diff --git a/libi2pd/Destination.cpp b/libi2pd/Destination.cpp index b6584684..5687c8cc 100644 --- a/libi2pd/Destination.cpp +++ b/libi2pd/Destination.cpp @@ -711,6 +711,7 @@ namespace client else i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (), m_EncryptionPrivateKey, m_EncryptionPublicKey); + m_Decryptor = m_Keys.CreateDecryptor (m_EncryptionPrivateKey); if (isPublic) LogPrint (eLogInfo, "Destination: Local address ", GetIdentHash().ToBase32 (), " created"); } @@ -952,5 +953,12 @@ namespace client if (m_DatagramDestination) m_DatagramDestination->CleanUp (); } + void ClientDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + { + if (m_Decryptor) + m_Decryptor->Decrypt (encrypted, data, ctx); + else + LogPrint (eLogError, "Destinations: decryptor is not set"); + } } } diff --git a/libi2pd/Destination.h b/libi2pd/Destination.h index b4c20fcc..b315f6ca 100644 --- a/libi2pd/Destination.h +++ b/libi2pd/Destination.h @@ -206,6 +206,7 @@ namespace client // implements LocalDestination const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; }; + void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; std::shared_ptr GetIdentity () const { return m_Keys.GetPublic (); }; protected: @@ -228,6 +229,7 @@ namespace client i2p::data::PrivateKeys m_Keys; uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256]; + std::shared_ptr m_Decryptor; std::shared_ptr m_StreamingDestination; // default std::map > m_StreamingDestinationsByPorts; diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index 04e1c576..054a6a06 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -587,7 +587,13 @@ namespace data std::shared_ptr PrivateKeys::CreateDecryptor (const uint8_t * key) const { if (!key) key = m_PrivateKey; // use privateKey - switch (m_Public->GetCryptoKeyType ()) + return CreateDecryptor (m_Public->GetCryptoKeyType (), key); + } + + std::shared_ptr PrivateKeys::CreateDecryptor (CryptoKeyType cryptoType, const uint8_t * key) + { + if (!key) return nullptr; + switch (cryptoType) { case CRYPTO_KEY_TYPE_ELGAMAL: return std::make_shared(key); @@ -596,9 +602,9 @@ namespace data return std::make_shared(key); break; default: - LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)m_Public->GetCryptoKeyType ()); + LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)cryptoType); }; - return nullptr; + return nullptr; } PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type, CryptoKeyType cryptoType) diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index 1e141583..bbc75616 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -150,6 +150,7 @@ namespace data std::shared_ptr CreateDecryptor (const uint8_t * key) const; + static std::shared_ptr CreateDecryptor (CryptoKeyType cryptoType, const uint8_t * key); static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1, CryptoKeyType cryptoType = CRYPTO_KEY_TYPE_ELGAMAL); static void GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub); // priv and pub are 256 bytes long @@ -202,7 +203,8 @@ namespace data public: virtual ~LocalDestination() {}; - virtual const uint8_t * GetEncryptionPrivateKey () const = 0; + virtual const uint8_t * GetEncryptionPrivateKey () const = 0; // deprecated + virtual void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const = 0; virtual std::shared_ptr GetIdentity () const = 0; const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); }; diff --git a/libi2pd/RouterContext.cpp b/libi2pd/RouterContext.cpp index ff19d27f..53d49831 100644 --- a/libi2pd/RouterContext.cpp +++ b/libi2pd/RouterContext.cpp @@ -28,6 +28,7 @@ namespace i2p m_StartupTime = i2p::util::GetSecondsSinceEpoch (); if (!Load ()) CreateNewRouter (); + m_Decryptor = m_Keys.CreateDecryptor (nullptr); UpdateRouterInfo (); } @@ -478,4 +479,10 @@ namespace i2p { return i2p::util::GetSecondsSinceEpoch () - m_StartupTime; } + + void RouterContext::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + { + if (m_Decryptor) + m_Decryptor->Decrypt (encrypted, data, ctx); + } } diff --git a/libi2pd/RouterContext.h b/libi2pd/RouterContext.h index b3146b56..50bd6137 100644 --- a/libi2pd/RouterContext.h +++ b/libi2pd/RouterContext.h @@ -89,7 +89,8 @@ namespace i2p // implements LocalDestination std::shared_ptr GetIdentity () const { return m_Keys.GetPublic (); }; - const uint8_t * GetEncryptionPrivateKey () const { return m_Keys.GetPrivateKey (); }; + const uint8_t * GetEncryptionPrivateKey () const { return m_Keys.GetPrivateKey (); }; // deprecated + void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; const uint8_t * GetEncryptionPublicKey () const { return GetIdentity ()->GetStandardIdentity ().publicKey; }; void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); }; void SetLeaseSetUpdated () {}; @@ -115,6 +116,7 @@ namespace i2p i2p::data::RouterInfo m_RouterInfo; i2p::data::PrivateKeys m_Keys; + std::shared_ptr m_Decryptor; uint64_t m_LastUpdateTime; bool m_AcceptsTunnels, m_IsFloodfill; uint64_t m_StartupTime; // in seconds since epoch diff --git a/libi2pd_client/I2CP.cpp b/libi2pd_client/I2CP.cpp index e9fb4335..dd5dad11 100644 --- a/libi2pd_client/I2CP.cpp +++ b/libi2pd_client/I2CP.cpp @@ -31,6 +31,15 @@ namespace client void I2CPDestination::SetEncryptionPrivateKey (const uint8_t * key) { memcpy (m_EncryptionPrivateKey, key, 256); + m_Decryptor = i2p::data::PrivateKeys::CreateDecryptor (m_Identity->GetCryptoKeyType (), m_EncryptionPrivateKey); + } + + void I2CPDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + { + if (m_Decryptor) + m_Decryptor->Decrypt (encrypted, data, ctx); + else + LogPrint (eLogError, "I2CP: decryptor is not set"); } void I2CPDestination::HandleDataMessage (const uint8_t * buf, size_t len) diff --git a/libi2pd_client/I2CP.h b/libi2pd_client/I2CP.h index b55f43c1..087749fe 100644 --- a/libi2pd_client/I2CP.h +++ b/libi2pd_client/I2CP.h @@ -71,7 +71,8 @@ namespace client void SendMsgTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint32_t nonce); // called from I2CPSession // implements LocalDestination - const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; }; + const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; }; // deprecated + void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; std::shared_ptr GetIdentity () const { return m_Identity; }; protected: @@ -91,6 +92,7 @@ namespace client std::shared_ptr m_Owner; std::shared_ptr m_Identity; uint8_t m_EncryptionPrivateKey[256]; + std::shared_ptr m_Decryptor; uint64_t m_LeaseSetExpirationTime; };