2020-05-22 16:18:41 +03:00
/*
2024-07-06 08:50:51 -04:00
* Copyright ( c ) 2013 - 2024 , The PurpleI2P Project
2020-05-22 16:18:41 +03:00
*
* This file is part of Purple i2pd project and licensed under BSD3
*
* See full license text in LICENSE file at top of project tree
*/
2015-11-03 09:15:49 -05:00
# ifndef CRYPTO_H__
# define CRYPTO_H__
2014-05-06 12:22:22 -04:00
# include <inttypes.h>
2015-11-03 09:15:49 -05:00
# include <string>
2018-11-30 14:41:14 -05:00
# include <vector>
2016-05-11 16:02:26 -04:00
# include <openssl/bn.h>
# include <openssl/dh.h>
# include <openssl/aes.h>
# include <openssl/dsa.h>
2016-11-09 15:59:01 -05:00
# include <openssl/ecdsa.h>
2016-11-04 10:59:55 -04:00
# include <openssl/rsa.h>
2016-05-11 16:02:26 -04:00
# include <openssl/sha.h>
2016-11-10 12:51:39 -05:00
# include <openssl/evp.h>
2016-05-11 16:02:26 -04:00
# include <openssl/rand.h>
2018-09-08 16:52:42 -04:00
# include <openssl/opensslv.h>
2016-06-28 00:00:00 +00:00
2015-11-03 09:15:49 -05:00
# include "Base.h"
2016-06-28 00:00:00 +00:00
# include "Tag.h"
2018-02-16 11:00:33 -05:00
# include "CPU.h"
2014-05-06 12:22:22 -04:00
2018-09-08 16:52:42 -04:00
// recognize openssl version and features
2024-07-06 08:50:51 -04:00
# if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
# define OPENSSL_HKDF 1
# define OPENSSL_EDDSA 1
2024-07-30 08:13:24 -04:00
# if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER != 0x030000000)) // 3.0.0, regression in SipHash, not implemented in LibreSSL
2024-07-06 08:50:51 -04:00
# define OPENSSL_SIPHASH 1
2022-05-20 19:56:05 +03:00
# endif
2018-09-08 16:52:42 -04:00
# endif
2014-05-06 12:22:22 -04:00
namespace i2p
{
namespace crypto
2015-11-03 09:15:49 -05:00
{
2015-12-18 10:09:25 -05:00
bool bn2buf ( const BIGNUM * bn , uint8_t * buf , size_t len ) ;
2015-11-03 09:15:49 -05:00
// DSA
2018-01-06 11:48:51 +08:00
DSA * CreateDSA ( ) ;
2015-11-03 09:15:49 -05:00
// RSA
2015-12-18 10:09:25 -05:00
const BIGNUM * GetRSAE ( ) ;
2015-11-03 09:15:49 -05:00
2018-09-08 16:52:42 -04:00
// x25519
class X25519Keys
{
public :
X25519Keys ( ) ;
2019-06-11 10:40:53 -04:00
X25519Keys ( const uint8_t * priv , const uint8_t * pub ) ; // if pub is null, derive from priv
2018-09-08 16:52:42 -04:00
~ X25519Keys ( ) ;
void GenerateKeys ( ) ;
const uint8_t * GetPublicKey ( ) const { return m_PublicKey ; } ;
2018-11-01 10:43:31 -04:00
void GetPrivateKey ( uint8_t * priv ) const ;
2020-06-03 16:05:19 -04:00
void SetPrivateKey ( const uint8_t * priv , bool calculatePublic = false ) ;
2021-01-01 15:03:11 -05:00
bool Agree ( const uint8_t * pub , uint8_t * shared ) ;
2018-09-08 16:52:42 -04:00
2020-06-30 13:00:41 -04:00
bool IsElligatorIneligible ( ) const { return m_IsElligatorIneligible ; }
void SetElligatorIneligible ( ) { m_IsElligatorIneligible = true ; }
2021-11-27 23:30:35 +03:00
2018-09-08 16:52:42 -04:00
private :
2020-03-01 13:25:50 +03:00
uint8_t m_PublicKey [ 32 ] ;
2018-09-08 16:52:42 -04:00
EVP_PKEY_CTX * m_Ctx ;
EVP_PKEY * m_Pkey ;
2021-11-12 18:33:51 +02:00
bool m_IsElligatorIneligible = false ; // true if definitely ineligible
2018-09-08 16:52:42 -04:00
} ;
2020-03-01 13:25:50 +03:00
2015-11-03 09:15:49 -05:00
// ElGamal
2021-11-27 23:30:35 +03:00
void ElGamalEncrypt ( const uint8_t * key , const uint8_t * data , uint8_t * encrypted ) ; // 222 bytes data, 514 bytes encrypted
2021-08-31 18:51:40 -04:00
bool ElGamalDecrypt ( const uint8_t * key , const uint8_t * encrypted , uint8_t * data ) ; // 514 bytes encrypted, 222 data
2015-11-03 09:15:49 -05:00
void GenerateElGamalKeyPair ( uint8_t * priv , uint8_t * pub ) ;
2017-11-06 13:40:58 -05:00
// ECIES
2021-09-03 13:30:01 -04:00
void ECIESEncrypt ( const EC_GROUP * curve , const EC_POINT * key , const uint8_t * data , uint8_t * encrypted ) ; // 222 bytes data, 514 bytes encrypted
2021-08-31 18:51:40 -04:00
bool ECIESDecrypt ( const EC_GROUP * curve , const BIGNUM * key , const uint8_t * encrypted , uint8_t * data ) ; // 514 bytes encrypted, 222 data
2017-11-06 13:40:58 -05:00
void GenerateECIESKeyPair ( const EC_GROUP * curve , BIGNUM * & priv , EC_POINT * & pub ) ;
2018-01-06 11:48:51 +08:00
2015-11-03 09:15:49 -05:00
// AES
2018-01-06 11:48:51 +08:00
struct ChipherBlock
2014-05-06 12:22:22 -04:00
{
uint8_t buf [ 16 ] ;
2014-05-09 11:44:39 -04:00
2014-05-09 12:05:04 -04:00
void operator ^ = ( const ChipherBlock & other ) // XOR
2014-05-09 11:44:39 -04:00
{
2018-11-27 14:33:31 -05:00
if ( ! ( ( ( size_t ) buf | ( size_t ) other . buf ) & 0x03 ) ) // multiple of 4 ?
2020-03-01 13:25:50 +03:00
{
2018-11-27 14:33:31 -05:00
for ( int i = 0 ; i < 4 ; i + + )
reinterpret_cast < uint32_t * > ( buf ) [ i ] ^ = reinterpret_cast < const uint32_t * > ( other . buf ) [ i ] ;
2020-03-01 13:25:50 +03:00
}
2018-11-25 10:33:48 -05:00
else
2020-03-01 13:25:50 +03:00
{
2018-11-25 10:33:48 -05:00
for ( int i = 0 ; i < 16 ; i + + )
buf [ i ] ^ = other . buf [ i ] ;
2020-03-01 13:25:50 +03:00
}
2018-01-06 11:48:51 +08:00
}
2014-05-06 12:22:22 -04:00
} ;
2014-11-01 14:56:13 -04:00
typedef i2p : : data : : Tag < 32 > AESKey ;
2018-01-06 11:48:51 +08:00
2014-11-18 12:11:45 -05:00
template < size_t sz >
class AESAlignedBuffer // 16 bytes alignment
{
public :
2018-01-06 11:48:51 +08:00
2014-11-18 12:11:45 -05:00
AESAlignedBuffer ( )
{
m_Buf = m_UnalignedBuffer ;
2014-11-26 11:04:49 -05:00
uint8_t rem = ( ( size_t ) m_Buf ) & 0x0f ;
2014-11-18 12:11:45 -05:00
if ( rem )
m_Buf + = ( 16 - rem ) ;
}
2018-01-06 11:48:51 +08:00
2014-11-18 12:11:45 -05:00
operator uint8_t * ( ) { return m_Buf ; } ;
operator const uint8_t * ( ) const { return m_Buf ; } ;
2016-11-21 21:13:13 -05:00
ChipherBlock * GetChipherBlock ( ) { return ( ChipherBlock * ) m_Buf ; } ;
const ChipherBlock * GetChipherBlock ( ) const { return ( const ChipherBlock * ) m_Buf ; } ;
2018-01-06 11:48:51 +08:00
2014-11-18 12:11:45 -05:00
private :
uint8_t m_UnalignedBuffer [ sz + 15 ] ; // up to 15 bytes alignment
uint8_t * m_Buf ;
2018-01-06 11:48:51 +08:00
} ;
2014-11-18 12:11:45 -05:00
2023-09-17 18:33:42 +00:00
# if SUPPORTS_AES
2014-05-07 15:40:24 -04:00
class ECBCryptoAESNI
2018-01-06 11:48:51 +08:00
{
2014-05-08 21:43:08 -04:00
public :
2014-05-12 22:51:59 -04:00
uint8_t * GetKeySchedule ( ) { return m_KeySchedule ; } ;
2014-11-18 12:11:45 -05:00
2014-05-08 15:11:38 -04:00
protected :
2014-11-01 21:53:45 -04:00
void ExpandKey ( const AESKey & key ) ;
2018-01-06 11:48:51 +08:00
2014-11-18 12:11:45 -05:00
private :
2014-05-08 15:11:38 -04:00
2018-02-16 11:00:33 -05:00
AESAlignedBuffer < 240 > m_KeySchedule ; // 14 rounds for AES-256, 240 bytes
2018-01-06 11:48:51 +08:00
} ;
2018-02-16 11:00:33 -05:00
# endif
2014-05-08 15:11:38 -04:00
2023-09-17 18:33:42 +00:00
# if SUPPORTS_AES
2018-02-16 11:00:33 -05:00
class ECBEncryption : public ECBCryptoAESNI
# else
2014-05-08 16:49:00 -04:00
class ECBEncryption
2018-02-16 11:00:33 -05:00
# endif
2014-05-08 16:49:00 -04:00
{
public :
2018-01-06 11:48:51 +08:00
2018-02-16 11:00:33 -05:00
void SetKey ( const AESKey & key ) ;
2018-06-27 17:09:46 +08:00
2018-02-16 11:00:33 -05:00
void Encrypt ( const ChipherBlock * in , ChipherBlock * out ) ;
2014-05-08 16:49:00 -04:00
2018-02-16 11:00:33 -05:00
private :
AES_KEY m_Key ;
2018-01-06 11:48:51 +08:00
} ;
2014-05-08 16:49:00 -04:00
2023-09-17 18:33:42 +00:00
# if SUPPORTS_AES
2018-02-16 11:00:33 -05:00
class ECBDecryption : public ECBCryptoAESNI
# else
2014-05-08 16:49:00 -04:00
class ECBDecryption
2018-02-16 11:00:33 -05:00
# endif
2014-05-08 16:49:00 -04:00
{
public :
2018-01-06 11:48:51 +08:00
2018-02-16 11:00:33 -05:00
void SetKey ( const AESKey & key ) ;
void Decrypt ( const ChipherBlock * in , ChipherBlock * out ) ;
2014-05-08 16:49:00 -04:00
private :
2015-11-03 09:15:49 -05:00
AES_KEY m_Key ;
2018-01-06 11:48:51 +08:00
} ;
2014-05-08 16:49:00 -04:00
2014-05-06 12:22:22 -04:00
class CBCEncryption
{
public :
2018-01-06 11:48:51 +08:00
2016-11-21 21:13:13 -05:00
CBCEncryption ( ) { memset ( ( uint8_t * ) m_LastBlock , 0 , 16 ) ; } ;
2014-05-06 12:22:22 -04:00
2014-11-01 21:53:45 -04:00
void SetKey ( const AESKey & key ) { m_ECBEncryption . SetKey ( key ) ; } ; // 32 bytes
2016-11-21 21:13:13 -05:00
void SetIV ( const uint8_t * iv ) { memcpy ( ( uint8_t * ) m_LastBlock , iv , 16 ) ; } ; // 16 bytes
2018-06-13 14:56:51 -04:00
void GetIV ( uint8_t * iv ) const { memcpy ( iv , ( const uint8_t * ) m_LastBlock , 16 ) ; } ;
2014-05-06 12:22:22 -04:00
void Encrypt ( int numBlocks , const ChipherBlock * in , ChipherBlock * out ) ;
2014-06-08 07:56:04 -04:00
void Encrypt ( const uint8_t * in , std : : size_t len , uint8_t * out ) ;
2014-05-14 14:54:01 -04:00
void Encrypt ( const uint8_t * in , uint8_t * out ) ; // one block
2014-05-06 12:22:22 -04:00
2018-02-16 11:00:33 -05:00
ECBEncryption & ECB ( ) { return m_ECBEncryption ; }
2018-06-27 17:09:46 +08:00
2014-05-06 12:22:22 -04:00
private :
2016-11-21 21:13:13 -05:00
AESAlignedBuffer < 16 > m_LastBlock ;
2018-01-06 11:48:51 +08:00
2014-05-08 21:43:08 -04:00
ECBEncryption m_ECBEncryption ;
2014-05-06 12:22:22 -04:00
} ;
class CBCDecryption
{
public :
2018-01-06 11:48:51 +08:00
2016-11-21 21:13:13 -05:00
CBCDecryption ( ) { memset ( ( uint8_t * ) m_IV , 0 , 16 ) ; } ;
2014-05-06 12:22:22 -04:00
2014-11-01 21:53:45 -04:00
void SetKey ( const AESKey & key ) { m_ECBDecryption . SetKey ( key ) ; } ; // 32 bytes
2016-11-21 21:13:13 -05:00
void SetIV ( const uint8_t * iv ) { memcpy ( ( uint8_t * ) m_IV , iv , 16 ) ; } ; // 16 bytes
2018-06-13 14:56:51 -04:00
void GetIV ( uint8_t * iv ) const { memcpy ( iv , ( const uint8_t * ) m_IV , 16 ) ; } ;
2014-05-06 12:22:22 -04:00
void Decrypt ( int numBlocks , const ChipherBlock * in , ChipherBlock * out ) ;
2014-06-08 07:56:04 -04:00
void Decrypt ( const uint8_t * in , std : : size_t len , uint8_t * out ) ;
2014-05-14 14:54:01 -04:00
void Decrypt ( const uint8_t * in , uint8_t * out ) ; // one block
2014-05-06 12:22:22 -04:00
2018-02-16 11:00:33 -05:00
ECBDecryption & ECB ( ) { return m_ECBDecryption ; }
2018-06-27 17:09:46 +08:00
2014-05-06 12:22:22 -04:00
private :
2016-11-21 21:13:13 -05:00
AESAlignedBuffer < 16 > m_IV ;
2014-05-08 21:43:08 -04:00
ECBDecryption m_ECBDecryption ;
2018-01-06 11:48:51 +08:00
} ;
2014-05-15 11:21:41 -04:00
class TunnelEncryption // with double IV encryption
{
public :
2014-11-01 21:53:45 -04:00
void SetKeys ( const AESKey & layerKey , const AESKey & ivKey )
2014-05-15 11:21:41 -04:00
{
m_LayerEncryption . SetKey ( layerKey ) ;
m_IVEncryption . SetKey ( ivKey ) ;
2018-01-06 11:48:51 +08:00
}
2014-05-15 11:21:41 -04:00
2018-01-06 11:48:51 +08:00
void Encrypt ( const uint8_t * in , uint8_t * out ) ; // 1024 bytes (16 IV + 1008 data)
2014-05-15 11:21:41 -04:00
private :
ECBEncryption m_IVEncryption ;
CBCEncryption m_LayerEncryption ;
} ;
class TunnelDecryption // with double IV encryption
{
public :
2014-11-01 21:53:45 -04:00
