Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed signature parsing

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5164 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2012-05-13 19:04:13 +00:00
parent fcb202f666
commit ad5ca59a7a
7 changed files with 104 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
libretroshare/src/pgp/pgphandler.cc
View File

@ -164,6 +164,39 @@ ops_keyring_t *PGPHandler::allocateOPSKeyring()
return kr ; return kr ;
} }
ops_parse_cb_return_t cb_get_passphrase(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)// __attribute__((unused)))
{
const ops_parser_content_union_t *content=&content_->content;
// validate_key_cb_arg_t *arg=ops_parse_cb_get_arg(cbinfo);
// ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
bool prev_was_bad = false ;
switch(content_->tag)
{
case OPS_PARSER_CMD_GET_SK_PASSPHRASE_PREV_WAS_BAD: prev_was_bad = true ;
case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
{
std::string passwd;
std::string uid_hint = std::string((const char *)cbinfo->cryptinfo.keydata->uids[0].user_id) ;
uid_hint += "(" + PGPIdType(cbinfo->cryptinfo.keydata->key_id).toStdString()+")" ;
passwd = PGPHandler::passphraseCallback()(NULL,uid_hint.c_str(),NULL,prev_was_bad) ;
// if (rsicontrol->getNotify().askForPassword(uid_hint, prev_was_bad, passwd) == false)
// return OPS_RELEASE_MEMORY;
*(content->secret_key_passphrase.passphrase)= (char *)ops_mallocz(passwd.length()+1) ;
memcpy(*(content->secret_key_passphrase.passphrase),passwd.c_str(),passwd.length()) ;
return OPS_KEEP_MEMORY;
}
break;
default:
break;
}
return OPS_RELEASE_MEMORY;
}
void PGPHandler::setPassphraseCallback(PassphraseCallback cb) void PGPHandler::setPassphraseCallback(PassphraseCallback cb)
{ {
_passphrase_callback = cb ; _passphrase_callback = cb ;
@ -192,10 +225,18 @@ PGPHandler::PGPHandler(const std::string& pubring, const std::string& secring)
int i=0 ; int i=0 ;
while( (keydata = ops_keyring_get_key_by_index(_pubring,i)) != NULL ) while( (keydata = ops_keyring_get_key_by_index(_pubring,i)) != NULL )
{ {
initCertificateInfo(_public_keyring_map[ PGPIdType(keydata->key_id).toStdString() ],keydata,i) ; PGPCertificateInfo& cert(_public_keyring_map[ PGPIdType(keydata->key_id).toStdString() ]) ;
// Init all certificates.
initCertificateInfo(cert,keydata,i) ;
// Validate signatures.
validateAndUpdateSignatures(cert,keydata) ;
++i ; ++i ;
} }
std::cerr << "Pubring read successfully." << std::endl; std::cerr << "Pubring read successfully." << std::endl;
if(ops_false == ops_keyring_read_from_file(_secring, false, secring.c_str())) if(ops_false == ops_keyring_read_from_file(_secring, false, secring.c_str()))
@ -209,6 +250,7 @@ PGPHandler::PGPHandler(const std::string& pubring, const std::string& secring)
} }
std::cerr << "Secring read successfully." << std::endl; std::cerr << "Secring read successfully." << std::endl;
} }
void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t index) void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t index)
@ -249,16 +291,21 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_
ops_fingerprint(&f,&keydata->key.pkey) ; ops_fingerprint(&f,&keydata->key.pkey) ;
cert._fpr = PGPFingerprintType(f.fingerprint) ; cert._fpr = PGPFingerprintType(f.fingerprint) ;
