From 5aa53eee43e484950f4a14a29feed131c595336f Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 2 Nov 2017 14:50:57 -0400 Subject: [PATCH 01/24] GetIdentity for RoutingDestination --- libi2pd/Identity.h | 4 +++- libi2pd/LeaseSet.h | 5 ++--- libi2pd/RouterInfo.h | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index 0258823b..ccd8ecee 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -186,9 +186,11 @@ namespace data RoutingDestination () {}; virtual ~RoutingDestination () {}; - virtual const IdentHash& GetIdentHash () const = 0; + virtual std::shared_ptr GetIdentity () const = 0; virtual const uint8_t * GetEncryptionPublicKey () const = 0; virtual bool IsDestination () const = 0; // for garlic + + const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); }; }; class LocalDestination diff --git a/libi2pd/LeaseSet.h b/libi2pd/LeaseSet.h index 3499884a..68b993f3 100644 --- a/libi2pd/LeaseSet.h +++ b/libi2pd/LeaseSet.h @@ -59,8 +59,7 @@ namespace data ~LeaseSet () { delete[] m_Buffer; }; void Update (const uint8_t * buf, size_t len); bool IsNewer (const uint8_t * buf, size_t len) const; - void PopulateLeases (); // from buffer - std::shared_ptr GetIdentity () const { return m_Identity; }; + void PopulateLeases (); // from buffer const uint8_t * GetBuffer () const { return m_Buffer; }; size_t GetBufferLen () const { return m_BufferLen; }; @@ -76,7 +75,7 @@ namespace data { return m_BufferLen == other.m_BufferLen && !memcmp (m_Buffer, other.m_Buffer, m_BufferLen); }; // implements RoutingDestination - const IdentHash& GetIdentHash () const { return m_Identity->GetIdentHash (); }; + std::shared_ptr GetIdentity () const { return m_Identity; }; const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionKey; }; bool IsDestination () const { return true; }; diff --git a/libi2pd/RouterInfo.h b/libi2pd/RouterInfo.h index f23fb152..544639f7 100644 --- a/libi2pd/RouterInfo.h +++ b/libi2pd/RouterInfo.h @@ -185,7 +185,7 @@ namespace data bool IsFamily(const std::string & fam) const; // implements RoutingDestination - const IdentHash& GetIdentHash () const { return m_RouterIdentity->GetIdentHash (); }; + std::shared_ptr GetIdentity () const { return m_RouterIdentity; }; const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity->GetStandardIdentity ().publicKey; }; bool IsDestination () const { return false; }; From e634c89995521e8c1f71d599b3aa0ebf6adae9a0 Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 2 Nov 2017 16:13:10 -0400 Subject: [PATCH 02/24] generate non-ElGamal encryption keys pair --- libi2pd/Destination.cpp | 3 ++- libi2pd/Identity.cpp | 51 ++++++++++++++++++++++++++++++----------- libi2pd/Identity.h | 10 ++++---- 3 files changed, 44 insertions(+), 20 deletions(-) diff --git a/libi2pd/Destination.cpp b/libi2pd/Destination.cpp index 520fc23f..b6584684 100644 --- a/libi2pd/Destination.cpp +++ b/libi2pd/Destination.cpp @@ -709,7 +709,8 @@ namespace client if (isPublic) PersistTemporaryKeys (); else - i2p::crypto::GenerateElGamalKeyPair(m_EncryptionPrivateKey, m_EncryptionPublicKey); + i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (), + m_EncryptionPrivateKey, m_EncryptionPublicKey); if (isPublic) LogPrint (eLogInfo, "Destination: Local address ", GetIdentHash().ToBase32 (), " created"); } diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index acce5426..847c63ca 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -39,10 +39,10 @@ namespace data { } - IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type): + IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type, CryptoKeyType cryptoType): m_IsVerifierCreated (false) - { - memcpy (m_StandardIdentity.publicKey, publicKey, sizeof (m_StandardIdentity.publicKey)); + { + memcpy (m_StandardIdentity.publicKey, publicKey, 256); // publicKey in awlays assumed 256 regardless actual size, padding must be taken care of if (type != SIGNING_KEY_TYPE_DSA_SHA1) { size_t excessLen = 0; @@ -103,7 +103,6 @@ namespace data break; } case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: - case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256_TEST: { // 256 size_t padding = 128 - i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH; // 64 = 128 - 64 @@ -112,7 +111,6 @@ namespace data break; } case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: - case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512_TEST: { // 512 // no padding, key length is 128 @@ -129,7 +127,7 @@ namespace data // fill extended buffer m_ExtendedBuffer = new uint8_t[m_ExtendedLen]; htobe16buf (m_ExtendedBuffer, type); - htobe16buf (m_ExtendedBuffer + 2, CRYPTO_KEY_TYPE_ELGAMAL); + htobe16buf (m_ExtendedBuffer + 2, cryptoType); if (excessLen && excessBuf) { memcpy (m_ExtendedBuffer + 4, excessBuf, excessLen); @@ -397,14 +395,12 @@ namespace data break; } case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: - case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256_TEST: { size_t padding = 128 - i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH; // 64 = 128 - 64 UpdateVerifier (new i2p::crypto::GOSTR3410_256_Verifier (i2p::crypto::eGOSTR3410CryptoProA, m_StandardIdentity.signingKey + padding)); break; } case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: - case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512_TEST: { // zero padding UpdateVerifier (new i2p::crypto::GOSTR3410_512_Verifier (i2p::crypto::eGOSTR3410TC26A512, m_StandardIdentity.signingKey)); @@ -553,11 +549,9 @@ namespace data m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); break; case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: - case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256_TEST: m_Signer.reset (new i2p::crypto::GOSTR3410_256_Signer (i2p::crypto::eGOSTR3410CryptoProA, m_SigningPrivateKey)); break; case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: - case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512_TEST: m_Signer.reset (new i2p::crypto::GOSTR3410_512_Signer (i2p::crypto::eGOSTR3410TC26A512, m_SigningPrivateKey)); break; default: @@ -573,7 +567,7 @@ namespace data return nullptr; // TODO: implement me } - PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type) + PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type, CryptoKeyType cryptoType) { if (type != SIGNING_KEY_TYPE_DSA_SHA1) { @@ -604,11 +598,9 @@ namespace data i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey); break; case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256: - case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256_TEST: i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410CryptoProA, keys.m_SigningPrivateKey, signingPublicKey); break; case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512: - case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512_TEST: i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410TC26A512, keys.m_SigningPrivateKey, signingPublicKey); break; default: @@ -617,7 +609,7 @@ namespace data } // encryption uint8_t publicKey[256]; - i2p::crypto::GenerateElGamalKeyPair (keys.m_PrivateKey, publicKey); + GenerateCryptoKeyPair (cryptoType, keys.m_PrivateKey, publicKey); // identity keys.m_Public = std::make_shared (publicKey, signingPublicKey, type); @@ -627,6 +619,37 @@ namespace data return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1 } + void PrivateKeys::GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub) + { + switch (type) + { + case CRYPTO_KEY_TYPE_ELGAMAL: + i2p::crypto::GenerateElGamalKeyPair(priv, pub); + break; + case CRYPTO_KEY_TYPE_ECICS_P256_SHA256_AES256CBC: + { + EC_GROUP * curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1); + EC_POINT * p = nullptr; + BIGNUM * key = nullptr; + i2p::crypto::GenerateECICSKeyPair (curve, key, p); + i2p::crypto::bn2buf (key, priv, 32); + RAND_bytes (priv + 32, 224); + BN_free (key); + BIGNUM * x = BN_new (), * y = BN_new (); + EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, NULL); + i2p::crypto::bn2buf (x, pub, 32); + i2p::crypto::bn2buf (y, pub + 32, 32); + RAND_bytes (priv + 64, 192); + EC_POINT_free (p); + BN_free (x); BN_free (y); + EC_GROUP_free (curve); + break; + } + default: + LogPrint (eLogError, "Identity: Crypto key type ", (int)type, " is not supported"); + } + } + Keys CreateRandomKeys () { Keys keys; diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index ccd8ecee..84c396c1 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -52,6 +52,8 @@ namespace data const size_t DEFAULT_IDENTITY_SIZE = sizeof (Identity); // 387 bytes const uint16_t CRYPTO_KEY_TYPE_ELGAMAL = 0; + const uint16_t CRYPTO_KEY_TYPE_ECICS_P256_SHA256_AES256CBC = 65280; // TODO: change to actual code + const uint16_t SIGNING_KEY_TYPE_DSA_SHA1 = 0; const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA256_P256 = 1; const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA384_P384 = 2; @@ -64,9 +66,6 @@ namespace data // following signature type should never appear in netid=2 const uint16_t SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256 = 9; const uint16_t SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512 = 10; // approved by FSB - // TODO: remove later - const uint16_t SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256_TEST = 65281; - const uint16_t SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512_TEST = 65282; typedef uint16_t SigningKeyType; typedef uint16_t CryptoKeyType; @@ -77,7 +76,7 @@ namespace data IdentityEx (); IdentityEx (const uint8_t * publicKey, const uint8_t * signingKey, - SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1); + SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1, CryptoKeyType cryptoType = CRYPTO_KEY_TYPE_ELGAMAL); IdentityEx (const uint8_t * buf, size_t len); IdentityEx (const IdentityEx& other); IdentityEx (const Identity& standard); @@ -147,7 +146,8 @@ namespace data size_t FromBase64(const std::string& s); std::string ToBase64 () const; - static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1); + static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1, CryptoKeyType cryptoType = CRYPTO_KEY_TYPE_ELGAMAL); + static void GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub); // priv and pub are 256 bytes long private: From 3330bf4f2fd3494e25862943aff0533ffd1728c3 Mon Sep 17 00:00:00 2001 From: Jeff Becker Date: Sat, 4 Nov 2017 07:52:41 -0400 Subject: [PATCH 03/24] fix gcc 7 on ubuntu --- Makefile.linux | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile.linux b/Makefile.linux index 0fd8873d..eec1e2cc 100644 --- a/Makefile.linux +++ b/Makefile.linux @@ -21,6 +21,8 @@ else ifeq ($(shell expr match ${CXXVER} "4\.6"),3) # = 4.6 NEEDED_CXXFLAGS += -std=c++0x else ifeq ($(shell expr match ${CXXVER} "[5-7]\.[0-9]"),3) # gcc >= 5.0 NEEDED_CXXFLAGS += -std=c++11 +else ifeq ($(shell expr match ${CXXVER} "7"),1) # gcc 7 ubuntu + NEEDED_CXXFLAGS += -std=c++11 else # not supported $(error Compiler too old) endif From efacfced4532e29c174a04bd3f970d1a48dee580 Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 6 Nov 2017 13:40:58 -0500 Subject: [PATCH 04/24] CryptoKey added --- libi2pd/Crypto.cpp | 8 ++++---- libi2pd/Crypto.h | 8 ++++---- libi2pd/CryptoKey.cpp | 27 +++++++++++++++++++++++++++ libi2pd/CryptoKey.h | 16 ++++++++++++++++ libi2pd/Identity.cpp | 21 +++------------------ qt/i2pd_qt/i2pd_qt.pro | 2 ++ 6 files changed, 56 insertions(+), 26 deletions(-) create mode 100644 libi2pd/CryptoKey.cpp create mode 100644 libi2pd/CryptoKey.h diff --git a/libi2pd/Crypto.cpp b/libi2pd/Crypto.cpp index caae5d82..13c86188 100644 --- a/libi2pd/Crypto.cpp +++ b/libi2pd/Crypto.cpp @@ -372,8 +372,8 @@ namespace crypto BN_CTX_free (ctx); } -// ECICS - void ECICSEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) +// ECIES + void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) { BN_CTX_start (ctx); BIGNUM * q = BN_CTX_get (ctx); @@ -410,7 +410,7 @@ namespace crypto BN_CTX_end (ctx); } - bool ECICSDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) + bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) { bool ret = true; BN_CTX_start (ctx); @@ -460,7 +460,7 @@ namespace crypto return ret; } - void GenerateECICSKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub) + void GenerateECIESKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub) { BN_CTX * ctx = BN_CTX_new (); BIGNUM * q = BN_new (); diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h index 18948490..68378b4e 100644 --- a/libi2pd/Crypto.h +++ b/libi2pd/Crypto.h @@ -52,10 +52,10 @@ namespace crypto bool ElGamalDecrypt (const uint8_t * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding = false); void GenerateElGamalKeyPair (uint8_t * priv, uint8_t * pub); - // ECICS - void ECICSEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); // 222 bytes data, 512 bytes encrypted - bool ECICSDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); - void GenerateECICSKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub); + // ECIES + void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); // 222 bytes data, 512 bytes encrypted + bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); + void GenerateECIESKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub); // HMAC typedef i2p::data::Tag<32> MACKey; diff --git a/libi2pd/CryptoKey.cpp b/libi2pd/CryptoKey.cpp new file mode 100644 index 00000000..e76b67b2 --- /dev/null +++ b/libi2pd/CryptoKey.cpp @@ -0,0 +1,27 @@ +#include "CryptoKey.h" + +namespace i2p +{ +namespace crypto +{ + void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub) + { + EC_GROUP * curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1); + EC_POINT * p = nullptr; + BIGNUM * key = nullptr; + GenerateECIESKeyPair (curve, key, p); + bn2buf (key, priv, 32); + RAND_bytes (priv + 32, 224); + BN_free (key); + BIGNUM * x = BN_new (), * y = BN_new (); + EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, NULL); + bn2buf (x, pub, 32); + bn2buf (y, pub + 32, 32); + RAND_bytes (priv + 64, 192); + EC_POINT_free (p); + BN_free (x); BN_free (y); + EC_GROUP_free (curve); + } +} +} + diff --git a/libi2pd/CryptoKey.h b/libi2pd/CryptoKey.h new file mode 100644 index 00000000..4a08a3b6 --- /dev/null +++ b/libi2pd/CryptoKey.h @@ -0,0 +1,16 @@ +#ifndef CRYPTO_KEY_H__ +#define CRYPTO_KEY_H__ + +#include +#include "Crypto.h" + +namespace i2p +{ +namespace crypto +{ + void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub); +} +} + +#endif + diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index 847c63ca..87a5d84c 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -1,6 +1,7 @@ #include #include #include "Crypto.h" +#include "CryptoKey.h" #include "I2PEndian.h" #include "Log.h" #include "Identity.h" @@ -627,24 +628,8 @@ namespace data i2p::crypto::GenerateElGamalKeyPair(priv, pub); break; case CRYPTO_KEY_TYPE_ECICS_P256_SHA256_AES256CBC: - { - EC_GROUP * curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1); - EC_POINT * p = nullptr; - BIGNUM * key = nullptr; - i2p::crypto::GenerateECICSKeyPair (curve, key, p); - i2p::crypto::bn2buf (key, priv, 32); - RAND_bytes (priv + 32, 224); - BN_free (key); - BIGNUM * x = BN_new (), * y = BN_new (); - EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, NULL); - i2p::crypto::bn2buf (x, pub, 32); - i2p::crypto::bn2buf (y, pub + 32, 32); - RAND_bytes (priv + 64, 192); - EC_POINT_free (p); - BN_free (x); BN_free (y); - EC_GROUP_free (curve); - break; - } + i2p::crypto::CreateECIESP256RandomKeys (priv, pub); + break; default: LogPrint (eLogError, "Identity: Crypto key type ", (int)type, " is not supported"); } diff --git a/qt/i2pd_qt/i2pd_qt.pro b/qt/i2pd_qt/i2pd_qt.pro index 78078904..f575438c 100644 --- a/qt/i2pd_qt/i2pd_qt.pro +++ b/qt/i2pd_qt/i2pd_qt.pro @@ -30,6 +30,7 @@ SOURCES += DaemonQT.cpp mainwindow.cpp \ ../../libi2pd/BloomFilter.cpp \ ../../libi2pd/Config.cpp \ ../../libi2pd/Crypto.cpp \ + ../../libi2pd/CryptoKey.cpp \ ../../libi2pd/Datagram.cpp \ ../../libi2pd/Destination.cpp \ ../../libi2pd/Event.cpp \ @@ -107,6 +108,7 @@ HEADERS += DaemonQT.h mainwindow.h \ ../../libi2pd/BloomFilter.h \ ../../libi2pd/Config.h \ ../../libi2pd/Crypto.h \ + ../../libi2pd/CryptoKey.h \ ../../libi2pd/Datagram.h \ ../../libi2pd/Destination.h \ ../../libi2pd/Event.h \ From 88ba494701204dc8fb78b8f92dcdbcdb44809a8b Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 6 Nov 2017 15:12:51 -0500 Subject: [PATCH 05/24] fixed build error --- build/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/build/CMakeLists.txt b/build/CMakeLists.txt index 03e4c450..1f18beb7 100644 --- a/build/CMakeLists.txt +++ b/build/CMakeLists.txt @@ -36,6 +36,7 @@ set (LIBI2PD_SRC "${LIBI2PD_SRC_DIR}/BloomFilter.cpp" "${LIBI2PD_SRC_DIR}/Config.cpp" "${LIBI2PD_SRC_DIR}/Crypto.cpp" + "${LIBI2PD_SRC_DIR}/CryptoKey.cpp" "${LIBI2PD_SRC_DIR}/Garlic.cpp" "${LIBI2PD_SRC_DIR}/Gzip.cpp" "${LIBI2PD_SRC_DIR}/HTTP.cpp" From 9fa67b0e0a1893818d05369373d46cac99c36f8c Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 6 Nov 2017 15:54:18 -0500 Subject: [PATCH 06/24] crypto key encryptor and decryptor --- libi2pd/CryptoKey.cpp | 75 +++++++++++++++++++++++++++++++++++++++++++ libi2pd/CryptoKey.h | 69 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 144 insertions(+) diff --git a/libi2pd/CryptoKey.cpp b/libi2pd/CryptoKey.cpp index e76b67b2..000475d3 100644 --- a/libi2pd/CryptoKey.cpp +++ b/libi2pd/CryptoKey.cpp @@ -1,9 +1,84 @@ +#include +#include "Log.h" #include "CryptoKey.h" namespace i2p { namespace crypto { + ElGamalEncryptor::ElGamalEncryptor (const uint8_t * pub) + { + memcpy (m_PublicKey, pub, 256); + } + + void ElGamalEncryptor::Encrypt (const uint8_t * data, uint8_t * encrypted) + { + BN_CTX * ctx = BN_CTX_new (); + ElGamalEncrypt (m_PublicKey, data, encrypted, ctx, true); + BN_CTX_free (ctx); + } + + ElGamalDecryptor::ElGamalDecryptor (const uint8_t * priv) + { + memcpy (m_PrivateKey, priv, 256); + } + + void ElGamalDecryptor::Decrypt (const uint8_t * encrypted, uint8_t * data) + { + BN_CTX * ctx = BN_CTX_new (); + ElGamalDecrypt (m_PrivateKey, encrypted, data, ctx, true); + BN_CTX_free (ctx); + } + + ECIESP256Encryptor::ECIESP256Encryptor (const uint8_t * pub) + { + m_Curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1); + m_PublicKey = EC_POINT_new (m_Curve); + BIGNUM * x = BN_bin2bn (pub, 32, nullptr); + BIGNUM * y = BN_bin2bn (pub + 32, 32, nullptr); + if (!EC_POINT_set_affine_coordinates_GFp (m_Curve, m_PublicKey, x, y, nullptr)) + LogPrint (eLogError, "ECICS P256 invalid public key"); + BN_free (x); BN_free (y); + } + + ECIESP256Encryptor::~ECIESP256Encryptor () + { + if (m_Curve) EC_GROUP_free (m_Curve); + if (m_PublicKey) EC_POINT_free (m_PublicKey); + } + + void ECIESP256Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted) + { + if (m_Curve && m_PublicKey) + { + BN_CTX * ctx = BN_CTX_new (); + ECIESEncrypt (m_Curve, m_PublicKey, data, encrypted, ctx); + BN_CTX_free (ctx); + } + } + + ECIESP256Decryptor::ECIESP256Decryptor (const uint8_t * priv) + { + m_Curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1); + m_PrivateKey = BN_bin2bn (priv, 32, nullptr); + } + + ECIESP256Decryptor::~ECIESP256Decryptor () + { + if (m_Curve) EC_GROUP_free (m_Curve); + if (m_PrivateKey) BN_free (m_PrivateKey); + } + + void ECIESP256Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data) + { + if (m_Curve && m_PrivateKey) + { + BN_CTX * ctx = BN_CTX_new (); + ECIESDecrypt (m_Curve, m_PrivateKey, encrypted, data, ctx); + BN_CTX_free (ctx); + } + } + void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub) { EC_GROUP * curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1); diff --git a/libi2pd/CryptoKey.h b/libi2pd/CryptoKey.h index 4a08a3b6..abd51d5a 100644 --- a/libi2pd/CryptoKey.h +++ b/libi2pd/CryptoKey.h @@ -8,6 +8,75 @@ namespace i2p { namespace crypto { + class CryptoKeyEncryptor + { + public: + + virtual ~CryptoKeyEncryptor () {}; + virtual void Encrypt (const uint8_t * data, uint8_t * encrypted); // 222 bytes data, 512 bytes encrypted + }; + + class CryptoKeyDecryptor + { + public: + + virtual ~CryptoKeyDecryptor () {}; + virtual void Decrypt (const uint8_t * encrypted, uint8_t * data); // 512 bytes encrypted, 222 bytes data + }; + + class ElGamalEncryptor // for destination + { + public: + + ElGamalEncryptor (const uint8_t * pub); + void Encrypt (const uint8_t * data, uint8_t * encrypted); + + private: + + uint8_t m_PublicKey[256]; + }; + + class ElGamalDecryptor // for destination + { + public: + + ElGamalDecryptor (const uint8_t * priv); + void Decrypt (const uint8_t * encrypted, uint8_t * data); + + private: + + uint8_t m_PrivateKey[256]; + }; + + class ECIESP256Encryptor + { + public: + + ECIESP256Encryptor (const uint8_t * pub); + ~ECIESP256Encryptor (); + void Encrypt (const uint8_t * data, uint8_t * encrypted); + + private: + + EC_GROUP * m_Curve; + EC_POINT * m_PublicKey; + }; + + + class ECIESP256Decryptor + { + public: + + ECIESP256Decryptor (const uint8_t * priv); + ~ECIESP256Decryptor (); + void Decrypt (const uint8_t * encrypted, uint8_t * data); + + private: + + EC_GROUP * m_Curve; + BIGNUM * m_PrivateKey; + }; + void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub); } } From 81658d2ff918de09a1810dcf5b6f84a95e920a61 Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 7 Nov 2017 15:05:22 -0500 Subject: [PATCH 07/24] generic encryption for RoutingDestination --- libi2pd/CryptoKey.cpp | 25 +++++++------------------ libi2pd/CryptoKey.h | 20 ++++++++++---------- libi2pd/Identity.cpp | 37 +++++++++++++++++++++++++++++++++++-- libi2pd/Identity.h | 17 +++++++++++------ libi2pd/LeaseSet.cpp | 7 +++++++ libi2pd/LeaseSet.h | 3 ++- libi2pd/RouterInfo.cpp | 6 ++++++ libi2pd/RouterInfo.h | 8 +++++--- 8 files changed, 83 insertions(+), 40 deletions(-) diff --git a/libi2pd/CryptoKey.cpp b/libi2pd/CryptoKey.cpp index 000475d3..a0858b91 100644 --- a/libi2pd/CryptoKey.cpp +++ b/libi2pd/CryptoKey.cpp @@ -11,11 +11,9 @@ namespace crypto memcpy (m_PublicKey, pub, 256); } - void ElGamalEncryptor::Encrypt (const uint8_t * data, uint8_t * encrypted) + void ElGamalEncryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) { - BN_CTX * ctx = BN_CTX_new (); ElGamalEncrypt (m_PublicKey, data, encrypted, ctx, true); - BN_CTX_free (ctx); } ElGamalDecryptor::ElGamalDecryptor (const uint8_t * priv) @@ -23,11 +21,9 @@ namespace crypto memcpy (m_PrivateKey, priv, 256); } - void ElGamalDecryptor::Decrypt (const uint8_t * encrypted, uint8_t * data) + bool ElGamalDecryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) { - BN_CTX * ctx = BN_CTX_new (); - ElGamalDecrypt (m_PrivateKey, encrypted, data, ctx, true); - BN_CTX_free (ctx); + return ElGamalDecrypt (m_PrivateKey, encrypted, data, ctx, true); } ECIESP256Encryptor::ECIESP256Encryptor (const uint8_t * pub) @@ -47,14 +43,10 @@ namespace crypto if (m_PublicKey) EC_POINT_free (m_PublicKey); } - void ECIESP256Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted) + void ECIESP256Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) { if (m_Curve && m_PublicKey) - { - BN_CTX * ctx = BN_CTX_new (); ECIESEncrypt (m_Curve, m_PublicKey, data, encrypted, ctx); - BN_CTX_free (ctx); - } } ECIESP256Decryptor::ECIESP256Decryptor (const uint8_t * priv) @@ -69,14 +61,11 @@ namespace crypto if (m_PrivateKey) BN_free (m_PrivateKey); } - void ECIESP256Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data) + bool ECIESP256Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) { if (m_Curve && m_PrivateKey) - { - BN_CTX * ctx = BN_CTX_new (); - ECIESDecrypt (m_Curve, m_PrivateKey, encrypted, data, ctx); - BN_CTX_free (ctx); - } + return ECIESDecrypt (m_Curve, m_PrivateKey, encrypted, data, ctx); + return false;; } void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub) diff --git a/libi2pd/CryptoKey.h b/libi2pd/CryptoKey.h index abd51d5a..f08a15b2 100644 --- a/libi2pd/CryptoKey.h +++ b/libi2pd/CryptoKey.h @@ -13,7 +13,7 @@ namespace crypto public: virtual ~CryptoKeyEncryptor () {}; - virtual void Encrypt (const uint8_t * data, uint8_t * encrypted); // 222 bytes data, 512 bytes encrypted + virtual void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) = 0; // 222 bytes data, 512 bytes encrypted }; class CryptoKeyDecryptor @@ -21,40 +21,40 @@ namespace crypto public: virtual ~CryptoKeyDecryptor () {}; - virtual void Decrypt (const uint8_t * encrypted, uint8_t * data); // 512 bytes encrypted, 222 bytes data + virtual bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) = 0; // 512 bytes encrypted, 222 bytes data }; - class ElGamalEncryptor // for destination + class ElGamalEncryptor: public CryptoKeyEncryptor // for destination { public: ElGamalEncryptor (const uint8_t * pub); - void Encrypt (const uint8_t * data, uint8_t * encrypted); + void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); private: uint8_t m_PublicKey[256]; }; - class ElGamalDecryptor // for destination + class ElGamalDecryptor: public CryptoKeyDecryptor // for destination { public: ElGamalDecryptor (const uint8_t * priv); - void Decrypt (const uint8_t * encrypted, uint8_t * data); + bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); private: uint8_t m_PrivateKey[256]; }; - class ECIESP256Encryptor + class ECIESP256Encryptor: public CryptoKeyEncryptor { public: ECIESP256Encryptor (const uint8_t * pub); ~ECIESP256Encryptor (); - void Encrypt (const uint8_t * data, uint8_t * encrypted); + void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); private: @@ -63,13 +63,13 @@ namespace crypto }; - class ECIESP256Decryptor + class ECIESP256Decryptor: public CryptoKeyDecryptor { public: ECIESP256Decryptor (const uint8_t * priv); ~ECIESP256Decryptor (); - void Decrypt (const uint8_t * encrypted, uint8_t * data); + bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); private: diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index 87a5d84c..04e1c576 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -1,7 +1,6 @@ #include #include #include "Crypto.h" -#include "CryptoKey.h" #include "I2PEndian.h" #include "Log.h" #include "Identity.h" @@ -443,6 +442,23 @@ namespace data m_Verifier = nullptr; } + std::shared_ptr IdentityEx::CreateEncryptor (const uint8_t * key) const + { + if (!key) key = GetEncryptionPublicKey (); // use publicKey + switch (GetCryptoKeyType ()) + { + case CRYPTO_KEY_TYPE_ELGAMAL: + return std::make_shared(key); + break; + case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: + return std::make_shared(key); + break; + default: + LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)GetCryptoKeyType ()); + }; + return nullptr; + } + PrivateKeys& PrivateKeys::operator=(const Keys& keys) { m_Public = std::make_shared(Identity (keys)); @@ -568,6 +584,23 @@ namespace data return nullptr; // TODO: implement me } + std::shared_ptr PrivateKeys::CreateDecryptor (const uint8_t * key) const + { + if (!key) key = m_PrivateKey; // use privateKey + switch (m_Public->GetCryptoKeyType ()) + { + case CRYPTO_KEY_TYPE_ELGAMAL: + return std::make_shared(key); + break; + case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: + return std::make_shared(key); + break; + default: + LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)m_Public->GetCryptoKeyType ()); + }; + return nullptr; + } + PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type, CryptoKeyType cryptoType) { if (type != SIGNING_KEY_TYPE_DSA_SHA1) @@ -627,7 +660,7 @@ namespace data case CRYPTO_KEY_TYPE_ELGAMAL: i2p::crypto::GenerateElGamalKeyPair(priv, pub); break; - case CRYPTO_KEY_TYPE_ECICS_P256_SHA256_AES256CBC: + case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: i2p::crypto::CreateECIESP256RandomKeys (priv, pub); break; default: diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index 84c396c1..d321e726 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -8,6 +8,7 @@ #include #include "Base.h" #include "Signature.h" +#include "CryptoKey.h" namespace i2p { @@ -52,7 +53,7 @@ namespace data const size_t DEFAULT_IDENTITY_SIZE = sizeof (Identity); // 387 bytes const uint16_t CRYPTO_KEY_TYPE_ELGAMAL = 0; - const uint16_t CRYPTO_KEY_TYPE_ECICS_P256_SHA256_AES256CBC = 65280; // TODO: change to actual code + const uint16_t CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC = 65280; // TODO: change to actual code const uint16_t SIGNING_KEY_TYPE_DSA_SHA1 = 0; const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA256_P256 = 1; @@ -88,11 +89,12 @@ namespace data size_t ToBuffer (uint8_t * buf, size_t len) const; size_t FromBase64(const std::string& s); std::string ToBase64 () const; - const Identity& GetStandardIdentity () const { return m_StandardIdentity; }; + const Identity& GetStandardIdentity () const { return m_StandardIdentity; }; const IdentHash& GetIdentHash () const { return m_IdentHash; }; - const uint8_t * GetEncryptionPublicKey () const { return m_StandardIdentity.publicKey; }; - uint8_t * GetEncryptionPublicKeyBuffer () { return m_StandardIdentity.publicKey; }; + const uint8_t * GetEncryptionPublicKey () const { return m_StandardIdentity.publicKey; }; + uint8_t * GetEncryptionPublicKeyBuffer () { return m_StandardIdentity.publicKey; }; + std::shared_ptr CreateEncryptor (const uint8_t * key) const; size_t GetFullLen () const { return m_ExtendedLen + DEFAULT_IDENTITY_SIZE; }; size_t GetSigningPublicKeyLen () const; size_t GetSigningPrivateKeyLen () const; @@ -136,7 +138,7 @@ namespace data const uint8_t * GetPrivateKey () const { return m_PrivateKey; }; const uint8_t * GetSigningPrivateKey () const { return m_SigningPrivateKey; }; uint8_t * GetPadding(); - void RecalculateIdentHash(uint8_t * buf=nullptr) { m_Public->RecalculateIdentHash(buf); } + void RecalculateIdentHash(uint8_t * buf=nullptr) { m_Public->RecalculateIdentHash(buf); } void Sign (const uint8_t * buf, int len, uint8_t * signature) const; size_t GetFullLen () const { return m_Public->GetFullLen () + 256 + m_Public->GetSigningPrivateKeyLen (); }; @@ -146,6 +148,8 @@ namespace data size_t FromBase64(const std::string& s); std::string ToBase64 () const; + std::shared_ptr CreateDecryptor (const uint8_t * key) const; + static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1, CryptoKeyType cryptoType = CRYPTO_KEY_TYPE_ELGAMAL); static void GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub); // priv and pub are 256 bytes long @@ -187,7 +191,8 @@ namespace data virtual ~RoutingDestination () {}; virtual std::shared_ptr GetIdentity () const = 0; - virtual const uint8_t * GetEncryptionPublicKey () const = 0; + virtual const uint8_t * GetEncryptionPublicKey () const = 0; // deprecated + virtual void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) = 0; // encrypt data for virtual bool IsDestination () const = 0; // for garlic const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); }; diff --git a/libi2pd/LeaseSet.cpp b/libi2pd/LeaseSet.cpp index 8b8a17c0..3faf085a 100644 --- a/libi2pd/LeaseSet.cpp +++ b/libi2pd/LeaseSet.cpp @@ -208,6 +208,13 @@ namespace data return ts > m_ExpirationTime; } + void LeaseSet::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) + { + auto encryptor = m_Identity->CreateEncryptor (m_EncryptionKey); + if (encryptor) + encryptor->Encrypt (data, encrypted, ctx); + } + LocalLeaseSet::LocalLeaseSet (std::shared_ptr identity, const uint8_t * encryptionPublicKey, std::vector > tunnels): m_ExpirationTime (0), m_Identity (identity) { diff --git a/libi2pd/LeaseSet.h b/libi2pd/LeaseSet.h index 68b993f3..ec9744eb 100644 --- a/libi2pd/LeaseSet.h +++ b/libi2pd/LeaseSet.h @@ -76,7 +76,8 @@ namespace data // implements RoutingDestination std::shared_ptr GetIdentity () const { return m_Identity; }; - const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionKey; }; + const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionKey; }; // deprecated + void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); bool IsDestination () const { return true; }; private: diff --git a/libi2pd/RouterInfo.cpp b/libi2pd/RouterInfo.cpp index 3719e68a..c73b8afa 100644 --- a/libi2pd/RouterInfo.cpp +++ b/libi2pd/RouterInfo.cpp @@ -828,5 +828,11 @@ namespace data m_Profile = GetRouterProfile (GetIdentHash ()); return m_Profile; } + + void RouterInfo::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) + { + // TODO: we always assume ElGamal for RouterInfo, might change later + i2p::crypto::ElGamalEncrypt (m_RouterIdentity->GetEncryptionPublicKey (), data, encrypted, ctx); + } } } diff --git a/libi2pd/RouterInfo.h b/libi2pd/RouterInfo.h index 544639f7..2f4800e6 100644 --- a/libi2pd/RouterInfo.h +++ b/libi2pd/RouterInfo.h @@ -181,12 +181,14 @@ namespace data void DeleteBuffer () { delete[] m_Buffer; m_Buffer = nullptr; }; bool IsNewer (const uint8_t * buf, size_t len) const; - /** return true if we are in a router family and the signature is valid */ - bool IsFamily(const std::string & fam) const; + /** return true if we are in a router family and the signature is valid */ + bool IsFamily(const std::string & fam) const; // implements RoutingDestination std::shared_ptr GetIdentity () const { return m_RouterIdentity; }; - const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity->GetStandardIdentity ().publicKey; }; + const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity->GetStandardIdentity ().publicKey; }; // deprecated + void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); + bool IsDestination () const { return false; }; private: From 53d71d29ffc5488203ab24fa3b21478148d6896d Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 7 Nov 2017 20:30:05 -0500 Subject: [PATCH 08/24] call RoutingDestination::Encrypt instead ElGamalEncrypt --- libi2pd/Garlic.cpp | 2 +- libi2pd/Identity.h | 3 +-- libi2pd/LeaseSet.cpp | 2 +- libi2pd/LeaseSet.h | 3 +-- libi2pd/RouterInfo.cpp | 7 ++++--- libi2pd/RouterInfo.h | 3 +-- 6 files changed, 9 insertions(+), 11 deletions(-) diff --git a/libi2pd/Garlic.cpp b/libi2pd/Garlic.cpp index 295fdd8a..57b621b5 100644 --- a/libi2pd/Garlic.cpp +++ b/libi2pd/Garlic.cpp @@ -189,7 +189,7 @@ namespace garlic uint8_t iv[32]; // IV is first 16 bytes SHA256(elGamal.preIV, 32, iv); BN_CTX * ctx = BN_CTX_new (); - i2p::crypto::ElGamalEncrypt (m_Destination->GetEncryptionPublicKey (), (uint8_t *)&elGamal, buf, ctx, true); + m_Destination->Encrypt ((uint8_t *)&elGamal, buf, ctx); BN_CTX_free (ctx); m_Encryption.SetIV (iv); buf += 514; diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index d321e726..1e141583 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -191,8 +191,7 @@ namespace data virtual ~RoutingDestination () {}; virtual std::shared_ptr GetIdentity () const = 0; - virtual const uint8_t * GetEncryptionPublicKey () const = 0; // deprecated - virtual void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) = 0; // encrypt data for + virtual void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const = 0; // encrypt data for virtual bool IsDestination () const = 0; // for garlic const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); }; diff --git a/libi2pd/LeaseSet.cpp b/libi2pd/LeaseSet.cpp index 3faf085a..d2709a97 100644 --- a/libi2pd/LeaseSet.cpp +++ b/libi2pd/LeaseSet.cpp @@ -208,7 +208,7 @@ namespace data return ts > m_ExpirationTime; } - void LeaseSet::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) + void LeaseSet::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const { auto encryptor = m_Identity->CreateEncryptor (m_EncryptionKey); if (encryptor) diff --git a/libi2pd/LeaseSet.h b/libi2pd/LeaseSet.h index ec9744eb..5a4202ee 100644 --- a/libi2pd/LeaseSet.h +++ b/libi2pd/LeaseSet.h @@ -76,8 +76,7 @@ namespace data // implements RoutingDestination std::shared_ptr GetIdentity () const { return m_Identity; }; - const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionKey; }; // deprecated - void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); + void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const; bool IsDestination () const { return true; }; private: diff --git a/libi2pd/RouterInfo.cpp b/libi2pd/RouterInfo.cpp index c73b8afa..f0ad1b88 100644 --- a/libi2pd/RouterInfo.cpp +++ b/libi2pd/RouterInfo.cpp @@ -829,10 +829,11 @@ namespace data return m_Profile; } - void RouterInfo::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) + void RouterInfo::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const { - // TODO: we always assume ElGamal for RouterInfo, might change later - i2p::crypto::ElGamalEncrypt (m_RouterIdentity->GetEncryptionPublicKey (), data, encrypted, ctx); + auto encryptor = m_RouterIdentity->CreateEncryptor (nullptr); + if (encryptor) + encryptor->Encrypt (data, encrypted, ctx); } } } diff --git a/libi2pd/RouterInfo.h b/libi2pd/RouterInfo.h index 2f4800e6..97c0f7b2 100644 --- a/libi2pd/RouterInfo.h +++ b/libi2pd/RouterInfo.h @@ -186,8 +186,7 @@ namespace data // implements RoutingDestination std::shared_ptr GetIdentity () const { return m_RouterIdentity; }; - const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity->GetStandardIdentity ().publicKey; }; // deprecated - void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); + void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const; bool IsDestination () const { return false; }; From 60aa459dfc3ff3db3d5681d39277bed6d886c12f Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 8 Nov 2017 11:01:00 -0500 Subject: [PATCH 09/24] 0.9.32 --- libi2pd/version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libi2pd/version.h b/libi2pd/version.h index 0b5f9874..4633ce0b 100644 --- a/libi2pd/version.h +++ b/libi2pd/version.h @@ -21,7 +21,7 @@ #define I2P_VERSION_MAJOR 0 #define I2P_VERSION_MINOR 9 -#define I2P_VERSION_MICRO 31 +#define I2P_VERSION_MICRO 32 #define I2P_VERSION_PATCH 0 #define I2P_VERSION MAKE_VERSION(I2P_VERSION_MAJOR, I2P_VERSION_MINOR, I2P_VERSION_MICRO) From c5f784719db7d28c0e3b94b0ce386ecedb94fc3a Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 8 Nov 2017 13:49:48 -0500 Subject: [PATCH 10/24] implement Decrypt for all local destination --- libi2pd/Destination.cpp | 8 ++++++++ libi2pd/Destination.h | 2 ++ libi2pd/Identity.cpp | 12 +++++++++--- libi2pd/Identity.h | 4 +++- libi2pd/RouterContext.cpp | 7 +++++++ libi2pd/RouterContext.h | 4 +++- libi2pd_client/I2CP.cpp | 9 +++++++++ libi2pd_client/I2CP.h | 4 +++- 8 files changed, 44 insertions(+), 6 deletions(-) diff --git a/libi2pd/Destination.cpp b/libi2pd/Destination.cpp index b6584684..5687c8cc 100644 --- a/libi2pd/Destination.cpp +++ b/libi2pd/Destination.cpp @@ -711,6 +711,7 @@ namespace client else i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (), m_EncryptionPrivateKey, m_EncryptionPublicKey); + m_Decryptor = m_Keys.CreateDecryptor (m_EncryptionPrivateKey); if (isPublic) LogPrint (eLogInfo, "Destination: Local address ", GetIdentHash().ToBase32 (), " created"); } @@ -952,5 +953,12 @@ namespace client if (m_DatagramDestination) m_DatagramDestination->CleanUp (); } + void ClientDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + { + if (m_Decryptor) + m_Decryptor->Decrypt (encrypted, data, ctx); + else + LogPrint (eLogError, "Destinations: decryptor is not set"); + } } } diff --git a/libi2pd/Destination.h b/libi2pd/Destination.h index b4c20fcc..b315f6ca 100644 --- a/libi2pd/Destination.h +++ b/libi2pd/Destination.h @@ -206,6 +206,7 @@ namespace client // implements LocalDestination const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; }; + void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; std::shared_ptr GetIdentity () const { return m_Keys.GetPublic (); }; protected: @@ -228,6 +229,7 @@ namespace client i2p::data::PrivateKeys m_Keys; uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256]; + std::shared_ptr m_Decryptor; std::shared_ptr m_StreamingDestination; // default std::map > m_StreamingDestinationsByPorts; diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index 04e1c576..054a6a06 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -587,7 +587,13 @@ namespace data std::shared_ptr PrivateKeys::CreateDecryptor (const uint8_t * key) const { if (!key) key = m_PrivateKey; // use privateKey - switch (m_Public->GetCryptoKeyType ()) + return CreateDecryptor (m_Public->GetCryptoKeyType (), key); + } + + std::shared_ptr PrivateKeys::CreateDecryptor (CryptoKeyType cryptoType, const uint8_t * key) + { + if (!key) return nullptr; + switch (cryptoType) { case CRYPTO_KEY_TYPE_ELGAMAL: return std::make_shared(key); @@ -596,9 +602,9 @@ namespace data return std::make_shared(key); break; default: - LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)m_Public->GetCryptoKeyType ()); + LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)cryptoType); }; - return nullptr; + return nullptr; } PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type, CryptoKeyType cryptoType) diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index 1e141583..bbc75616 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -150,6 +150,7 @@ namespace data std::shared_ptr CreateDecryptor (const uint8_t * key) const; + static std::shared_ptr CreateDecryptor (CryptoKeyType cryptoType, const uint8_t * key); static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1, CryptoKeyType cryptoType = CRYPTO_KEY_TYPE_ELGAMAL); static void GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub); // priv and pub are 256 bytes long @@ -202,7 +203,8 @@ namespace data public: virtual ~LocalDestination() {}; - virtual const uint8_t * GetEncryptionPrivateKey () const = 0; + virtual const uint8_t * GetEncryptionPrivateKey () const = 0; // deprecated + virtual void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const = 0; virtual std::shared_ptr GetIdentity () const = 0; const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); }; diff --git a/libi2pd/RouterContext.cpp b/libi2pd/RouterContext.cpp index ff19d27f..53d49831 100644 --- a/libi2pd/RouterContext.cpp +++ b/libi2pd/RouterContext.cpp @@ -28,6 +28,7 @@ namespace i2p m_StartupTime = i2p::util::GetSecondsSinceEpoch (); if (!Load ()) CreateNewRouter (); + m_Decryptor = m_Keys.CreateDecryptor (nullptr); UpdateRouterInfo (); } @@ -478,4 +479,10 @@ namespace i2p { return i2p::util::GetSecondsSinceEpoch () - m_StartupTime; } + + void RouterContext::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + { + if (m_Decryptor) + m_Decryptor->Decrypt (encrypted, data, ctx); + } } diff --git a/libi2pd/RouterContext.h b/libi2pd/RouterContext.h index b3146b56..50bd6137 100644 --- a/libi2pd/RouterContext.h +++ b/libi2pd/RouterContext.h @@ -89,7 +89,8 @@ namespace i2p // implements LocalDestination std::shared_ptr GetIdentity () const { return m_Keys.GetPublic (); }; - const uint8_t * GetEncryptionPrivateKey () const { return m_Keys.GetPrivateKey (); }; + const uint8_t * GetEncryptionPrivateKey () const { return m_Keys.GetPrivateKey (); }; // deprecated + void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; const uint8_t * GetEncryptionPublicKey () const { return GetIdentity ()->GetStandardIdentity ().publicKey; }; void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); }; void SetLeaseSetUpdated () {}; @@ -115,6 +116,7 @@ namespace i2p i2p::data::RouterInfo m_RouterInfo; i2p::data::PrivateKeys m_Keys; + std::shared_ptr m_Decryptor; uint64_t m_LastUpdateTime; bool m_AcceptsTunnels, m_IsFloodfill; uint64_t m_StartupTime; // in seconds since epoch diff --git a/libi2pd_client/I2CP.cpp b/libi2pd_client/I2CP.cpp index e9fb4335..dd5dad11 100644 --- a/libi2pd_client/I2CP.cpp +++ b/libi2pd_client/I2CP.cpp @@ -31,6 +31,15 @@ namespace client void I2CPDestination::SetEncryptionPrivateKey (const uint8_t * key) { memcpy (m_EncryptionPrivateKey, key, 256); + m_Decryptor = i2p::data::PrivateKeys::CreateDecryptor (m_Identity->GetCryptoKeyType (), m_EncryptionPrivateKey); + } + + void I2CPDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + { + if (m_Decryptor) + m_Decryptor->Decrypt (encrypted, data, ctx); + else + LogPrint (eLogError, "I2CP: decryptor is not set"); } void I2CPDestination::HandleDataMessage (const uint8_t * buf, size_t len) diff --git a/libi2pd_client/I2CP.h b/libi2pd_client/I2CP.h index b55f43c1..087749fe 100644 --- a/libi2pd_client/I2CP.h +++ b/libi2pd_client/I2CP.h @@ -71,7 +71,8 @@ namespace client void SendMsgTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint32_t nonce); // called from I2CPSession // implements LocalDestination - const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; }; + const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; }; // deprecated + void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; std::shared_ptr GetIdentity () const { return m_Identity; }; protected: @@ -91,6 +92,7 @@ namespace client std::shared_ptr m_Owner; std::shared_ptr m_Identity; uint8_t m_EncryptionPrivateKey[256]; + std::shared_ptr m_Decryptor; uint64_t m_LeaseSetExpirationTime; }; From 9e5d1bf0fce0f229719f0aa8e15bb3277e396c18 Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 8 Nov 2017 15:59:41 -0500 Subject: [PATCH 11/24] cryptotype tunnel configuration parameter added --- libi2pd_client/ClientContext.cpp | 8 +++++--- libi2pd_client/ClientContext.h | 5 ++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/libi2pd_client/ClientContext.cpp b/libi2pd_client/ClientContext.cpp index a15bbb14..f77e140b 100644 --- a/libi2pd_client/ClientContext.cpp +++ b/libi2pd_client/ClientContext.cpp @@ -280,7 +280,8 @@ namespace client } } - bool ClientContext::LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename, i2p::data::SigningKeyType sigType) + bool ClientContext::LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename, + i2p::data::SigningKeyType sigType, i2p::data::CryptoKeyType cryptoType) { bool success = true; std::string fullPath = i2p::fs::DataDirPath (filename); @@ -304,7 +305,7 @@ namespace client else { LogPrint (eLogError, "Clients: can't open file ", fullPath, " Creating new one with signature type ", sigType); - keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType); + keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType, cryptoType); std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out); size_t len = keys.GetFullLen (); uint8_t * buf = new uint8_t[len]; @@ -488,6 +489,7 @@ namespace client std::string address = section.second.get (I2P_CLIENT_TUNNEL_ADDRESS, "127.0.0.1"); int destinationPort = section.second.get (I2P_CLIENT_TUNNEL_DESTINATION_PORT, 0); i2p::data::SigningKeyType sigType = section.second.get (I2P_CLIENT_TUNNEL_SIGNATURE_TYPE, i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256); + i2p::data::CryptoKeyType cryptoType = section.second.get (I2P_CLIENT_TUNNEL_CRYPTO_TYPE, i2p::data::CRYPTO_KEY_TYPE_ELGAMAL); // I2CP std::map options; ReadI2CPOptions (section, options); @@ -496,7 +498,7 @@ namespace client if (keys.length () > 0) { i2p::data::PrivateKeys k; - if(LoadPrivateKeys (k, keys, sigType)) + if(LoadPrivateKeys (k, keys, sigType, cryptoType)) { localDestination = FindLocalDestination (k.GetPublic ()->GetIdentHash ()); if (!localDestination) diff --git a/libi2pd_client/ClientContext.h b/libi2pd_client/ClientContext.h index f22c0817..afb3d4d5 100644 --- a/libi2pd_client/ClientContext.h +++ b/libi2pd_client/ClientContext.h @@ -34,6 +34,7 @@ namespace client const char I2P_CLIENT_TUNNEL_DESTINATION[] = "destination"; const char I2P_CLIENT_TUNNEL_KEYS[] = "keys"; const char I2P_CLIENT_TUNNEL_SIGNATURE_TYPE[] = "signaturetype"; + const char I2P_CLIENT_TUNNEL_CRYPTO_TYPE[] = "cryptotype"; const char I2P_CLIENT_TUNNEL_DESTINATION_PORT[] = "destinationport"; const char I2P_CLIENT_TUNNEL_MATCH_TUNNELS[] = "matchtunnels"; const char I2P_CLIENT_TUNNEL_CONNECT_TIMEOUT[] = "connecttimeout"; @@ -70,7 +71,9 @@ namespace client std::shared_ptr CreateNewMatchedTunnelDestination(const i2p::data::PrivateKeys &keys, const std::string & name, const std::map * params = nullptr); void DeleteLocalDestination (std::shared_ptr destination); std::shared_ptr FindLocalDestination (const i2p::data::IdentHash& destination) const; - bool LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256); + bool LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename, + i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256, + i2p::data::CryptoKeyType cryptoType = i2p::data::CRYPTO_KEY_TYPE_ELGAMAL); AddressBook& GetAddressBook () { return m_AddressBook; }; const SAMBridge * GetSAMBridge () const { return m_SamBridge; }; From 19a03c42a53ba3750452402deb4060d982a3eaa3 Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 8 Nov 2017 20:45:53 -0500 Subject: [PATCH 12/24] use generic Decrypt instead ElGamalDecrypt --- libi2pd/Destination.cpp | 5 +++-- libi2pd/Destination.h | 3 +-- libi2pd/Garlic.cpp | 2 +- libi2pd/I2NPProtocol.cpp | 2 +- libi2pd/Identity.h | 3 +-- libi2pd/RouterContext.cpp | 5 ++--- libi2pd/RouterContext.h | 8 +++----- libi2pd_client/I2CP.cpp | 7 ++++--- libi2pd_client/I2CP.h | 3 +-- 9 files changed, 17 insertions(+), 21 deletions(-) diff --git a/libi2pd/Destination.cpp b/libi2pd/Destination.cpp index 5687c8cc..bf5355e6 100644 --- a/libi2pd/Destination.cpp +++ b/libi2pd/Destination.cpp @@ -953,12 +953,13 @@ namespace client if (m_DatagramDestination) m_DatagramDestination->CleanUp (); } - void ClientDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + bool ClientDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const { if (m_Decryptor) - m_Decryptor->Decrypt (encrypted, data, ctx); + return