|
|
@ -11,6 +11,7 @@ |
|
|
|
#include "Reseed.h" |
|
|
|
#include "Reseed.h" |
|
|
|
#include "Log.h" |
|
|
|
#include "Log.h" |
|
|
|
#include "Identity.h" |
|
|
|
#include "Identity.h" |
|
|
|
|
|
|
|
#include "Signature.h" |
|
|
|
#include "NetDb.h" |
|
|
|
#include "NetDb.h" |
|
|
|
#include "util.h" |
|
|
|
#include "util.h" |
|
|
|
|
|
|
|
|
|
|
@ -211,8 +212,37 @@ namespace data |
|
|
|
s.seekg (12, std::ios::cur); // unused
|
|
|
|
s.seekg (12, std::ios::cur); // unused
|
|
|
|
|
|
|
|
|
|
|
|
s.seekg (versionLength, std::ios::cur); // skip version
|
|
|
|
s.seekg (versionLength, std::ios::cur); // skip version
|
|
|
|
s.seekg (signerIDLength, std::ios::cur); // skip signer ID
|
|
|
|
char signerID[256]; |
|
|
|
|
|
|
|
s.read (signerID, signerIDLength); // signerID
|
|
|
|
|
|
|
|
signerID[signerIDLength] = 0; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//try to verify signature
|
|
|
|
|
|
|
|
auto it = m_SigningKeys.find (signerID); |
|
|
|
|
|
|
|
if (it != m_SigningKeys.end ()) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
// TODO: implement all signature types
|
|
|
|
|
|
|
|
if (signatureType == SIGNING_KEY_TYPE_RSA_SHA512_4096) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
i2p::crypto::RSASHA5124096Verifier verifier(it->second); |
|
|
|
|
|
|
|
size_t pos = s.tellg (); |
|
|
|
|
|
|
|
size_t tbsLen = pos + contentLength; |
|
|
|
|
|
|
|
uint8_t * tbs = new uint8_t[tbsLen]; |
|
|
|
|
|
|
|
s.seekg (0, std::ios::beg); |
|
|
|
|
|
|
|
s.read ((char *)tbs, tbsLen); |
|
|
|
|
|
|
|
uint8_t * signature = new uint8_t[signatureLength]; |
|
|
|
|
|
|
|
s.read ((char *)signature, signatureLength); |
|
|
|
|
|
|
|
if (!verifier.Verify (tbs, tbsLen, signature)) |
|
|
|
|
|
|
|
LogPrint (eLogWarning, "SU3 signature verification failed"); |
|
|
|
|
|
|
|
delete[] signature; |
|
|
|
|
|
|
|
delete[] tbs; |
|
|
|
|
|
|
|
s.seekg (pos, std::ios::beg); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
else |
|
|
|
|
|
|
|
LogPrint (eLogWarning, "Signature type ", signatureType, " is not supported"); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
else |
|
|
|
|
|
|
|
LogPrint (eLogWarning, "Certificate for ", signerID, " not loaded"); |
|
|
|
|
|
|
|
|
|
|
|
// handle content
|
|
|
|
// handle content
|
|
|
|
int numFiles = 0; |
|
|
|
int numFiles = 0; |
|
|
|
size_t contentPos = s.tellg (); |
|
|
|
size_t contentPos = s.tellg (); |
|
|
@ -428,6 +458,29 @@ namespace data |
|
|
|
LogPrint (eLogError, "Can't open certificate file ", filename); |
|
|
|
LogPrint (eLogError, "Can't open certificate file ", filename); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void Reseeder::LoadCertificates () |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
boost::filesystem::path reseedDir = i2p::util::filesystem::GetCertificatesDir() / "reseed"; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!boost::filesystem::exists (reseedDir)) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
LogPrint (eLogWarning, "Reseed certificates not loaded. ", reseedDir, " doesn't exist"); |
|
|
|
|
|
|
|
return; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int numCertificates = 0; |
|
|
|
|
|
|
|
boost::filesystem::directory_iterator end; // empty
|
|
|
|
|
|
|
|
for (boost::filesystem::directory_iterator it (reseedDir); it != end; ++it) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
if (boost::filesystem::is_regular_file (it->status()) && it->path ().extension () == ".crt") |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
LoadCertificate (it->path ().string ()); |
|
|
|
|
|
|
|
numCertificates++; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
LogPrint (eLogInfo, numCertificates, " certificates loaded"); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|