From dba66cdd7aab838847d3568253c076a5294c74eb Mon Sep 17 00:00:00 2001 From: csoler Date: Thu, 14 Jun 2012 20:13:31 +0000 Subject: [PATCH] added check for DSA/RSA key algorithm. Disabled make friend, login and cert creation, with unsupported keys git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5221 b45a01b8-16f6-495d-af2f-9b41ad6348cc --- libretroshare/src/pgp/pgphandler.cc | 10 +++- libretroshare/src/pgp/pgphandler.h | 9 ++-- libretroshare/src/pqi/authgpg.cc | 10 ++++ libretroshare/src/pqi/authgpg.h | 1 + libretroshare/src/retroshare/rspeers.h | 1 + libretroshare/src/rsserver/p3peers.cc | 4 ++ libretroshare/src/rsserver/p3peers.h | 1 + libretroshare/src/rsserver/rsinit.cc | 48 +++++++++---------- .../src/gui/connect/ConfCertDialog.cpp | 11 +++++ 9 files changed, 65 insertions(+), 30 deletions(-) diff --git a/libretroshare/src/pgp/pgphandler.cc b/libretroshare/src/pgp/pgphandler.cc index fb6a897c2..19462cc73 100644 --- a/libretroshare/src/pgp/pgphandler.cc +++ b/libretroshare/src/pgp/pgphandler.cc @@ -183,6 +183,9 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_ ops_fingerprint(&f,&keydata->key.pkey) ; cert._fpr = PGPFingerprintType(f.fingerprint) ; + + if(keydata->key.pkey.algorithm != OPS_PKA_RSA) + cert._flags |= PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ; } void PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata) @@ -224,7 +227,7 @@ bool PGPHandler::printKeys() const std::cerr << "\tName : " << it->second._name << std::endl; std::cerr << "\tEmail : " << it->second._email << std::endl; std::cerr << "\tOwnSign : " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl; - std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl; + std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION) << std::endl; std::cerr << "\ttrustLvl : " << it->second._trustLvl << std::endl; std::cerr << "\tvalidLvl : " << it->second._validLvl << std::endl; std::cerr << "\tfingerprint : " << it->second._fpr.toStdString() << std::endl; @@ -271,7 +274,10 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list& i // check that the key is in the pubring as well if(ops_keyring_find_key_by_id(_pubring,keydata->key_id) != NULL) - ids.push_back(PGPIdType(keydata->key_id)) ; + if(keydata->key.pkey.algorithm == OPS_PKA_RSA) + ids.push_back(PGPIdType(keydata->key_id)) ; + else + std::cerr << "Skipping keypair " << PGPIdType(keydata->key_id).toStdString() << ", unsupported algorithm: " << keydata->key.pkey.algorithm << std::endl; } return true ; diff --git a/libretroshare/src/pgp/pgphandler.h b/libretroshare/src/pgp/pgphandler.h index f4f0949ea..d3637423e 100644 --- a/libretroshare/src/pgp/pgphandler.h +++ b/libretroshare/src/pgp/pgphandler.h @@ -44,9 +44,10 @@ class PGPCertificateInfo uint32_t _key_index ; // index to array of keys in the public keyring - static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION = 0x0001 ; - static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE = 0x0002 ; - static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME = 0x0004 ; + static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION = 0x0001 ; + static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE = 0x0002 ; + static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME = 0x0004 ; + static const uint32_t PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM = 0x0008 ; // set when the key is not RSA, so that RS avoids to use it. }; class PGPHandler @@ -78,6 +79,8 @@ class PGPHandler bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ; void setAcceptConnexion(const PGPIdType&,bool) ; + bool isKeySupported(const PGPIdType& id) const ; + // Write keyring bool publicKeyringChanged() const { return _pubring_changed ; } bool secretKeyringChanged() const { return _secring_changed ; } diff --git a/libretroshare/src/pqi/authgpg.cc b/libretroshare/src/pqi/authgpg.cc index f023998b0..84af2f2df 100644 --- a/libretroshare/src/pqi/authgpg.cc +++ b/libretroshare/src/pqi/authgpg.cc @@ -718,6 +718,16 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) } #endif +bool AuthGPG::isKeySupported(const std::string& id) const +{ + const PGPCertificateInfo *pc = PGPHandler::getCertificateInfo(PGPIdType(id)) ; + + if(pc == NULL) + return false ; + + return !