mirror of https://github.com/PurpleI2P/i2pd.git
I2P: End-to-End encrypted and anonymous Internet
https://i2pd.website/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
863 lines
28 KiB
863 lines
28 KiB
/* |
|
* Copyright (c) 2013-2022, The PurpleI2P Project |
|
* |
|
* This file is part of Purple i2pd project and licensed under BSD3 |
|
* |
|
* See full license text in LICENSE file at top of project tree |
|
*/ |
|
|
|
#include "Crypto.h" |
|
#include "I2PEndian.h" |
|
#include "Log.h" |
|
#include "Timestamp.h" |
|
#include "Identity.h" |
|
|
|
namespace i2p |
|
{ |
|
namespace data |
|
{ |
|
Identity& Identity::operator=(const Keys& keys) |
|
{ |
|
// copy public and signing keys together |
|
memcpy (publicKey, keys.publicKey, sizeof (publicKey)); |
|
memcpy (signingKey, keys.signingKey, sizeof (signingKey)); |
|
memset (certificate, 0, sizeof (certificate)); |
|
return *this; |
|
} |
|
|
|
size_t Identity::FromBuffer (const uint8_t * buf, size_t len) |
|
{ |
|
if ( len < DEFAULT_IDENTITY_SIZE ) { |
|
// buffer too small, don't overflow |
|
return 0; |
|
} |
|
memcpy (publicKey, buf, DEFAULT_IDENTITY_SIZE); |
|
return DEFAULT_IDENTITY_SIZE; |
|
} |
|
|
|
IdentHash Identity::Hash () const |
|
{ |
|
IdentHash hash; |
|
SHA256(publicKey, DEFAULT_IDENTITY_SIZE, hash); |
|
return hash; |
|
} |
|
|
|
IdentityEx::IdentityEx (): |
|
m_ExtendedLen (0) |
|
{ |
|
} |
|
|
|
IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type, CryptoKeyType cryptoType) |
|
{ |
|
uint8_t randomPaddingBlock[32]; |
|
RAND_bytes (randomPaddingBlock, 32); |
|
if (cryptoType == CRYPTO_KEY_TYPE_ECIES_X25519_AEAD) |
|
{ |
|
memcpy (m_StandardIdentity.publicKey, publicKey ? publicKey : randomPaddingBlock, 32); |
|
for (int i = 0; i < 7; i++) // 224 bytes |
|
memcpy (m_StandardIdentity.publicKey + 32*(i + 1), randomPaddingBlock, 32); |
|
} |
|
else |
|
{ |
|
if (publicKey) |
|
memcpy (m_StandardIdentity.publicKey, publicKey, 256); |
|
else |
|
for (int i = 0; i < 8; i++) // 256 bytes |
|
memcpy (m_StandardIdentity.publicKey + 32*i, randomPaddingBlock, 32); |
|
} |
|
if (type != SIGNING_KEY_TYPE_DSA_SHA1) |
|
{ |
|
size_t excessLen = 0; |
|
uint8_t * excessBuf = nullptr; |
|
switch (type) |
|
{ |
|
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: |
|
{ |
|
size_t padding = 128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64 |
|
RAND_bytes (m_StandardIdentity.signingKey, padding); |
|
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP256_KEY_LENGTH); |
|
break; |
|
} |
|
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: |
|
{ |
|
size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96 |
|
RAND_bytes (m_StandardIdentity.signingKey, padding); |
|
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP384_KEY_LENGTH); |
|
break; |
|
} |
|
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: |
|
{ |
|
memcpy (m_StandardIdentity.signingKey, signingKey, 128); |
|
excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132 - 128 |
|
excessBuf = new uint8_t[excessLen]; |
|
memcpy (excessBuf, signingKey + 128, excessLen); |
|
break; |
|
} |
|
case SIGNING_KEY_TYPE_RSA_SHA256_2048: |
|
case SIGNING_KEY_TYPE_RSA_SHA384_3072: |
|
case SIGNING_KEY_TYPE_RSA_SHA512_4096: |
|
LogPrint (eLogError, "Identity: RSA signing key type ", (int)type, " is not supported"); |
|
break; |
|
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: |
|
case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519: |
|
{ |
|
size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32 |
|
for (int i = 0; i < 3; i++) // 96 bytes |
|
memcpy (m_StandardIdentity.signingKey + 32*i, randomPaddingBlock, 32); |
|
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH); |
|
break; |
|
} |
|
case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: |
|
{ |
|
// 256 |
|
size_t padding = 128 - i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH; // 64 = 128 - 64 |
|
RAND_bytes (m_StandardIdentity.signingKey, padding); |
|
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH); |
|
break; |
|
} |
|
case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: |
|
{ |
|
// 512 |
|
// no padding, key length is 128 |
|
memcpy (m_StandardIdentity.signingKey, signingKey, i2p::crypto::GOSTR3410_512_PUBLIC_KEY_LENGTH); |
|
break; |
|
} |
|
default: |
|
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported"); |
|
} |
|
m_ExtendedLen = 4 + excessLen; // 4 bytes extra + excess length |
|
// fill certificate |
|
m_StandardIdentity.certificate[0] = CERTIFICATE_TYPE_KEY; |
|
htobe16buf (m_StandardIdentity.certificate + 1, m_ExtendedLen); |
|
// fill extended buffer |
|
htobe16buf (m_ExtendedBuffer, type); |
|
htobe16buf (m_ExtendedBuffer + 2, cryptoType); |
|
if (excessLen && excessBuf) |
|
{ |
|
if (excessLen > MAX_EXTENDED_BUFFER_SIZE - 4) |
|
{ |
|
LogPrint (eLogError, "Identity: Unexpected excessive signing key len ", excessLen); |
|
excessLen = MAX_EXTENDED_BUFFER_SIZE - 4; |
|
} |
|
memcpy (m_ExtendedBuffer + 4, excessBuf, excessLen); |
|
delete[] excessBuf; |
|
} |
|
// calculate ident hash |
|
RecalculateIdentHash(); |
|
} |
|
else // DSA-SHA1 |
|
{ |
|
memcpy (m_StandardIdentity.signingKey, signingKey, sizeof (m_StandardIdentity.signingKey)); |
|
memset (m_StandardIdentity.certificate, 0, sizeof (m_StandardIdentity.certificate)); |
|
m_IdentHash = m_StandardIdentity.Hash (); |
|
m_ExtendedLen = 0; |
|
} |
|
CreateVerifier (); |
|
} |
|
|
|
void IdentityEx::RecalculateIdentHash(uint8_t * buf) |
|
{ |
|
bool dofree = buf == nullptr; |
|
size_t sz = GetFullLen(); |
|
if(!buf) |
|
buf = new uint8_t[sz]; |
|
ToBuffer (buf, sz); |
|
SHA256(buf, sz, m_IdentHash); |
|
if(dofree) |
|
delete[] buf; |
|
} |
|
|
|
IdentityEx::IdentityEx (const uint8_t * buf, size_t len): |
|
m_ExtendedLen (0) |
|
{ |
|
FromBuffer (buf, len); |
|
} |
|
|
|
IdentityEx::IdentityEx (const IdentityEx& other): |
|
m_ExtendedLen (0) |
|
{ |
|
*this = other; |
|
} |
|
|
|
IdentityEx::IdentityEx (const Identity& standard): |
|
m_ExtendedLen (0) |
|
{ |
|
*this = standard; |
|
} |
|
|
|
IdentityEx::~IdentityEx () |
|
{ |
|
delete m_Verifier; |
|
} |
|
|
|
IdentityEx& IdentityEx::operator=(const IdentityEx& other) |
|
{ |
|
memcpy (&m_StandardIdentity, &other.m_StandardIdentity, DEFAULT_IDENTITY_SIZE); |
|
m_IdentHash = other.m_IdentHash; |
|
|
|
m_ExtendedLen = other.m_ExtendedLen; |
|
if (m_ExtendedLen > 0) |
|
{ |
|
if (m_ExtendedLen > MAX_EXTENDED_BUFFER_SIZE) m_ExtendedLen = MAX_EXTENDED_BUFFER_SIZE; |
|
memcpy (m_ExtendedBuffer, other.m_ExtendedBuffer, m_ExtendedLen); |
|
} |
|
|
|
delete m_Verifier; |
|
m_Verifier = nullptr; |
|
|
|
return *this; |
|
} |
|
|
|
IdentityEx& IdentityEx::operator=(const Identity& standard) |
|
{ |
|
m_StandardIdentity = standard; |
|
m_IdentHash = m_StandardIdentity.Hash (); |
|
|
|
m_ExtendedLen = 0; |
|
|
|
delete m_Verifier; |
|
m_Verifier = nullptr; |
|
|
|
return *this; |
|
} |
|
|
|
size_t IdentityEx::FromBuffer (const uint8_t * buf, size_t len) |
|
{ |
|
if (len < DEFAULT_IDENTITY_SIZE) |
|
{ |
|
LogPrint (eLogError, "Identity: Buffer length ", len, " is too small"); |
|
return 0; |
|
} |
|
memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE); |
|
|
|
m_ExtendedLen = bufbe16toh (m_StandardIdentity.certificate + 1); |
|
if (m_ExtendedLen) |
|
{ |
|
if (m_ExtendedLen + DEFAULT_IDENTITY_SIZE <= len) |
|
{ |
|
if (m_ExtendedLen > MAX_EXTENDED_BUFFER_SIZE) m_ExtendedLen = MAX_EXTENDED_BUFFER_SIZE; |
