/* * Copyright (c) 2013-2020, The PurpleI2P Project * * This file is part of Purple i2pd project and licensed under BSD3 * * See full license text in LICENSE file at top of project tree */ #include "Crypto.h" #include "I2PEndian.h" #include "Log.h" #include "Timestamp.h" #include "Identity.h" namespace i2p { namespace data { Identity &Identity::operator=(const Keys &keys) { // copy public and signing keys together memcpy(publicKey, keys.publicKey, sizeof(publicKey)); memcpy(signingKey, keys.signingKey, sizeof(signingKey)); memset(certificate, 0, sizeof(certificate)); return *this; } size_t Identity::FromBuffer(const uint8_t *buf, size_t len) { if (len < DEFAULT_IDENTITY_SIZE) { // buffer too small, don't overflow return 0; } memcpy(publicKey, buf, DEFAULT_IDENTITY_SIZE); return DEFAULT_IDENTITY_SIZE; } IdentHash Identity::Hash() const { IdentHash hash; SHA256(publicKey, DEFAULT_IDENTITY_SIZE, hash); return hash; } IdentityEx::IdentityEx() : m_ExtendedLen(0) { } IdentityEx::IdentityEx(const uint8_t *publicKey, const uint8_t *signingKey, SigningKeyType type, CryptoKeyType cryptoType) { if (cryptoType == CRYPTO_KEY_TYPE_ECIES_X25519_AEAD) { memcpy(m_StandardIdentity.publicKey, publicKey, 32); RAND_bytes(m_StandardIdentity.publicKey + 32, 224); } else memcpy(m_StandardIdentity.publicKey, publicKey, 256); if (type != SIGNING_KEY_TYPE_DSA_SHA1) { size_t excessLen = 0; uint8_t *excessBuf = nullptr; switch (type) { case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: { size_t padding = 128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64 RAND_bytes(m_StandardIdentity.signingKey, padding); memcpy(m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP256_KEY_LENGTH); break; } case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: { size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96 RAND_bytes(m_StandardIdentity.signingKey, padding); memcpy(m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP384_KEY_LENGTH); break; } case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: { memcpy(m_StandardIdentity.signingKey, signingKey, 128); excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132 - 128 excessBuf = new uint8_t[excessLen]; memcpy(excessBuf, signingKey + 128, excessLen); break; } case SIGNING_KEY_TYPE_RSA_SHA256_2048: case SIGNING_KEY_TYPE_RSA_SHA384_3072: case SIGNING_KEY_TYPE_RSA_SHA512_4096: LogPrint(eLogError, "Identity: RSA signing key type ", (int) type, " is not supported"); break; case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519: { size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32 RAND_bytes(m_StandardIdentity.signingKey, padding); memcpy(m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH); break; } case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: { // 256 size_t padding = 128 - i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH; // 64 = 128 - 64 RAND_bytes(m_StandardIdentity.signingKey, padding); memcpy(m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH); break; } case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: { // 512 // no padding, key length is 128 memcpy(m_StandardIdentity.signingKey, signingKey, i2p::crypto::GOSTR3410_512_PUBLIC_KEY_LENGTH); break; } default: LogPrint(eLogError, "Identity: Signing key type ", (int) type, " is not supported"); } m_ExtendedLen = 4 + excessLen; // 4 bytes extra + excess length // fill certificate m_StandardIdentity.certificate[0] = CERTIFICATE_TYPE_KEY; htobe16buf(m_StandardIdentity.certificate + 1, m_ExtendedLen); // fill extended buffer htobe16buf(m_ExtendedBuffer, type); htobe16buf(m_ExtendedBuffer + 2, cryptoType); if (excessLen && excessBuf) { if (excessLen > MAX_EXTENDED_BUFFER_SIZE - 4) { LogPrint(eLogError, "Identity: Unexpected excessive signing key len ", excessLen); excessLen = MAX_EXTENDED_BUFFER_SIZE - 4; } memcpy(m_ExtendedBuffer + 4, excessBuf, excessLen); delete[] excessBuf; } // calculate ident hash RecalculateIdentHash(); } else // DSA-SHA1 { memcpy(m_StandardIdentity.signingKey, signingKey, sizeof(m_StandardIdentity.signingKey)); memset(m_StandardIdentity.certificate, 0, sizeof(m_StandardIdentity.certificate)); m_IdentHash = m_StandardIdentity.Hash(); m_ExtendedLen = 0; } CreateVerifier(); } void IdentityEx::RecalculateIdentHash(uint8_t *buf) { bool dofree = buf == nullptr; size_t sz = GetFullLen(); if (!buf) buf = new uint8_t[sz]; ToBuffer(buf, sz); SHA256(buf, sz, m_IdentHash); if (dofree) delete[] buf; } IdentityEx::IdentityEx(const uint8_t *buf, size_t len) : m_ExtendedLen(0) { FromBuffer(buf, len); } IdentityEx::IdentityEx(const IdentityEx &other) : m_ExtendedLen(0) { *this = other; } IdentityEx::IdentityEx(const Identity &standard) : m_ExtendedLen(0) { *this = standard; } IdentityEx::~IdentityEx() { delete m_Verifier; } IdentityEx &IdentityEx::operator=(const IdentityEx &other) { memcpy(&m_StandardIdentity, &other.m_StandardIdentity, DEFAULT_IDENTITY_SIZE); m_IdentHash = other.m_IdentHash; m_ExtendedLen = other.m_ExtendedLen; if (m_ExtendedLen > 0) { if (m_ExtendedLen > MAX_EXTENDED_BUFFER_SIZE) m_ExtendedLen = MAX_EXTENDED_BUFFER_SIZE; memcpy(m_ExtendedBuffer, other.m_ExtendedBuffer, m_ExtendedLen); } delete m_Verifier; m_Verifier = nullptr; return *this; } IdentityEx &IdentityEx::operator=(const Identity &standard) { m_StandardIdentity = standard; m_IdentHash = m_StandardIdentity.Hash(); m_ExtendedLen = 0; delete m_Verifier; m_Verifier = nullptr; return *this; } size_t IdentityEx::FromBuffer(const uint8_t *buf, size_t len) { if (len < DEFAULT_IDENTITY_SIZE) { LogPrint(eLogError, "Identity: Buffer length ", len, " is too small"); return 0; } memcpy(&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE); m_ExtendedLen = bufbe16toh(m_StandardIdentity.certificate + 1); if (m_ExtendedLen) { if (m_ExtendedLen + DEFAULT_IDENTITY_SIZE <= len) { if (m_ExtendedLen > MAX_EXTENDED_BUFFER_SIZE) m_ExtendedLen = MAX_EXTENDED_BUFFER_SIZE; memcpy(m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen); } else { LogPrint(eLogError, "Identity: Certificate length ", m_ExtendedLen, " exceeds buffer length ", len - DEFAULT_IDENTITY_SIZE); m_ExtendedLen = 0; return 0; } } else m_ExtendedLen = 0; SHA256(buf, GetFullLen(), m_IdentHash); delete m_Verifier; m_Verifier = nullptr; return GetFullLen(); } size_t IdentityEx::ToBuffer(uint8_t *buf, size_t len) const { const size_t fullLen = GetFullLen(); if (fullLen > len) return 0; // buffer is too small and may overflow somewhere else memcpy(buf, &m_StandardIdentity, DEFAULT_IDENTITY_SIZE); if (m_ExtendedLen > 0) memcpy(buf + DEFAULT_IDENTITY_SIZE, m_ExtendedBuffer, m_ExtendedLen); return fullLen; } size_t IdentityEx::FromBase64(const std::string &s) { const size_t slen = s.length(); std::vector buf(slen); // binary data can't exceed base64 const size_t len = Base64ToByteStream(s.c_str(), slen, buf.data(), slen); return FromBuffer(buf.data(), len); } std::string IdentityEx::ToBase64() const { const size_t bufLen = GetFullLen(); const size_t strLen = Base64EncodingBufferSize(bufLen); std::vector buf(bufLen); std::vector str(strLen); size_t l = ToBuffer(buf.data(), bufLen); size_t l1 = i2p::data::ByteStreamToBase64(buf.data(), l, str.data(), strLen); return std::string(str.data(), l1); } size_t IdentityEx::GetSigningPublicKeyLen() const { if (!m_Verifier) CreateVerifier(); if (m_Verifier) return m_Verifier->GetPublicKeyLen(); return 128; } const uint8_t *IdentityEx::GetSigningPublicKeyBuffer() const { auto keyLen = GetSigningPublicKeyLen(); if (keyLen > 128) return nullptr; // P521 return m_StandardIdentity.signingKey + 128 - keyLen; } size_t IdentityEx::GetSigningPrivateKeyLen() const { if (!m_Verifier) CreateVerifier(); if (m_Verifier) return m_Verifier->GetPrivateKeyLen(); return GetSignatureLen() / 2; } size_t IdentityEx::GetSignatureLen() const { if (!m_Verifier) CreateVerifier(); if (m_Verifier) return m_Verifier->GetSignatureLen(); return i2p::crypto::DSA_SIGNATURE_LENGTH; } bool IdentityEx::Verify(const uint8_t *buf, size_t len, const uint8_t *signature) const { if (!m_Verifier) CreateVerifier(); if (m_Verifier) return m_Verifier->Verify(buf, len, signature); return false; } SigningKeyType IdentityEx::GetSigningKeyType() const { if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 2) return bufbe16toh(m_ExtendedBuffer); // signing key return SIGNING_KEY_TYPE_DSA_SHA1; } bool IdentityEx::IsRSA() const { auto sigType = GetSigningKeyType(); return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048; } CryptoKeyType IdentityEx::GetCryptoKeyType() const { if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4) return bufbe16toh(m_ExtendedBuffer + 2); // crypto key return CRYPTO_KEY_TYPE_ELGAMAL; } i2p::crypto::Verifier *IdentityEx::CreateVerifier(SigningKeyType keyType) { switch (keyType) { case SIGNING_KEY_TYPE_DSA_SHA1: return new i2p::crypto::DSAVerifier(); case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: return new i2p::crypto::ECDSAP256Verifier(); case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: return new i2p::crypto::ECDSAP384Verifier(); case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: return new i2p::crypto::ECDSAP521Verifier(); case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: return new i2p::crypto::EDDSA25519Verifier(); case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: return new i2p::crypto::GOSTR3410_256_Verifier(i2p::crypto::eGOSTR3410CryptoProA); case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: return new i2p::crypto::GOSTR3410_512_Verifier(i2p::crypto::eGOSTR3410TC26A512); case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519: return new i2p::crypto::RedDSA25519Verifier(); case SIGNING_KEY_TYPE_RSA_SHA256_2048: case SIGNING_KEY_TYPE_RSA_SHA384_3072: case SIGNING_KEY_TYPE_RSA_SHA512_4096: LogPrint(eLogError, "Identity: RSA signing key type ", (int) keyType, " is not supported"); break; default: LogPrint(eLogError, "Identity: Signing key type ", (int) keyType, " is not supported"); } return nullptr; } void IdentityEx::CreateVerifier() const { if (m_Verifier) return; // don't create again auto verifier = CreateVerifier(GetSigningKeyType()); if (verifier) { auto keyLen = verifier->GetPublicKeyLen(); if (keyLen <= 128) verifier->SetPublicKey(m_StandardIdentity.signingKey + 128 - keyLen); else { // for P521 uint8_t *signingKey = new uint8_t[keyLen]; memcpy(signingKey, m_StandardIdentity.signingKey, 128); size_t excessLen = keyLen - 128; memcpy(signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types verifier->SetPublicKey(signingKey); delete[] signingKey; } } UpdateVerifier(verifier); } void IdentityEx::UpdateVerifier(i2p::crypto::Verifier *verifier) const { bool del = false; { std::lock_guard