keyring: keys also contain algorithm identifier
This commit is contained in:
parent
b3a5fee318
commit
04b4b1670f
|
|
@ -134,14 +134,15 @@ bool keyring::parse_keypairs (sencode*keypairs, keypair_storage&pairs)
|
||||||
|
|
||||||
sencode_list*entry = dynamic_cast<sencode_list*> (*i);
|
sencode_list*entry = dynamic_cast<sencode_list*> (*i);
|
||||||
if (!entry) goto failure;
|
if (!entry) goto failure;
|
||||||
if (entry->items.size() != 3) goto failure;
|
if (entry->items.size() != 4) goto failure;
|
||||||
|
|
||||||
sencode_bytes
|
sencode_bytes
|
||||||
*ident = dynamic_cast<sencode_bytes*> (entry->items[0]),
|
*ident = dynamic_cast<sencode_bytes*> (entry->items[0]),
|
||||||
*privkey = dynamic_cast<sencode_bytes*> (entry->items[1]),
|
*alg = dynamic_cast<sencode_bytes*> (entry->items[1]),
|
||||||
*pubkey = dynamic_cast<sencode_bytes*> (entry->items[2]);
|
*privkey = dynamic_cast<sencode_bytes*> (entry->items[2]),
|
||||||
|
*pubkey = dynamic_cast<sencode_bytes*> (entry->items[3]);
|
||||||
|
|
||||||
if (! (ident && privkey && pubkey) ) goto failure;
|
if (! (ident && alg && privkey && pubkey) ) goto failure;
|
||||||
|
|
||||||
std::string keyid = get_keyid (pubkey->b);
|
std::string keyid = get_keyid (pubkey->b);
|
||||||
sencode *priv, *pub;
|
sencode *priv, *pub;
|
||||||
|
|
@ -155,7 +156,8 @@ bool keyring::parse_keypairs (sencode*keypairs, keypair_storage&pairs)
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
pairs[keyid] = keypair_entry (keyid, ident->b, pub, priv);
|
pairs[keyid] = keypair_entry (keyid, ident->b, alg->b,
|
||||||
|
pub, priv);
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -173,10 +175,11 @@ sencode* keyring::serialize_keypairs (const keypair_storage&pairs)
|
||||||
i = pairs.begin(), e = pairs.end();
|
i = pairs.begin(), e = pairs.end();
|
||||||
i != e; ++i) {
|
i != e; ++i) {
|
||||||
sencode_list*a = new sencode_list;
|
sencode_list*a = new sencode_list;
|
||||||
a->items.resize (3);
|
a->items.resize (4);
|
||||||
a->items[0] = new sencode_bytes (i->second.pub.name);
|
a->items[0] = new sencode_bytes (i->second.pub.name);
|
||||||
a->items[1] = new sencode_bytes (i->second.privkey->encode() );
|
a->items[1] = new sencode_bytes (i->second.pub.alg);
|
||||||
a->items[2] = new sencode_bytes (i->second.pub.key->encode() );
|
a->items[2] = new sencode_bytes (i->second.privkey->encode() );
|
||||||
|
a->items[3] = new sencode_bytes (i->second.pub.key->encode() );
|
||||||
L->items.push_back (a);
|
L->items.push_back (a);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -205,20 +208,21 @@ bool keyring::parse_pubkeys (sencode* pubkeys, pubkey_storage&pubs)
|
||||||
sencode_list*entry = dynamic_cast<sencode_list*> (*i);
|
sencode_list*entry = dynamic_cast<sencode_list*> (*i);
|
||||||
if (!entry) goto failure;
|
if (!entry) goto failure;
|
||||||
|
|
||||||
if (entry->items.size() != 2) goto failure;
|
if (entry->items.size() != 3) goto failure;
|
||||||
|
|
||||||
sencode_bytes
|
sencode_bytes
|
||||||
*ident = dynamic_cast<sencode_bytes*> (entry->items[0]),
|
*ident = dynamic_cast<sencode_bytes*> (entry->items[0]),
|
||||||
*pubkey = dynamic_cast<sencode_bytes*> (entry->items[1]);
|
*alg = dynamic_cast<sencode_bytes*> (entry->items[1]),
|
||||||
|
*pubkey = dynamic_cast<sencode_bytes*> (entry->items[2]);
|
||||||
|
|
||||||
if (! (ident && pubkey) ) goto failure;
|
if (! (ident && alg && pubkey) ) goto failure;
|
||||||
|
|
||||||
std::string keyid = get_keyid (pubkey->b);
|
std::string keyid = get_keyid (pubkey->b);
|
||||||
sencode*key;
|
sencode*key;
|
||||||
key = sencode_decode (pubkey->b);
|
key = sencode_decode (pubkey->b);
|
||||||
if (!key) goto failure;
|
if (!key) goto failure;
|
||||||
|
|
||||||
pubs[keyid] = pubkey_entry (keyid, ident->b, key);
|
pubs[keyid] = pubkey_entry (keyid, ident->b, alg->b, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -237,9 +241,10 @@ sencode* keyring::serialize_pubkeys (const pubkey_storage&pubs)
|
||||||
i = pubs.begin(), e = pubs.end();
|
i = pubs.begin(), e = pubs.end();
|
||||||
i != e; ++i) {
|
i != e; ++i) {
|
||||||
sencode_list*a = new sencode_list();
|
sencode_list*a = new sencode_list();
|
||||||
a->items.resize (2);
|
a->items.resize (3);
|
||||||
a->items[0] = new sencode_bytes (i->second.name);
|
a->items[0] = new sencode_bytes (i->second.name);
|
||||||
a->items[1] = new sencode_bytes (i->second.key->encode() );
|
a->items[1] = new sencode_bytes (i->second.alg);
|
||||||
|
a->items[2] = new sencode_bytes (i->second.key->encode() );
|
||||||
L->items.push_back (a);
|
L->items.push_back (a);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ class keyring
|
||||||
public:
|
public:
|
||||||
struct pubkey_entry {
|
struct pubkey_entry {
|
||||||
sencode *key;
|
sencode *key;
|
||||||
std::string name, keyid;
|
std::string name, alg, keyid;
|
||||||
|
|
||||||
pubkey_entry() {
|
pubkey_entry() {
|
||||||
key = NULL;
|
key = NULL;
|
||||||
|
|
@ -38,9 +38,11 @@ public:
|
||||||
|
|
||||||
pubkey_entry (const std::string& KID,
|
pubkey_entry (const std::string& KID,
|
||||||
const std::string& N,
|
const std::string& N,
|
||||||
|
const std::string& A,
|
||||||
sencode*K) {
|
sencode*K) {
|
||||||
key = K;
|
key = K;
|
||||||
name = N;
|
name = N;
|
||||||
|
alg = A;
|
||||||
keyid = KID;
|
keyid = KID;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
@ -55,9 +57,10 @@ public:
|
||||||
|
|
||||||
keypair_entry (const std::string&KID,
|
keypair_entry (const std::string&KID,
|
||||||
const std::string& N,
|
const std::string& N,
|
||||||
|
const std::string& A,
|
||||||
sencode*PubK,
|
sencode*PubK,
|
||||||
sencode*PrivK)
|
sencode*PrivK)
|
||||||
: pub (KID, N, PubK) {
|
: pub (KID, N, A, PubK) {
|
||||||
privkey = PrivK;
|
privkey = PrivK;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
@ -105,11 +108,13 @@ public:
|
||||||
}
|
}
|
||||||
|
|
||||||
bool store_pubkey (const std::string&keyid,
|
bool store_pubkey (const std::string&keyid,
|
||||||
const std::string&name, sencode*key) {
|
const std::string&name,
|
||||||
|
const std::string&alg,
|
||||||
|
sencode*key) {
|
||||||
|
|
||||||
if (pairs.count (keyid) ) return false;
|
if (pairs.count (keyid) ) return false;
|
||||||
if (pubs.count (keyid) ) return false;
|
if (pubs.count (keyid) ) return false;
|
||||||
pubs[keyid] = pubkey_entry (keyid, name, key);
|
pubs[keyid] = pubkey_entry (keyid, name, alg, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
void remove_pubkey (const std::string&keyid) {
|
void remove_pubkey (const std::string&keyid) {
|
||||||
|
|
@ -126,11 +131,13 @@ public:
|
||||||
|
|
||||||
bool store_keypair (const std::string&keyid,
|
bool store_keypair (const std::string&keyid,
|
||||||
const std::string&name,
|
const std::string&name,
|
||||||
|
const std::string&alg,
|
||||||
sencode*pubkey, sencode*privkey) {
|
sencode*pubkey, sencode*privkey) {
|
||||||
|
|
||||||
if (pairs.count (keyid) ) return false;
|
if (pairs.count (keyid) ) return false;
|
||||||
if (pubs.count (keyid) ) return false;
|
if (pubs.count (keyid) ) return false;
|
||||||
pairs[keyid] = keypair_entry (keyid, name, pubkey, privkey);
|
pairs[keyid] = keypair_entry (keyid, name, alg,
|
||||||
|
pubkey, privkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
void remove_keypair (const std::string&keyid) {
|
void remove_keypair (const std::string&keyid) {
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,8 @@ int encrypted_msg::encrypt (const bvector&msg,
|
||||||
keyring::pubkey_entry*pk = kr.get_pubkey (key_id);
|
keyring::pubkey_entry*pk = kr.get_pubkey (key_id);
|
||||||
if (!pk) return 2; //PK not found
|
if (!pk) return 2; //PK not found
|
||||||
|
|
||||||
|
if (pk->alg != alg_id) return 3; //algorithm mismatch
|
||||||
|
|
||||||
return alg->encrypt (msg, ciphertext, pk->key, rng);
|
return alg->encrypt (msg, ciphertext, pk->key, rng);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -55,6 +57,8 @@ int encrypted_msg::decrypt (bvector& msg, algorithm_suite&algs, keyring& kr)
|
||||||
keyring::keypair_entry*k = kr.get_keypair (key_id);
|
keyring::keypair_entry*k = kr.get_keypair (key_id);
|
||||||
if (!k) return 2;
|
if (!k) return 2;
|
||||||
|
|
||||||
|
if (k->pub.alg != alg_id) return 3;
|
||||||
|
|
||||||
return alg->decrypt (ciphertext, msg, k->privkey);
|
return alg->decrypt (ciphertext, msg, k->privkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -79,6 +83,8 @@ int signed_msg::sign (const bvector&msg,
|
||||||
keyring::keypair_entry *k = kr.get_keypair (key_id);
|
keyring::keypair_entry *k = kr.get_keypair (key_id);
|
||||||
if (!k) return 2;
|
if (!k) return 2;
|
||||||
|
|
||||||
|
if (k->pub.alg != alg_id) return 3;
|
||||||
|
|
||||||
bool privkey_dirty = false;
|
bool privkey_dirty = false;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
|
@ -88,7 +94,7 @@ int signed_msg::sign (const bvector&msg,
|
||||||
|
|
||||||
if (privkey_dirty) {
|
if (privkey_dirty) {
|
||||||
//we can't output a signature without storing privkey changes!
|
//we can't output a signature without storing privkey changes!
|
||||||
if (!kr.save() ) return 3;
|
if (!kr.save() ) return 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -108,6 +114,8 @@ int signed_msg::verify (algorithm_suite&algs, keyring&kr)
|
||||||
keyring::pubkey_entry*pk = kr.get_pubkey (key_id);
|
keyring::pubkey_entry*pk = kr.get_pubkey (key_id);
|
||||||
if (!pk) return 2;
|
if (!pk) return 2;
|
||||||
|
|
||||||
|
if (pk->alg != alg_id) return 3;
|
||||||
|
|
||||||
return alg->verify (signature, message, pk->key);
|
return alg->verify (signature, message, pk->key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue