NOnion: key types refactoring

webwarrior-ws · webwarrior-ws · commit 6963b36ca3e3 · 2023-06-01T14:18:42.000+02:00
Renamed ExpandedBlindedPrivateKey to Ed25519PrivateKey,
which now can be either NormalEd25519PrivateKey or
ExpandedEd25519PrivateKey.
Implemented length checks for both.
Renamed BlindedPublicKey to ED25519PublicKey.
diff --git a/NOnion/Constants.fs b/NOnion/Constants.fs
@@ -34,6 +34,12 @@ module Constants =
     [<Literal>]
     let IdentityKeyLength = 20
 
+    [<Literal>]
+    let Ed25519PrivateKeyLength = 32
+
+    [<Literal>]
+    let ExpandedEd25519PrivateKeyLength = 64
+
     let internal SupportedProtocolVersion: array<uint16> = [| 3us |]
 
     (*
diff --git a/NOnion/Crypto/HiddenServicesCipher.fs b/NOnion/Crypto/HiddenServicesCipher.fs
@@ -88,14 +88,15 @@ module HiddenServicesCipher =
         Ed25519Clamp blindingFactor
 
         match Ed25519.CalculateBlindedPublicKey(publicKey, blindingFactor) with
-        | true, output -> BlindedPublicKey output
+        | true, output -> ED25519PublicKey output
         | false, _ -> failwith "can't calculate blinded public key"
 
     let CalculateExpandedBlindedPrivateKey
         (blindingFactor: array<byte>)
         (masterPrivateKey: array<byte>)
-        : ExpandedBlindedPrivateKey =
-        let expandedMasterPrivateKey = Array.zeroCreate 64
+        : ExpandedEd25519PrivateKey =
+        let expandedMasterPrivateKey =
+            Array.zeroCreate Constants.ExpandedEd25519PrivateKeyLength
 
         let hashEngine = Sha512Digest()
         hashEngine.BlockUpdate(masterPrivateKey, 0, masterPrivateKey.Length)
@@ -112,14 +113,14 @@ module HiddenServicesCipher =
                     "Derive temporary signing key hash input"
                 )
             with
-        | true, output -> ExpandedBlindedPrivateKey output
+        | true, output -> ExpandedEd25519PrivateKey output
         | false, _ -> failwith "can't calculate blinded private key"
 
 
     let BuildBlindedPublicKey
         (periodNumber: uint64, periodLength: uint64)
         (publicKey: array<byte>)
-        : BlindedPublicKey =
+        : ED25519PublicKey =
         let blindingFactor =
             CalculateBlindingFactor periodNumber periodLength publicKey
 
diff --git a/NOnion/Directory/TorDirectory.fs b/NOnion/Directory/TorDirectory.fs
@@ -583,7 +583,7 @@ type TorDirectory =
         |> Async.StartAsTask
 
     member self.GetResponsibleHiddenServiceDirectories
-        (BlindedPublicKey blindedPublicKey)
+        (ED25519PublicKey blindedPublicKey)
         (sharedRandomValue: string)
         (periodNumber: uint64)
         (periodLength: uint64)
diff --git a/NOnion/KeyTypes.fs b/NOnion/KeyTypes.fs
@@ -1,14 +1,55 @@
 ﻿namespace NOnion
 
 
-type ExpandedBlindedPrivateKey = ExpandedBlindedPrivateKey of array<byte>
+type NormalEd25519PrivateKey(bytes: array<byte>) =
+    do
+        if bytes.Length <> Constants.Ed25519PrivateKeyLength then
+            failwithf
+                "Invalid private key (length=%d), %d expected"
+                bytes.Length
+                Constants.Ed25519PrivateKeyLength
+
+    member self.ToByteArray() =
+        bytes
+
+type ExpandedEd25519PrivateKey(bytes: array<byte>) =
+    do
+        if bytes.Length <> Constants.ExpandedEd25519PrivateKeyLength then
+            failwithf
+                "Invalid private key (length=%d), %d expected"
+                bytes.Length
+                Constants.ExpandedEd25519PrivateKeyLength
+
+    member self.ToByteArray() =
+        bytes
+
+type Ed25519PrivateKey =
+    | NormalEd25519 of NormalEd25519PrivateKey
+    | ExpandedEd25519 of ExpandedEd25519PrivateKey
+
+    static member FromBytes(bytes: array<byte>) : Ed25519PrivateKey =
+        if bytes.Length = Constants.ExpandedEd25519PrivateKeyLength then
+            ExpandedEd25519 <| ExpandedEd25519PrivateKey bytes
+        elif bytes.Length = Constants.Ed25519PrivateKeyLength then
+            NormalEd25519 <| NormalEd25519PrivateKey bytes
+        else
+            failwithf
+                "Invalid private key (length=%d), private key should either be %d (standard ed25519) or %d bytes (expanded ed25519 key)"
+                bytes.Length
+                Constants.Ed25519PrivateKeyLength
+                Constants.ExpandedEd25519PrivateKeyLength
+
+    member self.ToByteArray() =
+        match self with
+        | NormalEd25519 key -> key.ToByteArray()
+        | ExpandedEd25519 key -> key.ToByteArray()
 
-type BlindedPublicKey =
-    | BlindedPublicKey of array<byte>
+type ED25519PublicKey =
+    | ED25519PublicKey of array<byte>
 
     member self.ToByteArray() =
         match self with
-        | BlindedPublicKey bytes -> bytes
+        | ED25519PublicKey bytes -> bytes
 
 type NTorOnionKey(bytes: array<byte>) =
     do
diff --git a/NOnion/Services/TorServiceHost.fs b/NOnion/Services/TorServiceHost.fs
@@ -531,10 +531,10 @@ type TorServiceHost
                                         :?> Ed25519PublicKeyParameters)
                                             .GetEncoded())
                                         (descriptorSigningPublicKey.GetEncoded()
-                                         |> BlindedPublicKey)
+                                         |> ED25519PublicKey)
                                         (descriptorSigningPrivateKey.GetEncoded
                                             ()
-                                         |> ExpandedBlindedPrivateKey)
+                                         |> Ed25519PrivateKey.FromBytes)
                                         Constants.HiddenServices.Descriptor.CertificateLifetime
 
                                 let encKeyBytes =
@@ -560,10 +560,10 @@ type TorServiceHost
                                         CertType.IntroPointEncKeySignedByDescriptorSigningKey
                                         convertedX25519Key
                                         (descriptorSigningPublicKey.GetEncoded()
-                                         |> BlindedPublicKey)
+                                         |> ED25519PublicKey)
                                         (descriptorSigningPrivateKey.GetEncoded
                                             ()
-                                         |> ExpandedBlindedPrivateKey)
+                                         |> Ed25519PrivateKey.FromBytes)
                                         Constants.HiddenServices.Descriptor.CertificateLifetime
 
                                 {
@@ -690,7 +690,7 @@ type TorServiceHost
                         CertType.ShortTermDescriptorSigningKeyByBlindedPublicKey
                         (descriptorSigningPublicKey.GetEncoded())
                         blindedPublicKey
-                        blindedPrivateKey
+                        (ExpandedEd25519 blindedPrivateKey)
                         Constants.HiddenServices.Descriptor.CertificateLifetime
 
                 HiddenServiceFirstLayerDescriptorDocument.CreateNew
diff --git a/NOnion/Utility/CertificateUtil.fs b/NOnion/Utility/CertificateUtil.fs
@@ -70,8 +70,8 @@ type Certificate =
     static member CreateNew
         certType
         (certifiedKey: array<byte>)
-        (BlindedPublicKey signingPublicKey)
-        (ExpandedBlindedPrivateKey signingPrivateKey)
+        (ED25519PublicKey signingPublicKey)
+        (signingPrivateKey: Ed25519PrivateKey)
         (lifetime: TimeSpan)
         =
         let unsignedCertificate =
@@ -101,13 +101,14 @@ type Certificate =
         let unsignedCertificateBytes = unsignedCertificate.ToBytes true
 
         let signature =
-            if signingPrivateKey.Length = 32 then
+            match signingPrivateKey with
+            | NormalEd25519 privateKey ->
                 //Standard private key, we can sign with bouncycastle
                 let signer = Ed25519Signer()
 
                 signer.Init(
                     true,
-                    Ed25519PrivateKeyParameters(signingPrivateKey, 0)
+                    Ed25519PrivateKeyParameters(privateKey.ToByteArray(), 0)
                 )
 
                 signer.BlockUpdate(
@@ -117,21 +118,18 @@ type Certificate =
                 )
 
                 signer.GenerateSignature()
-            elif signingPrivateKey.Length = 64 then
+            | ExpandedEd25519 privateKey ->
                 //Expanded private key, we have to sign with Chaos.NaCl
                 let signature = Array.zeroCreate<byte> 64
 
                 Ed25519.SignWithPrehashedPrivateKey(
                     ArraySegment signature,
                     ArraySegment unsignedCertificateBytes,
-                    ArraySegment signingPrivateKey,
+                    ArraySegment(privateKey.ToByteArray()),
                     ArraySegment signingPublicKey
                 )
 
                 signature
-            else
-                failwith
-                    "Invalid private key, private key should either be 32 (standard ed25519) or 64 bytes (expanded ed25519 key)"
 
         { unsignedCertificate with
             Signature = signature
