Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-05-21 23:40:26 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

- added new certificate format in ConfCertDialog and ConnectFriendWizard, with a button to switch to old format if necessary

Browse source 
- added automatic cleaning of certificates in both formats
- grouped all certificate cleaning/parsing code in rscertificate.cc
- removed unused files cleanupxpgp.h/cc
- added upper/lower case to rsid template.

The new format is to be tested. It is supposed to be much more robust than the previous format,
in particular, allowing any string for location names.


git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5410 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2012-08-13 19:37:50 +00:00
parent 64e171948c
commit 60f51c358c
21 changed files with 1037 additions and 1099 deletions
Download patch file Download diff file Expand all files Collapse all files

120
libretroshare/src/pgp/pgphandler.cc
View file

@ -442,13 +442,12 @@ bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::stri
return true ;
}
std::string PGPHandler::makeRadixEncodedPGPKey(const ops_keydata_t *key)
std::string PGPHandler::makeRadixEncodedPGPKey(const ops_keydata_t *key,bool include_signatures)
{
ops_boolean_t armoured=ops_true;
ops_create_info_t* cinfo;
ops_memory_t *buf = NULL ;
ops_setup_memory_write(&cinfo, &buf, 0);
ops_boolean_t armoured = ops_true ;
if(key->type == OPS_PTAG_CT_PUBLIC_KEY)
{
@ -468,11 +467,17 @@ std::string PGPHandler::makeRadixEncodedPGPKey(const ops_keydata_t *key)
ops_writer_close(cinfo) ;
std::string akey((char *)ops_memory_get_data(buf),ops_memory_get_length(buf)) ;
std::string res((char *)ops_memory_get_data(buf),ops_memory_get_length(buf)) ;
ops_teardown_memory_write(cinfo,buf);
return akey ;
if(!include_signatures)
{
std::string tmp ;
if(PGPKeyManagement::createMinimalKey(res,tmp) )
res = tmp ;
}
return res ;
}
const ops_keydata_t *PGPHandler::getSecretKey(const PGPIdType& id) const
@ -494,7 +499,7 @@ const ops_keydata_t *PGPHandler::getPublicKey(const PGPIdType& id) const
return ops_keyring_get_key_by_index(_pubring,res->second._key_index) ;
}
std::string PGPHandler::SaveCertificateToString(const PGPIdType& id,bool)
std::string PGPHandler::SaveCertificateToString(const PGPIdType& id,bool include_signatures) const
{
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
const ops_keydata_t *key = getPublicKey(id) ;
@ -505,7 +510,47 @@ std::string PGPHandler::SaveCertificateToString(const PGPIdType& id,bool)
return "" ;
}
return makeRadixEncodedPGPKey(key) ;
return makeRadixEncodedPGPKey(key,include_signatures) ;
}
bool PGPHandler::exportPublicKey(const PGPIdType& id,unsigned char *& mem_block,size_t& mem_size,bool armoured,bool include_signatures) const
{
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
const ops_keydata_t *key = getPublicKey(id) ;
mem_block = NULL ;
if(key == NULL)
{
std::cerr << "Cannot output key " << id.toStdString() << ": not found in keyring." << std::endl;
return false ;
}
ops_create_info_t* cinfo;
ops_memory_t *buf = NULL ;
ops_setup_memory_write(&cinfo, &buf, 0);
if(ops_write_transferable_public_key_from_packet_data(key,armoured,cinfo) != ops_true)
{
std::cerr << "ERROR: This key cannot be processed by RetroShare because\nDSA certificates are not yet handled." << std::endl;
return false ;
}
ops_writer_close(cinfo) ;
mem_block = new unsigned char[ops_memory_get_length(buf)] ;
mem_size = ops_memory_get_length(buf) ;
memcpy(mem_block,ops_memory_get_data(buf),mem_size) ;
ops_teardown_memory_write(cinfo,buf);
if(!include_signatures)
{
size_t new_size ;
PGPKeyManagement::findLengthOfMinimalKey(mem_block,mem_size,new_size) ;
mem_size = new_size ;
}
return true ;
}
bool PGPHandler::exportGPGKeyPair(const std::string& filename,const PGPIdType& exported_key_id) const
@ -534,13 +579,68 @@ bool PGPHandler::exportGPGKeyPair(const std::string& filename,const PGPIdType& e
return false ;
}
fprintf(f,"%s\n", makeRadixEncodedPGPKey(pubkey).c_str()) ;
fprintf(f,"%s\n", makeRadixEncodedPGPKey(seckey).c_str()) ;
fprintf(f,"%s\n", makeRadixEncodedPGPKey(pubkey,true).c_str()) ;
fprintf(f,"%s\n", makeRadixEncodedPGPKey(seckey,true).c_str()) ;
fclose(f) ;
return true ;
}
bool PGPHandler::getGPGDetailsFromBinaryBlock(const unsigned char *mem_block,size_t mem_size,std::string& key_id, std::string& name, std::list<std::string>& signers) const
{
ops_keyring_t *tmp_keyring = allocateOPSKeyring();
ops_memory_t *mem = ops_memory_new() ;
ops_memory_add(mem,mem_block,mem_size);
if(!ops_keyring_read_from_mem(tmp_keyring,ops_false,mem))
{
ops_keyring_free(tmp_keyring) ;
free(tmp_keyring) ;
ops_memory_release(mem) ;
free(mem) ;
std::cerr << "Could not read key. Format error?" << std::endl;
//error_string = std::string("Could not read key. Format error?") ;
return false ;
}
ops_memory_release(mem) ;
free(mem) ;
//error_string.clear() ;
key_id = PGPIdType(tmp_keyring->keys[0].key_id).toStdString() ;
name = std::string((char *)tmp_keyring->keys[0].uids[0].user_id) ;
// now parse signatures.
//
ops_validate_result_t* result=(ops_validate_result_t*)ops_mallocz(sizeof *result);
ops_boolean_t res ;
{
RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures.
res = ops_validate_key_signatures(result,&tmp_keyring->keys[0],_pubring,cb_get_passphrase) ;
}
if(res == ops_false)
std::cerr << "(EE) Error in PGPHandler::validateAndUpdateSignatures(). Validation failed for at least some signatures." << std::endl;
// Parse signers.
//
if(result != NULL)
for(size_t i=0;i<result->valid_count;++i)
{
std::string signer_str = PGPIdType(result->valid_sigs[i].signer_id).toStdString() ;
signers.push_back(signer_str) ;
}
ops_validate_result_free(result) ;
ops_keyring_free(tmp_keyring) ;
free(tmp_keyring) ;
return true ;
}
bool PGPHandler::importGPGKeyPair(const std::string& filename,PGPIdType& imported_key_id,std::string& import_error)
{
import_error = "" ;

10
libretroshare/src/pgp/pgphandler.h
View file

@ -84,7 +84,9 @@ class PGPHandler
bool GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, PGPIdType& pgpId, std::string& errString) ;
bool LoadCertificateFromString(const std::string& pem, PGPIdType& gpg_id, std::string& error_string);
std::string SaveCertificateToString(const PGPIdType& id,bool include_signatures) ;
std::string SaveCertificateToString(const PGPIdType& id,bool include_signatures) const ;
bool exportPublicKey(const PGPIdType& id,unsigned char *& mem,size_t& mem_size,bool armoured,bool include_signatures) const ;
bool SignDataBin(const PGPIdType& id,const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen) ;
bool VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& withfingerprint) ;
@ -115,6 +117,10 @@ class PGPHandler
static void setPassphraseCallback(PassphraseCallback cb) ;
static PassphraseCallback passphraseCallback() { return _passphrase_callback ; }
// Gets info about the key. Who are the signers, what's the owner's name, etc.
//
bool getGPGDetailsFromBinaryBlock(const unsigned char *mem,size_t mem_size,std::string& key_id, std::string& name, std::list<std::string>& signers) const ;
// Debug stuff.
virtual bool printKeys() const ;
@ -170,7 +176,7 @@ class PGPHandler
// Helper functions.
//
static std::string makeRadixEncodedPGPKey(const ops_keydata_t *key) ;
static std::string makeRadixEncodedPGPKey(const ops_keydata_t *key,bool include_signatures) ;
static ops_keyring_t *allocateOPSKeyring() ;
static void addNewKeyToOPSKeyring(ops_keyring_t*, const ops_keydata_t&) ;
static PassphraseCallback _passphrase_callback ;

88
libretroshare/src/pgp/pgpkeyutil.cc
View file

@ -35,47 +35,10 @@ bool PGPKeyManagement::createMinimalKey(const std::string& pgp_certificate,std::
Radix64::decode(radix_cert,keydata,len) ;
unsigned char *data = (unsigned char *)keydata ;
size_t new_len ;
findLengthOfMinimalKey((unsigned char *)keydata,len,new_len) ;
#ifdef DEBUG_PGPUTIL
std::cerr << "Total size: " << len << std::endl;
#endif
uint8_t packet_tag;
uint32_t packet_length ;
// 2 - parse key data, only keep public key data, user id and self-signature.
bool public_key=false ;
bool own_signature=false ;
bool user_id=false ;
while(true)
{
PGPKeyParser::read_packetHeader(data,packet_tag,packet_length) ;
#ifdef DEBUG_PGPUTIL
std::cerr << "Header:" << std::endl;
std::cerr << " Packet tag: " << (int)packet_tag << std::endl;
std::cerr << " Packet length: " << packet_length << std::endl;
#endif
data += packet_length ;
if(packet_tag == PGPKeyParser::PGP_PACKET_TAG_PUBLIC_KEY)
public_key = true ;
if(packet_tag == PGPKeyParser::PGP_PACKET_TAG_USER_ID)
user_id = true ;
if(packet_tag == PGPKeyParser::PGP_PACKET_TAG_SIGNATURE)
own_signature = true ;
if(public_key && own_signature && user_id)
break ;
if( (uint64_t)data - (uint64_t)keydata >= len )
break ;
}
cleaned_certificate = makeArmouredKey((unsigned char*)keydata,(uint64_t)data - (uint64_t)keydata,version_string) ;
cleaned_certificate = makeArmouredKey((unsigned char*)keydata,new_len,version_string) ;
return true ;
}
catch(std::exception& e)
@ -86,6 +49,51 @@ bool PGPKeyManagement::createMinimalKey(const std::string& pgp_certificate,std::
}
}
void PGPKeyManagement::findLengthOfMinimalKey(const unsigned char *keydata,size_t len,size_t& new_len)
{
unsigned char *data = (unsigned char *)keydata ;
#ifdef DEBUG_PGPUTIL
std::cerr << "Total size: " << len << std::endl;
#endif
uint8_t packet_tag;
uint32_t packet_length ;
// 2 - parse key data, only keep public key data, user id and self-signature.
bool public_key=false ;
bool own_signature=false ;
bool user_id=false ;
while(true)
{
PGPKeyParser::read_packetHeader(data,packet_tag,packet_length) ;
#ifdef DEBUG_PGPUTIL
std::cerr << "Header:" << std::endl;
std::cerr << " Packet tag: " << (int)packet_tag << std::endl;
std::cerr << " Packet length: " << packet_length << std::endl;
#endif
data += packet_length ;
if(packet_tag == PGPKeyParser::PGP_PACKET_TAG_PUBLIC_KEY)
public_key = true ;
if(packet_tag == PGPKeyParser::PGP_PACKET_TAG_USER_ID)
user_id = true ;
if(packet_tag == PGPKeyParser::PGP_PACKET_TAG_SIGNATURE)
own_signature = true ;
if(public_key && own_signature && user_id)
break ;
if( (uint64_t)data - (uint64_t)keydata >= len )
break ;
}
new_len = (uint64_t)data - (uint64_t)keydata ;
}
std::string PGPKeyParser::extractRadixPartFromArmouredKey(const std::string& pgp_certificate,std::string& version_string)
{
int n = pgp_certificate.length() ;

1
libretroshare/src/pgp/pgpkeyutil.h
View file

@ -59,6 +59,7 @@ class PGPKeyManagement
//
static bool createMinimalKey(const std::string& pgp_certificate,std::string& cleaned_certificate) ;
static void findLengthOfMinimalKey(const unsigned char *keydata,size_t key_len,size_t& minimal_key_len) ;
static std::string makeArmouredKey(const unsigned char *keydata,size_t key_size,const std::string& version_string) ;
private:
// Computes the 24 bits CRC checksum necessary to all PGP data.

608
libretroshare/src/pgp/rscertificate.cc
View file

@ -3,6 +3,7 @@
#include <stdio.h>
#include <string.h>
#include <retroshare/rspeers.h>
#include <util/radix64.h>
#include <pgp/pgpkeyutil.h>
#include "rscertificate.h"
@ -21,36 +22,9 @@ static const uint8_t CERTIFICATE_PTAG_DNS_SECTION = 0x04 ;
static const uint8_t CERTIFICATE_PTAG_SSLID_SECTION = 0x05 ;
static const uint8_t CERTIFICATE_PTAG_NAME_SECTION = 0x06 ;
std::string RsCertificate::toStdString_oldFormat() const
static bool is_acceptable_radix64Char(char c)
{
std::string res ;
res += PGPKeyManagement::makeArmouredKey(binary_pgp_key,binary_pgp_key_size,pgp_version) ;
res += SSLID_BEGIN_SECTION ;
res += location_id.toStdString() ;
res += ";" ;
res += LOCATION_BEGIN_SECTION ;
res += location_name ;
res += ";\n" ;
std::ostringstream os ;
os << LOCAL_IP_BEGIN_SECTION ;
os << (int)ipv4_internal_ip_and_port[0] << "." << (int)ipv4_internal_ip_and_port[1] << "." << (int)ipv4_internal_ip_and_port[2] << "." << (int)ipv4_internal_ip_and_port[3] ;
os << ":" ;
os << ipv4_internal_ip_and_port[4]*256+ipv4_internal_ip_and_port[5] ;
os << ";" ;
os << EXTERNAL_IP_BEGIN_SECTION ;
os << (int)ipv4_external_ip_and_port[0] << "." << (int)ipv4_external_ip_and_port[1] << "." << (int)ipv4_external_ip_and_port[2] << "." << (int)ipv4_external_ip_and_port[3] ;
os << ":" ;
os << ipv4_external_ip_and_port[4]*256+ipv4_external_ip_and_port[5] ;
os << ";" ;
res += os.str() ;
res += "\n" ;
return res ;
return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '+' || c == '/' || '=' ;
}
RsCertificate::~RsCertificate()
@ -105,8 +79,21 @@ std::string RsCertificate::toStdString() const
Radix64::encode((char *)buf, p, out_string) ;
// Now slice up to 64 chars.
//
std::string out2 ;
static const int LINE_LENGTH = 64 ;
for(int i=0;i<(int)out_string.length();++i)
{
out2 += out_string[i] ;
if(i % LINE_LENGTH == LINE_LENGTH-1)
out2 += '\n' ;
}
delete[] buf ;
return out_string ;
return out2 ;
}
RsCertificate::RsCertificate(const std::string& str)
@ -121,6 +108,44 @@ RsCertificate::RsCertificate(const std::string& str)
throw std::runtime_error(err_string) ;
}
RsCertificate::RsCertificate(const RsPeerDetails& Detail, const unsigned char *binary_pgp_block,size_t binary_pgp_block_size)
:pgp_version("Version: OpenPGP:SDK v0.9")
{
if(binary_pgp_block_size == 0 || binary_pgp_block == NULL)
throw std::runtime_error("Cannot init a certificate with a void key block.") ;
if(Detail.isOnlyGPGdetail)
throw std::runtime_error("Cannot init a certificate with a RsPeerDetails with only GPG details.") ;
binary_pgp_key = new unsigned char[binary_pgp_block_size] ;
memcpy(binary_pgp_key,binary_pgp_block,binary_pgp_block_size) ;
binary_pgp_key_size = binary_pgp_block_size ;
location_id = SSLIdType( Detail.id ) ;
location_name = Detail.location ;
scan_ip(Detail.localAddr,Detail.localPort,ipv4_internal_ip_and_port) ;
scan_ip(Detail.extAddr,Detail.extPort,ipv4_external_ip_and_port) ;
dns_name = Detail.dyndns ;
}
void RsCertificate::scan_ip(const std::string& ip_string, unsigned short port,unsigned char *ip_and_port)
{
int d0,d1,d2,d3 ;
if(4 != sscanf(ip_string.c_str(),"%d.%d.%d.%d",&d0,&d1,&d2,&d3))
throw std::runtime_error( "Cannot parse ip from given string." );
ip_and_port[0] = d0 ;
ip_and_port[1] = d1 ;
ip_and_port[2] = d2 ;
ip_and_port[3] = d3 ;
ip_and_port[4] = (port >> 8 ) & 0xff ;
ip_and_port[5] = port & 0xff ;
}
bool RsCertificate::initFromString(const std::string& instr,std::string& err_string)
{
std::string str ;
@ -132,7 +157,7 @@ bool RsCertificate::initFromString(const std::string& instr,std::string& err_str
if(instr[i] == ' ' || instr[i] == '\t' || instr[i] == '\n')
continue ;
if(! ( (instr[i] >= '0' && instr[i] <= '9') || (instr[i] >= 'a' && instr[i] <= 'z') || (instr[i] >= 'A' && instr[i] <= 'Z') || (instr[i] == '+' || instr[i] == '/') || instr[i] == '='))
if(! is_acceptable_radix64Char(instr[i]))
return false ;
str += instr[i] ;
@ -158,7 +183,13 @@ bool RsCertificate::initFromString(const std::string& instr,std::string& err_str
total_s += 1 + ((unsigned long)buf-(unsigned long)buf2) ;
std::cerr << "Packet parse: read ptag " << (int)ptag << ", size " << size << ", total_s = " << total_s << std::endl;
if(total_s > size)
{
err_string = "Abnormal size read. Bigger than memory block." ;
return false ;
}
std::cerr << "Packet parse: read ptag " << (int)ptag << ", size " << s << ", total_s = " << total_s << ", expected total = " << size << std::endl;
switch(ptag)
{
@ -219,6 +250,488 @@ bool RsCertificate::initFromString(const std::string& instr,std::string& err_str
return true ;
}
std::string RsCertificate::ext_ip_string() const
{
std::ostringstream os ;
os << (int)ipv4_external_ip_and_port[0] << "." << (int)ipv4_external_ip_and_port[1] << "." << (int)ipv4_external_ip_and_port[2] << "." << (int)ipv4_external_ip_and_port[3] ;
return os.str() ;
}
std::string RsCertificate::loc_ip_string() const
{
std::ostringstream os ;
os << (int)ipv4_internal_ip_and_port[0] << "." << (int)ipv4_internal_ip_and_port[1] << "." << (int)ipv4_internal_ip_and_port[2] << "." << (int)ipv4_internal_ip_and_port[3] ;
return os.str() ;
}
unsigned short RsCertificate::ext_port_us() const
{
return (int)ipv4_external_ip_and_port[4]*256 + (int)ipv4_external_ip_and_port[5] ;
}
unsigned short RsCertificate::loc_port_us() const
{
return (int)ipv4_internal_ip_and_port[4]*256 + (int)ipv4_internal_ip_and_port[5] ;
}
bool RsCertificate::cleanCertificate(const std::string& input,std::string& output,Format& format,int& error_code)
{
if(cleanCertificate_oldFormat(input,output,error_code))
{
format = RS_CERTIFICATE_OLD_FORMAT ;
return true ;
}
if(cleanCertificate(input,output,error_code))
{
format = RS_CERTIFICATE_RADIX ;
return true ;
}
return false ;
}
std::string RsCertificate::armouredPGPKey() const
{
return PGPKeyManagement::makeArmouredKey(binary_pgp_key,binary_pgp_key_size,pgp_version) ;
}
// Yeah, this is simple, and that is what's good about the radix format. Can't be broken ;-)
//
bool RsCertificate::cleanCertificate(const std::string& instr,std::string& str,int& error_code)
{
error_code = RS_PEER_CERT_CLEANING_CODE_NO_ERROR ;
// 0 - clean the string and check that it is pure radix64
//
for(uint32_t i=0;i<instr.length();++i)
{
if(instr[i] == ' ' || instr[i] == '\t' || instr[i] == '\n')
continue ;
if(! is_acceptable_radix64Char(instr[i]))
{
error_code = RS_PEER_CERT_CLEANING_CODE_WRONG_RADIX_CHAR ;
return false ;
}
str += instr[i] ;
}
// Now slice up to 64 chars.
//
std::string str2 ;
static const int LINE_LENGTH = 64 ;
for(int i=0;i<(int)str.length();++i)
{
str2 += str[i] ;
if(i % LINE_LENGTH == LINE_LENGTH-1)
str2 += '\n' ;
}
str = str2 ;
return true ;
}
// All the code below should be removed when in 0.6. Certificates will only use the new format.
//
bool RsCertificate::cleanCertificate_oldFormat(const std::string& certstr,std::string& cleanCertificate,int& error_code)
{
error_code = RS_PEER_CERT_CLEANING_CODE_UNKOWN_ERROR ; // default
const std::string& badCertificate(certstr) ;
std::string pgpend("-----END PGP PUBLIC KEY BLOCK-----");
size_t pos = certstr.find(pgpend);
std::string peer_info ;
std::string cert ;
if (pos != std::string::npos)
{
pos += pgpend.length();
cert = certstr.substr(0, pos);
if (pos + 1 < certstr.length())
peer_info = certstr.substr(pos + 1);
}
else
{
error_code = RS_PEER_CERT_CLEANING_CODE_NO_END_TAG ;
return false ;
}
if(cert.empty())
return false ;
/*
Buffer for storing the cleaned certificate. In certain cases the
cleanCertificate can be larger than the badCertificate
*/
cleanCertificate = "";
//The entire certificate begin tag
const char * beginCertTag="-----BEGIN";
//The entire certificate end tag
const char * endCertTag="-----END";
//Tag containing dots. The common part of both start and end tags
const char * commonTag="-----";
//Only BEGIN part of the begin tag
const char * beginTag="BEGIN";
//Only END part of the end tag
const char * endTag="END";
//The start index of the ----- part of the certificate begin tag
size_t beginCertStartIdx1=0;
//The start index of the BEGIN part of the certificate begin tag
size_t beginCertStartIdx2=0;
//The start index of the end part(-----) of the certificate begin tag. The begin tag ends with -----. Example -----BEGIN XPGP CERTIFICATE-----
size_t beginCertEndIdx=0;
//The start index of the ----- part of the certificate end tag
size_t endCertStartIdx1=0;
//The start index of the END part of the certificate end tag
size_t endCertStartIdx2=0;
//The start index of the end part(-----) of the certificate end tag. The begin tag ends with -----. Example -----BEGIN XPGP CERTIFICATE-----
size_t endCertEndIdx=0;
//The length of the bad certificate.
size_t lengthOfCert=certstr.length();
//The current index value in the bad certificate
size_t currBadCertIdx=0;
//Temporary index value
size_t tmpIdx=0;
//Boolean flag showing if the begin tag or the end tag has been found
bool found=false;
/*
Calculating the value of the beginCertStartIdx1 and beginCertStartIdx2. Here
we first locate the occurance of ----- and then the location of BEGIN. Next
we check if there are any non space or non new-line characters between their
occureance. If there are any other characters between the two(----- and
BEGIN), other than space and new line then it means that it is the
certificate begin tag. Here we take care of the fact that we may have
introduced some spaces and newlines in the begin tag by mistake. This takes
care of the spaces and newlines between ----- and BEGIN.
*/
while(found==false && (beginCertStartIdx1=certstr.find(commonTag,tmpIdx))!=std::string::npos)
{
beginCertStartIdx2=certstr.find(beginTag,beginCertStartIdx1+strlen(commonTag));
tmpIdx=beginCertStartIdx1+strlen(commonTag);
if(beginCertStartIdx2!=std::string::npos)
{
found=true;
for(size_t i=beginCertStartIdx1+strlen(commonTag);i<beginCertStartIdx2;i++)
{
if(certstr[i]!=' ' && certstr[i]!='\n' )
{
found=false;
break;
}
}
}
else
{
break;
}
}
/*
begin tag not found
*/
if(!found)
{
std::cerr<<"Certificate corrupted beyond repair: No <------BEGIN > tag"<<std::endl;
error_code = RS_PEER_CERT_CLEANING_CODE_NO_BEGIN_TAG ;
return false;
}
beginCertEndIdx=certstr.find(commonTag,beginCertStartIdx2);
if(beginCertEndIdx==std::string::npos)
{
std::cerr<<"Certificate corrupted beyond repair: No <------BEGIN > tag"<<std::endl;
error_code = RS_PEER_CERT_CLEANING_CODE_NO_BEGIN_TAG ;
return false;
}
tmpIdx=beginCertEndIdx+strlen(commonTag);
found=false;
/*
Calculating the value of the endCertStartIdx1 and endCertStartIdx2. Here we first locate the occurance of ----- and then
the location of END. Next we check if there are any non space or non new-line characters between their occureance. If there are any other
characters between the two(----- and END), other than space and new line then it means that it is the certificate end tag.
Here we take care of the fact that we may have introduced some spaces and newlines in the end tag by mistake. This
takes care of the spaces and newlines between ----- and END.
*/
while(found==false && (endCertStartIdx1=certstr.find(commonTag,tmpIdx))!=std::string::npos)
{
endCertStartIdx2=certstr.find(endTag,endCertStartIdx1+strlen(commonTag));
tmpIdx=endCertStartIdx1+strlen(commonTag);
if(endCertStartIdx2!=std::string::npos)
{
found=true;
for(size_t i=endCertStartIdx1+strlen(commonTag);i<endCertStartIdx2;i++)
{
if(certstr[i]!=' '&& certstr[i]!='\n')
{
found=false;
break;
}
}
}
else
{
break;
}
}
/*
end tag not found
*/
if(!found)
{
std::cerr<<"Certificate corrupted beyond repair: No <------END > tag"<<std::endl;
error_code = RS_PEER_CERT_CLEANING_CODE_NO_END_TAG ;
return false;
}
endCertEndIdx=certstr.find(commonTag,endCertStartIdx2);
if(endCertEndIdx==std::string::npos || endCertEndIdx>=lengthOfCert)
{
std::cerr<<"Certificate corrupted beyond repair: No <------END > tag"<<std::endl;
error_code = RS_PEER_CERT_CLEANING_CODE_NO_END_TAG ;
return false;
}
/*
Copying the begin tag(-----BEGIN) to the clean certificate
*/
cleanCertificate += beginCertTag;
currBadCertIdx=beginCertStartIdx2+strlen(beginTag);
/*
Copying the name of the tag e.g XPGP CERTIFICATE. At the same time remove any white spaces and new line
characters.
*/
while(currBadCertIdx<beginCertEndIdx)
{
if(badCertificate[currBadCertIdx]=='\n')
{
currBadCertIdx++;
}
else if(badCertificate[currBadCertIdx]==' ' && (badCertificate[currBadCertIdx-1]==' '|| badCertificate[currBadCertIdx-1]=='\n') )
{
currBadCertIdx++;
}
else
{
cleanCertificate += badCertificate[currBadCertIdx];
currBadCertIdx++;
}
}
/*
If the last character is a space we need to remove it.
*/
if(cleanCertificate.substr(cleanCertificate.length()-1, 1) == " ")
{
cleanCertificate.erase(cleanCertificate.length()-1);
}
/*
Copying the end part of the certificate start tag(-----).
*/
cleanCertificate += commonTag;
cleanCertificate += "\n";
currBadCertIdx=currBadCertIdx+strlen(commonTag);
/*
Remove the white spaces between the end of the certificate begin tag and the actual
start of the certificate.
*/
while(badCertificate[currBadCertIdx]=='\n'|| badCertificate[currBadCertIdx]==' ')
{
currBadCertIdx++;
}
//keep the armor header
std::list<std::string> header;
header.push_back("Version");
header.push_back("Comment");
header.push_back("MessageID");
header.push_back("Hash");
header.push_back("Charset");
for (std::list<std::string>::iterator headerIt = header.begin (); headerIt != header.end(); headerIt++)
{
if (badCertificate.substr(currBadCertIdx, (*headerIt).length()) == *headerIt)
{
cleanCertificate += badCertificate.substr(currBadCertIdx, (*headerIt).length());
currBadCertIdx += (*headerIt).length();
while(currBadCertIdx<endCertStartIdx1 && badCertificate[currBadCertIdx]!='\n')
{
cleanCertificate += badCertificate[currBadCertIdx];
currBadCertIdx++;
}
cleanCertificate += "\n";
}
}
//add empty line after armor header
cleanCertificate += "\n";
//Start of the actual certificate. Remove spaces in the certificate
//and make sure there are 64 characters per line in the
//new cleaned certificate
int cntPerLine=0;
while(currBadCertIdx<endCertStartIdx1)
{
if(cntPerLine==64)
{
cleanCertificate += "\n";
cntPerLine=0;
}
if(badCertificate[currBadCertIdx]=='=') /* checksum */
break;
else if(badCertificate[currBadCertIdx]=='\t')
currBadCertIdx++;
else if(badCertificate[currBadCertIdx]==' ')
currBadCertIdx++;
else if(badCertificate[currBadCertIdx]=='\n')
currBadCertIdx++;
else if(is_acceptable_radix64Char(badCertificate[currBadCertIdx]))
{
cleanCertificate += badCertificate[currBadCertIdx];
cntPerLine++;
currBadCertIdx++;
}
else
{
std::cerr << "Warning: Invalid character in radix certificate encoding: " << badCertificate[currBadCertIdx] << std::endl;
currBadCertIdx++;
}
}
if(currBadCertIdx>=endCertStartIdx1)
{
std::cerr<<"Certificate corrupted beyond repair: No checksum, or no newline after first tag"<<std::endl;
error_code = RS_PEER_CERT_CLEANING_CODE_NO_CHECKSUM ;
return false;
}
while(currBadCertIdx < endCertStartIdx1 && (badCertificate[currBadCertIdx] == '=' || badCertificate[currBadCertIdx] == ' ' || badCertificate[currBadCertIdx] == '\n' ))
currBadCertIdx++ ;
switch(cntPerLine % 4)
{
case 0: break ;
case 1: std::cerr<<"Certificate corrupted beyond repair: wrongnumber of chars on last line (n%4=1)"<<std::endl;
error_code = RS_PEER_CERT_CLEANING_CODE_WRONG_NUMBER;
return false ;
case 2: cleanCertificate += "==" ;
break ;
case 3: cleanCertificate += "=" ;
break ;
}
cleanCertificate += "\n=";
// if (badCertificate[currBadCertIdx] == '=')
// {
/* checksum */
while(currBadCertIdx<endCertStartIdx1)
{
if (badCertificate[currBadCertIdx]==' ')
{
currBadCertIdx++;
continue;
}
else if(badCertificate[currBadCertIdx]=='\n')
{
currBadCertIdx++;
continue;
}
cleanCertificate += badCertificate[currBadCertIdx];
cntPerLine++;
currBadCertIdx++;
}
// }
if(cleanCertificate.substr(cleanCertificate.length()-1,1)!="\n")
{
cleanCertificate += "\n";
// std::cerr<<"zeeeee"<<std::endl;
}
else
{
// std::cerr<<"zooooo"<<std::endl;
}
/*
Copying the begining part of the certificate end tag. Copying
-----END part of the tag.
*/
cleanCertificate += endCertTag;
currBadCertIdx=endCertStartIdx2+strlen(endTag);
/*
Copying the name of the certificate e.g XPGP CERTIFICATE. The end tag also has the
the name of the tag.
*/
while(currBadCertIdx<endCertEndIdx)
{
if(badCertificate[currBadCertIdx]=='\n')
{
currBadCertIdx++;
}
else if( badCertificate[currBadCertIdx]==' ' && (badCertificate[currBadCertIdx-1]==' '|| badCertificate[currBadCertIdx-1]=='\n'))
{
currBadCertIdx++;
}
else
{
cleanCertificate += badCertificate[currBadCertIdx];
currBadCertIdx++;
}
}
/*
If the last character is a space we need to remove it.
*/
if(cleanCertificate.substr(cleanCertificate.length()-1,1)==" ")
{
cleanCertificate.erase(cleanCertificate.length()-1);
}
/*
Copying the end part(-----) of the end tag in the certificate.
*/
cleanCertificate += commonTag;
cleanCertificate += "\n";
error_code = RS_PEER_CERT_CLEANING_CODE_NO_ERROR ;
cleanCertificate += peer_info ;
return true;
}
std::string RsCertificate::toStdString_oldFormat() const
{
std::string res ;
res += PGPKeyManagement::makeArmouredKey(binary_pgp_key,binary_pgp_key_size,pgp_version) ;
res += SSLID_BEGIN_SECTION ;
res += location_id.toStdString() ;
res += ";" ;
res += LOCATION_BEGIN_SECTION ;
res += location_name ;
res += ";\n" ;
std::ostringstream os ;
os << LOCAL_IP_BEGIN_SECTION ;
os << (int)ipv4_internal_ip_and_port[0] << "." << (int)ipv4_internal_ip_and_port[1] << "." << (int)ipv4_internal_ip_and_port[2] << "." << (int)ipv4_internal_ip_and_port[3] ;
os << ":" ;
os << ipv4_internal_ip_and_port[4]*256+ipv4_internal_ip_and_port[5] ;
os << ";" ;
os << EXTERNAL_IP_BEGIN_SECTION ;
os << (int)ipv4_external_ip_and_port[0] << "." << (int)ipv4_external_ip_and_port[1] << "." << (int)ipv4_external_ip_and_port[2] << "." << (int)ipv4_external_ip_and_port[3] ;
os << ":" ;
os << ipv4_external_ip_and_port[4]*256+ipv4_external_ip_and_port[5] ;
os << ";" ;
res += os.str() ;
res += "\n" ;
return res ;
}
bool RsCertificate::initFromString_oldFormat(const std::string& certstr,std::string& err_string)
{
//parse the text to get ip address
@ -314,20 +827,7 @@ bool RsCertificate::initFromString_oldFormat(const std::string& certstr,std::str
sscanf(local_port.c_str(), "%hu", &localPort);
}
int d0,d1,d2,d3 ;
if(4 != sscanf(local_ip.c_str(),"%d.%d.%d.%d",&d0,&d1,&d2,&d3))
{
err_string = "Cannot parse ip from given string." ;
return false ;
}
ipv4_internal_ip_and_port[0] = d0 ;
ipv4_internal_ip_and_port[1] = d1 ;
ipv4_internal_ip_and_port[2] = d2 ;
ipv4_internal_ip_and_port[3] = d3 ;
ipv4_internal_ip_and_port[4] = (localPort >> 8 ) & 0xff ;
ipv4_internal_ip_and_port[5] = localPort & 0xff ;
scan_ip(local_ip,localPort,ipv4_internal_ip_and_port) ;
}
}
@ -352,20 +852,7 @@ bool RsCertificate::initFromString_oldFormat(const std::string& certstr,std::str
sscanf(ext_port.c_str(), "%hu", &extPort);
}
int d0,d1,d2,d3 ;
if(4 != sscanf(ext_ip.c_str(),"%d.%d.%d.%d",&d0,&d1,&d2,&d3))
{
err_string = "Cannot parse ip from given string." ;
return false ;
}
ipv4_external_ip_and_port[0] = d0 ;
ipv4_external_ip_and_port[1] = d1 ;
ipv4_external_ip_and_port[2] = d2 ;
ipv4_external_ip_and_port[3] = d3 ;
ipv4_external_ip_and_port[4] = (extPort >> 8 ) & 0xff ;
ipv4_external_ip_and_port[5] = extPort & 0xff ;
scan_ip(ext_ip,extPort,ipv4_external_ip_and_port) ;
}
}
@ -397,4 +884,3 @@ bool RsCertificate::initFromString_oldFormat(const std::string& certstr,std::str

