process extended indetities for LeaseSets

vmlinuxer · Aug 22, 2014 · 2aaac1a · 2aaac1a
1 parent b77325c
commit 2aaac1a
Show file tree

Hide file tree

Showing 5 changed files with 172 additions and 17 deletions.
diff --git a/Identity.cpp b/Identity.cpp
@@ -33,6 +33,123 @@ namespace data
 		return DEFAULT_IDENTITY_SIZE;
 	}
 
+	IdentityEx::IdentityEx ():
+		m_Verifier (nullptr), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
+	{
+	}
+
+	IdentityEx::IdentityEx (const uint8_t * buf, size_t len):
+		m_Verifier (nullptr), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
+	{
+		FromBuffer (buf, len);
+	}
+
+	IdentityEx::IdentityEx (const IdentityEx& other):
+		m_Verifier (nullptr), m_ExtendedBuffer (nullptr)
+	{
+		*this = other;
+	}	
+
+	IdentityEx::~IdentityEx ()
+	{
+		delete m_Verifier;
+		delete[] m_ExtendedBuffer;
+	}	
+
+	IdentityEx& IdentityEx::operator=(const IdentityEx& other)
+	{
+		memcpy (&m_StandardIdentity, &other.m_StandardIdentity, DEFAULT_IDENTITY_SIZE);
+		m_IdentHash = other.m_IdentHash;
+
+		delete m_Verifier;
+		m_Verifier = nullptr;
+
+		delete[] m_ExtendedBuffer;
+		m_ExtendedLen = other.m_ExtendedLen;
+		if (m_ExtendedLen > 0)
+		{	
+			m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
+			memcpy (m_ExtendedBuffer, other.m_ExtendedBuffer, m_ExtendedLen);
+		}	        
+		else
+			m_ExtendedBuffer = nullptr;
+
+		return *this;
+	}	
+
+	size_t IdentityEx::FromBuffer (const uint8_t * buf, size_t len)
+	{
+		delete m_Verifier;
+		m_Verifier = nullptr;
+		delete[] m_ExtendedBuffer;
+
+		memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE);
+		if (m_StandardIdentity.certificate.length)
+		{
+			m_ExtendedLen = be16toh (m_StandardIdentity.certificate.length);
+			m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
+			memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen);
+		}		
+		else
+		{
+			m_ExtendedLen = 0;
+			m_ExtendedBuffer = nullptr;
+		}	
+		CryptoPP::SHA256().CalculateDigest(m_IdentHash, buf, GetFullLen ());
+		return GetFullLen ();
+	}	
+
+	size_t IdentityEx::GetSigningPublicKeyLen () 
+	{
+		if (!m_Verifier) 
+			CreateVerifier ();
+		if (m_Verifier)
+			return m_Verifier->GetPublicKeyLen ();
+		return 128;
+	}	
+
+	bool IdentityEx::Verify (const uint8_t * buf, size_t len, const uint8_t * signature)
+	{
+		if (!m_Verifier) 
+			CreateVerifier ();
+		if (m_Verifier)
+			return m_Verifier->Verify (buf, len, signature);
+		return false;
+	}	
+
+	void IdentityEx::CreateVerifier ()
+	{
+		switch (m_StandardIdentity.certificate.type)
+		{	
+			case CERTIFICATE_TYPE_NULL:
+				m_Verifier = new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey);
+			break;
+			case CERTIFICATE_TYPE_KEY:
+			{	
+				if (m_ExtendedBuffer)
+				{
+					uint16_t keyType = be16toh (*(uint16_t *)m_ExtendedBuffer); // sigining key
+					switch (keyType)
+					{
+						case PUBLIC_KEY_TYPE_DSA_SHA1:
+							m_Verifier = new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey);
+						break;
+						case PUBLIC_KEY_TYPE_ECDSA_SHA256_P256:
+							m_Verifier = new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey);
+						break;	
+						default:
+							LogPrint ("Signing key type ", keyType, " is not supported");
+					}	
+				}
+				else
+					LogPrint ("Missing certificate payload");
+				break;
+			}	
+			default:
+				LogPrint ("Certificate type ", m_StandardIdentity.certificate.type, " is not supported");
+		}	
+	}	
+
 	IdentHash Identity::Hash() const 
 	{
 		IdentHash hash;

diff --git a/Identity.h b/Identity.h
@@ -80,7 +80,9 @@ namespace data
 	const uint8_t CERTIFICATE_TYPE_MULTIPLE = 4;	
 	const uint8_t CERTIFICATE_TYPE_KEY = 5;
 
