mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-05-17 21:40:36 -04:00
added check for DSA/RSA key algorithm. Disabled make friend, login and cert creation, with unsupported keys
git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5221 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler
parent
36bec260b9
commit
dba66cdd7a
9 changed files with 65 additions and 30 deletions
|
|
@ -183,6 +183,9 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_
|
||||||
ops_fingerprint(&f,&keydata->key.pkey) ;
|
ops_fingerprint(&f,&keydata->key.pkey) ;
|
||||||
|
|
||||||
cert._fpr = PGPFingerprintType(f.fingerprint) ;
|
cert._fpr = PGPFingerprintType(f.fingerprint) ;
|
||||||
|
|
||||||
|
if(keydata->key.pkey.algorithm != OPS_PKA_RSA)
|
||||||
|
cert._flags |= PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ;
|
||||||
}
|
}
|
||||||
|
|
||||||
void PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata)
|
void PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata)
|
||||||
|
|
@ -224,7 +227,7 @@ bool PGPHandler::printKeys() const
|
||||||
std::cerr << "\tName : " << it->second._name << std::endl;
|
std::cerr << "\tName : " << it->second._name << std::endl;
|
||||||
std::cerr << "\tEmail : " << it->second._email << std::endl;
|
std::cerr << "\tEmail : " << it->second._email << std::endl;
|
||||||
std::cerr << "\tOwnSign : " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
|
std::cerr << "\tOwnSign : " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
|
||||||
std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
|
std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION) << std::endl;
|
||||||
std::cerr << "\ttrustLvl : " << it->second._trustLvl << std::endl;
|
std::cerr << "\ttrustLvl : " << it->second._trustLvl << std::endl;
|
||||||
std::cerr << "\tvalidLvl : " << it->second._validLvl << std::endl;
|
std::cerr << "\tvalidLvl : " << it->second._validLvl << std::endl;
|
||||||
std::cerr << "\tfingerprint : " << it->second._fpr.toStdString() << std::endl;
|
std::cerr << "\tfingerprint : " << it->second._fpr.toStdString() << std::endl;
|
||||||
|
|
@ -271,7 +274,10 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& i
|
||||||
// check that the key is in the pubring as well
|
// check that the key is in the pubring as well
|
||||||
|
|
||||||
if(ops_keyring_find_key_by_id(_pubring,keydata->key_id) != NULL)
|
if(ops_keyring_find_key_by_id(_pubring,keydata->key_id) != NULL)
|
||||||
ids.push_back(PGPIdType(keydata->key_id)) ;
|
if(keydata->key.pkey.algorithm == OPS_PKA_RSA)
|
||||||
|
ids.push_back(PGPIdType(keydata->key_id)) ;
|
||||||
|
else
|
||||||
|
std::cerr << "Skipping keypair " << PGPIdType(keydata->key_id).toStdString() << ", unsupported algorithm: " << keydata->key.pkey.algorithm << std::endl;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true ;
|
return true ;
|
||||||
|
|
|
||||||
|
|
@ -44,9 +44,10 @@ class PGPCertificateInfo
|
||||||
|
|
||||||
uint32_t _key_index ; // index to array of keys in the public keyring
|
uint32_t _key_index ; // index to array of keys in the public keyring
|
||||||
|
|
||||||
static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION = 0x0001 ;
|
static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION = 0x0001 ;
|
||||||
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE = 0x0002 ;
|
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE = 0x0002 ;
|
||||||
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME = 0x0004 ;
|
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME = 0x0004 ;
|
||||||
|
static const uint32_t PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM = 0x0008 ; // set when the key is not RSA, so that RS avoids to use it.
