- added key signatures (not fully debugged yet)

- added locks to prevent concurrent access to PGPHandler
- added output of unverified signatures



git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5275 b45a01b8-16f6-495d-af2f-9b41ad6348cc

libretroshare/src/pgp/pgphandler.cc

@@ -79,6 +79,8 @@ void PGPHandler::setPassphraseCallback(PassphraseCallback cb)
 PGPHandler::PGPHandler(const std::string& pubring, const std::string& secring,const std::string& trustdb,const std::string& pgp_lock_filename)
 	: pgphandlerMtx(std::string("PGPHandler")), _pubring_path(pubring),_secring_path(secring),_trustdb_path(trustdb),_pgp_lock_filename(pgp_lock_filename)
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+
 	_pubring_changed = false ;
 	_trustdb_changed = false ;
 
@@ -232,6 +234,7 @@ bool PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_
 
 PGPHandler::~PGPHandler()
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
 #ifdef DEBUG_PGPHANDLER
 	std::cerr << "Freeing PGPHandler. Deleting keyrings." << std::endl;
 #endif
@@ -284,6 +287,8 @@ bool PGPHandler::printKeys() const
 
 const PGPCertificateInfo *PGPHandler::getCertificateInfo(const PGPIdType& id) const
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+
 	std::map<std::string,PGPCertificateInfo>::const_iterator it( _public_keyring_map.find(id.toStdString()) ) ;
 
 	if(it != _public_keyring_map.end())
@@ -294,6 +299,7 @@ const PGPCertificateInfo *PGPHandler::getCertificateInfo(const PGPIdType& id) co
 
 bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& ids)
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
 	// go through secret keyring, and check that we have the pubkey as well.
 	//
 	
@@ -316,6 +322,7 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& i
 
 bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passphrase, PGPIdType& pgpId, std::string& errString) 
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
 	RsStackFileLock flck(_pgp_lock_filename) ;	// lock access to PGP directory.
 
 	static const int KEY_NUMBITS = 2048 ;
@@ -453,6 +460,7 @@ const ops_keydata_t *PGPHandler::getPublicKey(const PGPIdType& id) const
 
 std::string PGPHandler::SaveCertificateToString(const PGPIdType& id,bool include_signatures)
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
 	const ops_keydata_t *key = getPublicKey(id) ;
 
 	if(key == NULL)
@@ -474,6 +482,7 @@ void PGPHandler::addNewKeyToOPSKeyring(ops_keyring_t *kr,const ops_keydata_t& ke
 
 bool PGPHandler::LoadCertificateFromString(const std::string& pgp_cert,PGPIdType& id,std::string& error_string)
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
 #ifdef DEBUG_PGPHANDLER
 	std::cerr << "Reading new key from string: " << std::endl;
 #endif
@@ -580,6 +589,8 @@ bool PGPHandler::addOrMergeKey(ops_keyring_t *keyring,std::map<std::string,PGPCe
 
 bool PGPHandler::encryptTextToFile(const PGPIdType& key_id,const std::string& text,const std::string& outfile) 
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+
 	ops_create_info_t *info;
 	int fd = ops_setup_file_write(&info, outfile.c_str(), ops_true);
 
@@ -612,6 +623,8 @@ bool PGPHandler::encryptTextToFile(const PGPIdType& key_id,const std::string& te
 
 bool PGPHandler::decryptTextFromFile(const PGPIdType& key_id,std::string& text,const std::string& inputfile) 
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+
 	unsigned char *out_buf = NULL ;
 	std::string buf ;
 
@@ -643,6 +656,7 @@ bool PGPHandler::decryptTextFromFile(const PGPIdType& key_id,std::string& text,c
 
 bool PGPHandler::SignDataBin(const PGPIdType& id,const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen)
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
 	// need to find the key and to decrypt it.
 	
 	const ops_keydata_t *key = getSecretKey(id) ;
@@ -683,8 +697,63 @@ bool PGPHandler::SignDataBin(const PGPIdType& id,const void *data, const uint32_
 	return true ;
 }
 
