Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-08-07 22:02:32 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Msg forums are now signed by ssl certs

Browse source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2178 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-02-03 21:21:04 +00:00
parent 5e11947d5c
commit cfe3bca2a8
6 changed files with 538 additions and 502 deletions
Download patch file Download diff file Expand all files Collapse all files

67
libretroshare/src/pqi/authssl.cc
View file

@ -193,7 +193,7 @@ X509_REQ *GenerateX509Req(
if (!X509_REQ_set_pubkey(req,pkey)) if (!X509_REQ_set_pubkey(req,pkey))
{ {
fprintf(stderr,"GenerateX509Req() Couldn't Set PUBKEY Version!\n"); fprintf(stderr,"GenerateX509Req() Couldn't Set PUBKEY !\n");
return 0; return 0;
} }
@ -889,21 +889,24 @@ std::string AuthSSL::getOwnLocation()
bool AuthSSL::LoadDetailsFromStringCert(std::string pem, RsPeerDetails &pd) bool AuthSSL::LoadDetailsFromStringCert(std::string pem, RsPeerDetails &pd)
{ {
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::LoadIdsFromStringCert() "; std::cerr << "AuthSSL::LoadIdsFromStringCert() " << std::endl;
std::cerr << std::endl;
std::cerr << "AuthSSL::LoadIdsFromStringCert() Cleaning up Certificate First!";
std::cerr << std::endl;
#endif #endif
std::string cleancert = cleanUpCertificate(pem); X509 *x509 = loadX509FromPEM(pem);
if (!x509) {
X509 *x509 = loadX509FromPEM(cleancert); #ifdef AUTHSSL_DEBUG
if (!x509) std::cerr << "AuthSSL::LoadIdsFromStringCert() certificate not loadable (maybe malformed)" << std::endl;
return false; #endif
return false;
}
if (!ValidateCertificate(x509, pd.id)) { if (!ValidateCertificate(x509, pd.id)) {
return false; return false;
} else { } else {
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::LoadIdsFromStringCert() certificate validated." << std::endl;
#endif
pd.gpg_id = getX509CNString(x509->cert_info->issuer); pd.gpg_id = getX509CNString(x509->cert_info->issuer);
pd.location = getX509LocString(x509->cert_info->subject); pd.location = getX509LocString(x509->cert_info->subject);
return true; return true;
@ -1148,22 +1151,48 @@ bool AuthSSL::SignDataBin(const void *data, const uint32_t len,
} }
#define AUTHSSL_DEBUG2 #define AUTHSSL_DEBUG2
bool AuthSSL::VerifyOtherSignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, std::string sslCert) {
X509 *x509 = loadX509FromPEM(sslCert);
std::string sslId;
if (!ValidateCertificate(x509, sslId)) {
std::cerr << "AuthSSL::VerifyOtherSignBin() failed to validate certificate." << std::endl;
return false;
} else {
sslcert *cert = new sslcert(x509, sslId);
return VerifySignBin(data, len, sign, signlen, cert);
}
return false;
}
bool AuthSSL::VerifyOwnSignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen) {
return VerifySignBin(data, len, sign, signlen, mOwnCert);
}
bool AuthSSL::VerifySignBin(const void *data, const uint32_t len, bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen) unsigned char *sign, unsigned int signlen, sslcert* peer)
{ {
RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/ RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/
/* find the peer */ /* find the peer */
#ifdef AUTHSSL_DEBUG2 #ifdef AUTHSSL_DEBUG2
std::cerr << "In AuthSSL::VerifySignBin" << std::endl ; std::cerr << "In AuthSSL::VerifySignBin" << std::endl;
#endif #endif
sslcert *peer = mOwnCert; //std::cerr << "Cert info : " << getX509Info(X509 *cert) << std::endl;
EVP_PKEY *peerkey = peer->certificate->cert_info->key->pkey; /* cert->cert_info->key->pkey is NULL until we call SSL_CTX_use_certificate(),
* so we do it here then... */
SSL_CTX *newSslctx = SSL_CTX_new(TLSv1_method());
SSL_CTX_set_cipher_list(newSslctx, "DEFAULT");
SSL_CTX_use_certificate(newSslctx, peer->certificate);
if(peerkey == NULL)
EVP_PKEY *peerkey = peer->certificate->cert_info->key->pkey;
if(peerkey == NULL)
{ {
#ifdef AUTHSSL_DEBUG2 #ifdef AUTHSSL_DEBUG2
std::cerr << "AuthSSL::VerifySignBin: no public key available !!" << std::endl ; std::cerr << "AuthSSL::VerifySignBin: no public key available !!" << std::endl ;
@ -1178,7 +1207,8 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
std::cerr << "EVP_VerifyInit Failure!" << std::endl; std::cerr << "EVP_VerifyInit Failure!" << std::endl;
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
return false; X509_free(peer->certificate);
return false;
} }
if (0 == EVP_VerifyUpdate(mdctx, data, len)) if (0 == EVP_VerifyUpdate(mdctx, data, len))
@ -1186,6 +1216,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
std::cerr << "EVP_VerifyUpdate Failure!" << std::endl; std::cerr << "EVP_VerifyUpdate Failure!" << std::endl;
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
X509_free(peer->certificate);
return false; return false;
} }
@ -1195,6 +1226,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
std::cerr << "AuthSSL::VerifySignBin: signlen=" << signlen << ", sign=" << (void*)sign << "!!" << std::endl ; std::cerr << "AuthSSL::VerifySignBin: signlen=" << signlen << ", sign=" << (void*)sign << "!!" << std::endl ;
#endif #endif
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
X509_free(peer->certificate);
return false ; return false ;
} }
@ -1203,10 +1235,12 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
std::cerr << "EVP_VerifyFinal Failure!" << std::endl; std::cerr << "EVP_VerifyFinal Failure!" << std::endl;
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
X509_free(peer->certificate);
return false; return false;
} }
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
X509_free(peer->certificate);
return true; return true;
} }
@ -1947,7 +1981,6 @@ bool AuthSSL::AuthX509(X509 *x509)
int (*i2d)(X509_CINF*, unsigned char**) = i2d_X509_CINF; int (*i2d)(X509_CINF*, unsigned char**) = i2d_X509_CINF;
ASN1_BIT_STRING *signature = x509->signature; ASN1_BIT_STRING *signature = x509->signature;
X509_CINF *data = x509->cert_info; X509_CINF *data = x509->cert_info;
EVP_PKEY *pkey = NULL;
const EVP_MD *type = EVP_sha1(); const EVP_MD *type = EVP_sha1();
EVP_MD_CTX ctx; EVP_MD_CTX ctx;

4
libretroshare/src/pqi/authssl.h
View file

@ -139,7 +139,9 @@ virtual bool SignData(std::string input, std::string &sign);
virtual bool SignData(const void *data, const uint32_t len, std::string &sign); virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*); virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*); virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int); virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, sslcert* cert);
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
virtual bool VerifyOtherSignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string sslCert);
// return : false if encrypt failed // return : false if encrypt failed
bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId); bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);

1
libretroshare/src/serialiser/rstlvbase.h
View file

@ -133,6 +133,7 @@ const uint16_t TLV_TYPE_STR_GENID = 0x005a;
const uint16_t TLV_TYPE_STR_GPGID = 0x005b; const uint16_t TLV_TYPE_STR_GPGID = 0x005b;
const uint16_t TLV_TYPE_STR_LOCATION = 0x005c; const uint16_t TLV_TYPE_STR_LOCATION = 0x005c;
const uint16_t TLV_TYPE_STR_CERT_GPG = 0x005d; const uint16_t TLV_TYPE_STR_CERT_GPG = 0x005d;
const uint16_t TLV_TYPE_STR_CERT_SSL = 0x005e;
/* Wide Chars (4 bytes per char) for internationalisation */ /* Wide Chars (4 bytes per char) for internationalisation */
const uint16_t TLV_TYPE_WSTR_PEERID = 0x0060; const uint16_t TLV_TYPE_WSTR_PEERID = 0x0060;

883
libretroshare/src/serialiser/rstlvkeys.cc
View file

@ -23,443 +23,446 @@
* Please report all bugs and problems to "retroshare@lunamutt.com". * Please report all bugs and problems to "retroshare@lunamutt.com".
* *
*/ */
#include "rstlvkeys.h" #include "rstlvkeys.h"
#include "rstlvbase.h" #include "rstlvbase.h"
#include "rstlvtypes.h" #include "rstlvtypes.h"
#include "rsbaseserial.h" #include "rsbaseserial.h"
#include "util/rsprint.h" #include "util/rsprint.h"
#include <ostream> #include <ostream>
#include <sstream> #include <sstream>
#include <iomanip> #include <iomanip>
#include <iostream> #include <iostream>
/************************************* RsTlvSecurityKey ************************************/ /************************************* RsTlvSecurityKey ************************************/
RsTlvSecurityKey::RsTlvSecurityKey() RsTlvSecurityKey::RsTlvSecurityKey()
:RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY) :RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY)
{ {
return; return;
} }
void RsTlvSecurityKey::TlvClear() void RsTlvSecurityKey::TlvClear()
{ {
keyId.clear(); keyId.clear();
keyFlags = 0; keyFlags = 0;
startTS = 0; startTS = 0;
endTS = 0; endTS = 0;
keyData.TlvClear(); keyData.TlvClear();
} }
/* clears keyData - but doesn't delete */ /* clears keyData - but doesn't delete */
void RsTlvSecurityKey::ShallowClear() void RsTlvSecurityKey::ShallowClear()
{ {
keyId.clear(); keyId.clear();
keyFlags = 0; keyFlags = 0;
startTS = 0; startTS = 0;
endTS = 0; endTS = 0;
keyData.bin_data = 0; keyData.bin_data = 0;
keyData.bin_len = 0; keyData.bin_len = 0;
} }
uint32_t RsTlvSecurityKey::TlvSize() uint32_t RsTlvSecurityKey::TlvSize()
{ {
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */ uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
/* now add comment and title length of this tlv object */ /* now add comment and title length of this tlv object */
s += GetTlvStringSize(keyId); s += GetTlvStringSize(keyId);
s += 4; s += 4;
s += 4; s += 4;
s += 4; s += 4;
s += keyData.TlvSize(); s += keyData.TlvSize();
return s; return s;
} }
bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */ bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{ {
/* must check sizes */ /* must check sizes */
uint32_t tlvsize = TlvSize(); uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize; uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) if (size < tlvend)
return false; /* not enough space */ return false; /* not enough space */
bool ok = true; bool ok = true;
/* start at data[offset] */ /* start at data[offset] */
/* add mandatory parts first */ /* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize); ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId); ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= setRawUInt32(data, tlvend, offset, keyFlags); ok &= setRawUInt32(data, tlvend, offset, keyFlags);
ok &= setRawUInt32(data, tlvend, offset, startTS); ok &= setRawUInt32(data, tlvend, offset, startTS);
ok &= setRawUInt32(data, tlvend, offset, endTS); ok &= setRawUInt32(data, tlvend, offset, endTS);
ok &= keyData.SetTlv(data, tlvend, offset); ok &= keyData.SetTlv(data, tlvend, offset);
return ok; return ok;
} }
bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */ bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{ {
if (size < *offset + TLV_HEADER_SIZE) if (size < *offset + TLV_HEADER_SIZE)
return false; return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) ); uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) ); uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize; uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */ if (size < tlvend) /* check size */
return false; /* not enough space */ return false; /* not enough space */
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */ if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
return false; return false;
bool ok = true; bool ok = true;
/* ready to load */ /* ready to load */
TlvClear(); TlvClear();
/* skip the header */ /* skip the header */
(*offset) += TLV_HEADER_SIZE; (*offset) += TLV_HEADER_SIZE;
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId); ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= getRawUInt32(data, tlvend, offset, &(keyFlags)); ok &= getRawUInt32(data, tlvend, offset, &(keyFlags));
ok &= getRawUInt32(data, tlvend, offset, &(startTS)); ok &= getRawUInt32(data, tlvend, offset, &(startTS));
ok &= getRawUInt32(data, tlvend, offset, &(endTS)); ok &= getRawUInt32(data, tlvend, offset, &(endTS));
ok &= keyData.GetTlv(data, tlvend, offset); ok &= keyData.GetTlv(data, tlvend, offset);
/*************************************************************************** /***************************************************************************
* NB: extra components could be added (for future expansion of the type). * NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version). * or be present (if this code is reading an extended version).
* *
* We must chew up the extra characters to conform with TLV specifications * We must chew up the extra characters to conform with TLV specifications
***************************************************************************/ ***************************************************************************/
if (*offset != tlvend) if (*offset != tlvend)
{ {
#ifdef TLV_DEBUG #ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item"; std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl; std::cerr << std::endl;
#endif #endif
*offset = tlvend; *offset = tlvend;
} }
return ok; return ok;
} }
std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent) std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent)
{ {
printBase(out, "RsTlvSecurityKey", indent); printBase(out, "RsTlvSecurityKey", indent);
uint16_t int_Indent = indent + 2; uint16_t int_Indent = indent + 2;
printIndent(out, int_Indent); printIndent(out, int_Indent);
out << "KeyId:" << keyId; out << "KeyId:" << keyId;
out << std::endl; out << std::endl;
printIndent(out, int_Indent); printIndent(out, int_Indent);
out << "KeyFlags:" << keyFlags; out << "KeyFlags:" << keyFlags;
out << std::endl; out << std::endl;
printIndent(out, int_Indent); printIndent(out, int_Indent);
out << "StartTS:" << startTS; out << "StartTS:" << startTS;
out << std::endl; out << std::endl;
printIndent(out, int_Indent); printIndent(out, int_Indent);
out << "EndTS:" << endTS; out << "EndTS:" << endTS;
out << std::endl; out << std::endl;
keyData.print(out, int_Indent); keyData.print(out, int_Indent);
out << std::endl; out << std::endl;
printEnd(out, "RsTlvSecurityKey", indent); printEnd(out, "RsTlvSecurityKey", indent);
return out; return out;
} }
/************************************* RsTlvSecurityKeySet ************************************/ /************************************* RsTlvSecurityKeySet ************************************/
void RsTlvSecurityKeySet::TlvClear() void RsTlvSecurityKeySet::TlvClear()
{ {
groupId.clear(); groupId.clear();
keys.clear(); //empty list keys.clear(); //empty list
} }
uint32_t RsTlvSecurityKeySet::TlvSize() uint32_t RsTlvSecurityKeySet::TlvSize()
{ {
uint32_t s = TLV_HEADER_SIZE; /* header */ uint32_t s = TLV_HEADER_SIZE; /* header */
std::map<std::string, RsTlvSecurityKey>::iterator it; std::map<std::string, RsTlvSecurityKey>::iterator it;
s += GetTlvStringSize(groupId); s += GetTlvStringSize(groupId);
if(!keys.empty()) if(!keys.empty())
{ {
for(it = keys.begin(); it != keys.end() ; ++it) for(it = keys.begin(); it != keys.end() ; ++it)
s += (it->second).TlvSize(); s += (it->second).TlvSize();
} }
return s; return s;
} }
bool RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */ bool RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{ {
/* must check sizes */ /* must check sizes */
uint32_t tlvsize = TlvSize(); uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize; uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) if (size < tlvend)
return false; /* not enough space */ return false; /* not enough space */
bool ok = true; bool ok = true;
/* start at data[offset] */ /* start at data[offset] */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEYSET , tlvsize); ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEYSET , tlvsize);
/* groupId */ /* groupId */
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId); ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
if(!keys.empty()) if(!keys.empty())
{ {
std::map<std::string, RsTlvSecurityKey>::iterator it; std::map<std::string, RsTlvSecurityKey>::iterator it;
for(it = keys.begin(); it != keys.end() ; ++it) for(it = keys.begin(); it != keys.end() ; ++it)
ok &= (it->second).SetTlv(data, size, offset); ok &= (it->second).SetTlv(data, size, offset);
} }
return ok; return ok;
} }
bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */ bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{ {
if (size < *offset + TLV_HEADER_SIZE) if (size < *offset + TLV_HEADER_SIZE)
return false; return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) ); uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) ); uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize; uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */ if (size < tlvend) /* check size */
return false; /* not enough space */ return false; /* not enough space */
if (tlvtype != TLV_TYPE_SECURITYKEYSET) /* check type */ if (tlvtype != TLV_TYPE_SECURITYKEYSET) /* check type */
return false; return false;
bool ok = true; bool ok = true;
/* ready to load */ /* ready to load */
TlvClear(); TlvClear();
/* skip the header */ /* skip the header */
(*offset) += TLV_HEADER_SIZE; (*offset) += TLV_HEADER_SIZE;
/* groupId */ /* groupId */
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId); ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
/* while there is TLV */ /* while there is TLV */
while((*offset) + 2 < tlvend) while((*offset) + 2 < tlvend)
{ {
/* get the next type */ /* get the next type */
uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) ); uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
switch(tlvsubtype) switch(tlvsubtype)
{ {
case TLV_TYPE_SECURITYKEY: case TLV_TYPE_SECURITYKEY:
{ {
RsTlvSecurityKey key; RsTlvSecurityKey key;
ok &= key.GetTlv(data, size, offset); ok &= key.GetTlv(data, size, offset);
if (ok) if (ok)
{ {
keys[key.keyId] = key; keys[key.keyId] = key;
key.ShallowClear(); /* so that the Map can get control - should be ref counted*/ key.ShallowClear(); /* so that the Map can get control - should be ref counted*/
} }
} }
break; break;
default: default:
ok &= SkipUnknownTlv(data, tlvend, offset); ok &= SkipUnknownTlv(data, tlvend, offset);
break; break;
} }
if (!ok) if (!ok)
break; break;
} }
/*************************************************************************** /***************************************************************************
* NB: extra components could be added (for future expansion of the type). * NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version). * or be present (if this code is reading an extended version).
* *
* We must chew up the extra characters to conform with TLV specifications * We must chew up the extra characters to conform with TLV specifications
***************************************************************************/ ***************************************************************************/
if (*offset != tlvend) if (*offset != tlvend)
{ {
#ifdef TLV_DEBUG #ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKeySet::GetTlv() Warning extra bytes at end of item"; std::cerr << "RsTlvSecurityKeySet::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl; std::cerr << std::endl;
#endif #endif
*offset = tlvend; *offset = tlvend;
} }
return ok; return ok;
} }
// prints out contents of RsTlvSecurityKeySet // prints out contents of RsTlvSecurityKeySet
std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent) std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent)
{ {
printBase(out, "RsTlvSecurityKeySet", indent); printBase(out, "RsTlvSecurityKeySet", indent);
uint16_t int_Indent = indent + 2; uint16_t int_Indent = indent + 2;
printIndent(out, int_Indent); printIndent(out, int_Indent);
out << "GroupId: " << groupId; out << "GroupId: " << groupId;
out << std::endl; out << std::endl;
std::map<std::string, RsTlvSecurityKey>::iterator it; std::map<std::string, RsTlvSecurityKey>::iterator it;
for(it = keys.begin(); it != keys.end() ; ++it) for(it = keys.begin(); it != keys.end() ; ++it)
(it->second).print(out, int_Indent); (it->second).print(out, int_Indent);
printEnd(out, "RsTlvSecurityKeySet", indent); printEnd(out, "RsTlvSecurityKeySet", indent);
return out; return out;
} }
/************************************* RsTlvSecurityKey ************************************/ /************************************* RsTlvSecurityKey ************************************/
RsTlvKeySignature::RsTlvKeySignature() RsTlvKeySignature::RsTlvKeySignature()
:RsTlvItem(), signData(TLV_TYPE_SIGN_RSA_SHA1) :RsTlvItem(), signData(TLV_TYPE_SIGN_RSA_SHA1)
{ {
return; return;
} }
void RsTlvKeySignature::TlvClear() void RsTlvKeySignature::TlvClear()
{ {
keyId.clear(); keyId.clear();
signData.TlvClear(); signData.TlvClear();
} }
/* clears signData - but doesn't delete */ /* clears signData - but doesn't delete */
void RsTlvKeySignature::ShallowClear() void RsTlvKeySignature::ShallowClear()
{ {
keyId.clear(); keyId.clear();
signData.bin_data = 0; signData.bin_data = 0;
signData.bin_len = 0; signData.bin_len = 0;
} }
uint32_t RsTlvKeySignature::TlvSize() uint32_t RsTlvKeySignature::TlvSize()
{ {
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */ uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
s += GetTlvStringSize(keyId); s += GetTlvStringSize(keyId);
s += signData.TlvSize(); s += signData.TlvSize();
s += GetTlvStringSize(sslCert);
return s;
return s;
}
}
bool RsTlvKeySignature::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{ bool RsTlvKeySignature::SetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
/* must check sizes */ {
uint32_t tlvsize = TlvSize(); /* must check sizes */
uint32_t tlvend = *offset + tlvsize; uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
return false; /* not enough space */ if (size < tlvend)
return false; /* not enough space */
bool ok = true;
bool ok = true;
/* start at data[offset] */
/* add mandatory parts first */ /* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= signData.SetTlv(data, tlvend, offset); ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
ok &= signData.SetTlv(data, tlvend, offset);
return ok; ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_CERT_SSL, sslCert);
} return ok;
}
bool RsTlvKeySignature::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
{
if (size < *offset + TLV_HEADER_SIZE) bool RsTlvKeySignature::GetTlv(void *data, uint32_t size, uint32_t *offset) /* serialise */
return false; {
if (size < *offset + TLV_HEADER_SIZE)
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) ); return false;
uint16_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize; uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint16_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
if (size < tlvend) /* check size */ uint32_t tlvend = *offset + tlvsize;
return false; /* not enough space */
if (size < tlvend) /* check size */
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */ return false; /* not enough space */
return false;
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
bool ok = true; return false;
/* ready to load */ bool ok = true;
TlvClear();
/* ready to load */
/* skip the header */ TlvClear();
(*offset) += TLV_HEADER_SIZE;
/* skip the header */
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId); (*offset) += TLV_HEADER_SIZE;
ok &= signData.GetTlv(data, tlvend, offset);
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId);
/*************************************************************************** ok &= signData.GetTlv(data, tlvend, offset);
* NB: extra components could be added (for future expansion of the type). ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_CERT_SSL, sslCert);
* or be present (if this code is reading an extended version).
* /***************************************************************************
* We must chew up the extra characters to conform with TLV specifications * NB: extra components could be added (for future expansion of the type).
***************************************************************************/ * or be present (if this code is reading an extended version).
if (*offset != tlvend) *
{ * We must chew up the extra characters to conform with TLV specifications
#ifdef TLV_DEBUG ***************************************************************************/
std::cerr << "RsTlvKeySignature::GetTlv() Warning extra bytes at end of item"; if (*offset != tlvend)
std::cerr << std::endl; {
#endif #ifdef TLV_DEBUG
*offset = tlvend; std::cerr << "RsTlvKeySignature::GetTlv() Warning extra bytes at end of item";
} std::cerr << std::endl;
#endif
return ok; *offset = tlvend;
}
}
return ok;
std::ostream &RsTlvKeySignature::print(std::ostream &out, uint16_t indent) }
{
printBase(out, "RsTlvKeySignature", indent);
uint16_t int_Indent = indent + 2; std::ostream &RsTlvKeySignature::print(std::ostream &out, uint16_t indent)
{
printIndent(out, int_Indent); printBase(out, "RsTlvKeySignature", indent);
out << "KeyId:" << keyId; uint16_t int_Indent = indent + 2;
out << std::endl;
printIndent(out, int_Indent);
signData.print(out, int_Indent); out << "KeyId:" << keyId;
out << std::endl;
out << std::endl;
signData.print(out, int_Indent);
printEnd(out, "RsTlvKeySignature", indent);
return out; out << std::endl;
}
printEnd(out, "RsTlvKeySignature", indent);
return out;
}

3
libretroshare/src/serialiser/rstlvkeys.h
View file

@ -94,7 +94,8 @@ virtual std::ostream &print(std::ostream &out, uint16_t indent);
void ShallowClear(); /* clears signData - but doesn't delete */ void ShallowClear(); /* clears signData - but doesn't delete */
std::string keyId; // Mandatory : std::string keyId; // Mandatory :
RsTlvBinaryData signData; // Mandatory : RsTlvBinaryData signData; // Mandatory :
std::string sslCert; // Mandatory :
}; };

82
libretroshare/src/services/p3distrib.cc
View file

@ -1729,10 +1729,11 @@ std::string p3GroupDistrib::publishMsg(RsDistribMsg *msg, bool personalSign)
{ {
unsigned int siglen = EVP_PKEY_size(publishKey); unsigned int siglen = EVP_PKEY_size(publishKey);
unsigned char sigbuf[siglen]; unsigned char sigbuf[siglen];
if (AuthGPG::getAuthGPG()->SignDataBin(data, size, sigbuf, &siglen)) if (AuthSSL::getAuthSSL()->SignDataBin(data, size, sigbuf, &siglen))
{ {
signedMsg->personalSignature.signData.setBinData(sigbuf, siglen); signedMsg->personalSignature.signData.setBinData(sigbuf, siglen);
signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->getGPGOwnId(); signedMsg->personalSignature.keyId = AuthSSL::getAuthSSL()->OwnId();
signedMsg->personalSignature.sslCert = AuthSSL::getAuthSSL()->SaveOwnCertificateToString();
} }
} }
@ -2446,49 +2447,44 @@ bool p3GroupDistrib::locked_validateDistribSignedMsg(
/* now verify Personal signature */ /* now verify Personal signature */
#ifdef DISTRIB_DEBUG if (signOk == 1 && ((info.grpFlags & RS_DISTRIB_AUTHEN_MASK) & RS_DISTRIB_AUTHEN_REQ))
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Personal Signature";
std::cerr << std::endl;
#endif
if (AuthGPG::getAuthGPG()->isGPGValid(newMsg->personalSignature.keyId))
{ {
#ifdef DISTRIB_DEBUG #ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Peer Known"; std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Personal Signature. sslCert : " << newMsg->personalSignature.sslCert << std::endl;
std::cerr << std::endl; #endif
#endif
unsigned int personalsiglen =
newMsg->personalSignature.signData.bin_len;
unsigned char *personalsigbuf = (unsigned char *)
newMsg->personalSignature.signData.bin_data;
#ifdef TEMPORARILY SUSPENDED //check the sslCert
// csoler: RsPeerDetails pd;
// I'm suspending this because it prevents messages to be displayed. I guess there is a signature if (!AuthSSL::getAuthSSL()->LoadDetailsFromStringCert(newMsg->personalSignature.sslCert, pd)) {
// problem, such as the msg is signed by the SSL key and authed by the PGP one, or something like this. #ifdef DISTRIB_DEBUG
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - ssl cert not valid" << std::endl;
if (!mAuthMgr->VerifySignBin( #endif
newMsg->personalSignature.keyId, signOk = 0;
newMsg->packet.bin_data, newMsg->packet.bin_len, } else if (pd.id != newMsg->personalSignature.keyId) {
personalsigbuf, personalsiglen)) #ifdef DISTRIB_DEBUG
{ std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - ssl cert id does not match the personal signature key id" << std::endl;
#ifdef DISTRIB_DEBUG #endif
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() VerifySign Failed"; signOk = 0;
std::cerr << std::endl; } else {
#endif unsigned int personalsiglen =
signOk = 0; newMsg->personalSignature.signData.bin_len;
} unsigned char *personalsigbuf = (unsigned char *)
#endif newMsg->personalSignature.signData.bin_data;
} bool sslSign = AuthSSL::getAuthSSL()->VerifyOtherSignBin(
else if ((info.grpFlags & RS_DISTRIB_AUTHEN_MASK) newMsg->packet.bin_data, newMsg->packet.bin_len,
& RS_DISTRIB_AUTHEN_REQ) personalsigbuf, personalsiglen, newMsg->personalSignature.sslCert);
{ if (sslSign) {
#ifdef DISTRIB_DEBUG #ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail - No Personal Sign on AUTH grp"; std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Success for ssl signature." << std::endl;
std::cerr << std::endl; #endif
#endif signOk = 1;
/* must know the signer */ } else {
signOk = 0; #ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail for ssl signature." << std::endl;
#endif
signOk = 0;
}
}
} }
if (signOk == 1) if (signOk == 1)