|
||||||
};
|
};
|
||||||
|
|
||||||
class PGPHandler
|
class PGPHandler
|
||||||
|
|
@ -78,6 +79,8 @@ class PGPHandler
|
||||||
bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ;
|
bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ;
|
||||||
void setAcceptConnexion(const PGPIdType&,bool) ;
|
void setAcceptConnexion(const PGPIdType&,bool) ;
|
||||||
|
|
||||||
|
bool isKeySupported(const PGPIdType& id) const ;
|
||||||
|
|
||||||
// Write keyring
|
// Write keyring
|
||||||
bool publicKeyringChanged() const { return _pubring_changed ; }
|
bool publicKeyringChanged() const { return _pubring_changed ; }
|
||||||
bool secretKeyringChanged() const { return _secring_changed ; }
|
bool secretKeyringChanged() const { return _secring_changed ; }
|
||||||
|
|
|
||||||
|
|
@ -718,6 +718,16 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
bool AuthGPG::isKeySupported(const std::string& id) const
|
||||||
|
{
|
||||||
|
const PGPCertificateInfo *pc = PGPHandler::getCertificateInfo(PGPIdType(id)) ;
|
||||||
|
|
||||||
|
if(pc == NULL)
|
||||||
|
return false ;
|
||||||
|
|
||||||
|
return !(pc->_flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM) ;
|
||||||
|
}
|
||||||
|
|
||||||
bool AuthGPG::getGPGDetails(const std::string& id, RsPeerDetails &d)
|
bool AuthGPG::getGPGDetails(const std::string& id, RsPeerDetails &d)
|
||||||
{
|
{
|
||||||
RsStackMutex stack(gpgMtxData); /******* LOCKED ******/
|
RsStackMutex stack(gpgMtxData); /******* LOCKED ******/
|
||||||
|
|
|
||||||
|
|
@ -161,6 +161,7 @@ class AuthGPG: public p3Config, public RsThread, public PGPHandler
|
||||||
virtual std::string getGPGOwnName();
|
virtual std::string getGPGOwnName();
|
||||||
|
|
||||||
//virtual std::string getGPGOwnEmail();
|
//virtual std::string getGPGOwnEmail();
|
||||||
|
virtual bool isKeySupported(const std::string &id) const ;
|
||||||
virtual bool getGPGDetails(const std::string &id, RsPeerDetails &d);
|
virtual bool getGPGDetails(const std::string &id, RsPeerDetails &d);
|
||||||
virtual bool getGPGAllList(std::list<std::string> &ids);
|
virtual bool getGPGAllList(std::list<std::string> &ids);
|
||||||
virtual bool getGPGValidList(std::list<std::string> &ids);
|
virtual bool getGPGValidList(std::list<std::string> &ids);
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@ virtual bool getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d)
|
||||||
/* Using PGP Ids */
|
/* Using PGP Ids */
|
||||||
virtual std::string getGPGOwnId() = 0;
|
virtual std::string getGPGOwnId() = 0;
|
||||||
virtual std::string getGPGId(const std::string &sslid_or_gpgid) = 0; //return the gpg id of the given gpg or ssl id
|
virtual std::string getGPGId(const std::string &sslid_or_gpgid) = 0; //return the gpg id of the given gpg or ssl id
|
||||||
|
virtual bool isKeySupported(const std::string& gpg_ids) = 0;
|
||||||
virtual bool getGPGAcceptedList(std::list<std::string> &gpg_ids) = 0;
|
virtual bool getGPGAcceptedList(std::list<std::string> &gpg_ids) = 0;
|
||||||
virtual bool getGPGSignedList(std::list<std::string> &gpg_ids) = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
|
virtual bool getGPGSignedList(std::list<std::string> &gpg_ids) = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
|
||||||
virtual bool getGPGValidList(std::list<std::string> &gpg_ids) = 0;
|
virtual bool getGPGValidList(std::list<std::string> &gpg_ids) = 0;
|
||||||
|
|
|
||||||
|
|
@ -610,6 +610,10 @@ bool p3Peers::getPeerDetails(const std::string &id, RsPeerDetails &d)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
bool p3Peers::isKeySupported(const std::string& id)
|
||||||
|
{
|
||||||
|
return AuthGPG::getAuthGPG()->isKeySupported(id);
|
||||||
|
}
|
||||||
|
|
||||||
std::string p3Peers::getGPGName(const std::string &gpg_id)
|