l(m_VerifierMutex); if (!m_Verifier) m_Verifier = verifier; else del = true; } if (del) delete verifier; } void IdentityEx::DropVerifier() const { i2p::crypto::Verifier *verifier; { std::lock_guard l(m_VerifierMutex); verifier = m_Verifier; m_Verifier = nullptr; } delete verifier; } std::shared_ptr IdentityEx::CreateEncryptor(CryptoKeyType keyType, const uint8_t *key) { switch (keyType) { case CRYPTO_KEY_TYPE_ELGAMAL: return std::make_shared(key); break; case CRYPTO_KEY_TYPE_ECIES_X25519_AEAD: return std::make_shared(key); break; case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST: return std::make_shared(key); break; case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: return std::make_shared(key); break; default: LogPrint(eLogError, "Identity: Unknown crypto key type ", (int) keyType); } return nullptr; } std::shared_ptr IdentityEx::CreateEncryptor(const uint8_t *key) const { if (!key) key = GetEncryptionPublicKey(); // use publicKey return CreateEncryptor(GetCryptoKeyType(), key); } PrivateKeys &PrivateKeys::operator=(const Keys &keys) { m_Public = std::make_shared(Identity(keys)); memcpy(m_PrivateKey, keys.privateKey, 256); // 256 memcpy(m_SigningPrivateKey, keys.signingPrivateKey, m_Public->GetSigningPrivateKeyLen()); m_OfflineSignature.resize(0); m_TransientSignatureLen = 0; m_TransientSigningPrivateKeyLen = 0; m_Signer = nullptr; CreateSigner(); return *this; } PrivateKeys &PrivateKeys::operator=(const PrivateKeys &other) { m_Public = std::make_shared(*other.m_Public); memcpy(m_PrivateKey, other.m_PrivateKey, 256); // 256 m_OfflineSignature = other.m_OfflineSignature; m_TransientSignatureLen = other.m_TransientSignatureLen; m_TransientSigningPrivateKeyLen = other.m_TransientSigningPrivateKeyLen; memcpy(m_SigningPrivateKey, other.m_SigningPrivateKey, m_TransientSigningPrivateKeyLen > 0 ? m_TransientSigningPrivateKeyLen : m_Public->GetSigningPrivateKeyLen()); m_Signer = nullptr; CreateSigner(); return *this; } size_t PrivateKeys::GetFullLen() const { size_t ret = m_Public->GetFullLen() + GetPrivateKeyLen() + m_Public->GetSigningPrivateKeyLen(); if (IsOfflineSignature()) ret += m_OfflineSignature.size() + m_TransientSigningPrivateKeyLen; return ret; } size_t PrivateKeys::FromBuffer(const uint8_t *buf, size_t len) { m_Public = std::make_shared(); size_t ret = m_Public->FromBuffer(buf, len); auto cryptoKeyLen = GetPrivateKeyLen(); if (!ret || ret + cryptoKeyLen > len) return 0; // overflow memcpy(m_PrivateKey, buf + ret, cryptoKeyLen); ret += cryptoKeyLen; size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen(); if (signingPrivateKeySize + ret > len || signingPrivateKeySize > 128) return 0; // overflow memcpy(m_SigningPrivateKey, buf + ret, signingPrivateKeySize); ret += signingPrivateKeySize; m_Signer = nullptr; // check if signing private key is all zeros bool allzeros = true; for (size_t i = 0; i < signingPrivateKeySize; i++) if (m_SigningPrivateKey[i]) { allzeros = false; break; } if (allzeros) { // offline information const uint8_t *offlineInfo = buf + ret; ret += 4; // expires timestamp SigningKeyType keyType = bufbe16toh(buf + ret); ret += 2; // key type std::unique_ptr transientVerifier(IdentityEx::CreateVerifier(keyType)); if (!transientVerifier) return 0; auto keyLen = transientVerifier->GetPublicKeyLen(); if (keyLen + ret > len) return 0; transientVerifier->SetPublicKey(buf + ret); ret += keyLen; if (m_Public->GetSignatureLen() + ret > len) return 0; if (!m_Public->Verify(offlineInfo, keyLen + 6, buf + ret)) { LogPrint(eLogError, "Identity: Offline signature