diff --git a/.gitmodules b/.gitmodules index 7692f4556..9a68ca0cb 100644 --- a/.gitmodules +++ b/.gitmodules @@ -36,3 +36,6 @@ [submodule "retroshare-webui"] path = retroshare-webui url = https://github.com/RetroShare/RSNewWebUI.git +[submodule "supportlibs/librnp"] + path = supportlibs/librnp + url = https://github.com/rnpgp/rnp.git diff --git a/RetroShare.pro b/RetroShare.pro index 944e8204e..4972fe2ab 100644 --- a/RetroShare.pro +++ b/RetroShare.pro @@ -25,9 +25,6 @@ CONFIG += c++14 TEMPLATE = subdirs -SUBDIRS += openpgpsdk -openpgpsdk.file = openpgpsdk/src/openpgpsdk.pro - rs_jsonapi:isEmpty(JSONAPI_GENERATOR_EXE) { SUBDIRS += jsonapi-generator jsonapi-generator.file = jsonapi-generator/src/jsonapi-generator.pro @@ -36,7 +33,7 @@ rs_jsonapi:isEmpty(JSONAPI_GENERATOR_EXE) { SUBDIRS += libbitdht libbitdht.file = libbitdht/src/libbitdht.pro -libretroshare.depends += openpgpsdk libbitdht +libretroshare.depends += libbitdht SUBDIRS += libretroshare libretroshare.file = libretroshare/src/libretroshare.pro diff --git a/build_scripts/Windows-msys2/build/build.bat b/build_scripts/Windows-msys2/build/build.bat index 4fdaff09f..bf68f3e20 100644 --- a/build_scripts/Windows-msys2/build/build.bat +++ b/build_scripts/Windows-msys2/build/build.bat @@ -18,6 +18,8 @@ if errorlevel 1 goto error_env if not "%ParamNoupdate%"=="1" ( :: Install needed things %EnvMSYS2Cmd% "pacman --noconfirm --needed -S make git mingw-w64-%RsMSYS2Architecture%-toolchain mingw-w64-%RsMSYS2Architecture%-qt5 mingw-w64-%RsMSYS2Architecture%-miniupnpc mingw-w64-%RsMSYS2Architecture%-sqlcipher mingw-w64-%RsMSYS2Architecture%-cmake mingw-w64-%RsMSYS2Architecture%-rapidjson" + :: rnp + %EnvMSYS2Cmd% "pacman --noconfirm --needed -S mingw-w64-%RsMSYS2Architecture%-json-c mingw-w64-%RsMSYS2Architecture%-libbotan" :: Webui if "%ParamWebui%"=="1" %EnvMSYS2Cmd% "pacman --noconfirm --needed -S mingw-w64-%RsMSYS2Architecture%-doxygen" diff --git a/build_scripts/Windows-msys2/build/pack.bat b/build_scripts/Windows-msys2/build/pack.bat index 313da7479..a898832f7 100644 --- a/build_scripts/Windows-msys2/build/pack.bat +++ b/build_scripts/Windows-msys2/build/pack.bat @@ -105,6 +105,7 @@ copy "%RsBuildPath%\retroshare-nogui\src\%RsBuildConfig%\retroshare*-nogui.exe" copy "%RsBuildPath%\retroshare-service\src\%RsBuildConfig%\retroshare*-service.exe" "%RsDeployPath%" %Quite% copy "%RsBuildPath%\supportlibs\cmark\build\src\libcmark.dll" "%RsDeployPath%" %Quite% if exist "%RsBuildPath%\libretroshare\src\lib\retroshare.dll" copy "%RsBuildPath%\libretroshare\src\lib\retroshare.dll" "%RsDeployPath%" %Quite% +if exist "%RsBuildPath%\supportlibs\librnp\Build\src\lib\librnp.dll" copy "%RsBuildPath%\supportlibs\librnp\Build\src\lib\librnp.dll" "%RsDeployPath%" %Quite% if exist "%RsBuildPath%\retroshare-friendserver\src\%RsBuildConfig%\retroshare-friendserver.exe" ( copy "%RsBuildPath%\retroshare-friendserver\src\%RsBuildConfig%\retroshare-friendserver.exe" "%RsDeployPath%" %Quite% ) diff --git a/build_scripts/Windows/build-libs/Makefile b/build_scripts/Windows/build-libs/Makefile index 0075770cd..33fd0218b 100644 --- a/build_scripts/Windows/build-libs/Makefile +++ b/build_scripts/Windows/build-libs/Makefile @@ -13,12 +13,18 @@ LIBMICROHTTPD_VERSION=0.9.75 FFMPEG_VERSION=4.4 RAPIDJSON_VERSION=1.1.0 XAPIAN_VERSION=1.4.19 +#RNP_VERSION=0.17.1 + +# libaries for rnp +JSON_C_VERSION=0.18 +BOTAN_VERSION=2.19.5 DOWNLOAD_PATH?