improved testing code for PGP handler, and added RSA/DSA flags to certificates.

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5371 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2012-08-02 12:14:50 +00:00
parent fe95818384
commit afe62dad28
3 changed files with 219 additions and 84 deletions

View File

@ -188,13 +188,22 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_
cert._key_index = index ;
cert._flags = 0 ;
switch(keydata->key.pkey.algorithm)
{
case OPS_PKA_RSA: cert._type = PGPCertificateInfo::PGP_CERTIFICATE_TYPE_RSA ;
break ;
case OPS_PKA_DSA: cert._type = PGPCertificateInfo::PGP_CERTIFICATE_TYPE_DSA ;
cert._flags |= PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ;
break ;
default: cert._type = PGPCertificateInfo::PGP_CERTIFICATE_TYPE_UNKNOWN ;
cert._flags |= PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ;
break ;
}
ops_fingerprint_t f ;
ops_fingerprint(&f,&keydata->key.pkey) ;
cert._fpr = PGPFingerprintType(f.fingerprint) ;
if(keydata->key.pkey.algorithm != OPS_PKA_RSA)
cert._flags |= PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ;
}
bool PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata)

View File

@ -38,6 +38,7 @@ class PGPCertificateInfo
uint32_t _trustLvl;
uint32_t _validLvl;
uint32_t _flags ;
uint32_t _type ;
PGPFingerprintType _fpr; /* fingerprint */
PGPIdType _key_id ;
@ -54,6 +55,10 @@ class PGPCertificateInfo
static const uint8_t PGP_CERTIFICATE_TRUST_MARGINALLY = 0x03 ;
static const uint8_t PGP_CERTIFICATE_TRUST_FULLY = 0x04 ;
static const uint8_t PGP_CERTIFICATE_TRUST_ULTIMATE = 0x05 ;
static const uint8_t PGP_CERTIFICATE_TYPE_UNKNOWN = 0x00 ;
static const uint8_t PGP_CERTIFICATE_TYPE_DSA = 0x01 ;
static const uint8_t PGP_CERTIFICATE_TYPE_RSA = 0x02 ;
};
class PGPHandler

View File

@ -3,6 +3,7 @@
#include <stdlib.h>
#include <iostream>
#include <pgp/pgphandler.h>
#include "argstream.h"
static std::string passphrase_callback(void *data,const char *uid_info,const char *what,int prev_was_bad)
{
@ -15,7 +16,7 @@ static std::string stringFromBytes(unsigned char *bytes,size_t len)
std::string res ;
for(int j = 0; j < len; j++)
for(uint32_t j = 0; j < len; j++)
{
res += out[ (bytes[j]>>4) ] ;
res += out[ bytes[j] & 0xf ] ;
@ -24,7 +25,96 @@ static std::string stringFromBytes(unsigned char *bytes,size_t len)
return res ;
}
static std::string askForKeyId(PGPHandler& pgph)
{
// 0 - print keys and key types
std::list<PGPIdType> lst ;
pgph.availableGPGCertificatesWithPrivateKeys(lst) ;
std::cerr << lst.size() << " available key pairs: " << std::endl;
int i=0 ;
for(std::list<PGPIdType>::const_iterator it(lst.begin());it!=lst.end();++it,++i)
{
std::cerr << "(" << i << ") ID=" << (*it).toStdString() << ", type = " ;
const PGPCertificateInfo *cert = pgph.getCertificateInfo(*it) ;
switch(cert->_type)
{
case PGPCertificateInfo::PGP_CERTIFICATE_TYPE_DSA: std::cerr << "DSA" << std::endl;
break ;
case PGPCertificateInfo::PGP_CERTIFICATE_TYPE_RSA: std::cerr << "RSA" << std::endl;
break ;
default: std::cerr << "Unknown" << std::endl;
}
}
if(i == 0)
throw std::runtime_error("No key pair available in supplied keyring.") ;
// 1 - ask for which key to use.
int num = -1 ;
while(true)
{
std::cerr << "Please enter selected key number (0 - " << i-1 << ") : " ;
std::cerr.flush() ;
char buf[10];
fgets(buf,10,stdin) ;
if(sscanf(buf,"%d",&num) == 1 && num >= 0 && num < i)
break ;
}
// 2 - return the id string.
std::list<PGPIdType>::const_iterator it(lst.begin()) ;
for(int i=0;i<num;++i,++it) ;
return (*it).toStdString() ;
}
int main(int argc,char *argv[])
{
argstream as(argc,argv) ;
bool test_pgpid_type = false ;
bool test_keyring_read = false ;
bool test_file_encryption = false ;
bool test_gen_key = false ;
bool test_output = false ;
bool test_signature = false ;
bool test_passphrase_callback = false ;
std::string key_id_string = "" ;
std::string secring_file = "" ;
std::string pubring_file = "" ;
std::string file_to_encrypt = "" ;
as >> option('1',"pgptype",test_pgpid_type,"Test pgp ID type")
>> option('2',"keyring-read",test_keyring_read,"Test keyring read")
>> option('3',"file-encryption",test_file_encryption,"Test file encryption. Needs -f, -i, -p and -s")
>> option('4',"keygen",test_gen_key,"Test key generation.")
>> option('5',"signature",test_signature,"Test signature.")
>> option('6',"output",test_output,"Test output.")
>> parameter('f',"file",file_to_encrypt,"File to encrypt. Used with -3",false)
>> parameter('p',"pubring",pubring_file,"Public keyring file.",false)
>> parameter('s',"secring",secring_file,"Secret keyring file.",false)
>> parameter('i',"keyid",key_id_string,"Key id to use. If not supplied, will be asked.",false)
>> help() ;
as.defaultErrorHandling() ;
if(test_pgpid_type + test_keyring_read + test_file_encryption + test_gen_key + test_signature + test_output != 1)
{
std::cerr << "Options 1 to 6 are mutually exclusive." << std::endl;
return 1;
}
if(test_pgpid_type)
{
// test pgp ids.
//
@ -32,22 +122,24 @@ int main(int argc,char *argv[])
//std::cerr << "Id is : " << std::hex << id.toUInt64() << std::endl;
std::cerr << "Id st : " << id.toStdString() << std::endl;
return 0 ;
}
// test PGPHandler
//
// 0 - init
static const std::string pubring = "pubring.gpg" ;
static const std::string secring = "secring.gpg" ;
std::string pubring = pubring_file.empty()?"pubring.gpg":pubring_file ;
std::string secring = secring_file.empty()?"secring.gpg":secring_file ;
static const std::string trustdb = "trustdb.gpg" ;
static const std::string lockfile = "lock" ;
PGPHandler::setPassphraseCallback(&passphrase_callback) ;
PGPHandler pgph(pubring,secring,trustdb,lockfile) ;
// std::cerr << "Writing public keyring to file tmp_keyring.asc" << std::endl;
// pgph.writePublicKeyring("tmp_keyring.asc") ;
if(test_keyring_read)
{
pgph.printKeys() ;
std::cerr << std::endl ;
