process session created after decryption with intro key

This commit is contained in:
orignal 2014-04-07 16:53:28 -04:00
parent 64f195868e
commit be563dcbd1

91
SSU.cpp
View File

@ -61,13 +61,10 @@ namespace ssu
break; break;
// establishing or testing // establishing or testing
case eSessionStateUnknown: case eSessionStateUnknown:
case eSessionStateRequestSent:
// we must use intro key // we must use intro key
ProcessIntroKeyMessage (buf, len, senderEndpoint); ProcessIntroKeyMessage (buf, len, senderEndpoint);
break; break;
case eSessionStateRequestSent:
// session created
ProcessSessionCreated (buf, len);
break;
case eSessionStateCreatedSent: case eSessionStateCreatedSent:
// session confirmed // session confirmed
ProcessSessionConfirmed (buf, len); ProcessSessionConfirmed (buf, len);
@ -147,7 +144,10 @@ namespace ssu
switch (header->GetPayloadType ()) switch (header->GetPayloadType ())
{ {
case PAYLOAD_TYPE_SESSION_REQUEST: case PAYLOAD_TYPE_SESSION_REQUEST:
ProcessSessionRequest (buf + sizeof (SSUHeader), len - sizeof (SSUHeader), senderEndpoint); ProcessSessionRequest (buf, len, senderEndpoint);
break;
case PAYLOAD_TYPE_SESSION_CREATED:
ProcessSessionCreated (buf, len);
break; break;
case PAYLOAD_TYPE_PEER_TEST: case PAYLOAD_TYPE_PEER_TEST:
// TODO // TODO
@ -162,63 +162,52 @@ namespace ssu
m_State = eSessionStateRequestReceived; m_State = eSessionStateRequestReceived;
LogPrint ("Session request received"); LogPrint ("Session request received");
m_RemoteEndpoint = senderEndpoint; m_RemoteEndpoint = senderEndpoint;
SendSessionCreated (buf); SendSessionCreated (buf + sizeof (SSUHeader));
} }
void SSUSession::ProcessSessionCreated (uint8_t * buf, size_t len) void SSUSession::ProcessSessionCreated (uint8_t * buf, size_t len)
{ {
LogPrint ("Process session created");
if (!m_RemoteRouter) if (!m_RemoteRouter)
{ {
LogPrint ("Unsolicited session created message"); LogPrint ("Unsolicited session created message");
return; return;
} }
// use remote intro key m_State = eSessionStateCreatedReceived;
if (ProcessIntroKeyEncryptedMessage (buf, len)) LogPrint ("Session created received");
{ m_Timer.cancel (); // connect timer
SSUHeader * header = (SSUHeader *)buf; uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, signed on time
if (header->GetPayloadType () != PAYLOAD_TYPE_SESSION_CONFIRMED) uint8_t * payload = buf + sizeof (SSUHeader);
{ uint8_t * y = payload;
LogPrint ("Unexpected payload type ", header->GetPayloadType ()); memcpy (signedData, m_DHKeysPair->publicKey, 256); // x
return; memcpy (signedData + 256, y, 256); // y
} payload += 256;
m_State = eSessionStateCreatedReceived; payload += 1; // size, assume 4
LogPrint ("Session created received"); uint8_t * ourAddress = payload;
m_Timer.cancel (); // connect timer boost::asio::ip::address_v4 ourIP (be32toh (*(uint32_t* )ourAddress));
uint8_t signedData[532]; // x,y, our IP, our port, remote IP, remote port, relayTag, signed on time payload += 4; // address
uint8_t * payload = buf + sizeof (SSUHeader); uint16_t ourPort = be16toh (*(uint16_t *)payload);
uint8_t * y = payload; payload += 2; // port
memcpy (signedData, m_DHKeysPair->publicKey, 256); // x memcpy (signedData + 512, ourAddress, 6); // our IP and port
memcpy (signedData + 256, y, 256); // y LogPrint ("Our external address is ", ourIP.to_string (), ":", ourPort);
payload += 256; i2p::context.UpdateAddress (ourIP.to_string ().c_str ());
payload += 1; // size, assume 4 *(uint32_t *)(signedData + 518) = htobe32 (m_RemoteEndpoint.address ().to_v4 ().to_ulong ()); // remote IP
uint8_t * ourAddress = payload; *(uint16_t *)(signedData + 522) = htobe16 (m_RemoteEndpoint.port ()); // remote port
boost::asio::ip::address_v4 ourIP (be32toh (*(uint32_t* )ourAddress)); memcpy (signedData + 524, payload, 8); // relayTag and signed on time
payload += 4; // address uint32_t relayTag = be32toh (*(uint32_t *)payload);
uint16_t ourPort = be16toh (*(uint16_t *)payload); payload += 4; // relayTag
payload += 2; // port payload += 4; // signed on time
memcpy (signedData + 512, ourAddress, 6); // our IP and port // decrypt DSA signature
LogPrint ("Our external address is ", ourIP.to_string (), ":", ourPort); m_Decryption.SetKeyWithIV (m_SessionKey, 32, ((SSUHeader *)buf)->iv);
i2p::context.UpdateAddress (ourIP.to_string ().c_str ()); m_Decryption.ProcessData (payload, payload, 48);
*(uint32_t *)(signedData + 518) = htobe32 (m_RemoteEndpoint.address ().to_v4 ().to_ulong ()); // remote IP // verify
*(uint16_t *)(signedData + 522) = htobe16 (m_RemoteEndpoint.port ()); // remote port CryptoPP::DSA::PublicKey pubKey;
memcpy (signedData + 524, payload, 8); // relayTag and signed on time pubKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag, CryptoPP::Integer (m_RemoteRouter->GetRouterIdentity ().signingKey, 128));
uint32_t relayTag = be32toh (*(uint32_t *)payload); CryptoPP::DSA::Verifier verifier (pubKey);
payload += 4; // relayTag if (!verifier.VerifyMessage (signedData, 532, payload, 40))
payload += 4; // signed on time LogPrint ("SSU signature verification failed");
// decrypt DSA signature
m_Decryption.SetKeyWithIV (m_SessionKey, 32, ((SSUHeader *)buf)->iv);
m_Decryption.ProcessData (payload, payload, 48);
// verify
CryptoPP::DSA::PublicKey pubKey;
pubKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag, CryptoPP::Integer (m_RemoteRouter->GetRouterIdentity ().signingKey, 128));
CryptoPP::DSA::Verifier verifier (pubKey);
if (!verifier.VerifyMessage (signedData, 532, payload, 40))
LogPrint ("SSU signature verification failed");
SendSessionConfirmed (y, ourAddress, relayTag); SendSessionConfirmed (y, ourAddress, relayTag);
}
} }
void SSUSession::ProcessSessionConfirmed (uint8_t * buf, size_t len) void SSUSession::ProcessSessionConfirmed (uint8_t * buf, size_t len)