public SessionRequestState(SSUSession sess) : base(sess)
{
var keys = I2PPrivateKey.GetNewKeyPair();
PrivateKey = keys.PrivateKey;
X = keys.PublicKey;
}
private void Load(string filename)
{
using (var fs = new FileStream(filename, FileMode.Open, FileAccess.Read))
{
using (var ms = new MemoryStream())
{
byte[] buf = new byte[8192];
int len;
while ((len = fs.Read(buf, 0, buf.Length)) != 0)
{
ms.Write(buf, 0, len);
}
var reader = new BufRefLen(ms.ToArray());
Certificate = new I2PCertificate(reader);
PrivateSigningKey = new I2PSigningPrivateKey(reader, Certificate);
PublicSigningKey = new I2PSigningPublicKey(reader, Certificate);
PrivateKey = new I2PPrivateKey(reader, Certificate);
PublicKey = new I2PPublicKey(reader, Certificate);
MyRouterIdentity = new I2PRouterIdentity(reader);
Published = new I2PDate(reader);
IntroKey = reader.ReadBufLen(32);
}
}
}
public static byte[] Encrypt(BufLen data, I2PPublicKey key, bool zeropad)
{
var result = new byte[zeropad ? EncryptedPaddedLength : EncryptedShortLength];
Encrypt(new BufRefLen(result), data, key, zeropad);
return(result);
}
public static void Encrypt(BufRef dest, BufLen data, I2PPublicKey key, bool zeropad)
{
if (data == null || data.Length > ClearTextLength)
{
throw new InvalidParameterException($"ElGamal data must be {ClearTextLength} bytes or less!");
}
var k = new BigInteger(I2PConstants.ElGamalFullExponentBits, Rnd);
var a = I2PConstants.ElGamalG.ModPow(k, I2PConstants.ElGamalP);
var b1 = key.ToBigInteger().ModPow(k, I2PConstants.ElGamalP);
var start = new BufLen(new byte[EGBlockLength]);
var writer = new BufRefLen(start, 1);
start[0] = 0xFF;
writer.Write(I2PHashSHA256.GetHash(data));
writer.Write(data);
var egblock = new BufLen(start, 0, writer - start);
var egint = egblock.ToBigInteger();
var b = b1.Multiply(egint).Mod(I2PConstants.ElGamalP);
var targetlen = zeropad
? EncryptedPaddedLength / 2
: EncryptedShortLength / 2;
WriteToDest(dest, a, targetlen);
WriteToDest(dest, b, targetlen);
}
public ElGamalTest()
{
Private = new I2PPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
Public = new I2PPublicKey(Private);
Me = new I2PRouterIdentity(Public, new I2PSigningPublicKey(new BigInteger("12"), I2PKeyType.DefaultSigningKeyCert));
}
public SessionCreatedState(SSUSession sess)
: base(sess)
{
var keys = I2PPrivateKey.GetNewKeyPair();
PrivateKey = keys.PrivateKey;
Y = keys.PublicKey;
}
public SessionRequestState(SSUSession sess, bool remoteisfirewalled) : base(sess)
{
RemoteIsFirewalled = remoteisfirewalled;
var keys = I2PPrivateKey.GetNewKeyPair();
PrivateKey = keys.PrivateKey;
X = keys.PublicKey;
}
public SessionCreatedState(SSUSession sess)
: base(sess)
{
var keys = I2PPrivateKey.GetNewKeyPair();
PrivateKey = keys.PrivateKey;
Y = keys.PublicKey;
Session.MACKey = Session.MyRouterContext.IntroKey;
Session.SharedKey = Session.MyRouterContext.IntroKey;
}
public ElGamalCrypto(I2PPublicKey key)
{
var k = new BigInteger(I2PConstants.ElGamalP.BitLength, new SecureRandom());
if (k.CompareTo(BigInteger.Zero) == 0)
{
k = BigInteger.One;
}
a = I2PConstants.ElGamalG.ModPow(k, I2PConstants.ElGamalP);
b1 = key.ToBigInteger().ModPow(k, I2PConstants.ElGamalP);
}
public GarlicTest()
{
Private = new I2PPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
Public = new I2PPublicKey(Private);
Me = new I2PRouterIdentity(Public, new I2PSigningPublicKey(new BigInteger("12"), I2PKeyType.DefaultSigningKeyCert));
DestinationPrivate = new I2PPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
DestinationPublic = new I2PPublicKey(DestinationPrivate);
Destination = new I2PRouterIdentity(DestinationPublic, new I2PSigningPublicKey(new BigInteger("277626"), I2PKeyType.DefaultSigningKeyCert));
PrivateSigning = new I2PSigningPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
PublicSigning = new I2PSigningPublicKey(PrivateSigning);
}
public I2NPMessagesTest()
{
Private = new I2PPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
Public = new I2PPublicKey(Private);
PrivateSigning = new I2PSigningPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
PublicSigning = new I2PSigningPublicKey(PrivateSigning);
var CertificateEd25519 = new I2PCertificate(I2PSigningKey.SigningKeyTypes.EdDSA_SHA512_Ed25519);
PrivateSigningEd25519 = new I2PSigningPrivateKey(CertificateEd25519);
PublicSigningEd25519 = new I2PSigningPublicKey(PrivateSigningEd25519);
Me = new I2PRouterIdentity(Public, new I2PSigningPublicKey(new BigInteger("12"), I2PKeyType.DefaultSigningKeyCert));
}
public GarlicTest()
{
Logging.LogToConsole = true;
Logging.LogLevel = Logging.LogLevels.DebugData;
Private = new I2PPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
Public = new I2PPublicKey(Private);
Me = new I2PRouterIdentity(Public, new I2PSigningPublicKey(new BigInteger("12"), I2PKeyType.DefaultSigningKeyCert));
DestinationPrivate = new I2PPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
DestinationPublic = new I2PPublicKey(DestinationPrivate);
Destination = new I2PRouterIdentity(DestinationPublic, new I2PSigningPublicKey(new BigInteger("277626"), I2PKeyType.DefaultSigningKeyCert));
PrivateSigning = new I2PSigningPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
PublicSigning = new I2PSigningPublicKey(PrivateSigning);
}
private void SendLeaseSetUpdateGarlic(
I2PIdentHash ffdest,
I2PPublicKey pubkey,
I2PLeaseSet ls,
uint token)
{
// If greater than zero, a DeliveryStatusMessage
// is requested with the Message ID set to the value of the Reply Token.
// A floodfill router is also expected to flood the data to the closest floodfill peers
// if the token is greater than zero.
// https://geti2p.net/spec/i2np#databasestore
var outtunnel = TunnelProvider.Inst.GetEstablishedOutboundTunnel(false);
var replytunnel = ls.Leases.Random();
if (outtunnel is null || replytunnel is null)
{
Logging.LogDebug($"SendLeaseSetUpdateGarlic: " +
$"outtunnel: {outtunnel}, replytunnel: {replytunnel?.TunnelGw?.Id32Short}");
return;
}
var ds = new DatabaseStoreMessage(ls);
var delivstatus = new DeliveryStatusMessage(token);
// As explained on the network database page, local LeaseSets are sent to floodfill
// routers in a Database Store Message wrapped in a Garlic Message so it is not
// visible to the tunnel's outbound gateway.
var garlic = new Garlic(
new GarlicClove(
new GarlicCloveDeliveryLocal(ds)),
new GarlicClove(
new GarlicCloveDeliveryTunnel(delivstatus, replytunnel.TunnelGw, replytunnel.TunnelId))
);
var egmsg = Garlic.EGEncryptGarlic(garlic, pubkey, new I2PSessionKey(), null);
outtunnel.Send(
new TunnelMessageRouter(
egmsg,
ffdest));
}
private void NewIdentity(I2PCertificate cert)
{
Published = new I2PDate(DateTime.UtcNow.AddMinutes(-1));
Certificate = cert != null ? cert : new I2PCertificate(I2PSigningKey.SigningKeyTypes.EdDSA_SHA512_Ed25519);
//Certificate = new I2PCertificate( I2PSigningKey.SigningKeyTypes.EdDSA_SHA512_Ed25519 );
//Certificate = new I2PCertificate( I2PSigningKey.SigningKeyTypes.ECDSA_SHA256_P256 );
//Certificate = new I2PCertificate( I2PSigningKey.SigningKeyTypes.ECDSA_SHA384_P384 );
//Certificate = new I2PCertificate( I2PSigningKey.SigningKeyTypes.DSA_SHA1 );
PrivateSigningKey = new I2PSigningPrivateKey(Certificate);
PublicSigningKey = new I2PSigningPublicKey(PrivateSigningKey);
var keys = I2PPrivateKey.GetNewKeyPair();
PrivateKey = keys.PrivateKey;
PublicKey = keys.PublicKey;
MyRouterIdentity = new I2PRouterIdentity(PublicKey, PublicSigningKey);
IntroKey.Randomize();
}
public void TestEGCompatibilityDecode()
{
var priv = new I2PPrivateKey(
new BufRefLen(FreenetBase64.Decode(PRIVATE_KEY)),
new I2PCertificate());
var pub = new I2PPublicKey(
new BufRefLen(FreenetBase64.Decode(PUBLIC_KEY)),
new I2PCertificate());
for (int i = 0; i < ENCRYPTED.Length; ++i)
{
var decr = ElGamalCrypto.Decrypt(
new BufLen(FreenetBase64.Decode(ENCRYPTED[i])),
priv,
true);
var clear = new BufLen(Encoding.UTF8.GetBytes(UNENCRYPTED[i]));
Assert.IsTrue(decr == clear);
}
}
public static GarlicMessage EGEncryptGarlic(
Garlic msg,
I2PPublicKey pubkey,
I2PSessionKey sessionkey,
List <I2PSessionTag> newtags)
{
var cipher = new CbcBlockCipher(new AesEngine());
var payload = msg.ToByteArray();
var dest = new BufLen(new byte[65536]);
// Reserve header + 4 bytes for GarlicMessageLength
var writer = new BufRefLen(dest, I2NPMaxHeaderSize + 4);
// ElGamal block
var egbuf = new BufLen(new byte[222]);
var sessionkeybuf = new BufLen(egbuf, 0, 32);
var preivbuf = new BufLen(egbuf, 32, 32);
var egpadding = new BufLen(egbuf, 64, 158);
egpadding.Randomize();
preivbuf.Randomize();
sessionkeybuf.Poke(sessionkey.Key, 0);
var iv = new BufLen(I2PHashSHA256.GetHash(preivbuf), 0, 16);
ElGamalCrypto.Encrypt(writer, egbuf, pubkey, true);
// AES block
var aesstart = new BufLen(writer);
var aesblock = new GarlicAESBlock(writer, newtags, null, new BufRefLen(payload));
cipher.Init(true, sessionkey.Key.ToParametersWithIV(iv));
cipher.ProcessBytes(aesblock.DataBuf);
var length = writer - dest;
dest.PokeFlip32((uint)(length - 4), I2NPMaxHeaderSize);
return(new GarlicMessage(new BufRefLen(dest, I2NPMaxHeaderSize, length)));
}
public EGBuildRequestRecord(BuildRequestRecord src, I2PIdentHash topeer, I2PPublicKey key) :
this(new BufLen(new byte[Length]), src, topeer, key)
{
}
public EGBuildRequestRecord(BufLen dest, BuildRequestRecord src, I2PIdentHash topeer, I2PPublicKey key)
{
Data = dest;
var writer = new BufRefLen(Data);
writer.Write(topeer.Hash16);
var datastart = new BufLen(writer);
var crypto = new ElGamalCrypto(key);
crypto.Encrypt(writer, src.Data, false);
}
public override SSUState HandleMessage(SSUHeader header, BufRefLen reader)
{
var tstime = SSUHost.SSUDateTime(header.TimeStamp);
if (header.MessageType != SSUHeader.MessageTypes.SessionCreated)
{
#if LOG_ALL_TRANSPORT
Logging.LogTransport("SSU SessionRequestState: Received unexpected message " + tstime.ToString() + " : " + header.Flag.ToString());
#endif
return(this);
}
SCMessage = new SessionCreated(reader, Session.RemoteRouter.Certificate);
Session.RelayTag = SCMessage.RelayTag;
Y = new I2PPublicKey((BufRefLen)SCMessage.Y, Session.RemoteRouter.Certificate);
BufUtils.DHI2PToSessionAndMAC(out Session.SharedKey, out Session.MACKey,
Y.ToBigInteger().ModPow(PrivateKey.ToBigInteger(), I2PConstants.ElGamalP));
var ipaddr = new IPAddress(SCMessage.Address.ToByteArray());
ushort port = SCMessage.Port.PeekFlip16(0);
Session.SignOnTimeB = SCMessage.SignOnTime.Peek32(0);
var btime = SSUHost.SSUDateTime(BufUtils.Flip32(Session.SignOnTimeB));
#if LOG_ALL_TRANSPORT
Logging.LogTransport("SSU SessionRequestState " + Session.DebugId + " : Received SessionCreated. " + tstime.ToString() + " : " + btime.ToString());
#endif
Session.Host.ReportedAddress(ipaddr);
if (!I2PSignature.SupportedSignatureType(Session.RemoteRouter.Certificate.SignatureType))
{
throw new SignatureCheckFailureException("SSU SessionRequestState " + Session.DebugId + " : " +
"Received non supported signature type: " +
Session.RemoteRouter.Certificate.SignatureType.ToString());
}
var cipher = new CbcBlockCipher(new AesEngine());
cipher.Init(false, Session.SharedKey.ToParametersWithIV(header.IV));
cipher.ProcessBytes(SCMessage.SignatureEncrBuf);
var baddr = new BufLen(Session.RemoteEP.Address.GetAddressBytes());
var sign = new I2PSignature((BufRefLen)SCMessage.Signature, Session.RemoteRouter.Certificate);
var sok = I2PSignature.DoVerify(
Session.RemoteRouter.SigningPublicKey, sign,
X.Key, Y.Key,
SCMessage.Address, SCMessage.Port,
baddr, BufUtils.Flip16BL((ushort)Session.RemoteEP.Port),
SCMessage.RelayTag, SCMessage.SignOnTime);
#if LOG_ALL_TRANSPORT
Logging.LogTransport("SSU SessionRequestState: Signature check: " + sok.ToString() + ". " + Session.RemoteRouter.Certificate.SignatureType.ToString());
#endif
if (!sok)
{
throw new SignatureCheckFailureException("SSU SessionRequestState " + Session.DebugId + ": Received SessionCreated signature check failed." +
Session.RemoteRouter.Certificate.ToString());
}
var relaytag = SCMessage.RelayTag.PeekFlip32(0);
if (relaytag != 0)
{
Session.Host.IntroductionRelayOffered(
new IntroducerInfo(
Session.RemoteEP.Address,
(ushort)Session.RemoteEP.Port,
Session.IntroKey, relaytag));
}
Logging.LogTransport("SSU SessionRequestState: Session " + Session.DebugId + " created. Moving to SessionConfirmedState.");
Session.ReportConnectionEstablished();
return(new SessionConfirmedState(Session, this));
}
public ElGamalTest()
{
Private = new I2PPrivateKey(I2PKeyType.DefaultAsymetricKeyCert);
Public = new I2PPublicKey(Private);
}
