Browse Source

siphash from openssl 1.1.1

pull/1243/head
orignal 6 years ago
parent
commit
8de443ec4c
  1. 1
      libi2pd/Crypto.h
  2. 50
      libi2pd/NTCP2.cpp
  3. 10
      libi2pd/NTCP2.h

1
libi2pd/Crypto.h

@ -27,6 +27,7 @@
# if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1 # if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
# define OPENSSL_EDDSA 1 # define OPENSSL_EDDSA 1
# define OPENSSL_X25519 1 # define OPENSSL_X25519 1
# define OPENSSL_SIPHASH 1
# endif # endif
#endif #endif

50
libi2pd/NTCP2.cpp

@ -390,6 +390,10 @@ namespace transport
TransportSession (in_RemoteRouter, NTCP2_ESTABLISH_TIMEOUT), TransportSession (in_RemoteRouter, NTCP2_ESTABLISH_TIMEOUT),
m_Server (server), m_Socket (m_Server.GetService ()), m_Server (server), m_Socket (m_Server.GetService ()),
m_IsEstablished (false), m_IsTerminated (false), m_IsEstablished (false), m_IsTerminated (false),
m_SendSipKey (nullptr), m_ReceiveSipKey (nullptr),
#if OPENSSL_SIPHASH
m_SendMDCtx(nullptr), m_ReceiveMDCtx (nullptr),
#endif
m_NextReceivedLen (0), m_NextReceivedBuffer (nullptr), m_NextSendBuffer (nullptr), m_NextReceivedLen (0), m_NextReceivedBuffer (nullptr), m_NextSendBuffer (nullptr),
m_ReceiveSequenceNumber (0), m_SendSequenceNumber (0), m_IsSending (false) m_ReceiveSequenceNumber (0), m_SendSequenceNumber (0), m_IsSending (false)
{ {
@ -412,6 +416,12 @@ namespace transport
{ {
delete[] m_NextReceivedBuffer; delete[] m_NextReceivedBuffer;
delete[] m_NextSendBuffer; delete[] m_NextSendBuffer;
#if OPENSSL_SIPHASH
if (m_SendSipKey) EVP_PKEY_free (m_SendSipKey);
if (m_ReceiveSipKey) EVP_PKEY_free (m_ReceiveSipKey);
if (m_SendMDCtx) EVP_MD_CTX_destroy (m_SendMDCtx);
if (m_ReceiveMDCtx) EVP_MD_CTX_destroy (m_ReceiveMDCtx);
#endif
} }
void NTCP2Session::Terminate () void NTCP2Session::Terminate ()
@ -621,8 +631,7 @@ namespace transport
// Alice data phase keys // Alice data phase keys
m_SendKey = m_Kab; m_SendKey = m_Kab;
m_ReceiveKey = m_Kba; m_ReceiveKey = m_Kba;
m_SendSipKey = m_Sipkeysab; SetSipKeys (m_Sipkeysab, m_Sipkeysba);
m_ReceiveSipKey = m_Sipkeysba;
memcpy (m_ReceiveIV.buf, m_Sipkeysba + 16, 8); memcpy (m_ReceiveIV.buf, m_Sipkeysba + 16, 8);
memcpy (m_SendIV.buf, m_Sipkeysab + 16, 8); memcpy (m_SendIV.buf, m_Sipkeysab + 16, 8);
Established (); Established ();
@ -674,8 +683,7 @@ namespace transport
// Bob data phase keys // Bob data phase keys
m_SendKey = m_Kba; m_SendKey = m_Kba;
m_ReceiveKey = m_Kab; m_ReceiveKey = m_Kab;
m_SendSipKey = m_Sipkeysba; SetSipKeys (m_Sipkeysba, m_Sipkeysab);
m_ReceiveSipKey = m_Sipkeysab;
memcpy (m_ReceiveIV.buf, m_Sipkeysab + 16, 8); memcpy (m_ReceiveIV.buf, m_Sipkeysab + 16, 8);
memcpy (m_SendIV.buf, m_Sipkeysba + 16, 8); memcpy (m_SendIV.buf, m_Sipkeysba + 16, 8);
// payload // payload
@ -733,6 +741,26 @@ namespace transport
} }
} }
void NTCP2Session::SetSipKeys (const uint8_t * sendSipKey, const uint8_t * receiveSipKey)
{
#if OPENSSL_SIPHASH
m_SendSipKey = EVP_PKEY_new_raw_private_key (EVP_PKEY_SIPHASH, nullptr, sendSipKey, 16);
m_SendMDCtx = EVP_MD_CTX_create ();
EVP_PKEY_CTX *ctx = nullptr;
EVP_DigestSignInit (m_SendMDCtx, &ctx, nullptr, nullptr, m_SendSipKey);
EVP_PKEY_CTX_ctrl (ctx, -1, EVP_PKEY_OP_SIGNCTX, EVP_PKEY_CTRL_SET_DIGEST_SIZE, 8, nullptr);
m_ReceiveSipKey = EVP_PKEY_new_raw_private_key (EVP_PKEY_SIPHASH, nullptr, receiveSipKey, 16);
m_ReceiveMDCtx = EVP_MD_CTX_create ();
ctx = nullptr;
EVP_DigestSignInit (m_ReceiveMDCtx, &ctx, NULL, NULL, m_ReceiveSipKey);
EVP_PKEY_CTX_ctrl (ctx, -1, EVP_PKEY_OP_SIGNCTX, EVP_PKEY_CTRL_SET_DIGEST_SIZE, 8, nullptr);
#else
m_SendSipKey = sendSipKey;
m_ReceiveSipKey = receiveSipKey;
#endif
}
void NTCP2Session::ClientLogin () void NTCP2Session::ClientLogin ()
{ {
SendSessionRequest (); SendSessionRequest ();
@ -763,7 +791,14 @@ namespace transport
} }
else else
{ {
#if OPENSSL_SIPHASH
EVP_DigestSignInit (m_ReceiveMDCtx, nullptr, nullptr, nullptr, nullptr);
EVP_DigestSignUpdate (m_ReceiveMDCtx, m_ReceiveIV.buf, 8);
size_t l = 8;
EVP_DigestSignFinal (m_ReceiveMDCtx, m_ReceiveIV.buf, &l);
#else
i2p::crypto::Siphash<8> (m_ReceiveIV.buf, m_ReceiveIV.buf, 8, m_ReceiveSipKey); i2p::crypto::Siphash<8> (m_ReceiveIV.buf, m_ReceiveIV.buf, 8, m_ReceiveSipKey);
#endif
// m_NextReceivedLen comes from the network in BigEndian // m_NextReceivedLen comes from the network in BigEndian
m_NextReceivedLen = be16toh (m_NextReceivedLen) ^ le16toh (m_ReceiveIV.key); m_NextReceivedLen = be16toh (m_NextReceivedLen) ^ le16toh (m_ReceiveIV.key);
LogPrint (eLogDebug, "NTCP2: received length ", m_NextReceivedLen); LogPrint (eLogDebug, "NTCP2: received length ", m_NextReceivedLen);
@ -884,7 +919,14 @@ namespace transport
CreateNonce (m_SendSequenceNumber, nonce); m_SendSequenceNumber++; CreateNonce (m_SendSequenceNumber, nonce); m_SendSequenceNumber++;
m_NextSendBuffer = new uint8_t[len + 16 + 2]; m_NextSendBuffer = new uint8_t[len + 16 + 2];
i2p::crypto::AEADChaCha20Poly1305 (payload, len, nullptr, 0, m_SendKey, nonce, m_NextSendBuffer + 2, len + 16, true); i2p::crypto::AEADChaCha20Poly1305 (payload, len, nullptr, 0, m_SendKey, nonce, m_NextSendBuffer + 2, len + 16, true);
#if OPENSSL_SIPHASH
EVP_DigestSignInit (m_SendMDCtx, nullptr, nullptr, nullptr, nullptr);
EVP_DigestSignUpdate (m_SendMDCtx, m_SendIV.buf, 8);
size_t l = 8;
EVP_DigestSignFinal (m_SendMDCtx, m_SendIV.buf, &l);
#else
i2p::crypto::Siphash<8> (m_SendIV.buf, m_SendIV.buf, 8, m_SendSipKey); i2p::crypto::Siphash<8> (m_SendIV.buf, m_SendIV.buf, 8, m_SendSipKey);
#endif
// length must be in BigEndian // length must be in BigEndian
htobe16buf (m_NextSendBuffer, (len + 16) ^ le16toh (m_SendIV.key)); htobe16buf (m_NextSendBuffer, (len + 16) ^ le16toh (m_SendIV.key));
LogPrint (eLogDebug, "NTCP2: sent length ", len + 16); LogPrint (eLogDebug, "NTCP2: sent length ", len + 16);