std::string p3Peers::getGPGName(const std::string &gpg_id)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -63,6 +63,7 @@ virtual bool getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d);
|
||||||
/* Using PGP Ids */
|
/* Using PGP Ids */
|
||||||
virtual std::string getGPGOwnId();
|
virtual std::string getGPGOwnId();
|
||||||
virtual std::string getGPGId(const std::string &ssl_id);
|
virtual std::string getGPGId(const std::string &ssl_id);
|
||||||
|
virtual bool isKeySupported(const std::string& ids);
|
||||||
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
|
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
|
||||||
virtual bool getGPGSignedList(std::list<std::string> &ids);
|
virtual bool getGPGSignedList(std::list<std::string> &ids);
|
||||||
virtual bool getGPGValidList(std::list<std::string> &ids);
|
virtual bool getGPGValidList(std::list<std::string> &ids);
|
||||||
|
|
|
||||||
|
|
@ -1097,38 +1097,36 @@ static bool checkAccount(std::string accountdir, accountId &id)
|
||||||
std::string cert_name = basename + "_cert.pem";
|
std::string cert_name = basename + "_cert.pem";
|
||||||
std::string userName, userId;
|
std::string userName, userId;
|
||||||
|
|
||||||
#ifdef AUTHSSL_DEBUG
|
#ifdef AUTHSSL_DEBUG
|
||||||
std::cerr << "checkAccount() dir: " << accountdir << std::endl;
|
std::cerr << "checkAccount() dir: " << accountdir << std::endl;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
bool ret = false;
|
bool ret = false;
|
||||||
|
|
||||||
/* check against authmanagers private keys */
|
/* check against authmanagers private keys */
|
||||||
if (LoadCheckX509(cert_name.c_str(), id.pgpId, id.location, id.sslId))
|
if (LoadCheckX509(cert_name.c_str(), id.pgpId, id.location, id.sslId))
|
||||||
{
|
{
|
||||||
#ifdef AUTHSSL_DEBUG
|
#ifdef AUTHSSL_DEBUG
|
||||||
std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl;
|
std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl;
|
||||||
#endif
|
std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail))
|
||||||
|
return false ;
|
||||||
|
|
||||||
#ifdef GPG_DEBUG
|
if(!AuthGPG::getAuthGPG()->isKeySupported(id.pgpId))
|
||||||
std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl;
|
return false ;
|
||||||
#endif
|
|
||||||
|
|
||||||
if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail))
|
#ifdef GPG_DEBUG
|
||||||
return false ;
|
std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName;
|
||||||
|
std::cerr << " email: " << id.pgpEmail << std::endl;
|
||||||
#ifdef GPG_DEBUG
|
#endif
|
||||||
std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName;
|
ret = true;
|
||||||
std::cerr << " email: " << id.pgpEmail << std::endl;
|
}
|
||||||
#endif
|
else
|
||||||
ret = true;
|
{
|
||||||
}
|
std::cerr << "GetIssuerName FAILED!" << std::endl;
|
||||||
else
|
ret = false;
|
||||||
{
|
}
|
||||||
std::cerr << "GetIssuerName FAILED!" << std::endl;
|
|
||||||
ret = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -140,6 +140,17 @@ void ConfCertDialog::load()
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!rsPeers->isKeySupported(mId))
|
||||||
|
{
|
||||||
|
ui.make_friend_button->setEnabled(false) ;
|
||||||
|
ui.make_friend_button->setToolTip(tr("The supplied key algorithm is not supported by RetroShare\n(Only RSA keys are supported at the moment)")) ;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ui.make_friend_button->setEnabled(true) ;
|
||||||
|
ui.make_friend_button->setToolTip("") ;
|
||||||
|
}
|
||||||
|
|
||||||
ui.name->setText(QString::fromUtf8(detail.name.c_str()));
|
ui.name->setText(QString::fromUtf8(detail.name.c_str()));
|
||||||
ui.peerid->setText(QString::fromStdString(detail.id));
|
ui.peerid->setText(QString::fromStdString(detail.id));
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue