2012-08-12 16:46:21 -04:00
|
|
|
|
|
|
|
/*
|
2012-11-02 19:35:10 -04:00
|
|
|
* libretroshare/src/gxs: gxssecurity.cc
|
2012-08-12 16:46:21 -04:00
|
|
|
*
|
|
|
|
*
|
|
|
|
* Copyright 2008-2010 by Robert Fernie
|
2012-11-02 19:35:10 -04:00
|
|
|
* 2011-2012 Christopher Evi-Parker
|
2012-08-12 16:46:21 -04:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Library General Public
|
|
|
|
* License Version 2 as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Library General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Library General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
|
|
|
* USA.
|
|
|
|
*
|
|
|
|
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "gxssecurity.h"
|
|
|
|
#include "pqi/authgpg.h"
|
|
|
|
#include "retroshare/rspeers.h"
|
|
|
|
|
2012-10-23 17:52:51 -04:00
|
|
|
#define GXS_SECURITY_DEBUG
|
|
|
|
|
2012-08-12 16:46:21 -04:00
|
|
|
GxsSecurity::GxsSecurity()
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
GxsSecurity::~GxsSecurity()
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
2013-10-06 17:07:31 -04:00
|
|
|
RSA *GxsSecurity::extractPublicKey(const RsTlvSecurityKey& key)
|
2012-08-12 16:46:21 -04:00
|
|
|
{
|
|
|
|
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
|
|
|
long keylen = key.keyData.bin_len;
|
|
|
|
|
|
|
|
/* extract admin key */
|
|
|
|
RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen);
|
|
|
|
|
|
|
|
return rsakey;
|
|
|
|
}
|
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign)
|
2012-11-02 19:35:10 -04:00
|
|
|
{
|
2014-03-29 10:18:05 -04:00
|
|
|
RSA* rsa_pub = extractPrivateKey(privKey);
|
2012-11-02 19:35:10 -04:00
|
|
|
EVP_PKEY *key_pub = EVP_PKEY_new();
|
|
|
|
EVP_PKEY_assign_RSA(key_pub, rsa_pub);
|
|
|
|
|
|
|
|
/* calc and check signature */
|
|
|
|
EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
|
|
|
|
bool ok = EVP_SignInit(mdctx, EVP_sha1()) == 1;
|
|
|
|
ok &= EVP_SignUpdate(mdctx, data, data_len) == 1;
|
|
|
|
|
|
|
|
unsigned int siglen = EVP_PKEY_size(key_pub);
|
|
|
|
unsigned char sigbuf[siglen];
|
|
|
|
ok &= EVP_SignFinal(mdctx, sigbuf, &siglen, key_pub) == 1;
|
|
|
|
|
|
|
|
// clean up
|
|
|
|
EVP_MD_CTX_destroy(mdctx);
|
|
|
|
EVP_PKEY_free(key_pub);
|
|
|
|
|
|
|
|
sign.signData.setBinData(sigbuf, siglen);
|
2014-03-29 10:18:05 -04:00
|
|
|
sign.keyId = privKey.keyId;
|
2012-11-02 19:35:10 -04:00
|
|
|
|
|
|
|
return ok;
|
|
|
|
}
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& key, const RsTlvKeySignature& signature)
|
|
|
|
{
|
|
|
|
RSA *rsakey = RSAPublicKey_dup(extractPublicKey(key)) ;
|
|
|
|
|
|
|
|
EVP_PKEY *signKey = EVP_PKEY_new();
|
|
|
|
EVP_PKEY_assign_RSA(signKey, rsakey);
|
|
|
|
|
|
|
|
/* calc and check signature */
|
|
|
|
EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
|
|
|
|
|
|
|
|
EVP_VerifyInit(mdctx, EVP_sha1());
|
|
|
|
EVP_VerifyUpdate(mdctx, data, data_len);
|
|
|
|
|
|
|
|
int signOk = EVP_VerifyFinal(mdctx, (unsigned char*)signature.signData.bin_data, signature.signData.bin_len, signKey);
|
|
|
|
|
|
|
|
/* clean up */
|
|
|
|
EVP_PKEY_free(signKey);
|
|
|
|
EVP_MD_CTX_destroy(mdctx);
|
|
|
|
|
|
|
|
return signOk;
|
|
|
|
}
|
|
|
|
|
2012-11-10 18:42:38 -05:00
|
|
|
bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSecurityKey& key)
|
2012-08-12 16:46:21 -04:00
|
|
|
{
|
2012-11-10 18:42:38 -05:00
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsMsg()";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
std::cerr << "RsNxsMsg :";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
msg.print(std::cerr, 10);
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
2012-10-23 17:52:51 -04:00
|
|
|
|
2012-11-10 18:42:38 -05:00
|
|
|
RsGxsMsgMetaData& msgMeta = *(msg.metaData);
|
2012-10-23 17:52:51 -04:00
|
|
|
|
|
|
|
// /********************* check signature *******************/
|
|
|
|
|
2012-11-10 18:42:38 -05:00
|
|
|
/* check signature timeperiod */
|
|
|
|
if ((msgMeta.mPublishTs < key.startTS) ||
|
|
|
|
(msgMeta.mPublishTs > key.endTS))
|
|
|
|
{
|
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << " GxsSecurity::validateNxsMsg() TS out of range";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* decode key */
|
|
|
|
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
|
|
|
long keylen = key.keyData.bin_len;
|
|
|
|
unsigned int siglen = sign.signData.bin_len;
|
|
|
|
unsigned char *sigbuf = (unsigned char *) sign.signData.bin_data;
|
|
|
|
|
|
|
|
#ifdef DISTRIB_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsMsg() Decode Key";
|
|
|
|
std::cerr << " keylen: " << keylen << " siglen: " << siglen;
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* extract admin key */
|
|
|
|
RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen);
|
|
|
|
|
|
|
|
if (!rsakey)
|
|
|
|
{
|
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsMsg()";
|
|
|
|
std::cerr << " Invalid RSA Key";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
|
|
|
|
key.print(std::cerr, 10);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
RsTlvKeySignatureSet signSet = msgMeta.signSet;
|
|
|
|
msgMeta.signSet.TlvClear();
|
|
|
|
|
2013-02-07 18:04:16 -05:00
|
|
|
RsGxsMessageId msgId = msgMeta.mMsgId, origMsgId = msgMeta.mOrigMsgId;
|
|
|
|
msgMeta.mOrigMsgId.clear();
|
|
|
|
msgMeta.mMsgId.clear();
|
|
|
|
|
2012-11-10 18:42:38 -05:00
|
|
|
uint32_t metaDataLen = msgMeta.serial_size();
|
|
|
|
uint32_t allMsgDataLen = metaDataLen + msg.msg.bin_len;
|
|
|
|
char* metaData = new char[metaDataLen];
|
|
|
|
char* allMsgData = new char[allMsgDataLen]; // msgData + metaData
|
|
|
|
|
|
|
|
msgMeta.serialise(metaData, &metaDataLen);
|
|
|
|
|
|
|
|
// copy msg data and meta in allmsgData buffer
|
|
|
|
memcpy(allMsgData, msg.msg.bin_data, msg.msg.bin_len);
|
|
|
|
memcpy(allMsgData+(msg.msg.bin_len), metaData, metaDataLen);
|
|
|
|
|
|
|
|
|
|
|
|
EVP_PKEY *signKey = EVP_PKEY_new();
|
|
|
|
EVP_PKEY_assign_RSA(signKey, rsakey);
|
|
|
|
|
|
|
|
/* calc and check signature */
|
|
|
|
EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
|
|
|
|
|
|
|
|
EVP_VerifyInit(mdctx, EVP_sha1());
|
|
|
|
EVP_VerifyUpdate(mdctx, allMsgData, allMsgDataLen);
|
|
|
|
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
|
|
|
|
|
|
|
|
/* clean up */
|
|
|
|
EVP_PKEY_free(signKey);
|
|
|
|
EVP_MD_CTX_destroy(mdctx);
|
|
|
|
|
2013-02-07 18:04:16 -05:00
|
|
|
msgMeta.mOrigMsgId = origMsgId;
|
|
|
|
msgMeta.mMsgId = msgId;
|
|
|
|
msgMeta.signSet = signSet;
|
2012-11-10 18:42:38 -05:00
|
|
|
|
|
|
|
if (signOk == 1)
|
|
|
|
{
|
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsMsg() Signature OK";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsMsg() Signature invalid";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
2012-10-23 17:52:51 -04:00
|
|
|
|
2012-11-02 19:35:10 -04:00
|
|
|
return false;
|
2012-08-12 16:46:21 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
std::string GxsSecurity::getBinDataSign(void *data, int len)
|
|
|
|
{
|
|
|
|
unsigned char *tmp = (unsigned char *) data;
|
|
|
|
|
|
|
|
// copy first CERTSIGNLEN bytes...
|
|
|
|
if (len > CERTSIGNLEN)
|
|
|
|
{
|
|
|
|
len = CERTSIGNLEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string id;
|
|
|
|
for(uint32_t i = 0; i < CERTSIGNLEN; i++)
|
|
|
|
{
|
|
|
|
rs_sprintf_append(id, "%02x", (uint16_t) (((uint8_t *) (tmp))[i]));
|
|
|
|
}
|
|
|
|
|
|
|
|
return id;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen, const RsTlvSecurityKey& key)
|
2012-08-12 16:46:21 -04:00
|
|
|
{
|
|
|
|
#ifdef DISTRIB_DEBUG
|
2014-03-29 10:18:05 -04:00
|
|
|
std::cerr << "GxsSecurity::encrypt() " << std::endl;
|
2012-08-12 16:46:21 -04:00
|
|
|
#endif
|
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
RSA *rsa_publish_pub = RSAPublicKey_dup(extractPublicKey(key)) ;
|
|
|
|
EVP_PKEY *public_key = NULL;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
//RSA* rsa_publish = EVP_PKEY_get1_RSA(privateKey);
|
|
|
|
//rsa_publish_pub = RSAPublicKey_dup(rsa_publish);
|
2012-08-12 16:46:21 -04:00
|
|
|
|
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
if(rsa_publish_pub != NULL)
|
|
|
|
{
|
|
|
|
public_key = EVP_PKEY_new();
|
|
|
|
EVP_PKEY_assign_RSA(public_key, rsa_publish_pub);
|
|
|
|
}else{
|
2012-08-12 16:46:21 -04:00
|
|
|
#ifdef DISTRIB_DEBUG
|
2014-03-29 10:18:05 -04:00
|
|
|
std::cerr << "GxsSecurity(): Could not generate publish key " << grpId
|
|
|
|
<< std::endl;
|
2012-08-12 16:46:21 -04:00
|
|
|
#endif
|
2014-03-29 10:18:05 -04:00
|
|
|
return false;
|
|
|
|
}
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
EVP_CIPHER_CTX ctx;
|
|
|
|
int eklen, net_ekl;
|
|
|
|
unsigned char *ek;
|
|
|
|
unsigned char iv[EVP_MAX_IV_LENGTH];
|
|
|
|
EVP_CIPHER_CTX_init(&ctx);
|
|
|
|
int out_currOffset = 0;
|
|
|
|
int out_offset = 0;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
int max_evp_key_size = EVP_PKEY_size(public_key);
|
|
|
|
ek = (unsigned char*)malloc(max_evp_key_size);
|
|
|
|
const EVP_CIPHER *cipher = EVP_aes_128_cbc();
|
|
|
|
int cipher_block_size = EVP_CIPHER_block_size(cipher);
|
|
|
|
int size_net_ekl = sizeof(net_ekl);
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
int max_outlen = inlen + cipher_block_size + EVP_MAX_IV_LENGTH + max_evp_key_size + size_net_ekl;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
// intialize context and send store encrypted cipher in ek
|
|
|
|
if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
// now assign memory to out accounting for data, and cipher block size, key length, and key length val
|
|
|
|
out = new unsigned char[inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH];
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
net_ekl = htonl(eklen);
|
|
|
|
memcpy((unsigned char*)out + out_offset, &net_ekl, size_net_ekl);
|
|
|
|
out_offset += size_net_ekl;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
memcpy((unsigned char*)out + out_offset, ek, eklen);
|
|
|
|
out_offset += eklen;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
memcpy((unsigned char*)out + out_offset, iv, EVP_MAX_IV_LENGTH);
|
|
|
|
out_offset += EVP_MAX_IV_LENGTH;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
// now encrypt actual data
|
|
|
|
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) return false;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
// move along to partial block space