33
libretroshare/src/pgp/rscertificate.h
View file

@ -3,6 +3,8 @@
#include <string>
#include <util/rsid.h>
class RsPeerDetails ;
static const int SSL_ID_SIZE = 16 ;
typedef t_RsGenericIdType<SSL_ID_SIZE> SSLIdType ;
@ -10,16 +12,45 @@ typedef t_RsGenericIdType<SSL_ID_SIZE> SSLIdType ;
class RsCertificate
{
public:
// Constructs from text
typedef enum { RS_CERTIFICATE_OLD_FORMAT, RS_CERTIFICATE_RADIX } Format ;
// Constructs from text.
// - old format: The input string must comply with the GPG format (See RFC4880)
// - new format: The input string should only contain radix chars and spaces/LF/tabs.
//
RsCertificate(const std::string& input_string) ;
// Constructs from binary gpg key, and RsPeerDetails.
//
RsCertificate(const RsPeerDetails& details,const unsigned char *gpg_mem_block,size_t gpg_mem_block_size) ;
// Constructs
virtual ~RsCertificate();
// Outut to text
std::string toStdString_oldFormat() const ;
std::string toStdString() const ;
std::string ext_ip_string() const ;
std::string loc_ip_string() const ;
std::string dns_string() const { return dns_name ; }
std::string sslid_string() const { return location_id.toStdString(false) ; }
std::string armouredPGPKey() const ;
unsigned short ext_port_us() const ;
unsigned short loc_port_us() const ;
const unsigned char *pgp_key() const { return binary_pgp_key ; }
const size_t pgp_key_size() const { return binary_pgp_key_size ; }
static bool cleanCertificate(const std::string& input,std::string& output,RsCertificate::Format& format,int& error_code) ;
private:
static bool cleanCertificate(const std::string& input,std::string& output,int&) ; // new radix format
static bool cleanCertificate_oldFormat(const std::string& input,std::string& output,int&) ; // old text format
static void scan_ip(const std::string& ip_string, unsigned short port,unsigned char *destination_memory) ;
bool initFromString(const std::string& str,std::string& err_string) ;
bool initFromString_oldFormat(const std::string& str,std::string& err_string) ;