i2pd/libi2pd/Identity.cpp

750 lines
24 KiB
C++
Raw Normal View History

2014-01-04 02:24:20 +00:00
#include <time.h>
#include <stdio.h>
2015-11-03 14:15:49 +00:00
#include "Crypto.h"
2014-08-31 00:21:58 +00:00
#include "I2PEndian.h"
2015-11-03 14:15:49 +00:00
#include "Log.h"
#include "Identity.h"
2013-12-21 01:22:55 +00:00
namespace i2p
{
namespace data
{
2013-12-22 16:29:57 +00:00
Identity& Identity::operator=(const Keys& keys)
{
// copy public and signing keys together
memcpy (publicKey, keys.publicKey, sizeof (publicKey) + sizeof (signingKey));
2017-08-07 17:46:42 +00:00
memset (certificate, 0, sizeof (certificate));
2013-12-22 16:29:57 +00:00
return *this;
2014-04-07 17:47:40 +00:00
}
2014-08-06 15:09:06 +00:00
size_t Identity::FromBuffer (const uint8_t * buf, size_t len)
{
if ( len < DEFAULT_IDENTITY_SIZE ) {
// buffer too small, don't overflow
return 0;
}
2014-08-06 15:09:06 +00:00
memcpy (publicKey, buf, DEFAULT_IDENTITY_SIZE);
return DEFAULT_IDENTITY_SIZE;
2014-04-07 18:01:24 +00:00
}
IdentHash Identity::Hash () const
{
IdentHash hash;
2015-11-03 14:15:49 +00:00
SHA256(publicKey, DEFAULT_IDENTITY_SIZE, hash);
return hash;
2017-08-07 17:46:42 +00:00
}
IdentityEx::IdentityEx ():
2016-10-10 12:59:45 +00:00
m_IsVerifierCreated (false), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
{
}
IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type, CryptoKeyType cryptoType):
2016-10-10 12:59:45 +00:00
m_IsVerifierCreated (false)
2018-01-06 03:48:51 +00:00
{
memcpy (m_StandardIdentity.publicKey, publicKey, 256); // publicKey in awlays assumed 256 regardless actual size, padding must be taken care of
2014-11-25 01:19:13 +00:00
if (type != SIGNING_KEY_TYPE_DSA_SHA1)
{
2014-11-25 01:19:13 +00:00
size_t excessLen = 0;
uint8_t * excessBuf = nullptr;
switch (type)
{
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
2017-08-07 17:46:42 +00:00
{
2014-11-25 01:19:13 +00:00
size_t padding = 128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
2015-11-03 14:15:49 +00:00
RAND_bytes (m_StandardIdentity.signingKey, padding);
2014-11-25 01:19:13 +00:00
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP256_KEY_LENGTH);
break;
}
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
2017-08-07 17:46:42 +00:00
{
2014-11-25 01:19:13 +00:00
size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
2015-11-03 14:15:49 +00:00
RAND_bytes (m_StandardIdentity.signingKey, padding);
2014-11-25 01:19:13 +00:00
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP384_KEY_LENGTH);
break;
2017-08-07 17:46:42 +00:00
}
2014-11-25 01:19:13 +00:00
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
{
memcpy (m_StandardIdentity.signingKey, signingKey, 128);
2014-11-25 02:48:01 +00:00
excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132 - 128
2014-11-25 01:19:13 +00:00
excessBuf = new uint8_t[excessLen];
memcpy (excessBuf, signingKey + 128, excessLen);
break;
2017-08-07 17:46:42 +00:00
}
2014-12-11 02:31:06 +00:00
case SIGNING_KEY_TYPE_RSA_SHA256_2048:
{
memcpy (m_StandardIdentity.signingKey, signingKey, 128);
excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256 - 128
excessBuf = new uint8_t[excessLen];
memcpy (excessBuf, signingKey + 128, excessLen);
break;
2017-08-07 17:46:42 +00:00
}
2014-12-11 02:31:06 +00:00
case SIGNING_KEY_TYPE_RSA_SHA384_3072:
{
memcpy (m_StandardIdentity.signingKey, signingKey, 128);
excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384 - 128
excessBuf = new uint8_t[excessLen];
memcpy (excessBuf, signingKey + 128, excessLen);
break;
2017-08-07 17:46:42 +00:00
}
2014-12-11 02:31:06 +00:00
case SIGNING_KEY_TYPE_RSA_SHA512_4096:
{
memcpy (m_StandardIdentity.signingKey, signingKey, 128);
excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512 - 128
excessBuf = new uint8_t[excessLen];
