2012-04-08 10:52:01 -04:00
|
|
|
#pragma once
|
|
|
|
|
2012-03-26 17:17:04 -04:00
|
|
|
// This class implements an abstract pgp handler to be used in RetroShare.
|
|
|
|
//
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <string>
|
|
|
|
#include <list>
|
2012-04-01 08:52:15 -04:00
|
|
|
#include <map>
|
2012-04-09 13:03:47 -04:00
|
|
|
#include <set>
|
2012-03-26 17:17:04 -04:00
|
|
|
#include <util/rsthreads.h>
|
2014-03-17 16:56:06 -04:00
|
|
|
#include <retroshare/rstypes.h>
|
2012-03-26 17:17:04 -04:00
|
|
|
|
|
|
|
extern "C" {
|
|
|
|
#include <openpgpsdk/types.h>
|
|
|
|
#include <openpgpsdk/keyring.h>
|
2012-03-27 16:48:21 -04:00
|
|
|
#include <openpgpsdk/keyring_local.h>
|
2012-03-26 17:17:04 -04:00
|
|
|
}
|
|
|
|
|
2012-06-06 16:31:19 -04:00
|
|
|
typedef std::string (*PassphraseCallback)(void *data, const char *uid_hint, const char *passphrase_info, int prev_was_bad) ;
|
2012-04-04 15:27:07 -04:00
|
|
|
|
2012-04-09 13:03:47 -04:00
|
|
|
class PGPCertificateInfo
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
PGPCertificateInfo() {}
|
|
|
|
|
|
|
|
std::string _name;
|
|
|
|
std::string _email;
|
|
|
|
std::string _comment;
|
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
std::set<RsPgpId> signers;
|
2012-04-09 13:03:47 -04:00
|
|
|
|
|
|
|
uint32_t _trustLvl;
|
|
|
|
uint32_t _validLvl;
|
|
|
|
uint32_t _flags ;
|
2012-08-02 08:14:50 -04:00
|
|
|
uint32_t _type ;
|
2012-04-09 13:03:47 -04:00
|
|
|
|
2013-05-21 18:38:00 -04:00
|
|
|
mutable time_t _time_stamp ; // last time the key was used (received, used for signature verification, etc)
|
|
|
|
|
2012-04-09 13:03:47 -04:00
|
|
|
PGPFingerprintType _fpr; /* fingerprint */
|
2014-03-17 16:56:06 -04:00
|
|
|
// RsPgpId _key_id ;
|
2012-04-09 13:03:47 -04:00
|
|
|
|
|
|
|
uint32_t _key_index ; // index to array of keys in the public keyring
|
|
|
|
|
2012-06-14 16:13:31 -04:00
|
|
|
static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION = 0x0001 ;
|
|
|
|
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE = 0x0002 ;
|
|
|
|
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME = 0x0004 ;
|
|
|
|
static const uint32_t PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM = 0x0008 ; // set when the key is not RSA, so that RS avoids to use it.
|
2012-06-29 15:38:19 -04:00
|
|
|
|
|
|
|
static const uint8_t PGP_CERTIFICATE_TRUST_UNDEFINED = 0x00 ;
|
|
|
|
static const uint8_t PGP_CERTIFICATE_TRUST_NEVER = 0x02 ;
|
|
|
|
static const uint8_t PGP_CERTIFICATE_TRUST_MARGINALLY = 0x03 ;
|
|
|
|
static const uint8_t PGP_CERTIFICATE_TRUST_FULLY = 0x04 ;
|
|
|
|
static const uint8_t PGP_CERTIFICATE_TRUST_ULTIMATE = 0x05 ;
|
2012-08-02 08:14:50 -04:00
|
|
|
|
|
|
|
static const uint8_t PGP_CERTIFICATE_TYPE_UNKNOWN = 0x00 ;
|
|
|
|
static const uint8_t PGP_CERTIFICATE_TYPE_DSA = 0x01 ;
|
|
|
|
static const uint8_t PGP_CERTIFICATE_TYPE_RSA = 0x02 ;
|
2012-04-04 15:27:07 -04:00
|
|
|
};
|
2012-03-26 17:17:04 -04:00
|
|
|
|
|
|
|
class PGPHandler
|
|
|
|
{
|
|
|
|
public:
|
2012-06-20 17:59:04 -04:00
|
|
|
PGPHandler( const std::string& path_to_public_keyring,
|
|
|
|
const std::string& path_to_secret_keyring,
|
|
|
|
const std::string& path_to_trust_database,
|
|
|
|
const std::string& pgp_lock_file) ;
|
2012-03-26 17:17:04 -04:00
|
|
|
|
|
|
|
virtual ~PGPHandler() ;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param ids list of gpg certificate ids (note, not the actual certificates)
|
|
|
|
*/
|
2014-03-17 16:56:06 -04:00
|
|
|
bool getGPGFilteredList(std::list<RsPgpId>& list,bool (*filter)(const PGPCertificateInfo&) = NULL) const ;
|
|
|
|
bool haveSecretKey(const RsPgpId& id) const ;
|
2012-03-26 17:17:04 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
bool importGPGKeyPair(const std::string& filename,RsPgpId& imported_id,std::string& import_error) ;
|
|
|
|
bool exportGPGKeyPair(const std::string& filename,const RsPgpId& exported_id) const ;
|
2012-07-10 17:40:53 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
bool availableGPGCertificatesWithPrivateKeys(std::list<RsPgpId>& ids);
|
|
|
|
bool GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId& pgpId, std::string& errString) ;
|
2012-03-26 17:17:04 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
bool LoadCertificateFromString(const std::string& pem, RsPgpId& gpg_id, std::string& error_string);
|
2012-08-13 15:37:50 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
std::string SaveCertificateToString(const RsPgpId& id,bool include_signatures) const ;
|
|
|
|
bool exportPublicKey(const RsPgpId& id,unsigned char *& mem,size_t& mem_size,bool armoured,bool include_signatures) const ;
|
2012-03-26 17:17:04 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
bool SignDataBin(const RsPgpId& id,const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen,bool make_raw_signature=false) ;
|
2012-04-04 15:27:07 -04:00
|
|
|
bool VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& withfingerprint) ;
|
2014-03-17 16:56:06 -04:00
|
|
|
bool privateSignCertificate(const RsPgpId& own_id,const RsPgpId& id_of_key_to_sign) ;
|
2012-04-04 15:27:07 -04:00
|
|
|
|
2013-04-18 17:41:13 -04:00
|
|
|
// The client should supply a memory chunk to store the data. The length will be updated to the real length of the data.
|
|
|
|
//
|
2014-03-17 16:56:06 -04:00
|
|
|
bool encryptDataBin(const RsPgpId& key_id,const void *data, const uint32_t len, unsigned char *encrypted_data, unsigned int *encrypted_data_len) ;
|
|
|
|
bool decryptDataBin(const RsPgpId& key_id,const void *data, const uint32_t len, unsigned char *decrypted_data, unsigned int *decrypted_data_len) ;
|
2013-04-10 16:28:13 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
bool encryptTextToFile(const RsPgpId& key_id,const std::string& text,const std::string& outfile) ;
|
|
|
|
bool decryptTextFromFile(const RsPgpId& key_id,std::string& text,const std::string& encrypted_inputfile) ;
|
|
|
|
//bool encryptTextToString(const RsPgpId& key_id,const std::string& text,std::string& outstring) ;
|
|
|
|
//bool decryptTextFromString(const RsPgpId& key_id,const std::string& encrypted_text,std::string& outstring) ;
|
2012-04-08 10:52:01 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
bool getKeyFingerprint(const RsPgpId& id,PGPFingerprintType& fp) const ;
|
|
|
|
void setAcceptConnexion(const RsPgpId&,bool) ;
|
2013-06-09 09:09:36 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
void updateOwnSignatureFlag(const RsPgpId& ownId) ;
|
|
|
|
void updateOwnSignatureFlag(const RsPgpId& pgp_id,const RsPgpId& ownId) ;
|
2013-06-09 09:09:36 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
void locked_updateOwnSignatureFlag(PGPCertificateInfo&, const RsPgpId&, PGPCertificateInfo&, const RsPgpId&) ;
|
2012-04-09 13:03:47 -04:00
|
|
|
|
2013-05-29 17:32:02 -04:00
|
|
|
// Removes the given keys from the keyring. Also backup the keyring to a file which name is automatically generated
|
|
|
|
// and given pack for proper display.
|
|
|
|
//
|
2014-03-17 16:56:06 -04:00
|
|
|
bool removeKeysFromPGPKeyring(const std::list<RsPgpId>& key_ids,std::string& backup_file,uint32_t& error_code) ;
|
2013-05-29 17:32:02 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
//bool isKeySupported(const RsPgpId& id) const ;
|
2012-06-14 16:13:31 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
bool privateTrustCertificate(const RsPgpId& id,int valid_level) ;
|
2012-06-20 17:59:04 -04:00
|
|
|
|
2012-05-01 14:45:24 -04:00
|
|
|
// Write keyring
|
|
|
|
|
2012-07-05 18:25:46 -04:00
|
|
|
//bool writeSecretKeyring() ;
|
|
|
|
//bool writePublicKeyring() ;
|
2012-04-09 13:03:47 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
const PGPCertificateInfo *getCertificateInfo(const RsPgpId& id) const ;
|
2012-04-09 13:03:47 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
bool isGPGId(const RsPgpId &id);
|
|
|
|
bool isGPGSigned(const RsPgpId &id);
|
|
|
|
bool isGPGAccepted(const RsPgpId &id);
|
2012-03-26 17:17:04 -04:00
|
|
|
|
2012-05-01 04:53:32 -04:00
|
|
|
static void setPassphraseCallback(PassphraseCallback cb) ;
|
|
|
|
static PassphraseCallback passphraseCallback() { return _passphrase_callback ; }
|
2012-06-12 16:31:13 -04:00
|
|
|
|
2012-08-13 15:37:50 -04:00
|
|
|
// Gets info about the key. Who are the signers, what's the owner's name, etc.
