mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-10-01 02:35:48 -04:00
- added key signatures (not fully debugged yet)
- added locks to prevent concurrent access to PGPHandler - added output of unverified signatures git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5275 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler
parent
139ab68a4a
commit
444602e8e6
@ -79,6 +79,8 @@ void PGPHandler::setPassphraseCallback(PassphraseCallback cb)
|
||||
PGPHandler::PGPHandler(const std::string& pubring, const std::string& secring,const std::string& trustdb,const std::string& pgp_lock_filename)
|
||||
: pgphandlerMtx(std::string("PGPHandler")), _pubring_path(pubring),_secring_path(secring),_trustdb_path(trustdb),_pgp_lock_filename(pgp_lock_filename)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
|
||||
_pubring_changed = false ;
|
||||
_trustdb_changed = false ;
|
||||
|
||||
@ -232,6 +234,7 @@ bool PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_
|
||||
|
||||
PGPHandler::~PGPHandler()
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
#ifdef DEBUG_PGPHANDLER
|
||||
std::cerr << "Freeing PGPHandler. Deleting keyrings." << std::endl;
|
||||
#endif
|
||||
@ -284,6 +287,8 @@ bool PGPHandler::printKeys() const
|
||||
|
||||
const PGPCertificateInfo *PGPHandler::getCertificateInfo(const PGPIdType& id) const
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
|
||||
std::map<std::string,PGPCertificateInfo>::const_iterator it( _public_keyring_map.find(id.toStdString()) ) ;
|
||||
|
||||
if(it != _public_keyring_map.end())
|
||||
@ -294,6 +299,7 @@ const PGPCertificateInfo *PGPHandler::getCertificateInfo(const PGPIdType& id) co
|
||||
|
||||
bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& ids)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
// go through secret keyring, and check that we have the pubkey as well.
|
||||
//
|
||||
|
||||
@ -316,6 +322,7 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& i
|
||||
|
||||
bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passphrase, PGPIdType& pgpId, std::string& errString)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
RsStackFileLock flck(_pgp_lock_filename) ; // lock access to PGP directory.
|
||||
|
||||
static const int KEY_NUMBITS = 2048 ;
|
||||
@ -453,6 +460,7 @@ const ops_keydata_t *PGPHandler::getPublicKey(const PGPIdType& id) const
|
||||
|
||||
std::string PGPHandler::SaveCertificateToString(const PGPIdType& id,bool include_signatures)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
const ops_keydata_t *key = getPublicKey(id) ;
|
||||
|
||||
if(key == NULL)
|
||||
@ -474,6 +482,7 @@ void PGPHandler::addNewKeyToOPSKeyring(ops_keyring_t *kr,const ops_keydata_t& ke
|
||||
|
||||
bool PGPHandler::LoadCertificateFromString(const std::string& pgp_cert,PGPIdType& id,std::string& error_string)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
#ifdef DEBUG_PGPHANDLER
|
||||
std::cerr << "Reading new key from string: " << std::endl;
|
||||
#endif
|
||||
@ -580,6 +589,8 @@ bool PGPHandler::addOrMergeKey(ops_keyring_t *keyring,std::map<std::string,PGPCe
|
||||
|
||||
bool PGPHandler::encryptTextToFile(const PGPIdType& key_id,const std::string& text,const std::string& outfile)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
|
||||
ops_create_info_t *info;
|
||||
int fd = ops_setup_file_write(&info, outfile.c_str(), ops_true);
|
||||
|
||||
@ -612,6 +623,8 @@ bool PGPHandler::encryptTextToFile(const PGPIdType& key_id,const std::string& te
|
||||
|
||||
bool PGPHandler::decryptTextFromFile(const PGPIdType& key_id,std::string& text,const std::string& inputfile)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
|
||||
unsigned char *out_buf = NULL ;
|
||||
std::string buf ;
|
||||
|
||||
@ -643,6 +656,7 @@ bool PGPHandler::decryptTextFromFile(const PGPIdType& key_id,std::string& text,c
|
||||
|
||||
bool PGPHandler::SignDataBin(const PGPIdType& id,const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
// need to find the key and to decrypt it.