memcpy (excessBuf, signingKey + 128, excessLen);
break;
2017-08-07 17:46:42 +00:00
}
2015-04-08 20:28:52 +00:00
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
2015-04-08 20:18:16 +00:00
{
size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
2015-11-03 14:15:49 +00:00
RAND_bytes (m_StandardIdentity.signingKey, padding);
2015-04-08 20:28:52 +00:00
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
2015-04-08 20:18:16 +00:00
break;
2017-08-07 17:46:42 +00:00
}
case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
2017-08-07 17:46:42 +00:00
{
// 256
size_t padding = 128 - i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
RAND_bytes (m_StandardIdentity.signingKey, padding);
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH);
break;
}
case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
2017-08-07 17:46:42 +00:00
{
// 512
// no padding, key length is 128
memcpy (m_StandardIdentity.signingKey, signingKey, i2p::crypto::GOSTR3410_512_PUBLIC_KEY_LENGTH);
break;
2017-08-07 17:46:42 +00:00
}
2014-11-25 01:19:13 +00:00
default:
2015-12-18 14:08:12 +00:00
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported");
2017-08-07 17:46:42 +00:00
}
2014-11-25 02:23:12 +00:00
m_ExtendedLen = 4 + excessLen; // 4 bytes extra + excess length
2014-11-25 01:19:13 +00:00
// fill certificate
m_StandardIdentity.certificate[0] = CERTIFICATE_TYPE_KEY;
2017-08-07 17:46:42 +00:00
htobe16buf (m_StandardIdentity.certificate + 1, m_ExtendedLen);
2014-11-25 01:19:13 +00:00
// fill extended buffer
m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
htobe16buf (m_ExtendedBuffer, type);
htobe16buf (m_ExtendedBuffer + 2, cryptoType);
2014-11-25 01:19:13 +00:00
if (excessLen && excessBuf)
{
memcpy (m_ExtendedBuffer + 4, excessBuf, excessLen);
delete[] excessBuf;
2017-08-07 17:46:42 +00:00
}
2014-11-25 01:19:13 +00:00
// calculate ident hash
2017-08-07 17:46:42 +00:00
RecalculateIdentHash();
}
else // DSA-SHA1
{
memcpy (m_StandardIdentity.signingKey, signingKey, sizeof (m_StandardIdentity.signingKey));
memset (m_StandardIdentity.certificate, 0, sizeof (m_StandardIdentity.certificate));
2014-08-24 14:36:59 +00:00
m_IdentHash = m_StandardIdentity.Hash ();
m_ExtendedLen = 0;
m_ExtendedBuffer = nullptr;
2017-08-07 17:46:42 +00:00
}
CreateVerifier ();
2017-08-07 17:46:42 +00:00
}
void IdentityEx::RecalculateIdentHash(uint8_t * buf)
{
bool dofree = buf == nullptr;
size_t sz = GetFullLen();
if(!buf)
buf = new uint8_t[sz];
ToBuffer (buf, sz);
SHA256(buf, sz, m_IdentHash);
if(dofree)
delete[] buf;
}
IdentityEx::IdentityEx (const uint8_t * buf, size_t len):
2016-10-10 12:59:45 +00:00
m_IsVerifierCreated (false), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
{
FromBuffer (buf, len);
}
IdentityEx::IdentityEx (const IdentityEx& other):
2016-10-10 12:59:45 +00:00
m_IsVerifierCreated (false), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
{
*this = other;
2017-08-07 17:46:42 +00:00
}
2015-11-03 14:15:49 +00:00
IdentityEx::IdentityEx (const Identity& standard):
2016-10-10 12:59:45 +00:00
m_IsVerifierCreated (false), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
2015-11-03 14:15:49 +00:00
{
*this = standard;
2017-08-07 17:46:42 +00:00
}
IdentityEx::~IdentityEx ()
{
delete[] m_ExtendedBuffer;
2017-08-07 17:46:42 +00:00
}
IdentityEx& IdentityEx::operator=(const IdentityEx& other)
{
memcpy (&m_StandardIdentity, &other.m_StandardIdentity, DEFAULT_IDENTITY_SIZE);
m_IdentHash = other.m_IdentHash;
2017-08-07 17:46:42 +00:00
delete[] m_ExtendedBuffer;
m_ExtendedLen = other.m_ExtendedLen;
if (m_ExtendedLen > 0)
2017-08-07 17:46:42 +00:00
{
m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
memcpy (m_ExtendedBuffer, other.m_ExtendedBuffer, m_ExtendedLen);
2017-08-07 17:46:42 +00:00
}
else
m_ExtendedBuffer = nullptr;
2017-08-07 17:46:42 +00:00
