Add key id based m2p rotation support
Some checks failed
build / Windows Build (push) Has been cancelled
Some checks failed
build / Windows Build (push) Has been cancelled
This commit is contained in:
server
@@ -40,12 +40,6 @@ bool ReadPod(const uint8_t* bytes, std::size_t size, std::size_t& offset, T& out
|
||||
|
||||
bool CM2Pack::Load(const std::string& path)
|
||||
{
|
||||
if (!HasM2PackRuntimeKeysForArchiveLoad())
|
||||
{
|
||||
TraceError("CM2Pack::Load: runtime master key required for '%s'", path.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
std::error_code ec;
|
||||
m_file.map(path, ec);
|
||||
|
||||
@@ -75,6 +69,15 @@ bool CM2Pack::Load(const std::string& path)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!HasM2PackRuntimeKeysForArchiveLoad(m_header.key_id))
|
||||
{
|
||||
TraceError("CM2Pack::Load: runtime master key with key_id=%u required for '%s' (active key_id=%u)",
|
||||
m_header.key_id,
|
||||
path.c_str(),
|
||||
GetM2PackActiveMasterKeyId());
|
||||
return false;
|
||||
}
|
||||
|
||||
if (m_header.manifest_offset + m_header.manifest_size > m_file.size())
|
||||
{
|
||||
TraceError("CM2Pack::Load: manifest out of bounds in '%s'", path.c_str());
|
||||
@@ -111,11 +114,18 @@ bool CM2Pack::ValidateManifest()
|
||||
return false;
|
||||
}
|
||||
|
||||
if (crypto_sign_verify_detached(
|
||||
const auto* publicKey = GetM2PackPublicKeyForKeyId(m_header.key_id);
|
||||
if (!publicKey)
|
||||
{
|
||||
TraceError("CM2Pack::ValidateManifest: no public key configured for key_id=%u", m_header.key_id);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (crypto_sign_verify_detached(
|
||||
m_header.manifest_signature,
|
||||
m_manifest_bytes.data(),
|
||||
m_manifest_bytes.size(),
|
||||
GetM2PackActivePublicKey().data()) != 0)
|
||||
publicKey->data()) != 0)
|
||||
{
|
||||
TraceError("CM2Pack::ValidateManifest: manifest signature mismatch");
|
||||
return false;
|
||||
|
||||
Reference in New Issue
Block a user