mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-05-14 12:02:29 -04:00
fixed signature verification
git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5122 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
0587216350
commit
afc23f39c8
3 changed files with 653 additions and 595 deletions
|
@ -215,21 +215,24 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_
|
|||
while(i < namestring.length() && namestring[i] != ')' && namestring[i] != '>') { next += namestring[i] ; ++i ;}
|
||||
|
||||
while(i < namestring.length() && namestring[i] != '(' && namestring[i] != '<') { next += namestring[i] ; ++i ;}
|
||||
|
||||
if(i< namestring.length())
|
||||
{
|
||||
std::string& next2 = (namestring[i] == '(')?cert._comment:cert._email ;
|
||||
++i ;
|
||||
next2 = "" ;
|
||||
while(i < namestring.length() && namestring[i] != ')' && namestring[i] != '>') { next2 += namestring[i] ; ++i ;}
|
||||
}
|
||||
}
|
||||
|
||||
cert._trustLvl = 1 ; // to be setup accordingly
|
||||
cert._key_index = index ;
|
||||
cert._flags = 0 ;
|
||||
|
||||
ops_fingerprint_t f ;
|
||||
ops_fingerprint(&f,&keydata->key.pkey) ;
|
||||
|
||||
cert._fpr = PGPFingerprintType(f.fingerprint) ;
|
||||
|
||||
std::cerr << __PRETTY_FUNCTION__ << ": unfinished!!" << std::endl;
|
||||
}
|
||||
|
||||
PGPHandler::~PGPHandler()
|
||||
|
@ -666,7 +669,7 @@ bool PGPHandler::getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) c
|
|||
return true ;
|
||||
}
|
||||
|
||||
bool PGPHandler::VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& key_fingerprint)
|
||||
bool PGPHandler::VerifySignBin(const void *literal_data, uint32_t literal_data_length, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& key_fingerprint)
|
||||
{
|
||||
PGPIdType id = PGPIdType::fromFingerprint_hex(key_fingerprint.toStdString()) ;
|
||||
const ops_keydata_t *key = getPublicKey(id) ;
|
||||
|
@ -689,14 +692,11 @@ bool PGPHandler::VerifySignBin(const void *data, uint32_t data_len, unsigned cha
|
|||
}
|
||||
|
||||
std::cerr << "Verifying signature from fingerprint " << key_fingerprint.toStdString() << std::endl;
|
||||
std::cerr << "Warning: signature code still unfinished!" << key_fingerprint.toStdString() << std::endl;
|
||||
|
||||
ops_signature_t signature ;
|
||||
// ops_signature_add_data(&signature,sign,sign_len) ;
|
||||
std::cerr << "Verifying signature of length " << std::dec << sign_len << ", literal_length = " << literal_data_length << std::endl;
|
||||
std::cerr << "Data: " << (char *)sign << std::endl;
|
||||
|
||||
// ops_boolean_t valid=check_binary_signature(data_len,data,signature,pkey) ;
|
||||
|
||||
return false ;
|
||||
return ops_validate_detached_signature(literal_data,literal_data_length,sign,sign_len,key) ;
|
||||
}
|
||||
|
||||
void PGPHandler::setAcceptConnexion(const PGPIdType& id,bool b)
|
||||
|
|
|
@ -98,5 +98,7 @@ ops_validate_key_cb(const ops_parser_content_t *content_,ops_parse_cb_info_t *cb
|
|||
|
||||
ops_boolean_t ops_validate_file(ops_validate_result_t* result, const char* filename, const int armoured, const ops_keyring_t* keyring);
|
||||
ops_boolean_t ops_validate_mem(ops_validate_result_t *result, ops_memory_t* mem, const int armoured, const ops_keyring_t* keyring);
|
||||
ops_boolean_t ops_validate_detached_signature(const void *literal_data, unsigned int literal_data_length, const unsigned char *signature_packet, unsigned int signature_packet_length,const ops_keydata_t *signers_key) ;
|
||||
|
||||
|
||||
// EOF
|
||||
|
|
|
@ -41,7 +41,7 @@ static ops_boolean_t check_binary_signature(const unsigned len,
|
|||
const unsigned char *data,
|
||||
const ops_signature_t *sig,
|
||||
const ops_public_key_t *signer __attribute__((unused)))
|
||||
{
|
||||
{
|
||||
// Does the signed hash match the given hash?
