Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Msg forums are now signed by ssl certs

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2178 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-02-03 21:21:04 +00:00
parent 5e11947d5c
commit cfe3bca2a8
6 changed files with 538 additions and 502 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
libretroshare/src/pqi/authssl.cc
View File

@ -193,7 +193,7 @@ X509_REQ *GenerateX509Req(
if (!X509_REQ_set_pubkey(req,pkey))
{
fprintf(stderr,"GenerateX509Req() Couldn't Set PUBKEY Version!\n");
fprintf(stderr,"GenerateX509Req() Couldn't Set PUBKEY !\n");
return 0;
}
@ -889,21 +889,24 @@ std::string AuthSSL::getOwnLocation()
bool AuthSSL::LoadDetailsFromStringCert(std::string pem, RsPeerDetails &pd)
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::LoadIdsFromStringCert() ";
std::cerr << std::endl;
std::cerr << "AuthSSL::LoadIdsFromStringCert() Cleaning up Certificate First!";
std::cerr << std::endl;
std::cerr << "AuthSSL::LoadIdsFromStringCert() " << std::endl;
#endif
std::string cleancert = cleanUpCertificate(pem);
X509 *x509 = loadX509FromPEM(cleancert);
if (!x509)
return false;
X509 *x509 = loadX509FromPEM(pem);
if (!x509) {
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::LoadIdsFromStringCert() certificate not loadable (maybe malformed)" << std::endl;
#endif
return false;
}
if (!ValidateCertificate(x509, pd.id)) {
return false;
} else {
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::LoadIdsFromStringCert() certificate validated." << std::endl;
#endif
pd.gpg_id = getX509CNString(x509->cert_info->issuer);
pd.location = getX509LocString(x509->cert_info->subject);
return true;
@ -1148,22 +1151,48 @@ bool AuthSSL::SignDataBin(const void *data, const uint32_t len,
}
#define AUTHSSL_DEBUG2
bool AuthSSL::VerifyOtherSignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, std::string sslCert) {
X509 *x509 = loadX509FromPEM(sslCert);
std::string sslId;
if (!ValidateCertificate(x509, sslId)) {
std::cerr << "AuthSSL::VerifyOtherSignBin() failed to validate certificate." << std::endl;
return false;
} else {
sslcert *cert = new sslcert(x509, sslId);
return VerifySignBin(data, len, sign, signlen, cert);
}
return false;
}
bool AuthSSL::VerifyOwnSignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen) {
return VerifySignBin(data, len, sign, signlen, mOwnCert);
}
bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen)
unsigned char *sign, unsigned int signlen, sslcert* peer)
{
RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/
/* find the peer */
#ifdef AUTHSSL_DEBUG2
std::cerr << "In AuthSSL::VerifySignBin" << std::endl ;
std::cerr << "In AuthSSL::VerifySignBin" << std::endl;
#endif
sslcert *peer = mOwnCert;
//std::cerr << "Cert info : " << getX509Info(X509 *cert) << std::endl;
EVP_PKEY *peerkey = peer->certificate->cert_info->key->pkey;
/* cert->cert_info->key->pkey is NULL until we call SSL_CTX_use_certificate(),
* so we do it here then... */
SSL_CTX *newSslctx = SSL_CTX_new(TLSv1_method());
SSL_CTX_set_cipher_list(newSslctx, "DEFAULT");
SSL_CTX_use_certificate(newSslctx, peer->certificate);
if(peerkey == NULL)
EVP_PKEY *peerkey = peer->certificate->cert_info->key->pkey;
if(peerkey == NULL)
{
#ifdef AUTHSSL_DEBUG2
std::cerr << "AuthSSL::VerifySignBin: no public key available !!" << std::endl ;
@ -1178,7 +1207,8 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
std::cerr << "EVP_VerifyInit Failure!" << std::endl;
EVP_MD_CTX_destroy(mdctx);
return false;
X509_free(peer->certificate);
return false;
}
if (0 == EVP_VerifyUpdate(mdctx, data, len))
@ -1186,6 +1216,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
std::cerr << "EVP_VerifyUpdate Failure!" << std::endl;
EVP_MD_CTX_destroy(mdctx);
X509_free(peer->certificate);
return false;
}
@ -1195,6 +1226,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
std::cerr << "AuthSSL::VerifySignBin: signlen=" << signlen << ", sign=" << (void*)sign << "!!" << std::endl ;
#endif
EVP_MD_CTX_destroy(mdctx);
X509_free(peer->certificate);
return false ;
}
@ -1203,10 +1235,12 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
std::cerr << "EVP_VerifyFinal Failure!" << std::endl;
EVP_MD_CTX_destroy(mdctx);
X509_free(peer->certificate);
return false;
}
EVP_MD_CTX_destroy(mdctx);
X509_free(peer->certificate);
return true;
}
@ -1947,7 +1981,6 @@ bool AuthSSL::AuthX509(X509 *x509)
int (*i2d)(X509_CINF*, unsigned char**) = i2d_X509_CINF;
ASN1_BIT_STRING *signature = x509->signature;
X509_CINF *data = x509->cert_info;
EVP_PKEY *pkey = NULL;
const EVP_MD *type = EVP_sha1();
EVP_MD_CTX ctx;

