mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-10-01 02:35:48 -04:00
Fixed signature parsing
git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5164 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
fcb202f666
commit
ad5ca59a7a
@ -164,6 +164,39 @@ ops_keyring_t *PGPHandler::allocateOPSKeyring()
|
|||||||
return kr ;
|
return kr ;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ops_parse_cb_return_t cb_get_passphrase(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)// __attribute__((unused)))
|
||||||
|
{
|
||||||
|
const ops_parser_content_union_t *content=&content_->content;
|
||||||
|
// validate_key_cb_arg_t *arg=ops_parse_cb_get_arg(cbinfo);
|
||||||
|
// ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
|
||||||
|
|
||||||
|
bool prev_was_bad = false ;
|
||||||
|
|
||||||
|
switch(content_->tag)
|
||||||
|
{
|
||||||
|
case OPS_PARSER_CMD_GET_SK_PASSPHRASE_PREV_WAS_BAD: prev_was_bad = true ;
|
||||||
|
case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
|
||||||
|
{
|
||||||
|
std::string passwd;
|
||||||
|
std::string uid_hint = std::string((const char *)cbinfo->cryptinfo.keydata->uids[0].user_id) ;
|
||||||
|
uid_hint += "(" + PGPIdType(cbinfo->cryptinfo.keydata->key_id).toStdString()+")" ;
|
||||||
|
|
||||||
|
passwd = PGPHandler::passphraseCallback()(NULL,uid_hint.c_str(),NULL,prev_was_bad) ;
|
||||||
|
// if (rsicontrol->getNotify().askForPassword(uid_hint, prev_was_bad, passwd) == false)
|
||||||
|
// return OPS_RELEASE_MEMORY;
|
||||||
|
|
||||||
|
*(content->secret_key_passphrase.passphrase)= (char *)ops_mallocz(passwd.length()+1) ;
|
||||||
|
memcpy(*(content->secret_key_passphrase.passphrase),passwd.c_str(),passwd.length()) ;
|
||||||
|
return OPS_KEEP_MEMORY;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return OPS_RELEASE_MEMORY;
|
||||||
|
}
|
||||||
void PGPHandler::setPassphraseCallback(PassphraseCallback cb)
|
void PGPHandler::setPassphraseCallback(PassphraseCallback cb)
|
||||||
{
|
{
|
||||||
_passphrase_callback = cb ;
|
_passphrase_callback = cb ;
|
||||||
@ -192,10 +225,18 @@ PGPHandler::PGPHandler(const std::string& pubring, const std::string& secring)
|
|||||||
int i=0 ;
|
int i=0 ;
|
||||||
while( (keydata = ops_keyring_get_key_by_index(_pubring,i)) != NULL )
|
while( (keydata = ops_keyring_get_key_by_index(_pubring,i)) != NULL )
|
||||||
{
|
{
|
||||||
initCertificateInfo(_public_keyring_map[ PGPIdType(keydata->key_id).toStdString() ],keydata,i) ;
|
PGPCertificateInfo& cert(_public_keyring_map[ PGPIdType(keydata->key_id).toStdString() ]) ;
|
||||||
|
|
||||||
|
// Init all certificates.
|
||||||
|
|
||||||
|
initCertificateInfo(cert,keydata,i) ;
|
||||||
|
|
||||||
|
// Validate signatures.
|
||||||
|
|
||||||
|
validateAndUpdateSignatures(cert,keydata) ;
|
||||||
|
|
||||||
++i ;
|
++i ;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::cerr << "Pubring read successfully." << std::endl;
|
std::cerr << "Pubring read successfully." << std::endl;
|
||||||
|
|
||||||
if(ops_false == ops_keyring_read_from_file(_secring, false, secring.c_str()))
|
if(ops_false == ops_keyring_read_from_file(_secring, false, secring.c_str()))
|
||||||
@ -209,6 +250,7 @@ PGPHandler::PGPHandler(const std::string& pubring, const std::string& secring)
|
|||||||
}
|
}
|
||||||
|
|
||||||
std::cerr << "Secring read successfully." << std::endl;
|
std::cerr << "Secring read successfully." << std::endl;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t index)
|
void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t index)
|
||||||
@ -249,16 +291,21 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_
|
|||||||
ops_fingerprint(&f,&keydata->key.pkey) ;
|
ops_fingerprint(&f,&keydata->key.pkey) ;
|
||||||
|
|
||||||
cert._fpr = PGPFingerprintType(f.fingerprint) ;
|
cert._fpr = PGPFingerprintType(f.fingerprint) ;
|
||||||
|
}
|
||||||
|
|
||||||
|
void PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata)
|
||||||
|
{
|
||||||
|
ops_validate_result_t* result=(ops_validate_result_t*)ops_mallocz(sizeof *result);
|
||||||
|
ops_boolean_t res = ops_validate_key_signatures(result,keydata,_pubring,cb_get_passphrase) ;
|
||||||
|
|
||||||
// Parse signers.
|
// Parse signers.
|
||||||
//
|
//
|
||||||
|
|
||||||
for(size_t i=0;i<keydata->nsigs;++i)
|
if(result != NULL)
|
||||||
{
|
for(size_t i=0;i<result->valid_count;++i)
|
||||||
cert.signers.insert(std::string((const char *)keydata->sigs[i].userid->user_id)) ;
|
cert.signers.insert(PGPIdType(result->valid_sigs[i].signer_id).toStdString()) ;
|
||||||
|
|
||||||
std::cerr << "Signature data packet size = " << keydata->sigs[i].packet->length << std::endl;
|
ops_validate_result_free(result) ;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
PGPHandler::~PGPHandler()
|
PGPHandler::~PGPHandler()
|
||||||
@ -338,39 +385,7 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& i
|
|||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
|
|
||||||
ops_parse_cb_return_t cb_get_passphrase(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)// __attribute__((unused)))
|
|
||||||
{
|
|
||||||
const ops_parser_content_union_t *content=&content_->content;
|
|
||||||
// validate_key_cb_arg_t *arg=ops_parse_cb_get_arg(cbinfo);
|
|
||||||
// ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
|
|
||||||
|
|
||||||
bool prev_was_bad = false ;
|
|
||||||
|
|
||||||
switch(content_->tag)
|
|
||||||
{
|
|
||||||
case OPS_PARSER_CMD_GET_SK_PASSPHRASE_PREV_WAS_BAD: prev_was_bad = true ;
|
|
||||||
case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
|
|
||||||
{
|
|
||||||
std::string passwd;
|
|
||||||
std::string uid_hint = std::string((const char *)cbinfo->cryptinfo.keydata->uids[0].user_id) ;
|
|
||||||
uid_hint += "(" + PGPIdType(cbinfo->cryptinfo.keydata->key_id).toStdString()+")" ;
|
|
||||||
|
|
||||||
passwd = PGPHandler::passphraseCallback()(NULL,uid_hint.c_str(),NULL,prev_was_bad) ;
|
|
||||||
// if (rsicontrol->getNotify().askForPassword(uid_hint, prev_was_bad, passwd) == false)
|
|
||||||
// return OPS_RELEASE_MEMORY;
|
|
||||||
|
|
||||||
*(content->secret_key_passphrase.passphrase)= (char *)ops_mallocz(passwd.length()+1) ;
|
|
||||||
memcpy(*(content->secret_key_passphrase.passphrase),passwd.c_str(),passwd.length()) ;
|
|
||||||
return OPS_KEEP_MEMORY;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
return OPS_RELEASE_MEMORY;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, PGPIdType& pgpId, std::string& errString)
|
bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, PGPIdType& pgpId, std::string& errString)
|
||||||
{
|
{
|
||||||
@ -432,6 +447,10 @@ bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::stri
|
|||||||
ops_keyring_free(tmp_keyring) ;
|
ops_keyring_free(tmp_keyring) ;
|
||||||
free(tmp_keyring) ;
|
free(tmp_keyring) ;
|
||||||
|
|
||||||
|
// 7 - validate own signature and update certificate.
|
||||||
|
|
||||||
|
validateAndUpdateSignatures(_public_keyring_map[ pgpId.toStdString() ],getPublicKey(pgpId)) ;
|
||||||
|
|
||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -526,6 +545,7 @@ bool PGPHandler::LoadCertificateFromString(const std::string& pgp_cert,PGPIdType
|
|||||||
|
|
||||||
addNewKeyToOPSKeyring(_pubring,*keydata) ;
|
addNewKeyToOPSKeyring(_pubring,*keydata) ;
|
||||||
initCertificateInfo(_public_keyring_map[id.toStdString()],keydata,_pubring->nkeys-1) ;
|
initCertificateInfo(_public_keyring_map[id.toStdString()],keydata,_pubring->nkeys-1) ;
|
||||||
|
validateAndUpdateSignatures(_public_keyring_map[id.toStdString()],keydata) ;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::cerr << "Added the key in the main public keyring." << std::endl;
|
std::cerr << "Added the key in the main public keyring." << std::endl;
|
||||||
|
@ -135,6 +135,7 @@ class PGPHandler
|
|||||||
static PassphraseCallback passphraseCallback() { return _passphrase_callback ; }
|
static PassphraseCallback passphraseCallback() { return _passphrase_callback ; }
|
||||||
private:
|
private:
|
||||||
void initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t i) ;
|
void initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t i) ;
|
||||||
|
void validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata) ;
