separated RsTlvSecurityKey into two incompatible classes to enforce the correct usage of private vs. public keys

libretroshare/src/chat/rschatitems.h

@@ -406,7 +406,7 @@ class RsChatDHPublicKeyItem: public RsChatItem
 		BIGNUM *public_key ;
 
 		RsTlvKeySignature signature ;	// signs the public key in a row.
-		RsTlvSecurityKey  gxs_key ;	// public key of the signer
+		RsTlvSecurityKey_deprecated  gxs_key ;	// public key of the signer
 
 	private:
 		RsChatDHPublicKeyItem(const RsChatDHPublicKeyItem&) : RsChatItem(RS_PKT_SUBTYPE_DISTANT_CHAT_DH_PUBLIC_KEY) {}						// make the object non copy-able

libretroshare/src/grouter/p3grouter.cc

@@ -1958,7 +1958,7 @@ bool p3GRouter::signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& signi
 {
     try
     {
-        RsTlvSecurityKey signature_key ;
+        RsTlvSecurityKey_deprecated signature_key ;
 
 #ifdef GROUTER_DEBUG
         std::cerr << "p3GRouter::signDataItem()" << std::endl;

libretroshare/src/gxs/gxssecurity.cc

@@ -59,7 +59,7 @@ static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
         return RsGxsId(s.toStdString().substr(0,2*CERTSIGNLEN));
 }
 
-static RSA *extractPrivateKey(const RsTlvSecurityKey & key)
+static RSA *extractPrivateKey(const RsTlvPrivateRSAKey& key)
 {
     assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
 
@@ -72,7 +72,7 @@ static RSA *extractPrivateKey(const RsTlvSecurityKey & key)
         return rsakey;
 }
 
-static RSA *extractPublicKey(const RsTlvSecurityKey& key)
+static RSA *extractPublicKey(const RsTlvPublicRSAKey& key)
 {
     assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
 
@@ -84,8 +84,9 @@ static RSA *extractPublicKey(const RsTlvSecurityKey& key)
 
         return rsakey;
 }
-static void setRSAPublicKeyData(RsTlvSecurityKey & key, RSA *rsa_pub)
+static void setRSAPublicKeyData(RsTlvPublicRSAKey& key, RSA *rsa_pub)
 {
+    assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
         unsigned char *data = NULL ;	// this works for OpenSSL > 0.9.7
         int reqspace = i2d_RSAPublicKey(rsa_pub, &data);
 
@@ -95,7 +96,18 @@ static void setRSAPublicKeyData(RsTlvSecurityKey & key, RSA *rsa_pub)
 	free(data) ;
 }
 
-bool GxsSecurity::checkPrivateKey(const RsTlvSecurityKey& key)
+static void setRSAPrivateKeyData(RsTlvPrivateRSAKey& key, RSA *rsa_pub)
+{
+    assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
+        unsigned char *data = NULL ;	// this works for OpenSSL > 0.9.7
+        int reqspace = i2d_RSAPublicKey(rsa_pub, &data);
+
+        key.keyData.setBinData(data, reqspace);
+        key.keyId = getRsaKeyFingerprint(rsa_pub);
+
+	free(data) ;
+}
+bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key)
 {
 #ifdef GXS_SECURITY_DEBUG
     std::cerr << "Checking private key " << key.keyId << " ..." << std::endl;
@@ -132,7 +144,7 @@ bool GxsSecurity::checkPrivateKey(const RsTlvSecurityKey& key)
 
     return true ;
 }
-bool GxsSecurity::checkPublicKey(const RsTlvSecurityKey& key)
+bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key)
 {
 #ifdef GXS_SECURITY_DEBUG
     std::cerr << "Checking public key " << key.keyId << " ..." << std::endl;
@@ -162,7 +174,7 @@ bool GxsSecurity::checkPublicKey(const RsTlvSecurityKey& key)
     return true ;
 }
 
-static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv)
+static void setRSAPrivateKeyData(RsTlvSecurityKey_deprecated & key, RSA *rsa_priv)
 {
         unsigned char *data = NULL ;
         int reqspace = i2d_RSAPrivateKey(rsa_priv, &data);
@@ -173,7 +185,7 @@ static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv)
 		  free(data) ;
 }
 
-bool GxsSecurity::generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& private_key)
+bool GxsSecurity::generateKeyPair(RsTlvPublicRSAKey& public_key,RsTlvPrivateRSAKey& private_key)
 {
 	// admin keys
     RSA *rsa     = RSA_generate_key(2048, 65537, NULL, NULL);
@@ -194,10 +206,16 @@ bool GxsSecurity::generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey&
     RSA_free(rsa);
     RSA_free(rsa_pub);
 
+    if(!(private_key.check() && public_key.check()))
+    {
+        std::cerr << "(EE) ERROR while generating keys. Something inconsistent in flags. This is probably a bad sign!" << std::endl;
+	return false ;
+    }
+                     
     return true ;
 }
 
-bool GxsSecurity::extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecurityKey& public_key)
+bool GxsSecurity::extractPublicKey(const RsTlvPrivateRSAKey &private_key, RsTlvPublicRSAKey &public_key)
 {
     public_key.TlvClear() ;
 
@@ -241,7 +259,7 @@ bool GxsSecurity::extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecu
     return true ;
 }
 
-bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign)
+bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvPrivateRSAKey &privKey, RsTlvKeySignature& sign)
 {
 	RSA* rsa_pub = extractPrivateKey(privKey);
 
@@ -272,12 +290,11 @@ bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvS
 	return ok;
 }
 
-bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& key, const RsTlvKeySignature& signature)
+bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const RsTlvPublicRSAKey &key, const RsTlvKeySignature& signature)
 {
-    RSA *tmpkey = (key.keyFlags & RSTLV_KEY_TYPE_FULL)?(::extractPrivateKey(key)):(::extractPublicKey(key)) ;
+    assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
         
-    RSA *rsakey = RSAPublicKey_dup(tmpkey) ;	// always extract public key
+	RSA *rsakey = ::extractPublicKey(key) ;
-    RSA_free(tmpkey) ;
 
 	if(!rsakey)
 	{
@@ -303,7 +320,7 @@ bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const R
 	return signOk;
 }
 
-bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key)
+bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey& key)
 {
     #ifdef GXS_SECURITY_DEBUG
             std::cerr << "GxsSecurity::validateNxsMsg()";
@@ -417,7 +434,7 @@ bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& s
 	return false;
 }
 
-bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key)
+bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPublicRSAKey& key)
 {
 #ifdef DISTRIB_DEBUG
 	std::cerr << "GxsSecurity::encrypt() " << std::endl;
@@ -532,7 +549,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 	return true;
 }
 
-bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys)
+bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvPublicRSAKey> &keys)
 {
 #ifdef DISTRIB_DEBUG
 	std::cerr << "GxsSecurity::encrypt() " << std::endl;
@@ -685,7 +702,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
     }
 }
 
-bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key)
+bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvPrivateRSAKey &key)
 {
 	// Decrypts (in,inlen) into (out,outlen) using the given RSA public key.
 	// The format of the encrypted data (in) is:
@@ -791,7 +808,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
 	 return true;
 }
 
-bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys)
+bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvPrivateRSAKey> &keys)
 {
         // Decrypts (in,inlen) into (out,outlen) using one of the given RSA public keys, trying them all in a row.
         // The format of the encrypted data is:
@@ -936,7 +953,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
         return false;
     }
 }
-bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key)
+bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey &key)
 {
 #ifdef GXS_SECURITY_DEBUG
 	std::cerr << "GxsSecurity::validateNxsGrp()";
@@ -974,6 +991,7 @@ bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& s
 #endif
 
 	/* extract admin key */
+#warning Souldn't need to do that HERE!!
 	RSA *rsakey =  (key.keyFlags & RSTLV_KEY_TYPE_FULL)? d2i_RSAPrivateKey(NULL, &(keyptr), keylen): d2i_RSAPublicKey(NULL, &(keyptr), keylen);
 
 	if (!rsakey)

libretroshare/src/gxs/gxssecurity.h

@@ -45,7 +45,7 @@ class GxsSecurity
 		/*!
 		 * Extracts a public key from a private key.
 		 */
-		static bool extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecurityKey& public_key) ;
+		static bool extractPublicKey(const RsTlvPrivateRSAKey& private_key,RsTlvPublicRSAKey& public_key) ;
 
 		/*!
 		 * Generates a public/private RSA keypair. To be used for all GXS purposes.
@@ -53,7 +53,7 @@ class GxsSecurity
 		 * @param RsTlvSecurityKey private RSA key 
 		 * @return true if the generate was successful, false otherwise.
 		 */
-		static bool generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& private_key) ;
+		static bool generateKeyPair(RsTlvPublicRSAKey &public_key, RsTlvPrivateRSAKey &private_key) ;
 
 		/*!
 		 * Encrypts data using envelope encryption (taken from open ssl's evp_sealinit )
@@ -63,8 +63,8 @@ class GxsSecurity
 		 *@param in
 		 *@param inlen
 		 */
-		static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) ;
+		static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPublicRSAKey& key) ;
-		static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys) ;
+		static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvPublicRSAKey>& keys) ;
 
 		/**
 		 * Decrypts data using evelope decryption (taken from open ssl's evp_sealinit )
@@ -75,8 +75,8 @@ class GxsSecurity
 		 * @param inlen
 		 * @return false if encryption failed
 		 */
-		static bool decrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) ;
+		static bool decrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPrivateRSAKey& key) ;
-		static bool decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys);
+		static bool decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvPrivateRSAKey>& keys);
 
 		/*!
 		 * uses grp signature to check if group has been
@@ -86,7 +86,7 @@ class GxsSecurity
 		 * @param key the public key to use to check signature
 		 * @return true if group valid false otherwise
 		 */
-        static bool validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key);
+        static bool validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey& key);
 
 		/*!
 		 * Validate a msg's signature using the given public key
@@ -95,7 +95,7 @@ class GxsSecurity
 		 * @param key the public key to use to check signature
 		 * @return false if verfication of signature is not passed
 		 */
-        static bool validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key);
+        static bool validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey &key);
 
 
 		/*!
@@ -105,7 +105,7 @@ class GxsSecurity
 		 * @param sign the signature is stored here
 		 * @return false if signature creation failed, true is signature created
 		 */
-		static bool getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign);
+		static bool getSignature(const char *data, uint32_t data_len, const RsTlvPrivateRSAKey& privKey, RsTlvKeySignature& sign);
 
 		/*!
 		 * @param data data that has been signed
@@ -114,7 +114,7 @@ class GxsSecurity
 		 * @param sign Signature for the data 
 		 * @return true if signature checks
 		 */
-        static bool validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& pubKey, const RsTlvKeySignature& sign);
+        static bool validateSignature(const char *data, uint32_t data_len, const RsTlvPublicRSAKey& pubKey, const RsTlvKeySignature& sign);
 
         /*!
          * Checks that the public key has correct fingerprint and correct flags.
@@ -123,8 +123,8 @@ class GxsSecurity
          * @return false if the key is invalid.
          */
 
-        static bool checkPublicKey(const RsTlvSecurityKey &key);
+        static bool checkPublicKey(const RsTlvPublicRSAKey &key);
-        static bool checkPrivateKey(const RsTlvSecurityKey &key);
+        static bool checkPrivateKey(const RsTlvPrivateRSAKey &key);
 };
 
 #endif // GXSSECURITY_H

libretroshare/src/gxs/rsgenexchange.cc

@@ -341,47 +341,53 @@ bool RsGenExchange::acknowledgeTokenGrp(const uint32_t& token, RsGxsGroupId& grp
 	return true;
 }
 
-void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet, bool genPublishKeys)
+void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet, bool genPublishKeys)
 {
 	/* create Keys */
-    RsTlvSecurityKey adminKey, privAdminKey;
+	RsTlvPublicRSAKey  pubAdminKey ;
-	 GxsSecurity::generateKeyPair(adminKey,privAdminKey) ;
+	RsTlvPrivateRSAKey privAdminKey;
+
+	GxsSecurity::generateKeyPair(pubAdminKey,privAdminKey) ;
 
 	// for now all public
-    adminKey.keyFlags = RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_PUBLIC_ONLY;
+	pubAdminKey.keyFlags  |= RSTLV_KEY_DISTRIB_ADMIN ;
-    privAdminKey.keyFlags = RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL;
+	privAdminKey.keyFlags |= RSTLV_KEY_DISTRIB_ADMIN ;
 
-    publickeySet.keys[adminKey.keyId] = adminKey;
+	keySet.public_keys[pubAdminKey.keyId] = pubAdminKey;
-    privatekeySet.keys[privAdminKey.keyId] = privAdminKey;
+	keySet.private_keys[privAdminKey.keyId] = privAdminKey;
 
 	if(genPublishKeys)
 	{
 		/* set publish keys */
-        RsTlvSecurityKey publishKey, privPublishKey;
+		RsTlvPublicRSAKey  pubPublishKey ;
-    GxsSecurity::generateKeyPair(publishKey,privPublishKey) ;
+		RsTlvPrivateRSAKey privPublishKey;
+
+		GxsSecurity::generateKeyPair(pubPublishKey,privPublishKey) ;
 
 		// for now all public
-        publishKey.keyFlags = RSTLV_KEY_DISTRIB_PUBLISH | RSTLV_KEY_TYPE_PUBLIC_ONLY;
+		pubPublishKey.keyFlags  |= RSTLV_KEY_DISTRIB_PUBLISH ;
-        privPublishKey.keyFlags = RSTLV_KEY_DISTRIB_PUBLISH | RSTLV_KEY_TYPE_FULL;
+		privPublishKey.keyFlags |= RSTLV_KEY_DISTRIB_PUBLISH ;
 
-        publickeySet.keys[publishKey.keyId] = publishKey;
+		keySet.public_keys[pubPublishKey.keyId] = pubPublishKey;
-        privatekeySet.keys[privPublishKey.keyId] = privPublishKey;
+		keySet.private_keys[privPublishKey.keyId] = privPublishKey;
 	}
 }
 
-void RsGenExchange::generatePublicFromPrivateKeys(const RsTlvSecurityKeySet &privatekeySet, RsTlvSecurityKeySet &publickeySet)
+void RsGenExchange::generatePublicFromPrivateKeys(RsTlvSecurityKeySet& keySet)
 {
     // actually just copy settings of one key except mark its key flags public
 
-	publickeySet = RsTlvSecurityKeySet() ;
+    keySet.public_keys.clear() ;
-	RsTlvSecurityKey pubkey ;
 
-	for(std::map<RsGxsId, RsTlvSecurityKey>::const_iterator cit=privatekeySet.keys.begin(); cit != privatekeySet.keys.end(); ++cit)
+    for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator cit=keySet.private_keys.begin(); cit != keySet.private_keys.end(); ++cit)
+    {
+	    RsTlvPublicRSAKey pubkey ;
 	    if(GxsSecurity::extractPublicKey(cit->second,pubkey))
-			publickeySet.keys.insert(std::make_pair(pubkey.keyId, pubkey));
+		    keySet.public_keys.insert(std::make_pair(pubkey.keyId, pubkey));
+    }
 }
 
-uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKeySet, RsTlvSecurityKeySet& publicKeySet)
+uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& keySet)
 {
 #ifdef GEN_EXCH_DEBUG
     std::cerr << "RsGenExchange::createGroup()";
@@ -393,13 +399,12 @@ uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKe
     /* add public admin and publish keys to grp */
 
     // find private admin key
-    RsTlvSecurityKey privAdminKey;
+    RsTlvPrivateRSAKey privAdminKey;
-    std::map<RsGxsId, RsTlvSecurityKey>::iterator mit = privateKeySet.keys.begin();
-
     bool privKeyFound = false; // private admin key
-    for(; mit != privateKeySet.keys.end(); ++mit)
+
+    for( std::map<RsGxsId, RsTlvPrivateRSAKey>::iterator mit = keySet.private_keys.begin(); mit != keySet.private_keys.end(); ++mit)
     {
-        RsTlvSecurityKey& key = mit->second;
+        RsTlvPrivateRSAKey& key = mit->second;
 
         if((key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (key.keyFlags & RSTLV_KEY_TYPE_FULL))
         {
@@ -417,13 +422,17 @@ uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKe
     	return false;
     }
 
-    meta->keys = publicKeySet; // only public keys are included to be transported
+    // only public keys are included to be transported. The 2nd line below is very important.
+    
+    meta->keys = keySet; 
+    meta->keys.private_keys.clear() ; 
 
     // group is self signing
     // for the creation of group signature
     // only public admin and publish keys are present in meta
     uint32_t metaDataLen = meta->serial_size(RS_GXS_GRP_META_DATA_CURRENT_API_VERSION);
     uint32_t allGrpDataLen = metaDataLen + grp->grp.bin_len;
+    
     char* metaData = new char[metaDataLen];
     char* allGrpData = new char[allGrpDataLen]; // msgData + metaData
 
@@ -503,12 +512,11 @@ int RsGenExchange::createGroupSignatures(RsTlvKeySignatureSet& signSet, RsTlvBin
 
             if(haveKey)
             {
-                RsTlvSecurityKey authorKey;
+                RsTlvPrivateRSAKey authorKey;
                 mGixs->getPrivateKey(grpMeta.mAuthorId, authorKey);
                 RsTlvKeySignature sign;
 
-                if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len,
+                if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, authorKey, sign))
-                                                authorKey, sign))
                 {
                 	id_ret = SIGN_SUCCESS;
                     	mGixs->timeStampKey(grpMeta.mAuthorId) ;
@@ -623,12 +631,12 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar
     if(needPublishSign)
     {
         // public and shared is publish key
-        RsTlvSecurityKeySet& keys = grpMeta.keys;
+        const RsTlvSecurityKeySet& keys = grpMeta.keys;
-        RsTlvSecurityKey* publishKey;
+        const RsTlvPrivateRSAKey  *publishKey;
 
-        std::map<RsGxsId, RsTlvSecurityKey>::iterator mit =
+        std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator mit = keys.private_keys.begin(), mit_end = keys.private_keys.end();
-                        keys.keys.begin(), mit_end = keys.keys.end();
         bool publish_key_found = false;
+        
         for(; mit != mit_end; ++mit)
         {
 
@@ -672,7 +680,7 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar
 
             if(haveKey)
 	    {
-		    RsTlvSecurityKey authorKey;
+		    RsTlvPrivateRSAKey authorKey;
 		    mGixs->getPrivateKey(msgMeta.mAuthorId, authorKey);
 		    RsTlvKeySignature sign;
 
@@ -841,13 +849,13 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
     {
         RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_PUBLISH];
 
-        std::map<RsGxsId, RsTlvSecurityKey>& keys = grpKeySet.keys;
+        std::map<RsGxsId, RsTlvPublicRSAKey>& keys = grpKeySet.public_keys;
-        std::map<RsGxsId, RsTlvSecurityKey>::iterator mit = keys.begin();
+        std::map<RsGxsId, RsTlvPublicRSAKey>::iterator mit = keys.begin();
 
         RsGxsId keyId;
         for(; mit != keys.end() ; ++mit)
     {
-        RsTlvSecurityKey& key = mit->second;
+        RsTlvPublicRSAKey& key = mit->second;
 
         if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLIC_deprecated)
         {
@@ -865,7 +873,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
 
         if(!keyId.isNull())
         {
-            RsTlvSecurityKey& key = keys[keyId];
+            RsTlvPublicRSAKey& key = keys[keyId];
             publishValidate &= GxsSecurity::validateNxsMsg(*msg, sign, key);
         }
         else
@@ -889,7 +897,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
             if(haveKey)
 	    {
 
-		    RsTlvSecurityKey authorKey;
+		    RsTlvPublicRSAKey authorKey;
 		    bool auth_key_fetched = mGixs->getKey(metaData.mAuthorId, authorKey) ;
 
 		    if (auth_key_fetched)
@@ -1008,7 +1016,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp)
 			    std::cerr << "  have ID key in cache: yes" << std::endl;
 #endif
 
-			    RsTlvSecurityKey authorKey;
+			    RsTlvPublicRSAKey authorKey;
 			    bool auth_key_fetched = mGixs->getKey(metaData.mAuthorId, authorKey) ;
 
 			    if (auth_key_fetched)
@@ -2155,20 +2163,21 @@ void RsGenExchange::processGroupUpdatePublish()
 		//gup.grpItem->meta = *meta;
         GxsGrpPendingSign ggps(gup.grpItem, gup.mToken);
 
-		bool publishAndAdminPrivatePresent = checkKeys(meta->keys);
+		if(checkKeys(meta->keys))
-
-		if(publishAndAdminPrivatePresent)
 		{
-			ggps.mPrivateKeys = meta->keys;
+			ggps.mKeys = meta->keys;
-			generatePublicFromPrivateKeys(ggps.mPrivateKeys, ggps.mPublicKeys);
+			generatePublicFromPrivateKeys(ggps.mKeys);
 			ggps.mHaveKeys = true;
 			ggps.mStartTS = time(NULL);
 			ggps.mLastAttemptTS = 0;
 			ggps.mIsUpdate = true;
 			ggps.mToken = gup.mToken;
 			mGrpsToPublish.push_back(ggps);
-		}else
+		}
+        	else
 		{
+            		std::cerr << "(EE) publish group fails because RS cannot find the private publish and author keys" << std::endl;
+                    
 			delete gup.grpItem;
 			mDataAccess->updatePublicRequestStatus(gup.mToken, RsTokenService::GXS_REQUEST_V2_STATUS_FAILED);
 		}
@@ -2291,14 +2300,15 @@ void RsGenExchange::processMessageDelete()
 bool RsGenExchange::checkKeys(const RsTlvSecurityKeySet& keySet)
 {
 
-	typedef std::map<RsGxsId, RsTlvSecurityKey> keyMap;
+	typedef std::map<RsGxsId, RsTlvPrivateRSAKey> keyMap;
-	const keyMap& allKeys = keySet.keys;
+	const keyMap& allKeys = keySet.private_keys;
 	keyMap::const_iterator cit = allKeys.begin();
+    
         bool adminFound = false, publishFound = false;
 	for(; cit != allKeys.end(); ++cit)
 	{
-                const RsTlvSecurityKey& key = cit->second;
+                const RsTlvPrivateRSAKey& key = cit->second;
-                if(key.keyFlags & RSTLV_KEY_TYPE_FULL)
+                if(key.keyFlags & RSTLV_KEY_TYPE_FULL)		// this one is not useful. Just a security.
                 {
                     if(key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN)
                         adminFound = true;
@@ -2307,6 +2317,11 @@ bool RsGenExchange::checkKeys(const RsTlvSecurityKeySet& keySet)
                         publishFound = true;
 
                 }
+                else if(key.keyFlags & RSTLV_KEY_TYPE_PUBLIC_ONLY)		// this one is not useful. Just a security.
+                {
+                    std::cerr << "(EE) found a public only key in the private key list" << std::endl;
+                    return false ;
+                }
 	}
 
 	// user must have both private and public parts of publish and admin keys
@@ -2345,29 +2360,23 @@ void RsGenExchange::publishGrps()
         RsNxsGrp* grp = new RsNxsGrp(mServType);
         RsGxsGrpItem* grpItem = ggps.mItem;
 
-        RsTlvSecurityKeySet privatekeySet, publicKeySet;
+        RsTlvSecurityKeySet fullKeySet;
 
         if(!(ggps.mHaveKeys))
         {
-        	generateGroupKeys(privatekeySet, publicKeySet, true);
+        	generateGroupKeys(fullKeySet, true);
         	ggps.mHaveKeys = true;
-        	ggps.mPrivateKeys = privatekeySet;
+        	ggps.mKeys = fullKeySet;
-        	ggps.mPublicKeys = publicKeySet;
         }
         else
-        {
+        	fullKeySet = ggps.mKeys;
-        	privatekeySet = ggps.mPrivateKeys;
-        	publicKeySet = ggps.mPublicKeys;
-        }
 
 	// find private admin key
-        RsTlvSecurityKey privAdminKey;
+        RsTlvPrivateRSAKey privAdminKey;
-        std::map<RsGxsId, RsTlvSecurityKey>::iterator mit_keys = privatekeySet.keys.begin();
-
         bool privKeyFound = false;
-        for(; mit_keys != privatekeySet.keys.end(); ++mit_keys)
+        for(std::map<RsGxsId, RsTlvPrivateRSAKey>::iterator mit_keys = fullKeySet.private_keys.begin(); mit_keys != fullKeySet.private_keys.end(); ++mit_keys)
         {
-            RsTlvSecurityKey& key = mit_keys->second;
+            RsTlvPrivateRSAKey& key = mit_keys->second;
 
             if(key.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL))
             {
@@ -2383,8 +2392,7 @@ void RsGenExchange::publishGrps()
 		    // get group id from private admin key id
 			grpItem->meta.mGroupId = grp->grpId = RsGxsGroupId(privAdminKey.keyId);
 
-			ServiceCreate_Return ret = service_CreateGroup(grpItem, privatekeySet);
+			ServiceCreate_Return ret = service_CreateGroup(grpItem, fullKeySet);
-
 
 			bool serialOk = false, servCreateOk;
 
@@ -2412,7 +2420,7 @@ void RsGenExchange::publishGrps()
 				grp->metaData->mSubscribeFlags = GXS_SERV::GROUP_SUBSCRIBE_ADMIN | GXS_SERV::GROUP_SUBSCRIBE_SUBSCRIBED
 						| GXS_SERV::GROUP_SUBSCRIBE_PUBLISH;
 
-				create = createGroup(grp, privatekeySet, publicKeySet);
+				create = createGroup(grp, fullKeySet);
 
 #ifdef GEN_EXCH_DEBUG
 				std::cerr << "RsGenExchange::publishGrps() ";
@@ -2424,15 +2432,22 @@ void RsGenExchange::publishGrps()
 
 				if(create == CREATE_SUCCESS)
 				{
+                    			// Here we need to make sure that no private keys are included. This is very important since private keys
+                    			// can be used to modify the group. Normally the private key set is whiped out by createGroup, but
+
+                    			grp->metaData->keys.private_keys.clear() ;
                                 
 					uint32_t mdSize = grp->metaData->serial_size(RS_GXS_GRP_META_DATA_CURRENT_API_VERSION);
-					char* metaData = new char[mdSize];
-					serialOk = grp->metaData->serialise(metaData, mdSize,RS_GXS_GRP_META_DATA_CURRENT_API_VERSION);
-					grp->meta.setBinData(metaData, mdSize);
-					delete[] metaData;
                     
-					// place back private keys for publisher
+                    			{
-					grp->metaData->keys = privatekeySet;
+						RsTemporaryMemory metaData(mdSize);
+						serialOk = grp->metaData->serialise(metaData, mdSize,RS_GXS_GRP_META_DATA_CURRENT_API_VERSION);
+#warning TODO: grp->meta should be renamed grp->public_meta !
+						grp->meta.setBinData(metaData, mdSize);
+                    			}
+
+					// Place back private keys for publisher and database storage
+					grp->metaData->keys.private_keys = fullKeySet.private_keys;
 
 					if(mDataStore->validSize(grp) && serialOk)
 					{
@@ -2444,7 +2459,7 @@ void RsGenExchange::publishGrps()
 							mDataAccess->updateGroupData(grp);
 						else
 							mDataAccess->addGroupData(grp);
-
+#warning this is bad: addGroupData/updateGroupData actially deletes grp. But it may be used below? grp should be a class object and not deleted manually!
 						if(mNetService!=NULL)
 							mNetService->subscribeStatusChanged(grpId,true) ;
 					}
@@ -3074,8 +3089,8 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp)
 
 	RsTlvKeySignature adminSign = mit->second;
 
-	std::map<RsGxsId, RsTlvSecurityKey>& keys = oldGrpMeta.keys.keys;
+	std::map<RsGxsId, RsTlvPublicRSAKey>& keys = oldGrpMeta.keys.public_keys;
-	std::map<RsGxsId, RsTlvSecurityKey>::iterator keyMit = keys.find(RsGxsId(oldGrpMeta.mGroupId));
+	std::map<RsGxsId, RsTlvPublicRSAKey>::iterator keyMit = keys.find(RsGxsId(oldGrpMeta.mGroupId));
 
 	if(keyMit == keys.end())
 	{

libretroshare/src/gxs/rsgenexchange.h

@@ -79,8 +79,7 @@ public:
 	RsGxsGrpItem* mItem;
 	bool mHaveKeys; // mKeys->first == true if key present
 	bool mIsUpdate;
-	RsTlvSecurityKeySet mPrivateKeys;
+	RsTlvSecurityKeySet mKeys;
-	RsTlvSecurityKeySet mPublicKeys;
 };
 
 typedef std::map<RsGxsGroupId, std::vector<RsGxsMsgItem*> > GxsMsgDataMap;
@@ -694,7 +693,7 @@ private:
      * @return CREATE_SUCCESS for success, CREATE_FAIL for fail,
      * 		   CREATE_FAIL_TRY_LATER for Id sign key not avail (but requested)
      */
-    uint8_t createGroup(RsNxsGrp* grp, RsTlvSecurityKeySet& privateKeySet, RsTlvSecurityKeySet& publicKeySet);
+    uint8_t createGroup(RsNxsGrp* grp, RsTlvSecurityKeySet& keySet);
 