verification failed"); return 0; } ret += m_Public->GetSignatureLen(); m_TransientSignatureLen = transientVerifier->GetSignatureLen(); // copy offline signature size_t offlineInfoLen = buf + ret - offlineInfo; m_OfflineSignature.resize(offlineInfoLen); memcpy(m_OfflineSignature.data(), offlineInfo, offlineInfoLen); // override signing private key m_TransientSigningPrivateKeyLen = transientVerifier->GetPrivateKeyLen(); if (m_TransientSigningPrivateKeyLen + ret > len || m_TransientSigningPrivateKeyLen > 128) return 0; memcpy(m_SigningPrivateKey, buf + ret, m_TransientSigningPrivateKeyLen); ret += m_TransientSigningPrivateKeyLen; CreateSigner(keyType); } else CreateSigner(m_Public->GetSigningKeyType()); return ret; } size_t PrivateKeys::ToBuffer(uint8_t *buf, size_t len) const { size_t ret = m_Public->ToBuffer(buf, len); auto cryptoKeyLen = GetPrivateKeyLen(); memcpy(buf + ret, m_PrivateKey, cryptoKeyLen); ret += cryptoKeyLen; size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen(); if (ret + signingPrivateKeySize > len) return 0; // overflow if (IsOfflineSignature()) memset(buf + ret, 0, signingPrivateKeySize); else memcpy(buf + ret, m_SigningPrivateKey, signingPrivateKeySize); ret += signingPrivateKeySize; if (IsOfflineSignature()) { // offline signature auto offlineSignatureLen = m_OfflineSignature.size(); if (ret + offlineSignatureLen > len) return 0; memcpy(buf + ret, m_OfflineSignature.data(), offlineSignatureLen); ret += offlineSignatureLen; // transient private key if (ret + m_TransientSigningPrivateKeyLen > len) return 0; memcpy(buf + ret, m_SigningPrivateKey, m_TransientSigningPrivateKeyLen); ret += m_TransientSigningPrivateKeyLen; } return ret; } size_t PrivateKeys::FromBase64(const std::string &s) { uint8_t *buf = new uint8_t[s.length()]; size_t l = i2p::data::Base64ToByteStream(s.c_str(), s.length(), buf, s.length()); size_t ret = FromBuffer(buf, l); delete[] buf; return ret; } std::string PrivateKeys::ToBase64() const { uint8_t *buf = new uint8_t[GetFullLen()]; char *str = new char[GetFullLen() * 2]; size_t l = ToBuffer(buf, GetFullLen()); size_t l1 = i2p::data::ByteStreamToBase64(buf, l, str, GetFullLen() * 2); str[l1] = 0; delete[] buf; std::string ret(str); delete[] str; return ret; } void PrivateKeys::Sign(const uint8_t *buf, int len, uint8_t *signature) const { if (!m_Signer) CreateSigner(); m_Signer->Sign(buf, len, signature); } void PrivateKeys::CreateSigner() const { if (IsOfflineSignature()) CreateSigner(bufbe16toh(m_OfflineSignature.data() + 4)); // key type else CreateSigner(m_Public->GetSigningKeyType()); } void PrivateKeys::CreateSigner(SigningKeyType keyType) const { if (m_Signer) return; if (keyType == SIGNING_KEY_TYPE_DSA_SHA1) m_Signer.reset( new i2p::crypto::DSASigner(m_SigningPrivateKey, m_Public->GetStandardIdentity().signingKey)); else if (keyType == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 && !IsOfflineSignature()) m_Signer.reset(new i2p::crypto::EDDSA25519Signer(m_SigningPrivateKey, m_Public->GetStandardIdentity().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); // TODO: remove public key check else { // public key is not required auto signer = CreateSigner(keyType, m_SigningPrivateKey); if (signer) m_Signer.reset(signer); } } i2p::crypto::Signer *PrivateKeys::CreateSigner(SigningKeyType keyType, const uint8_t *priv) { switch (keyType) { case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: return new i2p::crypto::ECDSAP256Signer(priv); break; case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: return new