}
void PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata)
{
ops_validate_result_t* result=(ops_validate_result_t*)ops_mallocz(sizeof *result);
ops_boolean_t res = ops_validate_key_signatures(result,keydata,_pubring,cb_get_passphrase) ;
// Parse signers. // Parse signers.
// //
for(size_t i=0;i<keydata->nsigs;++i)
{
cert.signers.insert(std::string((const char *)keydata->sigs[i].userid->user_id)) ;
std::cerr << "Signature data packet size = " << keydata->sigs[i].packet->length << std::endl; if(result != NULL)
} for(size_t i=0;i<result->valid_count;++i)
cert.signers.insert(PGPIdType(result->valid_sigs[i].signer_id).toStdString()) ;
ops_validate_result_free(result) ;
} }
PGPHandler::~PGPHandler() PGPHandler::~PGPHandler()
@ -338,39 +385,7 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& i
return true ; return true ;
} }
ops_parse_cb_return_t cb_get_passphrase(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)// __attribute__((unused)))
{
const ops_parser_content_union_t *content=&content_->content;
// validate_key_cb_arg_t *arg=ops_parse_cb_get_arg(cbinfo);
// ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
bool prev_was_bad = false ;
switch(content_->tag)
{
case OPS_PARSER_CMD_GET_SK_PASSPHRASE_PREV_WAS_BAD: prev_was_bad = true ;
case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
{
std::string passwd;
std::string uid_hint = std::string((const char *)cbinfo->cryptinfo.keydata->uids[0].user_id) ;
uid_hint += "(" + PGPIdType(cbinfo->cryptinfo.keydata->key_id).toStdString()+")" ;
passwd = PGPHandler::passphraseCallback()(NULL,uid_hint.c_str(),NULL,prev_was_bad) ;
// if (rsicontrol->getNotify().askForPassword(uid_hint, prev_was_bad, passwd) == false)
// return OPS_RELEASE_MEMORY;
*(content->secret_key_passphrase.passphrase)= (char *)ops_mallocz(passwd.length()+1) ;
memcpy(*(content->secret_key_passphrase.passphrase),passwd.c_str(),passwd.length()) ;
return OPS_KEEP_MEMORY;
}
break;
default:
break;
}
return OPS_RELEASE_MEMORY;
}
bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, PGPIdType& pgpId, std::string& errString) bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::string& email, const std::string& passwd, PGPIdType& pgpId, std::string& errString)
{ {
@ -432,6 +447,10 @@ bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::stri
ops_keyring_free(tmp_keyring) ; ops_keyring_free(tmp_keyring) ;
free(tmp_keyring) ; free(tmp_keyring) ;
// 7 - validate own signature and update certificate.
validateAndUpdateSignatures(_public_keyring_map[ pgpId.toStdString() ],getPublicKey(pgpId)) ;
return true ; return true ;
} }
@ -526,6 +545,7 @@ bool PGPHandler::LoadCertificateFromString(const std::string& pgp_cert,PGPIdType
addNewKeyToOPSKeyring(_pubring,*keydata) ; addNewKeyToOPSKeyring(_pubring,*keydata) ;
initCertificateInfo(_public_keyring_map[id.toStdString()],keydata,_pubring->nkeys-1) ; initCertificateInfo(_public_keyring_map[id.toStdString()],keydata,_pubring->nkeys-1) ;
validateAndUpdateSignatures(_public_keyring_map[id.toStdString()],keydata) ;
} }
std::cerr << "Added the key in the main public keyring." << std::endl; std::cerr << "Added the key in the main public keyring." << std::endl;

1
libretroshare/src/pgp/pgphandler.h
View File

@ -135,6 +135,7 @@ class PGPHandler
static PassphraseCallback passphraseCallback() { return _passphrase_callback ; } static PassphraseCallback passphraseCallback() { return _passphrase_callback ; }
private: private:
void initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t i) ; void initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_t *keydata,uint32_t i) ;
void validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata) ;
const ops_keydata_t *getPublicKey(const PGPIdType&) const ; const ops_keydata_t *getPublicKey(const PGPIdType&) const ;
const ops_keydata_t *getSecretKey(const PGPIdType&) const ; const ops_keydata_t *getSecretKey(const PGPIdType&) const ;

2
openpgpsdk/src/accumulate.c
View File

@ -26,7 +26,7 @@
#include <openpgpsdk/packet-parse.h> #include <openpgpsdk/packet-parse.h>
#include <openpgpsdk/util.h> #include <openpgpsdk/util.h>
#include <openpgpsdk/accumulate.h> #include <openpgpsdk/accumulate.h>
#include <openpgpsdk/keyring_local.h> #include "keyring_local.h"
#include "parse_local.h" #include "parse_local.h"
#include <openpgpsdk/signature.h> #include <openpgpsdk/signature.h>
#include <assert.h> #include <assert.h>

15
openpgpsdk/src/keyring.c
View File

@ -977,6 +977,18 @@ cb_keyring_read(const ops_parser_content_t *content_,
return OPS_RELEASE_MEMORY; return OPS_RELEASE_MEMORY;
} }
/**
\ingroup HighLevel_KeyringList
\brief Saves keyring to specified file
\param keyring Keyring to save
\param armoured Save in ascii armoured format
\param output filename
\return ops_true is anything when ok
*/
ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename) ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean_t armoured,const char *filename)
{ {
ops_create_info_t *info; ops_create_info_t *info;
@ -994,8 +1006,9 @@ ops_boolean_t ops_write_keyring_to_file(const ops_keyring_t *keyring,ops_boolean
ops_write_transferable_public_key(&keyring->keys[i],armoured,info) ; ops_write_transferable_public_key(&keyring->keys[i],armoured,info) ;
else else
{ {
fprintf(stderr, "ops_write_keyring: not writing key. Algorithm not handled: ") ; fprintf(stdout, "ops_write_keyring: not writing key. Algorithm not handled: ") ;
ops_print_public_keydata(&keyring->keys[i]); ops_print_public_keydata(&keyring->keys[i]);
fprintf(stdout, "\n") ;
} }
ops_writer_close(info); ops_writer_close(info);

11
openpgpsdk/src/openssl_crypto.c
View File

@ -420,7 +420,16 @@ ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length,
{ {
fprintf(stderr,"ret=%d\n",ret); fprintf(stderr,"ret=%d\n",ret);
} }
assert(ret >= 0);
if(ret < 0)
{
ERR_load_crypto_strings() ;
unsigned long err = 0 ;
while(err = ERR_get_error())
fprintf(stderr,"DSA_do_verify(): ERR = %ld. lib error:\"%s\", func_error:\"%s\", reason:\"%s\"\n",err,ERR_lib_error_string(err),ERR_func_error_string(err),ERR_reason_error_string(err)) ;
//assert(ret >= 0);
return ops_false ;
}
odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL; odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;
DSA_free(odsa); DSA_free(odsa);

3
openpgpsdk/src/signature.c
View File

@ -408,6 +408,8 @@ ops_boolean_t ops_check_signature(const unsigned char *hash, unsigned length,
case OPS_PKA_DSA: case OPS_PKA_DSA:
ret=ops_dsa_verify(hash, length, &sig->info.signature.dsa, ret=ops_dsa_verify(hash, length, &sig->info.signature.dsa,
&signer->key.dsa); &signer->key.dsa);
/* fprintf(stderr,"Cannot verify DSA signature. skipping.\n") ;
ret = ops_false ; */
break; break;
case OPS_PKA_RSA: case OPS_PKA_RSA:
@ -1237,6 +1239,7 @@ ops_boolean_t ops_sign_file(const char* input_filename,
\param sig_type Signature type \param sig_type Signature type
\param skey Secret Key \param skey Secret Key
\param use_armour Write armoured text, if set \param use_armour Write armoured text, if set
\param include_data Includes the signed data in the output message. If not, creates a detached signature.
\return New ops_memory_t struct containing signed text \return New ops_memory_t struct containing signed text
\note It is the caller's responsibility to call ops_memory_free(me) \note It is the caller's responsibility to call ops_memory_free(me)

