From 009af2eeaed993af4f57457164cce0b59fa44b5c Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Sat, 23 Aug 2014 22:06:53 -0400
Subject: [PATCH] create random keys for different signature type

---
 Identity.cpp  | 98 ++++++++++++++++++++++++++++++++-------------------
 Identity.h    | 15 +++++---
 Streaming.cpp |  2 +-
 3 files changed, 73 insertions(+), 42 deletions(-)

diff --git a/Identity.cpp b/Identity.cpp
index b473c5eb..872e0e6f 100644
--- a/Identity.cpp
+++ b/Identity.cpp
@@ -29,7 +29,6 @@ namespace data
 	size_t Identity::FromBuffer (const uint8_t * buf, size_t len)
 	{
 		memcpy (publicKey, buf, DEFAULT_IDENTITY_SIZE);
-		// TODO: process certificate
 		return DEFAULT_IDENTITY_SIZE;
 	}
 
@@ -37,7 +36,31 @@ namespace data
 		m_Verifier (nullptr), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
 	{
 	}
-	
+
+	IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type)
+	{	
+		memcpy (m_StandardIdentity.publicKey, publicKey, sizeof (m_StandardIdentity.publicKey));
+		if (type == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
+		{
+			memcpy (m_StandardIdentity.signingKey + 64, signingKey, 64);
+			m_StandardIdentity.certificate.type = CERTIFICATE_TYPE_KEY;
+			m_ExtendedLen = 4; // 4 bytes extra
+			m_StandardIdentity.certificate.length = htobe16 (4); 
+			m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
+			*(uint16_t *)m_ExtendedBuffer = htobe16 (SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
+			*(uint16_t *)(m_ExtendedBuffer + 2) = htobe16 (CRYPTO_KEY_TYPE_ELGAMAL);
+		}
+		else // DSA-SHA1
+		{
+			memcpy (m_StandardIdentity.signingKey, signingKey, sizeof (m_StandardIdentity.signingKey));
+			memset (&m_StandardIdentity.certificate, 0, sizeof (m_StandardIdentity.certificate));
+			m_ExtendedLen = 0;
+			m_ExtendedBuffer = nullptr;
+		}	
+		m_IdentHash = m_StandardIdentity.Hash ();
+		CreateVerifier ();
+	}	
+		
 	IdentityEx::IdentityEx (const uint8_t * buf, size_t len):
 		m_Verifier (nullptr), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
 	{
@@ -143,38 +166,28 @@ namespace data
 			return m_Verifier->Verify (buf, len, signature);
 		return false;
 	}	
+
+	SigningKeyType IdentityEx::GetSigningKeyType () const
+	{
+		if (m_StandardIdentity.certificate.type == CERTIFICATE_TYPE_KEY && m_ExtendedBuffer)				
+			return be16toh (*(const uint16_t *)m_ExtendedBuffer); // signing key
+		return SIGNING_KEY_TYPE_DSA_SHA1;
+	}	
 		
 	void IdentityEx::CreateVerifier () 
 	{
-		switch (m_StandardIdentity.certificate.type)
-		{	
-			case CERTIFICATE_TYPE_NULL:
+		auto keyType = GetSigningKeyType ();
+		switch (keyType)
+		{
+			case SIGNING_KEY_TYPE_DSA_SHA1:
 				m_Verifier = new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey);
 			break;
-			case CERTIFICATE_TYPE_KEY:
-			{	
-				if (m_ExtendedBuffer)
-				{
-					uint16_t keyType = be16toh (*(uint16_t *)m_ExtendedBuffer); // sigining key
-					switch (keyType)
-					{
-						case PUBLIC_KEY_TYPE_DSA_SHA1:
-							m_Verifier = new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey);
-						break;
-						case PUBLIC_KEY_TYPE_ECDSA_SHA256_P256:
-							m_Verifier = new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + 64);
-						break;	
-						default:
-							LogPrint ("Signing key type ", keyType, " is not supported");
-					}	
-				}
-				else
-					LogPrint ("Missing certificate payload");
-				break;
-			}	
+			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
+				m_Verifier = new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + 64);
+			break;	
 			default:
-				LogPrint ("Certificate type ", m_StandardIdentity.certificate.type, " is not supported");
-		}	
+				LogPrint ("Signing key type ", (int)keyType, " is not supported");
+		}			
 	}	
 		
 	IdentHash Identity::Hash() const 
@@ -213,24 +226,35 @@ namespace data
 		ret += signingPrivateKeySize;
 		return ret;
 	}	
+
+	PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type)
+	{
+		if (type == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
+		{
+			PrivateKeys keys;
+			CryptoPP::AutoSeededRandomPool rnd;
+			// encryption
+			uint8_t publicKey[256];
+			CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
+			dh.GenerateKeyPair(rnd, keys.m_PrivateKey, publicKey);
+			// signature
+			uint8_t signingPublicKey[64];
+			i2p::crypto::CreateECDSAP256RandomKeys (rnd, keys.m_SigningPrivateKey, signingPublicKey);
+			keys.m_Public = IdentityEx (publicKey, signingPublicKey, SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
+			return keys;
+		}	
+		return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
+	}	
 		
 	Keys CreateRandomKeys ()
 	{
 		Keys keys;		
 		CryptoPP::AutoSeededRandomPool rnd;
-
 		// encryption
 		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
 		dh.GenerateKeyPair(rnd, keys.privateKey, keys.publicKey);
-
 		// signing
-		CryptoPP::DSA::PrivateKey privateKey;
-		CryptoPP::DSA::PublicKey publicKey;
-		privateKey.Initialize (rnd, i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag);
-		privateKey.MakePublicKey (publicKey);
-		privateKey.GetPrivateExponent ().Encode (keys.signingPrivateKey, 20);	
-		publicKey.GetPublicElement ().Encode (keys.signingKey, 128);
-		
+		i2p::crypto::CreateDSARandomKeys (rnd, keys.signingPrivateKey, keys.signingKey);	
 		return keys;
 	}	
 
diff --git a/Identity.h b/Identity.h
index a2df2ada..8e2ccedd 100644
--- a/Identity.h
+++ b/Identity.h
@@ -80,9 +80,6 @@ namespace data
 	const uint8_t CERTIFICATE_TYPE_MULTIPLE = 4;	
 	const uint8_t CERTIFICATE_TYPE_KEY = 5;
 
-	const uint16_t PUBLIC_KEY_TYPE_DSA_SHA1 = 0;
-	const uint16_t PUBLIC_KEY_TYPE_ECDSA_SHA256_P256 = 1;
-	
 	struct Identity
 	{
 		uint8_t publicKey[256];
@@ -102,11 +99,18 @@ namespace data
 	};	
 	const size_t DEFAULT_IDENTITY_SIZE = sizeof (Identity); // 387 bytes
 
+	const uint16_t CRYPTO_KEY_TYPE_ELGAMAL = 0;
+	const uint16_t SIGNING_KEY_TYPE_DSA_SHA1 = 0;
+	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA256_P256 = 1;
+	typedef uint16_t SigningKeyType;
+	
 	class IdentityEx
 	{
 		public:
 
 			IdentityEx ();
+			IdentityEx (const uint8_t * publicKey, const uint8_t * signingKey,
+				SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1);
 			IdentityEx (const uint8_t * buf, size_t len);
 			IdentityEx (const IdentityEx& other);
 			~IdentityEx ();
@@ -121,6 +125,7 @@ namespace data
 			size_t GetSigningPublicKeyLen () const;
 			size_t GetSignatureLen () const;
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
+			SigningKeyType GetSigningKeyType () const;
 			
 		private:
 
@@ -150,7 +155,9 @@ namespace data
 
 			size_t FromBuffer (const uint8_t * buf, size_t len);
 			size_t ToBuffer (uint8_t * buf, size_t len) const;
-			
+
+			static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1);
+				
 		private:
 
 			IdentityEx m_Public;
diff --git a/Streaming.cpp b/Streaming.cpp
index 20eb8663..38a277f7 100644
--- a/Streaming.cpp
+++ b/Streaming.cpp
@@ -505,7 +505,7 @@ namespace stream
 	StreamingDestination::StreamingDestination (boost::asio::io_service& service): 
 		m_Service (service), m_LeaseSet (nullptr), m_IsPublic (false)
 	{		
-		m_Keys = i2p::data::CreateRandomKeys ();
+		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys ();
 		m_SigningPrivateKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag, 
 			CryptoPP::Integer (m_Keys.GetSigningPrivateKey (), 20));
 		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);