Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

restriction to only accept self-signed certificates for friend keys

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6928 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2013-12-07 14:29:46 +00:00
parent 68138fc1c8
commit b2bea751aa
2 changed files with 43 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
libretroshare/src/pgp/pgphandler.cc
View File

@ -954,12 +954,51 @@ bool PGPHandler::LoadCertificateFromString(const std::string& pgp_cert,PGPIdType
free(mem) ; free(mem) ;
error_string.clear() ; error_string.clear() ;
// Check that there is exactly one key in this data packet.
//
if(tmp_keyring->nkeys != 1)
{
std::cerr << "Loaded certificate contains more than one PGP key. This is not allowed." << std::endl;
error_string = "Loaded certificate contains more than one PGP key. This is not allowed." ;
return false ;
}
// Check that the key is correctly self-signed.
//
const ops_keydata_t *keydata = ops_keyring_get_key_by_index(tmp_keyring,0);
ops_validate_result_t* result=(ops_validate_result_t*)ops_mallocz(sizeof *result);
if(!ops_validate_key_signatures(result,keydata,tmp_keyring,cb_get_passphrase))
{
std::cerr << "Cannot validate self-signature for this certificate. Format error?" << std::endl;
error_string = "Cannot validate self signature for this certificate. Format error?" ;
return false ;
}
bool found = false ;
for(uint32_t i=0;i<result->valid_count;++i)
if(!memcmp((unsigned char*)result->valid_sigs[i].signer_id,keydata->key_id,KEY_ID_SIZE))
{
found = true ;
break ;
}
if(!found)
{
error_string = "This key is not self-signed. This is required by Retroshare." ;
std::cerr << "This key is not self-signed. This is required by Retroshare." << std::endl;
ops_validate_result_free(result);
return false ;
}
ops_validate_result_free(result);
#ifdef DEBUG_PGPHANDLER #ifdef DEBUG_PGPHANDLER
std::cerr << " Key read correctly: " << std::endl; std::cerr << " Key read correctly: " << std::endl;
#endif
ops_keyring_list(tmp_keyring) ; ops_keyring_list(tmp_keyring) ;
#endif
const ops_keydata_t *keydata = NULL ;
int i=0 ; int i=0 ;
while( (keydata = ops_keyring_get_key_by_index(tmp_keyring,i++)) != NULL ) while( (keydata = ops_keyring_get_key_by_index(tmp_keyring,i++)) != NULL )

6
libretroshare/src/tests/pgp/test_certificate.cc
View File

@ -85,6 +85,7 @@ int main(int argc,char *argv[])
std::string name ; std::string name ;
std::list<std::string> signers ; std::list<std::string> signers ;
PGPHandler::setPassphraseCallback(pgp_pwd_cb) ;
PGPHandler handler("toto1","toto2","toto3","toto4") ; PGPHandler handler("toto1","toto2","toto3","toto4") ;
handler.getGPGDetailsFromBinaryBlock(cert.pgp_key(),cert.pgp_key_size(),key_id,name,signers) ; handler.getGPGDetailsFromBinaryBlock(cert.pgp_key(),cert.pgp_key_size(),key_id,name,signers) ;
@ -114,10 +115,7 @@ int main(int argc,char *argv[])
std::string error_string ; std::string error_string ;
PGPIdType found_id ; PGPIdType found_id ;
PGPHandler::setPassphraseCallback(pgp_pwd_cb) ; bool result = handler.LoadCertificateFromString(res,found_id,error_string) ;
PGPHandler pgph("pubring.pgp","secring.pgp","trustdb.pgp","lock") ;
bool result = pgph.LoadCertificateFromString(res,found_id,error_string) ;
if(!result) if(!result)
std::cerr << "Certificate error: " << error_string << std::endl; std::cerr << "Certificate error: " << error_string << std::endl;