|
||||
|
||||
const ops_keydata_t *key = getSecretKey(id) ;
|
||||
@ -683,8 +697,63 @@ bool PGPHandler::SignDataBin(const PGPIdType& id,const void *data, const uint32_
|
||||
return true ;
|
||||
}
|
||||
|
||||
bool PGPHandler::privateSignCertificate(const PGPIdType& ownId,const PGPIdType& id_of_key_to_sign)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
|
||||
ops_keydata_t *key_to_sign = const_cast<ops_keydata_t*>(getPublicKey(id_of_key_to_sign)) ;
|
||||
|
||||
if(key_to_sign == NULL)
|
||||
{
|
||||
std::cerr << "Cannot sign: no public key with id " << id_of_key_to_sign.toStdString() << std::endl;
|
||||
return false ;
|
||||
}
|
||||
|
||||
// 1 - get decrypted secret key
|
||||
//
|
||||
const ops_keydata_t *skey = getSecretKey(ownId) ;
|
||||
|
||||
if(!skey)
|
||||
{
|
||||
std::cerr << "Cannot sign: no secret key with id " << ownId.toStdString() << std::endl;
|
||||
return false ;
|
||||
}
|
||||
const ops_keydata_t *pkey = getPublicKey(ownId) ;
|
||||
|
||||
if(!pkey)
|
||||
{
|
||||
std::cerr << "Cannot sign: no public key with id " << ownId.toStdString() << std::endl;
|
||||
return false ;
|
||||
}
|
||||
|
||||
std::string passphrase = _passphrase_callback(NULL,PGPIdType(skey->key_id).toStdString().c_str(),"Please enter passwd for encrypting your key : ",false) ;
|
||||
|
||||
ops_secret_key_t *secret_key = ops_decrypt_secret_key_from_data(skey,passphrase.c_str()) ;
|
||||
|
||||
if(!secret_key)
|
||||
{
|
||||
std::cerr << "Key decryption went wrong. Wrong passwd?" << std::endl;
|
||||
return false ;
|
||||
}
|
||||
|
||||
// 2 - then do the signature.
|
||||
|
||||
bool ret = ops_sign_key(key_to_sign,&pkey->uids[0],pkey->key_id,secret_key) ;
|
||||
|
||||
// 3 - free memory
|
||||
//
|
||||
ops_secret_key_free(secret_key) ;
|
||||
free(secret_key) ;
|
||||
|
||||
_pubring_changed = true ;
|
||||
|
||||
return true ;
|
||||
}
|
||||
|
||||
bool PGPHandler::getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
|
||||
const ops_keydata_t *key = getPublicKey(id) ;
|
||||
|
||||
if(key == NULL)
|
||||
@ -700,6 +769,8 @@ bool PGPHandler::getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) c
|
||||
|
||||
bool PGPHandler::VerifySignBin(const void *literal_data, uint32_t literal_data_length, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& key_fingerprint)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
|
||||
PGPIdType id = PGPIdType(key_fingerprint.toByteArray() + PGPFingerprintType::SIZE_IN_BYTES - PGPIdType::SIZE_IN_BYTES) ;
|
||||
const ops_keydata_t *key = getPublicKey(id) ;
|
||||
|
||||
@ -729,6 +800,8 @@ bool PGPHandler::VerifySignBin(const void *literal_data, uint32_t literal_data_l
|
||||
|
||||
void PGPHandler::setAcceptConnexion(const PGPIdType& id,bool b)
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
|
||||
std::map<std::string,PGPCertificateInfo>::iterator res = _public_keyring_map.find(id.toStdString()) ;
|
||||
|
||||
if(res != _public_keyring_map.end())
|
||||
@ -742,6 +815,7 @@ void PGPHandler::setAcceptConnexion(const PGPIdType& id,bool b)
|
||||
|
||||
bool PGPHandler::getGPGFilteredList(std::list<PGPIdType>& list,bool (*filter)(const PGPCertificateInfo&)) const
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP directory.
|
||||
list.clear() ;
|
||||
|
||||
for(std::map<std::string,PGPCertificateInfo>::const_iterator it(_public_keyring_map.begin());it!=_public_keyring_map.end();++it)
|
||||
@ -933,6 +1007,7 @@ bool PGPHandler::locked_writePrivateTrustDatabase()
|
||||
|
||||
bool PGPHandler::syncDatabase()
|
||||
{
|
||||
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
|
||||
RsStackFileLock flck(_pgp_lock_filename) ; // lock access to PGP directory.
