diff --git a/services/tunnelbroker/src/cxx_bridge.rs b/services/tunnelbroker/src/cxx_bridge.rs --- a/services/tunnelbroker/src/cxx_bridge.rs +++ b/services/tunnelbroker/src/cxx_bridge.rs @@ -59,7 +59,6 @@ pub fn newSessionHandler( deviceID: &str, publicKey: &str, - signature: &str, deviceType: i32, deviceAppVersion: &str, deviceOS: &str, diff --git a/services/tunnelbroker/src/libcpp/Tunnelbroker.h b/services/tunnelbroker/src/libcpp/Tunnelbroker.h --- a/services/tunnelbroker/src/libcpp/Tunnelbroker.h +++ b/services/tunnelbroker/src/libcpp/Tunnelbroker.h @@ -11,7 +11,6 @@ NewSessionResult newSessionHandler( rust::Str deviceID, rust::Str publicKey, - rust::Str signature, int32_t deviceType, rust::Str deviceAppVersion, rust::Str deviceOS, diff --git a/services/tunnelbroker/src/libcpp/Tunnelbroker.cpp b/services/tunnelbroker/src/libcpp/Tunnelbroker.cpp --- a/services/tunnelbroker/src/libcpp/Tunnelbroker.cpp +++ b/services/tunnelbroker/src/libcpp/Tunnelbroker.cpp @@ -2,7 +2,6 @@ #include "AmqpManager.h" #include "AwsTools.h" #include "ConfigManager.h" -#include "CryptoTools.h" #include "DatabaseManager.h" #include "DeliveryBroker.h" #include "GlobalTools.h" @@ -86,7 +85,6 @@ NewSessionResult newSessionHandler( rust::Str deviceID, rust::Str publicKey, - rust::Str signature, int32_t deviceType, rust::Str deviceAppVersion, rust::Str deviceOS, @@ -104,14 +102,6 @@ const std::string stringPublicKey{publicKey}; const std::string newSessionID = comm::network::tools::generateUUID(); try { - sessionSignItem = comm::network::database::DatabaseManager::getInstance() - .findSessionSignItem(stringDeviceID); - if (sessionSignItem == nullptr) { - return NewSessionResult{ - .grpcStatus = { - .statusCode = GRPCStatusCodes::NotFound, - .errorText = "Session signature request not found for deviceID"}}; - } publicKeyItem = comm::network::database::DatabaseManager::getInstance() .findPublicKeyItem(stringDeviceID); if (publicKeyItem == nullptr) { @@ -126,15 +116,6 @@ .statusCode = GRPCStatusCodes::PermissionDenied, .errorText = "The public key doesn't match for deviceID"}}; } - const std::string verificationMessage = sessionSignItem->getSign(); - if (!comm::network::crypto::rsaVerifyString( - stringPublicKey, verificationMessage, std::string{signature})) { - return NewSessionResult{ - .grpcStatus = { - .statusCode = GRPCStatusCodes::PermissionDenied, - .errorText = - "Signature for the verification message is not valid"}}; - } comm::network::database::DatabaseManager::getInstance() .removeSessionSignItem(stringDeviceID); diff --git a/services/tunnelbroker/src/libcpp/src/Tools/CryptoTools.h b/services/tunnelbroker/src/libcpp/src/Tools/CryptoTools.h deleted file mode 100644 --- a/services/tunnelbroker/src/libcpp/src/Tools/CryptoTools.h +++ /dev/null @@ -1,16 +0,0 @@ -#pragma once - -#include - -namespace comm { -namespace network { -namespace crypto { - -bool rsaVerifyString( - const std::string &publicKeyBase64, - const std::string &message, - const std::string &signatureBase64); - -} // namespace crypto -} // namespace network -} // namespace comm diff --git a/services/tunnelbroker/src/libcpp/src/Tools/CryptoTools.cpp b/services/tunnelbroker/src/libcpp/src/Tools/CryptoTools.cpp deleted file mode 100644 --- a/services/tunnelbroker/src/libcpp/src/Tools/CryptoTools.cpp +++ /dev/null @@ -1,42 +0,0 @@ -#include "CryptoTools.h" - -#include -#include -#include -#include - -namespace comm { -namespace network { -namespace crypto { - -bool rsaVerifyString( - const std::string &publicKeyBase64, - const std::string &message, - const std::string &signatureBase64) { - CryptoPP::RSA::PublicKey publicKey; - std::string decodedSignature; - try { - publicKey.Load(CryptoPP::StringSource( - publicKeyBase64, true, new CryptoPP::Base64Decoder()) - .Ref()); - CryptoPP::StringSource stringSource( - signatureBase64, - true, - new CryptoPP::Base64Decoder( - new CryptoPP::StringSink(decodedSignature))); - CryptoPP::RSASSA_PKCS1v15_SHA_Verifier verifierSha256(publicKey); - return verifierSha256.VerifyMessage( - reinterpret_cast(message.c_str()), - message.length(), - reinterpret_cast(decodedSignature.c_str()), - decodedSignature.length()); - } catch (const std::exception &e) { - LOG(ERROR) << "CryptoTools: " - << "Got an exception " << e.what(); - return false; - } -} - -} // namespace crypto -} // namespace network -} // namespace comm diff --git a/services/tunnelbroker/src/libcpp/test/CryptoToolsTest.cpp b/services/tunnelbroker/src/libcpp/test/CryptoToolsTest.cpp deleted file mode 100644 --- a/services/tunnelbroker/src/libcpp/test/CryptoToolsTest.cpp +++ /dev/null @@ -1,45 +0,0 @@ -#include "CryptoTools.h" -#include "Constants.h" -#include "Tools.h" - -#include - -#include - -using namespace comm::network; - -class CryptoToolsTest : public testing::Test {}; - -TEST(CryptoToolsTest, RsaVerifyStringIsTrueOnValidSignature) { - const std::string publicKeyBase64 = - "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGC8M8FdRSSEdfAufY/V5iP6cB" - "crXdeZa19OjpbbNvq9qAT2FobnYrlNI8p3y/2LvJBxlR9VlvS0Nh4HLZLdmf8zOf" - "3HyN0w8ey54xE5eIILZi1Xudrk8J+U5xij78Bzl2WdAvoVCiVbaodff8DBvmqHeR" - "/EDcMX3ipPDzjcCFXwIDAQAB"; - const std::string verifyMessage = "testverifymessagetestverifymessage"; - const std::string validSignatureBase64 = - "tn5w317+CcuUdK8JRvM0GW+m65ph7sHqlbpY5PhYZtl1hlb86ILgmlCaa+" - "O7icLImcLQkVsabCaVkczrJOy95jvT251gAKBZAXc4oDNqg4n5An3GmwHzbh50Z40M9gwXG/" - "zx6ReEYvgqDo9e1cimljewFykHt8ApBX6mbJ8ShyM="; - EXPECT_EQ( - crypto::rsaVerifyString( - publicKeyBase64, verifyMessage, validSignatureBase64), - true); -} - -TEST(CryptoToolsTest, RsaVerifyStringIsFalseOnInvalidSignature) { - const std::string publicKeyBase64 = - "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGC8M8FdRSSEdfAufY/V5iP6cB" - "crXdeZa19OjpbbNvq9qAT2FobnYrlNI8p3y/2LvJBxlR9VlvS0Nh4HLZLdmf8zOf" - "3HyN0w8ey54xE5eIILZi1Xudrk8J+U5xij78Bzl2WdAvoVCiVbaodff8DBvmqHeR" - "/EDcMX3ipPDzjcCFXwIDAQAB"; - const std::string verifyMessage = "testverifymessagetestverifymessage"; - const std::string invalidSignatureBase64 = - "Opuw317+CcuUdK8JRvM0GW+m65ph7sHqlbpY5PhYZtl1hlb86ILgmlCaa+" - "O7icLImcLQkVsabCaVkczrJOy95jvT251gAKBZAXc4oDNqg4n5An3GmwHzbh50Z40M9gwXG/" - "zx6ReEYvgqDo9e1cimljewFykHt8ApBX6mbJ8dfrM="; - EXPECT_EQ( - crypto::rsaVerifyString( - publicKeyBase64, verifyMessage, invalidSignatureBase64), - false); -} diff --git a/services/tunnelbroker/src/server/mod.rs b/services/tunnelbroker/src/server/mod.rs --- a/services/tunnelbroker/src/server/mod.rs +++ b/services/tunnelbroker/src/server/mod.rs @@ -95,7 +95,6 @@ let result = newSessionHandler( &inner_request.device_id, &inner_request.public_key, - &inner_request.signature, inner_request.device_type, &inner_request.device_app_version, &inner_request.device_os,