added methods to check public/private keys for consistent fingerprint and content. Should be later used to check GXS keys when they arrive from neighbor nodes.

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8613 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2015-07-15 22:20:00 +00:00 committed by cave beat
parent 685ddbbf0a
commit 0873c0dfa2
2 changed files with 87 additions and 14 deletions

View File

@ -54,6 +54,19 @@ static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
return RsGxsId(s.toStdString().substr(0,2*CERTSIGNLEN));
}
static RSA *extractPrivateKey(const RsTlvSecurityKey & key)
{
assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
long keylen = key.keyData.bin_len;
/* extract admin key */
RSA *rsakey = d2i_RSAPrivateKey(NULL, &(keyptr), keylen);
return rsakey;
}
static RSA *extractPublicKey(const RsTlvSecurityKey& key)
{
assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
@ -77,6 +90,69 @@ static void setRSAPublicKeyData(RsTlvSecurityKey & key, RSA *rsa_pub)
free(data) ;
}
bool GxsSecurity::checkPrivateKey(const RsTlvSecurityKey& key)
{
std::cerr << "Checking private key " << key.keyId << " ..." << std::endl;
if( (key.keyFlags & RSTLV_KEY_TYPE_MASK) != RSTLV_KEY_TYPE_FULL)
{
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): private key has wrong flags " << std::hex << (key.keyFlags & RSTLV_KEY_TYPE_MASK) << std::dec << ". This is unexpected." << std::endl;
return false ;
}
RSA *rsa_prv = ::extractPrivateKey(key) ;
if(rsa_prv == NULL)
{
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): no private key can be extracted from key ID " << key.keyId << ". Key is corrupted?" << std::endl;
return false ;
}
RSA *rsa_pub = RSAPublicKey_dup(rsa_prv);
RSA_free(rsa_prv) ;
if(rsa_pub == NULL)
{
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): no public key can be extracted from key ID " << key.keyId << ". Key is corrupted?" << std::endl;
return false ;
}
RsGxsId recomputed_key_id = getRsaKeyFingerprint(rsa_pub) ;
RSA_free(rsa_pub) ;
if(recomputed_key_id != key.keyId)
{
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << "! This is unexpected." << std::endl;
return false ;
}
return true ;
}
bool GxsSecurity::checkPublicKey(const RsTlvSecurityKey& key)
{
std::cerr << "Checking public key " << key.keyId << " ..." << std::endl;
if( (key.keyFlags & RSTLV_KEY_TYPE_MASK) != RSTLV_KEY_TYPE_PUBLIC_ONLY)
{
std::cerr << "(WW) GxsSecurity::checkPublicKey(): public key has wrong flags " << std::hex << (key.keyFlags & RSTLV_KEY_TYPE_MASK) << std::dec << ". This is unexpected." << std::endl;
return false ;
}
RSA *rsa_pub = ::extractPublicKey(key) ;
if(rsa_pub == NULL)
{
std::cerr << "(WW) GxsSecurity::checkPublicKey(): no public key can be extracted from key ID " << key.keyId << ". Key is corrupted?" << std::endl;
return false ;
}
RsGxsId recomputed_key_id = getRsaKeyFingerprint(rsa_pub) ;
RSA_free(rsa_pub) ;
if(recomputed_key_id != key.keyId)
{
std::cerr << "(WW) GxsSecurity::checkPublicKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << "! This is unexpected." << std::endl;
return false ;
}
return true ;
}
static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv)
{
unsigned char *data = NULL ;
@ -88,19 +164,6 @@ static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv)
free(data) ;
}
static RSA *extractPrivateKey(const RsTlvSecurityKey & key)
{
assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
long keylen = key.keyData.bin_len;
/* extract admin key */
RSA *rsakey = d2i_RSAPrivateKey(NULL, &(keyptr), keylen);
return rsakey;
}
bool GxsSecurity::generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& private_key)
{
// admin keys

View File

@ -112,7 +112,17 @@ class GxsSecurity
* @param sign Signature for the data
* @return true if signature checks
*/
static bool validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& pubKey, const RsTlvKeySignature& sign);
static bool validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& pubKey, const RsTlvKeySignature& sign);
/*!
* Checks that the public key has correct fingerprint and correct flags.
* @brief checkPublicKey
* @param key
* @return false if the key is invalid.
*/
static bool checkPublicKey(const RsTlvSecurityKey &key);
static bool checkPrivateKey(const RsTlvSecurityKey &key);
};
#endif // GXSSECURITY_H