+bool PGPHandler::privateSignCertificate(const PGPIdType& ownId,const PGPIdType& id_of_key_to_sign) 
+{
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+
+	ops_keydata_t *key_to_sign = const_cast<ops_keydata_t*>(getPublicKey(id_of_key_to_sign)) ;
+
+	if(key_to_sign == NULL)
+	{
+		std::cerr << "Cannot sign: no public key with id " << id_of_key_to_sign.toStdString() << std::endl;
+		return false ;
+	}
+
+	// 1 - get decrypted secret key
+	//
+	const ops_keydata_t *skey = getSecretKey(ownId) ;
+
+	if(!skey)
+	{
+		std::cerr << "Cannot sign: no secret key with id " << ownId.toStdString() << std::endl;
+		return false ;
+	}
+	const ops_keydata_t *pkey = getPublicKey(ownId) ;
+
+	if(!pkey)
+	{
+		std::cerr << "Cannot sign: no public key with id " << ownId.toStdString() << std::endl;
+		return false ;
+	}
+
+	std::string passphrase = _passphrase_callback(NULL,PGPIdType(skey->key_id).toStdString().c_str(),"Please enter passwd for encrypting your key : ",false) ;
+
+	ops_secret_key_t *secret_key = ops_decrypt_secret_key_from_data(skey,passphrase.c_str()) ;
+
+	if(!secret_key)
+	{
+		std::cerr << "Key decryption went wrong. Wrong passwd?" << std::endl;
+		return false ;
+	}
+
+	// 2 - then do the signature.
+
+	bool ret = ops_sign_key(key_to_sign,&pkey->uids[0],pkey->key_id,secret_key) ;
+
+	// 3 - free memory
+	//
+	ops_secret_key_free(secret_key) ;
+	free(secret_key) ;
+
+	_pubring_changed = true ;
+
+	return true ;
+}
+
 bool PGPHandler::getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+
 	const ops_keydata_t *key = getPublicKey(id) ;
 
 	if(key == NULL)
@@ -700,6 +769,8 @@ bool PGPHandler::getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) c
 
 bool PGPHandler::VerifySignBin(const void *literal_data, uint32_t literal_data_length, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& key_fingerprint)
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+
 	PGPIdType id = PGPIdType(key_fingerprint.toByteArray() + PGPFingerprintType::SIZE_IN_BYTES - PGPIdType::SIZE_IN_BYTES) ;
 	const ops_keydata_t *key = getPublicKey(id) ;
 
@@ -729,6 +800,8 @@ bool PGPHandler::VerifySignBin(const void *literal_data, uint32_t literal_data_l
 
 void PGPHandler::setAcceptConnexion(const PGPIdType& id,bool b)
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+
 	std::map<std::string,PGPCertificateInfo>::iterator res = _public_keyring_map.find(id.toStdString()) ;
 
 	if(res != _public_keyring_map.end())
@@ -742,6 +815,7 @@ void PGPHandler::setAcceptConnexion(const PGPIdType& id,bool b)
 
 bool PGPHandler::getGPGFilteredList(std::list<PGPIdType>& list,bool (*filter)(const PGPCertificateInfo&)) const
 {
+	RsStackMutex mtx(pgphandlerMtx) ;	// lock access to PGP directory.
 	list.clear() ;
 
 	for(std::map<std::string,PGPCertificateInfo>::const_iterator it(_public_keyring_map.begin());it!=_public_keyring_map.end();++it)
@@ -933,6 +1007,7 @@ bool PGPHandler::locked_writePrivateTrustDatabase()
 
 bool PGPHandler::syncDatabase()
 {
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
 	RsStackFileLock flck(_pgp_lock_filename) ;	// lock access to PGP directory.
 
 #ifdef DEBUG_PGPHANDLER
@@ -975,7 +1050,7 @@ bool PGPHandler::locked_syncPublicKeyring()
 	if(_pubring_changed)
 	{
 		std::cerr << "Local changes in public keyring. Writing to disk..." << std::endl;
-		if(!ops_write_keyring_to_file(_pubring,ops_false,_pubring_path.c_str())) 
+		if(!ops_write_keyring_to_file(_pubring,ops_false,_pubring_path.c_str(),ops_true)) 
 			std::cerr << "Cannot write public keyring. Disk full? Disk quota exceeded?" << std::endl;
 		else
 		{

libretroshare/src/pgp/pgphandler.h

@@ -77,10 +77,9 @@ class PGPHandler
 		bool LoadCertificateFromString(const std::string& pem, PGPIdType& gpg_id, std::string& error_string);
 		std::string SaveCertificateToString(const PGPIdType& id,bool include_signatures) ;
 
-		bool TrustCertificate(const PGPIdType& id, int trustlvl);
-
 		bool SignDataBin(const PGPIdType& id,const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen) ;
 		bool VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& withfingerprint) ;
+		bool privateSignCertificate(const PGPIdType& own_id,const PGPIdType& id_of_key_to_sign) ;
 
 		bool encryptTextToFile(const PGPIdType& key_id,const std::string& text,const std::string& outfile) ;
 		bool decryptTextFromFile(const PGPIdType& key_id,std::string& text,const std::string& inputfile) ;
@@ -88,14 +87,14 @@ class PGPHandler
 		bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ;
 		void setAcceptConnexion(const PGPIdType&,bool) ;
 
-		bool isKeySupported(const PGPIdType& id) const ;
+		//bool isKeySupported(const PGPIdType& id) const ;
 
 		bool privateTrustCertificate(const PGPIdType& id,int valid_level) ;	
 
 		// Write keyring
 
-		bool writeSecretKeyring() ;
+		//bool writeSecretKeyring() ;
-		bool writePublicKeyring() ;
+		//bool writePublicKeyring() ;
 
 		const PGPCertificateInfo *getCertificateInfo(const PGPIdType& id) const ;
 
@@ -139,7 +138,7 @@ class PGPHandler
 
 		// Members.
 		//
-		RsMutex pgphandlerMtx ;
+		mutable RsMutex pgphandlerMtx ;
 
 		ops_keyring_t *_pubring ;
 		ops_keyring_t *_secring ;

libretroshare/src/pqi/authgpg.cc

@@ -642,7 +642,7 @@ bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *s
 
 int	AuthGPG::privateSignCertificate(const std::string &id)
 {
-	std::cerr << __PRETTY_FUNCTION__ << ": To be implemented." << std::endl;
+	return PGPHandler::privateSignCertificate(mOwnGpgId,PGPIdType(id)) ;
 
 //	/* The key should be in Others list and not in Peers list ?? 
 //	 * Once the key is signed, it moves from Others to Peers list ??? 
@@ -696,8 +696,6 @@ int	AuthGPG::privateSignCertificate(const std::string &id)
 //
 //	gpgme_data_release(out);
 //	gpgme_signers_clear(CTX);
-
-	return 1;
 }
 
 /* revoke the signature on Certificate */

openpgpsdk/src/openpgpsdk/keyring.c

@@ -606,6 +606,59 @@ ops_boolean_t ops_add_selfsigned_userid_to_keydata(ops_keydata_t* keydata, ops_u
     return ops_true;
     }
 
