2009-05-23 13:40:35 -04:00
|
|
|
/*
|
|
|
|
* libretroshare/src/ : gpgauthmgr.h
|
|
|
|
*
|
|
|
|
* GPG interface for RetroShare.
|
|
|
|
*
|
|
|
|
* Copyright 2008-2009 by Raghu Dev R.
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Library General Public
|
|
|
|
* License Version 2 as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Library General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Library General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
|
|
|
* USA.
|
|
|
|
*
|
|
|
|
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
|
|
|
*
|
|
|
|
* This is *THE* auth manager. It provides the web-of-trust via
|
|
|
|
* gpgme, and authenticates the certificates that are managed
|
|
|
|
* by the sublayer AuthSSL.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
/****
|
|
|
|
* Here's GPG policy :
|
|
|
|
* By default, all pgpg keys imported via a RS user (make friend and accept friend action) are signed at level 0.
|
|
|
|
* All signed keys by RS are set to be trusted marginally. You can change it to full or no trust in the friend profile
|
|
|
|
* For a key to be marginaly valid, it has to be signed by one fully trusted key, or at least by 3 marginally trusted keys.
|
|
|
|
* All keys that have at least marginal validity are designed as valid in RS. They are shown in the RS gui in order to be signed.
|
|
|
|
* If there is no validity then the key is not shown.
|
|
|
|
*/
|
|
|
|
|
2009-05-23 13:40:35 -04:00
|
|
|
#ifndef RS_GPG_AUTH_HEADER
|
|
|
|
#define RS_GPG_AUTH_HEADER
|
|
|
|
|
|
|
|
#include <gpgme.h>
|
2010-01-13 15:52:31 -05:00
|
|
|
#include <openssl/ssl.h>
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include "util/rsthreads.h"
|
2010-01-13 16:08:46 -05:00
|
|
|
#include "rsiface/rspeers.h"
|
2010-01-13 15:56:55 -05:00
|
|
|
#include <string>
|
|
|
|
#include <list>
|
2010-01-13 16:22:52 -05:00
|
|
|
#include <set>
|
2010-01-13 15:56:55 -05:00
|
|
|
#include <map>
|
2010-01-13 16:26:30 -05:00
|
|
|
#include "pqi/p3cfgmgr.h"
|
2010-01-13 15:52:31 -05:00
|
|
|
|
|
|
|
#define GPG_id std::string
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-01-21 17:04:20 -05:00
|
|
|
const time_t STORE_KEY_TIMEOUT = 60; //store key is call around every 60sec
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/*!
|
|
|
|
* gpgcert is the identifier for a person.
|
2009-05-23 13:40:35 -04:00
|
|
|
* It is a wrapper class for a GPGme OpenPGP certificate.
|
|
|
|
*/
|
|
|
|
class gpgcert
|
|
|
|
{
|
|
|
|
public:
|
2009-05-25 07:38:47 -04:00
|
|
|
gpgcert();
|
|
|
|
~gpgcert();
|
|
|
|
|
2010-01-13 15:56:55 -05:00
|
|
|
std::string id;
|
|
|
|
std::string name;
|
|
|
|
std::string email;
|
|
|
|
|
|
|
|
std::string fpr; /* fingerprint */
|
|
|
|
std::list<std::string> signers;
|
|
|
|
|
|
|
|
uint32_t trustLvl;
|
|
|
|
uint32_t validLvl;
|
|
|
|
|
|
|
|
bool ownsign;
|
|
|
|
|
2010-01-13 16:22:52 -05:00
|
|
|
//This is not gpg, but RS data. A gpg peer can be accepted for connecting but not signed.
|
|
|
|
bool accept_connection;
|
|
|
|
|
2009-05-23 13:40:35 -04:00
|
|
|
gpgme_key_t key;
|
|
|
|
};
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/*!
|
2009-05-23 13:40:35 -04:00
|
|
|
* The certificate map type
|
|
|
|
*/
|
|
|
|
typedef std::map<std::string, gpgcert> certmap;
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
//! provides basic gpg functionality
|
|
|
|
/*!
|
|
|
|
*
|
|
|
|
* This provides retroshare basic gpg functionality and
|
|
|
|
* key/web-of-trust management, also handle cert intialisation for retroshare
|
|
|
|
*/
|
2010-01-13 16:26:30 -05:00
|
|
|
class AuthGPG : public p3Config
|
2009-05-23 13:40:35 -04:00
|
|
|
{
|
2009-05-25 07:38:47 -04:00
|
|
|
private:
|
|
|
|
|
|
|
|
/* Internal functions */
|
2010-01-13 15:52:31 -05:00
|
|
|
bool DoOwnSignature_locked(const void *, unsigned int, void *, unsigned int *);
|
2010-01-13 16:22:52 -05:00
|
|
|
bool VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint);
|
2009-05-25 07:38:47 -04:00
|
|
|
|
2010-01-13 15:52:31 -05:00
|
|
|
/* Sign/Trust stuff */
|
|
|
|
int privateSignCertificate(GPG_id id);
|
|
|
|
int privateRevokeCertificate(GPG_id id); /* revoke the signature on Certificate */
|
|
|
|
int privateTrustCertificate(GPG_id id, int trustlvl);
|
|
|
|
|
|
|
|
// store all keys in map mKeyList to avoid calling gpgme exe repeatedly
|
2009-05-25 07:38:47 -04:00
|
|
|
bool storeAllKeys_locked();
|
2010-01-21 17:04:20 -05:00
|
|
|
bool storeAllKeys_timed();
|
2010-05-31 15:20:52 -04:00
|
|
|
// Not used anymore
|
|
|
|
// bool updateTrustAllKeys_locked();
|
2009-05-25 07:38:47 -04:00
|
|
|
|
|
|
|
bool printAllKeys_locked();
|
|
|
|
bool printOwnKeys_locked();
|
|
|
|
|
2009-05-23 13:40:35 -04:00
|
|
|
public:
|
|
|
|
|
2010-01-13 15:58:58 -05:00
|
|
|
AuthGPG();
|
|
|
|
~AuthGPG();
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/**
|
|
|
|
* @param ids list of gpg certificate ids (note, not the actual certificates)
|
|
|
|
*/
|
2010-01-13 16:22:52 -05:00
|
|
|
bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
|
2009-05-23 13:40:35 -04:00
|
|
|
|
|
|
|
/* SKTAN */
|
|
|
|
void showData(gpgme_data_t dh);
|
|
|
|
void createDummyFriends(void); //NYI
|
|
|
|
|
2009-07-30 17:27:47 -04:00
|
|
|
bool printKeys();
|
|
|
|
|
2009-05-23 13:40:35 -04:00
|
|
|
/*********************************************************************************/
|
|
|
|
/************************* STAGE 1 ***********************************************/
|
|
|
|
/*********************************************************************************/
|
|
|
|
/*****
|
|
|
|
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
|
|
|
|
* will be different. Just move the initialisation functions over....
|
|
|
|
*
|
|
|
|
* As GPGMe requires external calls to the GPG executable, which could potentially
|
|
|
|
* be expensive, We'll want to cache the GPG keys in this class.
|
|
|
|
* This should be done at initialisation, and saved in a map.
|
|
|
|
* (see storage at the end of the class)
|
|
|
|
*
|
|
|
|
****/
|
|
|
|
bool active();
|
|
|
|
|
2010-04-30 10:34:48 -04:00
|
|
|
/* Initialize */
|
|
|
|
bool InitAuth ();
|
|
|
|
|
2010-01-13 15:52:31 -05:00
|
|
|
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
|
2010-01-18 07:30:54 -05:00
|
|
|
int GPGInit(std::string ownId);
|
2009-05-23 13:40:35 -04:00
|
|
|
bool CloseAuth();
|
2010-01-18 07:30:54 -05:00
|
|
|
bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
|
2009-05-23 13:40:35 -04:00
|
|
|
|
|
|
|
/*********************************************************************************/
|
|
|
|
/************************* STAGE 3 ***********************************************/
|
|
|
|
/*********************************************************************************/
|
|
|
|
/*****
|
|
|
|
* STAGE 3: These are some of the most commonly used functions in Retroshare.
|
|
|
|
*
|
|
|
|
* More commonly used functions.
|
|
|
|
*
|
|
|
|
* provide access to details in cache list.
