From 8c800dc178109807863a0751ef6f012a8c658002 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Wed, 29 Jan 2020 21:57:10 -0500
Subject: [PATCH] save aepk from new session message

---
 libi2pd/ECIESX25519AEADRatchetSession.cpp | 13 ++++++-------
 libi2pd/ECIESX25519AEADRatchetSession.h   |  1 +
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/libi2pd/ECIESX25519AEADRatchetSession.cpp b/libi2pd/ECIESX25519AEADRatchetSession.cpp
index b6820482..154bec98 100644
--- a/libi2pd/ECIESX25519AEADRatchetSession.cpp
+++ b/libi2pd/ECIESX25519AEADRatchetSession.cpp
@@ -92,18 +92,17 @@ namespace garlic
         // we are Bob
         // KDF1
         MixHash (GetOwner ()->GetEncryptionPublicKey (), 32); // h = SHA256(h || bpk)    
-
-        uint8_t aepk[32]; // Alice's ephemeral key
-		if (!i2p::crypto::GetElligator ()->Decode (buf, aepk))
+		
+		if (!i2p::crypto::GetElligator ()->Decode (buf, m_Aepk))
 		{ 
 			LogPrint (eLogError, "Garlic: Can't decode elligator");
 			return false;	
 		}
         buf += 32; len -= 32;
-        MixHash (aepk, 32); // h = SHA256(h || aepk)  
+        MixHash (m_Aepk, 32); // h = SHA256(h || aepk)  
     
         uint8_t sharedSecret[32];
-		GetOwner ()->Decrypt (aepk, sharedSecret, nullptr); // x25519(bsk, aepk)
+		GetOwner ()->Decrypt (m_Aepk, sharedSecret, nullptr); // x25519(bsk, aepk)
 		i2p::crypto::HKDF (m_CK, sharedSecret, 32, "", m_CK); // [chainKey, key] = HKDF(chainKey, sharedSecret, "", 64)
 		
         // decrypt flags/static    
@@ -217,7 +216,7 @@ namespace garlic
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD encryption failed");
 			return false;
 		}
-		MixHash (out + offset, 16); // h = SHA256(h || ciphertext)
+		MixHash (out + offset, len + 16); // h = SHA256(h || ciphertext)
 
 		m_State = eSessionStateNewSessionSent;
         if (GetOwner ())
@@ -244,7 +243,7 @@ namespace garlic
         MixHash ((const uint8_t *)&tag, 8); // h = SHA256(h || tag)
         MixHash (m_EphemeralKeys.GetPublicKey (), 32); // h = SHA256(h || bepk)
         uint8_t sharedSecret[32];      
-        m_EphemeralKeys.Agree (m_RemoteStaticKey, sharedSecret); // sharedSecret = x25519(besk, aepk)     
+        m_EphemeralKeys.Agree (m_Aepk, sharedSecret); // sharedSecret = x25519(besk, aepk) 
         i2p::crypto::HKDF (m_CK, sharedSecret, 32, "", m_CK); // [chainKey, key] = HKDF(chainKey, sharedSecret, "", 64)       
         uint8_t nonce[12];
 		memset (nonce, 0, 12); // n = 0
diff --git a/libi2pd/ECIESX25519AEADRatchetSession.h b/libi2pd/ECIESX25519AEADRatchetSession.h
index b8988f6e..f5cef114 100644
--- a/libi2pd/ECIESX25519AEADRatchetSession.h
+++ b/libi2pd/ECIESX25519AEADRatchetSession.h
@@ -89,6 +89,7 @@ namespace garlic
         private:
 
             uint8_t m_H[32], m_CK[64] /* [chainkey, key] */, m_RemoteStaticKey[32];
+			uint8_t m_Aepk[32]; // Alice's ephemeral keys TODO: for incoming only
             i2p::crypto::X25519Keys m_EphemeralKeys;
             SessionState m_State = eSessionStateNew;
             RatchetTagSet m_TagsetAB, m_TagsetBA;