i2p::crypto::ECDSAP384Signer(priv); break; case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: return new i2p::crypto::ECDSAP521Signer(priv); break; case SIGNING_KEY_TYPE_RSA_SHA256_2048: case SIGNING_KEY_TYPE_RSA_SHA384_3072: case SIGNING_KEY_TYPE_RSA_SHA512_4096: LogPrint(eLogError, "Identity: RSA signing key type ", (int) keyType, " is not supported"); break; case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: return new i2p::crypto::EDDSA25519Signer(priv, nullptr); break; case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: return new i2p::crypto::GOSTR3410_256_Signer(i2p::crypto::eGOSTR3410CryptoProA, priv); break; case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: return new i2p::crypto::GOSTR3410_512_Signer(i2p::crypto::eGOSTR3410TC26A512, priv); break; case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519: return new i2p::crypto::RedDSA25519Signer(priv); break; default: LogPrint(eLogError, "Identity: Signing key type ", (int) keyType, " is not supported"); } return nullptr; } size_t PrivateKeys::GetSignatureLen() const { return IsOfflineSignature() ? m_TransientSignatureLen : m_Public->GetSignatureLen(); } size_t PrivateKeys::GetPrivateKeyLen() const { // private key length always 256, but type 4 return (m_Public->GetCryptoKeyType() == CRYPTO_KEY_TYPE_ECIES_X25519_AEAD) ? 32 : 256; } uint8_t *PrivateKeys::GetPadding() { if (m_Public->GetSigningKeyType() == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519) return m_Public->GetEncryptionPublicKeyBuffer() + 256; else return nullptr; // TODO: implement me } std::shared_ptr PrivateKeys::CreateDecryptor(const uint8_t *key) const { if (!key) key = m_PrivateKey; // use privateKey return CreateDecryptor(m_Public->GetCryptoKeyType(), key); } std::shared_ptr PrivateKeys::CreateDecryptor(CryptoKeyType cryptoType, const uint8_t *key) { if (!key) return nullptr; switch (cryptoType) { case CRYPTO_KEY_TYPE_ELGAMAL: return std::make_shared(key); break; case CRYPTO_KEY_TYPE_ECIES_X25519_AEAD: return std::make_shared(key); break; case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST: return std::make_shared(key); break; case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: return std::make_shared(key); break; default: LogPrint(eLogError, "Identity: Unknown crypto key type ", (int) cryptoType); } return nullptr; } PrivateKeys PrivateKeys::CreateRandomKeys(SigningKeyType type, CryptoKeyType cryptoType) { if (type != SIGNING_KEY_TYPE_DSA_SHA1) { PrivateKeys keys; // signature uint8_t signingPublicKey[512]; // signing public key is 512 bytes max GenerateSigningKeyPair(type, keys.m_SigningPrivateKey, signingPublicKey); // encryption uint8_t publicKey[256]; GenerateCryptoKeyPair(cryptoType, keys.m_PrivateKey, publicKey); // identity keys.m_Public = std::make_shared(publicKey, signingPublicKey, type, cryptoType); keys.CreateSigner(); return keys; } return PrivateKeys(i2p::data::CreateRandomKeys()); // DSA-SHA1 } void PrivateKeys::GenerateSigningKeyPair(SigningKeyType type, uint8_t *priv, uint8_t *pub) { switch (type) { case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: i2p::crypto::CreateECDSAP256RandomKeys(priv, pub); break; case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: i2p::crypto::CreateECDSAP384RandomKeys(priv, pub); break; case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: i2p::crypto::CreateECDSAP521RandomKeys(priv, pub); break; case SIGNING_KEY_TYPE_RSA_SHA256_2048: case SIGNING_KEY_TYPE_RSA_SHA384_3072: case SIGNING_KEY_TYPE_RSA_SHA512_4096: LogPrint(eLogWarning, "Identity: RSA