added systematic consistency checking of public/private RSA keys at deserialisation time

libretroshare/src/gxs/gxssecurity.cc

@@ -110,9 +110,9 @@ static void setRSAPrivateKeyData(RsTlvPrivateRSAKey& key, RSA *rsa_priv)
 }
 bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key)
 {
-#ifdef GXS_SECURITY_DEBUG
+//#ifdef GXS_SECURITY_DEBUG
     std::cerr << "Checking private key " << key.keyId << " ..." << std::endl;
-#endif
+//#endif
 
     if( (key.keyFlags & RSTLV_KEY_TYPE_MASK) != RSTLV_KEY_TYPE_FULL)
     {
@@ -147,15 +147,28 @@ bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key)
 }
 bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key)
 {
-#ifdef GXS_SECURITY_DEBUG
+//#ifdef GXS_SECURITY_DEBUG
     std::cerr << "Checking public key " << key.keyId << " ..." << std::endl;
-#endif
+//#endif
 
     if( (key.keyFlags & RSTLV_KEY_TYPE_MASK) != RSTLV_KEY_TYPE_PUBLIC_ONLY)
     {
         std::cerr << "(WW) GxsSecurity::checkPublicKey(): public key has wrong flags " << std::hex << (key.keyFlags & RSTLV_KEY_TYPE_MASK) << std::dec << ". This is unexpected." << std::endl;
         return false ;
     }
+    
+    // try to extract private key
+    const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
+    long keylen = key.keyData.bin_len;
+    RSA *rsa_prv = d2i_RSAPrivateKey(NULL, &(keyptr), keylen);
+    
+    if(rsa_prv != NULL)
+    {
+        std::cerr << "(SS) GxsSecurity::checkPublicKey(): public key with ID " << key.keyId << " actually is a Private key!!!" << std::endl;
+	RSA_free(rsa_prv) ;
+    	return false ;
+    }
+    
     RSA *rsa_pub = ::extractPublicKey(key) ;
 
     if(rsa_pub == NULL)
@@ -197,7 +210,7 @@ bool GxsSecurity::generateKeyPair(RsTlvPublicRSAKey& public_key,RsTlvPrivateRSAK
     RSA_free(rsa);
     RSA_free(rsa_pub);
 
-    if(!(private_key.check() && public_key.check()))
+    if(!(private_key.checkKey() && public_key.checkKey()))
     {
         std::cerr << "(EE) ERROR while generating keys. Something inconsistent in flags. This is probably a bad sign!" << std::endl;
 	return false ;

libretroshare/src/serialiser/rstlvkeys.cc

@@ -28,6 +28,7 @@
 #include "rstlvbase.h"
 #include "rsbaseserial.h"
 #include "util/stacktrace.h"
+#include "gxs/gxssecurity.h"
 
 #include <iostream>
 
@@ -96,7 +97,7 @@ bool  RsTlvRSAKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const
 		return false; /* not enough space */
 	}
 
-	bool ok = checkFlags(keyFlags);	// check before serialise, just in case
+	bool ok = checkKey();	// check before serialise, just in case
 
 	/* start at data[offset] */
         /* add mandatory parts first */
@@ -184,7 +185,7 @@ bool  RsTlvRSAKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
 		std::cerr << std::endl;
 #endif
 	}
-	return ok && checkFlags(keyFlags) ;
+	return ok && checkKey() ;
 }
 
 std::ostream& RsTlvRSAKey::print(std::ostream &out, uint16_t indent) const
@@ -217,7 +218,15 @@ std::ostream& RsTlvRSAKey::print(std::ostream &out, uint16_t indent) const
 }
 
 
+bool RsTlvPrivateRSAKey::checkKey() const
+{ 
+    return bool(keyFlags & RSTLV_KEY_TYPE_FULL) && !bool(keyFlags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && GxsSecurity::checkPrivateKey(*this) ;
+}
 
+bool RsTlvPublicRSAKey::checkKey() const
+{ 
+    return bool(keyFlags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && !bool(keyFlags & RSTLV_KEY_TYPE_FULL) && GxsSecurity::checkPublicKey(*this) ;
+}
 
 /************************************* RsTlvSecurityKeySet ************************************/
 

libretroshare/src/serialiser/rstlvkeys.h

@@ -53,7 +53,7 @@ class RsTlvRSAKey: public RsTlvItem
 {
 public:
 	RsTlvRSAKey();
-    virtual bool     checkFlags(uint32_t flags) const = 0 ;	// this pure virtual forces people to explicitly declare if they use a public or a private key.
+    virtual bool     checkKey() const = 0 ;	// this pure virtual forces people to explicitly declare if they use a public or a private key.
 
     virtual uint32_t TlvSize() const;
     virtual void 	TlvClear();
@@ -64,8 +64,6 @@ public:
     /* clears KeyData - but doesn't delete - to transfer ownership */
     void ShallowClear(); 
     
-    bool check() const { return checkFlags(keyFlags) && (!keyId.isNull()) ; }
-
     RsGxsId keyId;		// Mandatory :
     uint32_t keyFlags;		// Mandatory ;
     uint32_t startTS;		// Mandatory : 
@@ -80,14 +78,14 @@ class RsTlvPrivateRSAKey: public RsTlvRSAKey
 	public:
 		virtual ~RsTlvPrivateRSAKey() {}
 
-        	virtual bool checkFlags(uint32_t flags) const  { return bool(flags & RSTLV_KEY_TYPE_FULL) && !bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) ; }
+        	virtual bool checkKey() const  ;
 };
 class RsTlvPublicRSAKey: public RsTlvRSAKey
 {
 	public:
 		virtual ~RsTlvPublicRSAKey() {}
 
-        	virtual bool checkFlags(uint32_t flags) const  { return bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && !bool(flags & RSTLV_KEY_TYPE_FULL) ; }
+        	virtual bool checkKey() const  ;
 };
 
 class RsTlvSecurityKeySet: public RsTlvItem

libretroshare/src/services/p3idservice.cc

@@ -1699,10 +1699,10 @@ void RsGxsIdCache::init(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& i
     	// do some tests
     	if(details.mFlags & RS_IDENTITY_FLAGS_IS_OWN_ID)
         {
-            if(!priv_key.check())
+            if(!priv_key.checkKey())
                 std::cerr << "(EE) Private key missing for own identity " << pub_key.keyId << std::endl;
         }
-	if(!pub_key.check())
+	if(!pub_key.checkKey())
 		std::cerr << "(EE) Public key missing for identity " << pub_key.keyId << std::endl;
                     
 	/* rest must be retrived from ServiceString */