Tunnels: Consolidate tunnel key generation

in BuildRequestor.createTunnelBuildMessage() to prep for derived keys in prop. 157
2021-06-17 12:58:46 -04:00
parent 65b57fed9f
commit 7628168c3d
2 changed files with 20 additions and 5 deletions
--- a/router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java
+++ b/router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java
@@ -110,9 +110,8 @@ abstract class BuildRequestor {
            
            if (i > 0)
                cfg.getConfig(i-1).setSendTunnelId(hop.getReceiveTunnelId());
-            byte iv[] = new byte[TunnelCreatorConfig.REPLY_IV_LENGTH];
-            ctx.random().nextBytes(iv);
-            cfg.setAESReplyKeys(i, ctx.keyGenerator().generateSessionKey(), iv);
+            // AES reply keys now set in createTunnelBuildMessage(),
+            // as we don't need them for short TBM
        }
        // This is in BuildExecutor.buildTunnel() now
        // And it was overwritten by the one in createTunnelBuildMessage() anyway!
@@ -357,6 +356,20 @@ abstract class BuildRequestor {
            order = new ArrayList<Integer>(ORDER);
        }

+        if (!useShortTBM) {
+            int len = cfg.getLength();
+            for (int i = 0; i < len; i++) {
+                HopConfig hop = cfg.getConfig(i);
+                // set IV/Layer keys (formerly in TunnelPool.configureNewTunnel())
+                hop.setIVKey(ctx.keyGenerator().generateSessionKey());
+                hop.setLayerKey(ctx.keyGenerator().generateSessionKey());
+                // set the AES reply keys (formerly in prepare())
+                byte iv[] = new byte[TunnelCreatorConfig.REPLY_IV_LENGTH];
+                ctx.random().nextBytes(iv);
+                cfg.setAESReplyKeys(i, ctx.keyGenerator().generateSessionKey(), iv);
+            }
+        }  // else keys are derived
+
        // This is in BuildExecutor.buildTunnel() now
        //long replyMessageId = ctx.random().nextLong(I2NPMessage.MAX_ID_VALUE);
        //cfg.setReplyMessageId(replyMessageId);
--- a/router/java/src/net/i2p/router/tunnel/pool/TunnelPool.java
+++ b/router/java/src/net/i2p/router/tunnel/pool/TunnelPool.java
@@ -1110,6 +1110,9 @@ public class TunnelPool {
    }
    
    /**
+     *  This only sets the peers and creation/expiration times in the configuration.
+     *  For the crypto, see BuildRequestor and BuildMessageGenerator.
+     *
     *  @return null on failure
     */
    PooledTunnelCreatorConfig configureNewTunnel() { return configureNewTunnel(false); }
@@ -1178,8 +1181,7 @@ public class TunnelPool {
            HopConfig hop = cfg.getConfig(j);
            hop.setCreation(now);
            hop.setExpiration(expiration);
-            hop.setIVKey(_context.keyGenerator().generateSessionKey());
-            hop.setLayerKey(_context.keyGenerator().generateSessionKey());
+            // IV and Layer key now set in BuildRequestor.createTunnelBuildMessage()
            // tunnelIds will be updated during building, and as the creator, we
            // don't need to worry about prev/next hop
        }