     /*!
      * This completes the creation of an instance on RsNxsMsg
@@ -742,7 +741,7 @@ private:
      * @param publickeySet contains public generated keys (counterpart of private)
      * @param genPublicKeys should publish key pair also be generated
      */
-    void generateGroupKeys(RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet, bool genPublishKeys);
+    void generateGroupKeys(RsTlvSecurityKeySet& keySet, bool genPublishKeys);
 
     /*!
      * Generate public set of keys from their private counterparts
@@ -751,7 +750,7 @@ private:
      * @param publickeySet contains public generated keys (counterpart of private)
      * @return false if key gen failed for a key set
      */
-    void generatePublicFromPrivateKeys(const RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet);
+    void generatePublicFromPrivateKeys(RsTlvSecurityKeySet& keySet);
 
     /*!
      * Attempts to validate msg signatures

libretroshare/src/gxs/rsgixs.h

@@ -160,8 +160,8 @@ public:
      * @return a pointer to a valid profile if successful, otherwise NULL
      *
      */
-    virtual bool  getKey(const RsGxsId &id, RsTlvSecurityKey &key) = 0;
+    virtual bool  getKey(const RsGxsId &id, RsTlvPublicRSAKey& key) = 0;
-    virtual bool  getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key) = 0;	// For signing outgoing messages.
+    virtual bool  getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey& key) = 0;	// For signing outgoing messages.
     virtual bool  getIdDetails(const RsGxsId& id, RsIdentityDetails& details) = 0 ;  // Proxy function so that we get p3Identity info from Gxs
 };
 

libretroshare/src/gxs/rsgxsnetservice.cc

@@ -3297,6 +3297,7 @@ void RsGxsNetService::locked_genSendGrpsTransaction(NxsTransaction* tr)
 	RsPeerId peerId = tr->mTransaction->PeerId();
 	for(;mit != grps.end(); ++mit)
 	{
+#warning Should make sure that no private key information is sneaked in here for the grp
 		mit->second->PeerId(peerId); // set so it gets sent to right peer
 		mit->second->transactionNumber = transN;
 		newTr->mItems.push_back(mit->second);
@@ -3694,11 +3695,11 @@ bool RsGxsNetService::encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId&
 #ifdef NXS_NET_DEBUG_7
 	GXSNETDEBUG_P_ (item->PeerId()) << "  Dest  Ids: " << std::endl;
 #endif
-	std::vector<RsTlvSecurityKey> recipient_keys ;
+	std::vector<RsTlvPublicRSAKey> recipient_keys ;
 
 	for(std::list<RsGxsId>::const_iterator it(recipients.begin());it!=recipients.end();++it)
 	{
-		RsTlvSecurityKey pkey ;
+		RsTlvPublicRSAKey pkey ;
 
 		if(!mGixs->getKey(*it,pkey))
 		{
@@ -3770,7 +3771,7 @@ bool RsGxsNetService::processTransactionForDecryption(NxsTransaction *tr)
 #endif
          
     std::list<RsNxsItem*> decrypted_items ;
-    std::vector<RsTlvSecurityKey> private_keys ;
+    std::vector<RsTlvPrivateRSAKey> private_keys ;
     
     // get all private keys. Normally we should look into the circle name and only supply the keys that we have
 
@@ -3806,13 +3807,13 @@ bool RsGxsNetService::processTransactionForDecryption(NxsTransaction *tr)
     return true ;
 }
 
-bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *& nxsitem,std::vector<RsTlvSecurityKey> *pprivate_keys)
+bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *& nxsitem,std::vector<RsTlvPrivateRSAKey> *pprivate_keys)
 {
     // if private_keys storage is supplied use/update them, otherwise, find which key should be used, and store them in a local std::vector.
 
     nxsitem = NULL ;
-    std::vector<RsTlvSecurityKey> local_keys ;
+    std::vector<RsTlvPrivateRSAKey> local_keys ;
-    std::vector<RsTlvSecurityKey>& private_keys = pprivate_keys?(*pprivate_keys):local_keys ;
+    std::vector<RsTlvPrivateRSAKey>& private_keys = pprivate_keys?(*pprivate_keys):local_keys ;
 
     // we need the private keys to decrypt the item. First load them in!
     bool key_loading_failed = false ;
@@ -3828,7 +3829,7 @@ bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypt
 
 	    for(std::list<RsGxsId>::const_iterator it(own_keys.begin());it!=own_keys.end();++it)
 	    {
-		    RsTlvSecurityKey private_key ;
+		    RsTlvPrivateRSAKey private_key ;
 
 		    if(mGixs->getPrivateKey(*it,private_key))
 		    {
@@ -4848,9 +4849,9 @@ void RsGxsNetService::sharePublishKeysPending()
 
         const RsTlvSecurityKeySet& keys = grpMeta->keys;
 
-        std::map<RsGxsId, RsTlvSecurityKey>::const_iterator kit = keys.keys.begin(), kit_end = keys.keys.end();
+        std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator kit = keys.private_keys.begin(), kit_end = keys.private_keys.end();
         bool publish_key_found = false;
-        RsTlvSecurityKey publishKey ;
+        RsTlvPrivateRSAKey publishKey ;
 
         for(; kit != kit_end && !publish_key_found; ++kit)
         {
@@ -4945,15 +4946,13 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
 	}
 	// Also check that we don't already have full keys for that group.
 
-     std::map<RsGxsId,RsTlvSecurityKey>::iterator it = grpMeta->keys.keys.find(item->key.keyId) ;
+	if(grpMeta->keys.public_keys.find(item->key.keyId) == grpMeta->keys.public_keys.end())
-
-     if(it == grpMeta->keys.keys.end())
 	{
 		std::cerr << "   (EE) Key not found in known group keys. This is an inconsistency." << std::endl;
 		return ;
 	}
 
-     if((it->second.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (it->second.keyFlags & RSTLV_KEY_TYPE_FULL))
+	if(grpMeta->keys.private_keys.find(item->key.keyId) != grpMeta->keys.private_keys.end())
 	{
 #ifdef NXS_NET_DEBUG_3
 		GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< "   (EE) Publish key already present in database. Discarding message." << std::endl;
@@ -4963,7 +4962,8 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
 
 	// Store/update the info.
 
-     it->second = item->key ;
+	grpMeta->keys.private_keys[item->key.keyId] = item->key ;
+    
 	bool ret = mDataStore->updateGroupKeys(item->grpId,grpMeta->keys, grpMeta->mSubscribeFlags | GXS_SERV::GROUP_SUBSCRIBE_PUBLISH) ;
 
 	if(ret)

libretroshare/src/gxs/rsgxsnetservice.h

@@ -455,7 +455,7 @@ private:
     * encrypts/decrypts the transaction for the destination circle id.
     */
     bool encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId& destination_circle, const RsGxsGroupId &destination_group, RsNxsItem *& encrypted_item, uint32_t &status) ;
-    bool decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *&nxsitem, std::vector<RsTlvSecurityKey> *private_keys=NULL);
+    bool decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *&nxsitem, std::vector<RsTlvPrivateRSAKey> *private_keys=NULL);
     bool processTransactionForDecryption(NxsTransaction *tr); // return false when the keys are not loaded => need retry later
 
     void cleanRejectedMessages();

libretroshare/src/gxstunnel/p3gxstunnel.cc

@@ -890,7 +890,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
     RsTemporaryMemory data(pubkey_size) ;
     BN_bn2bin(item->public_key, data) ;
 
-    RsTlvSecurityKey signature_key ;
+    RsTlvPublicRSAKey signature_key ;
 
     // We need to get the key of the sender, but if the key is not cached, we
     // need to get it first. So we let the system work for 2-3 seconds before
@@ -1060,8 +1060,8 @@ bool p3GxsTunnelService::locked_sendDHPublicKey(const DH *dh,const RsGxsId& own_
 	// we should also sign the data and check the signature on the other end.
 	//
 	RsTlvKeySignature  signature ;
-	RsTlvSecurityKey  signature_key ;
+	RsTlvPrivateRSAKey signature_key ;
-	RsTlvSecurityKey  signature_key_public ;
+	RsTlvPublicRSAKey  signature_key_public ;
 
 	uint32_t error_status ;
 

libretroshare/src/gxstunnel/rsgxstunnelitems.h

@@ -146,7 +146,7 @@ class RsGxsTunnelDHPublicKeyItem: public RsGxsTunnelItem
 		BIGNUM *public_key ;
 
 		RsTlvKeySignature signature ;	// signs the public key in a row.
-		RsTlvSecurityKey  gxs_key ;	// public key of the signer
+		RsTlvPublicRSAKey gxs_key ;	// public key of the signer
 
 	private:
 		// make the object non copy-able

libretroshare/src/serialiser/rsgxsrecognitems.h

@@ -117,7 +117,7 @@ virtual void clear();
 std::ostream &print(std::ostream &out, uint16_t indent = 0);
 
 	RsTlvServiceIdSet signing_classes;
-	RsTlvSecurityKey  key; // has from->to, and flags.
+	RsTlvSecurityKey_deprecated  key; // has from->to, and flags.
 	RsTlvKeySignature sign;
 };
 

libretroshare/src/serialiser/rsnxsitems.cc

@@ -1237,7 +1237,7 @@ RsNxsGrp* RsNxsGrp::clone() const {
 	if(this->metaData)
 	{
 		grp->metaData = new RsGxsGrpMetaData();
-		*(grp->metaData) = *(this->metaData);
+//		*(grp->metaData) = *(this->metaData);
 	}
 
 	return grp;

libretroshare/src/serialiser/rsnxsitems.h

@@ -157,7 +157,8 @@ public:
 	virtual uint32_t serial_size() const; 			
         
     RsGxsGroupId grpId ;
-    RsTlvSecurityKey key ;
+#warning should be renamed private_key
+    RsTlvPrivateRSAKey key ;
 };
 
 
@@ -330,9 +331,12 @@ public:
      * This should contains all data
      * which is not specific to the Gxs service data
      */
+    // This is the binary data for the group meta that is sent to friends. It *should not* contain any private
+    // key parts. This is ensured in RsGenExchange
+    
     RsTlvBinaryData meta;
 
-    // deserialised metaData, this is not serialised
+    // Deserialised metaData, this is not serialised by the serialize() method. So it may contain private key parts in some cases.
     RsGxsGrpMetaData* metaData;
 };
 

libretroshare/src/serialiser/rstlvbase.h

@@ -207,8 +207,10 @@ const uint16_t TLV_TYPE_GXSCIRCLEIDSET= 0x1026;
 
 const uint16_t TLV_TYPE_SERVICESET    = 0x1030; 
 
-const uint16_t TLV_TYPE_SECURITYKEY   = 0x1040;
+const uint16_t TLV_TYPE_SECURITYKEY_deprecated   = 0x1040;
 const uint16_t TLV_TYPE_SECURITYKEYSET = 0x1041;
+const uint16_t TLV_TYPE_RSA_KEY_PUBLIC = 0x1042;
+const uint16_t TLV_TYPE_RSA_KEY_PRIVATE= 0x1043;
 
 const uint16_t TLV_TYPE_KEYSIGNATURE  = 0x1050;
 const uint16_t TLV_TYPE_KEYSIGNATURESET  = 0x1051;

libretroshare/src/serialiser/rstlvkeys.cc

@@ -27,6 +27,7 @@
 #include "rstlvkeys.h"
 #include "rstlvbase.h"
 #include "rsbaseserial.h"
+#include "util/stacktrace.h"
 
 #include <iostream>
 
@@ -37,13 +38,13 @@
 
 /************************************* RsTlvSecurityKey ************************************/
 
-RsTlvSecurityKey::RsTlvSecurityKey()
+RsTlvSecurityKey_deprecated::RsTlvSecurityKey_deprecated()
 	:RsTlvItem(), keyFlags(0), startTS(0), endTS(0),  keyData(TLV_TYPE_KEY_EVP_PKEY)
 {
 	return;
 }
 
-void RsTlvSecurityKey::TlvClear()
+void RsTlvSecurityKey_deprecated::TlvClear()
 {
 	keyId.clear();
 	keyFlags = 0;
@@ -53,7 +54,7 @@ void RsTlvSecurityKey::TlvClear()
 }
 
 /* clears keyData - but doesn't delete */
-void RsTlvSecurityKey::ShallowClear()
+void RsTlvSecurityKey_deprecated::ShallowClear()
 {
 	keyId.clear();
 	keyFlags = 0;
@@ -63,8 +64,22 @@ void RsTlvSecurityKey::ShallowClear()
 	keyData.bin_len = 0;
 }
 
+uint32_t RsTlvRSAKey::TlvSize() const
+{
+	uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
 
-uint32_t RsTlvSecurityKey::TlvSize() const
+	/* now add comment and title length of this tlv object */
+
+	s += keyId.serial_size(); 
+	s += 4;
+	s += 4;
+	s += 4;
+	s += keyData.TlvSize();
+
+	return s;
+
+}
+uint32_t RsTlvSecurityKey_deprecated::TlvSize() const
 {
 	uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
 
@@ -81,15 +96,48 @@ uint32_t RsTlvSecurityKey::TlvSize() const
 	s += keyData.TlvSize();
 
 	return s;
-
 }
 
-bool  RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const
+bool  RsTlvRSAKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const
 {
 	/* must check sizes */
 	uint32_t tlvsize = TlvSize();
 	uint32_t tlvend  = *offset + tlvsize;
 
+	if (size < tlvend)
+	{
+		std::cerr << "RsTlvSecurityKey::SetTlv() Failed not enough space";
+		std::cerr << std::endl;
+		return false; /* not enough space */
+	}
+
+	bool ok = checkFlags(keyFlags);	// check before serialise, just in case
+
+	/* start at data[offset] */
+        /* add mandatory parts first */
+
+	ok &= SetTlvBase(data, tlvend, offset, tlvType(), tlvsize);
+
+	ok &= keyId.serialise(data, tlvend, *offset) ;
+	ok &= setRawUInt32(data, tlvend, offset, keyFlags);
+	ok &= setRawUInt32(data, tlvend, offset, startTS);
+	ok &= setRawUInt32(data, tlvend, offset, endTS);
+	ok &= keyData.SetTlv(data, tlvend, offset);  
+
+	return ok;
+
+}
+bool  RsTlvSecurityKey_deprecated::SetTlv(void *data, uint32_t size, uint32_t *offset) const
+{
+    std::cerr << "(EE) Serialisation of an old security key format. Will not be done! callstack is:" << std::cerr << std::endl;
+    print_stacktrace() ;
+    
+#warning REMOVE THIS CODE BELOW WHEN IT IS NOT CALLED ANYMORE 
+    
+	/* must check sizes */
+	uint32_t tlvsize = TlvSize();
+	uint32_t tlvend  = *offset + tlvsize;
+
 	if (size < tlvend)
 	{
 //#ifdef TLV_DEBUG
@@ -104,7 +152,7 @@ bool  RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) cons
 	/* start at data[offset] */
         /* add mandatory parts first */
 
-	ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
+	ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY_deprecated, tlvsize);
 
 #ifdef KEEP_OLD_SIGNATURE_SERIALISE_FORMAT
 	ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId.toStdString());  
@@ -120,8 +168,7 @@ bool  RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) cons
 
 }
 
-
+bool  RsTlvRSAKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
-bool  RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
 {
 	if (size < *offset + TLV_HEADER_SIZE)
 		return false;	
@@ -139,7 +186,75 @@ bool  RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
 		return false; /* not enough space */
 	}
 
-	if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
+	if (tlvtype != tlvType()) /* check type */
+	{
+#ifdef TLV_DEBUG
+		std::cerr << "RsTlvSecurityKey::GetTlv() Fail, wrong type";
+		std::cerr << std::endl;
+#endif
+		return false;
+	}
+
+	bool ok = true;
+
+	/* ready to load */
+	TlvClear();
+
+	/* skip the header */
+	(*offset) += TLV_HEADER_SIZE;
+
+	ok &= keyId.deserialise(data, tlvend, *offset) ;
+	ok &= getRawUInt32(data, tlvend, offset, &(keyFlags));
+	ok &= getRawUInt32(data, tlvend, offset, &(startTS));
+	ok &= getRawUInt32(data, tlvend, offset, &(endTS));
+	ok &= keyData.GetTlv(data, tlvend, offset);  
+
+    	ok &= checkFlags(keyFlags) ;
+        
+	/***************************************************************************
+	 * NB: extra components could be added (for future expansion of the type).
+	 *            or be present (if this code is reading an extended version).
+	 *
+	 * We must chew up the extra characters to conform with TLV specifications
+	 ***************************************************************************/
+	if (*offset != tlvend)
+	{
+#ifdef TLV_DEBUG
+		std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item";
+		std::cerr << std::endl;
+#endif
+		*offset = tlvend;
+	}
+
+	if (!ok)
+	{
+#ifdef TLV_DEBUG
+		std::cerr << "RsTlvSecurityKey::GetTlv() Failed somewhere ok == false";
+		std::cerr << std::endl;
+#endif
+	}
+
+	return ok;
+}
+bool  RsTlvSecurityKey_deprecated::GetTlv(void *data, uint32_t size, uint32_t *offset)
+{
+	if (size < *offset + TLV_HEADER_SIZE)
+		return false;	
+	
+	uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset])  );
+	uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset])  );
+	uint32_t tlvend = *offset + tlvsize;
+
+	if (size < tlvend)    /* check size */
+	{
+#ifdef TLV_DEBUG
+		std::cerr << "RsTlvSecurityKey::GetTlv() Fail, not enough space";
+		std::cerr << std::endl;
+#endif
+		return false; /* not enough space */
+	}
+
+	if (tlvtype != TLV_TYPE_SECURITYKEY_deprecated) /* check type */
 	{
 #ifdef TLV_DEBUG
 		std::cerr << "RsTlvSecurityKey::GetTlv() Fail, wrong type";
@@ -196,7 +311,7 @@ bool  RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
 }
 
 
-std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent) const
+std::ostream &RsTlvSecurityKey_deprecated::print(std::ostream &out, uint16_t indent) const
 { 
 	printBase(out, "RsTlvSecurityKey", indent);
 	uint16_t int_Indent = indent + 2;
@@ -233,7 +348,10 @@ std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent) const
 void RsTlvSecurityKeySet::TlvClear()
 {
 	groupId.clear();
-	keys.clear(); //empty list
+#ifdef TODO
+	public_keys.clear(); //empty list
+	private_keys.clear(); //empty list
+#endif
 }
 
 uint32_t RsTlvSecurityKeySet::TlvSize() const
@@ -241,17 +359,13 @@ uint32_t RsTlvSecurityKeySet::TlvSize() const
 
 	uint32_t s = TLV_HEADER_SIZE; /* header */
 
-	std::map<RsGxsId, RsTlvSecurityKey>::const_iterator it;
-	
 	s += GetTlvStringSize(groupId); 
 
-	if(!keys.empty())
+	for(std::map<RsGxsId, RsTlvPublicRSAKey>::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it)
-	{
-
-		for(it = keys.begin(); it != keys.end() ; ++it)
 		s += (it->second).TlvSize();
     
-	}
+	for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it)
+		s += (it->second).TlvSize();
 
 	return s;
 }
@@ -279,17 +393,13 @@ bool  RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) c
 	/* groupId */
 	ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
 
-	if(!keys.empty())
+    	for(std::map<RsGxsId, RsTlvPublicRSAKey>::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it)
-	{
-		std::map<RsGxsId, RsTlvSecurityKey>::const_iterator it;
-
-		for(it = keys.begin(); it != keys.end() ; ++it)
 			ok &= (it->second).SetTlv(data, size, offset);
-	}
         
+    	for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it)
+			ok &= (it->second).SetTlv(data, size, offset);
 
 	return ok;
-
 }
 
 
@@ -327,17 +437,52 @@ bool  RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset)
 
 		switch(tlvsubtype)
 		{
-                        case TLV_TYPE_SECURITYKEY:
+		case TLV_TYPE_SECURITYKEY_deprecated:
 		{
-				RsTlvSecurityKey key;
+			RsTlvSecurityKey_deprecated key;
+
 			ok &= key.GetTlv(data, size, offset);
+
 			if (ok)
 			{
-					keys[key.keyId] = key;
+				std::cerr << "(WW) read RSA key with old format. Will be converted to new format. Flags=" << std::hex << key.keyFlags << std::dec << std::endl;
+
+				if(key.keyFlags & RSTLV_KEY_TYPE_FULL) 
+					private_keys[key.keyId] = RsTlvPrivateRSAKey(key);
+				else
+					public_keys[key.keyId] = RsTlvPublicRSAKey(key);
+
 				key.TlvClear(); /* so that the Map can get control - should be ref counted*/
 			}
 		}
 			break ;
+
+		case TLV_TYPE_RSA_KEY_PRIVATE:
+		{
+			RsTlvPrivateRSAKey key;
+
+			if(key.GetTlv(data, size, offset))
+				private_keys[key.keyId] = key;
+			else
+				ok = false ;
+
+			key.TlvClear(); /* so that the Map can get control - should be ref counted*/
+		}
+			break;
+
+		case TLV_TYPE_RSA_KEY_PUBLIC:
+		{
+			RsTlvPublicRSAKey key;
+
+			if(key.GetTlv(data, size, offset))
+				public_keys[key.keyId] = key;
+			else
+				ok = false ;
+
+			key.TlvClear(); /* so that the Map can get control - should be ref counted*/
+		}
+			break;
+
 		default:
 			ok &= SkipUnknownTlv(data, tlvend, offset);
 			break;
@@ -378,8 +523,9 @@ std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent) con
 	out << "GroupId: " << groupId;
 	out << std::endl;
 
-	std::map<RsGxsId, RsTlvSecurityKey>::const_iterator it;
+	for( std::map<RsGxsId, RsTlvPublicRSAKey>::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it)
-	for(it = keys.begin(); it != keys.end() ; ++it)
+		(it->second).print(out, int_Indent);
+	for( std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it)
 		(it->second).print(out, int_Indent);
 
 	printEnd(out, "RsTlvSecurityKeySet", indent);

libretroshare/src/serialiser/rstlvkeys.h

@@ -31,6 +31,7 @@
 
 #include "serialiser/rstlvitem.h"
 #include "serialiser/rstlvbinary.h"
+#include "serialiser/rstlvbase.h"
 #include "retroshare/rsgxsifacetypes.h"
 
 #include <map>
@@ -46,11 +47,13 @@ const uint32_t RSTLV_KEY_DISTRIB_ADMIN          = 0x0040;
 const uint32_t RSTLV_KEY_DISTRIB_IDENTITY       = 0x0080;
 const uint32_t RSTLV_KEY_DISTRIB_MASK           = 0x00f0;
 
-class RsTlvSecurityKey: public RsTlvItem
+// Old class for RsTlvSecurityKey. Is kept for backward compatibility, but should not be serialised anymore
+
+class RsTlvSecurityKey_deprecated: public RsTlvItem
 {
 	public:
-		RsTlvSecurityKey();
+		RsTlvSecurityKey_deprecated();
-		virtual ~RsTlvSecurityKey() {}
+		virtual ~RsTlvSecurityKey_deprecated() {}
 
 		virtual uint32_t TlvSize() const;
 		virtual void	 TlvClear();
@@ -68,11 +71,63 @@ class RsTlvSecurityKey: public RsTlvItem
 		RsTlvBinaryData keyData; 	// Mandatory : 
 };
 
+class RsTlvRSAKey
+{
+public:
+    virtual uint32_t tlvType() const = 0 ;
+    virtual bool     checkFlags(uint32_t flags) const = 0 ;
+
+    virtual uint32_t TlvSize() const;
+    virtual void 	TlvClear();
+    virtual bool     SetTlv(void *data, uint32_t size, uint32_t *offset) const; 
+    virtual bool     GetTlv(void *data, uint32_t size, uint32_t *offset); 
+    virtual std::ostream &print(std::ostream &out, uint16_t indent) const;
+
+    /* clears KeyData - but doesn't delete - to transfer ownership */
+    void ShallowClear(); 
+    
+    bool check() const { return checkFlags(keyFlags) && (!keyId.isNull()) ; }
+
+    RsGxsId keyId;		// Mandatory :
+    uint32_t keyFlags;		// Mandatory ;
+    uint32_t startTS;		// Mandatory : 
+    uint32_t endTS;		// Mandatory : 
+    RsTlvBinaryData keyData; 	// Mandatory : 
+};
+
+// The two classes below are by design incompatible, making it impossible to pass a private key as a public key
+
+class RsTlvPrivateRSAKey: public RsTlvRSAKey
+{    
+	public:
+		RsTlvPrivateRSAKey();
+		explicit RsTlvPrivateRSAKey(RsTlvSecurityKey_deprecated& key);	// convertion tool. Should be called explicitely and performs some checks
+        
+		virtual ~RsTlvPrivateRSAKey() {}
+
+        	virtual bool checkFlags(uint32_t flags) const  { return bool(flags & RSTLV_KEY_TYPE_FULL) && !bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) ; }
+        	virtual uint32_t tlvType() const { return TLV_TYPE_RSA_KEY_PRIVATE ; }
+};
+class RsTlvPublicRSAKey: public RsTlvRSAKey
+{
+#warning TEST IF WE CAN CONVERT PUBLIC TO PRIVATE AND VIS VERSA. NORMALLY WE SHOULDNT
+	public:
+		RsTlvPublicRSAKey();
+		virtual ~RsTlvPublicRSAKey() {}
+		explicit RsTlvPublicRSAKey(RsTlvSecurityKey_deprecated& key);	// convertion tool. Should be called explicitely and performs some checks
+
+        	virtual bool checkFlags(uint32_t flags) const  { return bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && !bool(flags & RSTLV_KEY_TYPE_FULL) ; }
+        	virtual uint32_t tlvType() const { return TLV_TYPE_RSA_KEY_PUBLIC ; }
+};
+
 class RsTlvSecurityKeySet: public RsTlvItem
 {
 public:
 	RsTlvSecurityKeySet() { return; }
 	virtual ~RsTlvSecurityKeySet() { return; }
+        
+        void initFromPublicKeys(const RsTlvSecurityKeySet& skset) ;
+        
 	virtual uint32_t TlvSize() const;
 	virtual void	 TlvClear();
 	virtual bool     SetTlv(void *data, uint32_t size, uint32_t *offset) const; 
@@ -80,7 +135,12 @@ virtual bool     GetTlv(void *data, uint32_t size, uint32_t *offset);
 	virtual std::ostream &print(std::ostream &out, uint16_t indent) const;
 
 	std::string groupId;					// Mandatory :
-	std::map<RsGxsId, RsTlvSecurityKey> keys;	// Mandatory :
+	std::map<RsGxsId, RsTlvPublicRSAKey> public_keys;	// Mandatory :
+	std::map<RsGxsId, RsTlvPrivateRSAKey> private_keys;	// Mandatory :
+    
+//private:
+//    	RsTlvSecurityKeySet& operator=(const RsTlvSecurityKeySet&) { std::cerr << "(EE) " <<__PRETTY_FUNCTION__ << " shouldn't be called!" << std::endl; return *this;}
+//    	RsTlvSecurityKeySet(const RsTlvSecurityKeySet&) { std::cerr << "(EE) " <<__PRETTY_FUNCTION__ << " shouldn't be called!" << std::endl;}
 };
 
 

libretroshare/src/services/p3idservice.cc

@@ -447,7 +447,10 @@ bool p3IdService:: getIdDetails(const RsGxsId &id, RsIdentityDetails &details)
 
     {
         RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
-        RsGxsIdCache data;
+        
+        {
+        RsGxsIdCache<RsTlvPublicRSAKey> data;
+        
         if (mPublicKeyCache.fetch(id, data))
         {
             details = data.details;
@@ -464,6 +467,9 @@ bool p3IdService:: getIdDetails(const RsGxsId &id, RsIdentityDetails &details)
 
             return true;
         }
+        }
+
+        RsGxsIdCache<RsTlvPrivateRSAKey> data;
         
         /* try private cache too */
         if (mPrivateKeyCache.fetch(id, data))
@@ -604,12 +610,13 @@ bool p3IdService::getRecognTagRequest(const RsGxsId &id, const std::string &comm
 		return false;
 	}
 
-	RsTlvSecurityKey key;
+	RsTlvPrivateRSAKey key;
 	std::string nickname;
 
 	{
 		RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
-		RsGxsIdCache data;
+		RsGxsIdCache<RsTlvPrivateRSAKey> data;
+        
 		if (!mPrivateKeyCache.fetch(id, data))
 		{
 #ifdef DEBUG_RECOGN
@@ -669,11 +676,12 @@ bool p3IdService::isPendingNetworkRequest(const RsGxsId& gxsId)
 	return false;
 }
 
-bool p3IdService::getKey(const RsGxsId &id, RsTlvSecurityKey &key)
+bool p3IdService::getKey(const RsGxsId &id, RsTlvPublicRSAKey &key)
 {
     {
 	RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
-	RsGxsIdCache data;
+	RsGxsIdCache<RsTlvPublicRSAKey> data;
+    
 	if (mPublicKeyCache.fetch(id, data))
 	{
 		key = data.pubkey;
@@ -695,11 +703,12 @@ bool p3IdService::requestPrivateKey(const RsGxsId &id)
     return cache_request_load(id);
 }
 
-bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key)
+bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key)
 {
     {
         RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
-        RsGxsIdCache data;
+        RsGxsIdCache<RsTlvPrivateRSAKey> data;
+        
         if (mPrivateKeyCache.fetch(id, data))
         {
             key = data.pubkey;
@@ -716,10 +725,7 @@ bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key)
 
 bool p3IdService::signData(const uint8_t *data,uint32_t data_size,const RsGxsId& own_gxs_id,RsTlvKeySignature& signature,uint32_t& error_status)
 {
-    //RsIdentityDetails details  ;
+    RsTlvPrivateRSAKey signature_key ;
-    RsTlvSecurityKey signature_key ;
-
-    //getIdDetails(own_gxs_id,details);
 
     int i ;
     for(i=0;i<6;++i)
@@ -758,7 +764,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl
 {
    // RsIdentityDetails details ;
    // getIdDetails(signature.keyId,details);
-    RsTlvSecurityKey signature_key ;
+    RsTlvPublicRSAKey signature_key ;
 
     for(int i=0;i< (force_load?6:1);++i)
         if(!getKey(signature.keyId,signature_key) || signature_key.keyData.bin_data == NULL)
@@ -793,7 +799,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl
 }
 bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status)
 {
-    RsTlvSecurityKey encryption_key ;
+    RsTlvPublicRSAKey encryption_key ;
 
     // get the key, and let the cache find it.
     for(int i=0;i<(force_load?6:1);++i)
@@ -823,7 +829,7 @@ bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_d
 
 bool p3IdService::decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& decrypted_data,uint32_t& decrypted_size,const RsGxsId& key_id,uint32_t& error_status)
 {
-    RsTlvSecurityKey encryption_key ;
+    RsTlvPrivateRSAKey encryption_key ;
 
     // Get the key, and let the cache find it. It's our own key, so we should be able to find it, even if it takes
     // some seconds.
@@ -882,7 +888,8 @@ bool p3IdService::getReputation(const RsGxsId &id, GixsReputation &rep)
 	/* this is the key part for accepting messages */
 
 	RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
-	RsGxsIdCache data;
+	RsGxsIdCache<RsTlvPublicRSAKey> data;
+    
 	if (mPublicKeyCache.fetch(id, data))
 	{
 		rep.id = id;
@@ -1635,42 +1642,6 @@ std::string SSGxsIdGroup::save() const
  *
  */
 
-RsGxsIdCache::RsGxsIdCache() 
-{ 
-	return; 
-}
-
-RsGxsIdCache::RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvSecurityKey &in_pkey, const std::list<RsRecognTag> &tagList)
-{
-    // Save Keys.
-    pubkey = in_pkey;
-
-    // Save Time for ServiceString comparisions.
-    mPublishTs = item->meta.mPublishTs;
-
-    // Save RecognTags.
-    mRecognTags = tagList;
-
-    details.mAvatar.copy((uint8_t *) item->mImage.binData.bin_data, item->mImage.binData.bin_len);
-
-    // Fill in Details.
-    details.mNickname = item->meta.mGroupName;
-    details.mId = RsGxsId(item->meta.mGroupId);
-
-#ifdef DEBUG_IDS
-    std::cerr << "RsGxsIdCache::RsGxsIdCache() for: " << details.mId;
-    std::cerr << std::endl;
-#endif // DEBUG_IDS
-
-    details.mFlags = 0 ;
-    
-    if(item->meta.mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN)		details.mFlags |= RS_IDENTITY_FLAGS_IS_OWN_ID;
-    if(item->meta.mGroupFlags     & RSGXSID_GROUPFLAG_REALID)			details.mFlags |= RS_IDENTITY_FLAGS_PGP_LINKED;
-
-    /* rest must be retrived from ServiceString */
-    updateServiceString(item->meta.mServiceString);
-}
-
 void RsGxsIdCache::updateServiceString(std::string serviceString)
 {
 	details.mRecognTags.clear();
@@ -1894,8 +1865,8 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
 
 	/* extract key from keys */
     	RsTlvSecurityKeySet keySet;
-    	RsTlvSecurityKey    pubkey;
+    	RsTlvSecurityKey_deprecated    pubkey;
-    	RsTlvSecurityKey    fullkey;
+    	RsTlvSecurityKey_deprecated    fullkey;
 	bool pub_key_ok = false;
 	bool full_key_ok = false;
 
@@ -1908,7 +1879,7 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
 		return false;
 	}
 
-	std::map<RsGxsId, RsTlvSecurityKey>::iterator kit;
+	std::map<RsGxsId, RsTlvSecurityKey_deprecated>::iterator kit;
 
 	//std::cerr << "p3IdService::cache_store() KeySet is:";
 	//keySet.print(std::cerr, 10);
@@ -2367,7 +2338,7 @@ bool p3IdService::cachetest_handlerequest(uint32_t token)
 				}
 				else
 				{
-					RsTlvSecurityKey seckey;
+					RsTlvSecurityKey_deprecated seckey;
                     if (getKey(*vit, seckey))
 					{
 #ifdef DEBUG_IDS
@@ -2399,7 +2370,7 @@ bool p3IdService::cachetest_handlerequest(uint32_t token)
 				}
 				else
 				{
-					RsTlvSecurityKey seckey;
+					RsTlvSecurityKey_deprecated seckey;
 					if (getPrivateKey(*vit, seckey))
 					{
 						// success!
@@ -2541,10 +2512,10 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
 
     /********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
     // find private admin key
-    std::map<RsGxsId, RsTlvSecurityKey>::iterator mit = keySet.keys.begin();
+    std::map<RsGxsId, RsTlvSecurityKey_deprecated>::iterator mit = keySet.keys.begin();
     for(; mit != keySet.keys.end(); ++mit)
     {
-        RsTlvSecurityKey& pk = mit->second;
+        RsTlvSecurityKey_deprecated& pk = mit->second;
 
         if(pk.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL))
         {

libretroshare/src/services/p3idservice.h

@@ -32,6 +32,7 @@
 #include "gxs/rsgixs.h"			// Internal Interfaces.
 
 #include "gxs/gxstokenqueue.h"		
+#include "serialiser/rsgxsiditems.h"		
 
 #include <map>
 #include <string>
@@ -189,12 +190,40 @@ virtual	std::string save() const;
 
 class RsGxsIdGroupItem;
 
-class RsGxsIdCache
+template<class KeyClass> class RsGxsIdCache
 {
 public:
     RsGxsIdCache();
-	RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvSecurityKey &in_pkey, 
+
-		const std::list<RsRecognTag> &tagList);
+    RsGxsIdCache(const RsGxsIdGroupItem *item, const KeyClass& in_pkey, const std::list<RsRecognTag> &tagList)
+    {
+	// Save Keys.
+	pubkey = in_pkey;
+    	// Save Time for ServiceString comparisions.
+	mPublishTs = item->meta.mPublishTs;
+
+	// Save RecognTags.
+	mRecognTags = tagList;
+
+	details.mAvatar.copy((uint8_t *) item->mImage.binData.bin_data, item->mImage.binData.bin_len);
+
+	// Fill in Details.
+	details.mNickname = item->meta.mGroupName;
+	details.mId = RsGxsId(item->meta.mGroupId);
+
+#ifdef DEBUG_IDS
+	std::cerr << "RsGxsIdCache::RsGxsIdCache() for: " << details.mId;
+	std::cerr << std::endl;
+#endif // DEBUG_IDS
+
+	details.mFlags = 0 ;
+
+	if(item->meta.mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN)		details.mFlags |= RS_IDENTITY_FLAGS_IS_OWN_ID;
+	if(item->meta.mGroupFlags     & RSGXSID_GROUPFLAG_REALID)			details.mFlags |= RS_IDENTITY_FLAGS_PGP_LINKED;
+
+	/* rest must be retrived from ServiceString */
+	updateServiceString(item->meta.mServiceString);
+    }
     
     void updateServiceString(std::string serviceString);
 
@@ -202,7 +231,8 @@ void	updateServiceString(std::string serviceString);
     std::list<RsRecognTag> mRecognTags; // Only partially validated.
 
     RsIdentityDetails details;
-	RsTlvSecurityKey pubkey;
+#warning why the "pub" here??
+    KeyClass pubkey;
 };
 
 
@@ -286,8 +316,8 @@ virtual bool setAsRegularContact(const RsGxsId& id,bool is_a_contact) ;
     virtual bool haveKey(const RsGxsId &id);
     virtual bool havePrivateKey(const RsGxsId &id);
 
-    virtual bool getKey(const RsGxsId &id, RsTlvSecurityKey &key);
+    virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey &key);
-    virtual bool getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key);
+    virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key);
 
     virtual bool requestKey(const RsGxsId &id, const std::list<PeerId> &peers);
     virtual bool requestPrivateKey(const RsGxsId &id);
@@ -350,8 +380,8 @@ virtual void handle_event(uint32_t event_type, const std::string &elabel);
 	std::map<RsGxsId, std::list<RsPeerId> > mCacheLoad_ToCache, mPendingCache;
 
 	// Switching to RsMemCache for Key Caching.
-	RsMemCache<RsGxsId, RsGxsIdCache> mPublicKeyCache;
+	RsMemCache<RsGxsId, RsGxsIdCache<RsTlvPublicRSAKey> > mPublicKeyCache;
-	RsMemCache<RsGxsId, RsGxsIdCache> mPrivateKeyCache;
+	RsMemCache<RsGxsId, RsGxsIdCache<RsTlvPrivateRSAKey> > mPrivateKeyCache;
 
 /************************************************************************
  * Refreshing own Ids.

libretroshare/src/util/rsrecogn.cc

@@ -327,6 +327,7 @@ bool rsa_sanity_check(RSA *rsa)
 }
 
 		
+#warning this code should be using GxsSecurity signature code. Not some own made signature call.
 
 bool	RsRecogn::signTag(EVP_PKEY *signKey, RsGxsRecognTagItem *item)
 {
@@ -374,6 +375,8 @@ bool	RsRecogn::signTag(EVP_PKEY *signKey, RsGxsRecognTagItem *item)
 	return true;
 }
 
+#warning this code should be using GxsSecurity signature code. Not some own made signature call.
+
 bool	RsRecogn::signSigner(EVP_PKEY *signKey, RsGxsRecognSignerItem *item)
 {
 	std::cerr << "RsRecogn::signSigner()";
@@ -429,6 +432,7 @@ bool	RsRecogn::signSigner(EVP_PKEY *signKey, RsGxsRecognSignerItem *item)
 	return true;
 }
 
+#warning this code should be using GxsSecurity signature code. Not some own made signature call.
 
 bool	RsRecogn::signTagRequest(EVP_PKEY *signKey, RsGxsRecognReqItem *item)
 {
@@ -560,7 +564,7 @@ RsGxsRecognTagItem *RsRecogn::extractTag(const std::string &encoded)
 }
 
 
-bool RsRecogn::createTagRequest(const RsTlvSecurityKey &key, const RsGxsId &id, const std::string &nickname, uint16_t tag_class, uint16_t tag_type, const std::string &comment, std::string &tag)
+bool RsRecogn::createTagRequest(const RsTlvPrivateRSAKey &key, const RsGxsId &id, const std::string &nickname, uint16_t tag_class, uint16_t tag_type, const std::string &comment, std::string &tag)
 {
 	EVP_PKEY *signKey = EVP_PKEY_new();
 	RSA *rsakey = d2i_RSAPrivateKey(NULL, (const unsigned char **)&key.keyData.bin_data, key.keyData.bin_len);

libretroshare/src/util/rsrecogn.h

@@ -52,7 +52,7 @@ std::string 	getRsaKeyId(RSA *pubkey);
 
 RsGxsRecognTagItem *extractTag(const std::string &encoded);
 
-bool 		createTagRequest(const RsTlvSecurityKey &key, 
+bool 		createTagRequest(const RsTlvPrivateRSAKey &key, 
 			const RsGxsId &id, const std::string &nickname,
 			uint16_t tag_class, uint16_t tag_type, 
 			const std::string &comment, std::string &tag);

tests/unittests/libretroshare/gxs/gen_exchange/rsdummyservices.h

@@ -155,8 +155,8 @@ public:
      * @return a pointer to a valid profile if successful, otherwise NULL
      *
      */
-    bool  getKey(const RsGxsId &id, RsTlvSecurityKey &key){ return false; }
+    bool  getKey(const RsGxsId &id, RsTlvPrublicRSAKey& key){ return false; }
-    bool  getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key){ return false; }	// For signing outgoing messages.
+    bool  getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey& key){ return false; }	// For signing outgoing messages.
 
 private:
 

tests/unittests/libretroshare/gxs/security/gxssecurity_test.cc

@@ -35,8 +35,8 @@
 
 TEST(libretroshare_gxs, GxsSecurity)
 {
-	RsTlvSecurityKey pub_key ;
+	RsTlvSecurityKey_deprecated pub_key ;
-	RsTlvSecurityKey priv_key ;
+	RsTlvSecurityKey_deprecated priv_key ;
 
 	EXPECT_TRUE(GxsSecurity::generateKeyPair(pub_key,priv_key)) ;
 
@@ -45,7 +45,7 @@ TEST(libretroshare_gxs, GxsSecurity)
 	EXPECT_TRUE( pub_key.keyId   == priv_key.keyId   );
 	EXPECT_TRUE( pub_key.startTS == priv_key.startTS );
 
-	RsTlvSecurityKey pub_key2 ;
+	RsTlvSecurityKey_deprecated pub_key2 ;
 	EXPECT_TRUE(GxsSecurity::extractPublicKey(priv_key,pub_key2)) ;
 
 	EXPECT_TRUE( pub_key.keyId    == pub_key2.keyId    );

tests/unittests/libretroshare/serialiser/support.cc

@@ -70,7 +70,7 @@ void init_item(RsTlvSecurityKeySet& ks)
         RsGxsId a_str;
         a_str = RsGxsId::random();
 
-		RsTlvSecurityKey& a_key = ks.keys[a_str];
+		RsTlvSecurityKey_deprecated& a_key = ks.keys[a_str];
 		init_item(a_key);
 		a_key.keyId = a_str;
 	}
@@ -81,7 +81,7 @@ bool operator==(const RsTlvSecurityKeySet& l, const RsTlvSecurityKeySet& r)
 
 	if(l.groupId != r.groupId) return false;
 
-    std::map<RsGxsId, RsTlvSecurityKey>::const_iterator l_cit = l.keys.begin(),
+    std::map<RsGxsId, RsTlvSecurityKey_deprecated>::const_iterator l_cit = l.keys.begin(),
 	r_cit = r.keys.begin();
 
 	for(; l_cit != l.keys.end(); l_cit++, r_cit++){
@@ -94,7 +94,7 @@ bool operator==(const RsTlvSecurityKeySet& l, const RsTlvSecurityKeySet& r)
 
 
 
-bool operator==(const RsTlvSecurityKey& sk1, const RsTlvSecurityKey& sk2)
+bool operator==(const RsTlvSecurityKey_deprecated& sk1, const RsTlvSecurityKey_deprecated& sk2)
 {
 
 	if(sk1.startTS != sk2.startTS) return false;
@@ -183,7 +183,7 @@ bool operator==(const RsTlvBinaryData& bd1, const RsTlvBinaryData& bd2)
 }
 
 
-void init_item(RsTlvSecurityKey& sk)
+void init_item(RsTlvSecurityKey_deprecated& sk)
 {
 	int randnum = rand()%313131;
 

tests/unittests/libretroshare/serialiser/support.h

@@ -58,7 +58,7 @@ void randString(const uint32_t, std::wstring&);
 
 /* for testing compound tlv items */
 
-void init_item(RsTlvSecurityKey&);
+void init_item(RsTlvSecurityKey_deprecated&);
 void init_item(RsTlvSecurityKeySet&);
 void init_item(RsTlvKeySignature&);
 void init_item(RsTlvKeySignatureSet&);
@@ -70,7 +70,7 @@ void init_item(RsTlvPeerIdSet&);
 void init_item(RsTlvImage&);
 void init_item(RsTlvPeerIdSet&);
 
-bool operator==(const RsTlvSecurityKey&, const RsTlvSecurityKey& );
+bool operator==(const RsTlvSecurityKey_deprecated&, const RsTlvSecurityKey_deprecated& );
 bool operator==(const RsTlvSecurityKeySet&, const RsTlvSecurityKeySet& );
 bool operator==(const RsTlvKeySignature&, const RsTlvKeySignature& );
 bool operator==(const RsTlvBinaryData&, const RsTlvBinaryData&);

tests/unittests/libretroshare/serialiser/tlvrandom_test.cc

@@ -68,7 +68,7 @@ int test_TlvRandom(void *data, uint32_t len, uint32_t offset)
 	uint32_t tmpoffset = 0;
 
 	/* List of all the TLV types it could be! */
-	RsTlvSecurityKey skey;
+	RsTlvSecurityKey_deprecated skey;
 	RsTlvSecurityKeySet skeyset;
 	RsTlvKeySignature   keysign;
 
@@ -114,7 +114,7 @@ int test_TlvRandom(void *data, uint32_t len, uint32_t offset)
 	EXPECT_TRUE(test_SetTlvItem(&kv, TLV_TYPE_KEYVALUE, data, len, offset));
 	EXPECT_TRUE(test_SetTlvItem(&kvset, TLV_TYPE_KEYVALUESET, data, len, offset));
 	std::cerr << "test_TlvRandom:: Testing Keys (TYPESET)" << std::endl;
-	EXPECT_TRUE(test_SetTlvItem(&skey, TLV_TYPE_SECURITYKEY, data, len, offset));
+	EXPECT_TRUE(test_SetTlvItem(&skey, TLV_TYPE_SECURITYKEY_deprecated, data, len, offset));
 	EXPECT_TRUE(test_SetTlvItem(&skeyset, TLV_TYPE_SECURITYKEYSET, data, len, offset));
 	EXPECT_TRUE(test_SetTlvItem(&keysign, TLV_TYPE_KEYSIGNATURE, data, len, offset));