-	const size_t DEFAULT_IDENTITY_SIZE = 387;
+	const uint16_t PUBLIC_KEY_TYPE_DSA_SHA1 = 0;
+	const uint16_t PUBLIC_KEY_TYPE_ECDSA_SHA256_P256 = 1;
+
 	struct Identity
 	{
 		uint8_t publicKey[256];
@@ -96,6 +98,37 @@ namespace data
 		size_t FromBuffer (const uint8_t * buf, size_t len);
 		IdentHash Hash() const;
 	};	
+	const size_t DEFAULT_IDENTITY_SIZE = sizeof (Identity); // 387 bytes
+
+	class IdentityEx
+	{
+		public:
+
+			IdentityEx ();
+			IdentityEx (const uint8_t * buf, size_t len);
+			IdentityEx (const IdentityEx& other);
+			~IdentityEx ();
+			IdentityEx& operator=(const IdentityEx& other);
+
+			size_t FromBuffer (const uint8_t * buf, size_t len);
+			const Identity& GetStandardIdentity () const { return m_StandardIdentity; };
+			const IdentHash& GetIdentHash () const { return m_IdentHash; };
+			size_t GetFullLen () const { return m_ExtendedLen + DEFAULT_IDENTITY_SIZE; };
+			size_t GetSigningPublicKeyLen ();
+			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature);
+
+		private:
+
+			void CreateVerifier ();
+
+		private:
+
+			Identity m_StandardIdentity;
+			IdentHash m_IdentHash;
+			i2p::crypto::Verifier * m_Verifier;
+			size_t m_ExtendedLen;
+			uint8_t * m_ExtendedBuffer;
+	};	
 
 	struct PrivateKeys // for eepsites
 	{

diff --git a/LeaseSet.cpp b/LeaseSet.cpp
@@ -62,15 +62,17 @@ namespace data
 
 	void LeaseSet::ReadFromBuffer ()	
 	{	
-		const LeaseSetHeader * header = (const LeaseSetHeader *)m_Buffer;
-		m_Identity = header->destination;
-		m_IdentHash = m_Identity.Hash();
-		memcpy (m_EncryptionKey, header->encryptionKey, 256);
-		LogPrint ("LeaseSet num=", (int)header->num);
+		size_t size = m_Identity.FromBuffer (m_Buffer, m_BufferLen);
+		memcpy (m_EncryptionKey, m_Buffer + size, 256);
+		size += 256; // encryption key
+		size += m_Identity.GetSigningPublicKeyLen (); // unused signing key
+		uint8_t num = m_Buffer[size];
+		size++; // num
+		LogPrint ("LeaseSet num=", (int)num);
 
 		// process leases
-		const uint8_t * leases = m_Buffer + sizeof (LeaseSetHeader);
-		for (int i = 0; i < header->num; i++)
+		const uint8_t * leases = m_Buffer + size;
+		for (int i = 0; i < num; i++)
 		{
 			Lease lease = *(Lease *)leases;
 			lease.tunnelID = be32toh (lease.tunnelID);
@@ -88,11 +90,7 @@ namespace data
 		}	
 
 		// verify
-		CryptoPP::DSA::PublicKey pubKey;
-		pubKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag, 
-			CryptoPP::Integer (m_Identity.signingKey, 128));
-		CryptoPP::DSA::Verifier verifier (pubKey);
-		if (!verifier.VerifyMessage (m_Buffer, leases - m_Buffer, leases, 40))
+		if (!m_Identity.Verify (m_Buffer, leases - m_Buffer, leases))
 			LogPrint ("LeaseSet verification failed");
 	}				
 

diff --git a/LeaseSet.h b/LeaseSet.h
@@ -62,8 +62,8 @@ namespace data
 			void SetUnsolicited (bool unsolicited) { m_IsUnsolicited = unsolicited; };
 
 			// implements RoutingDestination
-			const Identity& GetIdentity () const { return m_Identity; };
-			const IdentHash& GetIdentHash () const { return m_IdentHash; };
+			const Identity& GetIdentity () const { return m_Identity.GetStandardIdentity (); };
+			const IdentHash& GetIdentHash () const { return m_Identity.GetIdentHash (); };
 			const std::vector<Lease>& GetLeases () const { return m_Leases; };
 			const std::vector<Lease> GetNonExpiredLeases () const;
 			bool HasExpiredLeases () const;
@@ -78,8 +78,7 @@ namespace data
 		private:
 
 			std::vector<Lease> m_Leases;
-			Identity m_Identity;
-			IdentHash m_IdentHash;
+			IdentityEx m_Identity;
 			uint8_t m_EncryptionKey[256];
 			uint8_t m_Buffer[MAX_LS_BUFFER_SIZE];
 			size_t m_BufferLen;

diff --git a/Signature.h b/Signature.h
@@ -18,6 +18,8 @@ namespace crypto
 
 			virtual ~Verifier () {};
 			virtual bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) = 0;
+			virtual size_t GetPublicKeyLen () const = 0;
+			virtual size_t GetSignatureLen () const = 0;
 	};
 
 	class DSAVerifier: public Verifier
@@ -35,6 +37,9 @@ namespace crypto
 				return verifier.VerifyMessage (buf, len, signature, 40);
 			}	
 
+			size_t GetPublicKeyLen () const { return 128; };
+			size_t GetSignatureLen () const { return 40; };
+
 		private:
 
 			CryptoPP::DSA::PublicKey m_PublicKey;
@@ -57,6 +62,9 @@ namespace crypto
 				return verifier.VerifyMessage (buf, len, signature, 64);
 			}	
 
+			size_t GetPublicKeyLen () const { return 64; };
+			size_t GetSignatureLen () const { return 64; };
+
 		private:
 
 			CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PublicKey m_PublicKey;