From 828862ea49082e3c64da7adec745609bb15898b4 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Mon, 3 Jun 2019 12:51:57 -0400
Subject: [PATCH] store hash for ECDSA blidning

---
 libi2pd/Blinding.cpp | 42 +++++++++++++++++++++++++-----------------
 libi2pd/Blinding.h   |  2 +-
 libi2pd/LeaseSet.cpp |  7 ++++++-
 3 files changed, 32 insertions(+), 19 deletions(-)

diff --git a/libi2pd/Blinding.cpp b/libi2pd/Blinding.cpp
index 2a57efe0..362823b7 100644
--- a/libi2pd/Blinding.cpp
+++ b/libi2pd/Blinding.cpp
@@ -175,40 +175,48 @@ namespace data
 		i2p::crypto::HKDF (salt, (const uint8_t *)date, 8, "i2pblinding1", seed);
 	}
 
-	void BlindedPublicKey::GetBlindedKey (const char * date, uint8_t * blindedKey) const
+	size_t BlindedPublicKey::GetBlindedKey (const char * date, uint8_t * blindedKey) const
 	{
 		uint8_t seed[64];	
 		GenerateAlpha (date, seed);	
+		size_t publicKeyLength = 0;
 		switch (m_SigType)
 		{
 			case i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
 			{
+				publicKeyLength = i2p::crypto::ECDSAP256_KEY_LENGTH;	
 				EC_GROUP * group = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1);
-				BlindPublicKeyECDSA (i2p::crypto::ECDSAP256_KEY_LENGTH, group, GetPublicKey (), seed, blindedKey);
+				BlindPublicKeyECDSA (publicKeyLength, group, GetPublicKey (), seed, blindedKey);
 				EC_GROUP_free (group);
 				break;
 			}
 			case i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
 			{
+				publicKeyLength = i2p::crypto::ECDSAP384_KEY_LENGTH;
 				EC_GROUP * group = EC_GROUP_new_by_curve_name (NID_secp384r1);
-				BlindPublicKeyECDSA (i2p::crypto::ECDSAP384_KEY_LENGTH, group, GetPublicKey (), seed, blindedKey);
+				BlindPublicKeyECDSA (publicKeyLength, group, GetPublicKey (), seed, blindedKey);
 				EC_GROUP_free (group);
 				break;
 			}
 			case i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
 			{
+				publicKeyLength = i2p::crypto::ECDSAP521_KEY_LENGTH;
 				EC_GROUP * group = EC_GROUP_new_by_curve_name (NID_secp521r1);
-				BlindPublicKeyECDSA (i2p::crypto::ECDSAP521_KEY_LENGTH, group, GetPublicKey (), seed, blindedKey);
+				BlindPublicKeyECDSA (publicKeyLength, group, GetPublicKey (), seed, blindedKey);
 				EC_GROUP_free (group);
 				break;
 			}
 			case i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519:
 			case i2p::data::SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
+			{
 				i2p::crypto::GetEd25519 ()->BlindPublicKey (GetPublicKey (), seed, blindedKey);	
-			break;
+				publicKeyLength = i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH;
+				break;
+			}
 			default:
 				LogPrint (eLogError, "Blinding: can't blind signature type ", (int)m_SigType);
 		}
+		return publicKeyLength;
 	}
 
 	size_t BlindedPublicKey::BlindPrivateKey (const uint8_t * priv, const char * date, uint8_t * blindedPriv, uint8_t * blindedPub) const
@@ -267,23 +275,23 @@ namespace data
 	i2p::data::IdentHash BlindedPublicKey::GetStoreHash (const char * date) const
 	{
 		i2p::data::IdentHash hash;
-		if (m_BlindedSigType == i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519 ||
-			m_BlindedSigType == i2p::data::SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519)
+		uint8_t blinded[128];
+		size_t publicKeyLength = 0;	
+		if (date)
+			publicKeyLength = GetBlindedKey (date, blinded);
+		else
+		{
+			char currentDate[9];
+			i2p::util::GetCurrentDate (currentDate);
+			publicKeyLength = GetBlindedKey (currentDate, blinded);	
+		}	
+		if (publicKeyLength)
 		{
-			uint8_t blinded[32];
-			if (date)
-				GetBlindedKey (date, blinded);
-			else
-			{
-				char currentDate[9];
-				i2p::util::GetCurrentDate (currentDate);
-				GetBlindedKey (currentDate, blinded);	
-			}	
 			auto stA1 = htobe16 (m_BlindedSigType);
 			SHA256_CTX ctx;
 			SHA256_Init (&ctx);
 			SHA256_Update (&ctx, (const uint8_t *)&stA1, 2);
-			SHA256_Update (&ctx, blinded, 32);
+			SHA256_Update (&ctx, blinded, publicKeyLength);
 			SHA256_Final ((uint8_t *)hash, &ctx);
 		}
 		else
diff --git a/libi2pd/Blinding.h b/libi2pd/Blinding.h
index f0387063..9a3fe633 100644
--- a/libi2pd/Blinding.h
+++ b/libi2pd/Blinding.h
@@ -24,7 +24,7 @@ namespace data
 			SigningKeyType GetBlindedSigType () const  { return m_BlindedSigType; };
 
 			void GetSubcredential (const uint8_t * blinded, size_t len, uint8_t * subcredential) const; // 32 bytes
-			void GetBlindedKey (const char * date, uint8_t * blindedKey) const; // blinded key 32 bytes, date is 8 chars "YYYYMMDD" 
+			size_t GetBlindedKey (const char * date, uint8_t * blindedKey) const; // date is 8 chars "YYYYMMDD", return public key length  
 			size_t BlindPrivateKey (const uint8_t * priv, const char * date, uint8_t * blindedPriv, uint8_t * blindedPub) const; // date is 8 chars "YYYYMMDD", return public key length 
 			i2p::data::IdentHash GetStoreHash (const char * date = nullptr) const; // date is 8 chars "YYYYMMDD", use current if null
 
diff --git a/libi2pd/LeaseSet.cpp b/libi2pd/LeaseSet.cpp
index c109dee8..60d47b6f 100644
--- a/libi2pd/LeaseSet.cpp
+++ b/libi2pd/LeaseSet.cpp
@@ -463,7 +463,7 @@ namespace data
 		if (verified && key && lenOuterCiphertext >= 32)
 		{
 			SetIsValid (false); // we must verify it again in Layer 2 
-			if (blindedKeyType == i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519)
+			if (blindedKeyType == key->GetBlindedSigType ())
 			{
 				// verify blinding
 				char date[9];
@@ -476,6 +476,11 @@ namespace data
 					return;
 				}	
 			}	
+			else
+			{
+				LogPrint (eLogError, "LeaseSet2: Unexpected blinded key type ", blindedKeyType, " instread ", key->GetBlindedSigType ());
+				return;
+			}	
 			// outer key
 			// outerInput = subcredential || publishedTimestamp
 			uint8_t subcredential[36];