|
||||
|
||||
int n=0;
|
||||
|
@ -88,12 +88,12 @@ static ops_boolean_t check_binary_signature(const unsigned len,
|
|||
|
||||
// return ops_false;
|
||||
return ops_check_signature(hashout,n,sig,signer);
|
||||
}
|
||||
}
|
||||
|
||||
static int keydata_reader(void *dest,size_t length,ops_error_t **errors,
|
||||
ops_reader_info_t *rinfo,
|
||||
ops_parse_cb_info_t *cbinfo)
|
||||
{
|
||||
{
|
||||
validate_reader_arg_t *arg=ops_reader_get_arg(rinfo);
|
||||
|
||||
OPS_USED(errors);
|
||||
|
@ -114,23 +114,23 @@ static int keydata_reader(void *dest,size_t length,ops_error_t **errors,
|
|||
arg->offset+=length;
|
||||
|
||||
return length;
|
||||
}
|
||||
}
|
||||
|
||||
static void free_signature_info(ops_signature_info_t *sig)
|
||||
{
|
||||
{
|
||||
free (sig->v4_hashed_data);
|
||||
free (sig);
|
||||
}
|
||||
}
|
||||
|
||||
static void copy_signature_info(ops_signature_info_t* dst, const ops_signature_info_t* src)
|
||||
{
|
||||
{
|
||||
memcpy(dst,src,sizeof *src);
|
||||
dst->v4_hashed_data=ops_mallocz(src->v4_hashed_data_length);
|
||||
memcpy(dst->v4_hashed_data,src->v4_hashed_data,src->v4_hashed_data_length);
|
||||
}
|
||||
}
|
||||
|
||||
static void add_sig_to_valid_list(ops_validate_result_t * result, const ops_signature_info_t* sig)
|
||||
{
|
||||
{
|
||||
size_t newsize;
|
||||
size_t start;
|
||||
|
||||
|
@ -147,10 +147,10 @@ static void add_sig_to_valid_list(ops_validate_result_t * result, const ops_sign
|
|||
// copy key ptr to array
|
||||
start=(sizeof *sig) * (result->valid_count-1);
|
||||
copy_signature_info(result->valid_sigs+start,sig);
|
||||
}
|
||||
}
|
||||
|
||||
static void add_sig_to_invalid_list(ops_validate_result_t * result, const ops_signature_info_t *sig)
|
||||
{
|
||||
{
|
||||
size_t newsize;
|
||||
size_t start;
|
||||
|
||||
|
@ -167,10 +167,10 @@ static void add_sig_to_invalid_list(ops_validate_result_t * result, const ops_si
|
|||
// copy key ptr to array
|
||||
start=(sizeof *sig) * (result->invalid_count-1);
|
||||
copy_signature_info(result->invalid_sigs+start, sig);
|
||||
}
|
||||
}
|
||||
|
||||
static void add_sig_to_unknown_list(ops_validate_result_t * result, const ops_signature_info_t *sig)
|
||||
{
|
||||
{
|
||||
size_t newsize;
|
||||
size_t start;
|
||||
|
||||
|
@ -187,11 +187,11 @@ static void add_sig_to_unknown_list(ops_validate_result_t * result, const ops_si
|
|||
// copy key id to array
|
||||
start=OPS_KEY_ID_SIZE * (result->unknown_signer_count-1);
|
||||
copy_signature_info(result->unknown_sigs+start, sig);
|
||||
}
|
||||
}
|
||||
|
||||
ops_parse_cb_return_t
|
||||
ops_parse_cb_return_t
|
||||
ops_validate_key_cb(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)
|
||||
{
|
||||
{
|
||||
const ops_parser_content_union_t *content=&content_->content;
|
||||
validate_key_cb_arg_t *arg=ops_parse_cb_get_arg(cbinfo);
|
||||
ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
|
||||
|
@ -337,11 +337,11 @@ ops_validate_key_cb(const ops_parser_content_t *content_,ops_parse_cb_info_t *cb
|
|||
break;
|
||||
}
|
||||
return OPS_RELEASE_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
ops_parse_cb_return_t
|
||||
ops_parse_cb_return_t
|
||||
validate_data_cb(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)
|
||||
{
|
||||
{
|
||||
const ops_parser_content_union_t *content=&content_->content;
|
||||
validate_data_cb_arg_t *arg=ops_parse_cb_get_arg(cbinfo);
|
||||
ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
|
||||
|
@ -469,13 +469,13 @@ validate_data_cb(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinf
|
|||
break;
|
||||
}
|
||||
return OPS_RELEASE_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
static void keydata_destroyer(ops_reader_info_t *rinfo)
|
||||
{ free(ops_reader_get_arg(rinfo)); }
|
||||
{ free(ops_reader_get_arg(rinfo)); }
|
||||
|
||||
void ops_keydata_reader_set(ops_parse_info_t *pinfo,const ops_keydata_t *key)
|
||||
{
|
||||
{
|
||||
validate_reader_arg_t *arg=malloc(sizeof *arg);
|
||||
|
||||
memset(arg,'\0',sizeof *arg);
|
||||
|
@ -485,7 +485,7 @@ void ops_keydata_reader_set(ops_parse_info_t *pinfo,const ops_keydata_t *key)
|
|||
arg->offset=0;
|
||||
|
||||
ops_reader_set(pinfo,keydata_reader,keydata_destroyer,arg);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* \ingroup HighLevel_Verify
|
||||
|
@ -494,12 +494,12 @@ void ops_keydata_reader_set(ops_parse_info_t *pinfo,const ops_keydata_t *key)
|
|||
* \return ops_false if any invalid signatures or unknown signers or no valid signatures; else ops_true
|
||||
*/
|
||||
ops_boolean_t validate_result_status(ops_validate_result_t* result)
|
||||
{
|
||||
{
|
||||
if (result->invalid_count || result->unknown_signer_count || !result->valid_count)
|
||||
return ops_false;
|
||||
else
|
||||
return ops_true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* \ingroup HighLevel_Verify
|
||||
|
@ -513,9 +513,9 @@ ops_boolean_t validate_result_status(ops_validate_result_t* result)
|
|||
* \sa ops_validate_result_free()
|
||||
|
||||
Example Code:
|
||||
\code
|
||||
void example(const ops_keydata_t* key, const ops_keyring_t *keyring)
|
||||
{
|
||||
\code
|
||||
void example(const ops_keydata_t* key, const ops_keyring_t *keyring)
|
||||
{
|
||||
ops_validate_result_t *result=NULL;
|
||||
if (ops_validate_key_signatures(result, key, keyring, callback_cmd_get_passphrase_from_cmdline)==ops_true)
|
||||
printf("OK");
|
||||
|
@ -526,15 +526,15 @@ void example(const ops_keydata_t* key, const ops_keyring_t *keyring)
|
|||
result->invalid_count,
|
||||
result->unknown_signer_count);
|
||||
ops_validate_result_free(result);
|
||||
}
|
||||
}
|
||||
|
||||
\endcode
|
||||
\endcode
|
||||
*/
|
||||
ops_boolean_t ops_validate_key_signatures(ops_validate_result_t *result,const ops_keydata_t *key,
|
||||
const ops_keyring_t *keyring,
|
||||
ops_parse_cb_return_t cb_get_passphrase (const ops_parser_content_t *, ops_parse_cb_info_t *)
|
||||
)
|
||||
{
|
||||
{
|
||||
ops_parse_info_t *pinfo;
|
||||
validate_key_cb_arg_t carg;
|
||||
|
||||
|
@ -569,7 +569,7 @@ ops_boolean_t ops_validate_key_signatures(ops_validate_result_t *result,const op
|
|||
return ops_false;
|
||||
else
|
||||
return ops_true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Verify
|
||||
|
@ -578,28 +578,28 @@ ops_boolean_t ops_validate_key_signatures(ops_validate_result_t *result,const op
|
|||
\param cb_get_passphrase Callback to use to get passphrase
|
||||
\note It is the caller's responsibility to free result after use.
|
||||
\sa ops_validate_result_free()
|
||||
*/
|
||||
*/
|
||||
ops_boolean_t ops_validate_all_signatures(ops_validate_result_t *result,
|
||||
const ops_keyring_t *ring,
|
||||
ops_parse_cb_return_t cb_get_passphrase (const ops_parser_content_t *, ops_parse_cb_info_t *)
|
||||
)
|
||||
{
|
||||
{
|
||||
int n;
|
||||
|
||||
memset(result,'\0',sizeof *result);
|
||||
for(n=0 ; n < ring->nkeys ; ++n)
|
||||
ops_validate_key_signatures(result,&ring->keys[n],ring, cb_get_passphrase);
|
||||
return validate_result_status(result);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Verify
|
||||
\brief Frees validation result and associated memory
|
||||
\param result Struct to be freed
|
||||
\note Must be called after validation functions
|
||||
*/
|
||||
*/
|
||||
void ops_validate_result_free(ops_validate_result_t *result)
|
||||
{
|
||||
{
|
||||
if (!result)
|
||||
return;
|
||||
|
||||
|
@ -612,7 +612,7 @@ void ops_validate_result_free(ops_validate_result_t *result)
|
|||
|
||||
free(result);
|
||||
result=NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Verify
|
||||
|
@ -626,29 +626,29 @@ void ops_validate_result_free(ops_validate_result_t *result)
|
|||
have passed, failed and not been recognised.
|
||||
\note It is the caller's responsiblity to call ops_validate_result_free(result) after use.
|
||||
|
||||
Example code:
|
||||
\code
|
||||
void example(const char* filename, const int armoured, const ops_keyring_t* keyring)
|
||||
{
|
||||
Example code:
|
||||
\code
|
||||
void example(const char* filename, const int armoured, const ops_keyring_t* keyring)
|
||||
{
|
||||
ops_validate_result_t* result=ops_mallocz(sizeof *result);
|
||||
|
||||
if (ops_validate_file(result, filename, armoured, keyring)==ops_true)
|
||||
{
|
||||
printf("OK");
|
||||
// look at result for details of keys with good signatures
|
||||
}
|
||||
else
|
||||
{
|
||||
printf("ERR");
|
||||
// look at result for details of failed signatures or unknown signers
|
||||
}
|
||||
// look at result for details of keys with good signatures
|
||||
}
|
||||
else
|
||||
{
|
||||
printf("ERR");
|
||||
// look at result for details of failed signatures or unknown signers
|
||||
}
|
||||
|
||||
ops_validate_result_free(result);
|
||||
ops_validate_result_free(result);
|
||||
}
|
||||
\endcode
|
||||
*/
|
||||
*/
|
||||
ops_boolean_t ops_validate_file(ops_validate_result_t *result, const char* filename, const int armoured, const ops_keyring_t* keyring)
|
||||
{
|
||||
{
|
||||
ops_parse_info_t *pinfo=NULL;
|
||||
validate_data_cb_arg_t validate_arg;
|
||||
|
||||
|
@ -689,7 +689,7 @@ ops_boolean_t ops_validate_file(ops_validate_result_t *result, const char* filen
|
|||
ops_teardown_file_read(pinfo, fd);
|
||||
|
||||
return validate_result_status(result);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Verify
|
||||
|
@ -702,10 +702,10 @@ ops_boolean_t ops_validate_file(ops_validate_result_t *result, const char* filen
|
|||
\note After verification, result holds the details of all keys which
|
||||
have passed, failed and not been recognised.