4
libretroshare/src/pqi/authssl.h
View File

@ -139,7 +139,9 @@ virtual bool SignData(std::string input, std::string &sign);
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int);
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, sslcert* cert);
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
virtual bool VerifyOtherSignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string sslCert);
// return : false if encrypt failed
bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);

1
libretroshare/src/serialiser/rstlvbase.h
View File

@ -133,6 +133,7 @@ const uint16_t TLV_TYPE_STR_GENID = 0x005a;
const uint16_t TLV_TYPE_STR_GPGID = 0x005b;
const uint16_t TLV_TYPE_STR_LOCATION = 0x005c;
const uint16_t TLV_TYPE_STR_CERT_GPG = 0x005d;
const uint16_t TLV_TYPE_STR_CERT_SSL = 0x005e;
/* Wide Chars (4 bytes per char) for internationalisation */
const uint16_t TLV_TYPE_WSTR_PEERID = 0x0060;

883
libretroshare/src/serialiser/rstlvkeys.cc
View File

@ -23,443 +23,446 @@
* Please report all bugs and problems to "retroshare@lunamutt.com".
*
*/
#include "rstlvkeys.h"
#include "rstlvbase.h"
#include "rstlvtypes.h"
#include "rsbaseserial.h"
#include "util/rsprint.h"
#include <ostream>
#include <sstream>
#include <iomanip>
#include <iostream>
/************************************* RsTlvSecurityKey ************************************/
RsTlvSecurityKey::RsTlvSecurityKey()
:RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY)
{
return;
}
void RsTlvSecurityKey::TlvClear()
{
keyId.clear();
keyFlags = 0;
startTS = 0;
endTS = 0;
keyData.TlvClear();
}
/* clears keyData - but doesn't delete */
void RsTlvSecurityKey::ShallowClear()
{
keyId.clear();
keyFlags = 0;
startTS = 0;
endTS = 0;
keyData.bin_data = 0;
keyData.bin_len = 0;
}
uint32_t RsTlvSecurityKey::TlvSize()
{
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
/* now add comment and title length of this tlv object */
s += GetTlvStringSize(keyId);
s += 4;
s += 4;
s += 4;
s += keyData.TlvSize();
return s;
}
bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
return false; /* not enough space */
bool ok = true;
/* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= setRawUInt32(data, tlvend, offset, keyFlags);
ok &= setRawUInt32(data, tlvend, offset, startTS);
ok &= setRawUInt32(data, tlvend, offset, endTS);
ok &= keyData.SetTlv(data, tlvend, offset);
return ok;
}
bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */
return false; /* not enough space */
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
return false;
bool ok = true;
/* ready to load */
TlvClear();
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= getRawUInt32(data, tlvend, offset, &(keyFlags));
ok &= getRawUInt32(data, tlvend, offset, &(startTS));
ok &= getRawUInt32(data, tlvend, offset, &(endTS));
ok &= keyData.GetTlv(data, tlvend, offset);
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
*
* We must chew up the extra characters to conform with TLV specifications
***************************************************************************/
if (*offset != tlvend)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl;
#endif
*offset = tlvend;
}
return ok;
}
std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent)
{
printBase(out, "RsTlvSecurityKey", indent);
uint16_t int_Indent = indent + 2;
printIndent(out, int_Indent);
out << "KeyId:" << keyId;
out << std::endl;
printIndent(out, int_Indent);
out << "KeyFlags:" << keyFlags;
out << std::endl;
printIndent(out, int_Indent);
out << "StartTS:" << startTS;
out << std::endl;
printIndent(out, int_Indent);
out << "EndTS:" << endTS;
out << std::endl;
keyData.print(out, int_Indent);
out << std::endl;
printEnd(out, "RsTlvSecurityKey", indent);
return out;
}
/************************************* RsTlvSecurityKeySet ************************************/
void RsTlvSecurityKeySet::TlvClear()
{
groupId.clear();
keys.clear(); //empty list
}
uint32_t RsTlvSecurityKeySet::TlvSize()
{
uint32_t s = TLV_HEADER_SIZE; /* header */
std::map<std::string, RsTlvSecurityKey>::iterator it;
s += GetTlvStringSize(groupId);
if(!keys.empty())
{
for(it = keys.begin(); it != keys.end() ; ++it)
s += (it->second).TlvSize();
}
return s;
}
bool RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
return false; /* not enough space */
bool ok = true;
/* start at data[offset] */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEYSET , tlvsize);
/* groupId */
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
if(!keys.empty())
{
std::map<std::string, RsTlvSecurityKey>::iterator it;
for(it = keys.begin(); it != keys.end() ; ++it)
ok &= (it->second).SetTlv(data, size, offset);
}
return ok;
}
bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */
return false; /* not enough space */
if (tlvtype != TLV_TYPE_SECURITYKEYSET) /* check type */
return false;
bool ok = true;
/* ready to load */
TlvClear();
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
/* groupId */
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
/* while there is TLV */
while((*offset) + 2 < tlvend)
{
/* get the next type */
uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
switch(tlvsubtype)
{
case TLV_TYPE_SECURITYKEY:
{
RsTlvSecurityKey key;
ok &= key.GetTlv(data, size, offset);
if (ok)
{
keys[key.keyId] = key;
key.ShallowClear(); /* so that the Map can get control - should be ref counted*/
}
}
break;
default:
ok &= SkipUnknownTlv(data, tlvend, offset);
break;
}
if (!ok)
break;
}
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
*
* We must chew up the extra characters to conform with TLV specifications
***************************************************************************/
if (*offset != tlvend)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKeySet::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl;
#endif
*offset = tlvend;
}
return ok;
}
// prints out contents of RsTlvSecurityKeySet
std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent)
{
printBase(out, "RsTlvSecurityKeySet", indent);
uint16_t int_Indent = indent + 2;
printIndent(out, int_Indent);
out << "GroupId: " << groupId;
out << std::endl;
std::map<std::string, RsTlvSecurityKey>::iterator it;
for(it = keys.begin(); it != keys.end() ; ++it)
(it->second).print(out, int_Indent);
printEnd(out, "RsTlvSecurityKeySet", indent);
return out;
}
/************************************* RsTlvSecurityKey ************************************/
RsTlvKeySignature::RsTlvKeySignature()
:RsTlvItem(), signData(TLV_TYPE_SIGN_RSA_SHA1)
{
return;
}
void RsTlvKeySignature::TlvClear()
{
keyId.clear();
signData.TlvClear();
}
/* clears signData - but doesn't delete */
void RsTlvKeySignature::ShallowClear()
{
keyId.clear();
signData.bin_data = 0;
signData.bin_len = 0;
}
uint32_t RsTlvKeySignature::TlvSize()
{
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
s += GetTlvStringSize(keyId);
s += signData.TlvSize();
return s;
}
bool RsTlvKeySignature::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
return false; /* not enough space */
bool ok = true;
/* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= signData.SetTlv(data, tlvend, offset);
return ok;
}
bool RsTlvKeySignature::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint16_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */
return false; /* not enough space */
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
return false;
bool ok = true;
/* ready to load */
TlvClear();
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= signData.GetTlv(data, tlvend, offset);
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
*
* We must chew up the extra characters to conform with TLV specifications
***************************************************************************/
if (*offset != tlvend)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvKeySignature::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl;
#endif
*offset = tlvend;
}
return ok;
}
std::ostream &RsTlvKeySignature::print(std::ostream &out, uint16_t indent)
{
printBase(out, "RsTlvKeySignature", indent);
uint16_t int_Indent = indent + 2;
printIndent(out, int_Indent);
out << "KeyId:" << keyId;
out << std::endl;
signData.print(out, int_Indent);
out << std::endl;
printEnd(out, "RsTlvKeySignature", indent);
return out;
}
#include "rstlvkeys.h"
#include "rstlvbase.h"
#include "rstlvtypes.h"
#include "rsbaseserial.h"
#include "util/rsprint.h"
#include <ostream>
#include <sstream>
#include <iomanip>
#include <iostream>
/************************************* RsTlvSecurityKey ************************************/
RsTlvSecurityKey::RsTlvSecurityKey()
:RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY)
{
return;
}
void RsTlvSecurityKey::TlvClear()
{
keyId.clear();
keyFlags = 0;
startTS = 0;
endTS = 0;
keyData.TlvClear();
}
/* clears keyData - but doesn't delete */
void RsTlvSecurityKey::ShallowClear()
{
keyId.clear();
keyFlags = 0;
startTS = 0;
endTS = 0;
keyData.bin_data = 0;
keyData.bin_len = 0;
}
uint32_t RsTlvSecurityKey::TlvSize()
{
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
/* now add comment and title length of this tlv object */
s += GetTlvStringSize(keyId);
s += 4;
s += 4;
s += 4;
s += keyData.TlvSize();
return s;
}
bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
return false; /* not enough space */
bool ok = true;
/* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= setRawUInt32(data, tlvend, offset, keyFlags);
ok &= setRawUInt32(data, tlvend, offset, startTS);
ok &= setRawUInt32(data, tlvend, offset, endTS);
ok &= keyData.SetTlv(data, tlvend, offset);
return ok;
}
bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */
return false; /* not enough space */
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
return false;
bool ok = true;
/* ready to load */
TlvClear();
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= getRawUInt32(data, tlvend, offset, &(keyFlags));
ok &= getRawUInt32(data, tlvend, offset, &(startTS));
ok &= getRawUInt32(data, tlvend, offset, &(endTS));
ok &= keyData.GetTlv(data, tlvend, offset);
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
*
* We must chew up the extra characters to conform with TLV specifications
***************************************************************************/
if (*offset != tlvend)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl;
#endif
*offset = tlvend;
}
return ok;
}
std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent)
{
printBase(out, "RsTlvSecurityKey", indent);
uint16_t int_Indent = indent + 2;
printIndent(out, int_Indent);
out << "KeyId:" << keyId;
out << std::endl;
printIndent(out, int_Indent);
out << "KeyFlags:" << keyFlags;
out << std::endl;
printIndent(out, int_Indent);
out << "StartTS:" << startTS;
out << std::endl;
printIndent(out, int_Indent);
out << "EndTS:" << endTS;
out << std::endl;
keyData.print(out, int_Indent);
out << std::endl;
printEnd(out, "RsTlvSecurityKey", indent);
return out;
}
/************************************* RsTlvSecurityKeySet ************************************/
void RsTlvSecurityKeySet::TlvClear()
{
groupId.clear();
keys.clear(); //empty list
}
uint32_t RsTlvSecurityKeySet::TlvSize()
{
uint32_t s = TLV_HEADER_SIZE; /* header */
std::map<std::string, RsTlvSecurityKey>::iterator it;
s += GetTlvStringSize(groupId);
if(!keys.empty())
{
for(it = keys.begin(); it != keys.end() ; ++it)
s += (it->second).TlvSize();
}
return s;
}
bool RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
return false; /* not enough space */
bool ok = true;
/* start at data[offset] */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEYSET , tlvsize);
/* groupId */
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
if(!keys.empty())
{
std::map<std::string, RsTlvSecurityKey>::iterator it;
for(it = keys.begin(); it != keys.end() ; ++it)
ok &= (it->second).SetTlv(data, size, offset);
}
return ok;
}
bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */
return false; /* not enough space */
if (tlvtype != TLV_TYPE_SECURITYKEYSET) /* check type */
return false;
bool ok = true;
/* ready to load */
TlvClear();
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
/* groupId */
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
/* while there is TLV */
while((*offset) + 2 < tlvend)
{
/* get the next type */
uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
switch(tlvsubtype)
{
case TLV_TYPE_SECURITYKEY:
{
RsTlvSecurityKey key;
ok &= key.GetTlv(data, size, offset);
if (ok)
{
keys[key.keyId] = key;
key.ShallowClear(); /* so that the Map can get control - should be ref counted*/
}
}
break;
default:
ok &= SkipUnknownTlv(data, tlvend, offset);
break;
}
if (!ok)
break;
}
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
*
* We must chew up the extra characters to conform with TLV specifications
***************************************************************************/
if (*offset != tlvend)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKeySet::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl;
#endif
*offset = tlvend;
}
return ok;
}
// prints out contents of RsTlvSecurityKeySet
std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent)
{
printBase(out, "RsTlvSecurityKeySet", indent);
uint16_t int_Indent = indent + 2;
printIndent(out, int_Indent);
out << "GroupId: " << groupId;
out << std::endl;
std::map<std::string, RsTlvSecurityKey>::iterator it;
for(it = keys.begin(); it != keys.end() ; ++it)
(it->second).print(out, int_Indent);
printEnd(out, "RsTlvSecurityKeySet", indent);
return out;
}
/************************************* RsTlvSecurityKey ************************************/
RsTlvKeySignature::RsTlvKeySignature()
:RsTlvItem(), signData(TLV_TYPE_SIGN_RSA_SHA1)
{
return;
}
void RsTlvKeySignature::TlvClear()
{
keyId.clear();
signData.TlvClear();
}
/* clears signData - but doesn't delete */
void RsTlvKeySignature::ShallowClear()
{
keyId.clear();
signData.bin_data = 0;
signData.bin_len = 0;
}
uint32_t RsTlvKeySignature::TlvSize()
{
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
s += GetTlvStringSize(keyId);
s += signData.TlvSize();
s += GetTlvStringSize(sslCert);
return s;
}
bool RsTlvKeySignature::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
return false; /* not enough space */
bool ok = true;
/* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= signData.SetTlv(data, tlvend, offset);
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_CERT_SSL, sslCert);
return ok;
}
bool RsTlvKeySignature::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint16_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */
return false; /* not enough space */
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
return false;
bool ok = true;
/* ready to load */
TlvClear();
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= signData.GetTlv(data, tlvend, offset);
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_CERT_SSL, sslCert);
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
*
* We must chew up the extra characters to conform with TLV specifications
***************************************************************************/
if (*offset != tlvend)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvKeySignature::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl;
#endif
*offset = tlvend;
}
return ok;
}
std::ostream &RsTlvKeySignature::print(std::ostream &out, uint16_t indent)
{
printBase(out, "RsTlvKeySignature", indent);
uint16_t int_Indent = indent + 2;
printIndent(out, int_Indent);
out << "KeyId:" << keyId;
out << std::endl;
signData.print(out, int_Indent);
out << std::endl;
printEnd(out, "RsTlvKeySignature", indent);
return out;
}

3
libretroshare/src/serialiser/rstlvkeys.h
View File

@ -94,7 +94,8 @@ virtual std::ostream &print(std::ostream &out, uint16_t indent);
void ShallowClear(); /* clears signData - but doesn't delete */
std::string keyId; // Mandatory :
RsTlvBinaryData signData; // Mandatory :
RsTlvBinaryData signData; // Mandatory :
std::string sslCert; // Mandatory :
};

82
libretroshare/src/services/p3distrib.cc
View File

@ -1729,10 +1729,11 @@ std::string p3GroupDistrib::publishMsg(RsDistribMsg *msg, bool personalSign)
{
unsigned int siglen = EVP_PKEY_size(publishKey);
unsigned char sigbuf[siglen];
if (AuthGPG::getAuthGPG()->SignDataBin(data, size, sigbuf, &siglen))
if (AuthSSL::getAuthSSL()->SignDataBin(data, size, sigbuf, &siglen))
{
signedMsg->personalSignature.signData.setBinData(sigbuf, siglen);
signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->getGPGOwnId();
signedMsg->personalSignature.keyId = AuthSSL::getAuthSSL()->OwnId();
signedMsg->personalSignature.sslCert = AuthSSL::getAuthSSL()->SaveOwnCertificateToString();
}
}
@ -2446,49 +2447,44 @@ bool p3GroupDistrib::locked_validateDistribSignedMsg(
/* now verify Personal signature */
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Personal Signature";
std::cerr << std::endl;
#endif
if (AuthGPG::getAuthGPG()->isGPGValid(newMsg->personalSignature.keyId))
if (signOk == 1 && ((info.grpFlags & RS_DISTRIB_AUTHEN_MASK) & RS_DISTRIB_AUTHEN_REQ))
{
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Peer Known";
std::cerr << std::endl;
#endif
unsigned int personalsiglen =
newMsg->personalSignature.signData.bin_len;
unsigned char *personalsigbuf = (unsigned char *)
newMsg->personalSignature.signData.bin_data;
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Personal Signature. sslCert : " << newMsg->personalSignature.sslCert << std::endl;
#endif
#ifdef TEMPORARILY SUSPENDED
// csoler:
// I'm suspending this because it prevents messages to be displayed. I guess there is a signature
// problem, such as the msg is signed by the SSL key and authed by the PGP one, or something like this.
//
if (!mAuthMgr->VerifySignBin(
newMsg->personalSignature.keyId,
newMsg->packet.bin_data, newMsg->packet.bin_len,
personalsigbuf, personalsiglen))
{
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() VerifySign Failed";
std::cerr << std::endl;
#endif
signOk = 0;
}
#endif
}
else if ((info.grpFlags & RS_DISTRIB_AUTHEN_MASK)
& RS_DISTRIB_AUTHEN_REQ)
{
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - No Personal Sign on AUTH grp";
std::cerr << std::endl;
#endif
/* must know the signer */
signOk = 0;
//check the sslCert
RsPeerDetails pd;
if (!AuthSSL::getAuthSSL()->LoadDetailsFromStringCert(newMsg->personalSignature.sslCert, pd)) {
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - ssl cert not valid" << std::endl;
#endif
signOk = 0;
} else if (pd.id != newMsg->personalSignature.keyId) {
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - ssl cert id does not match the personal signature key id" << std::endl;
#endif
signOk = 0;
} else {
unsigned int personalsiglen =
newMsg->personalSignature.signData.bin_len;
unsigned char *personalsigbuf = (unsigned char *)
newMsg->personalSignature.signData.bin_data;
bool sslSign = AuthSSL::getAuthSSL()->VerifyOtherSignBin(
newMsg->packet.bin_data, newMsg->packet.bin_len,
personalsigbuf, personalsiglen, newMsg->personalSignature.sslCert);
if (sslSign) {
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Success for ssl signature." << std::endl;
#endif
signOk = 1;
} else {
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail for ssl signature." << std::endl;
#endif
signOk = 0;
}
}
}
if (signOk == 1)