From 1a04b5958557be826a86058cfd7b8dcc12aee82c Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Mon, 14 Apr 2025 21:45:53 -0400
Subject: [PATCH] common InitNoiseIKState for all ML-KEM crypto

---
 libi2pd/Crypto.cpp                        | 15 --------------
 libi2pd/Crypto.h                          |  3 +--
 libi2pd/ECIESX25519AEADRatchetSession.cpp | 14 ++++++-------
 libi2pd/PostQuantum.cpp                   | 25 +++++++++++++++++++++++
 libi2pd/PostQuantum.h                     |  2 ++
 5 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/libi2pd/Crypto.cpp b/libi2pd/Crypto.cpp
index be2863f4..c41b4c10 100644
--- a/libi2pd/Crypto.cpp
+++ b/libi2pd/Crypto.cpp
@@ -944,21 +944,6 @@ namespace crypto
 		}; // SHA256 (protocolNameHash)
 		state.Init (protocolNameHash, hh, pub);
 	}
-
-	void InitNoiseIKStateMLKEM512 (NoiseSymmetricState& state, const uint8_t * pub)
-	{
-		static constexpr uint8_t protocolNameHash[32] =
-		{
-			0xb0, 0x8f, 0xb1, 0x73, 0x92, 0x66, 0xc9, 0x90, 0x45, 0x7f, 0xdd, 0xc6, 0x4e, 0x55, 0x40, 0xd8, 
-			0x0a, 0x37, 0x99, 0x06, 0x92, 0x2a, 0x78, 0xc4, 0xb1, 0xef, 0x86, 0x06, 0xd0, 0x15, 0x9f, 0x4d
-		}; 	// SHA256("Noise_IKhfselg2_25519+MLKEM512_ChaChaPoly_SHA256")
-		static constexpr uint8_t hh[32] =
-		{
-			0x95, 0x8d, 0xf6, 0x6c, 0x95, 0xce, 0xa9, 0xf7, 0x42, 0xfc, 0xfa, 0x62, 0x71, 0x36, 0x1e, 0xa7,
-			0xdc, 0x7a, 0xc0, 0x75, 0x01, 0xcf, 0xf9, 0xfc, 0x9f, 0xdb, 0x4c, 0x68, 0x3a, 0x53, 0x49, 0xeb
-		}; // SHA256 (protocolNameHash)
-		state.Init (protocolNameHash, hh, pub);
-	}	
 		
 // init and terminate
 
diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h
index 6abbd9b2..125a217c 100644
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@@ -271,8 +271,7 @@ namespace crypto
 	void InitNoiseXKState (NoiseSymmetricState& state, const uint8_t * pub); // Noise_XK (NTCP2)
 	void InitNoiseXKState1 (NoiseSymmetricState& state, const uint8_t * pub); // Noise_XK (SSU2)
 	void InitNoiseIKState (NoiseSymmetricState& state, const uint8_t * pub); // Noise_IK (ratchets)
-	void InitNoiseIKStateMLKEM512 (NoiseSymmetricState& state, const uint8_t * pub); // Noise_IK (ratchets) PQ ML-KEM512
-
+	
 // init and terminate
 	void InitCrypto (bool precomputation);
 	void TerminateCrypto ();
diff --git a/libi2pd/ECIESX25519AEADRatchetSession.cpp b/libi2pd/ECIESX25519AEADRatchetSession.cpp
index fbea786f..d38abd13 100644
--- a/libi2pd/ECIESX25519AEADRatchetSession.cpp
+++ b/libi2pd/ECIESX25519AEADRatchetSession.cpp
@@ -272,7 +272,8 @@ namespace garlic
 #if OPENSSL_PQ
 		if (GetOwner ()->SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD))
 		{
-			i2p::crypto::InitNoiseIKStateMLKEM512 (GetNoiseState (), GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)); // bpk
+			i2p::crypto::InitNoiseIKStateMLKEM (GetNoiseState (), i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD,
+				GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)); // bpk
 			MixHash (m_Aepk, 32); // h = SHA256(h || aepk)
 
 			if (GetOwner ()->Decrypt (m_Aepk, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)) // x25519(bsk, aepk)
@@ -281,8 +282,7 @@ namespace garlic
 				
 				uint8_t nonce[12], encapsKey[i2p::crypto::MLKEM512_KEY_LENGTH];
 				CreateNonce (n, nonce);
-				if (i2p::crypto::AEADChaCha20Poly1305 (buf, i2p::crypto::MLKEM512_KEY_LENGTH,
-					m_H, 32, m_CK + 32, nonce, encapsKey, i2p::crypto::MLKEM512_KEY_LENGTH, false)) // decrypt
+				if (Decrypt (buf, encapsKey, i2p::crypto::MLKEM512_KEY_LENGTH))
 				{
 					decrypted = true; // encaps section has right hash 
 					MixHash (buf, i2p::crypto::MLKEM512_KEY_LENGTH + 16);
@@ -320,7 +320,7 @@ namespace garlic
 		// decrypt flags/static
 		uint8_t nonce[12], fs[32];
 		CreateNonce (n, nonce);
-		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, 32, m_H, 32, m_CK + 32, nonce, fs, 32, false)) // decrypt
+		if (!Decrypt (buf, fs, 32))
 		{
 			LogPrint (eLogWarning, "Garlic: Flags/static section AEAD verification failed ");
 			return false;
@@ -354,7 +354,7 @@ namespace garlic
 
 		// decrypt payload
 		std::vector<uint8_t> payload (len - 16); // we must save original ciphertext
-		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, len - 16, m_H, 32, m_CK + 32, nonce, payload.data (), len - 16, false)) // decrypt
+		if (!Decrypt (buf, payload.data (), len - 16))
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD verification failed");
 			return false;
@@ -543,9 +543,9 @@ namespace garlic
 
 		// KDF1
 #if OPENSSL_PQ		
-		if (m_RemoteStaticKeyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
+		if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
 		{
-			i2p::crypto::InitNoiseIKStateMLKEM512 (GetNoiseState (), m_RemoteStaticKey); // bpk
+			i2p::crypto::InitNoiseIKStateMLKEM (GetNoiseState (), m_RemoteStaticKeyType, m_RemoteStaticKey); // bpk
 			m_PQKeys = i2p::crypto::CreateMLKEMKeys (m_RemoteStaticKeyType);
 			m_PQKeys->GenerateKeys ();
 		}	
diff --git a/libi2pd/PostQuantum.cpp b/libi2pd/PostQuantum.cpp
index 16823c19..0a55ca4d 100644
--- a/libi2pd/PostQuantum.cpp
+++ b/libi2pd/PostQuantum.cpp
@@ -103,6 +103,31 @@ namespace crypto
 		    type - i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD > (int)MLKEMS.size ()) return nullptr;
 		return std::make_unique<MLKEMKeys>((MLKEMTypes)(type - i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD - 1));
 	}	
+
+	static constexpr std::array<std::pair<std::array<uint8_t, 32>, std::array<uint8_t, 32> >, 1> NoiseIKInitMLKEMKeys =
+	{
+		std::make_pair
+		(
+			std::array<uint8_t, 32>
+		 	{
+				0xb0, 0x8f, 0xb1, 0x73, 0x92, 0x66, 0xc9, 0x90, 0x45, 0x7f, 0xdd, 0xc6, 0x4e, 0x55, 0x40, 0xd8, 
+				0x0a, 0x37, 0x99, 0x06, 0x92, 0x2a, 0x78, 0xc4, 0xb1, 0xef, 0x86, 0x06, 0xd0, 0x15, 0x9f, 0x4d
+			}, // SHA256("Noise_IKhfselg2_25519+MLKEM512_ChaChaPoly_SHA256")
+			std::array<uint8_t, 32>
+		 	{
+				0x95, 0x8d, 0xf6, 0x6c, 0x95, 0xce, 0xa9, 0xf7, 0x42, 0xfc, 0xfa, 0x62, 0x71, 0x36, 0x1e, 0xa7,
+				0xdc, 0x7a, 0xc0, 0x75, 0x01, 0xcf, 0xf9, 0xfc, 0x9f, 0xdb, 0x4c, 0x68, 0x3a, 0x53, 0x49, 0xeb
+			} // SHA256 (first)
+		)	
+	};
+		
+	void InitNoiseIKStateMLKEM (NoiseSymmetricState& state, i2p::data::CryptoKeyType type, const uint8_t * pub)
+	{
+		if (type <= i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD ||
+		    type - i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD > (int)NoiseIKInitMLKEMKeys.size ()) return;
+		auto ind = type - i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD - 1;
+		state.Init (NoiseIKInitMLKEMKeys[ind].first.data(), NoiseIKInitMLKEMKeys[ind].second.data(), pub);
+	}		
 }	
 }	
 
diff --git a/libi2pd/PostQuantum.h b/libi2pd/PostQuantum.h
index 6bf2f238..f426d661 100644
--- a/libi2pd/PostQuantum.h
+++ b/libi2pd/PostQuantum.h
@@ -78,6 +78,8 @@ namespace crypto
 	};
 
 	std::unique_ptr<MLKEMKeys> CreateMLKEMKeys (i2p::data::CryptoKeyType type);
+
+	void InitNoiseIKStateMLKEM (NoiseSymmetricState& state, i2p::data::CryptoKeyType type, const uint8_t * pub); // Noise_IK (ratchets) PQ ML-KEM5
 }	
 }