public override SSUState HandleMessage(SSUHeader header, BufRefLen reader)
{
if (header.MessageType == SSUHeader.MessageTypes.RelayResponse)
{
var response = new RelayResponse(reader);
return(HandleRelayResponse(response));
}
return(this);
}
internal void ReportRelayResponse(SSUHeader header, RelayResponse response, IPEndPoint ep)
{
if (RelayResponseReceived != null)
{
lock ( RelayResponseReceivedLock )
{
RelayResponseReceived(header, response, ep);
}
}
}
public override SSUState HandleMessage(SSUHeader header, BufRefLen reader)
{
switch (header.MessageType)
{
case SSUHeader.MessageTypes.SessionRequest:
var req = new SessionRequest(reader, I2PKeyType.DefaultAsymetricKeyCert);
Logging.LogTransport($"SSU SessionCreatedState {Session.DebugId}: OK SessionRequest received.");
BufUtils.DHI2PToSessionAndMAC(out var sessionkey, out var mackey,
req.XKey.ModPow(PrivateKey.ToBigInteger(), I2PConstants.ElGamalP));
Session.MACKey = mackey;
Session.SharedKey = sessionkey;
Session.Host.ReportedAddress(new IPAddress(req.Address.ToByteArray()));
// TODO: Remove comment when relaying is implemented
/*
* if ( header.ExtendedOptions != null )
* {
* if ( header.ExtendedOptions.Length == 2 && ( ( header.ExtendedOptions[0] & 0x01 ) != 0 ) )
* {
* RelayTag = BufUtils.RandomUint();
* }
* }*/
Request = req;
SendSessionCreated();
return(this);
case SSUHeader.MessageTypes.RelayResponse:
Logging.LogTransport(string.Format("SSU SessionCreatedState {0}: RelayResponse received from {1}.",
Session.DebugId, (Session.RemoteEP == null ? "<null>" : Session.RemoteEP.ToString())));
var response = new RelayResponse(reader);
Session.Host.ReportRelayResponse(header, response, Session.RemoteEP);
break;
case SSUHeader.MessageTypes.SessionConfirmed:
return(ParseSessionConfirmed(header, reader));
case SSUHeader.MessageTypes.PeerTest:
HandleIncomingPeerTestPackage(reader);
break;
default:
Logging.LogTransport($"SSU SessionCreatedState: Session {Session.DebugId} Unexpected Message: {header.MessageType}");
break;
}
return(this);
}
private SSUState ParseSessionConfirmed(SSUHeader header, BufRefLen reader)
{
var info = reader.Read8();
var cursize = reader.ReadFlip16();
if (Fragments is null)
{
Fragments = new BufLen[info & 0x0f];
}
return(AssembleFragments(header, reader, info, cursize));
}
public override SSUState HandleMessage(SSUHeader header, BufRefLen reader)
{
if (header.MessageType == SSUHeader.MessageTypes.SessionCreated)
{
Logging.LogTransport($"SSU SessionConfirmedState {Session.DebugId}: Unexpected message received: {header.MessageType}");
return(this);
}
Logging.LogTransport($"SSU SessionConfirmedState: Session {Session.DebugId} established. " +
$"{header.MessageType} received. Moving to Established state.");
var next = new EstablishedState(Session);
Session.ReportConnectionEstablished();
return(next.HandleMessage(header, reader));
}
public virtual SSUState DatagramReceived(BufRefLen recv, IPEndPoint RemoteEP)
{
// Verify the MAC
var reader = new BufRefLen(recv);
var header = new SSUHeader(reader);
var recvencr = header.EncryptedBuf;
var macstate = VerifyMAC(header, CurrentMACKey);
switch (macstate)
{
case MACHealth.AbandonSession:
Logging.LogTransport($"SSU {this}: Abandoning session. MAC check failed.");
SendSessionDestroyed();
Session.Host.ReportEPProblem(RemoteEP);
return(null);
case MACHealth.Missmatch:
return(this);
}
// Decrypt
Cipher.Init(false, CurrentPayloadKey.ToParametersWithIV(header.IV));
Cipher.ProcessBytes(recvencr);
header.SkipExtendedHeaders(reader);
if (header.MessageType == SSUHeader.MessageTypes.SessionDestroyed &&
CurrentPayloadKey != Session.RemoteIntroKey &&
CurrentPayloadKey != Session.MyRouterContext.IntroKey)
{
Logging.LogTransport($"SSU {this}: Received SessionDestroyed.");
SendSessionDestroyed();
return(null);
}
Logging.LogDebugData($"SSU {this}: Received message: {header.MessageType}" +
$": {SSUHost.SSUDateTime( header.TimeStamp )}");
DataReceived();
return(HandleMessage(header, reader));
}
protected MACHealth VerifyMAC(SSUHeader header, BufLen key)
{
var macdata = new BufLen[] {
header.MACDataBuf,
header.IV,
BufUtils.Flip16BL((ushort)((ushort)header.MACDataBuf.Length ^ I2PConstants.SSU_PROTOCOL_VERSION))
};
var recvhash = I2PHMACMD5Digest.Generate(macdata, key, MACBuf);
var ok = header.MAC.Equals(recvhash);
var result = ok ? MACHealth.Match : MACHealth.Missmatch;
if (!ok)
{
if (++ConsecutiveMACCheckFailures > 3)
{
result = MACHealth.AbandonSession;
}
}
else
{
ConsecutiveMACCheckFailures = 0;
}
#if DEBUG
if (result != MACHealth.Match)
{
Logging.LogTransport($"SSU {this}: VerifyMAC {result} [{ConsecutiveMACCheckFailures}] {key}");
}
else
{
Logging.LogDebugData($"SSU {this}: VerifyMAC {result} [{ConsecutiveMACCheckFailures}] {key}");
}
#endif
#if DEBUG && SSU_TRACK_OLD_MAC_KEYS
if (result != MACHealth.Match)
{
result = CheckOldKeys(header, macdata, MACBuf, result);
}
#endif
return(result);
}
void Host_RelayResponseReceived(SSUHeader header, RelayResponse response, IPEndPoint ep)
{
Logging.LogTransport(
$"SSU RelayRequestState: {Session.DebugId} RelayResponse from {ep} received.");
if (header.MessageType == SSUHeader.MessageTypes.RelayResponse)
{
if (Introducers.Any(i => i.Value.RemoteEP == ep))
{
HandleRelayResponse(response);
}
else
{
Logging.LogTransport(
$"SSU RelayRequestState: {Session.DebugId} RelayResponse from {ep} received. " +
$"Ignored as not in wait set [{string.Join( ", ", Introducers.Select( i => i.Value.RemoteEP ) )}].");
}
}
}
private MACHealth CheckOldKeys(
SSUHeader header,
BufLen[] macdata,
BufLen mACBuf,
MACHealth result)
{
if (!SSUSession.OldKeys.TryGetValue(Session.RemoteEP, out var oldkeys))
{
return(result);
}
foreach (var keyinfo in oldkeys.ToArray())
{
var recvhashi = I2PHMACMD5Digest.Generate(macdata, keyinfo.Key, MACBuf);
var oki = header.MAC.Equals(recvhashi);
Logging.LogTransport($"SSU {this}: " +
$"Old key from {keyinfo.Created} {keyinfo.CreatedDelta, -20} {keyinfo.Type, -10} match: {oki, -6} {keyinfo.Key}");
}
return(result);
}
private SSUState AssembleFragments(SSUHeader header, BufRefLen reader, byte info, ushort cursize)
{
var fragnr = info >> 4;
var fragcount = info & 0x0f;
Logging.LogTransport($"AssembleFragments: frag {fragnr} / {fragcount}, len {cursize}.");
if (fragnr != fragcount - 1)
{
Fragments[fragnr] = reader.ReadBufLen(cursize);
}
else
{
ASignonTime = reader.Peek32(cursize);
Fragments[fragnr] = reader.ReadBufLen(reader.Length);
}
if (Fragments.Any(f => f is null))
{
return(this);
}
var buf = new BufLen(new byte[Fragments.Sum(f => f.Length)]);
var bufwriter = new BufRefLen(buf);
for (int i = 0; i < Fragments.Length; ++i)
{
bufwriter.Write(Fragments[i]);
}
Session.RemoteRouter = new I2PRouterIdentity((BufRefLen)buf);
var signbuf = new BufRefLen(buf,
buf.Length - Session.RemoteRouter.Certificate.SignatureLength);
ASign = new I2PSignature(signbuf, Session.RemoteRouter.Certificate);
return(VerifyRemoteSignature());
}
/**
* From PacketBuilder.java
* -----8<-----
* @param packet prepared packet with the first 32 bytes empty and a length
* whose size is mod 16.
* As of 0.9.7, length non-mod-16 is allowed; the
* last 1-15 bytes are included in the MAC calculation but are not encrypted.
* -----8<-----
*/
protected void SendMessage(
IPEndPoint dest,
SSUHeader.MessageTypes message,
BufLen mackey,
BufLen cryptokey,
SendMessageGenerator gen,
SendMessageGenerator genextrapadding)
{
var start = Session.Host.SendBuffers.Pop();
var writer = new BufRefLen(start);
var header = new SSUHeader(writer, message);
if (!gen(start, writer))
{
return;
}
// Do not cut to datalen & ~0xf as that might make data at the end unencrypted
var datapadding = BufUtils.Get16BytePadding(writer - start);
writer.Write(BufUtils.RandomBytes(datapadding));
var datalen = writer - start;
var encryptedbuf = new BufLen(start, 32, datalen - 32);
// TODO: Adding extra padding does not seem to work
if (genextrapadding != null)
{
if (!genextrapadding(start, writer))
{
return;
}
}
var packetlen = writer - start;
var data = new BufLen(start, 0, packetlen);
var hmac = new BufLen(data, 32);
SendMessageCipher.Init(true, cryptokey.ToParametersWithIV(header.IV));
SendMessageCipher.ProcessBytes(encryptedbuf);
I2PHMACMD5Digest.Generate(new BufLen[] {
hmac,
header.IV,
BufUtils.Flip16BL((ushort)((ushort)hmac.Length ^ I2PConstants.SSU_PROTOCOL_VERSION))
}, mackey, header.MAC);
#if LOG_MUCH_TRANSPORT
Logging.LogTransport(string.Format("SSUState SendMessage {0}: encrlen {1} bytes [0x{1:X}] (padding {2} bytes [0x{2:X}]), " +
"hmac {3} bytes [0x{3:X}], sendlen {4} bytes [0x{4:X}]",
Session.DebugId,
encryptedbuf.Length,
datapadding,
hmac.Length,
data.Length));
#endif
DataSent();
Send(dest, data);
}
// MAC verified and packet dectrypted public abstract SSUState HandleMessage(SSUHeader header, BufRefLen reader);
public override SSUState HandleMessage(SSUHeader header, BufRefLen reader)
{
switch (header.MessageType)
{
case SSUHeader.MessageTypes.Data:
try
{
var datamsg = new SSUDataMessage(reader, Session.Defragmenter);
if (datamsg.ExplicitAcks != null)
{
Session.Fragmenter.GotAck(datamsg.ExplicitAcks);
}
if (datamsg.AckBitfields != null)
{
Session.Fragmenter.GotAck(datamsg.AckBitfields);
}
if (datamsg.NewMessages != null)
{
foreach (var msg in datamsg.NewMessages)
{
var i2npmsg = I2NPMessage.ReadHeader16((BufRefLen)msg.GetPayload());
#if LOG_MUCH_TRANSPORT
Logging.LogDebugData($"SSU {this} complete message " +
$"{msg.MessageId}: {i2npmsg.Expiration}");
#endif
if (i2npmsg.MessageType == I2NPMessage.MessageTypes.DeliveryStatus)
{
if (((DeliveryStatusMessage)i2npmsg.Message).IsNetworkId((ulong)I2PConstants.I2P_NETWORK_ID))
{
continue;
}
}
Session.MessageReceived(i2npmsg);
}
}
}
catch (Exception ex)
{
Logging.Log("EstablishedState: SSUHost.SSUMessageTypes.Data", ex);
}
break;
case SSUHeader.MessageTypes.PeerTest:
HandleIncomingPeerTestPackage(reader);
break;
case SSUHeader.MessageTypes.RelayResponse:
Logging.LogTransport($"SSU EstablishedState {Session.DebugId}: RelayResponse received from {Session.RemoteEP}.");
var response = new RelayResponse(reader);
Session.Host.ReportRelayResponse(header, response, Session.RemoteEP);
break;
case SSUHeader.MessageTypes.RelayIntro:
var intro = new RelayIntro(reader);
Logging.LogTransport($"SSU EstablishedState {Session.DebugId}: RelayIntro received from {Session.RemoteEP} for {intro.AliceEndpoint}.");
var data = new BufLen(new byte[12]);
data.Randomize();
Send(intro.AliceEndpoint, data);
++Session.Host.EPStatisitcs[Session.RemoteEP].RelayIntrosReceived;
++Session.RelayIntroductionsReceived;
break;
case SSUHeader.MessageTypes.RelayRequest:
// TODO: Implement
// if ( !SSUHost.IntroductionSupported ) throw new Exception( "SSU relay introduction not supported" );
Logging.LogTransport(string.Format("SSU EstablishedState {0}: Relay introduction not supported.", Session.DebugId));
break;
case SSUHeader.MessageTypes.SessionRequest:
Logging.LogTransport(string.Format("SSU EstablishedState {0}: SessionRequest received. Ending session.", Session.DebugId));
SendSessionDestroyed();
return(null);
default:
Logging.LogTransport(string.Format("SSU EstablishedState {0}: Unexpected message received: {1}.",
Session.DebugId, header.MessageType));
break;
}
return(this);
}
public override SSUState HandleMessage(SSUHeader header, BufRefLen reader)
{
var tstime = SSUHost.SSUDateTime(header.TimeStamp);
if (header.MessageType != SSUHeader.MessageTypes.SessionCreated)
{
Logging.LogTransport($"SSU SessionRequestState: Received unexpected message {tstime} : {header.Flag}");
return(this);
}
SCMessage = new SessionCreated(reader, Session.RemoteRouter.Certificate);
Session.RelayTag = SCMessage.RelayTag;
Y = new I2PPublicKey((BufRefLen)SCMessage.Y, Session.RemoteRouter.Certificate);
BufUtils.DHI2PToSessionAndMAC(out var sessionkey, out var mackey,
Y.ToBigInteger().ModPow(PrivateKey.ToBigInteger(), I2PConstants.ElGamalP));
Session.SharedKey = sessionkey;
Session.MACKey = mackey;
var ipaddr = new IPAddress(SCMessage.Address.ToByteArray());
ushort port = SCMessage.Port.PeekFlip16(0);
Session.SignOnTimeB = SCMessage.SignOnTime.Peek32(0);
var btime = SSUHost.SSUDateTime(BufUtils.Flip32(Session.SignOnTimeB));
Logging.LogTransport($"SSU SessionRequestState {Session.DebugId} : Received SessionCreated. {tstime.ToString()} : {btime}");
Session.Host.ReportedAddress(ipaddr);
if (!I2PSignature.SupportedSignatureType(Session.RemoteRouter.Certificate.SignatureType))
{
throw new SignatureCheckFailureException($"SSU SessionRequestState {Session.DebugId} : " +
$"Received non supported signature type: " +
$"{Session.RemoteRouter.Certificate.SignatureType}");
}
var cipher = new CbcBlockCipher(new AesEngine());
cipher.Init(false, Session.SharedKey.ToParametersWithIV(header.IV));
cipher.ProcessBytes(SCMessage.SignatureEncrBuf);
var baddr = new BufLen(Session.RemoteEP.Address.GetAddressBytes());
var sign = new I2PSignature((BufRefLen)SCMessage.Signature, Session.RemoteRouter.Certificate);
var sok = I2PSignature.DoVerify(
Session.RemoteRouter.SigningPublicKey, sign,
X.Key, Y.Key,
SCMessage.Address, SCMessage.Port,
baddr, BufUtils.Flip16BL((ushort)Session.RemoteEP.Port),
SCMessage.RelayTag, SCMessage.SignOnTime);
Logging.LogTransport($"SSU SessionRequestState: Signature check: {sok}. {Session.RemoteRouter.Certificate.SignatureType}");
if (!sok)
{
throw new SignatureCheckFailureException($"SSU SessionRequestState {Session.DebugId}: Received SessionCreated signature check failed." +
Session.RemoteRouter.Certificate.ToString());
}
if (!RemoteIsFirewalled)
{
var relaytag = SCMessage.RelayTag.PeekFlip32(0);
if (relaytag != 0)
{
Session.RemoteIntroducerInfo = new IntroducerInfo(
Session.RemoteEP.Address,
(ushort)Session.RemoteEP.Port,
Session.RemoteIntroKey, relaytag);
Session.Host.IntroductionRelayOffered(Session.RemoteIntroducerInfo);
}
}
Logging.LogTransport($"SSU {this}: SessionCreated received " +
$"from {Session.RemoteEP} created. Moving to SessionConfirmedState.");
Session.ReportConnectionEstablished();
return(new SessionConfirmedState(Session, this));
}