|
||||||
|
|
||||||
const ops_keydata_t *getPublicKey(const PGPIdType&) const ;
|
const ops_keydata_t *getPublicKey(const PGPIdType&) const ;
|
||||||
const ops_keydata_t *getSecretKey(const PGPIdType&) const ;
|
const ops_keydata_t *getSecretKey(const PGPIdType&) const ;
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
#include <openpgpsdk/packet-parse.h>
|
#include <openpgpsdk/packet-parse.h>
|
||||||
#include <openpgpsdk/util.h>
|
#include <openpgpsdk/util.h>
|
||||||
#include <openpgpsdk/accumulate.h>
|
#include <openpgpsdk/accumulate.h>
|
||||||
#include <openpgpsdk/keyring_local.h>
|
#include "keyring_local.h"
|
||||||
#include "parse_local.h"
|
#include "parse_local.h"
|
||||||
#include <openpgpsdk/signature.h>
|
#include <openpgpsdk/signature.h>
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
@ -977,6 +977,18 @@ cb_keyring_read(const ops_parser_content_t *content_,
|
|||||||
return OPS_RELEASE_MEMORY;
|
return OPS_RELEASE_MEMORY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
\ingroup HighLevel_KeyringList
|
||||||
|
|
||||||
|
\brief Saves keyring to specified file
|
||||||
|
|
||||||
|
\param keyring Keyring to save
|
||||||
|
\param armoured Save in ascii armoured format
|
||||||
|
\param output filename
|
||||||
|
|
||||||
|
\return ops_true is anything when ok
|
||||||
|
*/
|
||||||
|
|
||||||
ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename)
|
ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename)
|
||||||
{
|
{
|
||||||
ops_create_info_t *info;
|
ops_create_info_t *info;
|
||||||
@ -994,8 +1006,9 @@ ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean
|
|||||||
ops_write_transferable_public_key(&keyring->keys[i],armoured,info) ;
|
ops_write_transferable_public_key(&keyring->keys[i],armoured,info) ;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
fprintf(stderr, "ops_write_keyring: not writing key. Algorithm not handled: ") ;
|
fprintf(stdout, "ops_write_keyring: not writing key. Algorithm not handled: ") ;
|
||||||
ops_print_public_keydata(&keyring->keys[i]);
|
ops_print_public_keydata(&keyring->keys[i]);
|
||||||
|
fprintf(stdout, "\n") ;
|
||||||
}
|
}
|
||||||
|
|
||||||
ops_writer_close(info);
|
ops_writer_close(info);
|
||||||
|
@ -420,7 +420,16 @@ ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length,
|
|||||||
{
|
{
|
||||||
fprintf(stderr,"ret=%d\n",ret);
|
fprintf(stderr,"ret=%d\n",ret);
|
||||||
}
|
}
|
||||||
assert(ret >= 0);
|
|
||||||
|
if(ret < 0)
|
||||||
|
{
|
||||||
|
ERR_load_crypto_strings() ;
|
||||||
|
unsigned long err = 0 ;
|
||||||
|
while(err = ERR_get_error())
|
||||||
|
fprintf(stderr,"DSA_do_verify(): ERR = %ld. lib error:\"%s\", func_error:\"%s\", reason:\"%s\"\n",err,ERR_lib_error_string(err),ERR_func_error_string(err),ERR_reason_error_string(err)) ;
|
||||||
|
//assert(ret >= 0);
|
||||||
|
return ops_false ;
|
||||||
|
}
|
||||||
|
|
||||||
odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;
|
odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;
|
||||||
DSA_free(odsa);
|
DSA_free(odsa);
|
||||||
|
@ -408,6 +408,8 @@ ops_boolean_t ops_check_signature(const unsigned char *hash, unsigned length,
|
|||||||
case OPS_PKA_DSA:
|
case OPS_PKA_DSA:
|
||||||
ret=ops_dsa_verify(hash, length, &sig->info.signature.dsa,
|
ret=ops_dsa_verify(hash, length, &sig->info.signature.dsa,
|
||||||
&signer->key.dsa);
|
&signer->key.dsa);
|
||||||
|
/* fprintf(stderr,"Cannot verify DSA signature. skipping.\n") ;
|
||||||
|
ret = ops_false ; */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case OPS_PKA_RSA:
|
case OPS_PKA_RSA:
|
||||||
@ -1237,6 +1239,7 @@ ops_boolean_t ops_sign_file(const char* input_filename,
|
|||||||
\param sig_type Signature type
|
\param sig_type Signature type
|
||||||
\param skey Secret Key
|
\param skey Secret Key
|
||||||
\param use_armour Write armoured text, if set
|
\param use_armour Write armoured text, if set
|
||||||
|
\param include_data Includes the signed data in the output message. If not, creates a detached signature.
|
||||||
\return New ops_memory_t struct containing signed text
|
\return New ops_memory_t struct containing signed text
|
||||||
\note It is the caller's responsibility to call ops_memory_free(me)
|
\note It is the caller's responsibility to call ops_memory_free(me)
|
||||||
|
|
||||||
|
@ -146,7 +146,7 @@ static void add_sig_to_valid_list(ops_validate_result_t * result, const ops_sign
|
|||||||
|
|
||||||
// copy key ptr to array
|
// copy key ptr to array
|
||||||
start=(sizeof *sig) * (result->valid_count-1);
|
start=(sizeof *sig) * (result->valid_count-1);
|
||||||
copy_signature_info(result->valid_sigs+start,sig);
|
copy_signature_info(&result->valid_sigs[result->valid_count-1],sig);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void add_sig_to_invalid_list(ops_validate_result_t * result, const ops_signature_info_t *sig)
|
static void add_sig_to_invalid_list(ops_validate_result_t * result, const ops_signature_info_t *sig)
|
||||||
@ -166,7 +166,7 @@ static void add_sig_to_invalid_list(ops_validate_result_t * result, const ops_si
|
|||||||
|
|
||||||
// copy key ptr to array
|
// copy key ptr to array
|
||||||
start=(sizeof *sig) * (result->invalid_count-1);
|
start=(sizeof *sig) * (result->invalid_count-1);
|
||||||
copy_signature_info(result->invalid_sigs+start, sig);
|
copy_signature_info(&result->invalid_sigs[result->invalid_count-1],sig);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void add_sig_to_unknown_list(ops_validate_result_t * result, const ops_signature_info_t *sig)
|
static void add_sig_to_unknown_list(ops_validate_result_t * result, const ops_signature_info_t *sig)
|
||||||
@ -186,7 +186,7 @@ static void add_sig_to_unknown_list(ops_validate_result_t * result, const ops_si
|
|||||||
|
|
||||||
// copy key id to array
|
// copy key id to array
|
||||||
start=OPS_KEY_ID_SIZE * (result->unknown_signer_count-1);
|
start=OPS_KEY_ID_SIZE * (result->unknown_signer_count-1);
|
||||||
copy_signature_info(result->unknown_sigs+start, sig);
|
copy_signature_info(&result->unknown_sigs[result->unknown_signer_count-1],sig);
|
||||||
}
|
}
|
||||||
|
|
||||||
ops_parse_cb_return_t
|
ops_parse_cb_return_t
|
||||||
@ -752,6 +752,17 @@ ops_boolean_t ops_validate_mem(ops_validate_result_t *result, ops_memory_t* mem,
|
|||||||
return validate_result_status(result);
|
return validate_result_status(result);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
\ingroup HighLevel_Verify
|
||||||
|
\brief Verifies the signature in a detached signature data packet, given the literal data
|
||||||
|
\param literal_data Literal data that is signed
|
||||||
|
\param literal_data_length length of the literal data that is signed
|
||||||
|
\param signature_packet signature packet in binary PGP format
|
||||||
|
\param signature_packet_length length of the signature packet
|
||||||
|
\param signers_key Public key of the signer to check the signature for.
|
||||||
|
\return ops_true if signature validates successfully; ops_false if not
|
||||||
|
*/
|
||||||
|
|
||||||
ops_boolean_t ops_validate_detached_signature(const void *literal_data, unsigned int literal_data_length, const unsigned char *signature_packet, unsigned int signature_packet_length,const ops_keydata_t *signers_key)
|
ops_boolean_t ops_validate_detached_signature(const void *literal_data, unsigned int literal_data_length, const unsigned char *signature_packet, unsigned int signature_packet_length,const ops_keydata_t *signers_key)
|
||||||
{
|
{
|
||||||
ops_validate_result_t *result = (ops_validate_result_t*)ops_mallocz(sizeof(ops_validate_result_t));
|
ops_validate_result_t *result = (ops_validate_result_t*)ops_mallocz(sizeof(ops_validate_result_t));
|
||||||
@ -769,7 +780,7 @@ ops_boolean_t ops_validate_detached_signature(const void *literal_data, unsigned
|
|||||||
ops_keyring_t tmp_keyring ;
|
ops_keyring_t tmp_keyring ;
|
||||||
tmp_keyring.nkeys = 1 ;
|
tmp_keyring.nkeys = 1 ;
|
||||||
tmp_keyring.nkeys_allocated = 1 ;
|
tmp_keyring.nkeys_allocated = 1 ;
|
||||||
tmp_keyring.keys = signers_key ;
|
tmp_keyring.keys = (ops_keydata_t *)signers_key ; // this is a const_cast, somehow
|
||||||
|
|
||||||
memset(&validate_arg,'\0',sizeof validate_arg);
|
memset(&validate_arg,'\0',sizeof validate_arg);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user