Merge remote-tracking branch 'upstream/openssl' into webroot

2025-04-27 11:17:49 +02:00 · 2018-11-09 16:30:54 +03:00 · 2018-11-09 16:30:54 +03:00 · a26ed6fe6c
commit a26ed6fe6c
parent a12a7e73f9 779228857e
46 changed files with 281 additions and 115 deletions
--- a/libi2pd/Config.cpp
+++ b/libi2pd/Config.cpp
@ -32,8 +32,10 @@ namespace config {
 		options_description general("General options");
 		general.add_options()
 			("help",                                                          "Show this message")
+			("version",                                                       "Show i2pd version")
 			("conf", value<std::string>()->default_value(""),                 "Path to main i2pd config file (default: try ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf)")
 			("tunconf", value<std::string>()->default_value(""),              "Path to config with tunnels list and options (default: try ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf)")
+			("tunnelsdir", value<std::string>()->default_value(""),   "Path to extra tunnels' configs folder (default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d")
 			("pidfile", value<std::string>()->default_value(""),              "Path to pidfile (default: ~/i2pd/i2pd.pid or /var/lib/i2pd/i2pd.pid)")
 			("log", value<std::string>()->default_value(""),                  "Logs destination: stdout, file, syslog (stdout if not set)")
 			("logfile", value<std::string>()->default_value(""),              "Path to logfile (stdout if not set, autodetect if daemon)")
@ -282,6 +284,23 @@ namespace config {
 		{
 			std::cout << "i2pd version " << I2PD_VERSION << " (" << I2P_VERSION << ")" << std::endl;
 			std::cout << m_OptionsDesc;
+			exit(EXIT_SUCCESS);
+		} 
+		else if (m_Options.count("version"))
+		{
+			std::cout << "i2pd version " << I2PD_VERSION << " (" << I2P_VERSION << ")" << std::endl;
+			std::cout << "Boost version "     
+					  << BOOST_VERSION / 100000     << "."  // maj. version
+					  << BOOST_VERSION / 100 % 1000 << "."  // min. version
+					  << BOOST_VERSION % 100                // patch version
+					  << std::endl;
+#if defined(OPENSSL_VERSION_TEXT) 
+			std::cout << OPENSSL_VERSION_TEXT << std::endl;
+#endif
+#if defined(LIBRESSL_VERSION_TEXT)
+			std::cout << LIBRESSL_VERSION_TEXT << std::endl;
+#endif
+
 			exit(EXIT_SUCCESS);
 		}
 	}
--- a/libi2pd/Crypto.cpp
+++ b/libi2pd/Crypto.cpp
@ -341,6 +341,16 @@ namespace crypto
 #endif		
 	}		
 	
+	void X25519Keys::GetPrivateKey (uint8_t * priv) const
+	{
+#if OPENSSL_X25519
+		size_t len = 32;
+		EVP_PKEY_get_raw_private_key (m_Pkey, priv, &len);
+#else
+		memcpy (priv, m_PrivateKey, 32);
+#endif
+	}
+
 // ElGamal
 	void ElGamalEncrypt (const uint8_t * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
 	{
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@ -72,6 +72,7 @@ namespace crypto

 			void GenerateKeys ();
 			const uint8_t * GetPublicKey () const { return m_PublicKey; };
+			void GetPrivateKey (uint8_t * priv) const;
 			void Agree (const uint8_t * pub, uint8_t * shared);			

 		private:
@ -124,9 +125,17 @@ namespace crypto
 			else
 #endif
 			{
-				// TODO: implement it better
-				for (int i = 0; i < 16; i++)
-					buf[i] ^= other.buf[i];
+				if (!(((size_t)buf | (size_t)other.buf) & 0x03)) // multiple of 4 ?
+				{
+					// we are good to cast to uint32_t *
+					for (int i = 0; i < 4; i++)
+						((uint32_t *)buf)[i] ^= ((uint32_t *)other.buf)[i];	
+				}	
+				else
+				{	
+					for (int i = 0; i < 16; i++)
+						buf[i] ^= other.buf[i];
+				}	
 			}
 		}
 	};
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@ -40,7 +40,7 @@ namespace transport
 		delete[] m_SessionConfirmedBuffer;
 	}

