Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-04-16 06:02:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

common ML-KEM names and key lengths
Some checks are pending
Build Debian packages / bookworm (push) Waiting to run
Details
Build Debian packages / bullseye (push) Waiting to run
Details
Build Debian packages / buster (push) Waiting to run
Details
Build on FreeBSD / with UPnP (push) Waiting to run
Details
Build on OSX / With USE_UPNP=no (push) Waiting to run
Details
Build on OSX / With USE_UPNP=yes (push) Waiting to run
Details
Build on Windows / i686 (push) Waiting to run
Details
Build on Windows / clang-x86_64 (push) Waiting to run
Details
Build on Windows / ucrt-x86_64 (push) Waiting to run
Details
Build on Windows / x86_64 (push) Waiting to run
Details
Build on Windows / CMake clang-x86_64 (push) Waiting to run
Details
Build on Windows / CMake i686 (push) Waiting to run
Details
Build on Windows / CMake ucrt-x86_64 (push) Waiting to run
Details
Build on Windows / CMake x86_64 (push) Waiting to run
Details
Build on Windows / XP (push) Waiting to run
Details
Build on Ubuntu / Make with USE_UPNP=no (push) Waiting to run
Details
Build on Ubuntu / Make with USE_UPNP=yes (push) Waiting to run
Details
Build on Ubuntu / CMake with -DWITH_UPNP=OFF (push) Waiting to run
Details
Build on Ubuntu / CMake with -DWITH_UPNP=ON (push) Waiting to run
Details
Build containers / Building container for linux/amd64 (push) Waiting to run
Details
Build containers / Building container for linux/arm64 (push) Waiting to run
Details
Build containers / Building container for linux/arm/v7 (push) Waiting to run
Details
Build containers / Building container for linux/386 (push) Waiting to run
Details
Build containers / Pushing merged manifest (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
orignal 2025-04-13 18:18:44 -04:00
parent f6abbe5908
commit 9ab1a67f0b
5 changed files with 88 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
libi2pd/Crypto.cpp
View file

