nblockchain · webwarrior-ws · May 31, 2023 · May 31, 2023 · Jun 1, 2023 · Jun 1, 2023
diff --git a/NOnion.Tests/CircuitHelper.cs b/NOnion.Tests/CircuitHelper.cs
@@ -23,7 +23,9 @@ static private CircuitNodeDetail ConvertToCircuitNodeDetail(ServerDescriptorEntr
             var fingerprintBytes = Hex.ToByteArray(server.Fingerprint.Value);
             var nTorOnionKeyBytes = Base64Util.FromString(server.NTorOnionKey.Value);
             var endpoint = IPEndPoint.Parse($"{server.Address.Value}:{server.OnionRouterPort.Value}");
-            return CircuitNodeDetail.NewCreate(endpoint, nTorOnionKeyBytes, fingerprintBytes);
+            return CircuitNodeDetail.NewCreate(endpoint, 
+                                               new NTorOnionKey(nTorOnionKeyBytes), 
+                                               new Fingerprint(fingerprintBytes));
         }
 
         /* It's possible that the router returned by GetRandomFallbackDirectory

diff --git a/NOnion.Tests/KeyBlindingTests.cs b/NOnion.Tests/KeyBlindingTests.cs
@@ -17,7 +17,7 @@ public class KeyBlindingTests
         [Test]
         public void CheckBlindedPublicKey()
         {
-            var computed = HiddenServicesCipher.CalculateBlindedPublicKey(blindingFactor, publicKey);
+            var computed = HiddenServicesCipher.CalculateBlindedPublicKey(blindingFactor, publicKey).ToByteArray();
             CollectionAssert.AreEqual(computed, blindedPublicKey);
         }
     }

diff --git a/NOnion.Tests/TorDirectoryTests.cs b/NOnion.Tests/TorDirectoryTests.cs
@@ -56,8 +56,8 @@ private async Task ReturnRandomRouter()
             TorDirectory directory = await TorDirectory.BootstrapAsync(FallbackDirectorySelector.GetRandomFallbackDirectory(), cachePath);
             var (endPoint, router) = await directory.GetRouterAsync(RouterType.Normal);
             Assert.IsTrue(router.IsCreate);
-            Assert.IsFalse(((CircuitNodeDetail.Create)router).IdentityKey.All(x => x == 0));
-            Assert.IsFalse(((CircuitNodeDetail.Create)router).NTorOnionKey.All(x => x == 0));
+            Assert.IsFalse(((CircuitNodeDetail.Create)router).Fingerprint.ToByteArray().All(x => x == 0));
+            Assert.IsFalse(((CircuitNodeDetail.Create)router).NTorOnionKey.ToByteArray().All(x => x == 0));
             Assert.IsNotNull(((CircuitNodeDetail.Create)router).EndPoint);
             Assert.That(endPoint, Is.EqualTo(((CircuitNodeDetail.Create)router).EndPoint));
         }

diff --git a/NOnion/Cells/Relay/RelayIntroduce.fs b/NOnion/Cells/Relay/RelayIntroduce.fs
@@ -10,7 +10,7 @@ type RelayIntroduceInnerData =
     {
         RendezvousCookie: array<byte>
         Extensions: List<RelayIntroExtension>
-        OnionKey: array<byte>
+        OnionKey: NTorOnionKey
         RendezvousLinkSpecifiers: List<LinkSpecifier>
     }
 
@@ -41,7 +41,8 @@ type RelayIntroduceInnerData =
         if onionKeyLength <> Constants.NTorPublicKeyLength then
             failwith "Invalid onion key length"
 
-        let onionKey = reader.ReadBytes Constants.NTorPublicKeyLength
+        let onionKey =
+            reader.ReadBytes Constants.NTorPublicKeyLength |> NTorOnionKey
 
         let rec readLinkSpecifier (n: byte) (state: List<LinkSpecifier>) =
             if n = 0uy then
@@ -62,6 +63,8 @@ type RelayIntroduceInnerData =
         }
 
     member self.ToBytes() =
+        let onionKeyBytes = self.OnionKey.ToByteArray()
+
         Array.concat
             [
                 self.RendezvousCookie
@@ -70,10 +73,10 @@ type RelayIntroduceInnerData =
                 |> List.map(fun ext -> ext.ToBytes())
                 |> Array.concat
                 Array.singleton 1uy
-                self.OnionKey.Length
+                onionKeyBytes.Length
                 |> uint16
                 |> IntegerSerialization.FromUInt16ToBigEndianByteArray
-                self.OnionKey
+                onionKeyBytes
                 self.RendezvousLinkSpecifiers.Length |> byte |> Array.singleton
                 self.RendezvousLinkSpecifiers
                 |> List.map(fun link -> link.ToBytes())

diff --git a/NOnion/Constants.fs b/NOnion/Constants.fs
@@ -31,6 +31,15 @@ module Constants =
     [<Literal>]
     let KdfLength = 92
 
+    [<Literal>]
+    let FingerprintLength = 20
+
+    [<Literal>]
+    let Ed25519PrivateKeyLength = 32
+
+    [<Literal>]
+    let ExpandedEd25519PrivateKeyLength = 64
+
     let internal SupportedProtocolVersion: array<uint16> = [| 3us |]
 
     (*

diff --git a/NOnion/Crypto/HiddenServicesCipher.fs b/NOnion/Crypto/HiddenServicesCipher.fs
@@ -88,14 +88,15 @@ module HiddenServicesCipher =
         Ed25519Clamp blindingFactor
 
         match Ed25519.CalculateBlindedPublicKey(publicKey, blindingFactor) with
-        | true, output -> output
+        | true, output -> ED25519PublicKey.FromBytes output
         | false, _ -> failwith "can't calculate blinded public key"
 
     let CalculateExpandedBlindedPrivateKey
         (blindingFactor: array<byte>)
         (masterPrivateKey: array<byte>)
-        =
-        let expandedMasterPrivateKey = Array.zeroCreate 64
+        : ExpandedEd25519PrivateKey =
+        let expandedMasterPrivateKey =
+            Array.zeroCreate Constants.ExpandedEd25519PrivateKeyLength
 
         let hashEngine = Sha512Digest()
         hashEngine.BlockUpdate(masterPrivateKey, 0, masterPrivateKey.Length)
@@ -112,14 +113,14 @@ module HiddenServicesCipher =
                     "Derive temporary signing key hash input"
                 )
             with
-        | true, output -> output
+        | true, output -> ExpandedEd25519PrivateKey output
         | false, _ -> failwith "can't calculate blinded private key"
 
 
     let BuildBlindedPublicKey
         (periodNumber: uint64, periodLength: uint64)
         (publicKey: array<byte>)
-        =
+        : ED25519PublicKey =
         let blindingFactor =
             CalculateBlindingFactor periodNumber periodLength publicKey
 
@@ -154,7 +155,7 @@ module HiddenServicesCipher =
                 [
                     "subcredential" |> Encoding.ASCII.GetBytes
                     credential
-                    blindedKey
+                    blindedKey.ToByteArray()
                 ]
             |> SHA3256
 

diff --git a/NOnion/Directory/HiddenServiceDescriptorDocument.fs b/NOnion/Directory/HiddenServiceDescriptorDocument.fs
@@ -8,7 +8,7 @@ open NOnion.Utility
 
 type IntroductionPointEntry =
     {
-        OnionKey: Option<array<byte>>
+        OnionKey: Option<NTorOnionKey>
         AuthKey: Option<Certificate>
         EncKey: Option<array<byte>>
         EncKeyCert: Option<Certificate>
@@ -60,7 +60,10 @@ type IntroductionPointEntry =
                     innerParse
                         { state with
                             OnionKey =
-                                readWord() |> Convert.FromBase64String |> Some
+                                readWord()
+                                |> Convert.FromBase64String
+                                |> NTorOnionKey
+                                |> Some
                         }
                 | "enc-key" ->
                     lines.Dequeue() |> ignore<string>
@@ -127,9 +130,11 @@ type IntroductionPointEntry =
                 "HS document (most inner wrapper) is incomplete, missing linkspecifier"
 
         match self.OnionKey with
-        | Some onionKey ->
+        | Some nTorOnionKey ->
             appendLine(
-                sprintf "onion-key ntor %s" (Convert.ToBase64String onionKey)
+                sprintf
+                    "onion-key ntor %s"
+                    (Convert.ToBase64String <| nTorOnionKey.ToByteArray())
             )
             |> ignore<StringBuilder>
         | None ->

diff --git a/NOnion/Directory/TorDirectory.fs b/NOnion/Directory/TorDirectory.fs
@@ -276,8 +276,8 @@ type TorDirectory =
                     endpoint,
                     CircuitNodeDetail.Create(
                         endpoint,
-                        nTorOnionKeyBytes,
-                        fingerprintBytes
+                        NTorOnionKey nTorOnionKeyBytes,
+                        Fingerprint fingerprintBytes
                     )
         }
 
@@ -583,7 +583,7 @@ type TorDirectory =
         |> Async.StartAsTask
 
     member self.GetResponsibleHiddenServiceDirectories
-        (blindedPublicKey: array<byte>)
+        (ED25519PublicKey blindedPublicKey)
         (sharedRandomValue: string)
         (periodNumber: uint64)
         (periodLength: uint64)
@@ -654,7 +654,7 @@ type TorDirectory =
                         Array.concat
                             [
                                 "store-at-idx" |> Encoding.ASCII.GetBytes
-                                blindedPublicKey
+                                blindedPublicKey.GetEncoded()
                                 replicaNum
                                 |> uint64
                                 |> IntegerSerialization.FromUInt64ToBigEndianByteArray

diff --git a/NOnion/KeyTypes.fs b/NOnion/KeyTypes.fs
@@ -0,0 +1,70 @@
+namespace NOnion
+
+open Org.BouncyCastle.Crypto.Parameters
+
+
+type ExpandedEd25519PrivateKey(bytes: array<byte>) =
+    do
+        if bytes.Length <> Constants.ExpandedEd25519PrivateKeyLength then
+            failwithf
+                "Invalid private key (length=%d), %d expected"
+                bytes.Length
+                Constants.ExpandedEd25519PrivateKeyLength
+
+    member self.ToByteArray() =
+        bytes
+
+[<RequireQualifiedAccess>]
+type Ed25519PrivateKey =
+    | Normal of Ed25519PrivateKeyParameters
+    | Expanded of ExpandedEd25519PrivateKey
+
+    static member FromBytes(bytes: array<byte>) : Ed25519PrivateKey =
+        if bytes.Length = Constants.ExpandedEd25519PrivateKeyLength then
+            Expanded <| ExpandedEd25519PrivateKey bytes
+        elif bytes.Length = Constants.Ed25519PrivateKeyLength then
+            Normal <| Ed25519PrivateKeyParameters(bytes, 0)
+        else
+            failwithf
+                "Invalid private key (length=%d), private key should either be %d (standard ed25519) or %d bytes (expanded ed25519 key)"
+                bytes.Length
+                Constants.Ed25519PrivateKeyLength
+                Constants.ExpandedEd25519PrivateKeyLength
+
+    member self.ToByteArray() =
+        match self with
+        | Normal key -> key.GetEncoded()
+        | Expanded key -> key.ToByteArray()
+
+type ED25519PublicKey =
+    | ED25519PublicKey of Ed25519PublicKeyParameters
+
+    static member FromBytes(bytes: array<byte>) : ED25519PublicKey =
+        ED25519PublicKey <| Ed25519PublicKeyParameters(bytes, 0)
+
+    member self.ToByteArray() =
+        match self with
+        | ED25519PublicKey publicKeyParams -> publicKeyParams.GetEncoded()
+
+type NTorOnionKey(bytes: array<byte>) =
+    do
+        if bytes.Length <> Constants.NTorPublicKeyLength then
+            failwithf
+                "Invalid onion key length, expected %d, got %d"
+                Constants.NTorPublicKeyLength
+                bytes.Length
+
+    member self.ToByteArray() =
+        bytes
+
+/// Digest of identity key.
+type Fingerprint(bytes: array<byte>) =
+    do
+        if bytes.Length <> Constants.FingerprintLength then
+            failwithf
+                "Invalid fingerprint (identity key digest) length, expected %d, got %d"
+                Constants.FingerprintLength
+                bytes.Length
+
+    member self.ToByteArray() =
+        bytes
diff --git a/NOnion/NOnion.fsproj b/NOnion/NOnion.fsproj
@@ -19,6 +19,7 @@
     <Compile Include="RelayIntroduceStatus.fs" />
     <Compile Include="Exceptions.fs" />
     <Compile Include="HandshakeType.fs" />
+    <Compile Include="KeyTypes.fs" />
     <Compile Include="Utility\EmbeddedResourceUtility.fs" />
     <Compile Include="Utility\PemUtility.fs" />
     <Compile Include="Utility\FSharpUtil.fs" />

diff --git a/NOnion/Network/TorCircuit.fs b/NOnion/Network/TorCircuit.fs
@@ -25,8 +25,8 @@ type CircuitNodeDetail =
     | FastCreate
     | Create of
         EndPoint: IPEndPoint *
-        NTorOnionKey: array<byte> *
-        IdentityKey: array<byte>
+        NTorOnionKey: NTorOnionKey *
+        Fingerprint: Fingerprint
 
     member self.GetIdentityKey() =
         match self with
@@ -694,7 +694,7 @@ and TorCircuit
                                         {
                                             LinkSpecifier.Type =
                                                 LinkSpecifierType.LegacyIdentity
-                                            Data = identityKey
+                                            Data = identityKey.ToByteArray()
                                         }
                                     ]
                                 HandshakeType = HandshakeType.NTor

diff --git a/NOnion/Network/TorGuard.fs b/NOnion/Network/TorGuard.fs
@@ -49,7 +49,7 @@ type TorGuard
     (
         client: TcpClient,
         sslStream: SslStream,
-        fingerprintOpt: Option<array<byte>>
+        fingerprintOpt: Option<Fingerprint>
     ) =
     let shutdownToken = new CancellationTokenSource()
 
@@ -116,7 +116,7 @@ type TorGuard
 
     static member private InnerNewClient
         (ipEndpoint: IPEndPoint)
-        (fingerprintOpt: Option<array<byte>>)
+        (fingerprintOpt: Option<Fingerprint>)
         =
         async {
             let tcpClient = new TcpClient()
@@ -475,7 +475,7 @@ type TorGuard
             let sha1 = SHA1.Create()
             let hash = sha1.ComputeHash(getPublicKeyBytes idCertificate)
 
-            if hash <> fingerprint then
+            if hash <> fingerprint.ToByteArray() then
                 raise
                 <| GuardConnectionFailedException("RSA Identity was invalid")
         | None -> ()

diff --git a/NOnion/Services/TorServiceClient.fs b/NOnion/Services/TorServiceClient.fs
@@ -110,8 +110,9 @@ type TorServiceClient =
                                                 (sprintf
                                                     "/tor/hs/%i/%s"
                                                     Constants.HiddenServices.Version
-                                                    ((Convert.ToBase64String
-                                                        blindedPublicKey)))
+                                                    (Convert.ToBase64String
+                                                     <| blindedPublicKey.ToByteArray
+                                                         ()))
                                                 false
 
                                         return
@@ -188,7 +189,7 @@ type TorServiceClient =
                     let secretInput =
                         Array.concat
                             [
-                                blindedPublicKey
+                                blindedPublicKey.ToByteArray()
                                 HiddenServicesCipher.GetSubCredential
                                     (periodNum, periodLength)
                                     publicKey
@@ -372,7 +373,7 @@ type TorServiceClient =
                                     CircuitNodeDetail.Create(
                                         endpointSpecifier,
                                         introductionPoint.OnionKey.Value,
-                                        identityKey
+                                        Fingerprint identityKey
                                     )
 
                         return
@@ -433,7 +434,7 @@ type TorServiceClient =
                                 {
                                     LinkSpecifier.Type =
                                         LinkSpecifierType.LegacyIdentity
-                                    Data = identityKey
+                                    Data = identityKey.ToByteArray()
                                 }
                             ]
                     }