
}
break;
2018-01-06 06:48:51 +03:00
}
case ePeerTestParticipantBob:
2014-10-30 22:13:29 +03:00
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: peer test from Charlie. We are Bob");
2015-03-26 23:10:52 +03:00
auto session = m_Server.GetPeerTestSession (nonce); // session with Alice from PeerTest
if (session && session->m_State == eSessionStateEstablished)
2015-03-26 22:05:52 +03:00
session->Send (PAYLOAD_TYPE_PEER_TEST, buf, len); // back to Alice
2015-03-26 21:35:20 +03:00
m_Server.RemovePeerTest (nonce); // nonce has been used
2015-02-26 05:56:51 +03:00
break;
2014-10-30 22:13:29 +03:00
}
2015-02-26 05:56:51 +03:00
case ePeerTestParticipantCharlie:
2018-01-06 06:48:51 +03:00
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: peer test from Alice. We are Charlie");
2016-07-22 19:50:03 +03:00
SendPeerTest (nonce, senderEndpoint.address (), senderEndpoint.port (), introKey); // to Alice with her actual address
2015-03-26 21:35:20 +03:00
m_Server.RemovePeerTest (nonce); // nonce has been used
2015-02-26 05:56:51 +03:00
break;
2014-10-30 22:13:29 +03:00
}
2018-01-06 06:48:51 +03:00
// test not found
2015-02-26 05:56:51 +03:00
case ePeerTestParticipantUnknown:
2014-10-30 22:13:29 +03:00
{
2015-02-26 05:56:51 +03:00
if (m_State == eSessionStateEstablished)
2014-10-30 22:13:29 +03:00
{
2015-02-26 05:56:51 +03:00
// new test
if (port)
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: peer test from Bob. We are Charlie");
2015-02-26 05:56:51 +03:00
m_Server.NewPeerTest (nonce, ePeerTestParticipantCharlie);
2015-03-26 22:05:52 +03:00
Send (PAYLOAD_TYPE_PEER_TEST, buf, len); // back to Bob
SendPeerTest (nonce, addr, port, introKey); // to Alice with her address received from Bob
2015-02-26 05:56:51 +03:00
}
else
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: peer test from Alice. We are Bob");
auto session = senderEndpoint.address ().is_v4 () ? m_Server.GetRandomEstablishedV4Session (shared_from_this ()) : m_Server.GetRandomEstablishedV6Session (shared_from_this ()); // Charlie
2015-02-26 05:56:51 +03:00
if (session)
{
2015-03-26 23:10:52 +03:00
m_Server.NewPeerTest (nonce, ePeerTestParticipantBob, shared_from_this ());
2018-01-06 06:48:51 +03:00
session->SendPeerTest (nonce, senderEndpoint.address (), senderEndpoint.port (), introKey, false); // to Charlie with Alice's actual address
}
2015-02-26 05:56:51 +03:00
}
2014-10-30 22:13:29 +03:00
}
else
2015-12-17 11:09:54 +03:00
LogPrint (eLogError, "SSU: unexpected peer test");
2014-10-30 22:13:29 +03:00
}
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
}
2018-01-06 06:48:51 +03:00
void SSUSession::SendPeerTest (uint32_t nonce, const boost::asio::ip::address& address, uint16_t port,
2015-02-26 00:39:48 +03:00
const uint8_t * introKey, bool toAddress, bool sendAddress)
// toAddress is true for Alice<->Chalie communications only
2018-01-06 06:48:51 +03:00
// sendAddress is false if message comes from Alice
2014-10-30 22:13:29 +03:00
{
uint8_t buf[80 + 18] = {0};
2014-10-30 22:13:29 +03:00
uint8_t iv[16];
uint8_t * payload = buf + sizeof (SSUHeader);
htobe32buf (payload, nonce);
2018-01-06 06:48:51 +03:00
payload += 4; // nonce
2015-02-26 00:39:48 +03:00
// address and port
2016-07-22 19:50:03 +03:00
if (sendAddress)
{
if (address.is_v4 ())
{
*payload = 4;
memcpy (payload + 1, address.to_v4 ().to_bytes ().data (), 4); // our IP V4
}
else if (address.is_v6 ())
{
2016-09-01 05:47:32 +03:00
*payload = 16;
2018-01-06 06:48:51 +03:00
memcpy (payload + 1, address.to_v6 ().to_bytes ().data (), 16); // our IP V6
2016-07-22 19:50:03 +03:00
}
else
*payload = 0;
2018-01-06 06:48:51 +03:00
payload += (payload[0] + 1);
2014-10-30 22:13:29 +03:00
}
else
{
*payload = 0;
payload++; //size
}
htobe16buf (payload, port);
2014-10-30 22:13:29 +03:00
payload += 2; // port
2015-02-26 00:39:48 +03:00
// intro key
if (toAddress)
{
2019-04-08 22:22:42 +03:00
// send our intro key to address instead of its own
auto addr = address.is_v4 () ? i2p::context.GetRouterInfo ().GetSSUAddress (true) : // ipv4
i2p::context.GetRouterInfo ().GetSSUV6Address ();
2015-02-26 00:39:48 +03:00
if (addr)
memcpy (payload, addr->ssu->key, 32); // intro key
2015-02-26 00:39:48 +03:00
else
2018-01-06 06:48:51 +03:00
LogPrint (eLogInfo, "SSU is not supported. Can't send peer test");
}
else
2015-02-26 00:39:48 +03:00
memcpy (payload, introKey, 32); // intro key
2014-10-30 22:13:29 +03:00
2018-01-06 06:48:51 +03:00
// send
2015-11-03 17:15:49 +03:00
RAND_bytes (iv, 16); // random iv
2014-10-30 22:13:29 +03:00
if (toAddress)
2018-01-06 06:48:51 +03:00
{
2014-10-30 22:13:29 +03:00
// encrypt message with specified intro key
FillHeaderAndEncrypt (PAYLOAD_TYPE_PEER_TEST, buf, 80, introKey, iv, introKey);
2016-07-22 19:50:03 +03:00
boost::asio::ip::udp::endpoint e (address, port);
2014-10-30 22:13:29 +03:00
m_Server.Send (buf, 80, e);
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
else
{
// encrypt message with session key
FillHeaderAndEncrypt (PAYLOAD_TYPE_PEER_TEST, buf, 80);
Send (buf, 80);
}
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
void SSUSession::SendPeerTest ()
{
2015-02-25 23:26:06 +03:00
// we are Alice
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: sending peer test");
auto address = IsV6 () ? i2p::context.GetRouterInfo ().GetSSUV6Address () : i2p::context.GetRouterInfo ().GetSSUAddress (true);
2014-10-30 22:13:29 +03:00
if (!address)
{
2016-01-28 05:54:42 +03:00
LogPrint (eLogInfo, "SSU is not supported. Can't send peer test");
2014-10-30 22:13:29 +03:00
return;
}
2015-11-03 17:15:49 +03:00
uint32_t nonce;
RAND_bytes ((uint8_t *)&nonce, 4);
2014-10-30 22:13:29 +03:00
if (!nonce) nonce = 1;
2015-11-03 17:15:49 +03:00
m_IsPeerTest = false;
2016-11-09 20:13:42 +03:00
m_Server.NewPeerTest (nonce, ePeerTestParticipantAlice1, shared_from_this ());
SendPeerTest (nonce, boost::asio::ip::address(), 0, address->ssu->key, false, false); // address and port always zero for Alice
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
void SSUSession::SendKeepAlive ()
{
if (m_State == eSessionStateEstablished)
2018-01-06 06:48:51 +03:00
{
uint8_t buf[48 + 18] = {0};
2014-10-30 22:13:29 +03:00
uint8_t * payload = buf + sizeof (SSUHeader);
*payload = 0; // flags
payload++;
2018-01-06 06:48:51 +03:00
*payload = 0; // num fragments
2014-10-30 22:13:29 +03:00
// encrypt message with session key
FillHeaderAndEncrypt (PAYLOAD_TYPE_DATA, buf, 48);
Send (buf, 48);
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: keep-alive sent");
m_LastActivityTimestamp = i2p::util::GetSecondsSinceEpoch ();
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
}
void SSUSession::SendSessionDestroyed ()
2014-10-30 22:13:29 +03:00
{
if (m_IsSessionKey)
{
uint8_t buf[48 + 18] = {0};
2014-10-30 22:13:29 +03:00
// encrypt message with session key
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_DESTROYED, buf, 48);
2015-02-27 21:07:32 +03:00
try
{
Send (buf, 48);
}
catch (std::exception& ex)
{
2016-01-28 05:54:42 +03:00
LogPrint (eLogWarning, "SSU: exception while sending session destoroyed: ", ex.what ());
2015-02-27 21:07:32 +03:00
}
2015-12-17 11:09:54 +03:00
LogPrint (eLogDebug, "SSU: session destroyed sent");
2014-10-30 22:13:29 +03:00
}
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
void SSUSession::Send (uint8_t type, const uint8_t * payload, size_t len)
{
uint8_t buf[SSU_MTU_V4 + 18] = {0};
2018-01-06 06:48:51 +03:00
size_t msgSize = len + sizeof (SSUHeader);
2015-03-25 16:04:19 +03:00
size_t paddingSize = msgSize & 0x0F; // %16
if (paddingSize > 0) msgSize += (16 - paddingSize);
2014-10-30 22:13:29 +03:00
if (msgSize > SSU_MTU_V4)
{
2015-12-17 11:09:54 +03:00
LogPrint (eLogWarning, "SSU: payload size ", msgSize, " exceeds MTU");
2014-10-30 22:13:29 +03:00
return;
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
memcpy (buf + sizeof (SSUHeader), payload, len);
// encrypt message with session key
FillHeaderAndEncrypt (type, buf, msgSize);
Send (buf, msgSize);
2018-01-06 06:48:51 +03:00
}
2014-10-30 22:13:29 +03:00
void SSUSession::Send (const uint8_t * buf, size_t size)
{
m_NumSentBytes += size;
2015-03-17 02:33:59 +03:00
i2p::transport::transports.UpdateSentBytes (size);
2014-10-30 22:13:29 +03:00
m_Server.Send (buf, size, m_RemoteEndpoint);
2018-01-06 06:48:51 +03:00
}
2021-03-19 03:11:24 +03:00
size_t SSUSession::ExtractIPAddressAndPort (const uint8_t * buf, size_t len, boost::asio::ip::address& ip, uint16_t& port)
{
if (!len) return 0;
uint8_t size = *buf;
size_t s = 1 + size + 2; // size + address + port
if (len < s)
{
LogPrint (eLogWarning, "SSU: Address is too short ", len);
port = 0;
return len;
}
buf++; // size
if (size == 4)
{
boost::asio::ip::address_v4::bytes_type bytes;
memcpy (bytes.data (), buf, 4);
ip = boost::asio::ip::address_v4 (bytes);
}
else if (size == 16)
{
boost::asio::ip::address_v6::bytes_type bytes;
memcpy (bytes.data (), buf, 16);
ip = boost::asio::ip::address_v6 (bytes);
}
else
LogPrint (eLogWarning, "SSU: Address size ", size, " is not supported");
buf += size;
port = bufbe16toh (buf);
return s;
}
2014-10-30 22:13:29 +03:00
}
}