m_Decryptor->Decrypt (encrypted, data, ctx); else LogPrint (eLogError, "Destinations: decryptor is not set"); + return false; } } } diff --git a/libi2pd/Destination.h b/libi2pd/Destination.h index b315f6ca..3b87d1d0 100644 --- a/libi2pd/Destination.h +++ b/libi2pd/Destination.h @@ -205,8 +205,7 @@ namespace client i2p::datagram::DatagramDestination * CreateDatagramDestination (); // implements LocalDestination - const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; }; - void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; + bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; std::shared_ptr GetIdentity () const { return m_Keys.GetPublic (); }; protected: diff --git a/libi2pd/Garlic.cpp b/libi2pd/Garlic.cpp index 57b621b5..e84312f8 100644 --- a/libi2pd/Garlic.cpp +++ b/libi2pd/Garlic.cpp @@ -454,7 +454,7 @@ namespace garlic { // tag not found. Use ElGamal ElGamalBlock elGamal; - if (length >= 514 && i2p::crypto::ElGamalDecrypt (GetEncryptionPrivateKey (), buf, (uint8_t *)&elGamal, m_Ctx, true)) + if (length >= 514 && Decrypt (buf, (uint8_t *)&elGamal, m_Ctx)) { auto decryption = std::make_shared(elGamal.sessionKey); uint8_t iv[32]; // IV is first 16 bytes diff --git a/libi2pd/I2NPProtocol.cpp b/libi2pd/I2NPProtocol.cpp index 9f7738f3..7fde4893 100644 --- a/libi2pd/I2NPProtocol.cpp +++ b/libi2pd/I2NPProtocol.cpp @@ -327,7 +327,7 @@ namespace i2p { LogPrint (eLogDebug, "I2NP: Build request record ", i, " is ours"); BN_CTX * ctx = BN_CTX_new (); - i2p::crypto::ElGamalDecrypt (i2p::context.GetEncryptionPrivateKey (), record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText, ctx); + i2p::crypto::ElGamalDecrypt (i2p::context.GetPrivateKeys ().GetPrivateKey () , record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText, ctx); BN_CTX_free (ctx); // replace record to reply if (i2p::context.AcceptsTunnels () && diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index bbc75616..a95997e8 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -203,8 +203,7 @@ namespace data public: virtual ~LocalDestination() {}; - virtual const uint8_t * GetEncryptionPrivateKey () const = 0; // deprecated - virtual void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const = 0; + virtual bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const = 0; virtual std::shared_ptr GetIdentity () const = 0; const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); }; diff --git a/libi2pd/RouterContext.cpp b/libi2pd/RouterContext.cpp index 53d49831..a49f1718 100644 --- a/libi2pd/RouterContext.cpp +++ b/libi2pd/RouterContext.cpp @@ -480,9 +480,8 @@ namespace i2p return i2p::util::GetSecondsSinceEpoch () - m_StartupTime; } - void RouterContext::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + bool RouterContext::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const { - if (m_Decryptor) - m_Decryptor->Decrypt (encrypted, data, ctx); + return m_Decryptor ? m_Decryptor->Decrypt (encrypted, data, ctx) : false; } } diff --git a/libi2pd/RouterContext.h b/libi2pd/RouterContext.h index 50bd6137..f587e0a5 100644 --- a/libi2pd/RouterContext.h +++ b/libi2pd/RouterContext.h @@ -48,8 +48,8 @@ namespace i2p { return std::shared_ptr (this, [](i2p::garlic::GarlicDestination *) {}); - } - + } + uint32_t GetUptime () const; uint32_t GetStartupTime () const { return m_StartupTime; }; uint64_t GetLastUpdateTime () const { return m_LastUpdateTime; }; @@ -89,9 +89,7 @@ namespace i2p // implements LocalDestination std::shared_ptr GetIdentity () const { return m_Keys.GetPublic (); }; - const uint8_t * GetEncryptionPrivateKey () const { return m_Keys.GetPrivateKey (); }; // deprecated - void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; - const uint8_t * GetEncryptionPublicKey () const { return GetIdentity ()->GetStandardIdentity ().publicKey; }; + bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); }; void SetLeaseSetUpdated () {}; diff --git a/libi2pd_client/I2CP.cpp b/libi2pd_client/I2CP.cpp index dd5dad11..f98b1af3 100644 --- a/libi2pd_client/I2CP.cpp +++ b/libi2pd_client/I2CP.cpp @@ -34,12 +34,13 @@ namespace client m_Decryptor = i2p::data::PrivateKeys::CreateDecryptor (m_Identity->GetCryptoKeyType (), m_EncryptionPrivateKey); } - void I2CPDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const + bool I2CPDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const { if (m_Decryptor) - m_Decryptor->Decrypt (encrypted, data, ctx); + return m_Decryptor->Decrypt (encrypted, data, ctx); else - LogPrint (eLogError, "I2CP: decryptor is not set"); + LogPrint (eLogError, "I2CP: decryptor is not set"); + return false; } void I2CPDestination::HandleDataMessage (const uint8_t * buf, size_t len) diff --git a/libi2pd_client/I2CP.h b/libi2pd_client/I2CP.h index 087749fe..8c4f8ff0 100644 --- a/libi2pd_client/I2CP.h +++ b/libi2pd_client/I2CP.h @@ -71,8 +71,7 @@ namespace client void SendMsgTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint32_t nonce); // called from I2CPSession // implements LocalDestination - const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; }; // deprecated - void Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; + bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const; std::shared_ptr GetIdentity () const { return m_Identity; }; protected: From 1e75de9bb80d19f48d2cb6b2f0b4a609f6d233ed Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 8 Nov 2017 21:06:58 -0500 Subject: [PATCH 13/24] 514 bytes ECIES block --- libi2pd/Crypto.cpp | 18 ++++++++++-------- libi2pd/Crypto.h | 2 +- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/libi2pd/Crypto.cpp b/libi2pd/Crypto.cpp index 13c86188..ddd42f0d 100644 --- a/libi2pd/Crypto.cpp +++ b/libi2pd/Crypto.cpp @@ -385,10 +385,11 @@ namespace crypto auto p = EC_POINT_new (curve); EC_POINT_mul (curve, p, k, nullptr, nullptr, ctx); BIGNUM * x = BN_CTX_get (ctx), * y = BN_CTX_get (ctx); - EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, nullptr); - bn2buf (x, encrypted, len); - bn2buf (y, encrypted + len, len); - RAND_bytes (encrypted + 2*len, 256 - 2*len); + EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, nullptr); + encrypted[0] = 0; + bn2buf (x, encrypted + 1, len); + bn2buf (y, encrypted + 1 + len, len); + RAND_bytes (encrypted + 1 + 2*len, 256 - 2*len); // ecryption key and iv EC_POINT_mul (curve, p, nullptr, key, k, ctx); EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, nullptr); @@ -402,10 +403,11 @@ namespace crypto memcpy (m+33, data, 222); SHA256 (m+33, 222, m+1); // encrypt + encrypted[257] = 0; CBCEncryption encryption; encryption.SetKey (shared); encryption.SetIV (iv); - encryption.Encrypt (m, 256, encrypted + 256); + encryption.Encrypt (m, 256, encrypted + 258); EC_POINT_free (p); BN_CTX_end (ctx); } @@ -419,8 +421,8 @@ namespace crypto int len = BN_num_bytes (q); // point for shared secret BIGNUM * x = BN_CTX_get (ctx), * y = BN_CTX_get (ctx); - BN_bin2bn (encrypted, len, x); - BN_bin2bn (encrypted + len, len, y); + BN_bin2bn (encrypted + 1, len, x); + BN_bin2bn (encrypted + 1 + len, len, y); auto p = EC_POINT_new (curve); if (EC_POINT_set_affine_coordinates_GFp (curve, p, x, y, nullptr)) { @@ -437,7 +439,7 @@ namespace crypto CBCDecryption decryption; decryption.SetKey (shared); decryption.SetIV (iv); - decryption.Decrypt (encrypted + 256, 256, m); + decryption.Decrypt (encrypted + 258, 256, m); // verify and copy uint8_t hash[32]; SHA256 (m + 33, 222, hash); diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h index 68378b4e..2b1bf6a0 100644 --- a/libi2pd/Crypto.h +++ b/libi2pd/Crypto.h @@ -53,7 +53,7 @@ namespace crypto void GenerateElGamalKeyPair (uint8_t * priv, uint8_t * pub); // ECIES - void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); // 222 bytes data, 512 bytes encrypted + void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); // 222 bytes data, 514 bytes encrypted bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); void GenerateECIESKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub); From ab1cd3f5cf2ba0888cf18d8474e58cd33156e931 Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 9 Nov 2017 15:01:07 -0500 Subject: [PATCH 14/24] ECIES for GOST R 34.10 --- libi2pd/CryptoKey.cpp | 62 ++++++++++++++++++++++++++++++++++++++++++- libi2pd/CryptoKey.h | 36 ++++++++++++++++++++++++- libi2pd/Identity.cpp | 9 +++++++ libi2pd/Identity.h | 1 + 4 files changed, 106 insertions(+), 2 deletions(-) diff --git a/libi2pd/CryptoKey.cpp b/libi2pd/CryptoKey.cpp index a0858b91..ffe1591a 100644 --- a/libi2pd/CryptoKey.cpp +++ b/libi2pd/CryptoKey.cpp @@ -1,5 +1,6 @@ #include #include "Log.h" +#include "Gost.h" #include "CryptoKey.h" namespace i2p @@ -65,7 +66,7 @@ namespace crypto { if (m_Curve && m_PrivateKey) return ECIESDecrypt (m_Curve, m_PrivateKey, encrypted, data, ctx); - return false;; + return false; } void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub) @@ -86,6 +87,65 @@ namespace crypto BN_free (x); BN_free (y); EC_GROUP_free (curve); } + + ECIESGOSTR3410Encryptor::ECIESGOSTR3410Encryptor (const uint8_t * pub) + { + auto& curve = GetGOSTR3410Curve (eGOSTR3410CryptoProA); + m_PublicKey = EC_POINT_new (curve->GetGroup ()); + BIGNUM * x = BN_bin2bn (pub, 32, nullptr); + BIGNUM * y = BN_bin2bn (pub + 32, 32, nullptr); + if (!EC_POINT_set_affine_coordinates_GFp (curve->GetGroup (), m_PublicKey, x, y, nullptr)) + LogPrint (eLogError, "ECICS GOST R 34.10 invalid public key"); + BN_free (x); BN_free (y); + } + + ECIESGOSTR3410Encryptor::~ECIESGOSTR3410Encryptor () + { + if (m_PublicKey) EC_POINT_free (m_PublicKey); + } + + void ECIESGOSTR3410Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) + { + if (m_PublicKey) + ECIESEncrypt (GetGOSTR3410Curve (eGOSTR3410CryptoProA)->GetGroup (), m_PublicKey, data, encrypted, ctx); + } + + ECIESGOSTR3410Decryptor::ECIESGOSTR3410Decryptor (const uint8_t * priv) + { + m_PrivateKey = BN_bin2bn (priv, 32, nullptr); + } + + ECIESGOSTR3410Decryptor::~ECIESGOSTR3410Decryptor () + { + if (m_PrivateKey) BN_free (m_PrivateKey); + } + + bool ECIESGOSTR3410Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) + { + if (m_PrivateKey) + return ECIESDecrypt (GetGOSTR3410Curve (eGOSTR3410CryptoProA)->GetGroup (), m_PrivateKey, encrypted, data, ctx); + return false; + } + + + void CreateECIESGOSTR3410RandomKeys (uint8_t * priv, uint8_t * pub) + { + auto& curve = GetGOSTR3410Curve (eGOSTR3410CryptoProA); + EC_POINT * p = nullptr; + BIGNUM * key = nullptr; + GenerateECIESKeyPair (curve->GetGroup (), key, p); + bn2buf (key, priv, 32); + RAND_bytes (priv + 32, 224); + BN_free (key); + BIGNUM * x = BN_new (), * y = BN_new (); + EC_POINT_get_affine_coordinates_GFp (curve->GetGroup (), p, x, y, NULL); + bn2buf (x, pub, 32); + bn2buf (y, pub + 32, 32); + RAND_bytes (priv + 64, 192); + EC_POINT_free (p); + BN_free (x); BN_free (y); + } + } } diff --git a/libi2pd/CryptoKey.h b/libi2pd/CryptoKey.h index f08a15b2..a2cfdd87 100644 --- a/libi2pd/CryptoKey.h +++ b/libi2pd/CryptoKey.h @@ -24,6 +24,7 @@ namespace crypto virtual bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) = 0; // 512 bytes encrypted, 222 bytes data }; +// ElGamal class ElGamalEncryptor: public CryptoKeyEncryptor // for destination { public: @@ -48,6 +49,8 @@ namespace crypto uint8_t m_PrivateKey[256]; }; +// ECIES P256 + class ECIESP256Encryptor: public CryptoKeyEncryptor { public: @@ -77,7 +80,38 @@ namespace crypto BIGNUM * m_PrivateKey; }; - void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub); + void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub); + +// ECIES GOST R 34.10 + + class ECIESGOSTR3410Encryptor: public CryptoKeyEncryptor + { + public: + + ECIESGOSTR3410Encryptor (const uint8_t * pub); + ~ECIESGOSTR3410Encryptor (); + void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); + + private: + + EC_POINT * m_PublicKey; + }; + + + class ECIESGOSTR3410Decryptor: public CryptoKeyDecryptor + { + public: + + ECIESGOSTR3410Decryptor (const uint8_t * priv); + ~ECIESGOSTR3410Decryptor (); + bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); + + private: + + BIGNUM * m_PrivateKey; + }; + + void CreateECIESGOSTR3410RandomKeys (uint8_t * priv, uint8_t * pub); } } diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index 054a6a06..42eae215 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -453,6 +453,9 @@ namespace data case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: return std::make_shared(key); break; + case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: + return std::make_shared(key); + break; default: LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)GetCryptoKeyType ()); }; @@ -601,6 +604,9 @@ namespace data case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: return std::make_shared(key); break; + case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: + return std::make_shared(key); + break; default: LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)cryptoType); }; @@ -669,6 +675,9 @@ namespace data case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: i2p::crypto::CreateECIESP256RandomKeys (priv, pub); break; + case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC: + i2p::crypto::CreateECIESGOSTR3410RandomKeys (priv, pub); + break; default: LogPrint (eLogError, "Identity: Crypto key type ", (int)type, " is not supported"); } diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index a95997e8..b0c6f48a 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -54,6 +54,7 @@ namespace data const uint16_t CRYPTO_KEY_TYPE_ELGAMAL = 0; const uint16_t CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC = 65280; // TODO: change to actual code + const uint16_t CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC = 65281; // TODO: use GOST R 34.11 instead SHA256 and GOST 28147-89 instead AES const uint16_t SIGNING_KEY_TYPE_DSA_SHA1 = 0; const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA256_P256 = 1; From a4ce224cd1dbb76cfa3ac4c9f6e19df933b909bb Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 9 Nov 2017 15:49:27 -0500 Subject: [PATCH 15/24] pass correct crypto type to identity --- libi2pd/Identity.cpp | 2 +- libi2pd_client/ClientContext.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index 42eae215..6d207dd5 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -657,7 +657,7 @@ namespace data uint8_t publicKey[256]; GenerateCryptoKeyPair (cryptoType, keys.m_PrivateKey, publicKey); // identity - keys.m_Public = std::make_shared (publicKey, signingPublicKey, type); + keys.m_Public = std::make_shared (publicKey, signingPublicKey, type, cryptoType); keys.CreateSigner (); return keys; diff --git a/libi2pd_client/ClientContext.cpp b/libi2pd_client/ClientContext.cpp index f77e140b..8d29321e 100644 --- a/libi2pd_client/ClientContext.cpp +++ b/libi2pd_client/ClientContext.cpp @@ -304,7 +304,7 @@ namespace client } else { - LogPrint (eLogError, "Clients: can't open file ", fullPath, " Creating new one with signature type ", sigType); + LogPrint (eLogError, "Clients: can't open file ", fullPath, " Creating new one with signature type ", sigType, " crypto type ", cryptoType); keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType, cryptoType); std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out); size_t len = keys.GetFullLen (); From d14c6e2829679af51ec1021cefacbda8919d1444 Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 9 Nov 2017 16:18:59 -0500 Subject: [PATCH 16/24] cryptotype for server tunnels --- libi2pd_client/ClientContext.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libi2pd_client/ClientContext.cpp b/libi2pd_client/ClientContext.cpp index 8d29321e..b7363b00 100644 --- a/libi2pd_client/ClientContext.cpp +++ b/libi2pd_client/ClientContext.cpp @@ -597,6 +597,7 @@ namespace client std::string webircpass = section.second.get (I2P_SERVER_TUNNEL_WEBIRC_PASSWORD, ""); bool gzip = section.second.get (I2P_SERVER_TUNNEL_GZIP, true); i2p::data::SigningKeyType sigType = section.second.get (I2P_SERVER_TUNNEL_SIGNATURE_TYPE, i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256); + i2p::data::CryptoKeyType cryptoType = section.second.get (I2P_CLIENT_TUNNEL_CRYPTO_TYPE, i2p::data::CRYPTO_KEY_TYPE_ELGAMAL); uint32_t maxConns = section.second.get(i2p::stream::I2CP_PARAM_STREAMING_MAX_CONNS_PER_MIN, i2p::stream::DEFAULT_MAX_CONNS_PER_MIN); std::string address = section.second.get (I2P_SERVER_TUNNEL_ADDRESS, "127.0.0.1"); bool isUniqueLocal = section.second.get(I2P_SERVER_TUNNEL_ENABLE_UNIQUE_LOCAL, true); @@ -607,7 +608,7 @@ namespace client std::shared_ptr localDestination = nullptr; i2p::data::PrivateKeys k; - if(!LoadPrivateKeys (k, keys, sigType)) + if(!LoadPrivateKeys (k, keys, sigType, cryptoType)) continue; localDestination = FindLocalDestination (k.GetPublic ()->GetIdentHash ()); if (!localDestination) From 2bc33f22dfc9c47a58f933c5926c7d6e7a9b4711 Mon Sep 17 00:00:00 2001 From: orignal Date: Fri, 10 Nov 2017 09:49:50 -0500 Subject: [PATCH 17/24] fixed #994. check if keys are set --- libi2pd_client/BOB.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libi2pd_client/BOB.cpp b/libi2pd_client/BOB.cpp index 72cbcd16..243ac62d 100644 --- a/libi2pd_client/BOB.cpp +++ b/libi2pd_client/BOB.cpp @@ -448,7 +448,10 @@ namespace client void BOBCommandSession::GetdestCommandHandler (const char * operand, size_t len) { LogPrint (eLogDebug, "BOB: getdest"); - SendReplyOK (m_Keys.GetPublic ()->ToBase64 ().c_str ()); + if (m_Keys.GetPublic ()) // keys are set ? + SendReplyOK (m_Keys.GetPublic ()->ToBase64 ().c_str ()); + else + SendReplyError ("keys are not set"); } void BOBCommandSession::OuthostCommandHandler (const char * operand, size_t len) From dca4cf2edba7c52a3d72cbddb017016ca6227fbc Mon Sep 17 00:00:00 2001 From: orignal Date: Fri, 10 Nov 2017 11:27:20 -0500 Subject: [PATCH 18/24] fixed #993. bind inbound tunnel to inhost --- libi2pd_client/BOB.cpp | 23 +++++++++++++++++------ libi2pd_client/BOB.h | 4 ++-- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/libi2pd_client/BOB.cpp b/libi2pd_client/BOB.cpp index 243ac62d..4539eac8 100644 --- a/libi2pd_client/BOB.cpp +++ b/libi2pd_client/BOB.cpp @@ -8,9 +8,8 @@ namespace i2p { namespace client { - BOBI2PInboundTunnel::BOBI2PInboundTunnel (int port, std::shared_ptr localDestination): - BOBI2PTunnel (localDestination), - m_Acceptor (localDestination->GetService (), boost::asio::ip::tcp::endpoint (boost::asio::ip::tcp::v4(), port)) + BOBI2PInboundTunnel::BOBI2PInboundTunnel (const boost::asio::ip::tcp::endpoint& ep, std::shared_ptr localDestination): + BOBI2PTunnel (localDestination), m_Acceptor (localDestination->GetService (), ep) { } @@ -189,10 +188,22 @@ namespace client } } - void BOBDestination::CreateInboundTunnel (int port) + void BOBDestination::CreateInboundTunnel (int port, const std::string& address) { if (!m_InboundTunnel) - m_InboundTunnel = new BOBI2PInboundTunnel (port, m_LocalDestination); + { + boost::asio::ip::tcp::endpoint ep(boost::asio::ip::tcp::v4(), port); + if (!address.empty ()) + { + boost::system::error_code ec; + auto addr = boost::asio::ip::address::from_string (address, ec); + if (!ec) + ep.address (addr); + else + LogPrint (eLogError, "BOB: ", ec.message ()); + } + m_InboundTunnel = new BOBI2PInboundTunnel (ep, m_LocalDestination); + } } void BOBDestination::CreateOutboundTunnel (const std::string& address, int port, bool quiet) @@ -365,7 +376,7 @@ namespace client m_Owner.AddDestination (m_Nickname, m_CurrentDestination); } if (m_InPort) - m_CurrentDestination->CreateInboundTunnel (m_InPort); + m_CurrentDestination->CreateInboundTunnel (m_InPort, m_Address); if (m_OutPort && !m_Address.empty ()) m_CurrentDestination->CreateOutboundTunnel (m_Address, m_OutPort, m_IsQuiet); m_CurrentDestination->Start (); diff --git a/libi2pd_client/BOB.h b/libi2pd_client/BOB.h index 104073bd..bd29dafd 100644 --- a/libi2pd_client/BOB.h +++ b/libi2pd_client/BOB.h @@ -68,7 +68,7 @@ namespace client public: - BOBI2PInboundTunnel (int port, std::shared_ptr localDestination); + BOBI2PInboundTunnel (const boost::asio::ip::tcp::endpoint& ep, std::shared_ptr localDestination); ~BOBI2PInboundTunnel (); void Start (); @@ -125,7 +125,7 @@ namespace client void Start (); void Stop (); void StopTunnels (); - void CreateInboundTunnel (int port); + void CreateInboundTunnel (int port, const std::string& address); void CreateOutboundTunnel (const std::string& address, int port, bool quiet); const i2p::data::PrivateKeys& GetKeys () const { return m_LocalDestination->GetPrivateKeys (); }; std::shared_ptr GetLocalDestination () const { return m_LocalDestination; }; From 7fb8ee60b485f6f58ed00c2cc02d74e397926162 Mon Sep 17 00:00:00 2001 From: orignal Date: Sat, 11 Nov 2017 22:10:54 -0500 Subject: [PATCH 19/24] correct random padding for ICIES public key --- libi2pd/CryptoKey.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libi2pd/CryptoKey.cpp b/libi2pd/CryptoKey.cpp index ffe1591a..f6b3dc7c 100644 --- a/libi2pd/CryptoKey.cpp +++ b/libi2pd/CryptoKey.cpp @@ -82,7 +82,7 @@ namespace crypto EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, NULL); bn2buf (x, pub, 32); bn2buf (y, pub + 32, 32); - RAND_bytes (priv + 64, 192); + RAND_bytes (pub + 64, 192); EC_POINT_free (p); BN_free (x); BN_free (y); EC_GROUP_free (curve); From 80a3bd6a3b75b6ec7055d91c06f0b4e67514e96a Mon Sep 17 00:00:00 2001 From: orignal Date: Sun, 12 Nov 2017 17:31:00 -0500 Subject: [PATCH 20/24] correct new key pair --- libi2pd/CryptoKey.cpp | 2 +- libi2pd/Destination.cpp | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/libi2pd/CryptoKey.cpp b/libi2pd/CryptoKey.cpp index f6b3dc7c..b1adf2f0 100644 --- a/libi2pd/CryptoKey.cpp +++ b/libi2pd/CryptoKey.cpp @@ -141,7 +141,7 @@ namespace crypto EC_POINT_get_affine_coordinates_GFp (curve->GetGroup (), p, x, y, NULL); bn2buf (x, pub, 32); bn2buf (y, pub + 32, 32); - RAND_bytes (priv + 64, 192); + RAND_bytes (pub + 64, 192); EC_POINT_free (p); BN_free (x); BN_free (y); } diff --git a/libi2pd/Destination.cpp b/libi2pd/Destination.cpp index bf5355e6..f57de0c3 100644 --- a/libi2pd/Destination.cpp +++ b/libi2pd/Destination.cpp @@ -929,7 +929,8 @@ namespace client } LogPrint (eLogInfo, "Destination: Creating new temporary keys for address ", ident, ".b32.i2p"); - i2p::crypto::GenerateElGamalKeyPair(m_EncryptionPrivateKey, m_EncryptionPublicKey); + i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (), + m_EncryptionPrivateKey, m_EncryptionPublicKey); std::ofstream f1 (path, std::ofstream::binary | std::ofstream::out); if (f1) { From 7a857e08c183d915c600b42b8f465f3a4c1935d0 Mon Sep 17 00:00:00 2001 From: R4SAS Date: Mon, 13 Nov 2017 03:25:39 +0300 Subject: [PATCH 21/24] update windows build batch --- build/build_mingw.cmd | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/build/build_mingw.cmd b/build/build_mingw.cmd index 6c7407f1..7015954f 100644 --- a/build/build_mingw.cmd +++ b/build/build_mingw.cmd @@ -18,22 +18,27 @@ set MSYS2_PATH_TYPE=inherit set CHERE_INVOKING=enabled_from_arguments set MSYSTEM=MSYS +set "xSH=%WD%bash -lc" + REM detecting number of processors and subtract 1. set /a threads=%NUMBER_OF_PROCESSORS%-1 REM we must work in root of repo cd .. +REM deleting old log files +del /S build_*.log >> nul + echo Receiving latest commit and cleaning up... -"%WD%bash" -lc "git pull && make clean" > build/build_git.log 2>&1 +%xSH% "git pull && make clean" > build/build_git.log 2>&1 echo. REM set to variable current commit hash -FOR /F "usebackq" %%a IN (`%WD%bash -lc 'git describe --tags'`) DO ( +FOR /F "usebackq" %%a IN (`%xSH% 'git describe --tags'`) DO ( set tag=%%a ) -"%WD%bash" -lc "echo To use configs and certificates, move all files and certificates folder from contrib directory here. > README.txt" >> nul +%xSH% "echo To use configs and certificates, move all files and certificates folder from contrib directory here. > README.txt" >> nul REM starting building set MSYSTEM=MINGW32 @@ -55,12 +60,12 @@ exit /b 0 :BUILDING echo Building i2pd %tag% for win%bitness%: echo Build AVX+AESNI... -"%WD%bash" -lc "make USE_UPNP=yes USE_AVX=1 USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx_aesni.log 2>&1 +%xSH% "make USE_UPNP=yes USE_AVX=1 USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx_aesni.log 2>&1 echo Build AVX... -"%WD%bash" -lc "make USE_UPNP=yes USE_AVX=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx.log 2>&1 +%xSH% "make USE_UPNP=yes USE_AVX=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx.log 2>&1 echo Build AESNI... -"%WD%bash" -lc "make USE_UPNP=yes USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_aesni.log 2>&1 +%xSH% "make USE_UPNP=yes USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_aesni.log 2>&1 echo Build without extensions... -"%WD%bash" -lc "make USE_UPNP=yes -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%.log 2>&1 +%xSH% "make USE_UPNP=yes -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%.log 2>&1 :EOF \ No newline at end of file From dde4643e77359661e4a4510ebdf141fb9b873679 Mon Sep 17 00:00:00 2001 From: R4SAS Date: Mon, 13 Nov 2017 03:27:09 +0300 Subject: [PATCH 22/24] fix shutdown from webconsole in windows --- Win32/Win32App.cpp | 7 +++++-- daemon/HTTPServer.cpp | 8 ++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/Win32/Win32App.cpp b/Win32/Win32App.cpp index 4c7eae03..f58b4615 100644 --- a/Win32/Win32App.cpp +++ b/Win32/Win32App.cpp @@ -368,6 +368,9 @@ namespace win32 void StopWin32App () { + HWND hWnd = FindWindow (I2PD_WIN32_CLASSNAME, TEXT("i2pd")); + if (hWnd) + PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_EXIT, 0), 0); UnregisterClass (I2PD_WIN32_CLASSNAME, GetModuleHandle(NULL)); } @@ -375,7 +378,7 @@ namespace win32 { HWND hWnd = FindWindow (I2PD_WIN32_CLASSNAME, TEXT("i2pd")); if (hWnd) - PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_GRACEFUL_SHUTDOWN, 0), 0); + PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_GRACEFUL_SHUTDOWN, 0), 0); return hWnd; } @@ -383,7 +386,7 @@ namespace win32 { HWND hWnd = FindWindow (I2PD_WIN32_CLASSNAME, TEXT("i2pd")); if (hWnd) - PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_STOP_GRACEFUL_SHUTDOWN, 0), 0); + PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_STOP_GRACEFUL_SHUTDOWN, 0), 0); return hWnd; } diff --git a/daemon/HTTPServer.cpp b/daemon/HTTPServer.cpp index d08b6d20..0577ac15 100644 --- a/daemon/HTTPServer.cpp +++ b/daemon/HTTPServer.cpp @@ -908,7 +908,11 @@ namespace http { i2p::win32::StopGracefulShutdown (); #endif } else if (cmd == HTTP_COMMAND_SHUTDOWN_NOW) { +#ifndef WIN32_APP Daemon.running = false; +#else + i2p::win32::StopWin32App (); +#endif } else { res.code = 400; ShowError(s, "Unknown command: " + cmd); @@ -951,8 +955,8 @@ namespace http { if (needAuth && pass == "") { uint8_t random[16]; char alnum[] = "0123456789" - "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz"; + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz"; pass.resize(sizeof(random)); RAND_bytes(random, sizeof(random)); for (size_t i = 0; i < sizeof(random); i++) { From 3dc5542a28350121a728416f3c9a4f6d591f98f4 Mon Sep 17 00:00:00 2001 From: R4SAS Date: Mon, 13 Nov 2017 04:46:19 +0300 Subject: [PATCH 23/24] update mingw makefile --- Makefile.mingw | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile.mingw b/Makefile.mingw index 5b9332e2..b40d0ada 100644 --- a/Makefile.mingw +++ b/Makefile.mingw @@ -4,8 +4,8 @@ WINDRES = windres CXXFLAGS = -Os -D_MT -DWIN32 -D_WINDOWS -DWIN32_LEAN_AND_MEAN NEEDED_CXXFLAGS = -std=c++11 BOOST_SUFFIX = -mt -INCFLAGS = -I/usr/include/ -I/usr/local/include/ -I. -Idaemon -LDFLAGS = -Wl,-rpath,/usr/local/lib -Wl,-Bstatic -static-libgcc -static-libstdc++ -L/usr/local/lib +INCFLAGS = -Idaemon -I. +LDFLAGS = -s -Wl,-rpath,/usr/local/lib -Wl,-Bstatic -static-libgcc -static-libstdc++ # UPNP Support ifeq ($(USE_UPNP),yes) @@ -30,7 +30,7 @@ LDLIBS += \ ifeq ($(USE_WIN32_APP), yes) CXXFLAGS += -DWIN32_APP - LDFLAGS += -mwindows -s + LDFLAGS += -mwindows DAEMON_RC += Win32/Resource.rc DAEMON_OBJS += $(patsubst %.rc,obj/%.o,$(DAEMON_RC)) endif From a4b39a36487ed9bb03f7850f50d8adad2dd48a81 Mon Sep 17 00:00:00 2001 From: Jeff Becker Date: Mon, 13 Nov 2017 07:26:01 -0500 Subject: [PATCH 24/24] disable connection limiting by default --- libi2pd/Streaming.cpp | 6 ++++-- libi2pd/Streaming.h | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/libi2pd/Streaming.cpp b/libi2pd/Streaming.cpp index db5f825e..a1cf536e 100644 --- a/libi2pd/Streaming.cpp +++ b/libi2pd/Streaming.cpp @@ -882,7 +882,8 @@ namespace stream m_PendingIncomingTimer (m_Owner->GetService ()), m_ConnTrackTimer(m_Owner->GetService()), m_ConnsPerMinute(DEFAULT_MAX_CONNS_PER_MIN), - m_LastBanClear(i2p::util::GetMillisecondsSinceEpoch()) + m_LastBanClear(i2p::util::GetMillisecondsSinceEpoch()), + m_EnableDrop(false) { } @@ -946,7 +947,7 @@ namespace stream auto incomingStream = CreateNewIncomingStream (); incomingStream->HandleNextPacket (packet); // SYN auto ident = incomingStream->GetRemoteIdentity(); - if(ident) + if(ident && m_EnableDrop) { auto ih = ident->GetIdentHash(); if(DropNewStream(ih)) @@ -1153,6 +1154,7 @@ namespace stream void StreamingDestination::SetMaxConnsPerMinute(const uint32_t conns) { + m_EnableDrop = conns > 0; m_ConnsPerMinute = conns; LogPrint(eLogDebug, "Streaming: Set max conns per minute per destination to ", conns); } diff --git a/libi2pd/Streaming.h b/libi2pd/Streaming.h index eae959ed..94b356e8 100644 --- a/libi2pd/Streaming.h +++ b/libi2pd/Streaming.h @@ -317,6 +317,7 @@ namespace stream uint64_t m_LastBanClear; i2p::util::MemoryPool m_PacketsPool; + bool m_EnableDrop; public: