|
|
|
@ -1,4 +1,6 @@
@@ -1,4 +1,6 @@
|
|
|
|
|
#include <openssl/rand.h> |
|
|
|
|
#include <openssl/sha.h> |
|
|
|
|
#include <openssl/hmac.h> |
|
|
|
|
#include "Crypto.h" |
|
|
|
|
#include "Ed25519.h" |
|
|
|
|
#include "ChaCha20.h" |
|
|
|
@ -18,6 +20,35 @@ namespace transport
@@ -18,6 +20,35 @@ namespace transport
|
|
|
|
|
{ |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
bool NTCP2Session::KeyDerivationFunction (const uint8_t * rs, const uint8_t * pub, uint8_t * derived) |
|
|
|
|
{ |
|
|
|
|
static const char protocolName[] = "Noise_XK_25519_ChaChaPoly_SHA256"; // 32 bytes
|
|
|
|
|
uint8_t h[64], ck[33]; |
|
|
|
|
SHA256 ((const uint8_t *)protocolName, 32, h); |
|
|
|
|
memcpy (ck, h, 32); |
|
|
|
|
// h = SHA256(h || rs)
|
|
|
|
|
memcpy (h + 32, rs, 32); |
|
|
|
|
SHA256 (h, 64, h); |
|
|
|
|
// h = SHA256(h || pub)
|
|
|
|
|
memcpy (h + 32, pub, 32); |
|
|
|
|
SHA256 (h, 64, h); |
|
|
|
|
// x25519 between rs and priv
|
|
|
|
|
uint8_t inputKeyMaterial[32]; |
|
|
|
|
BN_CTX * ctx = BN_CTX_new (); |
|
|
|
|
i2p::crypto::GetEd25519 ()->Mul (rs, m_ExpandedPrivateKey, inputKeyMaterial, ctx); // rs*priv
|
|
|
|
|
BN_CTX_free (ctx); |
|
|
|
|
// temp_key = HMAC-SHA256(ck, input_key_material)
|
|
|
|
|
uint8_t tempKey[32]; unsigned int len; |
|
|
|
|
HMAC(EVP_sha256(), ck, 32, inputKeyMaterial, 32, tempKey, &len); |
|
|
|
|
// ck = HMAC-SHA256(temp_key, byte(0x01))
|
|
|
|
|
inputKeyMaterial[0] = 1; |
|
|
|
|
HMAC(EVP_sha256(), tempKey, 32, inputKeyMaterial, 1, ck, &len); |
|
|
|
|
// derived = HMAC-SHA256(temp_key, ck || byte(0x02))
|
|
|
|
|
ck[32] = 2; |
|
|
|
|
HMAC(EVP_sha256(), tempKey, 32, ck, 33, derived, &len); |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
void NTCP2Session::CreateEphemeralKey (uint8_t * pub) |
|
|
|
|
{ |
|
|
|
|
uint8_t key[32]; |
|
|
|
|