@ -1011,32 +1011,32 @@ namespace crypto
#if OPENSSL_PQ #if OPENSSL_PQ
MLKEM512Keys::MLKEM512Keys (): MLKEMKeys::MLKEMKeys (std::string_view name, size_t keyLen, size_t ctLen):
m_Pkey (nullptr) m_Name (name), m_KeyLen (keyLen), m_CTLen (ctLen),m_Pkey (nullptr)
{ {
} }
MLKEM512Keys::~MLKEM512Keys () MLKEMKeys::~MLKEMKeys ()
{ {
if (m_Pkey) EVP_PKEY_free (m_Pkey); if (m_Pkey) EVP_PKEY_free (m_Pkey);
} }
void MLKEM512Keys::GenerateKeys () void MLKEMKeys::GenerateKeys ()
{ {
if (m_Pkey) EVP_PKEY_free (m_Pkey); if (m_Pkey) EVP_PKEY_free (m_Pkey);
m_Pkey = EVP_PKEY_Q_keygen(NULL, NULL, "ML-KEM-512"); m_Pkey = EVP_PKEY_Q_keygen(NULL, NULL, m_Name.c_str ());
} }
void MLKEM512Keys::GetPublicKey (uint8_t * pub) const void MLKEMKeys::GetPublicKey (uint8_t * pub) const
{ {
if (m_Pkey) if (m_Pkey)
{ {
size_t len = MLKEM512_KEY_LENGTH; size_t len = m_KeyLen;
EVP_PKEY_get_octet_string_param (m_Pkey, OSSL_PKEY_PARAM_PUB_KEY, pub, MLKEM512_KEY_LENGTH, &len); EVP_PKEY_get_octet_string_param (m_Pkey, OSSL_PKEY_PARAM_PUB_KEY, pub, m_KeyLen, &len);
} }
} }
void MLKEM512Keys::SetPublicKey (const uint8_t * pub) void MLKEMKeys::SetPublicKey (const uint8_t * pub)
{ {
if (m_Pkey) if (m_Pkey)
{ {
@ -1045,10 +1045,10 @@ namespace crypto
} }
OSSL_PARAM params[] = OSSL_PARAM params[] =
{ {
OSSL_PARAM_octet_string (OSSL_PKEY_PARAM_PUB_KEY, (uint8_t *)pub, MLKEM512_KEY_LENGTH), OSSL_PARAM_octet_string (OSSL_PKEY_PARAM_PUB_KEY, (uint8_t *)pub, m_KeyLen),
OSSL_PARAM_END OSSL_PARAM_END
}; };
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name (NULL, "ML-KEM-512", NULL); EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name (NULL, m_Name.c_str (), NULL);
if (ctx) if (ctx)
{ {
EVP_PKEY_fromdata_init (ctx); EVP_PKEY_fromdata_init (ctx);
@ -1059,14 +1059,14 @@ namespace crypto
LogPrint (eLogError, "MLKEM512 can't create PKEY context"); LogPrint (eLogError, "MLKEM512 can't create PKEY context");
} }
void MLKEM512Keys::Encaps (uint8_t * ciphertext, uint8_t * shared) void MLKEMKeys::Encaps (uint8_t * ciphertext, uint8_t * shared)
{ {
if (!m_Pkey) return; if (!m_Pkey) return;
auto ctx = EVP_PKEY_CTX_new_from_pkey (NULL, m_Pkey, NULL); auto ctx = EVP_PKEY_CTX_new_from_pkey (NULL, m_Pkey, NULL);
if (ctx) if (ctx)
{ {
EVP_PKEY_encapsulate_init (ctx, NULL); EVP_PKEY_encapsulate_init (ctx, NULL);
size_t len = MLKEM512_CIPHER_TEXT_LENGTH, sharedLen = 32; size_t len = m_CTLen, sharedLen = 32;
EVP_PKEY_encapsulate (ctx, ciphertext, &len, shared, &sharedLen); EVP_PKEY_encapsulate (ctx, ciphertext, &len, shared, &sharedLen);
EVP_PKEY_CTX_free (ctx); EVP_PKEY_CTX_free (ctx);
} }
@ -1074,7 +1074,7 @@ namespace crypto
LogPrint (eLogError, "MLKEM512 can't create PKEY context"); LogPrint (eLogError, "MLKEM512 can't create PKEY context");
} }
void MLKEM512Keys::Decaps (const uint8_t * ciphertext, uint8_t * shared) void MLKEMKeys::Decaps (const uint8_t * ciphertext, uint8_t * shared)
{ {
if (!m_Pkey) return; if (!m_Pkey) return;
auto ctx = EVP_PKEY_CTX_new_from_pkey (NULL, m_Pkey, NULL); auto ctx = EVP_PKEY_CTX_new_from_pkey (NULL, m_Pkey, NULL);
@ -1082,7 +1082,7 @@ namespace crypto
{ {
EVP_PKEY_decapsulate_init (ctx, NULL); EVP_PKEY_decapsulate_init (ctx, NULL);
size_t sharedLen = 32; size_t sharedLen = 32;
EVP_PKEY_decapsulate (ctx, shared, &sharedLen, ciphertext, MLKEM512_CIPHER_TEXT_LENGTH); EVP_PKEY_decapsulate (ctx, shared, &sharedLen, ciphertext, m_CTLen);
EVP_PKEY_CTX_free (ctx); EVP_PKEY_CTX_free (ctx);
} }
else else

30
libi2pd/Crypto.h
View file

@ -11,7 +11,10 @@
#include <inttypes.h> #include <inttypes.h>
#include <string> #include <string>
#include <string_view>
#include <vector> #include <vector>
#include <array>
#include <tuple>
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/aes.h> #include <openssl/aes.h>
@ -279,14 +282,13 @@ namespace crypto
#if OPENSSL_PQ #if OPENSSL_PQ
// Post Quantum // Post Quantum
constexpr size_t MLKEM512_KEY_LENGTH = 800;
constexpr size_t MLKEM512_CIPHER_TEXT_LENGTH = 768; class MLKEMKeys
class MLKEM512Keys
{ {
public: public:
MLKEM512Keys (); MLKEMKeys (std::string_view name, size_t keyLen, size_t ctLen);
~MLKEM512Keys (); ~MLKEMKeys ();
void GenerateKeys (); void GenerateKeys ();
void GetPublicKey (uint8_t * pub) const; void GetPublicKey (uint8_t * pub) const;
@ -296,8 +298,26 @@ namespace crypto
private: private:
const std::string m_Name;
const size_t m_KeyLen, m_CTLen;
EVP_PKEY * m_Pkey; EVP_PKEY * m_Pkey;
}; };
constexpr size_t MLKEM512_KEY_LENGTH = 800;
constexpr size_t MLKEM512_CIPHER_TEXT_LENGTH = 768;
constexpr std::array<std::tuple<std::string_view, size_t, size_t>, 1> MLKEMS =
{
std::make_tuple ("ML-KEM-512", MLKEM512_KEY_LENGTH, MLKEM512_CIPHER_TEXT_LENGTH)
};
class MLKEM512Keys: public MLKEMKeys
{
public:
MLKEM512Keys (): MLKEMKeys (std::get<0>(MLKEMS[0]), std::get<1>(MLKEMS[0]), std::get<2>(MLKEMS[0])) {}
};
#endif #endif
} }
} }

17
libi2pd/CryptoKey.h
View file

@ -183,6 +183,23 @@ namespace crypto
}; };
return 0; return 0;
} }
#if OPENSSL_PQ
constexpr size_t GetMLKEMPublicKeyLen (i2p::data::CryptoKeyType type)
{
if (type <= i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD ||
type - i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD > (int)MLKEMS.size ()) return 0;
return std::get<1>(MLKEMS[type - i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD - 1]);
}
constexpr size_t GetMLKEMCipherTextLen (i2p::data::CryptoKeyType type)
{
if (type <= i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD ||
type - i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD > (int)MLKEMS.size ()) return 0;
return std::get<2>(MLKEMS[type - i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD - 1]);
}
#endif
} }
} }

55
libi2pd/ECIESX25519AEADRatchetSession.cpp
View file

@ -11,6 +11,7 @@
#include "Log.h" #include "Log.h"
#include "util.h" #include "util.h"
#include "Crypto.h" #include "Crypto.h"
#include "CryptoKey.h"
#include "Elligator.h" #include "Elligator.h"
#include "Tag.h" #include "Tag.h"
#include "I2PEndian.h" #include "I2PEndian.h"
@ -560,18 +561,19 @@ namespace garlic
} }
MixKey (sharedSecret); MixKey (sharedSecret);
#if OPENSSL_PQ #if OPENSSL_PQ
if (m_RemoteStaticKeyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD) if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
{ {
uint8_t encapsKey[i2p::crypto::MLKEM512_KEY_LENGTH]; auto keyLen = i2p::crypto::GetMLKEMPublicKeyLen (m_RemoteStaticKeyType);
m_PQKeys->GetPublicKey (encapsKey); std::vector<uint8_t> encapsKey(keyLen);
m_PQKeys->GetPublicKey (encapsKey.data ());
// encrypt encapsKey // encrypt encapsKey
if (!Encrypt (encapsKey, out + offset, i2p::crypto::MLKEM512_KEY_LENGTH)) if (!Encrypt (encapsKey.data (), out + offset, keyLen))
{ {
LogPrint (eLogWarning, "Garlic: ML-KEM encap_key section AEAD encryption failed "); LogPrint (eLogWarning, "Garlic: ML-KEM encap_key section AEAD encryption failed ");
return false; return false;
} }
MixHash (out + offset, i2p::crypto::MLKEM512_KEY_LENGTH + 16); // h = SHA256(h || ciphertext) MixHash (out + offset, keyLen + 16); // h = SHA256(h || ciphertext)
offset += i2p::crypto::MLKEM512_KEY_LENGTH + 16; offset += keyLen + 16;
} }
#endif #endif
// encrypt flags/static key section // encrypt flags/static key section
@ -657,19 +659,20 @@ namespace garlic
#if OPENSSL_PQ #if OPENSSL_PQ
if (m_PQKeys) if (m_PQKeys)
{ {
uint8_t kemCiphertext[i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH]; size_t cipherTextLen = i2p::crypto::GetMLKEMCipherTextLen (m_RemoteStaticKeyType);
m_PQKeys->Encaps (kemCiphertext, sharedSecret); std::vector<uint8_t> kemCiphertext(cipherTextLen);
m_PQKeys->Encaps (kemCiphertext.data (), sharedSecret);
if (!Encrypt (kemCiphertext, out + offset, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH)) if (!Encrypt (kemCiphertext.data (), out + offset, cipherTextLen))
{ {
LogPrint (eLogWarning, "Garlic: NSR ML-KEM ciphertext section AEAD encryption failed"); LogPrint (eLogWarning, "Garlic: NSR ML-KEM ciphertext section AEAD encryption failed");
return false; return false;
} }
m_NSREncodedPQKey = std::make_unique<std::array<uint8_t, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16> >(); m_NSREncodedPQKey = std::make_unique<std::vector<uint8_t> > (cipherTextLen + 16);
memcpy (m_NSREncodedPQKey->data (), out + offset, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16); memcpy (m_NSREncodedPQKey->data (), out + offset, cipherTextLen + 16);
