2023-02-11 20:49:42 +00:00
|
|
|
// This file Copyright © 2007-2023 Mnemosyne LLC.
|
2022-08-08 18:05:39 +00:00
|
|
|
// It may be used under GPLv2 (SPDX: GPL-2.0-only), GPLv3 (SPDX: GPL-3.0-only),
|
2022-07-15 00:54:10 +00:00
|
|
|
// or any future license endorsed by Mnemosyne LLC.
|
|
|
|
// License text can be found in the licenses/ folder.
|
|
|
|
|
|
|
|
// NB: crypto-test-ref.h needs this, so use it instead of #pragma once
|
|
|
|
#ifndef TR_ENCRYPTION_H
|
|
|
|
#define TR_ENCRYPTION_H
|
|
|
|
|
|
|
|
#ifndef __TRANSMISSION__
|
|
|
|
#error only libtransmission should #include this header.
|
|
|
|
#endif
|
|
|
|
|
2023-05-17 18:57:27 +00:00
|
|
|
#include <algorithm> // for std::copy_n()
|
2022-07-26 02:45:54 +00:00
|
|
|
#include <array>
|
2022-07-15 00:54:10 +00:00
|
|
|
#include <cstddef> // size_t, std::byte
|
2023-07-08 15:24:03 +00:00
|
|
|
#include <cstdint> // uint8_t
|
2022-07-15 00:54:10 +00:00
|
|
|
|
2023-07-08 15:24:03 +00:00
|
|
|
#include "libtransmission/tr-macros.h" // tr_sha1_digest_t
|
|
|
|
#include "libtransmission/tr-arc4.h"
|
2022-07-15 00:54:10 +00:00
|
|
|
|
|
|
|
// Spec: https://wiki.vuze.com/w/Message_Stream_Encryption
|
|
|
|
namespace tr_message_stream_encryption
|
|
|
|
{
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Holds state for the Diffie-Hellman key exchange that takes place
|
|
|
|
* during encrypted peer handshakes
|
|
|
|
*/
|
|
|
|
class DH
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
// MSE spec: "Minimum length [for the private key] is 128 bit.
|
|
|
|
// Anything beyond 180 bit is not believed to add any further
|
|
|
|
// security and only increases the necessary calculation time.
|
|
|
|
// You should use a length of 160bits whenever possible[.]
|
|
|
|
static auto constexpr PrivateKeySize = size_t{ 20 };
|
|
|
|
|
|
|
|
// MSE spec: "P, S [the shared secret], Ya and Yb
|
|
|
|
// [the public keys] are 768bits long[.]"
|
|
|
|
static auto constexpr KeySize = size_t{ 96 };
|
|
|
|
|
|
|
|
// big-endian byte arrays holding the keys and shared secret.
|
|
|
|
// MSE spec: "The entire handshake is in big-endian."
|
|
|
|
using private_key_bigend_t = std::array<std::byte, PrivateKeySize>;
|
|
|
|
using key_bigend_t = std::array<std::byte, KeySize>;
|
|
|
|
|
|
|
|
// By default, a private key is randomly generated.
|
|
|
|
// Providing a predefined one is useful for reproducible unit tests.
|
2022-11-22 00:08:06 +00:00
|
|
|
constexpr DH(private_key_bigend_t const& private_key = randomPrivateKey()) noexcept
|
|
|
|
: private_key_{ private_key }
|
|
|
|
{
|
|
|
|
}
|
2022-07-15 00:54:10 +00:00
|
|
|
|
|
|
|
// Returns our own public key to be shared with a peer.
|
|
|
|
[[nodiscard]] key_bigend_t publicKey() noexcept;
|
|
|
|
|
|
|
|
// Compute the shared secret from our private key and the peer's public key.
|
|
|
|
void setPeerPublicKey(key_bigend_t const& peer_public_key);
|
|
|
|
|
|
|
|
// Returns the shared secret.
