2015-11-03 15:15:49 +01:00
# ifndef CRYPTO_H__
# define CRYPTO_H__
2014-05-06 18:22:22 +02:00
# include <inttypes.h>
2015-11-03 15:15:49 +01:00
# include <string>
2016-05-11 22:02:26 +02:00
# include <openssl/bn.h>
# include <openssl/dh.h>
# include <openssl/aes.h>
# include <openssl/dsa.h>
2016-11-09 21:59:01 +01:00
# include <openssl/ecdsa.h>
2016-11-04 15:59:55 +01:00
# include <openssl/rsa.h>
2016-05-11 22:02:26 +02:00
# include <openssl/sha.h>
2016-11-10 18:51:39 +01:00
# include <openssl/evp.h>
2016-05-11 22:02:26 +02:00
# include <openssl/rand.h>
2017-02-18 04:26:24 +01:00
# include <openssl/engine.h>
2018-09-08 22:52:42 +02:00
# include <openssl/opensslv.h>
2016-06-28 02:00:00 +02:00
2015-11-03 15:15:49 +01:00
# include "Base.h"
2016-06-28 02:00:00 +02:00
# include "Tag.h"
2018-02-16 17:00:33 +01:00
# include "CPU.h"
2014-05-06 18:22:22 +02:00
2018-09-08 22:52:42 +02:00
// recognize openssl version and features
# if ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
# define LEGACY_OPENSSL 1
# else
# define LEGACY_OPENSSL 0
# if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
# define OPENSSL_EDDSA 1
# define OPENSSL_X25519 1
2018-09-11 19:26:29 +02:00
# define OPENSSL_SIPHASH 1
2018-09-08 22:52:42 +02:00
# endif
# endif
2014-05-06 18:22:22 +02:00
namespace i2p
{
namespace crypto
2015-11-03 15:15:49 +01:00
{
2015-12-18 16:09:25 +01:00
bool bn2buf ( const BIGNUM * bn , uint8_t * buf , size_t len ) ;
2015-11-03 15:15:49 +01:00
// DSA
2018-01-06 04:48:51 +01:00
DSA * CreateDSA ( ) ;
2015-11-03 15:15:49 +01:00
// RSA
2015-12-18 16:09:25 +01:00
const BIGNUM * GetRSAE ( ) ;
2015-11-03 15:15:49 +01:00
// DH
class DHKeys
{
public :
2018-01-06 04:48:51 +01:00
2015-11-03 15:15:49 +01:00
DHKeys ( ) ;
~ DHKeys ( ) ;
2016-11-11 03:44:40 +01:00
void GenerateKeys ( ) ;
const uint8_t * GetPublicKey ( ) const { return m_PublicKey ; } ;
2015-11-03 15:15:49 +01:00
void Agree ( const uint8_t * pub , uint8_t * shared ) ;
2018-01-06 04:48:51 +01:00
2015-11-03 15:15:49 +01:00
private :
DH * m_DH ;
uint8_t m_PublicKey [ 256 ] ;
2018-01-06 04:48:51 +01:00
} ;
2018-09-08 22:52:42 +02:00
// x25519
class X25519Keys
{
public :
X25519Keys ( ) ;
2018-09-09 04:08:08 +02:00
X25519Keys ( const uint8_t * priv , const uint8_t * pub ) ; // for RouterContext
2018-09-08 22:52:42 +02:00
~ X25519Keys ( ) ;
void GenerateKeys ( ) ;
const uint8_t * GetPublicKey ( ) const { return m_PublicKey ; } ;
2018-11-01 15:43:31 +01:00
void GetPrivateKey ( uint8_t * priv ) const ;
2018-09-08 22:52:42 +02:00
void Agree ( const uint8_t * pub , uint8_t * shared ) ;
private :