@ -60,7 +152,11 @@ int main(int argc,char *argv[])
for(std::list<PGPIdType>::const_iterator it(lst.begin());it!=lst.end();++it)
std::cerr << "Found id : " << (*it).toStdString() << std::endl;
return 0 ;
}
if(test_gen_key)
{
std::string email_str("test@gmail.com") ;
std::string name_str("test") ;
std::string passw_str("test00") ;
@ -77,8 +173,13 @@ int main(int argc,char *argv[])
std::cerr << "Generation of certificate returned error: " << errString << std::endl;
else
std::cerr << "Certificate generation success. New id = " << newid.toStdString() << std::endl;
return 0 ;
}
if(test_output)
{
PGPIdType id2( (key_id_string.empty())?askForKeyId(pgph):key_id_string) ;
PGPIdType id2 = PGPIdType(std::string("618E54CF7670FF5E")) ;
std::cerr << "Now extracting key " << id2.toStdString() << " from keyring:" << std::endl ;
std::string cert = pgph.SaveCertificateToString(id2,false) ;
@ -91,14 +192,25 @@ int main(int argc,char *argv[])
std::cerr << "Loaded cert id: " << id3.toStdString() << ", Error string=\"" << error_string << "\"" << std::endl;
std::cerr << cert << std::endl;
return 0 ;
}
if(test_passphrase_callback)
{
std::cerr << "Testing password callback: " << std::endl;
std::string pass = passphrase_callback(NULL,newid.toStdString().c_str(),"Please enter password: ",false) ;
std::string newid = "XXXXXXXXXXXXXXXX" ;
std::string pass = passphrase_callback(NULL,newid.c_str(),"Please enter password: ",false) ;
std::cerr << "Password = \"" << pass << "\"" << std::endl;
return 0 ;
}
std::cerr << "Testing signature with keypair " << newid.toStdString() << std::endl;
if(test_signature)
{
if(key_id_string.empty())
key_id_string = askForKeyId(pgph) ;
PGPIdType key_id(key_id_string) ;
std::cerr << "Testing signature with keypair " << key_id_string << std::endl;
static const size_t BUFF_LEN = 25 ;
unsigned char *test_bin = new unsigned char[BUFF_LEN] ;
@ -110,7 +222,7 @@ int main(int argc,char *argv[])
unsigned char sign[1000] ;
uint32_t signlen = 1000 ;
if(!pgph.SignDataBin(newid,test_bin,BUFF_LEN,sign,&signlen))
if(!pgph.SignDataBin(key_id,test_bin,BUFF_LEN,sign,&signlen))
std::cerr << "Signature error." << std::endl;
else
std::cerr << "Signature success." << std::endl;
@ -120,8 +232,8 @@ int main(int argc,char *argv[])
std::cerr << "Now verifying signature..." << std::endl;
PGPFingerprintType fingerprint ;
if(!pgph.getKeyFingerprint(newid,fingerprint) )
std::cerr << "Cannot find fingerprint of key id " << newid.toStdString() << std::endl;
if(!pgph.getKeyFingerprint(key_id,fingerprint) )
std::cerr << "Cannot find fingerprint of key id " << key_id.toStdString() << std::endl;
if(!pgph.VerifySignBin(test_bin,BUFF_LEN,sign,signlen,fingerprint))
std::cerr << "Signature verification failed." << std::endl;
@ -129,13 +241,20 @@ int main(int argc,char *argv[])
std::cerr << "Signature verification worked!" << std::endl;
delete[] test_bin ;
}
if(test_file_encryption)
{
if(key_id_string.empty())
key_id_string = askForKeyId(pgph) ;
PGPIdType key_id(key_id_string) ;
std::string outfile = "crypted_toto.pgp" ;
std::string text_to_encrypt = "this is a secret message" ;
std::cerr << "Checking encrypted file creation: streaming chain \"" << text_to_encrypt << "\" to file " << outfile << " with key " << id2.toStdString() << std::endl;
std::cerr << "Checking encrypted file creation: streaming chain \"" << text_to_encrypt << "\" to file " << outfile << " with key " << key_id.toStdString() << std::endl;
if(!pgph.encryptTextToFile(id2,text_to_encrypt,outfile))
if(!pgph.encryptTextToFile(key_id,text_to_encrypt,outfile))
std::cerr << "Encryption failed" << std::endl;
else
std::cerr << "Encryption success" << std::endl;
@ -143,12 +262,14 @@ int main(int argc,char *argv[])
std::string decrypted_text = "" ;
outfile = "crypted_toto2.pgp" ;
if(!pgph.decryptTextFromFile(id2,decrypted_text,outfile))
if(!pgph.decryptTextFromFile(key_id,decrypted_text,outfile))
std::cerr << "Decryption failed" << std::endl;
else
std::cerr << "Decryption success" << std::endl;
std::cerr << "Decrypted text: \"" << decrypted_text << "\"" << std::endl;
return 0 ;
}
return 0 ;
}