-	void NTCP2Establisher::MixKey (const uint8_t * inputKeyMaterial, uint8_t * derived)
+	void NTCP2Establisher::MixKey (const uint8_t * inputKeyMaterial)
 	{
 		// temp_key = HMAC-SHA256(ck, input_key_material)
 		uint8_t tempKey[32]; unsigned int len;
@ -50,7 +50,16 @@ namespace transport
 		HMAC(EVP_sha256(), tempKey, 32, one, 1, m_CK, &len); 	
 		// derived = HMAC-SHA256(temp_key, ck || byte(0x02))
 		m_CK[32] = 2;
-		HMAC(EVP_sha256(), tempKey, 32, m_CK, 33, derived, &len); 	
+		HMAC(EVP_sha256(), tempKey, 32, m_CK, 33, m_K, &len); 	
+	}
+
+	void NTCP2Establisher::MixHash (const uint8_t * buf, size_t len)
+	{
+		SHA256_CTX ctx;
+		SHA256_Init (&ctx);
+		SHA256_Update (&ctx, m_H, 32);
+		SHA256_Update (&ctx, buf, len);
+		SHA256_Final (m_H, &ctx);
 	}

 	void NTCP2Establisher::KeyDerivationFunction1 (const uint8_t * pub, i2p::crypto::X25519Keys& priv, const uint8_t * rs, const uint8_t * epub)
@ -73,14 +82,11 @@ namespace transport
 		SHA256_Update (&ctx, rs, 32);			
 		SHA256_Final (m_H, &ctx);
 		// h = SHA256(h || epub)
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, epub, 32);
-		SHA256_Final (m_H, &ctx);
+		MixHash (epub, 32);
 		// x25519 between pub and priv
 		uint8_t inputKeyMaterial[32];
 		priv.Agree (pub, inputKeyMaterial);
-		MixKey (inputKeyMaterial, m_K);
+		MixKey (inputKeyMaterial);
 	}

 	void NTCP2Establisher::KDF1Alice ()
@ -95,30 +101,18 @@ namespace transport

 	void NTCP2Establisher::KeyDerivationFunction2 (const uint8_t * sessionRequest, size_t sessionRequestLen, const uint8_t * epub)
 	{		
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, sessionRequest + 32, 32); // encrypted payload	
-		SHA256_Final (m_H, &ctx);
+		MixHash (sessionRequest + 32, 32); // encrypted payload	

 		int paddingLength =  sessionRequestLen - 64;
 		if (paddingLength > 0)
-		{
-			SHA256_Init (&ctx);
-			SHA256_Update (&ctx, m_H, 32);			
-			SHA256_Update (&ctx, sessionRequest + 64, paddingLength);			
-			SHA256_Final (m_H, &ctx);
-		}	
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, epub, 32); 
-		SHA256_Final (m_H, &ctx);
+			MixHash (sessionRequest + 64, paddingLength);
+		MixHash (epub, 32); 

 		// x25519 between remote pub and ephemaral priv
 		uint8_t inputKeyMaterial[32];
 		m_EphemeralKeys.Agree (GetRemotePub (), inputKeyMaterial);
 		
-		MixKey (inputKeyMaterial, m_K);
+		MixKey (inputKeyMaterial);
 	}

 	void NTCP2Establisher::KDF2Alice ()
@ -135,14 +129,14 @@ namespace transport
 	{
 		uint8_t inputKeyMaterial[32];
 		i2p::context.GetStaticKeys ().Agree (GetRemotePub (), inputKeyMaterial);		 
-		MixKey (inputKeyMaterial, m_K);
+		MixKey (inputKeyMaterial);
 	}

 	void NTCP2Establisher::KDF3Bob ()
 	{
 		uint8_t inputKeyMaterial[32];
 		m_EphemeralKeys.Agree (m_RemoteStaticKey, inputKeyMaterial); 
-		MixKey (inputKeyMaterial, m_K);
+		MixKey (inputKeyMaterial);
 	}

 	void NTCP2Establisher::CreateEphemeralKey ()
@ -170,8 +164,17 @@ namespace transport
 		memset (options, 0, 16);
 		options[1] = 2; // ver	
 		htobe16buf (options + 2, paddingLength); // padLen
-		m3p2Len = i2p::context.GetRouterInfo ().GetBufferLen () + 20; // (RI header + RI + MAC for now) TODO: implement options
+		// m3p2Len	
+		auto bufLen = i2p::context.GetRouterInfo ().GetBufferLen ();
+		m3p2Len = bufLen + 4 + 16; // (RI header + RI + MAC for now) TODO: implement options	
 		htobe16buf (options + 4,  m3p2Len);
+		// fill m3p2 payload (RouterInfo block)	
+		m_SessionConfirmedBuffer = new uint8_t[m3p2Len + 48]; // m3p1 is 48 bytes
+		uint8_t * m3p2 = m_SessionConfirmedBuffer + 48;
+		m3p2[0] = eNTCP2BlkRouterInfo; // block
+		htobe16buf (m3p2 + 1, bufLen + 1); // flag + RI
+		m3p2[3] = 0; // flag 	
+		memcpy (m3p2 + 4, i2p::context.GetRouterInfo ().GetBuffer (), bufLen); // TODO: own RI should be protected by mutex
 		// 2 bytes reserved
 		htobe32buf (options + 8, i2p::util::GetSecondsSinceEpoch ()); // tsA
 		// 4 bytes reserved
@ -208,23 +211,12 @@ namespace transport
 	void NTCP2Establisher::CreateSessionConfirmedMessagePart1 (const uint8_t * nonce)
 	{
 		// update AD
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, m_SessionCreatedBuffer + 32, 32);	// encrypted payload
-		SHA256_Final (m_H, &ctx);
-
+		MixHash (m_SessionCreatedBuffer + 32, 32);	// encrypted payload
 		int paddingLength = m_SessionCreatedBufferLen - 64;
 		if (paddingLength > 0)
-		{
-			SHA256_CTX ctx1;
-			SHA256_Init (&ctx1);
-			SHA256_Update (&ctx1, m_H, 32);			
-			SHA256_Update (&ctx1, m_SessionCreatedBuffer + 64, paddingLength);			
-			SHA256_Final (m_H, &ctx1);
-		}	
-		// part1 48 bytes 
-		m_SessionConfirmedBuffer = new uint8_t[m3p2Len + 48]; 
+			MixHash (m_SessionCreatedBuffer + 64, paddingLength);	
+
+		// part1 48 bytes  
 		i2p::crypto::AEADChaCha20Poly1305 (i2p::context.GetNTCP2StaticPublicKey (), 32, m_H, 32, m_K, nonce, m_SessionConfirmedBuffer, 48, true); // encrypt
 	}

@ -232,24 +224,13 @@ namespace transport
 	{
 		// part 2
 		// update AD again
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);			
-		SHA256_Update (&ctx, m_SessionConfirmedBuffer, 48);			
-		SHA256_Final (m_H, &ctx);		
-		// fill and encrypt
-		uint8_t * buf = m_SessionConfirmedBuffer + 48;
-		buf[0] = eNTCP2BlkRouterInfo; // block
-		htobe16buf (buf + 1, i2p::context.GetRouterInfo ().GetBufferLen () + 1); // flag + RI
-		buf[3] = 0; // flag 	
-		memcpy (buf + 4, i2p::context.GetRouterInfo ().GetBuffer (), i2p::context.GetRouterInfo ().GetBufferLen ());
+		MixHash (m_SessionConfirmedBuffer, 48);			
+		// encrypt m3p2, it must be filled in SessionRequest
 		KDF3Alice (); 
-		i2p::crypto::AEADChaCha20Poly1305 (buf, m3p2Len - 16, m_H, 32, m_K, nonce, buf, m3p2Len, true); // encrypt 
+		uint8_t * m3p2 = m_SessionConfirmedBuffer + 48;
+		i2p::crypto::AEADChaCha20Poly1305 (m3p2, m3p2Len - 16, m_H, 32, m_K, nonce, m3p2, m3p2Len, true); // encrypt 
 		// update h again
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);			
-		SHA256_Update (&ctx, buf, m3p2Len);			
-		SHA256_Final (m_H, &ctx); //h = SHA256(h || ciphertext)
+		MixHash (m3p2, m3p2Len); //h = SHA256(h || ciphertext)
 	}	

 	bool NTCP2Establisher::ProcessSessionRequestMessage (uint16_t& paddingLen)
@ -339,21 +320,11 @@ namespace transport
 	bool NTCP2Establisher::ProcessSessionConfirmedMessagePart1 (const uint8_t * nonce)
 	{
 		// update AD
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, m_SessionCreatedBuffer + 32, 32);	// encrypted payload
-		SHA256_Final (m_H, &ctx);
-
+		MixHash (m_SessionCreatedBuffer + 32, 32);	// encrypted payload
 		int paddingLength = m_SessionCreatedBufferLen - 64;
 		if (paddingLength > 0)
-		{
-			SHA256_CTX ctx1;
-			SHA256_Init (&ctx1);
-			SHA256_Update (&ctx1, m_H, 32);			
-			SHA256_Update (&ctx1, m_SessionCreatedBuffer + 64, paddingLength);			
-			SHA256_Final (m_H, &ctx1);
-		}	
+			MixHash (m_SessionCreatedBuffer + 64, paddingLength);
+		
 		if (!i2p::crypto::AEADChaCha20Poly1305 (m_SessionConfirmedBuffer, 32, m_H, 32, m_K, nonce, m_RemoteStaticKey, 32, false)) // decrypt S
 		{
 			LogPrint (eLogWarning, "NTCP2: SessionConfirmed Part1 AEAD verification failed ");
@ -365,11 +336,7 @@ namespace transport
 	bool NTCP2Establisher::ProcessSessionConfirmedMessagePart2 (const uint8_t * nonce, uint8_t * m3p2Buf)
 	{
 		// update AD again
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);			
-		SHA256_Update (&ctx, m_SessionConfirmedBuffer, 48);			
-		SHA256_Final (m_H, &ctx);		
+		MixHash (m_SessionConfirmedBuffer, 48);		

 		KDF3Bob (); 
 		if (i2p::crypto::AEADChaCha20Poly1305 (m_SessionConfirmedBuffer + 48, m3p2Len - 16, m_H, 32, m_K, nonce, m3p2Buf, m3p2Len - 16, false)) // decrypt
@ -1041,7 +1008,7 @@ namespace transport

 	void NTCP2Session::SendTermination (NTCP2TerminationReason reason)
 	{
-		if (!IsEstablished ()) return;
+		if (!m_SendKey || !m_SendSipKey) return;
 		uint8_t payload[12] = { eNTCP2BlkTermination, 0, 9 };
 		htobe64buf (payload + 3, m_ReceiveSequenceNumber);
 		payload[11] = (uint8_t)reason;
--- a/libi2pd/NTCP2.h
+++ b/libi2pd/NTCP2.h
@ -95,7 +95,8 @@ namespace transport
 		void KDF3Alice (); // for SessionConfirmed part 2
 		void KDF3Bob ();

-		void MixKey (const uint8_t * inputKeyMaterial, uint8_t * derived);
+		void MixKey (const uint8_t * inputKeyMaterial);
+		void MixHash (const uint8_t * buf, size_t len);
 		void KeyDerivationFunction1 (const uint8_t * pub, i2p::crypto::X25519Keys& priv, const uint8_t * rs, const uint8_t * epub); // for SessionRequest, (pub, priv) for DH
 		void KeyDerivationFunction2 (const uint8_t * sessionRequest, size_t sessionRequestLen, const uint8_t * epub); // for SessionCreate
 		void CreateEphemeralKey ();
--- a/libi2pd/RouterContext.cpp
+++ b/libi2pd/RouterContext.cpp
@ -116,12 +116,12 @@ namespace i2p

 	void RouterContext::NewNTCP2Keys ()
 	{
+		m_StaticKeys.reset (new i2p::crypto::X25519Keys ());
+		m_StaticKeys->GenerateKeys ();			
 		m_NTCP2Keys.reset (new NTCP2PrivateKeys ());
-		RAND_bytes (m_NTCP2Keys->staticPrivateKey, 32);
+		m_StaticKeys->GetPrivateKey (m_NTCP2Keys->staticPrivateKey);
+		memcpy (m_NTCP2Keys->staticPublicKey, m_StaticKeys->GetPublicKey (), 32);
 		RAND_bytes (m_NTCP2Keys->iv, 16);
-		BN_CTX * ctx = BN_CTX_new ();
-		i2p::crypto::GetEd25519 ()->ScalarMulB (m_NTCP2Keys->staticPrivateKey, m_NTCP2Keys->staticPublicKey, ctx); 
-		BN_CTX_free (ctx);
 		// save
 		std::ofstream fk (i2p::fs::DataDirPath (NTCP2_KEYS), std::ofstream::binary | std::ofstream::out);
 		fk.write ((char *)m_NTCP2Keys.get (), sizeof (NTCP2PrivateKeys)); 
--- a/libi2pd/version.h
+++ b/libi2pd/version.h
@ -7,7 +7,7 @@
 #define MAKE_VERSION(a,b,c) STRINGIZE(a) "." STRINGIZE(b) "." STRINGIZE(c)

 #define I2PD_VERSION_MAJOR 2
-#define I2PD_VERSION_MINOR 21
+#define I2PD_VERSION_MINOR 22
 #define I2PD_VERSION_MICRO 0
 #define I2PD_VERSION_PATCH 0
 #define I2PD_VERSION MAKE_VERSION(I2PD_VERSION_MAJOR, I2PD_VERSION_MINOR, I2PD_VERSION_MICRO)