mirror of
https://github.com/go-i2p/go-i2p.git
synced 2025-06-15 21:28:49 -04:00
delete more now-unused functions
This commit is contained in:
eyedeekay
@ -5,7 +5,6 @@ import (
|
||||
"github.com/go-i2p/go-i2p/lib/crypto/aes"
|
||||
"github.com/go-i2p/go-i2p/lib/transport/noise"
|
||||
"github.com/go-i2p/go-i2p/lib/transport/ntcp/handshake"
|
||||
"github.com/go-i2p/go-i2p/lib/transport/ntcp/kdf"
|
||||
"github.com/go-i2p/go-i2p/lib/transport/ntcp/messages"
|
||||
"github.com/go-i2p/go-i2p/lib/transport/padding"
|
||||
"github.com/go-i2p/go-i2p/lib/util/time/sntp"
|
||||
@ -116,75 +115,3 @@ func (s *NTCP2Session) buildAesStaticKey() (*aes.AESSymmetricKey, error) {
|
||||
AESStaticKey.IV = staticIV[:]
|
||||
return &AESStaticKey, nil
|
||||
}
|
||||
|
||||
// deriveSessionKeys computes the session keys from the completed handshake
|
||||
func (c *NTCP2Session) deriveSessionKeys(hs *handshake.HandshakeState) error {
|
||||
// Create KDF context if not already present
|
||||
kdfContext := kdf.NewNTCP2KDF()
|
||||
|
||||
// If we have a handshake hash from the handshake state, use it
|
||||
if len(hs.HandshakeHash) > 0 {
|
||||
kdfContext.HandshakeHash = hs.HandshakeHash
|
||||
}
|
||||
|
||||
// If we have a chaining key from the handshake state, use it
|
||||
if len(hs.ChachaKey) > 0 {
|
||||
kdfContext.ChainingKey = hs.ChachaKey
|
||||
}
|
||||
|
||||
// Derive the final session keys for bidirectional communication
|
||||
keyAB, keyBA, err := kdfContext.DeriveKeys()
|
||||
if err != nil {
|
||||
return oops.Errorf("failed to derive session keys: %w", err)
|
||||
}
|
||||
|
||||
// Set the session keys based on whether we're the initiator or responder
|
||||
if hs.IsInitiator {
|
||||
// For initiator (Alice), outbound = Alice->Bob, inbound = Bob->Alice
|
||||
c.outboundKey = keyAB
|
||||
c.inboundKey = keyBA
|
||||
} else {
|
||||
// For responder (Bob), outbound = Bob->Alice, inbound = Alice->Bob
|
||||
c.outboundKey = keyBA
|
||||
c.inboundKey = keyAB
|
||||
}
|
||||
|
||||
// Derive SipHash keys for length obfuscation
|
||||
sipHashKey, err := kdfContext.DeriveSipHashKey()
|
||||
if err != nil {
|
||||
return oops.Errorf("failed to derive SipHash keys: %w", err)
|
||||
}
|
||||
|
||||
// SipHash requires two 8-byte keys (k1, k2) and an 8-byte IV
|
||||
// The sipHashKey is 16 bytes - first 8 bytes are k1, next 8 bytes are k2
|
||||
if len(sipHashKey) < 16 {
|
||||
return oops.Errorf("derived SipHash key too short: %d bytes", len(sipHashKey))
|
||||
}
|
||||
|
||||
// Set up length obfuscation
|
||||
c.lengthEncryptKey1 = sipHashKey[:8]
|
||||
c.lengthEncryptKey2 = sipHashKey[8:16]
|
||||
|
||||
// Derive framing key for data phase
|
||||
framingKey, err := kdfContext.DeriveFramingKey()
|
||||
if err != nil {
|
||||
return oops.Errorf("failed to derive framing key: %w", err)
|
||||
}
|
||||
c.framingKey = framingKey
|
||||
|
||||
// Clear sensitive key material from the KDF context
|
||||
// to prevent leaking it in memory
|
||||
for i := range kdfContext.ChainingKey {
|
||||
kdfContext.ChainingKey[i] = 0
|
||||
}
|
||||
|
||||
// For additional security, also clear the handshake state keys
|
||||
// that are no longer needed
|
||||
for i := range hs.ChachaKey {
|
||||
hs.ChachaKey[i] = 0
|
||||
}
|
||||
hs.ChachaKey = nil
|
||||
|
||||
log.Debugf("NTCP2: Session keys derived successfully")
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user