load certificates and verify signatures

2025-01-22 21:37:17 +01:00 · 2014-12-13 18:35:53 -05:00 · 2014-12-13 18:35:53 -05:00 · 0a9eca9f94
parent b399d45d66
commit 0a9eca9f94
4 changed files with 64 additions and 3 deletions
--- a/Reseed.cpp
+++ b/Reseed.cpp
@ -11,6 +11,7 @@
 #include "Reseed.h"
 #include "Log.h"
 #include "Identity.h"
+#include "Signature.h"
 #include "NetDb.h"
 #include "util.h"

@ -211,8 +212,37 @@ namespace data
 		s.seekg (12, std::ios::cur); // unused

 		s.seekg (versionLength, std::ios::cur); // skip version
-		s.seekg (signerIDLength, std::ios::cur); // skip signer ID
-
+		char signerID[256];
+		s.read (signerID, signerIDLength); // signerID
+		signerID[signerIDLength] = 0;
+		
+		//try to verify signature
+		auto it = m_SigningKeys.find (signerID);
+		if (it != m_SigningKeys.end ())
+		{
+			// TODO: implement all signature types
+			if (signatureType == SIGNING_KEY_TYPE_RSA_SHA512_4096)
+			{
+				i2p::crypto::RSASHA5124096Verifier verifier(it->second);
+				size_t pos = s.tellg ();
+				size_t tbsLen = pos + contentLength;
+				uint8_t * tbs = new uint8_t[tbsLen];
+				s.seekg (0, std::ios::beg);
+				s.read ((char *)tbs, tbsLen);
+				uint8_t * signature = new uint8_t[signatureLength];
+				s.read ((char *)signature, signatureLength);
+				if (!verifier.Verify (tbs, tbsLen, signature))
+					LogPrint (eLogWarning, "SU3 signature verification failed");
+				delete[] signature;
+				delete[] tbs;
+				s.seekg (pos, std::ios::beg);
+			}
+			else
+				LogPrint (eLogWarning, "Signature type ", signatureType, " is not supported");
+		}
+		else
+			LogPrint (eLogWarning, "Certificate for ", signerID, " not loaded");
+		
 		// handle content
 		int numFiles = 0;
 		size_t contentPos = s.tellg ();
@ -428,6 +458,29 @@ namespace data
 			LogPrint (eLogError, "Can't open certificate file ", filename);
 	}

+	void Reseeder::LoadCertificates ()
+	{
+		boost::filesystem::path reseedDir = i2p::util::filesystem::GetCertificatesDir() / "reseed";
+		
+		if (!boost::filesystem::exists (reseedDir))
+		{
+			LogPrint (eLogWarning, "Reseed certificates not loaded. ", reseedDir, " doesn't exist");
+			return;
+		}
+
+		int numCertificates = 0;
+		boost::filesystem::directory_iterator end; // empty
+		for (boost::filesystem::directory_iterator it (reseedDir); it != end; ++it)
+		{
+			if (boost::filesystem::is_regular_file (it->status()) && it->path ().extension () == ".crt")
+			{	
+				LoadCertificate (it->path ().string ());
+				numCertificates++;
+			}	
+		}	
+		LogPrint (eLogInfo, numCertificates, " certificates loaded");
+	}	
+	
 }
 }

--- a/Reseed.h
+++ b/Reseed.h
@ -23,10 +23,12 @@ namespace data
 			bool reseedNow(); // depreacted
 			int ReseedNowSU3 ();

-			void LoadCertificate (const std::string& filename);
+			void LoadCertificates ();
 		
 		private:

+			void LoadCertificate (const std::string& filename);
+			
 			int ReseedFromSU3 (const std::string& host);
 			int ProcessSU3File (const char * filename);	
 			int ProcessSU3Stream (std::istream& s);	
--- a/util.cpp
+++ b/util.cpp
@ -211,6 +211,11 @@ namespace filesystem
 #endif
 #endif
 	}
+
+	boost::filesystem::path GetCertificatesDir()
+	{
+		return GetDataDir () / "certificates";
+	}	
 }

 namespace http
--- a/util.h
+++ b/util.h
@ -34,6 +34,7 @@ namespace util
 		boost::filesystem::path GetConfigFile();
 		void ReadConfigFile(std::map<std::string, std::string>& mapSettingsRet,
                std::map<std::string, std::vector<std::string> >& mapMultiSettingsRet);
+		boost::filesystem::path GetCertificatesDir();
 	}

 	namespace http