2018-09-09 14:38:12 +02:00
uint8_t m_PublicKey [ 32 ] ;
2018-09-08 22:52:42 +02:00
# if OPENSSL_X25519
EVP_PKEY_CTX * m_Ctx ;
EVP_PKEY * m_Pkey ;
# else
BN_CTX * m_Ctx ;
2018-09-09 14:38:12 +02:00
uint8_t m_PrivateKey [ 32 ] ;
2018-09-08 22:52:42 +02:00
# endif
} ;
2015-11-03 15:15:49 +01:00
// ElGamal
2017-03-11 22:48:54 +01:00
void ElGamalEncrypt ( const uint8_t * key , const uint8_t * data , uint8_t * encrypted , BN_CTX * ctx , bool zeroPadding = false ) ;
bool ElGamalDecrypt ( const uint8_t * key , const uint8_t * encrypted , uint8_t * data , BN_CTX * ctx , bool zeroPadding = false ) ;
2015-11-03 15:15:49 +01:00
void GenerateElGamalKeyPair ( uint8_t * priv , uint8_t * pub ) ;
2017-11-06 19:40:58 +01:00
// ECIES
2018-03-07 22:08:44 +01:00
void ECIESEncrypt ( const EC_GROUP * curve , const EC_POINT * key , const uint8_t * data , uint8_t * encrypted , BN_CTX * ctx , bool zeroPadding = false ) ; // 222 bytes data, 514 bytes encrypted with zeropadding, 512 without
bool ECIESDecrypt ( const EC_GROUP * curve , const BIGNUM * key , const uint8_t * encrypted , uint8_t * data , BN_CTX * ctx , bool zeroPadding = false ) ;
2017-11-06 19:40:58 +01:00
void GenerateECIESKeyPair ( const EC_GROUP * curve , BIGNUM * & priv , EC_POINT * & pub ) ;
2018-01-06 04:48:51 +01:00
2015-11-03 15:15:49 +01:00
// HMAC
2018-01-06 04:48:51 +01:00
typedef i2p : : data : : Tag < 32 > MACKey ;
2015-11-03 15:15:49 +01:00
void HMACMD5Digest ( uint8_t * msg , size_t len , const MACKey & key , uint8_t * digest ) ;
// AES
2018-01-06 04:48:51 +01:00
struct ChipherBlock
2014-05-06 18:22:22 +02:00
{
uint8_t buf [ 16 ] ;
2014-05-09 17:44:39 +02:00
2014-05-09 18:05:04 +02:00
void operator ^ = ( const ChipherBlock & other ) // XOR
2014-05-09 17:44:39 +02:00
{
2018-06-27 11:09:46 +02:00
# ifdef __AVX__
2018-02-16 17:00:33 +01:00
if ( i2p : : cpu : : avx )
{
__asm__
(
" vmovups (%[buf]), %%xmm0 \n "
" vmovups (%[other]), %%xmm1 \n "
" vxorps %%xmm0, %%xmm1, %%xmm0 \n "
" vmovups %%xmm0, (%[buf]) \n "
:
: [ buf ] " r " ( buf ) , [ other ] " r " ( other . buf )
: " %xmm0 " , " %xmm1 " , " memory "
) ;
}
else
2018-11-24 15:43:30 +01:00
# endif
2018-02-16 17:00:33 +01:00
{
2018-11-24 15:43:30 +01:00
# if defined(__SSE__) // SSE
__asm__
(
" movups (%[buf]), %%xmm0 \n "
" movups (%[other]), %%xmm1 \n "
" pxor %%xmm1, %%xmm0 \n "
" movups %%xmm0, (%[buf]) \n "
:
: [ buf ] " r " ( buf ) , [ other ] " r " ( other . buf )
: " %xmm0 " , " %xmm1 " , " memory "
) ;
# else
2018-10-28 01:55:23 +02:00
if ( ! ( ( ( size_t ) buf | ( size_t ) other . buf ) & 0x03 ) ) // multiple of 4 ?
2018-10-28 00:41:05 +02:00
{
// we are good to cast to uint32_t *
for ( int i = 0 ; i < 4 ; i + + )
( ( uint32_t * ) buf ) [ i ] ^ = ( ( uint32_t * ) other . buf ) [ i ] ;
}
else
{
for ( int i = 0 ; i < 16 ; i + + )
buf [ i ] ^ = other . buf [ i ] ;
}
2018-11-24 15:43:30 +01:00
# endif
2018-02-16 17:00:33 +01:00
}
2018-01-06 04:48:51 +01:00
}
2014-05-06 18:22:22 +02:00
} ;
2014-11-01 19:56:13 +01:00
typedef i2p : : data : : Tag < 32 > AESKey ;
2018-01-06 04:48:51 +01:00
2014-11-18 18:11:45 +01:00
template < size_t sz >
class AESAlignedBuffer // 16 bytes alignment
{
public :
2018-01-06 04:48:51 +01:00
2014-11-18 18:11:45 +01:00
AESAlignedBuffer ( )
{
m_Buf = m_UnalignedBuffer ;
2014-11-26 17:04:49 +01:00
uint8_t rem = ( ( size_t ) m_Buf ) & 0x0f ;
2014-11-18 18:11:45 +01:00
if ( rem )
m_Buf + = ( 16 - rem ) ;
}
2018-01-06 04:48:51 +01:00
2014-11-18 18:11:45 +01:00
operator uint8_t * ( ) { return m_Buf ; } ;
operator const uint8_t * ( ) const { return m_Buf ; } ;
2016-11-22 03:13:13 +01:00
ChipherBlock * GetChipherBlock ( ) { return ( ChipherBlock * ) m_Buf ; } ;
const ChipherBlock * GetChipherBlock ( ) const { return ( const ChipherBlock * ) m_Buf ; } ;
2018-01-06 04:48:51 +01:00
2014-11-18 18:11:45 +01:00
private :
uint8_t m_UnalignedBuffer [ sz + 15 ] ; // up to 15 bytes alignment
uint8_t * m_Buf ;
2018-01-06 04:48:51 +01:00
} ;
2014-11-18 18:11:45 +01:00
2018-06-27 11:09:46 +02:00
# ifdef __AES__
2018-04-24 20:23:40 +02:00
# ifdef ARM64AES
void init_aesenc ( void ) __attribute__ ( ( constructor ) ) ;
# endif
2014-05-07 21:40:24 +02:00
class ECBCryptoAESNI
2018-01-06 04:48:51 +01:00
{
2014-05-09 03:43:08 +02:00
public :
2014-05-13 04:51:59 +02:00
uint8_t * GetKeySchedule ( ) { return m_KeySchedule ; } ;
2014-11-18 18:11:45 +01:00
2014-05-08 21:11:38 +02:00
protected :
2014-11-02 02:53:45 +01:00
void ExpandKey ( const AESKey & key ) ;
2018-01-06 04:48:51 +01:00
2014-11-18 18:11:45 +01:00
private :
2014-05-08 21:11:38 +02:00
2018-02-16 17:00:33 +01:00
AESAlignedBuffer < 240 > m_KeySchedule ; // 14 rounds for AES-256, 240 bytes
2018-01-06 04:48:51 +01:00
} ;
2018-02-16 17:00:33 +01:00
# endif
2014-05-08 21:11:38 +02:00
2018-06-27 11:09:46 +02:00
# ifdef __AES__
2018-02-16 17:00:33 +01:00
class ECBEncryption : public ECBCryptoAESNI
# else
2014-05-08 22:49:00 +02:00
class ECBEncryption
2018-02-16 17:00:33 +01:00
# endif
2014-05-08 22:49:00 +02:00
{
public :
2018-01-06 04:48:51 +01:00
2018-02-16 17:00:33 +01:00
void SetKey ( const AESKey & key ) ;
2018-06-27 11:09:46 +02:00
2018-02-16 17:00:33 +01:00
void Encrypt ( const ChipherBlock * in , ChipherBlock * out ) ;
2014-05-08 22:49:00 +02:00
2018-02-16 17:00:33 +01:00
private :
AES_KEY m_Key ;
2018-01-06 04:48:51 +01:00
} ;
2014-05-08 22:49:00 +02:00
2018-06-27 11:09:46 +02:00
# ifdef __AES__
2018-02-16 17:00:33 +01:00
class ECBDecryption : public ECBCryptoAESNI
# else
2014-05-08 22:49:00 +02:00
class ECBDecryption
2018-02-16 17:00:33 +01:00
# endif
2014-05-08 22:49:00 +02:00
{
public :
2018-01-06 04:48:51 +01:00
2018-02-16 17:00:33 +01:00
void SetKey ( const AESKey & key ) ;
void Decrypt ( const ChipherBlock * in , ChipherBlock * out ) ;
2014-05-08 22:49:00 +02:00
private :
2015-11-03 15:15:49 +01:00
AES_KEY m_Key ;
2018-01-06 04:48:51 +01:00
} ;
2014-05-08 22:49:00 +02:00
2014-05-06 18:22:22 +02:00
class CBCEncryption
{
public :
2018-01-06 04:48:51 +01:00
2016-11-22 03:13:13 +01:00
CBCEncryption ( ) { memset ( ( uint8_t * ) m_LastBlock , 0 , 16 ) ; } ;
2014-05-06 18:22:22 +02:00
2014-11-02 02:53:45 +01:00
void SetKey ( const AESKey & key ) { m_ECBEncryption . SetKey ( key ) ; } ; // 32 bytes
2016-11-22 03:13:13 +01:00
void SetIV ( const uint8_t * iv ) { memcpy ( ( uint8_t * ) m_LastBlock , iv , 16 ) ; } ; // 16 bytes
2018-06-13 20:56:51 +02:00
void GetIV ( uint8_t * iv ) const { memcpy ( iv , ( const uint8_t * ) m_LastBlock , 16 ) ; } ;
2014-05-06 18:22:22 +02:00
void Encrypt ( int numBlocks , const ChipherBlock * in , ChipherBlock * out ) ;
2014-06-08 13:56:04 +02:00
void Encrypt ( const uint8_t * in , std : : size_t len , uint8_t * out ) ;
2014-05-14 20:54:01 +02:00
void Encrypt ( const uint8_t * in , uint8_t * out ) ; // one block
2014-05-06 18:22:22 +02:00
2018-02-16 17:00:33 +01:00
ECBEncryption & ECB ( ) { return m_ECBEncryption ; }
2018-06-27 11:09:46 +02:00
2014-05-06 18:22:22 +02:00
private :
2016-11-22 03:13:13 +01:00
AESAlignedBuffer < 16 > m_LastBlock ;
2018-01-06 04:48:51 +01:00
2014-05-09 03:43:08 +02:00
ECBEncryption m_ECBEncryption ;
2014-05-06 18:22:22 +02:00
} ;
class CBCDecryption
{
public :
2018-01-06 04:48:51 +01:00
2016-11-22 03:13:13 +01:00
CBCDecryption ( ) { memset ( ( uint8_t * ) m_IV , 0 , 16 ) ; } ;
2014-05-06 18:22:22 +02:00
2014-11-02 02:53:45 +01:00
void SetKey ( const AESKey & key ) { m_ECBDecryption . SetKey ( key ) ; } ; // 32 bytes
2016-11-22 03:13:13 +01:00
void SetIV ( const uint8_t * iv ) { memcpy ( ( uint8_t * ) m_IV , iv , 16 ) ; } ; // 16 bytes
2018-06-13 20:56:51 +02:00
void GetIV ( uint8_t * iv ) const { memcpy ( iv , ( const uint8_t * ) m_IV , 16 ) ; } ;
2014-05-06 18:22:22 +02:00
void Decrypt ( int numBlocks , const ChipherBlock * in , ChipherBlock * out ) ;
2014-06-08 13:56:04 +02:00
void Decrypt ( const uint8_t * in , std : : size_t len , uint8_t * out ) ;
2014-05-14 20:54:01 +02:00
void Decrypt ( const uint8_t * in , uint8_t * out ) ; // one block
2014-05-06 18:22:22 +02:00
2018-02-16 17:00:33 +01:00
ECBDecryption & ECB ( ) { return m_ECBDecryption ; }
2018-06-27 11:09:46 +02:00
2014-05-06 18:22:22 +02:00
private :
2016-11-22 03:13:13 +01:00
AESAlignedBuffer < 16 > m_IV ;
2014-05-09 03:43:08 +02:00
ECBDecryption m_ECBDecryption ;
2018-01-06 04:48:51 +01:00
} ;
2014-05-15 17:21:41 +02:00
class TunnelEncryption // with double IV encryption
{
public :
2014-11-02 02:53:45 +01:00
void SetKeys ( const AESKey & layerKey , const AESKey & ivKey )
2014-05-15 17:21:41 +02:00
{
m_LayerEncryption . SetKey ( layerKey ) ;
m_IVEncryption . SetKey ( ivKey ) ;
2018-01-06 04:48:51 +01:00
}
2014-05-15 17:21:41 +02:00
2018-01-06 04:48:51 +01:00
void Encrypt ( const uint8_t * in , uint8_t * out ) ; // 1024 bytes (16 IV + 1008 data)
2014-05-15 17:21:41 +02:00
private :
ECBEncryption m_IVEncryption ;
CBCEncryption m_LayerEncryption ;
} ;
class TunnelDecryption // with double IV encryption
{
public :
2014-11-02 02:53:45 +01:00
void SetKeys ( const AESKey & layerKey , const AESKey & ivKey )
2014-05-15 17:21:41 +02:00
{
m_LayerDecryption . SetKey ( layerKey ) ;
m_IVDecryption . SetKey ( ivKey ) ;
2018-01-06 04:48:51 +01:00
}
2014-05-15 17:21:41 +02:00
2018-01-06 04:48:51 +01:00
void Decrypt ( const uint8_t * in , uint8_t * out ) ; // 1024 bytes (16 IV + 1008 data)
2014-05-15 17:21:41 +02:00
private :
ECBDecryption m_IVDecryption ;
CBCDecryption m_LayerDecryption ;
2018-01-06 04:48:51 +01:00
} ;
2018-06-13 17:41:46 +02:00
// AEAD/ChaCha20/Poly1305
2018-06-27 11:09:46 +02:00
bool AEADChaCha20Poly1305 ( const uint8_t * msg , size_t msgLen , const uint8_t * ad , size_t adLen , const uint8_t * key , const uint8_t * nonce , uint8_t * buf , size_t len , bool encrypt ) ; // msgLen is len without tag
2018-06-13 17:41:46 +02:00
// init and terminate
2017-03-21 15:45:57 +01:00
void InitCrypto ( bool precomputation ) ;
2015-12-31 22:02:10 +01:00
void TerminateCrypto ( ) ;
2018-01-06 04:48:51 +01:00
}
}
2016-10-12 18:31:27 +02:00
2018-09-08 22:52:42 +02:00
// take care about openssl below 1.1.0
2018-06-18 18:56:47 +02:00
# if LEGACY_OPENSSL
2016-10-12 18:31:27 +02:00
// define getters and setters introduced in 1.1.0
2018-01-06 04:48:51 +01:00
inline int DSA_set0_pqg ( DSA * d , BIGNUM * p , BIGNUM * q , BIGNUM * g )
{
2017-04-05 23:44:23 +02:00
if ( d - > p ) BN_free ( d - > p ) ;
if ( d - > q ) BN_free ( d - > q ) ;
if ( d - > g ) BN_free ( d - > g ) ;
2018-01-06 04:48:51 +01:00
d - > p = p ; d - > q = q ; d - > g = g ; return 1 ;
2017-04-05 23:44:23 +02:00
}
2018-01-06 04:48:51 +01:00
inline int DSA_set0_key ( DSA * d , BIGNUM * pub_key , BIGNUM * priv_key )
{
2017-04-05 23:44:23 +02:00
if ( d - > pub_key ) BN_free ( d - > pub_key ) ;
if ( d - > priv_key ) BN_free ( d - > priv_key ) ;
2018-01-06 04:48:51 +01:00
d - > pub_key = pub_key ; d - > priv_key = priv_key ; return 1 ;
}
inline void DSA_get0_key ( const DSA * d , const BIGNUM * * pub_key , const BIGNUM * * priv_key )
2016-11-04 15:59:55 +01:00
{ * pub_key = d - > pub_key ; * priv_key = d - > priv_key ; }
2018-01-06 04:48:51 +01:00
inline int DSA_SIG_set0 ( DSA_SIG * sig , BIGNUM * r , BIGNUM * s )
{
2017-04-06 00:26:56 +02:00
if ( sig - > r ) BN_free ( sig - > r ) ;
if ( sig - > s ) BN_free ( sig - > s ) ;
2018-01-06 04:48:51 +01:00
sig - > r = r ; sig - > s = s ; return 1 ;
2017-04-06 00:26:56 +02:00
}
2018-01-06 04:48:51 +01:00
inline void DSA_SIG_get0 ( const DSA_SIG * sig , const BIGNUM * * pr , const BIGNUM * * ps )
2016-11-04 15:59:55 +01:00
{ * pr = sig - > r ; * ps = sig - > s ; }
2016-11-09 21:59:01 +01:00
inline int ECDSA_SIG_set0 ( ECDSA_SIG * sig , BIGNUM * r , BIGNUM * s )
2018-01-06 04:48:51 +01:00
{
2016-11-23 22:30:36 +01:00
if ( sig - > r ) BN_free ( sig - > r ) ;
if ( sig - > s ) BN_free ( sig - > s ) ;
2018-01-06 04:48:51 +01:00
sig - > r = r ; sig - > s = s ; return 1 ;
2016-11-23 22:30:36 +01:00
}
2016-11-09 21:59:01 +01:00
inline void ECDSA_SIG_get0 ( const ECDSA_SIG * sig , const BIGNUM * * pr , const BIGNUM * * ps )
{ * pr = sig - > r ; * ps = sig - > s ; }
2018-01-06 04:48:51 +01:00
inline int RSA_set0_key ( RSA * r , BIGNUM * n , BIGNUM * e , BIGNUM * d )
2017-04-06 00:26:56 +02:00
{
if ( r - > n ) BN_free ( r - > n ) ;
if ( r - > e ) BN_free ( r - > e ) ;
if ( r - > d ) BN_free ( r - > d ) ;
2018-01-06 04:48:51 +01:00
r - > n = n ; r - > e = e ; r - > d = d ; return 1 ;
2017-04-06 00:26:56 +02:00
}
2016-11-04 15:59:55 +01:00
inline void RSA_get0_key ( const RSA * r , const BIGNUM * * n , const BIGNUM * * e , const BIGNUM * * d )
{ * n = r - > n ; * e = r - > e ; * d = r - > d ; }
2016-10-12 18:31:27 +02:00
2016-11-08 19:11:38 +01:00
inline int DH_set0_pqg ( DH * dh , BIGNUM * p , BIGNUM * q , BIGNUM * g )
2018-01-06 04:48:51 +01:00
{
2017-04-06 00:26:56 +02:00
if ( dh - > p ) BN_free ( dh - > p ) ;
if ( dh - > q ) BN_free ( dh - > q ) ;
if ( dh - > g ) BN_free ( dh - > g ) ;
2018-01-06 04:48:51 +01:00
dh - > p = p ; dh - > q = q ; dh - > g = g ; return 1 ;
2017-04-06 00:26:56 +02:00
}
2016-11-08 19:11:38 +01:00
inline int DH_set0_key ( DH * dh , BIGNUM * pub_key , BIGNUM * priv_key )
2018-01-06 04:48:51 +01:00
{
if ( dh - > pub_key ) BN_free ( dh - > pub_key ) ;
2016-11-08 19:11:38 +01:00
if ( dh - > priv_key ) BN_free ( dh - > priv_key ) ;
2018-01-06 04:48:51 +01:00
dh - > pub_key = pub_key ; dh - > priv_key = priv_key ; return 1 ;
2016-11-08 19:11:38 +01:00
}
inline void DH_get0_key ( const DH * dh , const BIGNUM * * pub_key , const BIGNUM * * priv_key )
{ * pub_key = dh - > pub_key ; * priv_key = dh - > priv_key ; }
2016-11-10 18:51:39 +01:00
inline RSA * EVP_PKEY_get0_RSA ( EVP_PKEY * pkey )
{ return pkey - > pkey . rsa ; }
2017-01-23 22:22:48 +01:00
2017-02-18 04:26:24 +01:00
inline EVP_MD_CTX * EVP_MD_CTX_new ( )
{ return EVP_MD_CTX_create ( ) ; }
inline void EVP_MD_CTX_free ( EVP_MD_CTX * ctx )
{ EVP_MD_CTX_destroy ( ctx ) ; }
2017-01-23 22:22:48 +01:00
// ssl
# define TLS_method TLSv1_method
2016-10-12 18:31:27 +02:00
# endif
2014-05-06 18:22:22 +02:00
# endif