mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-15 02:44:20 -05:00
Msg forums are now signed by ssl certs
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2178 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
5e11947d5c
commit
cfe3bca2a8
@ -193,7 +193,7 @@ X509_REQ *GenerateX509Req(
|
||||
|
||||
if (!X509_REQ_set_pubkey(req,pkey))
|
||||
{
|
||||
fprintf(stderr,"GenerateX509Req() Couldn't Set PUBKEY Version!\n");
|
||||
fprintf(stderr,"GenerateX509Req() Couldn't Set PUBKEY !\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -889,21 +889,24 @@ std::string AuthSSL::getOwnLocation()
|
||||
bool AuthSSL::LoadDetailsFromStringCert(std::string pem, RsPeerDetails &pd)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::LoadIdsFromStringCert() ";
|
||||
std::cerr << std::endl;
|
||||
std::cerr << "AuthSSL::LoadIdsFromStringCert() Cleaning up Certificate First!";
|
||||
std::cerr << std::endl;
|
||||
std::cerr << "AuthSSL::LoadIdsFromStringCert() " << std::endl;
|
||||
#endif
|
||||
|
||||
std::string cleancert = cleanUpCertificate(pem);
|
||||
|
||||
X509 *x509 = loadX509FromPEM(cleancert);
|
||||
if (!x509)
|
||||
return false;
|
||||
X509 *x509 = loadX509FromPEM(pem);
|
||||
if (!x509) {
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::LoadIdsFromStringCert() certificate not loadable (maybe malformed)" << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!ValidateCertificate(x509, pd.id)) {
|
||||
return false;
|
||||
} else {
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::LoadIdsFromStringCert() certificate validated." << std::endl;
|
||||
#endif
|
||||
|
||||
pd.gpg_id = getX509CNString(x509->cert_info->issuer);
|
||||
pd.location = getX509LocString(x509->cert_info->subject);
|
||||
return true;
|
||||
@ -1148,22 +1151,48 @@ bool AuthSSL::SignDataBin(const void *data, const uint32_t len,
|
||||
}
|
||||
|
||||
#define AUTHSSL_DEBUG2
|
||||
bool AuthSSL::VerifyOtherSignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen, std::string sslCert) {
|
||||
X509 *x509 = loadX509FromPEM(sslCert);
|
||||
std::string sslId;
|
||||
if (!ValidateCertificate(x509, sslId)) {
|
||||
std::cerr << "AuthSSL::VerifyOtherSignBin() failed to validate certificate." << std::endl;
|
||||
return false;
|
||||
} else {
|
||||
sslcert *cert = new sslcert(x509, sslId);
|
||||
return VerifySignBin(data, len, sign, signlen, cert);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthSSL::VerifyOwnSignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen) {
|
||||
return VerifySignBin(data, len, sign, signlen, mOwnCert);
|
||||
}
|
||||
|
||||
bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen)
|
||||
unsigned char *sign, unsigned int signlen, sslcert* peer)
|
||||
{
|
||||
|
||||
RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/
|
||||
|
||||
/* find the peer */
|
||||
#ifdef AUTHSSL_DEBUG2
|
||||
std::cerr << "In AuthSSL::VerifySignBin" << std::endl ;
|
||||
std::cerr << "In AuthSSL::VerifySignBin" << std::endl;
|
||||
#endif
|
||||
|
||||
sslcert *peer = mOwnCert;
|
||||
//std::cerr << "Cert info : " << getX509Info(X509 *cert) << std::endl;
|
||||
|
||||
EVP_PKEY *peerkey = peer->certificate->cert_info->key->pkey;
|
||||
/* cert->cert_info->key->pkey is NULL until we call SSL_CTX_use_certificate(),
|
||||
* so we do it here then... */
|
||||
SSL_CTX *newSslctx = SSL_CTX_new(TLSv1_method());
|
||||
SSL_CTX_set_cipher_list(newSslctx, "DEFAULT");
|
||||
SSL_CTX_use_certificate(newSslctx, peer->certificate);
|
||||
|
||||
if(peerkey == NULL)
|
||||
|
||||
EVP_PKEY *peerkey = peer->certificate->cert_info->key->pkey;
|
||||
|
||||
if(peerkey == NULL)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG2
|
||||
std::cerr << "AuthSSL::VerifySignBin: no public key available !!" << std::endl ;
|
||||
@ -1178,7 +1207,8 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
|
||||
std::cerr << "EVP_VerifyInit Failure!" << std::endl;
|
||||
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
return false;
|
||||
X509_free(peer->certificate);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (0 == EVP_VerifyUpdate(mdctx, data, len))
|
||||
@ -1186,6 +1216,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
|
||||
std::cerr << "EVP_VerifyUpdate Failure!" << std::endl;
|
||||
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
X509_free(peer->certificate);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1195,6 +1226,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
|
||||
std::cerr << "AuthSSL::VerifySignBin: signlen=" << signlen << ", sign=" << (void*)sign << "!!" << std::endl ;
|
||||
#endif
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
X509_free(peer->certificate);
|
||||
return false ;
|
||||
}
|
||||
|
||||
@ -1203,10 +1235,12 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
|
||||
std::cerr << "EVP_VerifyFinal Failure!" << std::endl;
|
||||
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
X509_free(peer->certificate);
|
||||
return false;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
X509_free(peer->certificate);
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -1947,7 +1981,6 @@ bool AuthSSL::AuthX509(X509 *x509)
|
||||
int (*i2d)(X509_CINF*, unsigned char**) = i2d_X509_CINF;
|
||||
ASN1_BIT_STRING *signature = x509->signature;
|
||||
X509_CINF *data = x509->cert_info;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
const EVP_MD *type = EVP_sha1();
|
||||
|
||||
EVP_MD_CTX ctx;
|
||||
|
@ -139,7 +139,9 @@ virtual bool SignData(std::string input, std::string &sign);
|
||||
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
|
||||
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
|
||||
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
|
||||
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int);
|
||||
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, sslcert* cert);
|
||||
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
|
||||
virtual bool VerifyOtherSignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string sslCert);
|
||||
|
||||
// return : false if encrypt failed
|
||||
bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
|
||||
|
@ -133,6 +133,7 @@ const uint16_t TLV_TYPE_STR_GENID = 0x005a;
|
||||
const uint16_t TLV_TYPE_STR_GPGID = 0x005b;
|
||||
const uint16_t TLV_TYPE_STR_LOCATION = 0x005c;
|
||||
const uint16_t TLV_TYPE_STR_CERT_GPG = 0x005d;
|
||||
const uint16_t TLV_TYPE_STR_CERT_SSL = 0x005e;
|
||||
|
||||
/* Wide Chars (4 bytes per char) for internationalisation */
|
||||
const uint16_t TLV_TYPE_WSTR_PEERID = 0x0060;
|
||||
|
@ -23,443 +23,446 @@
|
||||
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
||||
*
|
||||
*/
|
||||
|
||||
#include "rstlvkeys.h"
|
||||
|
||||
#include "rstlvbase.h"
|
||||
#include "rstlvtypes.h"
|
||||
#include "rsbaseserial.h"
|
||||
#include "util/rsprint.h"
|
||||
#include <ostream>
|
||||
#include <sstream>
|
||||
#include <iomanip>
|
||||
#include <iostream>
|
||||
|
||||
|
||||
/************************************* RsTlvSecurityKey ************************************/
|
||||
|
||||
RsTlvSecurityKey::RsTlvSecurityKey()
|
||||
:RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
void RsTlvSecurityKey::TlvClear()
|
||||
{
|
||||
keyId.clear();
|
||||
keyFlags = 0;
|
||||
startTS = 0;
|
||||
endTS = 0;
|
||||
keyData.TlvClear();
|
||||
}
|
||||
|
||||
/* clears keyData - but doesn't delete */
|
||||
void RsTlvSecurityKey::ShallowClear()
|
||||
{
|
||||
keyId.clear();
|
||||
keyFlags = 0;
|
||||
startTS = 0;
|
||||
endTS = 0;
|
||||
keyData.bin_data = 0;
|
||||
keyData.bin_len = 0;
|
||||
}
|
||||
|
||||
|
||||
uint32_t RsTlvSecurityKey::TlvSize()
|
||||
{
|
||||
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
|
||||
|
||||
/* now add comment and title length of this tlv object */
|
||||
|
||||
s += GetTlvStringSize(keyId);
|
||||
s += 4;
|
||||
s += 4;
|
||||
s += 4;
|
||||
s += keyData.TlvSize();
|
||||
|
||||
return s;
|
||||
|
||||
}
|
||||
|
||||
bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
/* must check sizes */
|
||||
uint32_t tlvsize = TlvSize();
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend)
|
||||
return false; /* not enough space */
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* start at data[offset] */
|
||||
/* add mandatory parts first */
|
||||
|
||||
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
|
||||
|
||||
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
|
||||
ok &= setRawUInt32(data, tlvend, offset, keyFlags);
|
||||
ok &= setRawUInt32(data, tlvend, offset, startTS);
|
||||
ok &= setRawUInt32(data, tlvend, offset, endTS);
|
||||
ok &= keyData.SetTlv(data, tlvend, offset);
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
if (size < *offset + TLV_HEADER_SIZE)
|
||||
return false;
|
||||
|
||||
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend) /* check size */
|
||||
return false; /* not enough space */
|
||||
|
||||
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
|
||||
return false;
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* ready to load */
|
||||
TlvClear();
|
||||
|
||||
/* skip the header */
|
||||
(*offset) += TLV_HEADER_SIZE;
|
||||
|
||||
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
|
||||
ok &= getRawUInt32(data, tlvend, offset, &(keyFlags));
|
||||
ok &= getRawUInt32(data, tlvend, offset, &(startTS));
|
||||
ok &= getRawUInt32(data, tlvend, offset, &(endTS));
|
||||
ok &= keyData.GetTlv(data, tlvend, offset);
|
||||
|
||||
|
||||
/***************************************************************************
|
||||
* NB: extra components could be added (for future expansion of the type).
|
||||
* or be present (if this code is reading an extended version).
|
||||
*
|
||||
* We must chew up the extra characters to conform with TLV specifications
|
||||
***************************************************************************/
|
||||
if (*offset != tlvend)
|
||||
{
|
||||
#ifdef TLV_DEBUG
|
||||
std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
*offset = tlvend;
|
||||
}
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent)
|
||||
{
|
||||
printBase(out, "RsTlvSecurityKey", indent);
|
||||
uint16_t int_Indent = indent + 2;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "KeyId:" << keyId;
|
||||
out << std::endl;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "KeyFlags:" << keyFlags;
|
||||
out << std::endl;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "StartTS:" << startTS;
|
||||
out << std::endl;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "EndTS:" << endTS;
|
||||
out << std::endl;
|
||||
|
||||
keyData.print(out, int_Indent);
|
||||
|
||||
out << std::endl;
|
||||
|
||||
printEnd(out, "RsTlvSecurityKey", indent);
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/************************************* RsTlvSecurityKeySet ************************************/
|
||||
|
||||
void RsTlvSecurityKeySet::TlvClear()
|
||||
{
|
||||
groupId.clear();
|
||||
keys.clear(); //empty list
|
||||
}
|
||||
|
||||
uint32_t RsTlvSecurityKeySet::TlvSize()
|
||||
{
|
||||
|
||||
uint32_t s = TLV_HEADER_SIZE; /* header */
|
||||
|
||||
std::map<std::string, RsTlvSecurityKey>::iterator it;
|
||||
|
||||
s += GetTlvStringSize(groupId);
|
||||
|
||||
if(!keys.empty())
|
||||
{
|
||||
|
||||
for(it = keys.begin(); it != keys.end() ; ++it)
|
||||
s += (it->second).TlvSize();
|
||||
|
||||
}
|
||||
|
||||
return s;
|
||||
}
|
||||
|
||||
bool RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
/* must check sizes */
|
||||
uint32_t tlvsize = TlvSize();
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend)
|
||||
return false; /* not enough space */
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* start at data[offset] */
|
||||
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEYSET , tlvsize);
|
||||
|
||||
/* groupId */
|
||||
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
|
||||
|
||||
if(!keys.empty())
|
||||
{
|
||||
std::map<std::string, RsTlvSecurityKey>::iterator it;
|
||||
|
||||
for(it = keys.begin(); it != keys.end() ; ++it)
|
||||
ok &= (it->second).SetTlv(data, size, offset);
|
||||
}
|
||||
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
if (size < *offset + TLV_HEADER_SIZE)
|
||||
return false;
|
||||
|
||||
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend) /* check size */
|
||||
return false; /* not enough space */
|
||||
|
||||
if (tlvtype != TLV_TYPE_SECURITYKEYSET) /* check type */
|
||||
return false;
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* ready to load */
|
||||
TlvClear();
|
||||
|
||||
/* skip the header */
|
||||
(*offset) += TLV_HEADER_SIZE;
|
||||
|
||||
/* groupId */
|
||||
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
|
||||
|
||||
/* while there is TLV */
|
||||
while((*offset) + 2 < tlvend)
|
||||
{
|
||||
/* get the next type */
|
||||
uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
|
||||
|
||||
switch(tlvsubtype)
|
||||
{
|
||||
case TLV_TYPE_SECURITYKEY:
|
||||
{
|
||||
RsTlvSecurityKey key;
|
||||
ok &= key.GetTlv(data, size, offset);
|
||||
if (ok)
|
||||
{
|
||||
keys[key.keyId] = key;
|
||||
key.ShallowClear(); /* so that the Map can get control - should be ref counted*/
|
||||
}
|
||||
}
|
||||
break;
|
||||
default:
|
||||
ok &= SkipUnknownTlv(data, tlvend, offset);
|
||||
break;
|
||||
|
||||
}
|
||||
|
||||
if (!ok)
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/***************************************************************************
|
||||
* NB: extra components could be added (for future expansion of the type).
