move key blinding code from LeaseSet.cpp to Blinding.cpp

5 years ago · 39400fd381
parent 5299ac35a6
commit 39400fd381
5 changed files with 203 additions and 173 deletions
--- a/build/CMakeLists.txt
+++ b/build/CMakeLists.txt
@ -81,6 +81,7 @@ set (LIBI2PD_SRC
  "${LIBI2PD_SRC_DIR}/Poly1305.cpp"
  "${LIBI2PD_SRC_DIR}/Ed25519.cpp"
  "${LIBI2PD_SRC_DIR}/NTCP2.cpp"
+  "${LIBI2PD_SRC_DIR}/Blinding.cpp"
 )

 if (WITH_WEBSOCKETS)
--- a/libi2pd/Blinding.cpp
+++ b/libi2pd/Blinding.cpp
@ -0,0 +1,157 @@
+#include <zlib.h> // for crc32
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+#include "Base.h"
+#include "Crypto.h"
+#include "Log.h"
+#include "Timestamp.h"
+#include "I2PEndian.h"
+#include "Ed25519.h"
+#include "Blinding.h"
+
+namespace i2p
+{
+namespace data
+{
+	BlindedPublicKey::BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, SigningKeyType blindedKeyType):
+		m_BlindedSigType (blindedKeyType)
+	{
+		if (!identity) return;
+		auto len = identity->GetSigningPublicKeyLen ();
+		m_PublicKey.resize (len);
+		memcpy (m_PublicKey.data (), identity->GetSigningPublicKeyBuffer (), len);
+		m_SigType = identity->GetSigningKeyType ();
+	}
+
+	BlindedPublicKey::BlindedPublicKey (const std::string& b33)
+	{
+		uint8_t addr[40]; // TODO: define length from b33
+		size_t l = i2p::data::Base32ToByteStream (b33.c_str (), b33.length (), addr, 40);
+		uint32_t checksum = crc32 (0, addr + 3, l - 3); 
+		// checksum is Little Endian
+		addr[0] ^= checksum; addr[1] ^= (checksum >> 8); addr[2] ^= (checksum >> 16);  
+		uint8_t flag = addr[0];
+		size_t offset = 1;	
+		if (flag & 0x01) // two bytes signatures
+		{
+			m_SigType = bufbe16toh (addr + offset); offset += 2;
+			m_BlindedSigType = bufbe16toh (addr + offset); offset += 2;
+		}
+		else // one byte sig
+		{
+			m_SigType = addr[offset]; offset++;
+			m_BlindedSigType = addr[offset]; offset++;
+		}
+		std::unique_ptr<i2p::crypto::Verifier> blindedVerifier (i2p::data::IdentityEx::CreateVerifier (m_SigType));
+		if (blindedVerifier)
+		{
+			auto len = blindedVerifier->GetPublicKeyLen ();
+			if (offset + len <= l)
+			{
+				m_PublicKey.resize (len);
+				memcpy (m_PublicKey.data (), addr + offset, len);
+			}
+			else
+				LogPrint (eLogError, "Blinding: public key in b33 address is too short for signature type ", (int)m_SigType);	
+		}
+		else
+			LogPrint (eLogError, "Blinding: unknown signature type ", (int)m_SigType, " in b33");
+	}
+
+	std::string BlindedPublicKey::ToB33 () const
+	{
+		if (m_PublicKey.size () > 32) return ""; // assume 25519
+		uint8_t addr[35]; char str[60]; // TODO: define actual length
+		addr[0] = 0; // flags
+		addr[1] = m_SigType; // sig type
+		addr[2] = m_BlindedSigType; // blinded sig type
+		memcpy (addr + 3, m_PublicKey.data (), m_PublicKey.size ());
+		uint32_t checksum = crc32 (0, addr + 3, m_PublicKey.size ()); 
+		// checksum is Little Endian
+		addr[0] ^= checksum; addr[1] ^= (checksum >> 8); addr[2] ^= (checksum >> 16); 
+		auto l = ByteStreamToBase32 (addr, m_PublicKey.size () + 3, str, 60);
+		return std::string (str, str + l);
+	}
+
+	void BlindedPublicKey::GetCredential (uint8_t * credential) const
+	{
+		// A = destination's signing public key 
+		// stA = signature type of A, 2 bytes big endian
+		uint16_t stA = htobe16 (GetSigType ());
+		// stA1 = signature type of blinded A, 2 bytes big endian
+		uint16_t stA1 = htobe16 (GetBlindedSigType ());	
+		// credential = H("credential", A || stA || stA1)
+		H ("credential", { {GetPublicKey (), GetPublicKeyLen ()}, {(const uint8_t *)&stA, 2}, {(const uint8_t *)&stA1, 2} }, credential);
+	}
+
+	void BlindedPublicKey::GetSubcredential (const uint8_t * blinded, size_t len, uint8_t * subcredential) const
+	{
+		uint8_t credential[32];
+		GetCredential (credential);
+		// subcredential = H("subcredential", credential || blindedPublicKey)
+		H ("subcredential", { {credential, 32}, {blinded, len} }, subcredential);
+	}
+
+	void BlindedPublicKey::GenerateAlpha (const char * date, uint8_t * seed) const
+	{
+		uint16_t stA = htobe16 (GetSigType ()), stA1 = htobe16 (GetBlindedSigType ());
+		uint8_t salt[32];
+		//seed = HKDF(H("I2PGenerateAlpha", keydata), datestring || secret, "i2pblinding1", 64)	
+		H ("I2PGenerateAlpha", { {GetPublicKey (), GetPublicKeyLen ()}, {(const uint8_t *)&stA, 2}, {(const uint8_t *)&stA1, 2} }, salt);
+		i2p::crypto::HKDF (salt, (const uint8_t *)date, 8, "i2pblinding1", seed);
+	}
+
+	void BlindedPublicKey::GetBlindedKey (const char * date, uint8_t * blindedKey) const
+	{
+		uint8_t seed[64];	
+		GenerateAlpha (date, seed);	
+		i2p::crypto::GetEd25519 ()->BlindPublicKey (GetPublicKey (), seed, blindedKey);
+	}
+
+	void BlindedPublicKey::BlindPrivateKey (const uint8_t * priv, const char * date, uint8_t * blindedPriv, uint8_t * blindedPub) const
+	{
+		uint8_t seed[64];	
+		GenerateAlpha (date, seed);	
+		i2p::crypto::GetEd25519 ()->BlindPrivateKey (priv, seed, blindedPriv, blindedPub);
+	}
+
+	void BlindedPublicKey::H (const std::string& p, const std::vector<std::pair<const uint8_t *, size_t> >& bufs, uint8_t * hash) const 
+	{
+		SHA256_CTX ctx;
+		SHA256_Init (&ctx);
+		SHA256_Update (&ctx, p.c_str (), p.length ());
+		for (const auto& it: bufs)	
+			SHA256_Update (&ctx, it.first, it.second);
+		SHA256_Final (hash, &ctx);
+	}
+
+	i2p::data::IdentHash BlindedPublicKey::GetStoreHash (const char * date) const
+	{
+		i2p::data::IdentHash hash;
+		if (m_BlindedSigType == i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519 ||
+			m_BlindedSigType == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519)
+		{
+			uint8_t blinded[32];
+			if (date)
+				GetBlindedKey (date, blinded);
+			else
+			{
+				char currentDate[9];
+				i2p::util::GetCurrentDate (currentDate);
+				GetBlindedKey (currentDate, blinded);	
+			}	
+			auto stA1 = htobe16 (m_BlindedSigType);
+			SHA256_CTX ctx;
+			SHA256_Init (&ctx);
+			SHA256_Update (&ctx, (const uint8_t *)&stA1, 2);
+			SHA256_Update (&ctx, blinded, 32);
+			SHA256_Final ((uint8_t *)hash, &ctx);
+		}
+		else
+			LogPrint (eLogError, "Blinding: blinded key type ", (int)m_BlindedSigType, " is not supported");			
+		return hash;
+	}
+
+}
+}
+
--- a/libi2pd/Blinding.h
+++ b/libi2pd/Blinding.h
@ -0,0 +1,44 @@
+#ifndef BLINDING_H__
+#define BLINDING_H__
+
+#include <inttypes.h>
+#include <string>
+#include "Identity.h"
+
+namespace i2p
+{
+namespace data
+{
+	class BlindedPublicKey // for encrypted LS2
+	{
+		public:
+
+			BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, SigningKeyType blindedKeyType = i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519);
+			BlindedPublicKey (const std::string& b33); // from b33 without .b32.i2p			
+			std::string ToB33 () const;
+
+			const uint8_t * GetPublicKey () const { return m_PublicKey.data (); };
+			size_t GetPublicKeyLen () const { return m_PublicKey.size (); };
+			SigningKeyType GetSigType () const  { return m_SigType; };
+			SigningKeyType GetBlindedSigType () const  { return m_BlindedSigType; };
+
+			void GetSubcredential (const uint8_t * blinded, size_t len, uint8_t * subcredential) const; // 32 bytes
+			void GetBlindedKey (const char * date, uint8_t * blindedKey) const; // blinded key 32 bytes, date is 8 chars "YYYYMMDD" 
+			void BlindPrivateKey (const uint8_t * priv, const char * date, uint8_t * blindedPriv, uint8_t * blindedPub) const; // blinded key 32 bytes, date is 8 chars "YYYYMMDD" 
+			i2p::data::IdentHash GetStoreHash (const char * date = nullptr) const; // date is 8 chars "YYYYMMDD", use current if null
+
+		private:
+
+			void GetCredential (uint8_t * credential) const; // 32 bytes
+			void GenerateAlpha (const char * date, uint8_t * seed) const; // 64 bytes, date is 8 chars "YYYYMMDD" 
+			void H (const std::string& p, const std::vector<std::pair<const uint8_t *, size_t> >& bufs, uint8_t * hash) const;
+
+		private:
+
+			std::vector<uint8_t> m_PublicKey;
+			i2p::data::SigningKeyType m_SigType, m_BlindedSigType;
+	};
+}
+}
+
+#endif
--- a/libi2pd/LeaseSet.cpp
+++ b/libi2pd/LeaseSet.cpp
@ -1,10 +1,6 @@
 #include <string.h>
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-#include <zlib.h> // for crc32
 #include "I2PEndian.h"
 #include "Crypto.h"
-#include "Ed25519.h"
 #include "Log.h"
 #include "Timestamp.h"
 #include "NetDb.hpp"
@ -254,145 +250,6 @@ namespace data
 		memcpy (m_Buffer, buf, len);
 	}

-	BlindedPublicKey::BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, SigningKeyType blindedKeyType):
-		m_BlindedSigType (blindedKeyType)
-	{
-		if (!identity) return;
-		auto len = identity->GetSigningPublicKeyLen ();
-		m_PublicKey.resize (len);
-		memcpy (m_PublicKey.data (), identity->GetSigningPublicKeyBuffer (), len);
-		m_SigType = identity->GetSigningKeyType ();
-	}
-
-	BlindedPublicKey::BlindedPublicKey (const std::string& b33)
-	{
-		uint8_t addr[40]; // TODO: define length from b33
-		size_t l = i2p::data::Base32ToByteStream (b33.c_str (), b33.length (), addr, 40);
-		uint32_t checksum = crc32 (0, addr + 3, l - 3); 
-		// checksum is Little Endian
-		addr[0] ^= checksum; addr[1] ^= (checksum >> 8); addr[2] ^= (checksum >> 16);  
-		uint8_t flag = addr[0];
-		size_t offset = 1;	
-		if (flag & 0x01) // two bytes signatures
-		{
-			m_SigType = bufbe16toh (addr + offset); offset += 2;
-			m_BlindedSigType = bufbe16toh (addr + offset); offset += 2;
-		}
-		else // one byte sig
-		{
-			m_SigType = addr[offset]; offset++;
-			m_BlindedSigType = addr[offset]; offset++;
-		}
-		std::unique_ptr<i2p::crypto::Verifier> blindedVerifier (i2p::data::IdentityEx::CreateVerifier (m_SigType));
-		if (blindedVerifier)
-		{
-			auto len = blindedVerifier->GetPublicKeyLen ();
-			if (offset + len <= l)
-			{
-				m_PublicKey.resize (len);
-				memcpy (m_PublicKey.data (), addr + offset, len);
-			}
-			else
-				LogPrint (eLogError, "LeaseSet2: public key in b33 address is too short for signature type ", (int)m_SigType);	
-		}
-		else
-			LogPrint (eLogError, "LeaseSet2: unknown signature type ", (int)m_SigType, " in b33");
-	}
-
-	std::string BlindedPublicKey::ToB33 () const
-	{
-		if (m_PublicKey.size () > 32) return ""; // assume 25519
-		uint8_t addr[35]; char str[60]; // TODO: define actual length
-		addr[0] = 0; // flags
-		addr[1] = m_SigType; // sig type
-		addr[2] = m_BlindedSigType; // blinded sig type
-		memcpy (addr + 3, m_PublicKey.data (), m_PublicKey.size ());
-		uint32_t checksum = crc32 (0, addr + 3, m_PublicKey.size ()); 
-		// checksum is Little Endian
-		addr[0] ^= checksum; addr[1] ^= (checksum >> 8); addr[2] ^= (checksum >> 16); 
-		auto l = ByteStreamToBase32 (addr, m_PublicKey.size () + 3, str, 60);
-		return std::string (str, str + l);
-	}
-
-	void BlindedPublicKey::GetCredential (uint8_t * credential) const
-	{
-		// A = destination's signing public key 
-		// stA = signature type of A, 2 bytes big endian
-		uint16_t stA = htobe16 (GetSigType ());
-		// stA1 = signature type of blinded A, 2 bytes big endian
-		uint16_t stA1 = htobe16 (GetBlindedSigType ());	
-		// credential = H("credential", A || stA || stA1)
-		H ("credential", { {GetPublicKey (), GetPublicKeyLen ()}, {(const uint8_t *)&stA, 2}, {(const uint8_t *)&stA1, 2} }, credential);
-	}
-
-	void BlindedPublicKey::GetSubcredential (const uint8_t * blinded, size_t len, uint8_t * subcredential) const
-	{
-		uint8_t credential[32];
-		GetCredential (credential);
-		// subcredential = H("subcredential", credential || blindedPublicKey)
-		H ("subcredential", { {credential, 32}, {blinded, len} }, subcredential);
-	}
-
-	void BlindedPublicKey::GenerateAlpha (const char * date, uint8_t * seed) const
-	{
-		uint16_t stA = htobe16 (GetSigType ()), stA1 = htobe16 (GetBlindedSigType ());
-		uint8_t salt[32];
-		//seed = HKDF(H("I2PGenerateAlpha", keydata), datestring || secret, "i2pblinding1", 64)	
-		H ("I2PGenerateAlpha", { {GetPublicKey (), GetPublicKeyLen ()}, {(const uint8_t *)&stA, 2}, {(const uint8_t *)&stA1, 2} }, salt);
-		i2p::crypto::HKDF (salt, (const uint8_t *)date, 8, "i2pblinding1", seed);
-	}
-
-	void BlindedPublicKey::GetBlindedKey (const char * date, uint8_t * blindedKey) const
-	{
-		uint8_t seed[64];	
-		GenerateAlpha (date, seed);	
-		i2p::crypto::GetEd25519 ()->BlindPublicKey (GetPublicKey (), seed, blindedKey);
-	}
-
-	void BlindedPublicKey::BlindPrivateKey (const uint8_t * priv, const char * date, uint8_t * blindedPriv, uint8_t * blindedPub) const
-	{
-		uint8_t seed[64];	
-		GenerateAlpha (date, seed);	
-		i2p::crypto::GetEd25519 ()->BlindPrivateKey (priv, seed, blindedPriv, blindedPub);
-	}
-
-	void BlindedPublicKey::H (const std::string& p, const std::vector<std::pair<const uint8_t *, size_t> >& bufs, uint8_t * hash) const 
-	{
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, p.c_str (), p.length ());
-		for (const auto& it: bufs)	
-			SHA256_Update (&ctx, it.first, it.second);
-		SHA256_Final (hash, &ctx);
-	}
-
-	i2p::data::IdentHash BlindedPublicKey::GetStoreHash (const char * date) const
-	{
-		i2p::data::IdentHash hash;
-		if (m_BlindedSigType == i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519 ||
-			m_BlindedSigType == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519)
-		{
-			uint8_t blinded[32];
-			if (date)
-				GetBlindedKey (date, blinded);
-			else
-			{
-				char currentDate[9];
-				i2p::util::GetCurrentDate (currentDate);
-				GetBlindedKey (currentDate, blinded);	
-			}	
-			auto stA1 = htobe16 (m_BlindedSigType);
-			SHA256_CTX ctx;
-			SHA256_Init (&ctx);
-			SHA256_Update (&ctx, (const uint8_t *)&stA1, 2);
-			SHA256_Update (&ctx, blinded, 32);
-			SHA256_Final ((uint8_t *)hash, &ctx);
-		}
-		else
-			LogPrint (eLogError, "LeaseSet2: blinded key type ", (int)m_BlindedSigType, " is not supported");			
-		return hash;
-	}
-
 	LeaseSet2::LeaseSet2 (uint8_t storeType, const uint8_t * buf, size_t len, bool storeLeases):
 		LeaseSet (storeLeases), m_StoreType (storeType), m_OrigStoreType (storeType)
 	{	
--- a/libi2pd/LeaseSet.h
+++ b/libi2pd/LeaseSet.h
@ -9,6 +9,7 @@
 #include "Identity.h"
 #include "Timestamp.h"
 #include "I2PEndian.h"
+#include "Blinding.h"

 namespace i2p
 {
@ -128,36 +129,6 @@ namespace data
 	const uint8_t NETDB_STORE_TYPE_META_LEASESET2 = 7;

 	const uint16_t LEASESET2_FLAG_OFFLINE_KEYS = 0x0001;
-
-	class BlindedPublicKey // for encrypted LS2
-	{
-		public:
-
-			BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, SigningKeyType blindedKeyType = i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519);
-			BlindedPublicKey (const std::string& b33); // from b33 without .b32.i2p			
-			std::string ToB33 () const;
-
-			const uint8_t * GetPublicKey () const { return m_PublicKey.data (); };
-			size_t GetPublicKeyLen () const { return m_PublicKey.size (); };
-			SigningKeyType GetSigType () const  { return m_SigType; };
-			SigningKeyType GetBlindedSigType () const  { return m_BlindedSigType; };
-
-			void GetSubcredential (const uint8_t * blinded, size_t len, uint8_t * subcredential) const; // 32 bytes
-			void GetBlindedKey (const char * date, uint8_t * blindedKey) const; // blinded key 32 bytes, date is 8 chars "YYYYMMDD" 
-			void BlindPrivateKey (const uint8_t * priv, const char * date, uint8_t * blindedPriv, uint8_t * blindedPub) const; // blinded key 32 bytes, date is 8 chars "YYYYMMDD" 
-			i2p::data::IdentHash GetStoreHash (const char * date = nullptr) const; // date is 8 chars "YYYYMMDD", use current if null
-
-		private:
-
-			void GetCredential (uint8_t * credential) const; // 32 bytes
-			void GenerateAlpha (const char * date, uint8_t * seed) const; // 64 bytes, date is 8 chars "YYYYMMDD" 
-			void H (const std::string& p, const std::vector<std::pair<const uint8_t *, size_t> >& bufs, uint8_t * hash) const;
-
-		private:
-
-			std::vector<uint8_t> m_PublicKey;
-			i2p::data::SigningKeyType m_SigType, m_BlindedSigType;
-	};
 	
 	class LeaseSet2: public LeaseSet
 	{