|
memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen); |
|
} |
|
else |
|
{ |
|
LogPrint (eLogError, "Identity: Certificate length ", m_ExtendedLen, " exceeds buffer length ", len - DEFAULT_IDENTITY_SIZE); |
|
m_ExtendedLen = 0; |
|
return 0; |
|
} |
|
} |
|
else |
|
m_ExtendedLen = 0; |
|
SHA256(buf, GetFullLen (), m_IdentHash); |
|
|
|
delete m_Verifier; |
|
m_Verifier = nullptr; |
|
|
|
return GetFullLen (); |
|
} |
|
|
|
size_t IdentityEx::ToBuffer (uint8_t * buf, size_t len) const |
|
{ |
|
const size_t fullLen = GetFullLen(); |
|
if (fullLen > len) return 0; // buffer is too small and may overflow somewhere else |
|
memcpy (buf, &m_StandardIdentity, DEFAULT_IDENTITY_SIZE); |
|
if (m_ExtendedLen > 0) |
|
memcpy (buf + DEFAULT_IDENTITY_SIZE, m_ExtendedBuffer, m_ExtendedLen); |
|
return fullLen; |
|
} |
|
|
|
size_t IdentityEx::FromBase64(const std::string& s) |
|
{ |
|
const size_t slen = s.length(); |
|
std::vector<uint8_t> buf(slen); // binary data can't exceed base64 |
|
const size_t len = Base64ToByteStream (s.c_str(), slen, buf.data(), slen); |
|
return FromBuffer (buf.data(), len); |
|
} |
|
|
|
std::string IdentityEx::ToBase64 () const |
|
{ |
|
const size_t bufLen = GetFullLen(); |
|
const size_t strLen = Base64EncodingBufferSize(bufLen); |
|
std::vector<uint8_t> buf(bufLen); |
|
std::vector<char> str(strLen); |
|
size_t l = ToBuffer (buf.data(), bufLen); |
|
size_t l1 = i2p::data::ByteStreamToBase64 (buf.data(), l, str.data(), strLen); |
|
return std::string (str.data(), l1); |
|
} |
|
|
|
size_t IdentityEx::GetSigningPublicKeyLen () const |
|
{ |
|
if (!m_Verifier) CreateVerifier (); |
|
if (m_Verifier) |
|
return m_Verifier->GetPublicKeyLen (); |
|
return 128; |
|
} |
|
|
|
const uint8_t * IdentityEx::GetSigningPublicKeyBuffer () const |
|
{ |
|
auto keyLen = GetSigningPublicKeyLen (); |
|
if (keyLen > 128) return nullptr; // P521 |
|
return m_StandardIdentity.signingKey + 128 - keyLen; |
|
} |
|
|
|
size_t IdentityEx::GetSigningPrivateKeyLen () const |
|
{ |
|
if (!m_Verifier) CreateVerifier (); |
|
if (m_Verifier) |
|
return m_Verifier->GetPrivateKeyLen (); |
|
return GetSignatureLen ()/2; |
|
} |
|
|
|
size_t IdentityEx::GetSignatureLen () const |
|
{ |
|
if (!m_Verifier) CreateVerifier (); |
|
if (m_Verifier) |
|
return m_Verifier->GetSignatureLen (); |
|
return i2p::crypto::DSA_SIGNATURE_LENGTH; |
|
} |
|
bool IdentityEx::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const |
|
{ |
|
if (!m_Verifier) CreateVerifier (); |
|
if (m_Verifier) |
|
return m_Verifier->Verify (buf, len, signature); |
|
return false; |
|
} |
|
|
|
SigningKeyType IdentityEx::GetSigningKeyType () const |
|
{ |
|
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 2) |
|
return bufbe16toh (m_ExtendedBuffer); // signing key |
|
return SIGNING_KEY_TYPE_DSA_SHA1; |
|
} |
|
|
|
bool IdentityEx::IsRSA () const |
|
{ |
|
auto sigType = GetSigningKeyType (); |
|
return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048; |
|
} |
|
|
|
CryptoKeyType IdentityEx::GetCryptoKeyType () const |
|
{ |
|
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4) |
|
return bufbe16toh (m_ExtendedBuffer + 2); // crypto key |
|
return CRYPTO_KEY_TYPE_ELGAMAL; |
|
} |
|
|
|
i2p::crypto::Verifier * IdentityEx::CreateVerifier (SigningKeyType keyType) |
|
{ |
|
switch (keyType) |
|
{ |
|
case SIGNING_KEY_TYPE_DSA_SHA1: |
|
return new i2p::crypto::DSAVerifier (); |
|
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: |
|
return new i2p::crypto::ECDSAP256Verifier (); |
|
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: |
|
return new i2p::crypto::ECDSAP384Verifier (); |
|
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: |
|
return new i2p::crypto::ECDSAP521Verifier (); |
|
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: |
|
return new i2p::crypto::EDDSA25519Verifier (); |
|
case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: |
|
return new i2p::crypto::GOSTR3410_256_Verifier (i2p::crypto::eGOSTR3410CryptoProA); |
|
case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: |
|
return new i2p::crypto::GOSTR3410_512_Verifier (i2p::crypto::eGOSTR3410TC26A512); |
|
case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519: |
|
return new i2p::crypto::RedDSA25519Verifier (); |
|
case SIGNING_KEY_TYPE_RSA_SHA256_2048: |
|
case SIGNING_KEY_TYPE_RSA_SHA384_3072: |
|
case SIGNING_KEY_TYPE_RSA_SHA512_4096: |
|
LogPrint (eLogError, "Identity: RSA signing key type ", (int)keyType, " is not supported"); |
|
break; |
|
default: |
|
LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported"); |
|
} |
|
return nullptr; |
|
} |
|
|
|
void IdentityEx::CreateVerifier () const |
|
{ |
|
if (m_Verifier) return; // don't create again |
|
auto verifier = CreateVerifier (GetSigningKeyType ()); |
|
if (verifier) |
|
{ |
|
auto keyLen = verifier->GetPublicKeyLen (); |
|
if (keyLen <= 128) |
|
verifier->SetPublicKey (m_StandardIdentity.signingKey + 128 - keyLen); |
|
else |
|
{ |
|
// for P521 |
|
uint8_t * signingKey = new uint8_t[keyLen]; |
|
memcpy (signingKey, m_StandardIdentity.signingKey, 128); |
|
size_t excessLen = keyLen - 128; |
|
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types |
|
verifier->SetPublicKey (signingKey); |
|
delete[] signingKey; |
|
} |
|
} |
|
UpdateVerifier (verifier); |
|
} |
|
|
|
void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const |
|
{ |
|
bool del = false; |
|
{ |
|
std::lock_guard<std::mutex> l(m_VerifierMutex); |
|
if (!m_Verifier) |
|
m_Verifier = verifier; |
|
else |
|
del = true; |
|
} |
|
if (del) |
|
delete verifier; |
|
} |
|
|
|
void IdentityEx::DropVerifier () const |
|
{ |
|
i2p::crypto::Verifier * verifier; |
|
{ |
|
std::lock_guard<std::mutex> l(m_VerifierMutex); |
|
verifier = m_Verifier; |
|
m_Verifier = nullptr; |
|
} |
|
delete verifier; |
|
} |
|
|
|
std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> IdentityEx::CreateEncryptor (CryptoKeyType keyType, const uint8_t * key) |
|
{ |
|
switch (keyType) |
|
{ |
|
case CRYPTO_KEY_TYPE_ELGAMAL: |
|
return std::make_shared<i2p::crypto::ElGamalEncryptor>(key); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_X25519_AEAD: |
|
return std::make_shared<i2p::crypto::ECIESX25519AEADRatchetEncryptor>(key); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: |
|
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST: |
|
return std::make_shared<i2p::crypto::ECIESP256Encryptor>(key); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: |
|
return std::make_shared<i2p::crypto::ECIESGOSTR3410Encryptor>(key); |
|
break; |
|
default: |
|
LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)keyType); |
|
}; |
|
return nullptr; |
|
} |
|
|
|
std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> IdentityEx::CreateEncryptor (const uint8_t * key) const |
|
{ |
|
if (!key) key = GetEncryptionPublicKey (); // use publicKey |
|
return CreateEncryptor (GetCryptoKeyType (), key); |
|
} |
|
|
|
PrivateKeys& PrivateKeys::operator=(const Keys& keys) |
|
{ |
|
m_Public = std::make_shared<IdentityEx>(Identity (keys)); |
|
memcpy (m_PrivateKey, keys.privateKey, 256); // 256 |
|
memcpy (m_SigningPrivateKey, keys.signingPrivateKey, m_Public->GetSigningPrivateKeyLen ()); |
|
m_OfflineSignature.resize (0); |
|
m_TransientSignatureLen = 0; |
|
m_TransientSigningPrivateKeyLen = 0; |
|
m_Signer = nullptr; |
|
CreateSigner (); |
|
return *this; |
|
} |
|
|
|
PrivateKeys& PrivateKeys::operator=(const PrivateKeys& other) |
|
{ |
|
m_Public = std::make_shared<IdentityEx>(*other.m_Public); |
|
memcpy (m_PrivateKey, other.m_PrivateKey, 256); // 256 |
|
m_OfflineSignature = other.m_OfflineSignature; |
|
m_TransientSignatureLen = other.m_TransientSignatureLen; |
|
m_TransientSigningPrivateKeyLen = other.m_TransientSigningPrivateKeyLen; |
|
memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, m_TransientSigningPrivateKeyLen > 0 ? m_TransientSigningPrivateKeyLen : m_Public->GetSigningPrivateKeyLen ()); |
|
m_Signer = nullptr; |
|
CreateSigner (); |
|
return *this; |
|
} |
|
|
|
size_t PrivateKeys::GetFullLen () const |
|
{ |
|
size_t ret = m_Public->GetFullLen () + GetPrivateKeyLen () + m_Public->GetSigningPrivateKeyLen (); |
|
if (IsOfflineSignature ()) |
|
ret += m_OfflineSignature.size () + m_TransientSigningPrivateKeyLen; |
|
return ret; |
|
} |
|
|
|
size_t PrivateKeys::FromBuffer (const uint8_t * buf, size_t len) |
|
{ |
|
m_Public = std::make_shared<IdentityEx>(); |
|
size_t ret = m_Public->FromBuffer (buf, len); |
|
auto cryptoKeyLen = GetPrivateKeyLen (); |
|
if (!ret || ret + cryptoKeyLen > len) return 0; // overflow |
|
memcpy (m_PrivateKey, buf + ret, cryptoKeyLen); |
|
ret += cryptoKeyLen; |
|
size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen (); |
|
if(signingPrivateKeySize + ret > len || signingPrivateKeySize > 128) return 0; // overflow |
|
memcpy (m_SigningPrivateKey, buf + ret, signingPrivateKeySize); |
|
ret += signingPrivateKeySize; |
|
m_Signer = nullptr; |
|
// check if signing private key is all zeros |
|
bool allzeros = true; |
|
for (size_t i = 0; i < signingPrivateKeySize; i++) |
|
if (m_SigningPrivateKey[i]) |
|
{ |
|
allzeros = false; |
|
break; |
|
} |
|
if (allzeros) |
|
{ |
|
// offline information |
|
const uint8_t * offlineInfo = buf + ret; |
|
ret += 4; // expires timestamp |
|
SigningKeyType keyType = bufbe16toh (buf + ret); ret += 2; // key type |
|
std::unique_ptr<i2p::crypto::Verifier> transientVerifier (IdentityEx::CreateVerifier (keyType)); |
|
if (!transientVerifier) return 0; |
|
auto keyLen = transientVerifier->GetPublicKeyLen (); |
|
if (keyLen + ret > len) return 0; |
|
transientVerifier->SetPublicKey (buf + ret); ret += keyLen; |
|
if (m_Public->GetSignatureLen () + ret > len) return 0; |
|
if (!m_Public->Verify (offlineInfo, keyLen + 6, buf + ret)) |
|
{ |
|
LogPrint (eLogError, "Identity: Offline signature verification failed"); |
|
return 0; |
|
} |
|
ret += m_Public->GetSignatureLen (); |
|
m_TransientSignatureLen = transientVerifier->GetSignatureLen (); |
|
// copy offline signature |
|
size_t offlineInfoLen = buf + ret - offlineInfo; |
|
m_OfflineSignature.resize (offlineInfoLen); |
|
memcpy (m_OfflineSignature.data (), offlineInfo, offlineInfoLen); |
|
// override signing private key |
|
m_TransientSigningPrivateKeyLen = transientVerifier->GetPrivateKeyLen (); |
|
if (m_TransientSigningPrivateKeyLen + ret > len || m_TransientSigningPrivateKeyLen > 128) return 0; |
|
memcpy (m_SigningPrivateKey, buf + ret, m_TransientSigningPrivateKeyLen); |
|
ret += m_TransientSigningPrivateKeyLen; |
|
CreateSigner (keyType); |
|
} |
|
else |
|
CreateSigner (m_Public->GetSigningKeyType ()); |
|
return ret; |
|
} |
|
|
|
size_t PrivateKeys::ToBuffer (uint8_t * buf, size_t len) const |
|
{ |
|
size_t ret = m_Public->ToBuffer (buf, len); |
|
auto cryptoKeyLen = GetPrivateKeyLen (); |
|
memcpy (buf + ret, m_PrivateKey, cryptoKeyLen); |
|
ret += cryptoKeyLen; |
|
size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen (); |
|
if(ret + signingPrivateKeySize > len) return 0; // overflow |
|
if (IsOfflineSignature ()) |
|
memset (buf + ret, 0, signingPrivateKeySize); |
|
else |
|
memcpy (buf + ret, m_SigningPrivateKey, signingPrivateKeySize); |
|
ret += signingPrivateKeySize; |
|
if (IsOfflineSignature ()) |
|
{ |
|
// offline signature |
|
auto offlineSignatureLen = m_OfflineSignature.size (); |
|
if (ret + offlineSignatureLen > len) return 0; |
|
memcpy (buf + ret, m_OfflineSignature.data (), offlineSignatureLen); |
|
ret += offlineSignatureLen; |
|
// transient private key |
|
if (ret + m_TransientSigningPrivateKeyLen > len) return 0; |
|
memcpy (buf + ret, m_SigningPrivateKey, m_TransientSigningPrivateKeyLen); |
|
ret += m_TransientSigningPrivateKeyLen; |
|
} |
|
return ret; |
|
} |
|
|
|
size_t PrivateKeys::FromBase64(const std::string& s) |
|
{ |
|
uint8_t * buf = new uint8_t[s.length ()]; |
|
size_t l = i2p::data::Base64ToByteStream (s.c_str (), s.length (), buf, s.length ()); |
|
size_t ret = FromBuffer (buf, l); |
|
delete[] buf; |
|
return ret; |
|
} |
|
|
|
std::string PrivateKeys::ToBase64 () const |
|
{ |
|
uint8_t * buf = new uint8_t[GetFullLen ()]; |
|
char * str = new char[GetFullLen ()*2]; |
|
size_t l = ToBuffer (buf, GetFullLen ()); |
|
size_t l1 = i2p::data::ByteStreamToBase64 (buf, l, str, GetFullLen ()*2); |
|
str[l1] = 0; |
|
delete[] buf; |
|
std::string ret(str); |
|
delete[] str; |
|
return ret; |
|
} |
|
|
|
void PrivateKeys::Sign (const uint8_t * buf, int len, uint8_t * signature) const |
|
{ |
|
if (!m_Signer) |
|
CreateSigner(); |
|
m_Signer->Sign (buf, len, signature); |
|
} |
|
|
|
void PrivateKeys::CreateSigner () const |
|
{ |
|
if (IsOfflineSignature ()) |
|
CreateSigner (bufbe16toh (m_OfflineSignature.data () + 4)); // key type |
|
else |
|
CreateSigner (m_Public->GetSigningKeyType ()); |
|
} |
|
|
|
void PrivateKeys::CreateSigner (SigningKeyType keyType) const |
|
{ |
|
if (m_Signer) return; |
|
if (keyType == SIGNING_KEY_TYPE_DSA_SHA1) |
|
m_Signer.reset (new i2p::crypto::DSASigner (m_SigningPrivateKey, m_Public->GetStandardIdentity ().signingKey)); |
|
else if (keyType == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 && !IsOfflineSignature ()) |
|
m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); // TODO: remove public key check |
|
else |
|
{ |
|
// public key is not required |
|
auto signer = CreateSigner (keyType, m_SigningPrivateKey); |
|
if (signer) m_Signer.reset (signer); |
|
} |
|
} |
|
|
|
i2p::crypto::Signer * PrivateKeys::CreateSigner (SigningKeyType keyType, const uint8_t * priv) |
|
{ |
|
switch (keyType) |
|
{ |
|
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: |
|
return new i2p::crypto::ECDSAP256Signer (priv); |
|
break; |
|
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: |
|
return new i2p::crypto::ECDSAP384Signer (priv); |
|
break; |
|
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: |
|
return new i2p::crypto::ECDSAP521Signer (priv); |
|
break; |
|
case SIGNING_KEY_TYPE_RSA_SHA256_2048: |
|
case SIGNING_KEY_TYPE_RSA_SHA384_3072: |
|
case SIGNING_KEY_TYPE_RSA_SHA512_4096: |
|
LogPrint (eLogError, "Identity: RSA signing key type ", (int)keyType, " is not supported"); |
|
break; |
|
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: |
|
return new i2p::crypto::EDDSA25519Signer (priv, nullptr); |
|
break; |
|
case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: |
|
return new i2p::crypto::GOSTR3410_256_Signer (i2p::crypto::eGOSTR3410CryptoProA, priv); |
|
break; |
|
case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: |
|
return new i2p::crypto::GOSTR3410_512_Signer (i2p::crypto::eGOSTR3410TC26A512, priv); |
|
break; |
|
case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519: |
|
return new i2p::crypto::RedDSA25519Signer (priv); |
|
break; |
|
default: |
|
LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported"); |
|
} |
|
return nullptr; |
|
} |
|
|
|
size_t PrivateKeys::GetSignatureLen () const |
|
{ |
|
return IsOfflineSignature () ? m_TransientSignatureLen : m_Public->GetSignatureLen (); |
|
} |
|
|
|
size_t PrivateKeys::GetPrivateKeyLen () const |
|
{ |
|
// private key length always 256, but type 4 |
|
return (m_Public->GetCryptoKeyType () == CRYPTO_KEY_TYPE_ECIES_X25519_AEAD) ? 32 : 256; |
|
} |
|
|
|
uint8_t * PrivateKeys::GetPadding() |
|
{ |
|
if(m_Public->GetSigningKeyType () == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519) |
|
return m_Public->GetEncryptionPublicKeyBuffer() + 256; |
|
else |
|
return nullptr; // TODO: implement me |
|
} |
|
|
|
std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> PrivateKeys::CreateDecryptor (const uint8_t * key) const |
|
{ |
|
if (!key) key = m_PrivateKey; // use privateKey |
|
return CreateDecryptor (m_Public->GetCryptoKeyType (), key); |
|
} |
|
|
|
std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> PrivateKeys::CreateDecryptor (CryptoKeyType cryptoType, const uint8_t * key) |
|
{ |
|
if (!key) return nullptr; |
|
switch (cryptoType) |
|
{ |
|
case CRYPTO_KEY_TYPE_ELGAMAL: |
|
return std::make_shared<i2p::crypto::ElGamalDecryptor>(key); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_X25519_AEAD: |
|
return std::make_shared<i2p::crypto::ECIESX25519AEADRatchetDecryptor>(key); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: |
|
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST: |
|
return std::make_shared<i2p::crypto::ECIESP256Decryptor>(key); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: |
|
return std::make_shared<i2p::crypto::ECIESGOSTR3410Decryptor>(key); |
|
break; |
|
default: |
|
LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)cryptoType); |
|
}; |
|
return nullptr; |
|
} |
|
|
|
PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type, CryptoKeyType cryptoType, bool isDestination) |
|
{ |
|
if (type != SIGNING_KEY_TYPE_DSA_SHA1) |
|
{ |
|
PrivateKeys keys; |
|
// signature |
|
uint8_t signingPublicKey[512]; // signing public key is 512 bytes max |
|
GenerateSigningKeyPair (type, keys.m_SigningPrivateKey, signingPublicKey); |
|
// encryption |
|
uint8_t publicKey[256]; |
|
if (isDestination) |
|
RAND_bytes (keys.m_PrivateKey, 256); |
|
else |
|
GenerateCryptoKeyPair (cryptoType, keys.m_PrivateKey, publicKey); |
|
// identity |
|
keys.m_Public = std::make_shared<IdentityEx> (isDestination ? nullptr : publicKey, signingPublicKey, type, cryptoType); |
|
|
|
keys.CreateSigner (); |
|
return keys; |
|
} |
|
return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1 |
|
} |
|
|
|
void PrivateKeys::GenerateSigningKeyPair (SigningKeyType type, uint8_t * priv, uint8_t * pub) |
|
{ |
|
switch (type) |
|
{ |
|
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: |
|
i2p::crypto::CreateECDSAP256RandomKeys (priv, pub); |
|
break; |
|
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: |
|
i2p::crypto::CreateECDSAP384RandomKeys (priv, pub); |
|
break; |
|
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: |
|
i2p::crypto::CreateECDSAP521RandomKeys (priv, pub); |
|
break; |
|
case SIGNING_KEY_TYPE_RSA_SHA256_2048: |
|
case SIGNING_KEY_TYPE_RSA_SHA384_3072: |
|
case SIGNING_KEY_TYPE_RSA_SHA512_4096: |
|
LogPrint (eLogWarning, "Identity: RSA signature type is not supported. Creating EdDSA"); |
|
#if (__cplusplus >= 201703L) // C++ 17 or higher |
|
[[fallthrough]]; |
|
#endif |
|
// no break here |
|
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: |
|
i2p::crypto::CreateEDDSA25519RandomKeys (priv, pub); |
|
break; |
|
case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: |
|
i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410CryptoProA, priv, pub); |
|
break; |
|
case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: |
|
i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410TC26A512, priv, pub); |
|
break; |
|
case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519: |
|
i2p::crypto::CreateRedDSA25519RandomKeys (priv, pub); |
|
break; |
|
default: |
|
LogPrint (eLogWarning, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1"); |
|
i2p::crypto::CreateDSARandomKeys (priv, pub); // DSA-SHA1 |
|
} |
|
} |
|
|
|
void PrivateKeys::GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub) |
|
{ |
|
switch (type) |
|
{ |
|
case CRYPTO_KEY_TYPE_ELGAMAL: |
|
i2p::crypto::GenerateElGamalKeyPair(priv, pub); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: |
|
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST: |
|
i2p::crypto::CreateECIESP256RandomKeys (priv, pub); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: |
|
i2p::crypto::CreateECIESGOSTR3410RandomKeys (priv, pub); |
|
break; |
|
case CRYPTO_KEY_TYPE_ECIES_X25519_AEAD: |
|
i2p::crypto::CreateECIESX25519AEADRatchetRandomKeys (priv, pub); |
|
break; |
|
default: |
|
LogPrint (eLogError, "Identity: Crypto key type ", (int)type, " is not supported"); |
|
} |
|
} |
|
|
|
PrivateKeys PrivateKeys::CreateOfflineKeys (SigningKeyType type, uint32_t expires) const |
|
{ |
|
PrivateKeys keys (*this); |
|
std::unique_ptr<i2p::crypto::Verifier> verifier (IdentityEx::CreateVerifier (type)); |
|
if (verifier) |
|
{ |
|
size_t pubKeyLen = verifier->GetPublicKeyLen (); |
|
keys.m_TransientSigningPrivateKeyLen = verifier->GetPrivateKeyLen (); |
|
keys.m_TransientSignatureLen = verifier->GetSignatureLen (); |
|
keys.m_OfflineSignature.resize (pubKeyLen + m_Public->GetSignatureLen () + 6); |
|
htobe32buf (keys.m_OfflineSignature.data (), expires); // expires |
|
htobe16buf (keys.m_OfflineSignature.data () + 4, type); // type |
|
GenerateSigningKeyPair (type, keys.m_SigningPrivateKey, keys.m_OfflineSignature.data () + 6); // public key |
|
Sign (keys.m_OfflineSignature.data (), pubKeyLen + 6, keys.m_OfflineSignature.data () + 6 + pubKeyLen); // signature |
|
// recreate signer |
|
keys.m_Signer = nullptr; |
|
keys.CreateSigner (type); |
|
} |
|
return keys; |
|
} |
|
|
|
Keys CreateRandomKeys () |
|
{ |
|
Keys keys; |
|
// encryption |
|
i2p::crypto::GenerateElGamalKeyPair(keys.privateKey, keys.publicKey); |
|
// signing |
|
i2p::crypto::CreateDSARandomKeys (keys.signingPrivateKey, keys.signingKey); |
|
return keys; |
|
} |
|
|
|
IdentHash CreateRoutingKey (const IdentHash& ident) |
|
{ |
|
uint8_t buf[41]; // ident + yyyymmdd |
|
memcpy (buf, (const uint8_t *)ident, 32); |
|
i2p::util::GetCurrentDate ((char *)(buf + 32)); |
|
IdentHash key; |
|
SHA256(buf, 40, key); |
|
return key; |
|
} |
|
|
|
XORMetric operator^(const IdentHash& key1, const IdentHash& key2) |
|
{ |
|
XORMetric m; |
|
#if (defined(__x86_64__) || defined(__i386__)) && defined(__AVX__) // not all X86 targets supports AVX (like old Pentium, see #1600) |
|
if(i2p::cpu::avx) |
|
{ |
|
__asm__ |
|
( |
|
"vmovups %1, %%ymm0 \n" |
|
"vmovups %2, %%ymm1 \n" |
|
"vxorps %%ymm0, %%ymm1, %%ymm1 \n" |
|
"vmovups %%ymm1, %0 \n" |
|
: "=m"(*m.metric) |
|
: "m"(*key1), "m"(*key2) |
|
: "memory", "%xmm0", "%xmm1" // should be replaced by %ymm0/1 once supported by compiler |
|
); |
|
} |
|
else |
|
#endif |
|
{ |
|
const uint64_t * hash1 = key1.GetLL (), * hash2 = key2.GetLL (); |
|
m.metric_ll[0] = hash1[0] ^ hash2[0]; |
|
m.metric_ll[1] = hash1[1] ^ hash2[1]; |
|
m.metric_ll[2] = hash1[2] ^ hash2[2]; |
|
m.metric_ll[3] = hash1[3] ^ hash2[3]; |
|
} |
|
|
|
return m; |
|
} |
|
} |
|
}
|
|
|