Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

added additional checks to signature verification

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7353 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2014-05-08 09:20:25 +00:00
parent 3766449bec
commit a9193c6380
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libretroshare/src/gxs/gxssecurity.cc
View File

@ -54,6 +54,12 @@ RSA *GxsSecurity::extractPublicKey(const RsTlvSecurityKey& key)
bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign) bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign)
{ {
RSA* rsa_pub = extractPrivateKey(privKey); RSA* rsa_pub = extractPrivateKey(privKey);
if(!rsa_pub)
{
std::cerr << "GxsSecurity::validateSignature(): Cannot validate signature. Keydata is incomplete." << std::endl;
return false ;
}
EVP_PKEY *key_pub = EVP_PKEY_new(); EVP_PKEY *key_pub = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key_pub, rsa_pub); EVP_PKEY_assign_RSA(key_pub, rsa_pub);
@ -80,6 +86,11 @@ bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const R
{ {
RSA *rsakey = RSAPublicKey_dup(extractPublicKey(key)) ; RSA *rsakey = RSAPublicKey_dup(extractPublicKey(key)) ;
if(!rsakey)
{
std::cerr << "GxsSecurity::validateSignature(): Cannot validate signature. Keydata is incomplete." << std::endl;
return false ;
}
EVP_PKEY *signKey = EVP_PKEY_new(); EVP_PKEY *signKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(signKey, rsakey); EVP_PKEY_assign_RSA(signKey, rsakey);

8
libretroshare/src/services/p3msgservice.cc
View File

@ -1984,10 +1984,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
RsTlvSecurityKey signature_key ; RsTlvSecurityKey signature_key ;
if(mIdService->getKey(senders_id,signature_key) && GxsSecurity::validateSignature((char*)decrypted_data,offset,signature_key,signature)) if(!mIdService->getKey(senders_id,signature_key) || signature_key.keyData.bin_data == NULL)
signature_ok = true ; std::cerr << "(EE) No key for checking signature from " << senders_id << ", can't veryfy signature." << std::endl;
else if(!GxsSecurity::validateSignature((char*)decrypted_data,offset,signature_key,signature))
std::cerr << "(EE) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
else else
std::cerr << "(!!) No key for checking signature from " << senders_id << ", or signature doesn't check." << std::endl; signature_ok = true ;
offset += signature_size ; offset += signature_size ;
} }