|
2023-02-13 00:38:18 +00:00
|
|
|
[[nodiscard]] constexpr auto const& secret() const noexcept
|
2022-07-15 00:54:10 +00:00
|
|
|
{
|
|
|
|
return secret_;
|
|
|
|
}
|
|
|
|
|
|
|
|
[[nodiscard]] static private_key_bigend_t randomPrivateKey() noexcept;
|
|
|
|
|
|
|
|
private:
|
2022-12-19 22:49:26 +00:00
|
|
|
private_key_bigend_t private_key_;
|
2022-07-15 00:54:10 +00:00
|
|
|
key_bigend_t public_key_ = {};
|
|
|
|
key_bigend_t secret_ = {};
|
|
|
|
};
|
|
|
|
|
2023-01-07 14:27:54 +00:00
|
|
|
// --- arc4 encryption for both incoming and outgoing stream
|
2022-07-15 00:54:10 +00:00
|
|
|
class Filter
|
|
|
|
{
|
|
|
|
public:
|
2023-05-17 18:57:27 +00:00
|
|
|
void decrypt_init(bool is_incoming, DH const&, tr_sha1_digest_t const& info_hash);
|
2022-08-31 04:17:23 +00:00
|
|
|
|
2022-11-23 19:47:04 +00:00
|
|
|
template<typename T>
|
2023-05-17 18:57:27 +00:00
|
|
|
constexpr void decrypt(T const* buf_in, size_t buf_len, T* buf_out) noexcept
|
2022-08-31 04:17:23 +00:00
|
|
|
{
|
2023-05-17 18:57:27 +00:00
|
|
|
process(buf_in, buf_len, buf_out, dec_active_, dec_key_);
|
2022-08-31 04:17:23 +00:00
|
|
|
}
|
|
|
|
|
2023-05-17 18:57:27 +00:00
|
|
|
void encrypt_init(bool is_incoming, DH const&, tr_sha1_digest_t const& info_hash);
|
2022-08-31 04:17:23 +00:00
|
|
|
|
2022-11-23 19:47:04 +00:00
|
|
|
template<typename T>
|
2023-05-17 18:57:27 +00:00
|
|
|
constexpr void encrypt(T const* buf_in, size_t buf_len, T* buf_out) noexcept
|
2022-08-31 04:17:23 +00:00
|
|
|
{
|
2023-05-17 18:57:27 +00:00
|
|
|
process(buf_in, buf_len, buf_out, enc_active_, enc_key_);
|
2022-08-31 04:17:23 +00:00
|
|
|
}
|
2022-07-15 00:54:10 +00:00
|
|
|
|
2022-11-22 00:08:06 +00:00
|
|
|
[[nodiscard]] constexpr auto is_active() const noexcept
|
|
|
|
{
|
|
|
|
return dec_active_ || enc_active_;
|
|
|
|
}
|
|
|
|
|
2022-07-15 00:54:10 +00:00
|
|
|
private:
|
2023-05-17 18:57:27 +00:00
|
|
|
template<typename T>
|
|
|
|
static constexpr void process(T const* buf_in, size_t buf_len, T* buf_out, bool active, tr_arc4& arc4) noexcept
|
|
|
|
{
|
|
|
|
if (active)
|
|
|
|
{
|
|
|
|
arc4.process(reinterpret_cast<uint8_t const*>(buf_in), buf_len, reinterpret_cast<uint8_t*>(buf_out));
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
std::copy_n(buf_in, buf_len, buf_out);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-22 00:08:06 +00:00
|
|
|
tr_arc4 dec_key_ = {};
|
|
|
|
tr_arc4 enc_key_ = {};
|
|
|
|
bool dec_active_ = false;
|
|
|
|
bool enc_active_ = false;
|
2022-07-15 00:54:10 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace tr_message_stream_encryption
|
|
|
|
|
|
|
|
#endif // TR_ENCRYPTION_H
|