Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-02-02 11:04:00 +01:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

initial code for ECIES-X25519-AEAD-Ratchet KDF

Browse source
This commit is contained in:
orignal 2019-12-17 16:18:40 -05:00
parent 553d59c32b
commit 521fb83e38
6 changed files with 47 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
libi2pd/CryptoKey.cpp
View file

@ -1,7 +1,6 @@
#include <string.h> #include <string.h>
#include "Log.h" #include "Log.h"
#include "Gost.h" #include "Gost.h"
#include "Elligator.h"
#include "CryptoKey.h" #include "CryptoKey.h"
namespace i2p namespace i2p
@ -148,11 +147,9 @@ namespace crypto
} }
bool ECIESX25519AEADRatchetDecryptor::Decrypt (const uint8_t * epub, uint8_t * keyMaterial, BN_CTX * ctx, bool zeroPadding) bool ECIESX25519AEADRatchetDecryptor::Decrypt (const uint8_t * epub, uint8_t * sharedSecret, BN_CTX * ctx, bool zeroPadding)
{ {
uint8_t key[32]; m_StaticKeys.Agree (epub, sharedSecret);
if (!GetElligator ()->Decode (epub, key)) return false;
m_StaticKeys.Agree (key, keyMaterial);
return true; return true;
} }

4
libi2pd/CryptoKey.h
View file

@ -125,8 +125,8 @@ namespace crypto
ECIESX25519AEADRatchetDecryptor (const uint8_t * priv): m_StaticKeys (priv, nullptr) {}; ECIESX25519AEADRatchetDecryptor (const uint8_t * priv): m_StaticKeys (priv, nullptr) {};
~ECIESX25519AEADRatchetDecryptor () {}; ~ECIESX25519AEADRatchetDecryptor () {};
bool Decrypt (const uint8_t * epub, uint8_t * keyMaterial, BN_CTX * ctx, bool zeroPadding); bool Decrypt (const uint8_t * epub, uint8_t * sharedSecret, BN_CTX * ctx, bool zeroPadding);
// take elligator encoded ephemeral pub (32 bytes), agree with static and return in keyMaterial (32 bytes) // agree with static and return in sharedSecret (32 bytes)
size_t GetPublicKeyLen () const { return 32; }; size_t GetPublicKeyLen () const { return 32; };
private: private:

2
libi2pd/Destination.h
View file

@ -237,6 +237,8 @@ namespace client
// implements LocalDestination // implements LocalDestination
bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const;
std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Keys.GetPublic (); }; std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Keys.GetPublic (); };
i2p::data::CryptoKeyType GetEncryptionType () const { return m_EncryptionKeyType; };
const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionPublicKey; };
protected: protected:

36
libi2pd/Garlic.cpp
View file

@ -1,8 +1,10 @@
#include <inttypes.h> #include <inttypes.h>
#include <openssl/sha.h>
#include "I2PEndian.h" #include "I2PEndian.h"
#include <map> #include <map>
#include <string> #include <string>
#include "Crypto.h" #include "Crypto.h"
#include "Elligator.h"
#include "RouterContext.h" #include "RouterContext.h"
#include "I2NPProtocol.h" #include "I2NPProtocol.h"
#include "Tunnel.h" #include "Tunnel.h"
@ -433,6 +435,12 @@ namespace garlic
return; return;
} }
buf += 4; // length buf += 4; // length
if (GetEncryptionType () == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD_RARCHET)
{
HandleECIESx25519 (buf, length - 4);
return;
}
// otherwise assume ElGamal/AES
auto it = m_Tags.find (SessionTag(buf)); auto it = m_Tags.find (SessionTag(buf));
if (it != m_Tags.end ()) if (it != m_Tags.end ())
{ {
@ -821,5 +829,33 @@ namespace garlic
if (ts >= i2p::fs::GetLastUpdateTime (it) + INCOMING_TAGS_EXPIRATION_TIMEOUT) if (ts >= i2p::fs::GetLastUpdateTime (it) + INCOMING_TAGS_EXPIRATION_TIMEOUT)
i2p::fs::Remove (it); i2p::fs::Remove (it);
} }
void GarlicDestination::HandleECIESx25519 (const uint8_t * buf, size_t len)
{
// KDF
// TODO : use precalculated hashes
static const char protocolName[41] = "Noise_IKelg2+hs2_25519_ChaChaPoly_SHA256"; // 40 bytes
uint8_t h[64], ck[32];
SHA256 ((const uint8_t *)protocolName, 40, h);
memcpy (ck, h, 32);
SHA256 (h, 32, h);
// we are Bob
memcpy (h + 32, GetEncryptionPublicKey (), 32);
SHA256 (h, 64, h); // h = SHA256(h || bpk)
uint8_t aepk[32];
if (!i2p::crypto::GetElligator ()->Decode (buf, aepk))
{
LogPrint (eLogError, "Garlic: Can't decode elligator");
return;
}
memcpy (h + 32, aepk, 32);
SHA256 (h, 64, h); // h = SHA256(h || aepk)
uint8_t sharedSecret[32], keyData[64];
Decrypt (aepk, sharedSecret, m_Ctx); // x25519
i2p::crypto::HKDF (ck, sharedSecret, 32, "", keyData); // keydata = HKDF(chainKey, sharedSecret, "", 64)
memcpy (ck, keyData, 32); // chainKey = keydata[0:31]
}
} }
} }

3
libi2pd/Garlic.h
View file

@ -206,6 +206,9 @@ namespace garlic
std::shared_ptr<i2p::tunnel::InboundTunnel> from); std::shared_ptr<i2p::tunnel::InboundTunnel> from);
void HandleGarlicPayload (uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from); void HandleGarlicPayload (uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
// ECIES-X25519-AEAD-Ratchet
void HandleECIESx25519 (const uint8_t * buf, size_t len);
private: private:
BN_CTX * m_Ctx; // incoming BN_CTX * m_Ctx; // incoming

2
libi2pd/Identity.h
View file

@ -227,6 +227,8 @@ namespace data
virtual std::shared_ptr<const IdentityEx> GetIdentity () const = 0; virtual std::shared_ptr<const IdentityEx> GetIdentity () const = 0;
const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); }; const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); };
virtual CryptoKeyType GetEncryptionType () const { return GetIdentity ()->GetCryptoKeyType (); }; // override for LeaseSet
virtual const uint8_t * GetEncryptionPublicKey () const { return GetIdentity ()->GetEncryptionPublicKey (); }; // override for LeaseSet
}; };
} }
} }