|
||||
|
||||
#ifdef DEBUG_PGPHANDLER
|
||||
@ -975,7 +1050,7 @@ bool PGPHandler::locked_syncPublicKeyring()
|
||||
if(_pubring_changed)
|
||||
{
|
||||
std::cerr << "Local changes in public keyring. Writing to disk..." << std::endl;
|
||||
if(!ops_write_keyring_to_file(_pubring,ops_false,_pubring_path.c_str()))
|
||||
if(!ops_write_keyring_to_file(_pubring,ops_false,_pubring_path.c_str(),ops_true))
|
||||
std::cerr << "Cannot write public keyring. Disk full? Disk quota exceeded?" << std::endl;
|
||||
else
|
||||
{
|
||||
|
||||
@ -77,10 +77,9 @@ class PGPHandler
|
||||
bool LoadCertificateFromString(const std::string& pem, PGPIdType& gpg_id, std::string& error_string);
|
||||
std::string SaveCertificateToString(const PGPIdType& id,bool include_signatures) ;
|
||||
|
||||
bool TrustCertificate(const PGPIdType& id, int trustlvl);
|
||||
|
||||
bool SignDataBin(const PGPIdType& id,const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen) ;
|
||||
bool VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& withfingerprint) ;
|
||||
bool privateSignCertificate(const PGPIdType& own_id,const PGPIdType& id_of_key_to_sign) ;
|
||||
|
||||
bool encryptTextToFile(const PGPIdType& key_id,const std::string& text,const std::string& outfile) ;
|
||||
bool decryptTextFromFile(const PGPIdType& key_id,std::string& text,const std::string& inputfile) ;
|
||||
@ -88,14 +87,14 @@ class PGPHandler
|
||||
bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ;
|
||||
void setAcceptConnexion(const PGPIdType&,bool) ;
|
||||
|
||||
bool isKeySupported(const PGPIdType& id) const ;
|
||||
//bool isKeySupported(const PGPIdType& id) const ;
|
||||
|
||||
bool privateTrustCertificate(const PGPIdType& id,int valid_level) ;
|
||||
|
||||
// Write keyring
|
||||
|
||||
bool writeSecretKeyring() ;
|
||||
bool writePublicKeyring() ;
|
||||
//bool writeSecretKeyring() ;
|
||||
//bool writePublicKeyring() ;
|
||||
|
||||
const PGPCertificateInfo *getCertificateInfo(const PGPIdType& id) const ;
|
||||
|
||||
@ -139,7 +138,7 @@ class PGPHandler
|
||||
|
||||
// Members.
|
||||
//
|
||||
RsMutex pgphandlerMtx ;
|
||||
mutable RsMutex pgphandlerMtx ;
|
||||
|
||||
ops_keyring_t *_pubring ;
|
||||
ops_keyring_t *_secring ;
|
||||
|
||||
@ -642,7 +642,7 @@ bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *s
|
||||
|
||||
int AuthGPG::privateSignCertificate(const std::string &id)
|
||||
{
|
||||
std::cerr << __PRETTY_FUNCTION__ << ": To be implemented." << std::endl;
|
||||
return PGPHandler::privateSignCertificate(mOwnGpgId,PGPIdType(id)) ;
|
||||
|
||||
// /* The key should be in Others list and not in Peers list ??
|
||||
// * Once the key is signed, it moves from Others to Peers list ???
|
||||
@ -696,8 +696,6 @@ int AuthGPG::privateSignCertificate(const std::string &id)
|
||||
//
|
||||
// gpgme_data_release(out);
|
||||
// gpgme_signers_clear(CTX);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* revoke the signature on Certificate */
|
||||
|
||||
@ -606,6 +606,59 @@ ops_boolean_t ops_add_selfsigned_userid_to_keydata(ops_keydata_t* keydata, ops_u
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup Core_Keys
|
||||
\brief Add signature to given key
|
||||
\return ops_true if OK; else ops_false
|
||||
*/
|
||||
ops_boolean_t ops_sign_key(ops_keydata_t* keydata, ops_user_id_t* userid,const unsigned char *signers_key_id,ops_secret_key_t *signers_key)
|
||||
{
|
||||
/* ops_memory_t* mem_userid=NULL; */
|
||||
ops_create_info_t* cinfo_userid=NULL;
|
||||
|
||||
ops_memory_t* mem_sig=NULL;
|
||||
ops_create_info_t* cinfo_sig=NULL;
|
||||
|
||||
ops_create_signature_t *sig=NULL;
|
||||
|
||||
/*
|
||||
* create signature packet for this userid
|
||||
*/
|
||||
|
||||
// create userid pkt
|
||||
/* ops_setup_memory_write(&cinfo_userid, &mem_userid, 128); */
|
||||
/* ops_write_struct_user_id(userid, cinfo_userid); */
|
||||
|
||||
// create sig for this pkt
|
||||
|
||||
sig=ops_create_signature_new();
|
||||
ops_signature_start_key_signature(sig, &keydata->key.skey.public_key, userid, OPS_CERT_POSITIVE);
|
||||
ops_signature_add_creation_time(sig,time(NULL));
|
||||
ops_signature_add_issuer_key_id(sig,signers_key_id);
|
||||
/* ops_signature_add_primary_user_id(sig, ops_true); */
|
||||
ops_signature_hashed_subpackets_end(sig);
|
||||
|
||||
ops_setup_memory_write(&cinfo_sig, &mem_sig, 128);
|
||||
ops_write_signature(sig,&signers_key->public_key,signers_key, cinfo_sig);
|
||||
|
||||
// add this packet to keydata
|
||||
|
||||
ops_packet_t sigpacket;
|
||||
sigpacket.length=ops_memory_get_length(mem_sig);
|
||||
sigpacket.raw=ops_memory_get_data(mem_sig);
|
||||
|
||||
// add userid to keydata
|
||||
ops_add_signed_userid_to_keydata(keydata, userid, &sigpacket);
|
||||
|
||||
// cleanup
|
||||
ops_create_signature_delete(sig);
|
||||
/* ops_create_info_delete(cinfo_userid); */
|
||||
ops_create_info_delete(cinfo_sig);
|
||||
/* ops_memory_free(mem_userid);*/
|
||||
ops_memory_free(mem_sig);
|
||||
|
||||
return ops_true;
|
||||
}
|
||||
/**
|
||||
\ingroup Core_Keys
|
||||
\brief Initialise ops_keydata_t
|
||||
@ -987,7 +1040,7 @@ cb_keyring_read(const ops_parser_content_t *content_,
|
||||
\return ops_true is anything when ok
|
||||
*/
|
||||
|
||||
ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename)
|
||||
ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename,ops_boolean_t write_all_packets)
|
||||
{
|
||||
ops_create_info_t *info;
|
||||
int fd = ops_setup_file_write(&info, filename, ops_true);
|
||||
@ -1001,7 +1054,10 @@ ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean
|
||||
int i;
|
||||
for(i=0;i<keyring->nkeys;++i)
|
||||
if(keyring->keys[i].key.pkey.algorithm == OPS_PKA_RSA)
|
||||
ops_write_transferable_public_key(&keyring->keys[i],armoured,info) ;
|
||||
if(write_all_packets)
|
||||
ops_write_transferable_public_key_from_packet_data(&keyring->keys[i],armoured,info) ;
|
||||
else
|
||||
ops_write_transferable_public_key(&keyring->keys[i],armoured,info) ;
|
||||
else
|
||||
{
|
||||
fprintf(stdout, "ops_write_keyring: not writing key. Algorithm not handled: ") ;
|
||||
|
||||
@ -63,7 +63,7 @@ ops_secret_key_t *ops_decrypt_secret_key_from_data(const ops_keydata_t *key,
|
||||
|
||||
ops_boolean_t ops_keyring_read_from_file(ops_keyring_t *keyring, const ops_boolean_t armour, const char *filename);
|
||||
ops_boolean_t ops_keyring_read_from_mem(ops_keyring_t *keyring, const ops_boolean_t armour, ops_memory_t *mem);
|
||||
ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename);
|
||||
ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename,ops_boolean_t write_all_packets);
|
||||
|
||||
char *ops_malloc_passphrase(char *passphrase);
|
||||
char *ops_get_passphrase(void);
|
||||
@ -83,6 +83,7 @@ ops_packet_t* ops_add_packet_to_keydata(ops_keydata_t* keydata, const ops_packet
|
||||
void ops_add_signed_userid_to_keydata(ops_keydata_t* keydata, const ops_user_id_t* userid, const ops_packet_t* packet);
|
||||
|
||||
ops_boolean_t ops_add_selfsigned_userid_to_keydata(ops_keydata_t* keydata, ops_user_id_t* userid);
|
||||
ops_boolean_t ops_sign_key(ops_keydata_t* keydata_to_sign, ops_user_id_t* userid,const unsigned char *signers_key_id,ops_secret_key_t *signers_key);
|
||||
|
||||
ops_keydata_t *ops_keydata_new(void);
|
||||
void ops_keydata_init(ops_keydata_t* keydata, const ops_content_tag_t type);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user