mirror of
https://github.com/go-i2p/i2pkeys.git
synced 2025-06-08 09:16:22 -04:00
8df0f31a4d
-removed "trace" and "info" -moved log to its own file -shifted priv -> _priv (pre newline removal) -added response string in Lookup() -added response string in NewDestination()
449 lines
13 KiB
Go
449 lines
13 KiB
Go
package i2pkeys
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto"
|
|
"crypto/ed25519"
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/base32"
|
|
"encoding/base64"
|
|
"errors"
|
|
"fmt"
|
|
"github.com/sirupsen/logrus"
|
|
"io"
|
|
"net"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
var (
|
|
i2pB64enc *base64.Encoding = base64.NewEncoding("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-~")
|
|
i2pB32enc *base32.Encoding = base32.NewEncoding("abcdefghijklmnopqrstuvwxyz234567")
|
|
)
|
|
|
|
// If you set this to true, Addr will return a base64 String()
|
|
var StringIsBase64 bool
|
|
|
|
// The public and private keys associated with an I2P destination. I2P hides the
|
|
// details of exactly what this is, so treat them as blobs, but generally: One
|
|
// pair of DSA keys, one pair of ElGamal keys, and sometimes (almost never) also
|
|
// a certificate. String() returns you the full content of I2PKeys and Addr()
|
|
// returns the public keys.
|
|
type I2PKeys struct {
|
|
Address I2PAddr // only the public key
|
|
Both string // both public and private keys
|
|
}
|
|
|
|
// Creates I2PKeys from an I2PAddr and a public/private keypair string (as
|
|
// generated by String().)
|
|
func NewKeys(addr I2PAddr, both string) I2PKeys {
|
|
log.WithField("addr", addr).Debug("Creating new I2PKeys")
|
|
return I2PKeys{addr, both}
|
|
}
|
|
|
|
// fileExists checks if a file exists and is not a directory before we
|
|
// try using it to prevent further errors.
|
|
func fileExists(filename string) (bool, error) {
|
|
info, err := os.Stat(filename)
|
|
if os.IsNotExist(err) {
|
|
log.WithField("filename", filename).Debug("File does not exist")
|
|
return false, nil
|
|
} else if err != nil {
|
|
log.WithError(err).WithField("filename", filename).Error("Error checking file existence")
|
|
return false, fmt.Errorf("error checking file existence: %w", err)
|
|
}
|
|
exists := !info.IsDir()
|
|
if exists {
|
|
log.WithField("filename", filename).Debug("File exists")
|
|
} else {
|
|
log.WithField("filename", filename).Debug("File is a directory")
|
|
}
|
|
return !info.IsDir(), nil
|
|
}
|
|
|
|
// load keys from non standard format
|
|
func LoadKeysIncompat(r io.Reader) (k I2PKeys, err error) {
|
|
log.Debug("Loading keys from reader")
|
|
var buff bytes.Buffer
|
|
_, err = io.Copy(&buff, r)
|
|
if err == nil {
|
|
parts := strings.Split(buff.String(), "\n")
|
|
k = I2PKeys{I2PAddr(parts[0]), parts[1]}
|
|
log.WithField("keys", k).Debug("Loaded keys")
|
|
}
|
|
log.WithError(err).Error("Error copying from reader, did not load keys")
|
|
return
|
|
}
|
|
|
|
// load keys from non-standard format by specifying a text file.
|
|
// If the file does not exist, generate keys, otherwise, fail
|
|
// closed.
|
|
func LoadKeys(r string) (I2PKeys, error) {
|
|
log.WithField("filename", r).Debug("Loading keys from file")
|
|
exists, err := fileExists(r)
|
|
if err != nil {
|
|
log.WithError(err).Error("Error checking if file exists")
|
|
return I2PKeys{}, err
|
|
}
|
|
if !exists {
|
|
log.WithError(err).Error("File does not exist")
|
|
return I2PKeys{}, fmt.Errorf("file does not exist: %s", r)
|
|
}
|
|
fi, err := os.Open(r)
|
|
if err != nil {
|
|
log.WithError(err).WithField("filename", r).Error("Error opening file")
|
|
return I2PKeys{}, fmt.Errorf("error opening file: %w", err)
|
|
}
|
|
defer fi.Close()
|
|
log.WithField("filename", r).Debug("File opened successfully")
|
|
return LoadKeysIncompat(fi)
|
|
}
|
|
|
|
// store keys in non standard format
|
|
func StoreKeysIncompat(k I2PKeys, w io.Writer) error {
|
|
log.Debug("Storing keys")
|
|
_, err := io.WriteString(w, k.Address.Base64()+"\n"+k.Both)
|
|
if err != nil {
|
|
log.WithError(err).Error("Error writing keys")
|
|
return fmt.Errorf("error writing keys: %w", err)
|
|
}
|
|
log.WithField("keys", k).Debug("Keys stored successfully")
|
|
return nil
|
|
}
|
|
func StoreKeys(k I2PKeys, r string) error {
|
|
log.WithField("filename", r).Debug("Storing keys to file")
|
|
if _, err := os.Stat(r); err != nil {
|
|
if os.IsNotExist(err) {
|
|
log.WithField("filename", r).Debug("File does not exist, creating new file")
|
|
fi, err := os.Create(r)
|
|
if err != nil {
|
|
log.WithError(err).Error("Error creating file")
|
|
return err
|
|
}
|
|
defer fi.Close()
|
|
return StoreKeysIncompat(k, fi)
|
|
}
|
|
}
|
|
fi, err := os.Open(r)
|
|
if err != nil {
|
|
log.WithError(err).Error("Error opening file")
|
|
return err
|
|
}
|
|
defer fi.Close()
|
|
return StoreKeysIncompat(k, fi)
|
|
}
|
|
|
|
func (k I2PKeys) Network() string {
|
|
return k.Address.Network()
|
|
}
|
|
|
|
// Returns the public keys of the I2PKeys.
|
|
func (k I2PKeys) Addr() I2PAddr {
|
|
return k.Address
|
|
}
|
|
|
|
func (k I2PKeys) Public() crypto.PublicKey {
|
|
return k.Address
|
|
}
|
|
|
|
func (k I2PKeys) Private() []byte {
|
|
log.Debug("Extracting private key")
|
|
src := strings.Split(k.String(), k.Addr().String())[0]
|
|
var dest []byte
|
|
_, err := i2pB64enc.Decode(dest, []byte(src))
|
|
if err != nil {
|
|
log.WithError(err).Error("Error decoding private key")
|
|
panic(err)
|
|
}
|
|
return dest
|
|
}
|
|
|
|
type SecretKey interface {
|
|
Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)
|
|
}
|
|
|
|
func (k I2PKeys) SecretKey() SecretKey {
|
|
var pk ed25519.PrivateKey = k.Private()
|
|
return pk
|
|
}
|
|
|
|
func (k I2PKeys) PrivateKey() crypto.PrivateKey {
|
|
var pk ed25519.PrivateKey = k.Private()
|
|
_, err := pk.Sign(rand.Reader, []byte("nonsense"), crypto.Hash(0))
|
|
if err != nil {
|
|
log.WithError(err).Warn("Error in private key signature")
|
|
//TODO: Elgamal, P256, P384, P512, GOST? keys?
|
|
}
|
|
return pk
|
|
}
|
|
|
|
func (k I2PKeys) Ed25519PrivateKey() *ed25519.PrivateKey {
|
|
return k.SecretKey().(*ed25519.PrivateKey)
|
|
}
|
|
|
|
/*func (k I2PKeys) ElgamalPrivateKey() *ed25519.PrivateKey {
|
|
return k.SecretKey().(*ed25519.PrivateKey)
|
|
}*/
|
|
|
|
//func (k I2PKeys) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
|
|
//return k.SecretKey().(*ed25519.PrivateKey).Decrypt(rand, msg, opts)
|
|
//}
|
|
|
|
func (k I2PKeys) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
|
|
return k.SecretKey().(*ed25519.PrivateKey).Sign(rand, digest, opts)
|
|
}
|
|
|
|
// Returns the keys (both public and private), in I2Ps base64 format. Use this
|
|
// when you create sessions.
|
|
func (k I2PKeys) String() string {
|
|
return k.Both
|
|
}
|
|
|
|
func (k I2PKeys) HostnameEntry(hostname string, opts crypto.SignerOpts) (string, error) {
|
|
sig, err := k.Sign(rand.Reader, []byte(hostname), opts)
|
|
if err != nil {
|
|
log.WithError(err).Error("Error signing hostname")
|
|
return "", fmt.Errorf("error signing hostname: %w", err)
|
|
}
|
|
return string(sig), nil
|
|
}
|
|
|
|
// I2PAddr represents an I2P destination, almost equivalent to an IP address.
|
|
// This is the humongously huge base64 representation of such an address, which
|
|
// really is just a pair of public keys and also maybe a certificate. (I2P hides
|
|
// the details of exactly what it is. Read the I2P specifications for more info.)
|
|
type I2PAddr string
|
|
|
|
// an i2p destination hash, the .b32.i2p address if you will
|
|
type I2PDestHash [32]byte
|
|
|
|
// create a desthash from a string b32.i2p address
|
|
func DestHashFromString(str string) (dhash I2PDestHash, err error) {
|
|
log.WithField("address", str).Debug("Creating desthash from string")
|
|
if strings.HasSuffix(str, ".b32.i2p") && len(str) == 60 {
|
|
// valid
|
|
_, err = i2pB32enc.Decode(dhash[:], []byte(str[:52]+"===="))
|
|
if err != nil {
|
|
log.WithError(err).Error("Error decoding base32 address")
|
|
}
|
|
} else {
|
|
// invalid
|
|
err = errors.New("invalid desthash format")
|
|
log.WithError(err).Error("Invalid desthash format")
|
|
}
|
|
return
|
|
}
|
|
|
|
// create a desthash from a []byte array
|
|
func DestHashFromBytes(str []byte) (dhash I2PDestHash, err error) {
|
|
log.Debug("Creating DestHash from bytes")
|
|
if len(str) == 32 {
|
|
// valid
|
|
//_, err = i2pB32enc.Decode(dhash[:], []byte(str[:52]+"===="))
|
|
log.WithField("str", str).Debug("Copying str to desthash")
|
|
copy(dhash[:], str)
|
|
} else {
|
|
// invalid
|
|
err = errors.New("invalid desthash format")
|
|
log.WithField("str", str).Error("Invalid desthash format")
|
|
}
|
|
return
|
|
}
|
|
|
|
// get string representation of i2p dest hash(base32 version)
|
|
func (h I2PDestHash) String() string {
|
|
b32addr := make([]byte, 56)
|
|
i2pB32enc.Encode(b32addr, h[:])
|
|
return string(b32addr[:52]) + ".b32.i2p"
|
|
}
|
|
|
|
// get base64 representation of i2p dest sha256 hash(the 44-character one)
|
|
func (h I2PDestHash) Hash() string {
|
|
hash := sha256.New()
|
|
hash.Write(h[:])
|
|
digest := hash.Sum(nil)
|
|
buf := make([]byte, 44)
|
|
i2pB64enc.Encode(buf, digest)
|
|
return string(buf)
|
|
}
|
|
|
|
// Returns "I2P"
|
|
func (h I2PDestHash) Network() string {
|
|
return "I2P"
|
|
}
|
|
|
|
// Returns the base64 representation of the I2PAddr
|
|
func (a I2PAddr) Base64() string {
|
|
return string(a)
|
|
}
|
|
|
|
// Returns the I2P destination (base32-encoded)
|
|
func (a I2PAddr) String() string {
|
|
if StringIsBase64 {
|
|
return a.Base64()
|
|
}
|
|
return string(a.Base32())
|
|
}
|
|
|
|
// Returns "I2P"
|
|
func (a I2PAddr) Network() string {
|
|
return "I2P"
|
|
}
|
|
|
|
// Creates a new I2P address from a base64-encoded string. Checks if the address
|
|
// addr is in correct format. (If you know for sure it is, use I2PAddr(addr).)
|
|
func NewI2PAddrFromString(addr string) (I2PAddr, error) {
|
|
log.WithField("addr", addr).Debug("Creating new I2PAddr from string")
|
|
if strings.HasSuffix(addr, ".i2p") {
|
|
if strings.HasSuffix(addr, ".b32.i2p") {
|
|
// do a lookup of the b32
|
|
log.Warn("Cannot convert .b32.i2p to full destination")
|
|
return I2PAddr(""), errors.New("cannot convert .b32.i2p to full destination")
|
|
}
|
|
// strip off .i2p if it's there
|
|
addr = addr[:len(addr)-4]
|
|
}
|
|
addr = strings.Trim(addr, "\t\n\r\f ")
|
|
// very basic check
|
|
if len(addr) > 4096 || len(addr) < 516 {
|
|
log.Error("Invalid I2P address length")
|
|
return I2PAddr(""), errors.New(addr + " is not an I2P address")
|
|
}
|
|
buf := make([]byte, i2pB64enc.DecodedLen(len(addr)))
|
|
if _, err := i2pB64enc.Decode(buf, []byte(addr)); err != nil {
|
|
log.Error("Address is not base64-encoded")
|
|
return I2PAddr(""), errors.New("Address is not base64-encoded")
|
|
}
|
|
log.Debug("Successfully created I2PAddr from string")
|
|
return I2PAddr(addr), nil
|
|
}
|
|
|
|
func FiveHundredAs() I2PAddr {
|
|
log.Debug("Generating I2PAddr with 500 'A's")
|
|
s := ""
|
|
for x := 0; x < 517; x++ {
|
|
s += "A"
|
|
}
|
|
r, _ := NewI2PAddrFromString(s)
|
|
return r
|
|
}
|
|
|
|
// Creates a new I2P address from a byte array. The inverse of ToBytes().
|
|
func NewI2PAddrFromBytes(addr []byte) (I2PAddr, error) {
|
|
log.Debug("Creating I2PAddr from bytes")
|
|
if len(addr) > 4096 || len(addr) < 384 {
|
|
log.Error("Invalid I2P address length")
|
|
return I2PAddr(""), errors.New("Not an I2P address")
|
|
}
|
|
buf := make([]byte, i2pB64enc.EncodedLen(len(addr)))
|
|
i2pB64enc.Encode(buf, addr)
|
|
return I2PAddr(string(buf)), nil
|
|
}
|
|
|
|
// Turns an I2P address to a byte array. The inverse of NewI2PAddrFromBytes().
|
|
func (addr I2PAddr) ToBytes() ([]byte, error) {
|
|
return i2pB64enc.DecodeString(string(addr))
|
|
}
|
|
|
|
func (addr I2PAddr) Bytes() []byte {
|
|
b, _ := addr.ToBytes()
|
|
return b
|
|
}
|
|
|
|
// Returns the *.b32.i2p address of the I2P address. It is supposed to be a
|
|
// somewhat human-manageable 64 character long pseudo-domain name equivalent of
|
|
// the 516+ characters long default base64-address (the I2PAddr format). It is
|
|
// not possible to turn the base32-address back into a usable I2PAddr without
|
|
// performing a Lookup(). Lookup only works if you are using the I2PAddr from
|
|
// which the b32 address was generated.
|
|
func (addr I2PAddr) Base32() (str string) {
|
|
return addr.DestHash().String()
|
|
}
|
|
|
|
func (addr I2PAddr) DestHash() (h I2PDestHash) {
|
|
hash := sha256.New()
|
|
b, _ := addr.ToBytes()
|
|
hash.Write(b)
|
|
digest := hash.Sum(nil)
|
|
copy(h[:], digest)
|
|
return
|
|
}
|
|
|
|
// Makes any string into a *.b32.i2p human-readable I2P address. This makes no
|
|
// sense, unless "anything" is an I2P destination of some sort.
|
|
func Base32(anything string) string {
|
|
return I2PAddr(anything).Base32()
|
|
}
|
|
|
|
/*
|
|
HELLO VERSION MIN=3.1 MAX=3.1
|
|
DEST GENERATE SIGNATURE_TYPE=7
|
|
*/
|
|
func NewDestination() (*I2PKeys, error) {
|
|
removeNewlines := func(s string) string {
|
|
return strings.ReplaceAll(strings.ReplaceAll(s, "\r\n", ""), "\n", "")
|
|
}
|
|
//
|
|
log.Debug("Creating new destination via SAM")
|
|
conn, err := net.Dial("tcp", "127.0.0.1:7656")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer conn.Close()
|
|
_, err = conn.Write([]byte("HELLO VERSION MIN=3.1 MAX=3.1\n"))
|
|
if err != nil {
|
|
log.WithError(err).Error("Error writing to SAM bridge")
|
|
return nil, err
|
|
}
|
|
buf := make([]byte, 4096)
|
|
n, err := conn.Read(buf)
|
|
if err != nil {
|
|
log.WithError(err).Error("Error reading from SAM bridge")
|
|
return nil, err
|
|
}
|
|
if n < 1 {
|
|
log.Error("No data received from SAM bridge")
|
|
return nil, fmt.Errorf("no data received")
|
|
}
|
|
|
|
response := string(buf[:n])
|
|
log.WithField("response", response).Debug("Received response from SAM bridge")
|
|
|
|
if strings.Contains(string(buf[:n]), "RESULT=OK") {
|
|
_, err = conn.Write([]byte("DEST GENERATE SIGNATURE_TYPE=7\n"))
|
|
if err != nil {
|
|
log.WithError(err).Error("Error writing DEST GENERATE to SAM bridge")
|
|
return nil, err
|
|
}
|
|
n, err = conn.Read(buf)
|
|
if err != nil {
|
|
log.WithError(err).Error("Error reading destination from SAM bridge")
|
|
return nil, err
|
|
}
|
|
if n < 1 {
|
|
log.Error("No destination data received from SAM bridge")
|
|
return nil, fmt.Errorf("no destination data received")
|
|
}
|
|
pub := strings.Split(strings.Split(string(buf[:n]), "PRIV=")[0], "PUB=")[1]
|
|
_priv := strings.Split(string(buf[:n]), "PRIV=")[1]
|
|
|
|
priv := removeNewlines(_priv) //There is an extraneous newline in the private key, so we'll remove it.
|
|
|
|
log.WithFields(logrus.Fields{
|
|
"_priv(pre-newline removal)": _priv,
|
|
"priv": priv,
|
|
}).Info("Removed newline")
|
|
|
|
log.Debug("Successfully created new destination")
|
|
|
|
return &I2PKeys{
|
|
Address: I2PAddr(pub),
|
|
Both: pub + priv,
|
|
}, nil
|
|
|
|
}
|
|
log.Error("No RESULT=OK received from SAM bridge")
|
|
return nil, fmt.Errorf("no result received")
|
|
}
|