|
|
|
|
*
|
|
|
|
****/
|
2010-01-13 16:22:52 -05:00
|
|
|
std::string getGPGName(GPG_id pgp_id);
|
|
|
|
std::string getGPGEmail(GPG_id pgp_id);
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
/* PGP web of trust management */
|
2010-01-13 16:22:52 -05:00
|
|
|
std::string getGPGOwnId();
|
|
|
|
std::string getGPGOwnName();
|
|
|
|
std::string getGPGOwnEmail();
|
|
|
|
bool getGPGDetails(std::string id, RsPeerDetails &d);
|
|
|
|
bool getGPGAllList(std::list<std::string> &ids);
|
|
|
|
bool getGPGValidList(std::list<std::string> &ids);
|
|
|
|
bool getGPGAcceptedList(std::list<std::string> &ids);
|
|
|
|
bool getGPGSignedList(std::list<std::string> &ids);
|
|
|
|
bool isGPGValid(std::string id);
|
|
|
|
bool isGPGSigned(std::string id);
|
|
|
|
bool isGPGAccepted(std::string id);
|
2010-01-13 16:25:18 -05:00
|
|
|
bool isGPGId(GPG_id id);
|
2009-05-23 13:40:35 -04:00
|
|
|
|
|
|
|
/*********************************************************************************/
|
|
|
|
/************************* STAGE 4 ***********************************************/
|
|
|
|
/*********************************************************************************/
|
|
|
|
/*****
|
|
|
|
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
|
|
|
|
*
|
|
|
|
****/
|
2010-01-13 16:22:52 -05:00
|
|
|
bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
|
2009-05-23 13:40:35 -04:00
|
|
|
std::string SaveCertificateToString(std::string id);
|
|
|
|
|
|
|
|
/*********************************************************************************/
|
|
|
|
/************************* STAGE 6 ***********************************************/
|
|
|
|
/*********************************************************************************/
|
|
|
|
/*****
|
|
|
|
* STAGE 6: Authentication, Trust and Signing.
|
|
|
|
*
|
|
|
|
* This is some of the harder functions, but they should have been
|
|
|
|
* done in gpgroot already.
|
|
|
|
*
|
|
|
|
****/
|
2010-01-13 16:22:52 -05:00
|
|
|
bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
|
2010-01-13 16:05:38 -05:00
|
|
|
bool SignCertificateLevel0(std::string id);
|
2010-01-13 15:52:31 -05:00
|
|
|
bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
|
2010-01-13 16:05:38 -05:00
|
|
|
bool TrustCertificateNone(std::string id);
|
|
|
|
bool TrustCertificateMarginally(std::string id);
|
|
|
|
bool TrustCertificateFully(std::string id);
|
2010-01-13 16:14:49 -05:00
|
|
|
bool TrustCertificate(std::string id, int trustlvl); //trustlvl is 2 for none, 3 for marginal and 4 for full trust
|
2009-05-23 13:40:35 -04:00
|
|
|
|
|
|
|
/*********************************************************************************/
|
|
|
|
/************************* STAGE 7 ***********************************************/
|
|
|
|
/*********************************************************************************/
|
|
|
|
/*****
|
|
|
|
* STAGE 7: Signing Data.
|
|
|
|
*
|
|
|
|
* There should also be Encryption Functions... (do later).
|
|
|
|
*
|
|
|
|
****/
|
2010-01-13 15:52:31 -05:00
|
|
|
bool SignData(std::string input, std::string &sign);
|
|
|
|
bool SignData(const void *data, const uint32_t len, std::string &sign);
|
|
|
|
bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
|
|
|
|
bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
|
2010-01-13 16:22:52 -05:00
|
|
|
bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
|
2010-01-13 15:52:31 -05:00
|
|
|
bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
|
|
|
|
bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
|
2010-01-13 16:05:38 -05:00
|
|
|
//END of PGP public functions
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
static AuthGPG *getAuthGPG() throw() // pour obtenir l'instance
|
|
|
|
{ return instance_gpg; }
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-01-13 16:26:30 -05:00
|
|
|
protected:
|
|
|
|
/*****************************************************************/
|
|
|
|
/*********************** p3config ******************************/
|
|
|
|
/* Key Functions to be overloaded for Full Configuration */
|
|
|
|
virtual RsSerialiser *setupSerialiser();
|
|
|
|
virtual std::list<RsItem *> saveList(bool &cleanup);
|
|
|
|
virtual bool loadList(std::list<RsItem *> load);
|
|
|
|
/*****************************************************************/
|
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
private:
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
static AuthGPG *instance_gpg; // pointeur vers le singleton
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-06-18 16:19:04 -04:00
|
|
|
RsMutex gpgMtx;
|
2010-01-13 16:05:38 -05:00
|
|
|
/* Below is protected via the mutex */
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
certmap mKeyList;
|
2010-01-21 17:04:20 -05:00
|
|
|
time_t mStoreKeyTime;
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
bool gpgmeInit;
|
2010-01-21 17:04:20 -05:00
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
bool gpgmeKeySelected;
|
2010-04-08 15:08:41 -04:00
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
gpgme_engine_info_t INFO;
|
|
|
|
gpgme_ctx_t CTX;
|
2009-05-23 13:40:35 -04:00
|
|
|
|
2010-01-13 16:05:38 -05:00
|
|
|
std::string mOwnGpgId;
|
2010-01-21 17:04:20 -05:00
|
|
|
gpgcert mOwnGpgCert;
|
|
|
|
|
2010-01-13 16:22:52 -05:00
|
|
|
std::map<std::string, bool> mAcceptToConnectMap;
|
2009-05-23 13:40:35 -04:00
|
|
|
|
|
|
|
};
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/*!
|
|
|
|
* Sign a key
|
|
|
|
**/
|
2009-05-23 13:40:35 -04:00
|
|
|
typedef enum
|
|
|
|
{
|
|
|
|
SIGN_START,
|
|
|
|
SIGN_COMMAND,
|
|
|
|
SIGN_UIDS,
|
|
|
|
SIGN_SET_EXPIRE,
|
|
|
|
SIGN_SET_CHECK_LEVEL,
|
|
|
|
SIGN_ENTER_PASSPHRASE,
|
|
|
|
SIGN_CONFIRM,
|
|
|
|
SIGN_QUIT,
|
|
|
|
SIGN_SAVE,
|
|
|
|
SIGN_ERROR
|
|
|
|
} SignState;
|
|
|
|
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/*!
|
|
|
|
* Change the key ownertrust
|
|
|
|
**/
|
2009-05-23 13:40:35 -04:00
|
|
|
typedef enum
|
|
|
|
{
|
|
|
|
TRUST_START,
|
|
|
|
TRUST_COMMAND,
|
|
|
|
TRUST_VALUE,
|
|
|
|
TRUST_REALLY_ULTIMATE,
|
|
|
|
TRUST_QUIT,
|
|
|
|
TRUST_SAVE,
|
|
|
|
TRUST_ERROR
|
|
|
|
} TrustState;
|
|
|
|
|
|
|
|
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/*!
|
|
|
|
* This is the generic data object passed to the
|
2009-05-23 13:40:35 -04:00
|
|
|
* callback function in a gpgme_op_edit operation.
|
|
|
|
* The contents of this object are modified during
|
|
|
|
* each callback, to keep track of states, errors
|
|
|
|
* and other data.
|
|
|
|
*/
|
|
|
|
class EditParams
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
int state;
|
2010-04-14 18:25:13 -04:00
|
|
|
|
|
|
|
/*!
|
|
|
|
* The return code of gpgme_op_edit() is the return value of
|
2009-05-23 13:40:35 -04:00
|
|
|
* the last invocation of the callback. But returning an error
|
|
|
|
* from the callback does not abort the edit operation, so we
|
|
|
|
* must remember any error.
|
|
|
|
*/
|
|
|
|
gpg_error_t err;
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/// Parameters specific to the key operation
|
2009-05-23 13:40:35 -04:00
|
|
|
void *oParams;
|
|
|
|
|
|
|
|
EditParams(int state, void *oParams) {
|
|
|
|
this->state = state;
|
|
|
|
this->err = gpgme_error(GPG_ERR_NO_ERROR);
|
|
|
|
this->oParams = oParams;
|
|
|
|
}
|
|
|
|
|
|
|
|
};
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/*!
|
|
|
|
* Data specific to key signing
|
|
|
|
**/
|
2009-05-23 13:40:35 -04:00
|
|
|
class SignParams
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
|
2010-01-13 16:06:53 -05:00
|
|
|
std::string checkLvl;
|
|
|
|
|
|
|
|
SignParams(std::string checkLvl) {
|
|
|
|
this->checkLvl = checkLvl;
|
2009-05-23 13:40:35 -04:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2010-04-14 18:25:13 -04:00
|
|
|
/*!
|
|
|
|
* Data specific to key signing
|
|
|
|
**/
|
2010-01-13 16:14:49 -05:00
|
|
|
class TrustParams
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
|
|
|
|
std::string trustLvl;
|
|
|
|
|
|
|
|
TrustParams(std::string trustLvl) {
|
|
|
|
this->trustLvl = trustLvl;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2009-05-23 13:40:35 -04:00
|
|
|
#endif
|