signature type is not supported. Creating EdDSA"); #if (__cplusplus >= 201703L) // C++ 17 or higher [[fallthrough]]; #endif // no break here case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: i2p::crypto::CreateEDDSA25519RandomKeys(priv, pub); break; case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: i2p::crypto::CreateGOSTR3410RandomKeys(i2p::crypto::eGOSTR3410CryptoProA, priv, pub); break; case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: i2p::crypto::CreateGOSTR3410RandomKeys(i2p::crypto::eGOSTR3410TC26A512, priv, pub); break; case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519: i2p::crypto::CreateRedDSA25519RandomKeys(priv, pub); break; default: LogPrint(eLogWarning, "Identity: Signing key type ", (int) type, " is not supported. Create DSA-SHA1"); i2p::crypto::CreateDSARandomKeys(priv, pub); // DSA-SHA1 } } void PrivateKeys::GenerateCryptoKeyPair(CryptoKeyType type, uint8_t *priv, uint8_t *pub) { switch (type) { case CRYPTO_KEY_TYPE_ELGAMAL: i2p::crypto::GenerateElGamalKeyPair(priv, pub); break; case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST: i2p::crypto::CreateECIESP256RandomKeys(priv, pub); break; case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: i2p::crypto::CreateECIESGOSTR3410RandomKeys(priv, pub); break; case CRYPTO_KEY_TYPE_ECIES_X25519_AEAD: i2p::crypto::CreateECIESX25519AEADRatchetRandomKeys(priv, pub); break; default: LogPrint(eLogError, "Identity: Crypto key type ", (int) type, " is not supported"); } } PrivateKeys PrivateKeys::CreateOfflineKeys(SigningKeyType type, uint32_t expires) const { PrivateKeys keys(*this); std::unique_ptr verifier(IdentityEx::CreateVerifier(type)); if (verifier) { size_t pubKeyLen = verifier->GetPublicKeyLen(); keys.m_TransientSigningPrivateKeyLen = verifier->GetPrivateKeyLen(); keys.m_TransientSignatureLen = verifier->GetSignatureLen(); keys.m_OfflineSignature.resize(pubKeyLen + m_Public->GetSignatureLen() + 6); htobe32buf(keys.m_OfflineSignature.data(), expires); // expires htobe16buf(keys.m_OfflineSignature.data() + 4, type); // type GenerateSigningKeyPair(type, keys.m_SigningPrivateKey, keys.m_OfflineSignature.data() + 6); // public key Sign(keys.m_OfflineSignature.data(), pubKeyLen + 6, keys.m_OfflineSignature.data() + 6 + pubKeyLen); // signature // recreate signer keys.m_Signer = nullptr; keys.CreateSigner(type); } return keys; } Keys CreateRandomKeys() { Keys keys; // encryption i2p::crypto::GenerateElGamalKeyPair(keys.privateKey, keys.publicKey); // signing i2p::crypto::CreateDSARandomKeys(keys.signingPrivateKey, keys.signingKey); return keys; } IdentHash CreateRoutingKey(const IdentHash &ident) { uint8_t buf[41]; // ident + yyyymmdd memcpy(buf, (const uint8_t *) ident, 32); i2p::util::GetCurrentDate((char *) (buf + 32)); IdentHash key; SHA256(buf, 40, key); return key; } XORMetric operator^(const IdentHash &key1, const IdentHash &key2) { XORMetric m; #if (defined(__x86_64__) || defined(__i386__)) && defined(__AVX__) // not all X86 targets supports AVX (like old Pentium, see #1600) if(i2p::cpu::avx) { __asm__ ( "vmovups %1, %%ymm0 \n" "vmovups %2, %%ymm1 \n" "vxorps %%ymm0, %%ymm1, %%ymm1 \n" "vmovups %%ymm1, %0 \n" : "=m"(*m.metric) : "m"(*key1), "m"(*key2) : "memory", "%xmm0", "%xmm1" // should be replaced by %ymm0/1 once supported by compiler ); } else #endif { const uint64_t *hash1 = key1.GetLL(), *hash2 = key2.GetLL(); m.metric_ll[0] = hash1[0] ^ hash2[0]; m.metric_ll[1] = hash1[1] ^ hash2[1]; m.metric_ll[2] = hash1[2] ^ hash2[2]; m.metric_ll[3] = hash1[3] ^ hash2[3]; } return m; } } }