(pc->_flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM) ; +} + bool AuthGPG::getGPGDetails(const std::string& id, RsPeerDetails &d) { RsStackMutex stack(gpgMtxData); /******* LOCKED ******/ diff --git a/libretroshare/src/pqi/authgpg.h b/libretroshare/src/pqi/authgpg.h index a195932ac..f5d047c8c 100644 --- a/libretroshare/src/pqi/authgpg.h +++ b/libretroshare/src/pqi/authgpg.h @@ -161,6 +161,7 @@ class AuthGPG: public p3Config, public RsThread, public PGPHandler virtual std::string getGPGOwnName(); //virtual std::string getGPGOwnEmail(); + virtual bool isKeySupported(const std::string &id) const ; virtual bool getGPGDetails(const std::string &id, RsPeerDetails &d); virtual bool getGPGAllList(std::list &ids); virtual bool getGPGValidList(std::list &ids); diff --git a/libretroshare/src/retroshare/rspeers.h b/libretroshare/src/retroshare/rspeers.h index 70d989766..774b0b290 100644 --- a/libretroshare/src/retroshare/rspeers.h +++ b/libretroshare/src/retroshare/rspeers.h @@ -231,6 +231,7 @@ virtual bool getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d) /* Using PGP Ids */ virtual std::string getGPGOwnId() = 0; virtual std::string getGPGId(const std::string &sslid_or_gpgid) = 0; //return the gpg id of the given gpg or ssl id +virtual bool isKeySupported(const std::string& gpg_ids) = 0; virtual bool getGPGAcceptedList(std::list &gpg_ids) = 0; virtual bool getGPGSignedList(std::list &gpg_ids) = 0;//friends that we accpet to connect with but we don't want to sign their gpg key virtual bool getGPGValidList(std::list &gpg_ids) = 0; diff --git a/libretroshare/src/rsserver/p3peers.cc b/libretroshare/src/rsserver/p3peers.cc index d2723b677..eb6f6db60 100644 --- a/libretroshare/src/rsserver/p3peers.cc +++ b/libretroshare/src/rsserver/p3peers.cc @@ -610,6 +610,10 @@ bool p3Peers::getPeerDetails(const std::string &id, RsPeerDetails &d) } #endif +bool p3Peers::isKeySupported(const std::string& id) +{ + return AuthGPG::getAuthGPG()->isKeySupported(id); +} std::string p3Peers::getGPGName(const std::string &gpg_id) { diff --git a/libretroshare/src/rsserver/p3peers.h b/libretroshare/src/rsserver/p3peers.h index 3367440d7..5bcf36403 100644 --- a/libretroshare/src/rsserver/p3peers.h +++ b/libretroshare/src/rsserver/p3peers.h @@ -63,6 +63,7 @@ virtual bool getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d); /* Using PGP Ids */ virtual std::string getGPGOwnId(); virtual std::string getGPGId(const std::string &ssl_id); +virtual bool isKeySupported(const std::string& ids); virtual bool getGPGAcceptedList(std::list &ids); virtual bool getGPGSignedList(std::list &ids); virtual bool getGPGValidList(std::list &ids); diff --git a/libretroshare/src/rsserver/rsinit.cc b/libretroshare/src/rsserver/rsinit.cc index a3c0bf719..dca336d6d 100644 --- a/libretroshare/src/rsserver/rsinit.cc +++ b/libretroshare/src/rsserver/rsinit.cc @@ -1097,38 +1097,36 @@ static bool checkAccount(std::string accountdir, accountId &id) std::string cert_name = basename + "_cert.pem"; std::string userName, userId; - #ifdef AUTHSSL_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "checkAccount() dir: " << accountdir << std::endl; - #endif - +#endif bool ret = false; /* check against authmanagers private keys */ - if (LoadCheckX509(cert_name.c_str(), id.pgpId, id.location, id.sslId)) - { - #ifdef AUTHSSL_DEBUG - std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl; - #endif + if (LoadCheckX509(cert_name.c_str(), id.pgpId, id.location, id.sslId)) + { +#ifdef AUTHSSL_DEBUG + std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl; + std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl; +#endif + if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail)) + return false ; - #ifdef GPG_DEBUG - std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl; - #endif + if(!AuthGPG::getAuthGPG()->isKeySupported(id.pgpId)) + return false ; - if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail)) - return false ; - - #ifdef GPG_DEBUG - std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName; - std::cerr << " email: " << id.pgpEmail << std::endl; - #endif - ret = true; - } - else - { - std::cerr << "GetIssuerName FAILED!" << std::endl; - ret = false; - } +#ifdef GPG_DEBUG + std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName; + std::cerr << " email: " << id.pgpEmail << std::endl; +#endif + ret = true; + } + else + { + std::cerr << "GetIssuerName FAILED!" << std::endl; + ret = false; + } return ret; } diff --git a/retroshare-gui/src/gui/connect/ConfCertDialog.cpp b/retroshare-gui/src/gui/connect/ConfCertDialog.cpp index 6df9a4f75..d6a7b75b1 100644 --- a/retroshare-gui/src/gui/connect/ConfCertDialog.cpp +++ b/retroshare-gui/src/gui/connect/ConfCertDialog.cpp @@ -140,6 +140,17 @@ void ConfCertDialog::load() return; } + if(!rsPeers->isKeySupported(mId)) + { + ui.make_friend_button->setEnabled(false) ; + ui.make_friend_button->setToolTip(tr("The supplied key algorithm is not supported by RetroShare\n(Only RSA keys are supported at the moment)")) ; + } + else + { + ui.make_friend_button->setEnabled(true) ; + ui.make_friend_button->setToolTip("") ; + } + ui.name->setText(QString::fromUtf8(detail.name.c_str())); ui.peerid->setText(QString::fromStdString(detail.id));