From 8cb3ae6d2ede7d0880f4c742a0f61db2575ec8c0 Mon Sep 17 00:00:00 2001 From: csoler Date: Mon, 12 Jan 2015 22:02:43 +0000 Subject: [PATCH] added code to generate 3072 and 4096 bit PGP keys at startup (Patch from Serhaf) git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7841 b45a01b8-16f6-495d-af2f-9b41ad6348cc --- libretroshare/src/pgp/pgphandler.cc | 13 +++--- libretroshare/src/pgp/pgphandler.h | 2 +- libretroshare/src/pqi/authgpg.cc | 6 +-- libretroshare/src/pqi/authgpg.h | 2 +- libretroshare/src/retroshare/rsinit.h | 2 +- libretroshare/src/rsserver/rsaccounts.cc | 8 ++-- libretroshare/src/rsserver/rsaccounts.h | 2 +- retroshare-gui/src/gui/GenCertDialog.cpp | 20 ++++++++- retroshare-gui/src/gui/GenCertDialog.ui | 57 ++++++++++++++++-------- 9 files changed, 75 insertions(+), 37 deletions(-) diff --git a/libretroshare/src/pgp/pgphandler.cc b/libretroshare/src/pgp/pgphandler.cc index 396d19aa1..e657a5ead 100644 --- a/libretroshare/src/pgp/pgphandler.cc +++ b/libretroshare/src/pgp/pgphandler.cc @@ -360,7 +360,7 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list& ids return true ; } -bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passphrase, RsPgpId& pgpId, std::string& errString) +bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passphrase, RsPgpId& pgpId, const int keynumbits, std::string& errString) { // Some basic checks @@ -384,13 +384,16 @@ bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::stri errString = std::string("(EE) passphrase in certificate exceeds the maximum allowed passphrase size") ; return false ; } + if(keynumbits % 1024 != 0) + { + errString = std::string("(EE) RSA key length is not a multiple of 1024") ; + return false ; + } // Now the real thing RsStackMutex mtx(pgphandlerMtx) ; // lock access to PGP memory structures. RsStackFileLock flck(_pgp_lock_filename) ; // lock access to PGP directory. - static const int KEY_NUMBITS = 2048 ; - // 1 - generate keypair - RSA-2048 // ops_user_id_t uid ; @@ -398,7 +401,7 @@ bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::stri uid.user_id = (unsigned char *)s ; unsigned long int e = 65537 ; // some prime number - ops_keydata_t *key = ops_rsa_create_selfsigned_keypair(KEY_NUMBITS,e,&uid) ; + ops_keydata_t *key = ops_rsa_create_selfsigned_keypair(keynumbits, e, &uid) ; free(s) ; @@ -409,7 +412,7 @@ bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::stri ops_create_info_t *cinfo = NULL ; ops_memory_t *buf = NULL ; - ops_setup_memory_write(&cinfo, &buf, 0); + ops_setup_memory_write(&cinfo, &buf, 0); if(!ops_write_transferable_secret_key(key,(unsigned char *)passphrase.c_str(),passphrase.length(),ops_false,cinfo)) { diff --git a/libretroshare/src/pgp/pgphandler.h b/libretroshare/src/pgp/pgphandler.h index c07743d7b..917458847 100644 --- a/libretroshare/src/pgp/pgphandler.h +++ b/libretroshare/src/pgp/pgphandler.h @@ -77,7 +77,7 @@ class PGPHandler bool exportGPGKeyPair(const std::string& filename,const RsPgpId& exported_id) const ; bool availableGPGCertificatesWithPrivateKeys(std::list& ids); - bool GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId& pgpId, std::string& errString) ; + bool GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId& pgpId, const int keynumbits, std::string& errString) ; bool LoadCertificateFromString(const std::string& pem, RsPgpId& gpg_id, std::string& error_string); diff --git a/libretroshare/src/pqi/authgpg.cc b/libretroshare/src/pqi/authgpg.cc index 01ba414c9..0cb573d11 100644 --- a/libretroshare/src/pqi/authgpg.cc +++ b/libretroshare/src/pqi/authgpg.cc @@ -329,11 +329,11 @@ bool AuthGPG::active() return gpgKeySelected; } -bool AuthGPG::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId& pgpId, std::string& errString) +bool AuthGPG::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId& pgpId, const int keynumbits, std::string& errString) { RsStackMutex stack(gpgMtxEngine); /******* LOCKED ******/ - - return PGPHandler::GeneratePGPCertificate(name, email, passwd, pgpId, errString) ; + + return PGPHandler::GeneratePGPCertificate(name, email, passwd, pgpId, keynumbits, errString) ; } /**** These Two are common */ diff --git a/libretroshare/src/pqi/authgpg.h b/libretroshare/src/pqi/authgpg.h index 50a853a7b..4f7a2aed2 100644 --- a/libretroshare/src/pqi/authgpg.h +++ b/libretroshare/src/pqi/authgpg.h @@ -135,7 +135,7 @@ class AuthGPG: public p3Config, public RsThread, public PGPHandler /* Init by generating new Own PGP Cert, or selecting existing PGP Cert */ virtual int GPGInit(const RsPgpId &ownId); - virtual bool GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId &pgpId, std::string &errString); + virtual bool GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId &pgpId, const int keynumbits, std::string &errString); /*********************************************************************************/ /************************* STAGE 3 ***********************************************/ diff --git a/libretroshare/src/retroshare/rsinit.h b/libretroshare/src/retroshare/rsinit.h index 8bb51e49f..cf0780fa6 100644 --- a/libretroshare/src/retroshare/rsinit.h +++ b/libretroshare/src/retroshare/rsinit.h @@ -139,7 +139,7 @@ namespace RsAccounts // PGP Accounts. int GetPGPLogins(std::list &pgpIds); int GetPGPLoginDetails(const RsPgpId& id, std::string &name, std::string &email); - bool GeneratePGPCertificate(const std::string&, const std::string& email, const std::string& passwd, RsPgpId &pgpId, std::string &errString); + bool GeneratePGPCertificate(const std::string&, const std::string& email, const std::string& passwd, RsPgpId &pgpId, const int keynumbits, std::string &errString); // PGP Support Functions. bool ExportIdentity(const std::string& fname,const RsPgpId& pgp_id) ; diff --git a/libretroshare/src/rsserver/rsaccounts.cc b/libretroshare/src/rsserver/rsaccounts.cc index b19825a2e..d662b08da 100644 --- a/libretroshare/src/rsserver/rsaccounts.cc +++ b/libretroshare/src/rsserver/rsaccounts.cc @@ -840,9 +840,9 @@ bool RsAccountsDetail::SelectPGPAccount(const RsPgpId& pgpId) } -bool RsAccountsDetail::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId &pgpId, std::string &errString) +bool RsAccountsDetail::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, RsPgpId &pgpId, const int keynumbits, std::string &errString) { - return AuthGPG::getAuthGPG()->GeneratePGPCertificate(name, email, passwd, pgpId, errString); + return AuthGPG::getAuthGPG()->GeneratePGPCertificate(name, email, passwd, pgpId, keynumbits, errString); } // PGP Support Functions. @@ -1222,9 +1222,9 @@ int RsAccounts::GetPGPLoginDetails(const RsPgpId& id, std::string &name, std return rsAccounts->GetPGPLoginDetails(id, name, email); } -bool RsAccounts::GeneratePGPCertificate(const std::string &name, const std::string& email, const std::string& passwd, RsPgpId &pgpId, std::string &errString) +bool RsAccounts::GeneratePGPCertificate(const std::string &name, const std::string& email, const std::string& passwd, RsPgpId &pgpId, const int keynumbits, std::string &errString) { - return rsAccounts->GeneratePGPCertificate(name, email, passwd, pgpId, errString); + return rsAccounts->GeneratePGPCertificate(name, email, passwd, pgpId, keynumbits, errString); } // PGP Support Functions. diff --git a/libretroshare/src/rsserver/rsaccounts.h b/libretroshare/src/rsserver/rsaccounts.h index c4809d9b0..82948ad41 100644 --- a/libretroshare/src/rsserver/rsaccounts.h +++ b/libretroshare/src/rsserver/rsaccounts.h @@ -89,7 +89,7 @@ class RsAccountsDetail int GetPGPLogins(std::list &pgpIds); int GetPGPLoginDetails(const RsPgpId& id, std::string &name, std::string &email); - bool GeneratePGPCertificate(const std::string&, const std::string& email, const std::string& passwd, RsPgpId &pgpId, std::string &errString); + bool GeneratePGPCertificate(const std::string&, const std::string& email, const std::string& passwd, RsPgpId &pgpId, const int keynumbits, std::string &errString); bool SelectPGPAccount(const RsPgpId& pgpId); diff --git a/retroshare-gui/src/gui/GenCertDialog.cpp b/retroshare-gui/src/gui/GenCertDialog.cpp index 55af31ad6..b27e34609 100644 --- a/retroshare-gui/src/gui/GenCertDialog.cpp +++ b/retroshare-gui/src/gui/GenCertDialog.cpp @@ -147,6 +147,11 @@ GenCertDialog::GenCertDialog(bool onlyGenerateIdentity, QWidget *parent) ui.entropy_bar->setValue(0) ; + // make sure that QVariant always takes an 'int' otherwise the program will crash! + ui.keylength_comboBox->addItem("2048 bits", QVariant(2048)); + ui.keylength_comboBox->addItem("3072 bits", QVariant(3072)); + ui.keylength_comboBox->addItem("4096 bits", QVariant(4096)); + #if QT_VERSION >= 0x040700 ui.email_input->setPlaceholderText(tr("[Optional] Visible to your friends, and friends of friends.")) ; ui.node_input->setPlaceholderText(tr("[Required] Examples: Home, Laptop,...")) ; @@ -259,6 +264,8 @@ void GenCertDialog::newGPGKeyGenUiSetup() { ui.genButton->setVisible(true); ui.genprofileinfo_label->hide(); ui.header_label->show(); + ui.keylength_label->show(); + ui.keylength_comboBox->show(); } else { genNewGPGKey = false; ui.name_label->hide(); @@ -280,10 +287,11 @@ void GenCertDialog::newGPGKeyGenUiSetup() { ui.headerFrame->setHeaderText(tr("Create a new node")); ui.genprofileinfo_label->show(); ui.header_label->hide(); + ui.keylength_label->hide(); + ui.keylength_comboBox->hide(); } } - void GenCertDialog::hiddenUiSetup() { @@ -432,6 +440,8 @@ void GenCertDialog::genPerson() ui.importIdentity_PB->hide(); ui.genprofileinfo_label->hide(); ui.hidden_checkbox->hide(); + ui.keylength_label->hide(); + ui.keylength_comboBox->hide(); setCursor(Qt::WaitCursor) ; @@ -439,7 +449,13 @@ void GenCertDialog::genPerson() while(QAbstractEventDispatcher::instance()->processEvents(QEventLoop::AllEvents)) ; std::string email_str = "" ; - RsAccounts::GeneratePGPCertificate(ui.name_input->text().toUtf8().constData(), email_str.c_str(), ui.password_input->text().toUtf8().constData(), PGPId, err_string); + RsAccounts::GeneratePGPCertificate( + ui.name_input->text().toUtf8().constData(), + email_str.c_str(), + ui.password_input->text().toUtf8().constData(), + PGPId, + ui.keylength_comboBox->itemData(ui.keylength_comboBox->currentIndex()).toInt(), + err_string); setCursor(Qt::ArrowCursor) ; } diff --git a/retroshare-gui/src/gui/GenCertDialog.ui b/retroshare-gui/src/gui/GenCertDialog.ui index a9da227ee..817a883e2 100644 --- a/retroshare-gui/src/gui/GenCertDialog.ui +++ b/retroshare-gui/src/gui/GenCertDialog.ui @@ -6,7 +6,7 @@ 0 0 - 784 + 805 509 @@ -18,7 +18,16 @@ :/images/logo/logo_16.png:/images/logo/logo_16.png - + + 0 + + + 0 + + + 0 + + 0 @@ -247,6 +256,13 @@ + + + + RSA key length + + + @@ -353,10 +369,30 @@ anonymous, you can use a fake email. + + + + + + + 24 + + + + + + + <html><head/><body><p align="justify">Before proceeding, move your mouse around to help Retroshare collect as much randomness as possible. Filling the progressbar to 20% is needed, 100% is advised.</p></body></html> + + + true + + + @@ -379,23 +415,6 @@ anonymous, you can use a fake email. - - - - <html><head/><body><p align="justify">Before proceeding, move your mouse around to help Retroshare collect as much randomness as possible. Filling the progressbar to 20% is needed, 100% is advised.</p></body></html> - - - true - - - - - - - 24 - - -