diff --git a/libretroshare/src/pqi/authgpg.cc b/libretroshare/src/pqi/authgpg.cc index be92716ab..3edc6453c 100644 --- a/libretroshare/src/pqi/authgpg.cc +++ b/libretroshare/src/pqi/authgpg.cc @@ -762,15 +762,13 @@ bool AuthGPGimpl::DoOwnSignature(const void *data, unsigned int datalen, void *b return false; } -#ifdef GPG_DEBUG - gpgme_sign_result_t res = -#endif - gpgme_op_sign_result(CTX); + gpgme_sign_result_t res = gpgme_op_sign_result(CTX); -#ifdef GPG_DEBUG if (res) { +#ifdef GPG_DEBUG fprintf(stderr, "Sign Got Result\n"); +#endif } else { @@ -780,6 +778,7 @@ bool AuthGPGimpl::DoOwnSignature(const void *data, unsigned int datalen, void *b gpgme_invalid_key_t ik = res->invalid_signers; gpgme_new_signature_t sg = res->signatures; +#ifdef GPG_DEBUG while(ik != NULL) { fprintf(stderr, "AuthGPGimpl::Sign, Invalid by: %s\n", ik->fpr); diff --git a/libretroshare/src/pqi/authgpg.h b/libretroshare/src/pqi/authgpg.h index 6a7f17b71..876d61ca7 100644 --- a/libretroshare/src/pqi/authgpg.h +++ b/libretroshare/src/pqi/authgpg.h @@ -54,6 +54,8 @@ const time_t STORE_KEY_TIMEOUT = 60; //store key is call around every 60sec +#define MAX_GPG_SIGNATURE_SIZE 4096 + /*! * gpgcert is the identifier for a person. * It is a wrapper class for a GPGme OpenPGP certificate. @@ -152,6 +154,7 @@ virtual std::string getGPGEmail(GPG_id pgp_id) = 0; /* PGP web of trust management */ virtual std::string getGPGOwnId() = 0; virtual std::string getGPGOwnName() = 0; + //virtual std::string getGPGOwnEmail() = 0; virtual bool getGPGDetails(std::string id, RsPeerDetails &d) = 0; virtual bool getGPGAllList(std::list &ids) = 0; @@ -269,6 +272,7 @@ virtual std::string getGPGEmail(GPG_id pgp_id); /* PGP web of trust management */ virtual std::string getGPGOwnId(); virtual std::string getGPGOwnName(); + //virtual std::string getGPGOwnEmail(); virtual bool getGPGDetails(std::string id, RsPeerDetails &d); virtual bool getGPGAllList(std::list &ids); diff --git a/libretroshare/src/pqi/authgpgtest.cc b/libretroshare/src/pqi/authgpgtest.cc index 70cc3960b..920bd27be 100644 --- a/libretroshare/src/pqi/authgpgtest.cc +++ b/libretroshare/src/pqi/authgpgtest.cc @@ -148,6 +148,7 @@ std::string AuthGPGtest::getGPGOwnName() return "DUMMY_OWN_NAME"; } + #if 0 std::string AuthGPGtest::getGPGOwnEmail() { diff --git a/libretroshare/src/pqi/authgpgtest.h b/libretroshare/src/pqi/authgpgtest.h index c19f2ad0d..993fc8a12 100644 --- a/libretroshare/src/pqi/authgpgtest.h +++ b/libretroshare/src/pqi/authgpgtest.h @@ -87,6 +87,7 @@ virtual std::string getGPGEmail(GPG_id pgp_id); /* PGP web of trust management */ virtual std::string getGPGOwnId(); virtual std::string getGPGOwnName(); + //virtual std::string getGPGOwnEmail(); virtual bool getGPGDetails(std::string id, RsPeerDetails &d); virtual bool getGPGAllList(std::list &ids); diff --git a/libretroshare/src/pqi/p3connmgr.cc b/libretroshare/src/pqi/p3connmgr.cc index e33447e42..c1c4767ed 100644 --- a/libretroshare/src/pqi/p3connmgr.cc +++ b/libretroshare/src/pqi/p3connmgr.cc @@ -72,7 +72,6 @@ const uint32_t PEER_IP_CONNECT_STATE_MAX_LIST_SIZE = 4; * #define CONN_DEBUG_TICK 1 ***/ - /**** * #define P3CONNMGR_NO_TCP_CONNECTIONS 1 ***/ @@ -2360,6 +2359,42 @@ bool p3ConnectMgr::retryConnectTCP(std::string id) /* UDP automatically searches -> no need to push start */ // Just push all the addresses onto the stack. + /* try "current addresses" first */ + if (isValidNet(&(it->second.currentlocaladdr.sin_addr))) + { +#ifdef CONN_DEBUG + std::cerr << "Adding tcp connection attempt: "; + std::cerr << "Current Local Addr: " << inet_ntoa(it->second.currentlocaladdr.sin_addr); + std::cerr << ":" << ntohs(it->second.currentlocaladdr.sin_port); + std::cerr << std::endl; +#endif + peerConnectAddress pca; + pca.addr = it->second.currentlocaladdr; + pca.type = RS_NET_CONN_TCP_LOCAL; + pca.delay = P3CONNMGR_TCP_DEFAULT_DELAY; + pca.ts = time(NULL); + pca.period = P3CONNMGR_TCP_DEFAULT_PERIOD; + it->second.connAddrs.push_back(pca); + } + + if (isValidNet(&(it->second.currentserveraddr.sin_addr))) + { +#ifdef CONN_DEBUG + std::cerr << "Adding tcp connection attempt: "; + std::cerr << "Current Ext Addr: " << inet_ntoa(it->second.currentserveraddr.sin_addr); + std::cerr << ":" << ntohs(it->second.currentserveraddr.sin_port); + std::cerr << std::endl; +#endif + peerConnectAddress pca; + pca.addr = it->second.currentserveraddr; + pca.type = RS_NET_CONN_TCP_EXTERNAL; + pca.delay = P3CONNMGR_TCP_DEFAULT_DELAY; + pca.ts = time(NULL); + pca.period = P3CONNMGR_TCP_DEFAULT_PERIOD; + it->second.connAddrs.push_back(pca); + } + + /* now try historical addresses */ /* try local addresses first */ std::list::iterator ait; for(ait = it->second.ipAddrs.mLocal.mAddrs.begin(); diff --git a/libretroshare/src/pqi/pqissllistener.cc b/libretroshare/src/pqi/pqissllistener.cc index 2bf5df988..d822f6ca1 100644 --- a/libretroshare/src/pqi/pqissllistener.cc +++ b/libretroshare/src/pqi/pqissllistener.cc @@ -687,8 +687,9 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem AuthSSL::getAuthSSL()->CheckCertificate(newPeerId, peercert); /* now need to get GPG id too */ - //mConnMgr->addPeer(newPeerId); - + std::string pgpid = getX509CNString(peercert->cert_info->issuer); + mConnMgr->addFriend(newPeerId, pgpid); + X509_free(peercert); return -1; } diff --git a/libretroshare/src/services/p3distrib.cc b/libretroshare/src/services/p3distrib.cc index 1bdd42d68..18f62409e 100644 --- a/libretroshare/src/services/p3distrib.cc +++ b/libretroshare/src/services/p3distrib.cc @@ -47,6 +47,8 @@ * #define DISTRIB_DEBUG 1 ****/ +//#define DISTRIB_DEBUG 1 + RSA *extractPublicKey(RsTlvSecurityKey &key); RSA *extractPrivateKey(RsTlvSecurityKey &key); void setRSAPublicKey(RsTlvSecurityKey &key, RSA *rsa_pub); @@ -2193,15 +2195,12 @@ std::string p3GroupDistrib::publishMsg(RsDistribMsg *msg, bool personalSign) if (personalSign) { - unsigned int siglen = EVP_PKEY_size(publishKey); - unsigned char sigbuf[siglen]; - if (AuthSSL::getAuthSSL()->SignDataBin(out_data, out_size, sigbuf, &siglen)) + unsigned int siglen = MAX_GPG_SIGNATURE_SIZE; + unsigned char sigbuf[siglen]; + if (AuthGPG::getAuthGPG()->SignDataBin(out_data, out_size, sigbuf, &siglen)) { signedMsg->personalSignature.signData.setBinData(sigbuf, siglen); - signedMsg->personalSignature.keyId = AuthSSL::getAuthSSL()->OwnId(); - - // Don't want to send our certificate everywhere. - //signedMsg->personalSignature.sslCert = AuthSSL::getAuthSSL()->SaveOwnCertificateToString(); + signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->getGPGOwnId(); } } @@ -3015,17 +3014,25 @@ bool p3GroupDistrib::locked_validateDistribSignedMsg( newMsg->personalSignature.signData.bin_len; unsigned char *personalsigbuf = (unsigned char *) newMsg->personalSignature.signData.bin_data; - bool sslSign = AuthSSL::getAuthSSL()->VerifySignBin( + + RsPeerDetails signerDetails; + std::string gpg_fpr; + if (AuthGPG::getAuthGPG()->getGPGDetails(newMsg->personalSignature.keyId, signerDetails)) + { + gpg_fpr = signerDetails.fpr; + } + + bool gpgSign = AuthGPG::getAuthGPG()->VerifySignBin( newMsg->packet.bin_data, newMsg->packet.bin_len, - personalsigbuf, personalsiglen, newMsg->personalSignature.keyId); - if (sslSign) { + personalsigbuf, personalsiglen, gpg_fpr); + if (gpgSign) { #ifdef DISTRIB_DEBUG - std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Success for ssl signature." << std::endl; + std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Success for gpg signature." << std::endl; #endif signOk = 1; } else { #ifdef DISTRIB_DEBUG - std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail for ssl signature." << std::endl; + std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail for gpg signature." << std::endl; #endif signOk = 0; }