From 358cdcf4c4aa3ceef12c5028b048957352ad4127 Mon Sep 17 00:00:00 2001 From: orignal Date: Fri, 21 Sep 2018 11:16:38 -0400 Subject: [PATCH] removed RSA signatures completly --- libi2pd/Identity.cpp | 57 +++------------------------ libi2pd/Reseed.cpp | 2 +- libi2pd/Signature.h | 93 +------------------------------------------- 3 files changed, 8 insertions(+), 144 deletions(-) diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index 7f64d931..0e49b8ad 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -72,29 +72,10 @@ namespace data break; } case SIGNING_KEY_TYPE_RSA_SHA256_2048: - { - memcpy (m_StandardIdentity.signingKey, signingKey, 128); - excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256 - 128 - excessBuf = new uint8_t[excessLen]; - memcpy (excessBuf, signingKey + 128, excessLen); - break; - } case SIGNING_KEY_TYPE_RSA_SHA384_3072: - { - memcpy (m_StandardIdentity.signingKey, signingKey, 128); - excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384 - 128 - excessBuf = new uint8_t[excessLen]; - memcpy (excessBuf, signingKey + 128, excessLen); - break; - } case SIGNING_KEY_TYPE_RSA_SHA512_4096: - { - memcpy (m_StandardIdentity.signingKey, signingKey, 128); - excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512 - 128 - excessBuf = new uint8_t[excessLen]; - memcpy (excessBuf, signingKey + 128, excessLen); - break; - } + LogPrint (eLogError, "Identity: RSA signing key type ", (int)type, " is not supported"); + break; case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: { size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32 @@ -368,32 +349,10 @@ namespace data break; } case SIGNING_KEY_TYPE_RSA_SHA256_2048: - { - uint8_t signingKey[i2p::crypto::RSASHA2562048_KEY_LENGTH]; - memcpy (signingKey, m_StandardIdentity.signingKey, 128); - size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128 - memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types - UpdateVerifier (new i2p::crypto:: RSASHA2562048Verifier (signingKey)); - break; - } case SIGNING_KEY_TYPE_RSA_SHA384_3072: - { - uint8_t signingKey[i2p::crypto::RSASHA3843072_KEY_LENGTH]; - memcpy (signingKey, m_StandardIdentity.signingKey, 128); - size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128 - memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types - UpdateVerifier (new i2p::crypto:: RSASHA3843072Verifier (signingKey)); - break; - } case SIGNING_KEY_TYPE_RSA_SHA512_4096: - { - uint8_t signingKey[i2p::crypto::RSASHA5124096_KEY_LENGTH]; - memcpy (signingKey, m_StandardIdentity.signingKey, 128); - size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128 - memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types - UpdateVerifier (new i2p::crypto:: RSASHA5124096Verifier (signingKey)); - break; - } + LogPrint (eLogError, "Identity: RSA signing key type ", (int)keyType, " is not supported"); + break; case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: { size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32 @@ -564,13 +523,9 @@ namespace data m_Signer.reset (new i2p::crypto::ECDSAP521Signer (m_SigningPrivateKey)); break; case SIGNING_KEY_TYPE_RSA_SHA256_2048: - m_Signer.reset (new i2p::crypto::RSASHA2562048Signer (m_SigningPrivateKey)); - break; case SIGNING_KEY_TYPE_RSA_SHA384_3072: - m_Signer.reset (new i2p::crypto::RSASHA3843072Signer (m_SigningPrivateKey)); - break; case SIGNING_KEY_TYPE_RSA_SHA512_4096: - m_Signer.reset (new i2p::crypto::RSASHA5124096Signer (m_SigningPrivateKey)); + LogPrint (eLogError, "Identity: RSA signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported"); break; case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); @@ -642,7 +597,7 @@ namespace data case SIGNING_KEY_TYPE_RSA_SHA256_2048: case SIGNING_KEY_TYPE_RSA_SHA384_3072: case SIGNING_KEY_TYPE_RSA_SHA512_4096: - LogPrint (eLogWarning, "Identity: RSA signature type is not supported. Create EdDSA"); + LogPrint (eLogWarning, "Identity: RSA signature type is not supported. Creating EdDSA"); // no break here case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey); diff --git a/libi2pd/Reseed.cpp b/libi2pd/Reseed.cpp index eebe9b38..40a0b740 100644 --- a/libi2pd/Reseed.cpp +++ b/libi2pd/Reseed.cpp @@ -219,7 +219,7 @@ namespace data BN_CTX * bnctx = BN_CTX_new (); BIGNUM * s = BN_new (), * n = BN_new (); BN_bin2bn (signature, signatureLength, s); - BN_bin2bn (it->second, i2p::crypto::RSASHA5124096_KEY_LENGTH, n); + BN_bin2bn (it->second, 512, n); // RSA 4096 assumed BN_mod_exp (s, s, i2p::crypto::GetRSAE (), n, bnctx); // s = s^e mod n uint8_t * enSigBuf = new uint8_t[signatureLength]; i2p::crypto::bn2buf (s, enSigBuf, signatureLength); diff --git a/libi2pd/Signature.h b/libi2pd/Signature.h index b645a3c3..a51f8955 100644 --- a/libi2pd/Signature.h +++ b/libi2pd/Signature.h @@ -6,7 +6,6 @@ #include #include #include -#include #include #include "Crypto.h" #include "Ed25519.h" @@ -149,6 +148,7 @@ namespace crypto enum { hashLen = 64 }; }; + // EcDSA template class ECDSAVerifier: public Verifier { @@ -269,97 +269,6 @@ namespace crypto CreateECDSARandomKeys (NID_secp521r1, ECDSAP521_KEY_LENGTH, signingPrivateKey, signingPublicKey); } -// RSA - template - class RSAVerifier: public Verifier - { - public: - - RSAVerifier (const uint8_t * signingKey) - { - m_PublicKey = RSA_new (); - RSA_set0_key (m_PublicKey, BN_bin2bn (signingKey, keyLen, NULL) /* n */ , BN_dup (GetRSAE ()) /* d */, NULL); - } - - ~RSAVerifier () - { - RSA_free (m_PublicKey); - } - - bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const - { - uint8_t digest[Hash::hashLen]; - Hash::CalculateHash (buf, len, digest); - return RSA_verify (type, digest, Hash::hashLen, signature, GetSignatureLen (), m_PublicKey); - } - size_t GetPublicKeyLen () const { return keyLen; } - size_t GetSignatureLen () const { return keyLen; } - size_t GetPrivateKeyLen () const { return GetSignatureLen ()*2; }; - - private: - - RSA * m_PublicKey; - }; - - - template - class RSASigner: public Signer - { - public: - - RSASigner (const uint8_t * signingPrivateKey) - { - m_PrivateKey = RSA_new (); - RSA_set0_key (m_PrivateKey, BN_bin2bn (signingPrivateKey, keyLen, NULL), /* n */ - BN_dup (GetRSAE ()) /* e */, BN_bin2bn (signingPrivateKey + keyLen, keyLen, NULL) /* d */); - } - - ~RSASigner () - { - RSA_free (m_PrivateKey); - } - - void Sign (const uint8_t * buf, int len, uint8_t * signature) const - { - uint8_t digest[Hash::hashLen]; - Hash::CalculateHash (buf, len, digest); - unsigned int signatureLen = keyLen; - RSA_sign (type, digest, Hash::hashLen, signature, &signatureLen, m_PrivateKey); - } - - private: - - RSA * m_PrivateKey; - }; - - inline void CreateRSARandomKeys (size_t publicKeyLen, uint8_t * signingPrivateKey, uint8_t * signingPublicKey) - { - RSA * rsa = RSA_new (); - BIGNUM * e = BN_dup (GetRSAE ()); // make it non-const - RSA_generate_key_ex (rsa, publicKeyLen*8, e, NULL); - const BIGNUM * n, * d, * e1; - RSA_get0_key (rsa, &n, &e1, &d); - bn2buf (n, signingPrivateKey, publicKeyLen); - bn2buf (d, signingPrivateKey + publicKeyLen, publicKeyLen); - bn2buf (n, signingPublicKey, publicKeyLen); - BN_free (e); // this e is not assigned to rsa->e - RSA_free (rsa); - } - -// RSA_SHA256_2048 - const size_t RSASHA2562048_KEY_LENGTH = 256; - typedef RSAVerifier RSASHA2562048Verifier; - typedef RSASigner RSASHA2562048Signer; - -// RSA_SHA384_3072 - const size_t RSASHA3843072_KEY_LENGTH = 384; - typedef RSAVerifier RSASHA3843072Verifier; - typedef RSASigner RSASHA3843072Signer; - -// RSA_SHA512_4096 - const size_t RSASHA5124096_KEY_LENGTH = 512; - typedef RSAVerifier RSASHA5124096Verifier; - typedef RSASigner RSASHA5124096Signer; // EdDSA class EDDSA25519Verifier: public Verifier