|
||||
\note It is the caller's responsiblity to call ops_validate_result_free(result) after use.
|
||||
*/
|
||||
*/
|
||||
|
||||
ops_boolean_t ops_validate_mem(ops_validate_result_t *result, ops_memory_t* mem, const int armoured, const ops_keyring_t* keyring)
|
||||
{
|
||||
{
|
||||
ops_parse_info_t *pinfo=NULL;
|
||||
validate_data_cb_arg_t validate_arg;
|
||||
|
||||
|
@ -742,6 +742,62 @@ ops_boolean_t ops_validate_mem(ops_validate_result_t *result, ops_memory_t* mem,
|
|||
ops_teardown_memory_read(pinfo, mem);
|
||||
|
||||
return validate_result_status(result);
|
||||
}
|
||||
}
|
||||
|
||||
ops_boolean_t ops_validate_detached_signature(const void *literal_data, unsigned int literal_data_length, const unsigned char *signature_packet, unsigned int signature_packet_length,const ops_keydata_t *signers_key)
|
||||
{
|
||||
ops_validate_result_t *result = (ops_validate_result_t*)ops_mallocz(sizeof(ops_validate_result_t));
|
||||
|
||||
ops_memory_t *mem = ops_memory_new() ;
|
||||
ops_memory_add(mem,signature_packet,signature_packet_length) ;
|
||||
|
||||
ops_parse_info_t *pinfo=NULL;
|
||||
validate_data_cb_arg_t validate_arg;
|
||||
|
||||
ops_setup_memory_read(&pinfo, mem, &validate_arg, validate_data_cb, ops_true);
|
||||
|
||||
// Set verification reader and handling options
|
||||
|
||||
ops_keyring_t tmp_keyring ;
|
||||
tmp_keyring.nkeys = 1 ;
|
||||
tmp_keyring.nkeys_allocated = 1 ;
|
||||
tmp_keyring.keys = signers_key ;
|
||||
|
||||
memset(&validate_arg,'\0',sizeof validate_arg);
|
||||
|
||||
validate_arg.result=result;
|
||||
validate_arg.keyring=&tmp_keyring;
|
||||
|
||||
int length = 8192 ;
|
||||
if(literal_data_length < length)
|
||||
length = literal_data_length ;
|
||||
|
||||
memcpy(validate_arg.data.literal_data_body.data, literal_data, length) ;
|
||||
validate_arg.data.literal_data_body.length = length ;
|
||||
|
||||
// Note: Coverity incorrectly reports an error that carg.rarg
|
||||
// is never used.
|
||||
validate_arg.rarg=ops_reader_get_arg_from_pinfo(pinfo);
|
||||
|
||||
//if (armoured)
|
||||
// ops_reader_push_dearmour(pinfo);
|
||||
|
||||
// Do the verification
|
||||
|
||||
ops_parse(pinfo);
|
||||
|
||||
printf("valid=%d, invalid=%d, unknown=%d\n", result->valid_count, result->invalid_count, result->unknown_signer_count);
|
||||
|
||||
// Tidy up
|
||||
//if (armoured)
|
||||
// ops_reader_pop_dearmour(pinfo);
|
||||
|
||||
ops_teardown_memory_read(pinfo, mem);
|
||||
|
||||
ops_boolean_t res = validate_result_status(result);
|
||||
ops_validate_result_free(result) ;
|
||||
|
||||
return res ;
|
||||
}
|
||||
|
||||
// eof
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue