NOnion: use BouncyCastle types

Use BouncyCastle types for Ed25519PrivateKey.NormalEd25519
and ED25519PublicKey.

Author: webwarrior-ws

NOnion/Crypto/HiddenServicesCipher.fs

@@ -88,7 +88,7 @@ module HiddenServicesCipher =
         Ed25519Clamp blindingFactor
 
         match Ed25519.CalculateBlindedPublicKey(publicKey, blindingFactor) with
-        | true, output -> ED25519PublicKey output
+        | true, output -> ED25519PublicKey.FromBytes output
         | false, _ -> failwith "can't calculate blinded public key"
 
     let CalculateExpandedBlindedPrivateKey

NOnion/Directory/TorDirectory.fs

@@ -654,7 +654,7 @@ type TorDirectory =
                         Array.concat
                             [
                                 "store-at-idx" |> Encoding.ASCII.GetBytes
-                                blindedPublicKey
+                                blindedPublicKey.GetEncoded()
                                 replicaNum
                                 |> uint64
                                 |> IntegerSerialization.FromUInt64ToBigEndianByteArray

NOnion/KeyTypes.fs

@@ -1,16 +1,7 @@
 namespace NOnion
 
+open Org.BouncyCastle.Crypto.Parameters
 
-type NormalEd25519PrivateKey(bytes: array<byte>) =
-    do
-        if bytes.Length <> Constants.Ed25519PrivateKeyLength then
-            failwithf
-                "Invalid private key (length=%d), %d expected"
-                bytes.Length
-                Constants.Ed25519PrivateKeyLength
-
-    member self.ToByteArray() =
-        bytes
 
 type ExpandedEd25519PrivateKey(bytes: array<byte>) =
     do
@@ -23,15 +14,16 @@ type ExpandedEd25519PrivateKey(bytes: array<byte>) =
     member self.ToByteArray() =
         bytes
 
+[<RequireQualifiedAccess>]
 type Ed25519PrivateKey =
-    | NormalEd25519 of NormalEd25519PrivateKey
-    | ExpandedEd25519 of ExpandedEd25519PrivateKey
+    | Normal of Ed25519PrivateKeyParameters
+    | Expanded of ExpandedEd25519PrivateKey
 
     static member FromBytes(bytes: array<byte>) : Ed25519PrivateKey =
         if bytes.Length = Constants.ExpandedEd25519PrivateKeyLength then
-            ExpandedEd25519 <| ExpandedEd25519PrivateKey bytes
+            Expanded <| ExpandedEd25519PrivateKey bytes
         elif bytes.Length = Constants.Ed25519PrivateKeyLength then
-            NormalEd25519 <| NormalEd25519PrivateKey bytes
+            Normal <| Ed25519PrivateKeyParameters(bytes, 0)
         else
             failwithf
                 "Invalid private key (length=%d), private key should either be %d (standard ed25519) or %d bytes (expanded ed25519 key)"
@@ -41,15 +33,18 @@ type Ed25519PrivateKey =
 
     member self.ToByteArray() =
         match self with
-        | NormalEd25519 key -> key.ToByteArray()
-        | ExpandedEd25519 key -> key.ToByteArray()
+        | Normal key -> key.GetEncoded()
+        | Expanded key -> key.ToByteArray()
 
 type ED25519PublicKey =
-    | ED25519PublicKey of array<byte>
+    | ED25519PublicKey of Ed25519PublicKeyParameters
+
+    static member FromBytes(bytes: array<byte>) : ED25519PublicKey =
+        ED25519PublicKey <| Ed25519PublicKeyParameters(bytes, 0)
 
     member self.ToByteArray() =
         match self with
-        | ED25519PublicKey bytes -> bytes
+        | ED25519PublicKey publicKeyParams -> publicKeyParams.GetEncoded()
 
 type NTorOnionKey(bytes: array<byte>) =
     do

NOnion/Services/TorServiceHost.fs

@@ -530,11 +530,10 @@ type TorServiceHost
                                         ((info.AuthKey.Public
                                         :?> Ed25519PublicKeyParameters)
                                             .GetEncoded())
-                                        (descriptorSigningPublicKey.GetEncoded()
+                                        (descriptorSigningPublicKey
                                          |> ED25519PublicKey)
-                                        (descriptorSigningPrivateKey.GetEncoded
-                                            ()
-                                         |> Ed25519PrivateKey.FromBytes)
+                                        (descriptorSigningPrivateKey
+                                         |> Ed25519PrivateKey.Normal)
                                         Constants.HiddenServices.Descriptor.CertificateLifetime
 
                                 let encKeyBytes =
@@ -559,11 +558,10 @@ type TorServiceHost
                                     Certificate.CreateNew
                                         CertType.IntroPointEncKeySignedByDescriptorSigningKey
                                         convertedX25519Key
-                                        (descriptorSigningPublicKey.GetEncoded()
+                                        (descriptorSigningPublicKey
                                          |> ED25519PublicKey)
-                                        (descriptorSigningPrivateKey.GetEncoded
-                                            ()
-                                         |> Ed25519PrivateKey.FromBytes)
+                                        (descriptorSigningPrivateKey
+                                         |> Ed25519PrivateKey.Normal)
                                         Constants.HiddenServices.Descriptor.CertificateLifetime
 
                                 {
@@ -690,7 +688,7 @@ type TorServiceHost
                         CertType.ShortTermDescriptorSigningKeyByBlindedPublicKey
                         (descriptorSigningPublicKey.GetEncoded())
                         blindedPublicKey
-                        (ExpandedEd25519 blindedPrivateKey)
+                        (Ed25519PrivateKey.Expanded blindedPrivateKey)
                         Constants.HiddenServices.Descriptor.CertificateLifetime
 
                 HiddenServiceFirstLayerDescriptorDocument.CreateNew

NOnion/Utility/CertificateUtil.fs

@@ -92,7 +92,7 @@ type Certificate =
                             CertificateExtension.Type =
                                 CertificateExtensionType.SignedWithEd25519Key
                             Flags = 0uy
-                            Data = signingPublicKey
+                            Data = signingPublicKey.GetEncoded()
                         }
                     )
                 Signature = Array.empty
@@ -102,13 +102,13 @@ type Certificate =
 
         let signature =
             match signingPrivateKey with
-            | NormalEd25519 privateKey ->
+            | Ed25519PrivateKey.Normal privateKey ->
                 //Standard private key, we can sign with bouncycastle
                 let signer = Ed25519Signer()
 
                 signer.Init(
                     true,
-                    Ed25519PrivateKeyParameters(privateKey.ToByteArray(), 0)
+                    Ed25519PrivateKeyParameters(privateKey.GetEncoded(), 0)
                 )
 
                 signer.BlockUpdate(
@@ -118,15 +118,15 @@ type Certificate =
                 )
 
                 signer.GenerateSignature()
-            | ExpandedEd25519 privateKey ->
+            | Ed25519PrivateKey.Expanded privateKey ->
                 //Expanded private key, we have to sign with Chaos.NaCl
                 let signature = Array.zeroCreate<byte> 64
 
                 Ed25519.SignWithPrehashedPrivateKey(
                     ArraySegment signature,
                     ArraySegment unsignedCertificateBytes,
                     ArraySegment(privateKey.ToByteArray()),
-                    ArraySegment signingPublicKey
+                    ArraySegment(signingPublicKey.GetEncoded())
                 )
 
                 signature