|
|
|
|
//
|
2014-03-17 16:56:06 -04:00
|
|
|
bool getGPGDetailsFromBinaryBlock(const unsigned char *mem,size_t mem_size,RsPgpId& key_id, std::string& name, std::list<RsPgpId>& signers) const ;
|
2012-08-13 15:37:50 -04:00
|
|
|
|
2012-06-12 16:31:13 -04:00
|
|
|
// Debug stuff.
|
|
|
|
virtual bool printKeys() const ;
|
|
|
|
|
2012-06-29 15:38:19 -04:00
|
|
|
// Syncs the keyrings and trust database between memory and disk. The algorithm is:
|
|
|
|
// 1 - lock the keyrings
|
|
|
|
// 2 - compare file modification dates with last writing date
|
|
|
|
// - if file is modified, load it, and merge with memory
|
|
|
|
// 3 - look into memory modification flags
|
|
|
|
// - if flag says keyring has changed, write to disk
|
|
|
|
//
|
|
|
|
bool syncDatabase() ;
|
|
|
|
|
2012-03-26 17:17:04 -04:00
|
|
|
private:
|
2012-04-09 13:03:47 -04:00
|
|
|
void initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t i) ;
|
2012-07-02 16:46:14 -04:00
|
|
|
|
|
|
|
// Returns true if the signatures have been updated
|
|
|
|
//
|
|
|
|
bool validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata) ;
|
2012-04-09 13:03:47 -04:00
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
const ops_keydata_t *locked_getPublicKey(const RsPgpId&,bool stamp_the_key) const;
|
|
|
|
const ops_keydata_t *locked_getSecretKey(const RsPgpId&) const ;
|
2012-03-29 17:51:37 -04:00
|
|
|
|
2012-06-20 17:59:04 -04:00
|
|
|
void locked_readPrivateTrustDatabase() ;
|
2012-06-29 15:38:19 -04:00
|
|
|
bool locked_writePrivateTrustDatabase() ;
|
|
|
|
|
|
|
|
bool locked_syncPublicKeyring() ;
|
|
|
|
bool locked_syncTrustDatabase() ;
|
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
void locked_mergeKeyringFromDisk(ops_keyring_t *keyring, std::map<RsPgpId,PGPCertificateInfo>& kmap, const std::string& keyring_file) ;
|
|
|
|
bool locked_addOrMergeKey(ops_keyring_t *keyring,std::map<RsPgpId,PGPCertificateInfo>& kmap,const ops_keydata_t *keydata) ;
|
2012-06-20 17:59:04 -04:00
|
|
|
|
2012-05-01 14:45:24 -04:00
|
|
|
// Members.
|
|
|
|
//
|
2012-07-05 18:25:46 -04:00
|
|
|
mutable RsMutex pgphandlerMtx ;
|
2012-03-26 17:17:04 -04:00
|
|
|
|
|
|
|
ops_keyring_t *_pubring ;
|
|
|
|
ops_keyring_t *_secring ;
|
|
|
|
|
2014-03-17 16:56:06 -04:00
|
|
|
std::map<RsPgpId,PGPCertificateInfo> _public_keyring_map ; // used for fast access to keys. Gives the index in the keyring.
|
|
|
|
std::map<RsPgpId,PGPCertificateInfo> _secret_keyring_map ;
|
2012-04-01 08:52:15 -04:00
|
|
|
|
2012-03-26 17:17:04 -04:00
|
|
|
const std::string _pubring_path ;
|
|
|
|
const std::string _secring_path ;
|
2012-06-20 17:59:04 -04:00
|
|
|
const std::string _trustdb_path ;
|
2012-06-12 16:31:13 -04:00
|
|
|
const std::string _pgp_lock_filename ;
|
|
|
|
|
|
|
|
bool _pubring_changed ;
|
2013-05-21 18:38:00 -04:00
|
|
|
mutable bool _trustdb_changed ;
|
2012-04-01 08:52:15 -04:00
|
|
|
|
2012-06-29 15:38:19 -04:00
|
|
|
time_t _pubring_last_update_time ;
|
|
|
|
time_t _secring_last_update_time ;
|
|
|
|
time_t _trustdb_last_update_time ;
|
|
|
|
|
2012-05-01 14:45:24 -04:00
|
|
|
// Helper functions.
|
|
|
|
//
|
2012-08-13 15:37:50 -04:00
|
|
|
static std::string makeRadixEncodedPGPKey(const ops_keydata_t *key,bool include_signatures) ;
|
2012-05-01 14:45:24 -04:00
|
|
|
static ops_keyring_t *allocateOPSKeyring() ;
|
|
|
|
static void addNewKeyToOPSKeyring(ops_keyring_t*, const ops_keydata_t&) ;
|
2012-05-01 04:53:32 -04:00
|
|
|
static PassphraseCallback _passphrase_callback ;
|
2012-06-15 17:58:46 -04:00
|
|
|
static bool mergeKeySignatures(ops_keydata_t *dst,const ops_keydata_t *src) ; // returns true if signature lists are different
|
2012-03-26 17:17:04 -04:00
|
|
|
};
|
2012-04-01 08:52:15 -04:00
|
|
|
|