mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-01-22 21:37:17 +01:00
create random keys for different signature type
This commit is contained in:
orignal
parent
a6c308f2f5
commit
009af2eeae
86
Identity.cpp
86
Identity.cpp
|
|
@ -29,7 +29,6 @@ namespace data
|
|||
size_t Identity::FromBuffer (const uint8_t * buf, size_t len)
|
||||
{
|
||||
memcpy (publicKey, buf, DEFAULT_IDENTITY_SIZE);
|
||||
// TODO: process certificate
|
||||
return DEFAULT_IDENTITY_SIZE;
|
||||
}
|
||||
|
||||
|
|
@ -38,6 +37,30 @@ namespace data
|
|||
{
|
||||
}
|
||||
|
||||
IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type)
|
||||
{
|
||||
memcpy (m_StandardIdentity.publicKey, publicKey, sizeof (m_StandardIdentity.publicKey));
|
||||
if (type == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
|
||||
{
|
||||
memcpy (m_StandardIdentity.signingKey + 64, signingKey, 64);
|
||||
m_StandardIdentity.certificate.type = CERTIFICATE_TYPE_KEY;
|
||||
m_ExtendedLen = 4; // 4 bytes extra
|
||||
m_StandardIdentity.certificate.length = htobe16 (4);
|
||||
m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
|
||||
*(uint16_t *)m_ExtendedBuffer = htobe16 (SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
|
||||
*(uint16_t *)(m_ExtendedBuffer + 2) = htobe16 (CRYPTO_KEY_TYPE_ELGAMAL);
|
||||
}
|
||||
else // DSA-SHA1
|
||||
{
|
||||
memcpy (m_StandardIdentity.signingKey, signingKey, sizeof (m_StandardIdentity.signingKey));
|
||||
memset (&m_StandardIdentity.certificate, 0, sizeof (m_StandardIdentity.certificate));
|
||||
m_ExtendedLen = 0;
|
||||
m_ExtendedBuffer = nullptr;
|
||||
}
|
||||
m_IdentHash = m_StandardIdentity.Hash ();
|
||||
CreateVerifier ();
|
||||
}
|
||||
|
||||
IdentityEx::IdentityEx (const uint8_t * buf, size_t len):
|
||||
m_Verifier (nullptr), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
|
||||
{
|
||||
|
|
@ -144,36 +167,26 @@ namespace data
|
|||
return false;
|
||||
}
|
||||
|
||||
SigningKeyType IdentityEx::GetSigningKeyType () const
|
||||
{
|
||||
if (m_StandardIdentity.certificate.type == CERTIFICATE_TYPE_KEY && m_ExtendedBuffer)
|
||||
return be16toh (*(const uint16_t *)m_ExtendedBuffer); // signing key
|
||||
return SIGNING_KEY_TYPE_DSA_SHA1;
|
||||
}
|
||||
|
||||
void IdentityEx::CreateVerifier ()
|
||||
{
|
||||
switch (m_StandardIdentity.certificate.type)
|
||||
{
|
||||
case CERTIFICATE_TYPE_NULL:
|
||||
m_Verifier = new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey);
|
||||
break;
|
||||
case CERTIFICATE_TYPE_KEY:
|
||||
{
|
||||
if (m_ExtendedBuffer)
|
||||
{
|
||||
uint16_t keyType = be16toh (*(uint16_t *)m_ExtendedBuffer); // sigining key
|
||||
auto keyType = GetSigningKeyType ();
|
||||
switch (keyType)
|
||||
{
|
||||
case PUBLIC_KEY_TYPE_DSA_SHA1:
|
||||
case SIGNING_KEY_TYPE_DSA_SHA1:
|
||||
m_Verifier = new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey);
|
||||
break;
|
||||
case PUBLIC_KEY_TYPE_ECDSA_SHA256_P256:
|
||||
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
|
||||
m_Verifier = new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + 64);
|
||||
break;
|
||||
default:
|
||||
LogPrint ("Signing key type ", keyType, " is not supported");
|
||||
}
|
||||
}
|
||||
else
|
||||
LogPrint ("Missing certificate payload");
|
||||
break;
|
||||
}
|
||||
default:
|
||||
LogPrint ("Certificate type ", m_StandardIdentity.certificate.type, " is not supported");
|
||||
LogPrint ("Signing key type ", (int)keyType, " is not supported");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -214,23 +227,34 @@ namespace data
|
|||
return ret;
|
||||
}
|
||||
|
||||
PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type)
|
||||
{
|
||||