2014-11-20 17:21:27 +00:00
m_Verifier = nullptr;
2016-10-10 12:59:45 +00:00
m_IsVerifierCreated = false;
2017-08-07 17:46:42 +00:00
return *this;
2017-08-07 17:46:42 +00:00
}
IdentityEx& IdentityEx::operator=(const Identity& standard)
{
m_StandardIdentity = standard;
m_IdentHash = m_StandardIdentity.Hash ();
2017-08-07 17:46:42 +00:00
delete[] m_ExtendedBuffer;
m_ExtendedBuffer = nullptr;
m_ExtendedLen = 0;
2014-08-23 12:41:06 +00:00
2014-11-20 17:21:27 +00:00
m_Verifier = nullptr;
2016-10-10 12:59:45 +00:00
m_IsVerifierCreated = false;
2017-08-07 17:46:42 +00:00
return *this;
2017-08-07 17:46:42 +00:00
}
size_t IdentityEx::FromBuffer (const uint8_t * buf, size_t len)
{
2014-12-05 00:28:20 +00:00
if (len < DEFAULT_IDENTITY_SIZE)
{
2015-12-18 14:08:12 +00:00
LogPrint (eLogError, "Identity: buffer length ", len, " is too small");
2014-12-05 00:28:20 +00:00
return 0;
2017-08-07 17:46:42 +00:00
}
memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE);
2014-08-23 12:41:06 +00:00
2016-07-25 13:57:35 +00:00
if(m_ExtendedBuffer) delete[] m_ExtendedBuffer;
m_ExtendedBuffer = nullptr;
m_ExtendedLen = bufbe16toh (m_StandardIdentity.certificate + 1);
if (m_ExtendedLen)
{
2014-12-05 00:28:20 +00:00
if (m_ExtendedLen + DEFAULT_IDENTITY_SIZE <= len)
2017-08-07 17:46:42 +00:00
{
2014-12-05 00:28:20 +00:00
m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen);
2017-08-07 17:46:42 +00:00
}
2014-12-05 00:28:20 +00:00
else
{
2015-12-18 14:08:12 +00:00
LogPrint (eLogError, "Identity: Certificate length ", m_ExtendedLen, " exceeds buffer length ", len - DEFAULT_IDENTITY_SIZE);
2016-02-02 16:55:38 +00:00
m_ExtendedLen = 0;
2014-12-05 00:28:20 +00:00
return 0;
2017-08-07 17:46:42 +00:00
}
}
else
{
m_ExtendedLen = 0;
m_ExtendedBuffer = nullptr;
2017-08-07 17:46:42 +00:00
}
2015-11-03 14:15:49 +00:00
SHA256(buf, GetFullLen (), m_IdentHash);
2017-08-07 17:46:42 +00:00
2014-11-20 17:21:27 +00:00
m_Verifier = nullptr;
2017-08-07 17:46:42 +00:00
return GetFullLen ();
2017-08-07 17:46:42 +00:00
}
size_t IdentityEx::ToBuffer (uint8_t * buf, size_t len) const
{
2016-02-05 17:32:50 +00:00
const size_t fullLen = GetFullLen();
2016-02-09 01:29:34 +00:00
if (fullLen > len) return 0; // buffer is too small and may overflow somewhere else
memcpy (buf, &m_StandardIdentity, DEFAULT_IDENTITY_SIZE);
if (m_ExtendedLen > 0 && m_ExtendedBuffer)
memcpy (buf + DEFAULT_IDENTITY_SIZE, m_ExtendedBuffer, m_ExtendedLen);
return fullLen;
}
size_t IdentityEx::FromBase64(const std::string& s)
{
const size_t slen = s.length();
std::vector<uint8_t> buf(slen); // binary data can't exceed base64
const size_t len = Base64ToByteStream (s.c_str(), slen, buf.data(), slen);
return FromBuffer (buf.data(), len);
2017-08-07 17:46:42 +00:00
}
2014-12-01 19:50:10 +00:00
std::string IdentityEx::ToBase64 () const
{
const size_t bufLen = GetFullLen();
const size_t strLen = Base64EncodingBufferSize(bufLen);
std::vector<uint8_t> buf(bufLen);
std::vector<char> str(strLen);
size_t l = ToBuffer (buf.data(), bufLen);
size_t l1 = i2p::data::ByteStreamToBase64 (buf.data(), l, str.data(), strLen);
return std::string (str.data(), l1);
2014-12-01 19:50:10 +00:00
}
2017-08-07 17:46:42 +00:00
size_t IdentityEx::GetSigningPublicKeyLen () const
{
2014-11-20 17:21:27 +00:00
if (!m_Verifier) CreateVerifier ();
2017-08-07 17:46:42 +00:00
if (m_Verifier)
return m_Verifier->GetPublicKeyLen ();
return 128;
2017-08-07 17:46:42 +00:00
}
2014-08-22 23:47:29 +00:00
2014-12-11 02:31:06 +00:00
size_t IdentityEx::GetSigningPrivateKeyLen () const
{
if (!m_Verifier) CreateVerifier ();
2017-08-07 17:46:42 +00:00
if (m_Verifier)
2014-12-11 02:31:06 +00:00
return m_Verifier->GetPrivateKeyLen ();
return GetSignatureLen ()/2;
2017-08-07 17:46:42 +00:00
}
size_t IdentityEx::GetSignatureLen () const
2017-08-07 17:46:42 +00:00
{
if (!m_Verifier) CreateVerifier ();
2014-08-22 23:47:29 +00:00
if (m_Verifier)
return m_Verifier->GetSignatureLen ();
return i2p::crypto::DSA_SIGNATURE_LENGTH;
2017-08-07 17:46:42 +00:00
}
bool IdentityEx::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
{
2014-11-20 17:21:27 +00:00
if (!m_Verifier) CreateVerifier ();
if (m_Verifier)
return m_Verifier->Verify (buf, len, signature);
return false;
2017-08-07 17:46:42 +00:00
}
SigningKeyType IdentityEx::GetSigningKeyType () const
{
2017-08-07 17:46:42 +00:00
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 2)
return bufbe16toh (m_ExtendedBuffer); // signing key
return SIGNING_KEY_TYPE_DSA_SHA1;
2017-08-07 17:46:42 +00:00
}
2014-11-25 01:19:13 +00:00
bool IdentityEx::IsRSA () const
{
auto sigType = GetSigningKeyType ();
return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048;
}
2014-11-25 01:19:13 +00:00
CryptoKeyType IdentityEx::GetCryptoKeyType () const
{
2017-08-07 17:46:42 +00:00
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4)
return bufbe16toh (m_ExtendedBuffer + 2); // crypto key
2014-11-25 01:19:13 +00:00
return CRYPTO_KEY_TYPE_ELGAMAL;
2017-08-07 17:46:42 +00:00
}
void IdentityEx::CreateVerifier () const
{
if (m_Verifier) return; // don't create again
auto keyType = GetSigningKeyType ();
switch (keyType)
{
case SIGNING_KEY_TYPE_DSA_SHA1:
2016-04-07 01:02:58 +00:00
UpdateVerifier (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
break;
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
2017-08-07 17:46:42 +00:00
{
2014-11-25 01:19:13 +00:00
size_t padding = 128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
2016-04-07 01:02:58 +00:00
UpdateVerifier (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
2014-11-25 01:19:13 +00:00
break;
2017-08-07 17:46:42 +00:00
}
2014-11-25 01:19:13 +00:00
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
2017-08-07 17:46:42 +00:00
{
2014-11-25 01:19:13 +00:00
size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
2016-04-07 01:02:58 +00:00
UpdateVerifier (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
2014-11-25 01:19:13 +00:00
break;
2017-08-07 17:46:42 +00:00
}
2014-11-25 01:19:13 +00:00
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
2017-08-07 17:46:42 +00:00
{
2014-11-25 01:19:13 +00:00
uint8_t signingKey[i2p::crypto::ECDSAP521_KEY_LENGTH];
memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
2016-04-07 01:02:58 +00:00
UpdateVerifier (new i2p::crypto::ECDSAP521Verifier (signingKey));
2014-11-25 01:19:13 +00:00
break;
2017-08-07 17:46:42 +00:00
}
2014-12-11 02:31:06 +00:00
case SIGNING_KEY_TYPE_RSA_SHA256_2048:
2017-08-07 17:46:42 +00:00
{
2014-12-11 02:31:06 +00:00
uint8_t signingKey[i2p::crypto::RSASHA2562048_KEY_LENGTH];
memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
2016-04-07 01:02:58 +00:00
UpdateVerifier (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
2014-12-11 02:31:06 +00:00
break;
2017-08-07 17:46:42 +00:00
}
2014-12-11 02:31:06 +00:00
case SIGNING_KEY_TYPE_RSA_SHA384_3072:
2017-08-07 17:46:42 +00:00
{
2014-12-11 02:31:06 +00:00
uint8_t signingKey[i2p::crypto::RSASHA3843072_KEY_LENGTH];
memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
2016-04-07 01:02:58 +00:00
UpdateVerifier (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
2014-12-11 02:31:06 +00:00
break;
2017-08-07 17:46:42 +00:00
}
2014-12-11 02:31:06 +00:00
case SIGNING_KEY_TYPE_RSA_SHA512_4096:
2017-08-07 17:46:42 +00:00
{
2014-12-11 02:31:06 +00:00
uint8_t signingKey[i2p::crypto::RSASHA5124096_KEY_LENGTH];
memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
2016-04-07 01:02:58 +00:00
UpdateVerifier (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
2014-12-11 02:31:06 +00:00
break;
2017-08-07 17:46:42 +00:00
}
2015-04-08 20:28:52 +00:00
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