|
||||
* or be present (if this code is reading an extended version).
|
||||
*
|
||||
* We must chew up the extra characters to conform with TLV specifications
|
||||
***************************************************************************/
|
||||
if (*offset != tlvend)
|
||||
{
|
||||
#ifdef TLV_DEBUG
|
||||
std::cerr << "RsTlvSecurityKeySet::GetTlv() Warning extra bytes at end of item";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
*offset = tlvend;
|
||||
}
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
// prints out contents of RsTlvSecurityKeySet
|
||||
std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent)
|
||||
{
|
||||
printBase(out, "RsTlvSecurityKeySet", indent);
|
||||
uint16_t int_Indent = indent + 2;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "GroupId: " << groupId;
|
||||
out << std::endl;
|
||||
|
||||
std::map<std::string, RsTlvSecurityKey>::iterator it;
|
||||
for(it = keys.begin(); it != keys.end() ; ++it)
|
||||
(it->second).print(out, int_Indent);
|
||||
|
||||
printEnd(out, "RsTlvSecurityKeySet", indent);
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
/************************************* RsTlvSecurityKey ************************************/
|
||||
|
||||
RsTlvKeySignature::RsTlvKeySignature()
|
||||
:RsTlvItem(), signData(TLV_TYPE_SIGN_RSA_SHA1)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
void RsTlvKeySignature::TlvClear()
|
||||
{
|
||||
keyId.clear();
|
||||
signData.TlvClear();
|
||||
}
|
||||
|
||||
/* clears signData - but doesn't delete */
|
||||
void RsTlvKeySignature::ShallowClear()
|
||||
{
|
||||
keyId.clear();
|
||||
signData.bin_data = 0;
|
||||
signData.bin_len = 0;
|
||||
}
|
||||
|
||||
uint32_t RsTlvKeySignature::TlvSize()
|
||||
{
|
||||
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
|
||||
|
||||
s += GetTlvStringSize(keyId);
|
||||
s += signData.TlvSize();
|
||||
|
||||
return s;
|
||||
|
||||
}
|
||||
|
||||
bool RsTlvKeySignature::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
/* must check sizes */
|
||||
uint32_t tlvsize = TlvSize();
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend)
|
||||
return false; /* not enough space */
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* start at data[offset] */
|
||||
/* add mandatory parts first */
|
||||
|
||||
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
|
||||
|
||||
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
|
||||
ok &= signData.SetTlv(data, tlvend, offset);
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
bool RsTlvKeySignature::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
if (size < *offset + TLV_HEADER_SIZE)
|
||||
return false;
|
||||
|
||||
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
|
||||
uint16_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend) /* check size */
|
||||
return false; /* not enough space */
|
||||
|
||||
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
|
||||
return false;
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* ready to load */
|
||||
TlvClear();
|
||||
|
||||
/* skip the header */
|
||||
(*offset) += TLV_HEADER_SIZE;
|
||||
|
||||
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
|
||||
ok &= signData.GetTlv(data, tlvend, offset);
|
||||
|
||||
/***************************************************************************
|
||||
* NB: extra components could be added (for future expansion of the type).
|
||||
* or be present (if this code is reading an extended version).
|
||||
*
|
||||
* We must chew up the extra characters to conform with TLV specifications
|
||||
***************************************************************************/
|
||||
if (*offset != tlvend)
|
||||
{
|
||||
#ifdef TLV_DEBUG
|
||||
std::cerr << "RsTlvKeySignature::GetTlv() Warning extra bytes at end of item";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
*offset = tlvend;
|
||||
}
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
std::ostream &RsTlvKeySignature::print(std::ostream &out, uint16_t indent)
|
||||
{
|
||||
printBase(out, "RsTlvKeySignature", indent);
|
||||
uint16_t int_Indent = indent + 2;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "KeyId:" << keyId;
|
||||
out << std::endl;
|
||||
|
||||
signData.print(out, int_Indent);
|
||||
|
||||
out << std::endl;
|
||||
|
||||
printEnd(out, "RsTlvKeySignature", indent);
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
#include "rstlvkeys.h"
|
||||
|
||||
#include "rstlvbase.h"
|
||||
#include "rstlvtypes.h"
|
||||
#include "rsbaseserial.h"
|
||||
#include "util/rsprint.h"
|
||||
#include <ostream>
|
||||
#include <sstream>
|
||||
#include <iomanip>
|
||||
#include <iostream>
|
||||
|
||||
|
||||
/************************************* RsTlvSecurityKey ************************************/
|
||||
|
||||
RsTlvSecurityKey::RsTlvSecurityKey()
|
||||
:RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
void RsTlvSecurityKey::TlvClear()
|
||||
{
|
||||
keyId.clear();
|
||||
keyFlags = 0;
|
||||
startTS = 0;
|
||||
endTS = 0;
|
||||
keyData.TlvClear();
|
||||
}
|
||||
|
||||
/* clears keyData - but doesn't delete */
|
||||
void RsTlvSecurityKey::ShallowClear()
|
||||
{
|
||||
keyId.clear();
|
||||
keyFlags = 0;
|
||||
startTS = 0;
|
||||
endTS = 0;
|
||||
keyData.bin_data = 0;
|
||||
keyData.bin_len = 0;
|
||||
}
|
||||
|
||||
|
||||
uint32_t RsTlvSecurityKey::TlvSize()
|
||||
{
|
||||
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
|
||||
|
||||
/* now add comment and title length of this tlv object */
|
||||
|
||||
s += GetTlvStringSize(keyId);
|
||||
s += 4;
|
||||
s += 4;
|
||||
s += 4;
|
||||
s += keyData.TlvSize();
|
||||
|
||||
return s;
|
||||
|
||||
}
|
||||
|
||||
bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
/* must check sizes */
|
||||
uint32_t tlvsize = TlvSize();
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend)
|
||||
return false; /* not enough space */
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* start at data[offset] */
|
||||
/* add mandatory parts first */
|
||||
|
||||
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
|
||||
|
||||
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
|
||||
ok &= setRawUInt32(data, tlvend, offset, keyFlags);
|
||||
ok &= setRawUInt32(data, tlvend, offset, startTS);
|
||||
ok &= setRawUInt32(data, tlvend, offset, endTS);
|
||||
ok &= keyData.SetTlv(data, tlvend, offset);
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
if (size < *offset + TLV_HEADER_SIZE)
|
||||
return false;
|
||||
|
||||
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend) /* check size */
|
||||
return false; /* not enough space */
|
||||
|
||||
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
|
||||
return false;
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* ready to load */
|
||||
TlvClear();
|
||||
|
||||
/* skip the header */
|
||||
(*offset) += TLV_HEADER_SIZE;
|
||||
|
||||
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
|
||||
ok &= getRawUInt32(data, tlvend, offset, &(keyFlags));
|
||||
ok &= getRawUInt32(data, tlvend, offset, &(startTS));
|
||||
ok &= getRawUInt32(data, tlvend, offset, &(endTS));
|
||||
ok &= keyData.GetTlv(data, tlvend, offset);
|
||||
|
||||
|
||||
/***************************************************************************
|
||||
* NB: extra components could be added (for future expansion of the type).
|
||||
* or be present (if this code is reading an extended version).
|
||||
*
|
||||
* We must chew up the extra characters to conform with TLV specifications
|
||||
***************************************************************************/
|
||||
if (*offset != tlvend)
|
||||
{
|
||||
#ifdef TLV_DEBUG
|
||||
std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
*offset = tlvend;
|
||||
}
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent)
|
||||
{
|
||||
printBase(out, "RsTlvSecurityKey", indent);
|
||||
uint16_t int_Indent = indent + 2;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "KeyId:" << keyId;
|
||||
out << std::endl;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "KeyFlags:" << keyFlags;
|
||||
out << std::endl;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "StartTS:" << startTS;
|
||||
out << std::endl;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "EndTS:" << endTS;
|
||||
out << std::endl;
|
||||
|
||||
keyData.print(out, int_Indent);
|
||||
|
||||
out << std::endl;
|
||||
|
||||
printEnd(out, "RsTlvSecurityKey", indent);
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/************************************* RsTlvSecurityKeySet ************************************/
|
||||
|
||||
void RsTlvSecurityKeySet::TlvClear()
|
||||
{
|
||||
groupId.clear();
|
||||
keys.clear(); //empty list
|
||||
}
|
||||
|
||||
uint32_t RsTlvSecurityKeySet::TlvSize()
|
||||
{
|
||||
|
||||
uint32_t s = TLV_HEADER_SIZE; /* header */
|
||||
|
||||
std::map<std::string, RsTlvSecurityKey>::iterator it;
|
||||
|
||||
s += GetTlvStringSize(groupId);
|
||||
|
||||
if(!keys.empty())
|
||||
{
|
||||
|
||||
for(it = keys.begin(); it != keys.end() ; ++it)
|
||||
s += (it->second).TlvSize();
|
||||
|
||||
}
|
||||
|
||||
return s;
|
||||
}
|
||||
|
||||
bool RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
/* must check sizes */
|
||||
uint32_t tlvsize = TlvSize();
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend)
|
||||
return false; /* not enough space */
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* start at data[offset] */
|
||||
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEYSET , tlvsize);
|
||||
|
||||
/* groupId */
|
||||
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
|
||||
|
||||
if(!keys.empty())
|
||||
{
|
||||
std::map<std::string, RsTlvSecurityKey>::iterator it;
|
||||
|
||||
for(it = keys.begin(); it != keys.end() ; ++it)
|
||||
ok &= (it->second).SetTlv(data, size, offset);
|
||||
}
|
||||
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
if (size < *offset + TLV_HEADER_SIZE)
|
||||
return false;
|
||||
|
||||
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend) /* check size */
|
||||
return false; /* not enough space */
|
||||
|
||||
if (tlvtype != TLV_TYPE_SECURITYKEYSET) /* check type */
|
||||
return false;
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* ready to load */
|
||||
TlvClear();
|
||||
|
||||
/* skip the header */
|
||||
(*offset) += TLV_HEADER_SIZE;
|
||||
|
||||
/* groupId */
|
||||
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
|
||||
|
||||
/* while there is TLV */
|
||||
while((*offset) + 2 < tlvend)
|
||||
{
|
||||
/* get the next type */
|
||||
uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
|
||||
|
||||
switch(tlvsubtype)
|
||||
{
|
||||
case TLV_TYPE_SECURITYKEY:
|
||||
{
|
||||
RsTlvSecurityKey key;
|
||||
ok &= key.GetTlv(data, size, offset);
|
||||
if (ok)
|
||||
{
|
||||
keys[key.keyId] = key;
|
||||
key.ShallowClear(); /* so that the Map can get control - should be ref counted*/
|
||||
}
|
||||
}
|
||||
break;
|
||||
default:
|
||||
ok &= SkipUnknownTlv(data, tlvend, offset);
|
||||
break;
|
||||
|
||||
}
|
||||
|
||||
if (!ok)
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/***************************************************************************
|
||||
* NB: extra components could be added (for future expansion of the type).
|
||||
* or be present (if this code is reading an extended version).
|
||||
*
|
||||
* We must chew up the extra characters to conform with TLV specifications
|
||||
***************************************************************************/
|
||||
if (*offset != tlvend)
|
||||
{
|
||||
#ifdef TLV_DEBUG
|
||||
std::cerr << "RsTlvSecurityKeySet::GetTlv() Warning extra bytes at end of item";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
*offset = tlvend;
|
||||
}
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
// prints out contents of RsTlvSecurityKeySet
|
||||
std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent)
|
||||
{
|
||||
printBase(out, "RsTlvSecurityKeySet", indent);
|
||||
uint16_t int_Indent = indent + 2;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "GroupId: " << groupId;
|
||||
out << std::endl;
|
||||
|
||||
std::map<std::string, RsTlvSecurityKey>::iterator it;
|
||||
for(it = keys.begin(); it != keys.end() ; ++it)
|
||||
(it->second).print(out, int_Indent);
|
||||
|
||||
printEnd(out, "RsTlvSecurityKeySet", indent);
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
/************************************* RsTlvSecurityKey ************************************/
|
||||
|
||||
RsTlvKeySignature::RsTlvKeySignature()
|
||||
:RsTlvItem(), signData(TLV_TYPE_SIGN_RSA_SHA1)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
void RsTlvKeySignature::TlvClear()
|
||||
{
|
||||
keyId.clear();
|
||||
signData.TlvClear();
|
||||
}
|
||||
|
||||
/* clears signData - but doesn't delete */
|
||||
void RsTlvKeySignature::ShallowClear()
|
||||
{
|
||||
keyId.clear();
|
||||
signData.bin_data = 0;
|
||||
signData.bin_len = 0;
|
||||
}
|
||||
|
||||
uint32_t RsTlvKeySignature::TlvSize()
|
||||
{
|
||||
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
|
||||
|
||||
s += GetTlvStringSize(keyId);
|
||||
s += signData.TlvSize();
|
||||
s += GetTlvStringSize(sslCert);
|
||||
|
||||
return s;
|
||||
|
||||
}
|
||||
|
||||
bool RsTlvKeySignature::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
/* must check sizes */
|
||||
uint32_t tlvsize = TlvSize();
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend)
|
||||
return false; /* not enough space */
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* start at data[offset] */
|
||||
/* add mandatory parts first */
|
||||
|
||||
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
|
||||
|
||||
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
|
||||
ok &= signData.SetTlv(data, tlvend, offset);
|
||||
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_CERT_SSL, sslCert);
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
bool RsTlvKeySignature::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
|
||||
{
|
||||
if (size < *offset + TLV_HEADER_SIZE)
|
||||
return false;
|
||||
|
||||
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
|
||||
uint16_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
|
||||
uint32_t tlvend = *offset + tlvsize;
|
||||
|
||||
if (size < tlvend) /* check size */
|
||||
return false; /* not enough space */
|
||||
|
||||
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
|
||||
return false;
|
||||
|
||||
bool ok = true;
|
||||
|
||||
/* ready to load */
|
||||
TlvClear();
|
||||
|
||||
/* skip the header */
|
||||
(*offset) += TLV_HEADER_SIZE;
|
||||
|
||||
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
|
||||
ok &= signData.GetTlv(data, tlvend, offset);
|
||||
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_CERT_SSL, sslCert);
|
||||
|
||||
/***************************************************************************
|
||||
* NB: extra components could be added (for future expansion of the type).
|
||||
* or be present (if this code is reading an extended version).
|
||||
*
|
||||
* We must chew up the extra characters to conform with TLV specifications
|
||||
***************************************************************************/
|
||||
if (*offset != tlvend)
|
||||
{
|
||||
#ifdef TLV_DEBUG
|
||||
std::cerr << "RsTlvKeySignature::GetTlv() Warning extra bytes at end of item";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
*offset = tlvend;
|
||||
}
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
|
||||
|
||||
std::ostream &RsTlvKeySignature::print(std::ostream &out, uint16_t indent)
|
||||
{
|
||||
printBase(out, "RsTlvKeySignature", indent);
|
||||
uint16_t int_Indent = indent + 2;
|
||||
|
||||
printIndent(out, int_Indent);
|
||||
out << "KeyId:" << keyId;
|
||||
out << std::endl;
|
||||
|
||||
signData.print(out, int_Indent);
|
||||
|
||||
out << std::endl;
|
||||
|
||||
printEnd(out, "RsTlvKeySignature", indent);
|
||||
return out;
|
||||
}
|
||||
|
||||
|
@ -94,7 +94,8 @@ virtual std::ostream &print(std::ostream &out, uint16_t indent);
|
||||
void ShallowClear(); /* clears signData - but doesn't delete */
|
||||
|
||||
std::string keyId; // Mandatory :
|
||||
RsTlvBinaryData signData; // Mandatory :
|
||||
RsTlvBinaryData signData; // Mandatory :
|
||||
std::string sslCert; // Mandatory :
|
||||
};
|
||||
|
||||
|
||||
|
@ -1729,10 +1729,11 @@ std::string p3GroupDistrib::publishMsg(RsDistribMsg *msg, bool personalSign)
|
||||
{
|
||||
unsigned int siglen = EVP_PKEY_size(publishKey);
|
||||
unsigned char sigbuf[siglen];
|
||||
if (AuthGPG::getAuthGPG()->SignDataBin(data, size, sigbuf, &siglen))
|
||||
if (AuthSSL::getAuthSSL()->SignDataBin(data, size, sigbuf, &siglen))
|
||||
{
|
||||
signedMsg->personalSignature.signData.setBinData(sigbuf, siglen);
|
||||
signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->getGPGOwnId();
|
||||
signedMsg->personalSignature.keyId = AuthSSL::getAuthSSL()->OwnId();
|
||||
signedMsg->personalSignature.sslCert = AuthSSL::getAuthSSL()->SaveOwnCertificateToString();
|
||||
}
|
||||
}
|
||||
|
||||
@ -2446,49 +2447,44 @@ bool p3GroupDistrib::locked_validateDistribSignedMsg(
|
||||
|
||||
|
||||
/* now verify Personal signature */
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Personal Signature";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
if (AuthGPG::getAuthGPG()->isGPGValid(newMsg->personalSignature.keyId))
|
||||
if (signOk == 1 && ((info.grpFlags & RS_DISTRIB_AUTHEN_MASK) & RS_DISTRIB_AUTHEN_REQ))
|
||||
{
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Peer Known";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
unsigned int personalsiglen =
|
||||
newMsg->personalSignature.signData.bin_len;
|
||||
unsigned char *personalsigbuf = (unsigned char *)
|
||||
newMsg->personalSignature.signData.bin_data;
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Personal Signature. sslCert : " << newMsg->personalSignature.sslCert << std::endl;
|
||||
#endif
|
||||
|
||||
#ifdef TEMPORARILY SUSPENDED
|
||||
// csoler:
|
||||
// I'm suspending this because it prevents messages to be displayed. I guess there is a signature
|
||||
// problem, such as the msg is signed by the SSL key and authed by the PGP one, or something like this.
|
||||
//
|
||||
if (!mAuthMgr->VerifySignBin(
|
||||
newMsg->personalSignature.keyId,
|
||||
newMsg->packet.bin_data, newMsg->packet.bin_len,
|
||||
personalsigbuf, personalsiglen))
|
||||
{
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() VerifySign Failed";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
signOk = 0;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else if ((info.grpFlags & RS_DISTRIB_AUTHEN_MASK)
|
||||
& RS_DISTRIB_AUTHEN_REQ)
|
||||
{
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - No Personal Sign on AUTH grp";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
/* must know the signer */
|
||||
signOk = 0;
|
||||
//check the sslCert
|
||||
RsPeerDetails pd;
|
||||
if (!AuthSSL::getAuthSSL()->LoadDetailsFromStringCert(newMsg->personalSignature.sslCert, pd)) {
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - ssl cert not valid" << std::endl;
|
||||
#endif
|
||||
signOk = 0;
|
||||
} else if (pd.id != newMsg->personalSignature.keyId) {
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - ssl cert id does not match the personal signature key id" << std::endl;
|
||||
#endif
|
||||
signOk = 0;
|
||||
} else {
|
||||
unsigned int personalsiglen =
|
||||
newMsg->personalSignature.signData.bin_len;
|
||||
unsigned char *personalsigbuf = (unsigned char *)
|
||||
newMsg->personalSignature.signData.bin_data;
|
||||
bool sslSign = AuthSSL::getAuthSSL()->VerifyOtherSignBin(
|
||||
newMsg->packet.bin_data, newMsg->packet.bin_len,
|
||||
personalsigbuf, personalsiglen, newMsg->personalSignature.sslCert);
|
||||
if (sslSign) {
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Success for ssl signature." << std::endl;
|
||||
#endif
|
||||
signOk = 1;
|
||||
} else {
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail for ssl signature." << std::endl;
|
||||
#endif
|
||||
signOk = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (signOk == 1)
|
||||
|
Loading…
Reference in New Issue
Block a user