if (type == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
|
||||
{
|
||||
PrivateKeys keys;
|
||||
CryptoPP::AutoSeededRandomPool rnd;
|
||||
// encryption
|
||||
uint8_t publicKey[256];
|
||||
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
|
||||
dh.GenerateKeyPair(rnd, keys.m_PrivateKey, publicKey);
|
||||
// signature
|
||||
uint8_t signingPublicKey[64];
|
||||
i2p::crypto::CreateECDSAP256RandomKeys (rnd, keys.m_SigningPrivateKey, signingPublicKey);
|
||||
keys.m_Public = IdentityEx (publicKey, signingPublicKey, SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
|
||||
return keys;
|
||||
}
|
||||
return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
|
||||
}
|
||||
|
||||
Keys CreateRandomKeys ()
|
||||
{
|
||||
Keys keys;
|
||||
CryptoPP::AutoSeededRandomPool rnd;
|
||||
|
||||
// encryption
|
||||
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
|
||||
dh.GenerateKeyPair(rnd, keys.privateKey, keys.publicKey);
|
||||
|
||||
// signing
|
||||
CryptoPP::DSA::PrivateKey privateKey;
|
||||
CryptoPP::DSA::PublicKey publicKey;
|
||||
privateKey.Initialize (rnd, i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag);
|
||||
privateKey.MakePublicKey (publicKey);
|
||||
privateKey.GetPrivateExponent ().Encode (keys.signingPrivateKey, 20);
|
||||
publicKey.GetPublicElement ().Encode (keys.signingKey, 128);
|
||||
|
||||
i2p::crypto::CreateDSARandomKeys (rnd, keys.signingPrivateKey, keys.signingKey);
|
||||
return keys;
|
||||
}
|
||||
|
||||
|
|
|
|||
13
Identity.h
13
Identity.h
|
|
@ -80,9 +80,6 @@ namespace data
|
|||
const uint8_t CERTIFICATE_TYPE_MULTIPLE = 4;
|
||||
const uint8_t CERTIFICATE_TYPE_KEY = 5;
|
||||
|
||||
const uint16_t PUBLIC_KEY_TYPE_DSA_SHA1 = 0;
|
||||
const uint16_t PUBLIC_KEY_TYPE_ECDSA_SHA256_P256 = 1;
|
||||
|
||||
struct Identity
|
||||
{
|
||||
uint8_t publicKey[256];
|
||||
|
|
@ -102,11 +99,18 @@ namespace data
|
|||
};
|
||||
const size_t DEFAULT_IDENTITY_SIZE = sizeof (Identity); // 387 bytes
|
||||
|
||||
const uint16_t CRYPTO_KEY_TYPE_ELGAMAL = 0;
|
||||
const uint16_t SIGNING_KEY_TYPE_DSA_SHA1 = 0;
|
||||
const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA256_P256 = 1;
|
||||
typedef uint16_t SigningKeyType;
|
||||
|
||||
class IdentityEx
|
||||
{
|
||||
public:
|
||||
|
||||
IdentityEx ();
|
||||
IdentityEx (const uint8_t * publicKey, const uint8_t * signingKey,
|
||||
SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1);
|
||||
IdentityEx (const uint8_t * buf, size_t len);
|
||||
IdentityEx (const IdentityEx& other);
|
||||
~IdentityEx ();
|
||||
|
|
@ -121,6 +125,7 @@ namespace data
|
|||
size_t GetSigningPublicKeyLen () const;
|
||||
size_t GetSignatureLen () const;
|
||||
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
|
||||
SigningKeyType GetSigningKeyType () const;
|
||||
|
||||
private:
|
||||
|
||||
|
|
@ -151,6 +156,8 @@ namespace data
|
|||
size_t FromBuffer (const uint8_t * buf, size_t len);
|
||||
size_t ToBuffer (uint8_t * buf, size_t len) const;
|
||||
|
||||
static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1);
|
||||
|
||||
private:
|
||||
|
||||
IdentityEx m_Public;
|
||||
|
|
|
|||
|
|
@ -505,7 +505,7 @@ namespace stream
|
|||
StreamingDestination::StreamingDestination (boost::asio::io_service& service):
|
||||
m_Service (service), m_LeaseSet (nullptr), m_IsPublic (false)
|
||||
{
|
||||
m_Keys = i2p::data::CreateRandomKeys ();
|
||||
m_Keys = i2p::data::PrivateKeys::CreateRandomKeys ();
|
||||
m_SigningPrivateKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag,
|
||||
CryptoPP::Integer (m_Keys.GetSigningPrivateKey (), 20));
|
||||
CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
|
||||
|
|
|
|||
Loading…
Reference in a new issue