2015-04-08 20:18:16 +00:00
{
2015-04-08 20:28:52 +00:00
size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
2016-04-07 01:02:58 +00:00
UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
2015-04-08 20:18:16 +00:00
break;
2017-08-07 17:46:42 +00:00
}
case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
2017-08-07 17:46:42 +00:00
{
size_t padding = 128 - i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
UpdateVerifier (new i2p::crypto::GOSTR3410_256_Verifier (i2p::crypto::eGOSTR3410CryptoProA, m_StandardIdentity.signingKey + padding));
2017-03-10 21:57:56 +00:00
break;
2017-08-07 17:46:42 +00:00
}
case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
2017-08-07 17:46:42 +00:00
{
// zero padding
UpdateVerifier (new i2p::crypto::GOSTR3410_512_Verifier (i2p::crypto::eGOSTR3410TC26A512, m_StandardIdentity.signingKey));
2017-03-10 21:57:56 +00:00
break;
2017-08-07 17:46:42 +00:00
}
default:
2015-12-18 14:08:12 +00:00
LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
2017-08-07 17:46:42 +00:00
}
}
2016-04-07 01:02:58 +00:00
void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
{
2016-10-11 16:06:40 +00:00
if (!m_Verifier)
2016-10-10 12:59:45 +00:00
{
auto created = m_IsVerifierCreated.exchange (true);
if (!created)
m_Verifier.reset (verifier);
else
2016-10-11 16:06:40 +00:00
{
2016-10-10 12:59:45 +00:00
delete verifier;
int count = 0;
while (!m_Verifier && count < 500) // 5 seconds
2017-08-07 17:46:42 +00:00
{
std::this_thread::sleep_for (std::chrono::milliseconds(10));
count++;
2017-08-07 17:46:42 +00:00
}
if (!m_Verifier)
LogPrint (eLogError, "Identity: couldn't get verifier in 5 seconds");
2016-10-11 16:06:40 +00:00
}
2017-08-07 17:46:42 +00:00
}
2016-04-07 01:02:58 +00:00
else
delete verifier;
2017-08-07 17:46:42 +00:00
}
2015-11-03 14:15:49 +00:00
void IdentityEx::DropVerifier () const
2014-11-26 15:28:06 +00:00
{
2016-01-10 23:55:00 +00:00
// TODO: potential race condition with Verify
2017-08-07 17:46:42 +00:00
m_IsVerifierCreated = false;
2016-10-11 16:06:40 +00:00
m_Verifier = nullptr;
2014-11-26 15:28:06 +00:00
}
std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> IdentityEx::CreateEncryptor (const uint8_t * key) const
{
2018-01-06 03:48:51 +00:00
if (!key) key = GetEncryptionPublicKey (); // use publicKey
switch (GetCryptoKeyType ())
{
case CRYPTO_KEY_TYPE_ELGAMAL:
return std::make_shared<i2p::crypto::ElGamalEncryptor>(key);
break;
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC:
2017-11-13 16:50:17 +00:00
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST:
return std::make_shared<i2p::crypto::ECIESP256Encryptor>(key);
break;
2017-11-09 20:01:07 +00:00
case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC:
return std::make_shared<i2p::crypto::ECIESGOSTR3410Encryptor>(key);
break;
default:
LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)GetCryptoKeyType ());
};
return nullptr;
}
2014-03-19 20:44:03 +00:00
PrivateKeys& PrivateKeys::operator=(const Keys& keys)
{
2015-11-03 14:15:49 +00:00
m_Public = std::make_shared<IdentityEx>(Identity (keys));
2017-08-07 17:46:42 +00:00
memcpy (m_PrivateKey, keys.privateKey, 256); // 256
2015-11-03 14:15:49 +00:00
memcpy (m_SigningPrivateKey, keys.signingPrivateKey, m_Public->GetSigningPrivateKeyLen ());
2014-11-25 01:19:13 +00:00
m_Signer = nullptr;
2014-08-24 02:54:08 +00:00
CreateSigner ();
2014-03-19 20:44:03 +00:00
return *this;
}
2014-08-24 02:54:08 +00:00
PrivateKeys& PrivateKeys::operator=(const PrivateKeys& other)
2017-08-07 17:46:42 +00:00
{
2015-11-03 14:15:49 +00:00
m_Public = std::make_shared<IdentityEx>(*other.m_Public);
2017-08-07 17:46:42 +00:00
memcpy (m_PrivateKey, other.m_PrivateKey, 256); // 256
memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, m_Public->GetSigningPrivateKeyLen ());
2014-11-25 01:19:13 +00:00
m_Signer = nullptr;
2014-08-24 02:54:08 +00:00
CreateSigner ();
return *this;
2017-08-07 17:46:42 +00:00
}
2014-08-23 20:06:56 +00:00
size_t PrivateKeys::FromBuffer (const uint8_t * buf, size_t len)
{
2017-03-25 20:53:20 +00:00
m_Public = std::make_shared<IdentityEx>();
size_t ret = m_Public->FromBuffer (buf, len);
2017-08-07 17:46:42 +00:00
if (!ret || ret + 256 > len) return 0; // overflow
2014-08-23 20:06:56 +00:00
memcpy (m_PrivateKey, buf + ret, 256); // private key always 256
ret += 256;
2015-11-03 14:15:49 +00:00
size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen ();
2016-07-25 13:57:35 +00:00
if(signingPrivateKeySize + ret > len) return 0; // overflow
2017-08-07 17:46:42 +00:00
memcpy (m_SigningPrivateKey, buf + ret, signingPrivateKeySize);
2014-08-23 20:06:56 +00:00
ret += signingPrivateKeySize;
2014-11-25 01:19:13 +00:00
m_Signer = nullptr;
2014-08-24 02:54:08 +00:00
CreateSigner ();
2014-08-23 20:06:56 +00:00
return ret;
}
2017-08-07 17:46:42 +00:00
2014-08-23 20:06:56 +00:00
size_t PrivateKeys::ToBuffer (uint8_t * buf, size_t len) const
{
2015-11-03 14:15:49 +00:00
size_t ret = m_Public->ToBuffer (buf, len);
2014-08-23 20:06:56 +00:00
memcpy (buf + ret, m_PrivateKey, 256); // private key always 256
ret += 256;
2016-07-25 13:57:35 +00:00
size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen ();
if(ret + signingPrivateKeySize > len) return 0; // overflow
2017-08-07 17:46:42 +00:00
memcpy (buf + ret, m_SigningPrivateKey, signingPrivateKeySize);
2014-08-23 20:06:56 +00:00
ret += signingPrivateKeySize;
return ret;
2017-08-07 17:46:42 +00:00
}
2014-12-01 19:50:10 +00:00
size_t PrivateKeys::FromBase64(const std::string& s)
{
uint8_t * buf = new uint8_t[s.length ()];
size_t l = i2p::data::Base64ToByteStream (s.c_str (), s.length (), buf, s.length ());
size_t ret = FromBuffer (buf, l);
delete[] buf;
return ret;
2017-08-07 17:46:42 +00:00
}
2014-12-01 19:50:10 +00:00
std::string PrivateKeys::ToBase64 () const
{
uint8_t * buf = new uint8_t[GetFullLen ()];
char * str = new char[GetFullLen ()*2];
size_t l = ToBuffer (buf, GetFullLen ());
size_t l1 = i2p::data::ByteStreamToBase64 (buf, l, str, GetFullLen ()*2);
str[l1] = 0;
delete[] buf;
2014-12-04 02:00:25 +00:00
std::string ret(str);
2014-12-01 19:50:10 +00:00
delete[] str;
2014-12-04 02:00:25 +00:00
return ret;
2014-12-01 19:50:10 +00:00
}
2014-08-24 02:54:08 +00:00
void PrivateKeys::Sign (const uint8_t * buf, int len, uint8_t * signature) const
{
2016-07-25 13:57:35 +00:00
if (!m_Signer)
2018-01-06 04:01:44 +00:00
CreateSigner();
2016-10-10 12:59:45 +00:00
m_Signer->Sign (buf, len, signature);
2017-08-07 17:46:42 +00:00
}
2014-08-24 02:54:08 +00:00
2016-07-25 13:57:35 +00:00
void PrivateKeys::CreateSigner () const
2014-08-24 02:54:08 +00:00
{
if (m_Signer) return;
2015-11-03 14:15:49 +00:00
switch (m_Public->GetSigningKeyType ())
2017-08-07 17:46:42 +00:00
{
2014-11-25 01:19:13 +00:00
case SIGNING_KEY_TYPE_DSA_SHA1:
2016-11-11 17:44:44 +00:00
m_Signer.reset (new i2p::crypto::DSASigner (m_SigningPrivateKey, m_Public->GetStandardIdentity ().signingKey));
2017-08-07 17:46:42 +00:00
break;
2014-11-25 01:19:13 +00:00
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
2015-11-03 14:15:49 +00:00
m_Signer.reset (new i2p::crypto::ECDSAP256Signer (m_SigningPrivateKey));
2014-11-25 01:19:13 +00:00
break;
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
2015-11-03 14:15:49 +00:00
m_Signer.reset (new i2p::crypto::ECDSAP384Signer (m_SigningPrivateKey));
2017-08-07 17:46:42 +00:00
break;
2014-11-25 01:19:13 +00:00
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
2015-11-03 14:15:49 +00:00
m_Signer.reset (new i2p::crypto::ECDSAP521Signer (m_SigningPrivateKey));
2017-08-07 17:46:42 +00:00
break;
2014-12-11 02:31:06 +00:00
case SIGNING_KEY_TYPE_RSA_SHA256_2048:
2015-11-03 14:15:49 +00:00
m_Signer.reset (new i2p::crypto::RSASHA2562048Signer (m_SigningPrivateKey));
2014-12-11 02:31:06 +00:00
break;
case SIGNING_KEY_TYPE_RSA_SHA384_3072:
2015-11-03 14:15:49 +00:00
m_Signer.reset (new i2p::crypto::RSASHA3843072Signer (m_SigningPrivateKey));
2014-12-11 02:31:06 +00:00
break;
case SIGNING_KEY_TYPE_RSA_SHA512_4096:
2015-11-03 14:15:49 +00:00
m_Signer.reset (new i2p::crypto::RSASHA5124096Signer (m_SigningPrivateKey));
2017-08-07 17:46:42 +00:00
break;
2015-04-09 14:03:21 +00:00
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
2017-01-08 02:20:09 +00:00
m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
2015-04-09 14:03:21 +00:00
break;
case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
m_Signer.reset (new i2p::crypto::GOSTR3410_256_Signer (i2p::crypto::eGOSTR3410CryptoProA, m_SigningPrivateKey));
2017-08-07 17:46:42 +00:00
break;
case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
m_Signer.reset (new i2p::crypto::GOSTR3410_512_Signer (i2p::crypto::eGOSTR3410TC26A512, m_SigningPrivateKey));
2017-08-07 17:46:42 +00:00
break;
2014-11-25 01:19:13 +00:00
default:
2015-12-18 14:08:12 +00:00
LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
2014-11-25 01:19:13 +00:00
}
2017-08-07 17:46:42 +00:00
}
uint8_t * PrivateKeys::GetPadding()
{
if(m_Public->GetSigningKeyType () == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519)
return m_Public->GetEncryptionPublicKeyBuffer() + 256;
else
return nullptr; // TODO: implement me
}
std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> PrivateKeys::CreateDecryptor (const uint8_t * key) const
{
2018-01-06 03:48:51 +00:00
if (!key) key = m_PrivateKey; // use privateKey
return CreateDecryptor (m_Public->GetCryptoKeyType (), key);
}
std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> PrivateKeys::CreateDecryptor (CryptoKeyType cryptoType, const uint8_t * key)
2018-01-06 03:48:51 +00:00
{
if (!key) return nullptr;
switch (cryptoType)
{
case CRYPTO_KEY_TYPE_ELGAMAL:
return std::make_shared<i2p::crypto::ElGamalDecryptor>(key);
break;
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC:
2017-11-13 16:50:17 +00:00
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST:
return std::make_shared<i2p::crypto::ECIESP256Decryptor>(key);
break;
2017-11-09 20:01:07 +00:00
case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC:
return std::make_shared<i2p::crypto::ECIESGOSTR3410Decryptor>(key);
break;
default:
LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)cryptoType);
};
2018-01-06 03:48:51 +00:00
return nullptr;
}
PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type, CryptoKeyType cryptoType)
{
2014-11-25 01:19:13 +00:00
if (type != SIGNING_KEY_TYPE_DSA_SHA1)
{
PrivateKeys keys;
2014-11-25 01:19:13 +00:00
// signature
2017-08-07 17:46:42 +00:00
uint8_t signingPublicKey[512]; // signing public key is 512 bytes max
2014-11-25 01:19:13 +00:00
switch (type)
2017-08-07 17:46:42 +00:00
{
2014-11-25 01:19:13 +00:00
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
2015-11-03 14:15:49 +00:00
i2p::crypto::CreateECDSAP256RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
2017-08-07 17:46:42 +00:00
break;
2014-11-25 01:19:13 +00:00
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
2017-08-07 17:46:42 +00:00
i2p::crypto::CreateECDSAP384RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
2014-11-25 01:19:13 +00:00
break;
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
2017-08-07 17:46:42 +00:00
i2p::crypto::CreateECDSAP521RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
break;
2014-12-11 02:31:06 +00:00
case SIGNING_KEY_TYPE_RSA_SHA256_2048:
case SIGNING_KEY_TYPE_RSA_SHA384_3072:
case SIGNING_KEY_TYPE_RSA_SHA512_4096:
LogPrint (eLogWarning, "Identity: RSA signature type is not supported. Create EdDSA");
2018-01-06 03:48:51 +00:00
// no break here
2015-11-03 14:15:49 +00:00
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
2017-08-07 17:46:42 +00:00
break;
case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410CryptoProA, keys.m_SigningPrivateKey, signingPublicKey);
2017-08-07 17:46:42 +00:00
break;
case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410TC26A512, keys.m_SigningPrivateKey, signingPublicKey);
2017-08-07 17:46:42 +00:00
break;
2014-11-25 01:19:13 +00:00
default:
LogPrint (eLogWarning, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
2014-11-25 01:19:13 +00:00
return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
2017-08-07 17:46:42 +00:00
}
// encryption
uint8_t publicKey[256];
GenerateCryptoKeyPair (cryptoType, keys.m_PrivateKey, publicKey);
2014-11-25 01:19:13 +00:00
// identity
2017-11-09 20:49:27 +00:00
keys.m_Public = std::make_shared<IdentityEx> (publicKey, signingPublicKey, type, cryptoType);
2014-11-25 02:23:12 +00:00
keys.CreateSigner ();
return keys;
2017-08-07 17:46:42 +00:00
}
return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
2017-08-07 17:46:42 +00:00
}
void PrivateKeys::GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub)
{
switch (type)
{
case CRYPTO_KEY_TYPE_ELGAMAL:
i2p::crypto::GenerateElGamalKeyPair(priv, pub);
break;
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC:
2017-11-13 16:50:17 +00:00
case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST:
2017-11-06 18:40:58 +00:00
i2p::crypto::CreateECIESP256RandomKeys (priv, pub);
break;
2017-11-09 20:01:07 +00:00
case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC:
i2p::crypto::CreateECIESGOSTR3410RandomKeys (priv, pub);
break;
default:
LogPrint (eLogError, "Identity: Crypto key type ", (int)type, " is not supported");
2018-01-06 03:48:51 +00:00
}
}
2013-12-21 01:22:55 +00:00
Keys CreateRandomKeys ()
{
2017-08-07 17:46:42 +00:00
Keys keys;
2013-12-21 01:22:55 +00:00
// encryption
2015-11-03 14:15:49 +00:00
i2p::crypto::GenerateElGamalKeyPair(keys.privateKey, keys.publicKey);
2013-12-21 01:22:55 +00:00
// signing
2017-08-07 17:46:42 +00:00
i2p::crypto::CreateDSARandomKeys (keys.signingPrivateKey, keys.signingKey);
2013-12-21 01:22:55 +00:00
return keys;
2017-08-07 17:46:42 +00:00
}
2014-01-04 02:24:20 +00:00
IdentHash CreateRoutingKey (const IdentHash& ident)
2014-01-04 02:24:20 +00:00
{
uint8_t buf[41]; // ident + yyyymmdd
memcpy (buf, (const uint8_t *)ident, 32);
time_t t = time (nullptr);
struct tm tm;
#ifdef _WIN32
gmtime_s(&tm, &t);
2014-10-15 01:58:01 +00:00
sprintf_s((char *)(buf + 32), 9, "%04i%02i%02i", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday);
#else
gmtime_r(&t, &tm);
2014-10-15 01:58:01 +00:00
sprintf((char *)(buf + 32), "%04i%02i%02i", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday);
2017-08-07 17:46:42 +00:00
#endif
IdentHash key;
2015-11-03 14:15:49 +00:00
SHA256(buf, 40, key);
2014-01-04 02:24:20 +00:00
return key;
2017-08-07 17:46:42 +00:00
}
XORMetric operator^(const IdentHash& key1, const IdentHash& key2)
2014-01-04 02:24:20 +00:00
{
XORMetric m;
#ifdef __AVX__
if(i2p::cpu::avx)
{
__asm__
(
"vmovups %1, %%ymm0 \n"
"vmovups %2, %%ymm1 \n"
"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
"vmovups %%ymm1, %0 \n"
: "=m"(*m.metric)
: "m"(*key1), "m"(*key2)
: "memory", "%xmm0", "%xmm1" // should be replaced by %ymm0/1 once supported by compiler
);
}
else
2016-12-08 20:23:40 +00:00
#endif
{
const uint64_t * hash1 = key1.GetLL (), * hash2 = key2.GetLL ();
m.metric_ll[0] = hash1[0] ^ hash2[0];
m.metric_ll[1] = hash1[1] ^ hash2[1];
m.metric_ll[2] = hash1[2] ^ hash2[2];
m.metric_ll[3] = hash1[3] ^ hash2[3];
}
2016-12-08 20:23:40 +00:00
2014-01-04 02:24:20 +00:00
return m;
2017-08-07 17:46:42 +00:00
}
2013-12-21 01:22:55 +00:00
}
}