19
openpgpsdk/src/validate.c
View File

@ -146,7 +146,7 @@ static void add_sig_to_valid_list(ops_validate_result_t * result, const ops_sign
// copy key ptr to array // copy key ptr to array
start=(sizeof *sig) * (result->valid_count-1); start=(sizeof *sig) * (result->valid_count-1);
copy_signature_info(result->valid_sigs+start,sig); copy_signature_info(&result->valid_sigs[result->valid_count-1],sig);
} }
static void add_sig_to_invalid_list(ops_validate_result_t * result, const ops_signature_info_t *sig) static void add_sig_to_invalid_list(ops_validate_result_t * result, const ops_signature_info_t *sig)
@ -166,7 +166,7 @@ static void add_sig_to_invalid_list(ops_validate_result_t * result, const ops_si
// copy key ptr to array // copy key ptr to array
start=(sizeof *sig) * (result->invalid_count-1); start=(sizeof *sig) * (result->invalid_count-1);
copy_signature_info(result->invalid_sigs+start, sig); copy_signature_info(&result->invalid_sigs[result->invalid_count-1],sig);
} }
static void add_sig_to_unknown_list(ops_validate_result_t * result, const ops_signature_info_t *sig) static void add_sig_to_unknown_list(ops_validate_result_t * result, const ops_signature_info_t *sig)
@ -186,7 +186,7 @@ static void add_sig_to_unknown_list(ops_validate_result_t * result, const ops_si
// copy key id to array // copy key id to array
start=OPS_KEY_ID_SIZE * (result->unknown_signer_count-1); start=OPS_KEY_ID_SIZE * (result->unknown_signer_count-1);
copy_signature_info(result->unknown_sigs+start, sig); copy_signature_info(&result->unknown_sigs[result->unknown_signer_count-1],sig);
} }
ops_parse_cb_return_t ops_parse_cb_return_t
@ -752,6 +752,17 @@ ops_boolean_t ops_validate_mem(ops_validate_result_t *result, ops_memory_t* mem,
return validate_result_status(result); return validate_result_status(result);
} }
/**
\ingroup HighLevel_Verify
\brief Verifies the signature in a detached signature data packet, given the literal data
\param literal_data Literal data that is signed
\param literal_data_length length of the literal data that is signed
\param signature_packet signature packet in binary PGP format
\param signature_packet_length length of the signature packet
\param signers_key Public key of the signer to check the signature for.
\return ops_true if signature validates successfully; ops_false if not
*/
ops_boolean_t ops_validate_detached_signature(const void *literal_data, unsigned int literal_data_length, const unsigned char *signature_packet, unsigned int signature_packet_length,const ops_keydata_t *signers_key) ops_boolean_t ops_validate_detached_signature(const void *literal_data, unsigned int literal_data_length, const unsigned char *signature_packet, unsigned int signature_packet_length,const ops_keydata_t *signers_key)
{ {
ops_validate_result_t *result = (ops_validate_result_t*)ops_mallocz(sizeof(ops_validate_result_t)); ops_validate_result_t *result = (ops_validate_result_t*)ops_mallocz(sizeof(ops_validate_result_t));
@ -769,7 +780,7 @@ ops_boolean_t ops_validate_detached_signature(const void *literal_data, unsigned
ops_keyring_t tmp_keyring ; ops_keyring_t tmp_keyring ;
tmp_keyring.nkeys = 1 ; tmp_keyring.nkeys = 1 ;
tmp_keyring.nkeys_allocated = 1 ; tmp_keyring.nkeys_allocated = 1 ;
tmp_keyring.keys = signers_key ; tmp_keyring.keys = (ops_keydata_t *)signers_key ; // this is a const_cast, somehow
memset(&validate_arg,'\0',sizeof validate_arg); memset(&validate_arg,'\0',sizeof validate_arg);