=download BUILD_PATH=build LIBS_PATH?=libs -all: dirs zlib bzip2 miniupnpc openssl speex speexdsp libxml2 libxslt curl sqlcipher libmicrohttpd ffmpeg rapidjson xapian copylibs +all: dirs zlib bzip2 miniupnpc openssl speex speexdsp libxml2 libxslt curl sqlcipher libmicrohttpd ffmpeg rapidjson xapian jsonc botan copylibs +#rnp download: \ $(DOWNLOAD_PATH)/zlib-$(ZLIB_VERSION).tar.gz \ @@ -363,6 +369,56 @@ $(BUILD_PATH)/xapian-core-$(XAPIAN_VERSION): $(DOWNLOAD_PATH)/xapian-core-$(XAPI rm -r -f xapian-core-$(XAPIAN_VERSION) mv $(BUILD_PATH)/xapian-core-$(XAPIAN_VERSION).tmp $(BUILD_PATH)/xapian-core-$(XAPIAN_VERSION) +jsonc: $(BUILD_PATH)/json-c-$(JSON_C_VERSION) + +$(BUILD_PATH)/json-c-$(JSON_C_VERSION): + # prepare + rm -r -f $(BUILD_PATH)/rnp-* + [ -d "json-c-$(JSON_C_VERSION)" ] || git clone https://github.com/json-c/json-c.git --depth=1 --branch json-c-$(JSON_C_VERSION) "json-c-$(JSON_C_VERSION)" + # build json-c + mkdir -p json-c-$(JSON_C_VERSION)/build + cd json-c-$(JSON_C_VERSION)/build && cmake .. -G"MSYS Makefiles" -Wno-dev -DCMAKE_BUILD_TYPE="release" -DBUILD_SHARED_LIBS=off -DBUILD_STATIC_LIBS=on -DBUILD_TESTING=off -DCMAKE_CXX_FLAGS="-D__MINGW_USE_VC2005_COMPAT" -DCMAKE_INSTALL_PREFIX="`pwd`/install" -DCMAKE_INSTALL_PREFIX="`pwd`/../../$(BUILD_PATH)/json-c-$(JSON_C_VERSION).tmp" + cd json-c-$(JSON_C_VERSION)/build && make install + # cleanup + rm -r -f json-c-$(JSON_C_VERSION) + mv $(BUILD_PATH)/json-c-$(JSON_C_VERSION).tmp $(BUILD_PATH)/json-c-$(JSON_C_VERSION) + +botan: $(BUILD_PATH)/botan-$(BOTAN_VERSION) + +$(BUILD_PATH)/botan-$(BOTAN_VERSION): + # prepare + pacman --needed --noconfirm -S python3 + rm -r -f $(BUILD_PATH)/rnp-* + [ -d "botan-$(BOTAN_VERSION)" ] || git clone https://github.com/randombit/botan.git --depth=1 --branch $(BOTAN_VERSION) "botan-$(BOTAN_VERSION)" + # build botan + if [ $(MSYSTEM) = "MINGW32" ] ; then cd botan-$(BOTAN_VERSION) && ./configure.py --os=mingw --cpu=x86_32 --disable-shared-library --enable-static-library --extra-cxxflags="-D__MINGW_USE_VC2005_COMPAT" --prefix="`pwd`/../$(BUILD_PATH)/botan-$(BOTAN_VERSION).tmp" ; fi + if [ $(MSYSTEM) = "MINGW64" ] ; then cd botan-$(BOTAN_VERSION) && ./configure.py --os=mingw --cpu=x86_64 --disable-shared-library --enable-static-library --prefix="`pwd`/../$(BUILD_PATH)/botan-$(BOTAN_VERSION).tmp" ; fi + cd botan-$(BOTAN_VERSION) && make install + # cleanup + rm -r -f botan-$(BOTAN_VERSION) + mv $(BUILD_PATH)/botan-$(BOTAN_VERSION).tmp $(BUILD_PATH)/botan-$(BOTAN_VERSION) + +rnp: $(BUILD_PATH)/rnp-$(RNP_VERSION) + +$(BUILD_PATH)/rnp-$(RNP_VERSION): + # prepare + [ -d "rnp-$(RNP_VERSION)" ] || git clone https://github.com/rnpgp/rnp.git --depth=1 --branch v$(RNP_VERSION) --recurse-submodules --shallow-submodules "rnp-$(RNP_VERSION)" + # build + mkdir -p rnp-$(RNP_VERSION)/build + cd rnp-$(RNP_VERSION)/build && cmake .. -G"MSYS Makefiles" -Wno-dev -DCMAKE_INSTALL_PREFIX="`pwd`/install" -DBUILD_SHARED_LIBS=yes -DBUILD_TESTING=off -DCMAKE_CXX_FLAGS="-D__MINGW_USE_VC2005_COMPAT -D__STDC_FORMAT_MACROS" -DBZIP2_INCLUDE_DIR="`pwd`/../../$(BUILD_PATH)/bzip2-$(BZIP2_VERSION)/include" -DBZIP2_LIBRARY_RELEASE="`pwd`/../../$(BUILD_PATH)/bzip2-$(BZIP2_VERSION)/lib/libbz2.a" -DBZIP2_LIBRARIES="`pwd`/../../$(BUILD_PATH)/bzip2-$(BZIP2_VERSION)/lib/libbz2.a" -DZLIB_INCLUDE_DIR="`pwd`/../../$(BUILD_PATH)/zlib-$(ZLIB_VERSION)/include" -DZLIB_LIBRARY="`pwd`/../../$(BUILD_PATH)/zlib-$(ZLIB_VERSION)/lib/libz.a" -DJSON-C_INCLUDE_DIR="`pwd`/../../$(BUILD_PATH)/json-c-$(JSON_C_VERSION)/include/json-c" -DJSON-C_LIBRARY="`pwd`/../../$(BUILD_PATH)/json-c-$(JSON_C_VERSION)/lib/libjson-c.a" -DBOTAN_INCLUDE_DIR="`pwd`/../../$(BUILD_PATH)/botan-$(BOTAN_VERSION)/include/botan-`echo $(BOTAN_VERSION) | cut -c1-1`" -DBOTAN_LIBRARY="`pwd`/../../$(BUILD_PATH)/botan-$(BOTAN_VERSION)/lib/libbotan-`echo $(BOTAN_VERSION) | cut -c1-1`.a" + cmake --build rnp-$(RNP_VERSION)/build + # copy files + mkdir -p $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/include/rnp + cp -r rnp-$(RNP_VERSION)/include/rnp/* $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/include/rnp/ + cp -r rnp-$(RNP_VERSION)/build/src/lib/rnp/* $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/include/rnp/ + mkdir -p $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/lib + cp -r rnp-$(RNP_VERSION)/build/src/lib/librnp.dll.a $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/lib/ + mkdir -p $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/bin + cp -r rnp-$(RNP_VERSION)/build/src/lib/librnp.dll $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/bin/ + # cleanup + rm -r -f rnp-$(RNP_VERSION) + mv $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp $(BUILD_PATH)/rnp-$(RNP_VERSION) + copylibs: rm -r -f $(LIBS_PATH) ; \ mkdir -p $(LIBS_PATH) ; \ diff --git a/build_scripts/Windows/build/pack.bat b/build_scripts/Windows/build/pack.bat index 1c844efa0..ff347babf 100644 --- a/build_scripts/Windows/build/pack.bat +++ b/build_scripts/Windows/build/pack.bat @@ -96,6 +96,7 @@ copy nul "%RsDeployPath%\portable" %Quite% echo copy binaries copy "%RsBuildPath%\retroshare-gui\src\%RsBuildConfig%\retroshare*.exe" "%RsDeployPath%" %Quite% if exist "%RsBuildPath%\libretroshare\src\lib\retroshare.dll" copy "%RsBuildPath%\libretroshare\src\lib\retroshare.dll" "%RsDeployPath%" %Quite% +if exist "%RsBuildPath%\supportlibs\librnp\Build\src\lib\librnp.dll" copy "%RsBuildPath%\supportlibs\librnp\Build\src\lib\librnp.dll" "%RsDeployPath%" %Quite% if "%ParamService%"=="1" ( copy "%RsBuildPath%\retroshare-service\src\%RsBuildConfig%\retroshare*-service.exe" "%RsDeployPath%" %Quite% diff --git a/build_scripts/Windows/installer/retroshare-Qt5.nsi b/build_scripts/Windows/installer/retroshare-Qt5.nsi index 63c81bbcc..c7a5b9554 100644 --- a/build_scripts/Windows/installer/retroshare-Qt5.nsi +++ b/build_scripts/Windows/installer/retroshare-Qt5.nsi @@ -247,6 +247,7 @@ Section $(Section_Main) Section_Main ; External binaries File "${EXTERNAL_LIB_DIR}\bin\miniupnpc.dll" + File "${RELEASEDIR}\supportlibs\librnp\Build\src\lib\librnp.dll" !if ${ARCHITECTURE} == "x86" File "${EXTERNAL_LIB_DIR}\bin\libcrypto-1_1.dll" File "${EXTERNAL_LIB_DIR}\bin\libssl-1_1.dll" diff --git a/retroshare-friendserver/src/friendserver.cc b/retroshare-friendserver/src/friendserver.cc index 19c286256..3c80bba83 100644 --- a/retroshare-friendserver/src/friendserver.cc +++ b/retroshare-friendserver/src/friendserver.cc @@ -8,7 +8,11 @@ #include "pgp/pgpkeyutil.h" #include "pgp/rscertificate.h" +#ifdef USE_OPENPGPSDK #include "pgp/openpgpsdkhandler.h" +#else +#include "pgp/rnppgphandler.h" +#endif #include "friendserver.h" #include "friend_server/fsitem.h" @@ -393,7 +397,11 @@ FriendServer::FriendServer(const std::string& base_dir,const std::string& listen std::string pgp_private_keyring_path = RsDirUtil::makePath(base_dir,"pgp_private_keyring") ; // not used. std::string pgp_trustdb_path = RsDirUtil::makePath(base_dir,"pgp_trustdb") ; // not used. +#ifdef USE_OPENPGPSDK mPgpHandler = new OpenPGPSDKHandler(pgp_public_keyring_path,pgp_private_keyring_path,pgp_trustdb_path,pgp_lock_path); +#else + mPgpHandler = new RNPPGPHandler(pgp_public_keyring_path,pgp_private_keyring_path,pgp_trustdb_path,pgp_lock_path); +#endif // Random bias. Should be cryptographically safe. diff --git a/retroshare.pri b/retroshare.pri index 7858f67f6..22bf11d3f 100644 --- a/retroshare.pri +++ b/retroshare.pri @@ -182,6 +182,12 @@ rs_deep_files_index_taglib:CONFIG -= no_rs_deep_files_index_taglib CONFIG *= no_rs_use_native_dialogs rs_use_native_dialogs:CONFIG -= no_rs_use_native_dialogs +# By default, use RNP lib for RFC4880 PGP management. If not, compilation will +# default to openpgp-sdk, which is old and unmaintained, so probably not very secure. +CONFIG *= rs_rnplib +rs_no_rnplib:CONFIG -= rs_rnplib +rs_no_rnplib:CONFIG += rs_openpgpsdk + # To disable broadcast discovery append the following assignation to qmake # command line "CONFIG+=no_rs_broadcast_discovery" CONFIG *= rs_broadcast_discovery @@ -302,6 +308,18 @@ isEmpty(RS_THREAD_LIB):RS_THREAD_LIB = pthread # ########################################################################################################################################################### +########################################################################################################################################################### +# +# V06_EXPERIMENTAL_CHANGE_001: +# +# What: removes issuer fingerprint from signature subpackets +# Why: This type of subpacket is not part of RFC4880 and not recognised by OpenPGP-SDK +# BackwardCompat: old RS before Sept.2024 will not be able to exchange keys +# Note: Since signature subpacket 33 is part of the hashed section of the signature, this also invalidates the signature. +# Depending on the implementation, certificates with self-signature that miss this subpacket may not be accepted. +# +########################################################################################################################################################### + DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_001 DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_002 @@ -313,6 +331,7 @@ rs_v07_changes { DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_002 DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_003 DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_004 + DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_005 DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_UNNAMED } @@ -849,6 +868,19 @@ isEmpty(RS_UPNP_LIB) { } } +rs_openpgpsdk { + SUBDIRS += openpgpsdk + openpgpsdk.file = openpgpsdk/src/openpgpsdk.pro + libretroshare.depends += openpgpsdk + message("Using OpenPGP-SDK for PGP") +} + +rs_rnplib { + DEFINES += USE_RNP_LIB + message("Using RNP lib for PGP") +} + + equals(RS_UPNP_LIB, none):RS_UPNP_LIB= equals(RS_UPNP_LIB, miniupnpc):DEFINES*=RS_USE_LIBMINIUPNPC contains(RS_UPNP_LIB, upnp):DEFINES*=RS_USE_LIBUPNP diff --git a/supportlibs/librnp b/supportlibs/librnp new file mode 160000 index 000000000..3bd1b71b2 --- /dev/null +++ b/supportlibs/librnp @@ -0,0 +1 @@ +Subproject commit 3bd1b71b2a6138fbf21aa531349846024cbaec21