10
libi2pd/NTCP2.h

@ -18,6 +18,7 @@
#include <map> #include <map>
#include <array> #include <array>
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/evp.h>
#include <boost/asio.hpp> #include <boost/asio.hpp>
#include "Crypto.h" #include "Crypto.h"
#include "util.h" #include "util.h"
@ -147,6 +148,7 @@ namespace transport
void CreateNonce (uint64_t seqn, uint8_t * nonce); void CreateNonce (uint64_t seqn, uint8_t * nonce);
void KeyDerivationFunctionDataPhase (); void KeyDerivationFunctionDataPhase ();
void SetSipKeys (const uint8_t * sendSipKey, const uint8_t * receiveSipKey);
// establish // establish
void SendSessionRequest (); void SendSessionRequest ();
@ -186,7 +188,13 @@ namespace transport
std::unique_ptr<NTCP2Establisher> m_Establisher; std::unique_ptr<NTCP2Establisher> m_Establisher;
// data phase // data phase
uint8_t m_Kab[33], m_Kba[32], m_Sipkeysab[33], m_Sipkeysba[32]; uint8_t m_Kab[33], m_Kba[32], m_Sipkeysab[33], m_Sipkeysba[32];
const uint8_t * m_SendKey, * m_ReceiveKey, * m_SendSipKey, * m_ReceiveSipKey; const uint8_t * m_SendKey, * m_ReceiveKey;
#if OPENSSL_SIPHASH
EVP_PKEY * m_SendSipKey, * m_ReceiveSipKey;
EVP_MD_CTX * m_SendMDCtx, * m_ReceiveMDCtx;
#else
const uint8_t * m_SendSipKey, * m_ReceiveSipKey;
#endif
uint16_t m_NextReceivedLen; uint16_t m_NextReceivedLen;
uint8_t * m_NextReceivedBuffer, * m_NextSendBuffer; uint8_t * m_NextReceivedBuffer, * m_NextSendBuffer;
union union

Loading…
Cancel
Save