From 0df5b775956c9d807ae9261b328d7bdc297c9c82 Mon Sep 17 00:00:00 2001 From: redfish Date: Fri, 17 Aug 2018 23:18:40 -0400 Subject: [PATCH 01/17] makefile: linux: add -latomic Tested on Arch Linux and Debian unstable with gcc 8.2.0. On Arch Linux on x86_64 it built without this, but also builds with this. Without this patch On Debian unstable on PPC linking fail with undefined symbols: /usr/include/c++/8/bits/atomic_base.h:396: undefined reference to `__atomic_load_8' --- Makefile.linux | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.linux b/Makefile.linux index b9a740ad..8689bd0c 100644 --- a/Makefile.linux +++ b/Makefile.linux @@ -44,7 +44,7 @@ ifeq ($(USE_STATIC),yes) LDLIBS += -lpthread -static-libstdc++ -static-libgcc -lrt -ldl USE_AESNI := no else - LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread + LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread -latomic endif # UPNP Support (miniupnpc 1.5 and higher) From 062d8d0f4fb59c0392dd03c1893bdd8ba1936adc Mon Sep 17 00:00:00 2001 From: orignal Date: Sat, 25 Aug 2018 13:27:03 -0400 Subject: [PATCH 02/17] fixed potential race condition --- libi2pd_client/AddressBook.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libi2pd_client/AddressBook.cpp b/libi2pd_client/AddressBook.cpp index bca0e25b..e745ceaf 100644 --- a/libi2pd_client/AddressBook.cpp +++ b/libi2pd_client/AddressBook.cpp @@ -755,7 +755,8 @@ namespace client }, SUBSCRIPTION_REQUEST_TIMEOUT); std::unique_lock l(newDataReceivedMutex); - if (newDataReceived.wait_for (l, std::chrono::seconds (SUBSCRIPTION_REQUEST_TIMEOUT)) == std::cv_status::timeout) + // wait 1 more second + if (newDataReceived.wait_for (l, std::chrono::seconds (SUBSCRIPTION_REQUEST_TIMEOUT + 1)) == std::cv_status::timeout) { LogPrint (eLogError, "Addressbook: subscriptions request timeout expired"); numAttempts++; From dfe08c1ec9fb84b34c7f778bb9ac6003d90e2784 Mon Sep 17 00:00:00 2001 From: Jeff Becker Date: Sun, 26 Aug 2018 09:24:11 -0400 Subject: [PATCH 03/17] enable outproxy on socks --- libi2pd_client/ClientContext.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libi2pd_client/ClientContext.cpp b/libi2pd_client/ClientContext.cpp index b40c2832..b58677c8 100644 --- a/libi2pd_client/ClientContext.cpp +++ b/libi2pd_client/ClientContext.cpp @@ -500,7 +500,8 @@ namespace client if (type == I2P_TUNNELS_SECTION_TYPE_SOCKS) { // socks proxy - auto tun = std::make_shared(name, address, port, false, "", destinationPort, localDestination); + std::string outproxy = section.second.get("outproxy", ""); + auto tun = std::make_shared(name, address, port, !outproxy.empty(), outproxy, destinationPort, localDestination); clientTunnel = tun; clientEndpoint = tun->GetLocalEndpoint (); } From 9dd38b99d63c0754297e1e504ca282d2b2159f49 Mon Sep 17 00:00:00 2001 From: orignal Date: Sun, 26 Aug 2018 09:40:27 -0400 Subject: [PATCH 04/17] check NTCP2 for addreses comparison --- libi2pd/RouterInfo.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libi2pd/RouterInfo.h b/libi2pd/RouterInfo.h index 47a5d680..bc0ed71c 100644 --- a/libi2pd/RouterInfo.h +++ b/libi2pd/RouterInfo.h @@ -117,7 +117,8 @@ namespace data bool operator==(const Address& other) const { - return transportStyle == other.transportStyle && host == other.host && port == other.port; + return transportStyle == other.transportStyle && IsNTCP2 () == other.IsNTCP2 () && + host == other.host && port == other.port; } bool operator!=(const Address& other) const From 8753186a0d5a426fbcc1a9fd923224301768a2f9 Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 27 Aug 2018 15:01:43 -0400 Subject: [PATCH 05/17] publish NTCP2 ipv6 address if applicable --- libi2pd/NTCP2.cpp | 2 ++ libi2pd/RouterContext.cpp | 35 +++++++++++++++++++++++++++++++++++ libi2pd/RouterContext.h | 1 + 3 files changed, 38 insertions(+) diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp index 58f928b4..b6880e9c 100644 --- a/libi2pd/NTCP2.cpp +++ b/libi2pd/NTCP2.cpp @@ -1179,6 +1179,8 @@ namespace transport else { LogPrint (eLogDebug, "NTCP2: Connected to ", conn->GetSocket ().remote_endpoint ()); + if (conn->GetSocket ().local_endpoint ().protocol () == boost::asio::ip::tcp::v6()) // ipv6 + context.UpdateNTCP2V6Address (conn->GetSocket ().local_endpoint ().address ()); conn->ClientLogin (); } } diff --git a/libi2pd/RouterContext.cpp b/libi2pd/RouterContext.cpp index a3d33113..75235ec6 100644 --- a/libi2pd/RouterContext.cpp +++ b/libi2pd/RouterContext.cpp @@ -453,6 +453,41 @@ namespace i2p UpdateRouterInfo (); } + void RouterContext::UpdateNTCP2V6Address (const boost::asio::ip::address& host) + { + bool updated = false; + int port = 0; + auto& addresses = m_RouterInfo.GetAddresses (); + for (auto& addr: addresses) + { + if (addr->IsPublishedNTCP2 ()) + { + if (addr->host.is_v6 ()) + { + if (addr->host != host) + { + addr->host = host; + updated = true; + break; + } + } + else + port = addr->port; // NTCP2 v4 + } + } + + if (!updated) + { + if (port) // we have found NTCP2 v4 but not v6 + { + m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv); + PublishNTCP2Address (port, true); + } + } + else + UpdateRouterInfo (); + } + void RouterContext::UpdateStats () { if (m_IsFloodfill) diff --git a/libi2pd/RouterContext.h b/libi2pd/RouterContext.h index f1a62c5a..3f3a18c5 100644 --- a/libi2pd/RouterContext.h +++ b/libi2pd/RouterContext.h @@ -100,6 +100,7 @@ namespace i2p void SetSupportsV4 (bool supportsV4); void UpdateNTCPV6Address (const boost::asio::ip::address& host); // called from NTCP session + void UpdateNTCP2V6Address (const boost::asio::ip::address& host); // called from NTCP2 session void UpdateStats (); void CleanupDestination (); // garlic destination From f0d4ee6618867eb7dc5162d654467f2ee52655f0 Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 27 Aug 2018 16:01:47 -0400 Subject: [PATCH 06/17] pass NTCP2 ipv6 address --- libi2pd/RouterContext.cpp | 11 ++++------- libi2pd/RouterInfo.cpp | 7 +++---- libi2pd/RouterInfo.h | 2 +- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/libi2pd/RouterContext.cpp b/libi2pd/RouterContext.cpp index 75235ec6..fd59bd83 100644 --- a/libi2pd/RouterContext.cpp +++ b/libi2pd/RouterContext.cpp @@ -476,15 +476,12 @@ namespace i2p } } - if (!updated) + if (!updated && port) // we have found NTCP2 v4 but not v6 { - if (port) // we have found NTCP2 v4 but not v6 - { - m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv); - PublishNTCP2Address (port, true); - } + m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, host, port); + updated = true; } - else + if (updated) UpdateRouterInfo (); } diff --git a/libi2pd/RouterInfo.cpp b/libi2pd/RouterInfo.cpp index 79a70462..d52e91f3 100644 --- a/libi2pd/RouterInfo.cpp +++ b/libi2pd/RouterInfo.cpp @@ -696,12 +696,11 @@ namespace data m_Caps |= eSSUIntroducer; } - void RouterInfo::AddNTCP2Address (const uint8_t * staticKey, const uint8_t * iv) + void RouterInfo::AddNTCP2Address (const uint8_t * staticKey, const uint8_t * iv, const boost::asio::ip::address& host, int port) { - for (const auto& it: *m_Addresses) // don't insert one more NTCP2 - if (it->ntcp2) return; auto addr = std::make_shared
(); - addr->port = 0; + addr->host = host; + addr->port = port; addr->transportStyle = eTransportNTCP; addr->cost = 3; addr->date = 0; diff --git a/libi2pd/RouterInfo.h b/libi2pd/RouterInfo.h index bc0ed71c..f66a73fa 100644 --- a/libi2pd/RouterInfo.h +++ b/libi2pd/RouterInfo.h @@ -151,7 +151,7 @@ namespace data void AddNTCPAddress (const char * host, int port); void AddSSUAddress (const char * host, int port, const uint8_t * key, int mtu = 0); - void AddNTCP2Address (const uint8_t * staticKey, const uint8_t * iv); + void AddNTCP2Address (const uint8_t * staticKey, const uint8_t * iv, const boost::asio::ip::address& host = boost::asio::ip::address(), int port = 0); bool AddIntroducer (const Introducer& introducer); bool RemoveIntroducer (const boost::asio::ip::udp::endpoint& e); void SetProperty (const std::string& key, const std::string& value); // called from RouterContext only From 575a4c01c93e9d314ee670e05ccd12f1cfe733b1 Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 27 Aug 2018 18:35:35 -0400 Subject: [PATCH 07/17] publish NTCP2 adress if port is specified --- libi2pd/RouterInfo.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/libi2pd/RouterInfo.cpp b/libi2pd/RouterInfo.cpp index d52e91f3..b8bc5c11 100644 --- a/libi2pd/RouterInfo.cpp +++ b/libi2pd/RouterInfo.cpp @@ -706,6 +706,7 @@ namespace data addr->date = 0; addr->ntcp2.reset (new NTCP2Ext ()); addr->ntcp2->isNTCP2Only = true; // NTCP2 only address + if (port) addr->ntcp2->isPublished = true; memcpy (addr->ntcp2->staticKey, staticKey, 32); memcpy (addr->ntcp2->iv, iv, 16); m_Addresses->push_back(std::move(addr)); From b67424643da459c633c8615388dbe67f6d454d3b Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 27 Aug 2018 18:56:57 -0400 Subject: [PATCH 08/17] done insert NTCP2 ipv6 address twice --- libi2pd/RouterContext.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libi2pd/RouterContext.cpp b/libi2pd/RouterContext.cpp index fd59bd83..6ad3d159 100644 --- a/libi2pd/RouterContext.cpp +++ b/libi2pd/RouterContext.cpp @@ -455,7 +455,7 @@ namespace i2p void RouterContext::UpdateNTCP2V6Address (const boost::asio::ip::address& host) { - bool updated = false; + bool updated = false, found = false; int port = 0; auto& addresses = m_RouterInfo.GetAddresses (); for (auto& addr: addresses) @@ -468,15 +468,16 @@ namespace i2p { addr->host = host; updated = true; - break; } + found = true; + break; } else port = addr->port; // NTCP2 v4 } } - if (!updated && port) // we have found NTCP2 v4 but not v6 + if (!found && port) // we have found NTCP2 v4 but not v6 { m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, host, port); updated = true; From 6519e0835aa5656eb61537a89e2790b4a6cbc749 Mon Sep 17 00:00:00 2001 From: orignal Date: Sun, 2 Sep 2018 07:51:58 -0400 Subject: [PATCH 09/17] fixed typo --- libi2pd_client/AddressBook.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libi2pd_client/AddressBook.cpp b/libi2pd_client/AddressBook.cpp index e745ceaf..30ae7172 100644 --- a/libi2pd_client/AddressBook.cpp +++ b/libi2pd_client/AddressBook.cpp @@ -741,7 +741,7 @@ namespace client std::string response; uint8_t recv_buf[4096]; bool end = false; - int numAttempts = 5; + int numAttempts = 0; while (!end) { stream->AsyncReceive (boost::asio::buffer (recv_buf, 4096), From 86e9901bf28a19821624dbf0175e7475db560a83 Mon Sep 17 00:00:00 2001 From: l-n-s Date: Sun, 2 Sep 2018 15:39:23 -0400 Subject: [PATCH 10/17] Fix typo --- libi2pd_client/SAM.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libi2pd_client/SAM.h b/libi2pd_client/SAM.h index 953af1cd..dde6e675 100644 --- a/libi2pd_client/SAM.h +++ b/libi2pd_client/SAM.h @@ -46,7 +46,7 @@ namespace client const char SAM_NAMING_REPLY[] = "NAMING REPLY RESULT=OK NAME=ME VALUE=%s\n"; const char SAM_DATAGRAM_RECEIVED[] = "DATAGRAM RECEIVED DESTINATION=%s SIZE=%lu\n"; const char SAM_NAMING_REPLY_INVALID_KEY[] = "NAMING REPLY RESULT=INVALID_KEY NAME=%s\n"; - const char SAM_NAMING_REPLY_KEY_NOT_FOUND[] = "NAMING REPLY RESULT=INVALID_KEY_NOT_FOUND NAME=%s\n"; + const char SAM_NAMING_REPLY_KEY_NOT_FOUND[] = "NAMING REPLY RESULT=KEY_NOT_FOUND NAME=%s\n"; const char SAM_PARAM_MIN[] = "MIN"; const char SAM_PARAM_MAX[] = "MAX"; const char SAM_PARAM_STYLE[] = "STYLE"; From 2c3b19a53977c30e4e3b70937320c8eac1921111 Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 3 Sep 2018 17:39:49 -0400 Subject: [PATCH 11/17] use EdDSA from openssl 1.1.1 --- libi2pd/Crypto.h | 3 +++ libi2pd/Signature.cpp | 52 +++++++++++++++++++++++++++++++++++++++++++ libi2pd/Signature.h | 28 ++++++++++++++++++++++- 3 files changed, 82 insertions(+), 1 deletion(-) diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h index 43f1def9..ceaff30b 100644 --- a/libi2pd/Crypto.h +++ b/libi2pd/Crypto.h @@ -266,6 +266,9 @@ namespace crypto # define LEGACY_OPENSSL 1 #else # define LEGACY_OPENSSL 0 +# if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1 +# define OPENSSL_EDDSA +# endif #endif #if LEGACY_OPENSSL diff --git a/libi2pd/Signature.cpp b/libi2pd/Signature.cpp index baa265bc..f5164e9f 100644 --- a/libi2pd/Signature.cpp +++ b/libi2pd/Signature.cpp @@ -6,6 +6,26 @@ namespace i2p { namespace crypto { +#if OPENSSL_EDDSA + EDDSA25519Verifier::EDDSA25519Verifier (const uint8_t * signingKey) + { + m_Pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_ED25519, NULL, signingKey, 32); + m_MDCtx = EVP_MD_CTX_create (); + EVP_DigestVerifyInit (m_MDCtx, NULL, NULL, NULL, m_Pkey); + } + + EDDSA25519Verifier::~EDDSA25519Verifier () + { + EVP_MD_CTX_destroy (m_MDCtx); + EVP_PKEY_free (m_Pkey); + } + + bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const + { + return EVP_DigestVerify (m_MDCtx, signature, 64, buf, len); + } + +#else EDDSA25519Verifier::EDDSA25519Verifier (const uint8_t * signingKey) { memcpy (m_PublicKeyEncoded, signingKey, EDDSA25519_PUBLIC_KEY_LENGTH); @@ -14,6 +34,10 @@ namespace crypto BN_CTX_free (ctx); } + EDDSA25519Verifier::~EDDSA25519Verifier () + { + } + bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const { uint8_t digest[64]; @@ -26,7 +50,30 @@ namespace crypto return GetEd25519 ()->Verify (m_PublicKey, digest, signature); } +#endif +#if OPENSSL_EDDSA + EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey) + { + m_Pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_ED25519, NULL, signingPrivateKey, 32); + // TODO: check public key + m_MDCtx = EVP_MD_CTX_create (); + EVP_DigestSignInit (m_MDCtx, NULL, NULL, NULL, m_Pkey); + } + + EDDSA25519Signer::~EDDSA25519Signer () + { + EVP_MD_CTX_destroy (m_MDCtx); + EVP_PKEY_free (m_Pkey); + } + + void EDDSA25519Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const + { + size_t l = 64; + EVP_DigestSign (m_MDCtx, signature, &l, buf, len); + } + +#else EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey) { // expand key @@ -47,10 +94,15 @@ namespace crypto BN_CTX_free (ctx); } + EDDSA25519Signer::~EDDSA25519Signer () + { + } + void EDDSA25519Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const { GetEd25519 ()->Sign (m_ExpandedPrivateKey, m_PublicKeyEncoded, buf, len, signature); } +#endif } } diff --git a/libi2pd/Signature.h b/libi2pd/Signature.h index 8b30a8e8..6b958107 100644 --- a/libi2pd/Signature.h +++ b/libi2pd/Signature.h @@ -367,6 +367,8 @@ namespace crypto public: EDDSA25519Verifier (const uint8_t * signingKey); + ~EDDSA25519Verifier (); + bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const; size_t GetPublicKeyLen () const { return EDDSA25519_PUBLIC_KEY_LENGTH; }; @@ -374,8 +376,13 @@ namespace crypto private: +#if OPENSSL_EDDSA + EVP_PKEY * m_Pkey; + EVP_MD_CTX * m_MDCtx; +#else EDDSAPoint m_PublicKey; uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH]; +#endif }; class EDDSA25519Signer: public Signer @@ -384,20 +391,39 @@ namespace crypto EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey = nullptr); // we pass signingPublicKey to check if it matches private key + ~EDDSA25519Signer (); + void Sign (const uint8_t * buf, int len, uint8_t * signature) const; const uint8_t * GetPublicKey () const { return m_PublicKeyEncoded; }; private: - +#if OPENSSL_EDDSA + EVP_PKEY * m_Pkey; + EVP_MD_CTX * m_MDCtx; +#else uint8_t m_ExpandedPrivateKey[64]; uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH]; +#endif }; inline void CreateEDDSA25519RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey) { +#if OPENSSL_EDDSA + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_ED25519, NULL); + EVP_PKEY_keygen_init (pctx); + EVP_PKEY_keygen (pctx, &pkey); + EVP_PKEY_CTX_free (pctx); + size_t len = EDDSA25519_PUBLIC_KEY_LENGTH; + EVP_PKEY_get_raw_public_key (pkey, signingPublicKey, &len); + len = EDDSA25519_PRIVATE_KEY_LENGTH; + EVP_PKEY_get_raw_private_key (pkey, signingPrivateKey, &len); + EVP_PKEY_free (pkey); +#else RAND_bytes (signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH); EDDSA25519Signer signer (signingPrivateKey); memcpy (signingPublicKey, signer.GetPublicKey (), EDDSA25519_PUBLIC_KEY_LENGTH); +#endif } From 064460b95f656cb211995f88c66bea94d88224d4 Mon Sep 17 00:00:00 2001 From: R4SAS Date: Tue, 4 Sep 2018 10:39:46 +0300 Subject: [PATCH 12/17] osx makefile changes Move install target from osx to homebrew use openssl 1.1.0 when building with brew --- Makefile.homebrew | 19 ++++++++++++------- Makefile.osx | 16 +--------------- 2 files changed, 13 insertions(+), 22 deletions(-) diff --git a/Makefile.homebrew b/Makefile.homebrew index 688fdaea..9d593197 100644 --- a/Makefile.homebrew +++ b/Makefile.homebrew @@ -1,7 +1,7 @@ # root directory holding homebrew BREWROOT = /usr/local BOOSTROOT = ${BREWROOT}/opt/boost -SSLROOT = ${BREWROOT}/opt/libressl +SSLROOT = ${BREWROOT}/opt/openssl@1.1 UPNPROOT = ${BREWROOT}/opt/miniupnpc CXXFLAGS = ${CXX_DEBUG} -Wall -std=c++11 -DMAC_OSX -Wno-overloaded-virtual INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include @@ -41,9 +41,14 @@ ifeq ($(USE_AVX),1) CXXFLAGS += -mavx endif - -# Disabled, since it will be the default make rule. I think its better -# to define the default rule in Makefile and not Makefile. - torkel -#install: all -# test -d ${PREFIX} || mkdir -p ${PREFIX}/ -# cp -r i2p ${PREFIX}/ +install: + install -d ${PREFIX}/bin ${PREFIX}/etc/i2pd ${PREFIX}/share/doc/i2pd ${PREFIX}/share/i2pd ${PREFIX}/share/man/man1 ${PREFIX}/var/lib/i2pd + install -m 755 ${I2PD} ${PREFIX}/bin/ + install -m 644 contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/etc/i2pd + @cp -R contrib/certificates ${PREFIX}/share/i2pd/ + install -m 644 ChangeLog LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/share/doc/i2pd + @gzip debian/i2pd.1 && install debian/i2pd.1.gz ${PREFIX}/share/man/man1 + @ln -sf ${PREFIX}/share/i2pd/certificates ${PREFIX}/var/lib/i2pd/ + @ln -sf ${PREFIX}/etc/i2pd/i2pd.conf ${PREFIX}/var/lib/i2pd/i2pd.conf + @ln -sf ${PREFIX}/etc/i2pd/subscriptions.txt ${PREFIX}/var/lib/i2pd/subscriptions.txt + @ln -sf ${PREFIX}/etc/i2pd/tunnels.conf ${PREFIX}/var/lib/i2pd/tunnels.conf \ No newline at end of file diff --git a/Makefile.osx b/Makefile.osx index 13376040..d673d3ef 100644 --- a/Makefile.osx +++ b/Makefile.osx @@ -1,7 +1,7 @@ CXX = clang++ CXXFLAGS := ${CXX_DEBUG} -Wall -std=c++11 -DMAC_OSX INCFLAGS = -I/usr/local/include -LDFLAGS := ${LD_DEBUG} -Wl,-rpath,/usr/local/lib -L/usr/local/lib +LDFLAGS := -Wl,-rpath,/usr/local/lib -L/usr/local/lib ifeq ($(USE_STATIC),yes) LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread @@ -28,17 +28,3 @@ endif ifeq ($(USE_AVX),1) CXXFLAGS += -mavx endif - -# Disabled, since it will be the default make rule. I think its better -# to define the default rule in Makefile and not Makefile. - torkel -install-brew: all - install -d ${PREFIX}/bin ${PREFIX}/etc/i2pd ${PREFIX}/share/doc/i2pd ${PREFIX}/share/i2pd ${PREFIX}/share/man/man1 ${PREFIX}/var/lib/i2pd - install -m 755 ${I2PD} ${PREFIX}/bin/ - install -m 644 contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/etc/i2pd - @cp -R contrib/certificates ${PREFIX}/share/i2pd/ - install -m 644 ChangeLog LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/share/doc/i2pd - @gzip debian/i2pd.1 && install debian/i2pd.1.gz ${PREFIX}/share/man/man1 - @ln -sf ${PREFIX}/share/i2pd/certificates ${PREFIX}/var/lib/i2pd/ - @ln -sf ${PREFIX}/etc/i2pd/i2pd.conf ${PREFIX}/var/lib/i2pd/i2pd.conf - @ln -sf ${PREFIX}/etc/i2pd/subscriptions.txt ${PREFIX}/var/lib/i2pd/subscriptions.txt - @ln -sf ${PREFIX}/etc/i2pd/tunnels.conf ${PREFIX}/var/lib/i2pd/tunnels.conf From 6fe1de5d869343a2b80fdd168c4276880bc57b3f Mon Sep 17 00:00:00 2001 From: R4SAS Date: Tue, 4 Sep 2018 10:51:44 +0300 Subject: [PATCH 13/17] fix make target dependecy --- Makefile | 2 ++ Makefile.homebrew | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c51018f9..ce1ad51f 100644 --- a/Makefile +++ b/Makefile @@ -130,6 +130,8 @@ doxygen: .PHONY: deps .PHONY: doxygen .PHONY: dist +.PHONY: last-dist .PHONY: api .PHONY: api_client .PHONY: mk_obj_dir +.PHONY: install diff --git a/Makefile.homebrew b/Makefile.homebrew index 9d593197..64301c02 100644 --- a/Makefile.homebrew +++ b/Makefile.homebrew @@ -41,7 +41,7 @@ ifeq ($(USE_AVX),1) CXXFLAGS += -mavx endif -install: +install: all install -d ${PREFIX}/bin ${PREFIX}/etc/i2pd ${PREFIX}/share/doc/i2pd ${PREFIX}/share/i2pd ${PREFIX}/share/man/man1 ${PREFIX}/var/lib/i2pd install -m 755 ${I2PD} ${PREFIX}/bin/ install -m 644 contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/etc/i2pd From 2c58fe736bc90270a5e40f13151641f55ef1c578 Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 5 Sep 2018 09:51:03 -0400 Subject: [PATCH 14/17] fixed build error with openssl 1.1.1 --- libi2pd/Crypto.h | 2 +- libi2pd/Signature.h | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h index ceaff30b..f8cd86a3 100644 --- a/libi2pd/Crypto.h +++ b/libi2pd/Crypto.h @@ -267,7 +267,7 @@ namespace crypto #else # define LEGACY_OPENSSL 0 # if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1 -# define OPENSSL_EDDSA +# define OPENSSL_EDDSA 1 # endif #endif diff --git a/libi2pd/Signature.h b/libi2pd/Signature.h index 6b958107..7f5a53b9 100644 --- a/libi2pd/Signature.h +++ b/libi2pd/Signature.h @@ -394,7 +394,9 @@ namespace crypto ~EDDSA25519Signer (); void Sign (const uint8_t * buf, int len, uint8_t * signature) const; - const uint8_t * GetPublicKey () const { return m_PublicKeyEncoded; }; +#if !OPENSSL_EDDSA + const uint8_t * GetPublicKey () const { return m_PublicKeyEncoded; }; // for keys creation +#endif private: #if OPENSSL_EDDSA From 33aa8e2471655695fd78b2f848bce0f4e9515d91 Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 5 Sep 2018 11:19:58 -0400 Subject: [PATCH 15/17] use x25519 from openssl 1.1.1 for ephemeral keys --- libi2pd/Crypto.h | 1 + libi2pd/NTCP2.cpp | 29 ++++++++++++++++++++++++++++- libi2pd/NTCP2.h | 4 ++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h index f8cd86a3..30d00d76 100644 --- a/libi2pd/Crypto.h +++ b/libi2pd/Crypto.h @@ -268,6 +268,7 @@ namespace crypto # define LEGACY_OPENSSL 0 # if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1 # define OPENSSL_EDDSA 1 +# define OPENSSL_X25519 1 # endif #endif diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp index b6880e9c..6a319115 100644 --- a/libi2pd/NTCP2.cpp +++ b/libi2pd/NTCP2.cpp @@ -41,6 +41,9 @@ namespace transport delete[] m_SessionRequestBuffer; delete[] m_SessionCreatedBuffer; delete[] m_SessionConfirmedBuffer; +#if OPENSSL_X25519 + EVP_PKEY_free (m_EphemeralPkey); +#endif } void NTCP2Establisher::MixKey (const uint8_t * inputKeyMaterial, uint8_t * derived) @@ -119,7 +122,18 @@ namespace transport // x25519 between remote pub and priv uint8_t inputKeyMaterial[32]; - i2p::crypto::GetEd25519 ()->ScalarMul (GetRemotePub (), GetPriv (), inputKeyMaterial, m_Ctx); +#if OPENSSL_X25519 + auto pctx = EVP_PKEY_CTX_new (m_EphemeralPkey, NULL); + EVP_PKEY_derive_init (pctx); + auto pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_X25519, NULL, GetRemotePub (), 32); + EVP_PKEY_derive_set_peer (pctx, pkey); + size_t len = 32; + EVP_PKEY_derive (pctx, inputKeyMaterial, &len); + EVP_PKEY_free (pkey); + EVP_PKEY_CTX_free (pctx); +#else + i2p::crypto::GetEd25519 ()->ScalarMul (GetRemotePub (), GetPriv (), inputKeyMaterial, m_Ctx); +#endif MixKey (inputKeyMaterial, m_K); } @@ -149,8 +163,21 @@ namespace transport void NTCP2Establisher::CreateEphemeralKey () { +#if OPENSSL_X25519 + m_EphemeralPkey = nullptr; + EVP_PKEY_CTX * pctx = EVP_PKEY_CTX_new_id (NID_X25519, NULL); + EVP_PKEY_keygen_init (pctx); + EVP_PKEY_keygen (pctx, &m_EphemeralPkey); + EVP_PKEY_CTX_free (pctx); + // TODO: remove, after switch to m_EphemeralPkey + size_t len = 32; + EVP_PKEY_get_raw_public_key (m_EphemeralPkey, m_EphemeralPublicKey, &len); + len = 32; + EVP_PKEY_get_raw_private_key (m_EphemeralPkey, m_EphemeralPrivateKey, &len); +#else RAND_bytes (m_EphemeralPrivateKey, 32); i2p::crypto::GetEd25519 ()->ScalarMulB (m_EphemeralPrivateKey, m_EphemeralPublicKey, m_Ctx); +#endif } void NTCP2Establisher::CreateSessionRequestMessage () diff --git a/libi2pd/NTCP2.h b/libi2pd/NTCP2.h index 2b6748ab..10874abb 100644 --- a/libi2pd/NTCP2.h +++ b/libi2pd/NTCP2.h @@ -18,6 +18,7 @@ #include #include #include +#include #include #include "util.h" #include "RouterInfo.h" @@ -110,6 +111,9 @@ namespace transport BN_CTX * m_Ctx; uint8_t m_EphemeralPrivateKey[32], m_EphemeralPublicKey[32], m_RemoteEphemeralPublicKey[32]; // x25519 +#if OPENSSL_X25519 + EVP_PKEY * m_EphemeralPkey; +#endif uint8_t m_RemoteStaticKey[32], m_IV[16], m_H[32] /*h*/, m_CK[33] /*ck*/, m_K[32] /*k*/; i2p::data::IdentHash m_RemoteIdentHash; uint16_t m3p2Len; From b734acf1b1d4eb1f5c56577c9be8892a26cd0101 Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 6 Sep 2018 11:19:10 -0400 Subject: [PATCH 16/17] -latomic for gcc >= 5 only --- Makefile.linux | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile.linux b/Makefile.linux index 8689bd0c..cb376e77 100644 --- a/Makefile.linux +++ b/Makefile.linux @@ -21,8 +21,10 @@ else ifeq ($(shell expr match ${CXXVER} "4\.6"),3) # = 4.6 NEEDED_CXXFLAGS += -std=c++0x else ifeq ($(shell expr match ${CXXVER} "[5-7]\.[0-9]"),3) # gcc >= 5.0 NEEDED_CXXFLAGS += -std=c++11 + LDLIBS = -latomic else ifeq ($(shell expr match ${CXXVER} "[7-8]"),1) # gcc 7 ubuntu or gcc 8 arch NEEDED_CXXFLAGS += -std=c++11 + LDLIBS = -latomic else # not supported $(error Compiler too old) endif @@ -34,7 +36,7 @@ ifeq ($(USE_STATIC),yes) # Using 'getaddrinfo' in statically linked applications requires at runtime # the shared libraries from the glibc version used for linking LIBDIR := /usr/lib - LDLIBS = $(LIBDIR)/libboost_system.a + LDLIBS += $(LIBDIR)/libboost_system.a LDLIBS += $(LIBDIR)/libboost_date_time.a LDLIBS += $(LIBDIR)/libboost_filesystem.a LDLIBS += $(LIBDIR)/libboost_program_options.a @@ -44,7 +46,7 @@ ifeq ($(USE_STATIC),yes) LDLIBS += -lpthread -static-libstdc++ -static-libgcc -lrt -ldl USE_AESNI := no else - LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread -latomic + LDLIBS += -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread endif # UPNP Support (miniupnpc 1.5 and higher) From 50399e51948ae25a9f0563f59bda819a5090725e Mon Sep 17 00:00:00 2001 From: l-n-s Date: Thu, 6 Sep 2018 21:27:28 +0000 Subject: [PATCH 17/17] fix #1238 (#1239) --- android/assets/i2pd.conf | 2 +- contrib/i2pd.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/android/assets/i2pd.conf b/android/assets/i2pd.conf index cf113da2..bc2f7a3a 100644 --- a/android/assets/i2pd.conf +++ b/android/assets/i2pd.conf @@ -1,5 +1,5 @@ ## Configuration file for a typical i2pd user -## See https://i2pd.readthedocs.org/en/latest/configuration.html +## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/ ## for more options you can use in this file. #logfile = /sdcard/i2pd/i2pd.log diff --git a/contrib/i2pd.conf b/contrib/i2pd.conf index 123df754..92abf496 100644 --- a/contrib/i2pd.conf +++ b/contrib/i2pd.conf @@ -1,5 +1,5 @@ ## Configuration file for a typical i2pd user -## See https://i2pd.readthedocs.org/en/latest/configuration.html +## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/ ## for more options you can use in this file. ## Lines that begin with "## " try to explain what's going on. Lines