void SetKeys ( const AESKey & layerKey , const AESKey & ivKey )
2014-05-15 11:21:41 -04:00
{
m_LayerDecryption . SetKey ( layerKey ) ;
m_IVDecryption . SetKey ( ivKey ) ;
2018-01-06 11:48:51 +08:00
}
2014-05-15 11:21:41 -04:00
2018-01-06 11:48:51 +08:00
void Decrypt ( const uint8_t * in , uint8_t * out ) ; // 1024 bytes (16 IV + 1008 data)
2014-05-15 11:21:41 -04:00
private :
ECBDecryption m_IVDecryption ;
CBCDecryption m_LayerDecryption ;
2018-01-06 11:48:51 +08:00
} ;
2018-06-13 11:41:46 -04:00
// AEAD/ChaCha20/Poly1305
2018-06-27 17:09:46 +08:00
bool AEADChaCha20Poly1305 ( const uint8_t * msg , size_t msgLen , const uint8_t * ad , size_t adLen , const uint8_t * key , const uint8_t * nonce , uint8_t * buf , size_t len , bool encrypt ) ; // msgLen is len without tag
2018-12-04 12:54:48 -05:00
void AEADChaCha20Poly1305Encrypt ( const std : : vector < std : : pair < uint8_t * , size_t > > & bufs , const uint8_t * key , const uint8_t * nonce , uint8_t * mac ) ; // encrypt multiple buffers with zero ad
2018-11-30 14:41:14 -05:00
2019-03-15 12:25:20 -04:00
// ChaCha20
2019-02-28 13:31:51 -05:00
void ChaCha20 ( const uint8_t * msg , size_t msgLen , const uint8_t * key , const uint8_t * nonce , uint8_t * out ) ;
2019-03-15 12:25:20 -04:00
// HKDF
2020-03-01 13:25:50 +03:00
void HKDF ( const uint8_t * salt , const uint8_t * key , size_t keyLen , const std : : string & info , uint8_t * out , size_t outLen = 64 ) ; // salt - 32, out - 32 or 64, info <= 32
2019-03-15 12:25:20 -04:00
2020-10-28 21:53:11 -04:00
// Noise
struct NoiseSymmetricState
{
uint8_t m_H [ 32 ] /*h*/ , m_CK [ 64 ] /*[ck, k]*/ ;
2020-11-15 01:31:20 +03:00
2020-10-28 21:53:11 -04:00
void MixHash ( const uint8_t * buf , size_t len ) ;
2022-03-07 18:20:06 -05:00
void MixHash ( const std : : vector < std : : pair < uint8_t * , size_t > > & bufs ) ;
2021-11-27 23:30:35 +03:00
void MixKey ( const uint8_t * sharedSecret ) ;
2020-11-15 01:31:20 +03:00
} ;
2020-12-03 17:58:37 -05:00
void InitNoiseNState ( NoiseSymmetricState & state , const uint8_t * pub ) ; // Noise_N (tunnels, router)
void InitNoiseXKState ( NoiseSymmetricState & state , const uint8_t * pub ) ; // Noise_XK (NTCP2)
2022-02-05 15:58:39 -05:00
void InitNoiseXKState1 ( NoiseSymmetricState & state , const uint8_t * pub ) ; // Noise_XK (SSU2)
2020-12-03 17:58:37 -05:00
void InitNoiseIKState ( NoiseSymmetricState & state , const uint8_t * pub ) ; // Noise_IK (ratchets)
2021-11-27 23:30:35 +03:00
2018-06-13 11:41:46 -04:00
// init and terminate
2023-08-31 16:52:51 +00:00
void InitCrypto ( bool precomputation , bool aesni , bool force ) ;
2015-12-31 16:02:10 -05:00
void TerminateCrypto ( ) ;
2018-01-06 11:48:51 +08:00
}
}
2016-10-12 12:31:27 -04:00
2014-05-06 12:22:22 -04:00
# endif