+/**
+\ingroup Core_Keys
+\brief Add signature to given key
+\return ops_true if OK; else ops_false
+*/
+ops_boolean_t ops_sign_key(ops_keydata_t* keydata, ops_user_id_t* userid,const unsigned char *signers_key_id,ops_secret_key_t *signers_key)
+{
+/*	ops_memory_t* mem_userid=NULL; */
+	ops_create_info_t* cinfo_userid=NULL;
+
+	ops_memory_t* mem_sig=NULL;
+	ops_create_info_t* cinfo_sig=NULL;
+
+	ops_create_signature_t *sig=NULL;
+
+	/*
+	 * create signature packet for this userid
+	 */
+
+	// create userid pkt
+/*	ops_setup_memory_write(&cinfo_userid, &mem_userid, 128);    */
+/* ops_write_struct_user_id(userid, cinfo_userid);             */
+
+	// create sig for this pkt
+
+	sig=ops_create_signature_new();
+	ops_signature_start_key_signature(sig, &keydata->key.skey.public_key, userid, OPS_CERT_POSITIVE);
+	ops_signature_add_creation_time(sig,time(NULL)); 
+	ops_signature_add_issuer_key_id(sig,signers_key_id);
+/*	ops_signature_add_primary_user_id(sig, ops_true); */
+	ops_signature_hashed_subpackets_end(sig);
+
+	ops_setup_memory_write(&cinfo_sig, &mem_sig, 128);
+	ops_write_signature(sig,&signers_key->public_key,signers_key, cinfo_sig);
+
+	// add this packet to keydata
+
+	ops_packet_t sigpacket;
+	sigpacket.length=ops_memory_get_length(mem_sig);
+	sigpacket.raw=ops_memory_get_data(mem_sig);
+
+	// add userid to keydata
+	ops_add_signed_userid_to_keydata(keydata, userid, &sigpacket);
+
+	// cleanup
+	ops_create_signature_delete(sig);
+/*	ops_create_info_delete(cinfo_userid); */
+	ops_create_info_delete(cinfo_sig);
+/*	ops_memory_free(mem_userid);*/
+	ops_memory_free(mem_sig);
+
+	return ops_true;
+}
 /**
 \ingroup Core_Keys
 \brief Initialise ops_keydata_t
@@ -987,7 +1040,7 @@ cb_keyring_read(const ops_parser_content_t *content_,
    \return ops_true is anything when ok
 */
 
-ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename)
+ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename,ops_boolean_t write_all_packets)
 {
 	ops_create_info_t *info;
 	int fd = ops_setup_file_write(&info, filename, ops_true);
@@ -1001,6 +1054,9 @@ ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean
 	int i;
 	for(i=0;i<keyring->nkeys;++i)
 		if(keyring->keys[i].key.pkey.algorithm  == OPS_PKA_RSA)
+			if(write_all_packets)
+				ops_write_transferable_public_key_from_packet_data(&keyring->keys[i],armoured,info) ;
+			else
 				ops_write_transferable_public_key(&keyring->keys[i],armoured,info) ;
 		else
 		{

openpgpsdk/src/openpgpsdk/keyring.h

@@ -63,7 +63,7 @@ ops_secret_key_t *ops_decrypt_secret_key_from_data(const ops_keydata_t *key,
 
 ops_boolean_t ops_keyring_read_from_file(ops_keyring_t *keyring, const ops_boolean_t armour, const char *filename);
 ops_boolean_t ops_keyring_read_from_mem(ops_keyring_t *keyring, const ops_boolean_t armour, ops_memory_t *mem);
-ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename);
+ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename,ops_boolean_t write_all_packets);
 
 char *ops_malloc_passphrase(char *passphrase);
 char *ops_get_passphrase(void);
@@ -83,6 +83,7 @@ ops_packet_t* ops_add_packet_to_keydata(ops_keydata_t* keydata, const ops_packet
 void ops_add_signed_userid_to_keydata(ops_keydata_t* keydata, const ops_user_id_t* userid, const ops_packet_t* packet);
 
 ops_boolean_t ops_add_selfsigned_userid_to_keydata(ops_keydata_t* keydata, ops_user_id_t* userid);
+ops_boolean_t ops_sign_key(ops_keydata_t* keydata_to_sign, ops_user_id_t* userid,const unsigned char *signers_key_id,ops_secret_key_t *signers_key);
 
 ops_keydata_t *ops_keydata_new(void);
 void ops_keydata_init(ops_keydata_t* keydata, const ops_content_tag_t type);