|
|
|
|
out_offset += out_currOffset;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
// add padding
|
|
|
|
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset)) return false;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
// move to end
|
|
|
|
out_offset += out_currOffset;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
// make sure offset has not gone passed valid memory bounds
|
|
|
|
if(out_offset > max_outlen) return false;
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
// free encrypted key data
|
|
|
|
free(ek);
|
2012-08-12 16:46:21 -04:00
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
outlen = out_offset;
|
|
|
|
return true;
|
2012-08-12 16:46:21 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-03-29 10:18:05 -04:00
|
|
|
bool GxsSecurity::decrypt(void *& out, int & outlen, const void *in, int inlen, const RsTlvSecurityKey& key)
|
2012-08-12 16:46:21 -04:00
|
|
|
{
|
|
|
|
|
|
|
|
#ifdef DISTRIB_DEBUG
|
2014-03-29 10:18:05 -04:00
|
|
|
std::cerr << "GxsSecurity::decrypt() " << std::endl;
|
2012-08-12 16:46:21 -04:00
|
|
|
#endif
|
2014-03-29 10:18:05 -04:00
|
|
|
RSA *rsa_publish = RSAPrivateKey_dup(extractPrivateKey(key)) ;
|
|
|
|
EVP_PKEY *privateKey = NULL;
|
|
|
|
|
|
|
|
//RSA* rsa_publish = EVP_PKEY_get1_RSA(privateKey);
|
|
|
|
//rsa_publish_pub = RSAPublicKey_dup(rsa_publish);
|
|
|
|
|
|
|
|
if(rsa_publish != NULL)
|
|
|
|
{
|
|
|
|
privateKey = EVP_PKEY_new();
|
|
|
|
EVP_PKEY_assign_RSA(privateKey, rsa_publish);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
#ifdef DISTRIB_DEBUG
|
|
|
|
std::cerr << "GxsSecurity(): Could not generate publish key " << grpId
|
|
|
|
<< std::endl;
|
|
|
|
#endif
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2012-08-12 16:46:21 -04:00
|
|
|
|
|
|
|
EVP_CIPHER_CTX ctx;
|
|
|
|
int eklen = 0, net_ekl = 0;
|
|
|
|
unsigned char *ek = NULL;
|
|
|
|
unsigned char iv[EVP_MAX_IV_LENGTH];
|
|
|
|
ek = (unsigned char*)malloc(EVP_PKEY_size(privateKey));
|
|
|
|
EVP_CIPHER_CTX_init(&ctx);
|
|
|
|
|
|
|
|
int in_offset = 0, out_currOffset = 0;
|
|
|
|
int size_net_ekl = sizeof(net_ekl);
|
|
|
|
|
|
|
|
memcpy(&net_ekl, (unsigned char*)in, size_net_ekl);
|
|
|
|
eklen = ntohl(net_ekl);
|
|
|
|
in_offset += size_net_ekl;
|
|
|
|
|
|
|
|
memcpy(ek, (unsigned char*)in + in_offset, eklen);
|
|
|
|
in_offset += eklen;
|
|
|
|
|
|
|
|
memcpy(iv, (unsigned char*)in + in_offset, EVP_MAX_IV_LENGTH);
|
|
|
|
in_offset += EVP_MAX_IV_LENGTH;
|
|
|
|
|
|
|
|
const EVP_CIPHER* cipher = EVP_aes_128_cbc();
|
|
|
|
|
|
|
|
if(!EVP_OpenInit(&ctx, cipher, ek, eklen, iv, privateKey)) return false;
|
|
|
|
|
|
|
|
out = new unsigned char[inlen - in_offset];
|
|
|
|
|
|
|
|
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) return false;
|
|
|
|
|
|
|
|
in_offset += out_currOffset;
|
|
|
|
outlen += out_currOffset;
|
|
|
|
|
|
|
|
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) return false;
|
|
|
|
|
|
|
|
outlen += out_currOffset;
|
|
|
|
|
|
|
|
free(ek);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string GxsSecurity::getRsaKeySign(RSA *pubkey)
|
|
|
|
{
|
|
|
|
int len = BN_num_bytes(pubkey -> n);
|
|
|
|
unsigned char tmp[len];
|
|
|
|
BN_bn2bin(pubkey -> n, tmp);
|
|
|
|
|
|
|
|
// copy first CERTSIGNLEN bytes...
|
|
|
|
if (len > CERTSIGNLEN)
|
|
|
|
{
|
|
|
|
len = CERTSIGNLEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string id;
|
|
|
|
for(uint32_t i = 0; i < CERTSIGNLEN; i++)
|
|
|
|
{
|
|
|
|
rs_sprintf_append(id, "%02x", (uint16_t) (((uint8_t *) (tmp))[i]));
|
|
|
|
}
|
|
|
|
|
|
|
|
return id;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-03-10 11:08:04 -04:00
|
|
|
bool GxsSecurity::validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSecurityKey& key)
|
2012-08-12 16:46:21 -04:00
|
|
|
{
|
2013-03-10 11:08:04 -04:00
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsGrp()";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
std::cerr << "RsNxsGrp :";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
grp.print(std::cerr, 10);
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
RsGxsGrpMetaData& grpMeta = *(grp.metaData);
|
|
|
|
|
|
|
|
/********************* check signature *******************/
|
|
|
|
|
|
|
|
/* check signature timeperiod */
|
|
|
|
if ((grpMeta.mPublishTs < key.startTS) ||
|
|
|
|
(grpMeta.mPublishTs > key.endTS))
|
|
|
|
{
|
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << " GxsSecurity::validateNxsMsg() TS out of range";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* decode key */
|
|
|
|
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
|
|
|
long keylen = key.keyData.bin_len;
|
|
|
|
unsigned int siglen = sign.signData.bin_len;
|
|
|
|
unsigned char *sigbuf = (unsigned char *) sign.signData.bin_data;
|
|
|
|
|
|
|
|
#ifdef DISTRIB_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsMsg() Decode Key";
|
|
|
|
std::cerr << " keylen: " << keylen << " siglen: " << siglen;
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* extract admin key */
|
|
|
|
RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen);
|
|
|
|
|
|
|
|
if (!rsakey)
|
|
|
|
{
|
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsGrp()";
|
|
|
|
std::cerr << " Invalid RSA Key";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
|
|
|
|
key.print(std::cerr, 10);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
RsTlvKeySignatureSet signSet = grpMeta.signSet;
|
|
|
|
grpMeta.signSet.TlvClear();
|
|
|
|
|
|
|
|
uint32_t metaDataLen = grpMeta.serial_size();
|
|
|
|
uint32_t allGrpDataLen = metaDataLen + grp.grp.bin_len;
|
|
|
|
char* metaData = new char[metaDataLen];
|
|
|
|
char* allGrpData = new char[allGrpDataLen]; // msgData + metaData
|
|
|
|
|
|
|
|
grpMeta.serialise(metaData, metaDataLen);
|
|
|
|
|
|
|
|
// copy msg data and meta in allmsgData buffer
|
|
|
|
memcpy(allGrpData, grp.grp.bin_data, grp.grp.bin_len);
|
|
|
|
memcpy(allGrpData+(grp.grp.bin_len), metaData, metaDataLen);
|
|
|
|
|
|
|
|
|
|
|
|
EVP_PKEY *signKey = EVP_PKEY_new();
|
|
|
|
EVP_PKEY_assign_RSA(signKey, rsakey);
|
|
|
|
|
|
|
|
/* calc and check signature */
|
|
|
|
EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
|
|
|
|
|
|
|
|
EVP_VerifyInit(mdctx, EVP_sha1());
|
|
|
|
EVP_VerifyUpdate(mdctx, allGrpData, allGrpDataLen);
|
|
|
|
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
|
|
|
|
|
|
|
|
/* clean up */
|
|
|
|
EVP_PKEY_free(signKey);
|
|
|
|
EVP_MD_CTX_destroy(mdctx);
|
|
|
|
|
|
|
|
grpMeta.signSet = signSet;
|
|
|
|
|
|
|
|
if (signOk == 1)
|
|
|
|
{
|
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsGrp() Signature OK";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef GXS_SECURITY_DEBUG
|
|
|
|
std::cerr << "GxsSecurity::validateNxsGrp() Signature invalid";
|
|
|
|
std::cerr << std::endl;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return false;
|
2012-08-12 16:46:21 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
void GxsSecurity::setRSAPublicKey(RsTlvSecurityKey & key, RSA *rsa_pub)
|
|
|
|
{
|
|
|
|
unsigned char data[10240]; /* more than enough space */
|
|
|
|
unsigned char *ptr = data;
|
|
|
|
int reqspace = i2d_RSAPublicKey(rsa_pub, &ptr);
|
|
|
|
|
|
|
|
key.keyData.setBinData(data, reqspace);
|
|
|
|
|
|
|
|
std::string keyId = getRsaKeySign(rsa_pub);
|
|
|
|
key.keyId = keyId;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void GxsSecurity::setRSAPrivateKey(RsTlvSecurityKey & key, RSA *rsa_priv)
|
|
|
|
{
|
|
|
|
unsigned char data[10240]; /* more than enough space */
|
|
|
|
unsigned char *ptr = data;
|
|
|
|
int reqspace = i2d_RSAPrivateKey(rsa_priv, &ptr);
|
|
|
|
|
|
|
|
key.keyData.setBinData(data, reqspace);
|
|
|
|
|
|
|
|
std::string keyId = getRsaKeySign(rsa_priv);
|
|
|
|
key.keyId = keyId;
|
|
|
|
}
|
|
|
|
|
2013-10-06 17:07:31 -04:00
|
|
|
RSA *GxsSecurity::extractPrivateKey(const RsTlvSecurityKey & key)
|
2012-08-12 16:46:21 -04:00
|
|
|
{
|
|
|
|
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
|
|
|
long keylen = key.keyData.bin_len;
|
|
|
|
|
|
|
|
/* extract admin key */
|
|
|
|
RSA *rsakey = d2i_RSAPrivateKey(NULL, &(keyptr), keylen);
|
|
|
|
|
|
|
|
return rsakey;
|
|
|
|
}
|
|
|
|
|
|
|
|
|