From 33aa8e2471655695fd78b2f848bce0f4e9515d91 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Wed, 5 Sep 2018 11:19:58 -0400
Subject: [PATCH] use x25519 from openssl 1.1.1 for ephemeral keys

---
 libi2pd/Crypto.h  |  1 +
 libi2pd/NTCP2.cpp | 29 ++++++++++++++++++++++++++++-
 libi2pd/NTCP2.h   |  4 ++++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h
index f8cd86a3..30d00d76 100644
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@@ -268,6 +268,7 @@ namespace crypto
 #   define LEGACY_OPENSSL 0
 #   if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
 #	   define OPENSSL_EDDSA 1
+#	   define OPENSSL_X25519 1
 #   endif
 #endif
 
diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp
index b6880e9c..6a319115 100644
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@@ -41,6 +41,9 @@ namespace transport
 		delete[] m_SessionRequestBuffer; 
 		delete[] m_SessionCreatedBuffer;
 		delete[] m_SessionConfirmedBuffer;
+#if OPENSSL_X25519
+		EVP_PKEY_free (m_EphemeralPkey);
+#endif
 	}
 
 	void NTCP2Establisher::MixKey (const uint8_t * inputKeyMaterial, uint8_t * derived)
@@ -119,7 +122,18 @@ namespace transport
 
 		// x25519 between remote pub and priv
 		uint8_t inputKeyMaterial[32];
-		i2p::crypto::GetEd25519 ()->ScalarMul (GetRemotePub (), GetPriv (), inputKeyMaterial, m_Ctx); 
+#if OPENSSL_X25519
+		auto pctx = EVP_PKEY_CTX_new (m_EphemeralPkey, NULL);	
+		EVP_PKEY_derive_init (pctx);
+		auto pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_X25519, NULL, GetRemotePub (), 32);
+		EVP_PKEY_derive_set_peer (pctx, pkey);
+		size_t len = 32;
+		EVP_PKEY_derive (pctx, inputKeyMaterial, &len); 	
+		EVP_PKEY_free (pkey);
+		EVP_PKEY_CTX_free (pctx);
+#else
+		i2p::crypto::GetEd25519 ()->ScalarMul (GetRemotePub (), GetPriv (), inputKeyMaterial, m_Ctx);
+#endif 
 		MixKey (inputKeyMaterial, m_K);
 	}
 
@@ -149,8 +163,21 @@ namespace transport
 
 	void NTCP2Establisher::CreateEphemeralKey ()
 	{
+#if OPENSSL_X25519
+		m_EphemeralPkey = nullptr;
+		EVP_PKEY_CTX * pctx = EVP_PKEY_CTX_new_id (NID_X25519, NULL);
+		EVP_PKEY_keygen_init (pctx);
+		EVP_PKEY_keygen (pctx, &m_EphemeralPkey);
+		EVP_PKEY_CTX_free (pctx);
+		// TODO: remove, after switch to m_EphemeralPkey 
+		size_t len = 32;
+		EVP_PKEY_get_raw_public_key (m_EphemeralPkey, m_EphemeralPublicKey, &len);
+		len = 32;
+		EVP_PKEY_get_raw_private_key (m_EphemeralPkey, m_EphemeralPrivateKey, &len);
+#else
 		RAND_bytes (m_EphemeralPrivateKey, 32);
 		i2p::crypto::GetEd25519 ()->ScalarMulB (m_EphemeralPrivateKey, m_EphemeralPublicKey, m_Ctx);
+#endif
 	}
 
 	void NTCP2Establisher::CreateSessionRequestMessage ()
diff --git a/libi2pd/NTCP2.h b/libi2pd/NTCP2.h
index 2b6748ab..10874abb 100644
--- a/libi2pd/NTCP2.h
+++ b/libi2pd/NTCP2.h
@@ -18,6 +18,7 @@
 #include <map>
 #include <array>
 #include <openssl/bn.h>
+#include <openssl/evp.h>
 #include <boost/asio.hpp>
 #include "util.h"
 #include "RouterInfo.h"
@@ -110,6 +111,9 @@ namespace transport
 
 		BN_CTX * m_Ctx;
 		uint8_t m_EphemeralPrivateKey[32], m_EphemeralPublicKey[32], m_RemoteEphemeralPublicKey[32]; // x25519
+#if OPENSSL_X25519
+		EVP_PKEY * m_EphemeralPkey;
+#endif
 		uint8_t m_RemoteStaticKey[32], m_IV[16], m_H[32] /*h*/, m_CK[33] /*ck*/, m_K[32] /*k*/;
 		i2p::data::IdentHash m_RemoteIdentHash;
 		uint16_t m3p2Len;