MixHash (out + offset, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16); MixHash (out + offset, cipherTextLen + 16);
MixKey (sharedSecret); MixKey (sharedSecret);
offset += i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16; offset += cipherTextLen + 16;
} }
#endif #endif
// calculate hash for zero length // calculate hash for zero length
@ -723,9 +726,10 @@ namespace garlic
{ {
if (m_NSREncodedPQKey) if (m_NSREncodedPQKey)
{ {
memcpy (out + offset, m_NSREncodedPQKey->data (), i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16); size_t cipherTextLen = i2p::crypto::GetMLKEMCipherTextLen (m_RemoteStaticKeyType);
MixHash (out + offset, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16); memcpy (out + offset, m_NSREncodedPQKey->data (), cipherTextLen + 16);
offset += i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16; MixHash (out + offset, cipherTextLen + 16);
offset += cipherTextLen + 16;
} }
else else
{ {
@ -778,20 +782,21 @@ namespace garlic
MixKey (sharedSecret); MixKey (sharedSecret);
#if OPENSSL_PQ #if OPENSSL_PQ
if (m_RemoteStaticKeyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD) if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
{ {
// decrypt kem_ciphertext section // decrypt kem_ciphertext section
uint8_t kemCiphertext[i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH]; size_t cipherTextLen = i2p::crypto::GetMLKEMCipherTextLen (m_RemoteStaticKeyType);
if (!Decrypt (buf, kemCiphertext, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH)) std::vector<uint8_t> kemCiphertext(cipherTextLen);
if (!Decrypt (buf, kemCiphertext.data (), cipherTextLen))
{ {
LogPrint (eLogWarning, "Garlic: Reply ML-KEM ciphertext section AEAD decryption failed"); LogPrint (eLogWarning, "Garlic: Reply ML-KEM ciphertext section AEAD decryption failed");
return false; return false;
} }
MixHash (buf, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16); MixHash (buf, cipherTextLen + 16);
buf += i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16; buf += cipherTextLen + 16;
len -= i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16; len -= cipherTextLen + 16;
// decaps // decaps
m_PQKeys->Decaps (kemCiphertext, sharedSecret); m_PQKeys->Decaps (kemCiphertext.data (), sharedSecret);
MixKey (sharedSecret); MixKey (sharedSecret);
} }
#endif #endif
@ -981,8 +986,8 @@ namespace garlic
return nullptr; return nullptr;
len += 96; len += 96;
#if OPENSSL_PQ #if OPENSSL_PQ
if (m_RemoteStaticKeyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD) if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
len += i2p::crypto::MLKEM512_KEY_LENGTH + 16; len += i2p::crypto::GetMLKEMPublicKeyLen (m_RemoteStaticKeyType) + 16;
#endif #endif
break; break;
case eSessionStateNewSessionReceived: case eSessionStateNewSessionReceived:

2
libi2pd/ECIESX25519AEADRatchetSession.h
View file

@ -229,7 +229,7 @@ namespace garlic
std::shared_ptr<i2p::crypto::X25519Keys> m_EphemeralKeys; std::shared_ptr<i2p::crypto::X25519Keys> m_EphemeralKeys;
#if OPENSSL_PQ #if OPENSSL_PQ
std::unique_ptr<i2p::crypto::MLKEM512Keys> m_PQKeys; std::unique_ptr<i2p::crypto::MLKEM512Keys> m_PQKeys;
std::unique_ptr<std::array<uint8_t, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16> > m_NSREncodedPQKey; std::unique_ptr<std::vector<uint8_t> > m_NSREncodedPQKey;
#endif #endif
SessionState m_State = eSessionStateNew; SessionState m_State = eSessionStateNew;
uint64_t m_SessionCreatedTimestamp = 0, m_LastActivityTimestamp = 0, // incoming (in seconds) uint64_t m_SessionCreatedTimestamp = 0, m_LastActivityTimestamp = 0, // incoming (in seconds)