void NTCPSession::HandlePhase3Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB)
{
if (ecode)
{
LogPrint ("Phase 3 read error: ", ecode.message ());
Terminate ();
}
else
{
LogPrint ("Phase 3 received: ", bytes_transferred);
m_Decryption.ProcessData((uint8_t *)&m_Phase3, (uint8_t *)&m_Phase3, sizeof(m_Phase3));
m_RemoteRouterInfo.SetRouterIdentity (m_Phase3.ident);
SignedData s;
memcpy (s.x, m_Phase1.pubKey, 256);
memcpy (s.y, m_Phase2.pubKey, 256);
memcpy (s.ident, i2p::context.GetRouterInfo ().GetIdentHash (), 32);
s.tsA = m_Phase3.timestamp;
s.tsB = tsB;
CryptoPP::DSA::PublicKey pubKey;
pubKey.Initialize (dsap, dsaq, dsag, CryptoPP::Integer (m_RemoteRouterInfo.GetRouterIdentity ().signingKey, 128));
CryptoPP::DSA::Verifier verifier (pubKey);
if (!verifier.VerifyMessage ((uint8_t *)&s, sizeof(s), m_Phase3.signature, 40))
{
LogPrint ("signature verification failed");
Terminate ();
return;
}
SendPhase4 (tsB);
}
}
Keys CreateRandomKeys ()
{
Keys keys;
CryptoPP::AutoSeededRandomPool rnd;
// encryption
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
dh.GenerateKeyPair(rnd, keys.privateKey, keys.publicKey);
// signing
CryptoPP::DSA::PrivateKey privateKey;
CryptoPP::DSA::PublicKey publicKey;
privateKey.Initialize (rnd, i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag);
privateKey.MakePublicKey (publicKey);
privateKey.GetPrivateExponent ().Encode (keys.signingPrivateKey, 20);
publicKey.GetPublicElement ().Encode (keys.signingKey, 128);
return keys;
}
void NTCPSession::HandlePhase4Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsA)
{
if (ecode)
{
LogPrint ("Phase 4 read error: ", ecode.message ());
GetRemoteRouterInfo ().SetUnreachable (true); // this router doesn't like us
Terminate ();
}
else
{
LogPrint ("Phase 4 received: ", bytes_transferred);
m_Decryption.Decrypt((uint8_t *)&m_Phase4, sizeof(m_Phase4), (uint8_t *)&m_Phase4);
// verify signature
SignedData s;
memcpy (s.x, m_Phase1.pubKey, 256);
memcpy (s.y, m_Phase2.pubKey, 256);
memcpy (s.ident, i2p::context.GetRouterInfo ().GetIdentHash (), 32);
s.tsA = tsA;
s.tsB = m_Phase2.encrypted.timestamp;
CryptoPP::DSA::PublicKey pubKey;
pubKey.Initialize (dsap, dsaq, dsag, CryptoPP::Integer (m_RemoteRouterInfo.GetRouterIdentity ().signingKey, 128));
CryptoPP::DSA::Verifier verifier (pubKey);
if (!verifier.VerifyMessage ((uint8_t *)&s, sizeof(s), m_Phase4.signature, 40))
{
LogPrint ("signature verification failed");
Terminate ();
return;
}
Connected ();
m_ReceiveBufferOffset = 0;
m_NextMessage = nullptr;
Receive ();
}
}