mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-13 00:19:30 -05:00
added methods to check public/private keys for consistent fingerprint and content. Should be later used to check GXS keys when they arrive from neighbor nodes.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8613 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
685ddbbf0a
commit
0873c0dfa2
@ -54,6 +54,19 @@ static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
|
||||
return RsGxsId(s.toStdString().substr(0,2*CERTSIGNLEN));
|
||||
}
|
||||
|
||||
static RSA *extractPrivateKey(const RsTlvSecurityKey & key)
|
||||
{
|
||||
assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
|
||||
|
||||
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
||||
long keylen = key.keyData.bin_len;
|
||||
|
||||
/* extract admin key */
|
||||
RSA *rsakey = d2i_RSAPrivateKey(NULL, &(keyptr), keylen);
|
||||
|
||||
return rsakey;
|
||||
}
|
||||
|
||||
static RSA *extractPublicKey(const RsTlvSecurityKey& key)
|
||||
{
|
||||
assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
|
||||
@ -77,6 +90,69 @@ static void setRSAPublicKeyData(RsTlvSecurityKey & key, RSA *rsa_pub)
|
||||
free(data) ;
|
||||
}
|
||||
|
||||
bool GxsSecurity::checkPrivateKey(const RsTlvSecurityKey& key)
|
||||
{
|
||||
std::cerr << "Checking private key " << key.keyId << " ..." << std::endl;
|
||||
|
||||
if( (key.keyFlags & RSTLV_KEY_TYPE_MASK) != RSTLV_KEY_TYPE_FULL)
|
||||
{
|
||||
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): private key has wrong flags " << std::hex << (key.keyFlags & RSTLV_KEY_TYPE_MASK) << std::dec << ". This is unexpected." << std::endl;
|
||||
return false ;
|
||||
}
|
||||
RSA *rsa_prv = ::extractPrivateKey(key) ;
|
||||
|
||||
if(rsa_prv == NULL)
|
||||
{
|
||||
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): no private key can be extracted from key ID " << key.keyId << ". Key is corrupted?" << std::endl;
|
||||
return false ;
|
||||
}
|
||||
RSA *rsa_pub = RSAPublicKey_dup(rsa_prv);
|
||||
RSA_free(rsa_prv) ;
|
||||
|
||||
if(rsa_pub == NULL)
|
||||
{
|
||||
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): no public key can be extracted from key ID " << key.keyId << ". Key is corrupted?" << std::endl;
|
||||
return false ;
|
||||
}
|
||||
RsGxsId recomputed_key_id = getRsaKeyFingerprint(rsa_pub) ;
|
||||
RSA_free(rsa_pub) ;
|
||||
|
||||
if(recomputed_key_id != key.keyId)
|
||||
{
|
||||
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << "! This is unexpected." << std::endl;
|
||||
return false ;
|
||||
}
|
||||
|
||||
return true ;
|
||||
}
|
||||
bool GxsSecurity::checkPublicKey(const RsTlvSecurityKey& key)
|
||||
{
|
||||
std::cerr << "Checking public key " << key.keyId << " ..." << std::endl;
|
||||
|
||||
if( (key.keyFlags & RSTLV_KEY_TYPE_MASK) != RSTLV_KEY_TYPE_PUBLIC_ONLY)
|
||||
{
|
||||
std::cerr << "(WW) GxsSecurity::checkPublicKey(): public key has wrong flags " << std::hex << (key.keyFlags & RSTLV_KEY_TYPE_MASK) << std::dec << ". This is unexpected." << std::endl;
|
||||
return false ;
|
||||
}
|
||||
RSA *rsa_pub = ::extractPublicKey(key) ;
|
||||
|
||||
if(rsa_pub == NULL)
|
||||
{
|
||||
std::cerr << "(WW) GxsSecurity::checkPublicKey(): no public key can be extracted from key ID " << key.keyId << ". Key is corrupted?" << std::endl;
|
||||
return false ;
|
||||
}
|
||||
RsGxsId recomputed_key_id = getRsaKeyFingerprint(rsa_pub) ;
|
||||
RSA_free(rsa_pub) ;
|
||||
|
||||
if(recomputed_key_id != key.keyId)
|
||||
{
|
||||
std::cerr << "(WW) GxsSecurity::checkPublicKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << "! This is unexpected." << std::endl;
|
||||
return false ;
|
||||
}
|
||||
|
||||
return true ;
|
||||
}
|
||||
|
||||
static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv)
|
||||
{
|
||||
unsigned char *data = NULL ;
|
||||
@ -88,19 +164,6 @@ static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv)
|
||||
free(data) ;
|
||||
}
|
||||
|
||||
static RSA *extractPrivateKey(const RsTlvSecurityKey & key)
|
||||
{
|
||||
assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
|
||||
|
||||
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
||||
long keylen = key.keyData.bin_len;
|
||||
|
||||
/* extract admin key */
|
||||
RSA *rsakey = d2i_RSAPrivateKey(NULL, &(keyptr), keylen);
|
||||
|
||||
return rsakey;
|
||||
}
|
||||
|
||||
bool GxsSecurity::generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& private_key)
|
||||
{
|
||||
// admin keys
|
||||
|
@ -112,7 +112,17 @@ class GxsSecurity
|
||||
* @param sign Signature for the data
|
||||
* @return true if signature checks
|
||||
*/
|
||||
static bool validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& pubKey, const RsTlvKeySignature& sign);
|
||||
static bool validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& pubKey, const RsTlvKeySignature& sign);
|
||||
|
||||
/*!
|
||||
* Checks that the public key has correct fingerprint and correct flags.
|
||||
* @brief checkPublicKey
|
||||
* @param key
|
||||
* @return false if the key is invalid.
|
||||
*/
|
||||
|
||||
static bool checkPublicKey(const RsTlvSecurityKey &key);
|
||||
static bool checkPrivateKey(const RsTlvSecurityKey &key);
|
||||
};
|
||||
|
||||
#endif // GXSSECURITY_H
|
||||
|
Loading…
Reference in New Issue
Block a user