mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-10-01 02:35:48 -04:00
added check for DSA/RSA key algorithm. Disabled make friend, login and cert creation, with unsupported keys
git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5221 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
36bec260b9
commit
dba66cdd7a
@ -183,6 +183,9 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_
|
||||
ops_fingerprint(&f,&keydata->key.pkey) ;
|
||||
|
||||
cert._fpr = PGPFingerprintType(f.fingerprint) ;
|
||||
|
||||
if(keydata->key.pkey.algorithm != OPS_PKA_RSA)
|
||||
cert._flags |= PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ;
|
||||
}
|
||||
|
||||
void PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata)
|
||||
@ -224,7 +227,7 @@ bool PGPHandler::printKeys() const
|
||||
std::cerr << "\tName : " << it->second._name << std::endl;
|
||||
std::cerr << "\tEmail : " << it->second._email << std::endl;
|
||||
std::cerr << "\tOwnSign : " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
|
||||
std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
|
||||
std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION) << std::endl;
|
||||
std::cerr << "\ttrustLvl : " << it->second._trustLvl << std::endl;
|
||||
std::cerr << "\tvalidLvl : " << it->second._validLvl << std::endl;
|
||||
std::cerr << "\tfingerprint : " << it->second._fpr.toStdString() << std::endl;
|
||||
@ -271,7 +274,10 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& i
|
||||
// check that the key is in the pubring as well
|
||||
|
||||
if(ops_keyring_find_key_by_id(_pubring,keydata->key_id) != NULL)
|
||||
if(keydata->key.pkey.algorithm == OPS_PKA_RSA)
|
||||
ids.push_back(PGPIdType(keydata->key_id)) ;
|
||||
else
|
||||
std::cerr << "Skipping keypair " << PGPIdType(keydata->key_id).toStdString() << ", unsupported algorithm: " << keydata->key.pkey.algorithm << std::endl;
|
||||
}
|
||||
|
||||
return true ;
|
||||
|
@ -47,6 +47,7 @@ class PGPCertificateInfo
|
||||
static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION = 0x0001 ;
|
||||
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE = 0x0002 ;
|
||||
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME = 0x0004 ;
|
||||
static const uint32_t PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM = 0x0008 ; // set when the key is not RSA, so that RS avoids to use it.
|
||||
};
|
||||
|
||||
class PGPHandler
|
||||
@ -78,6 +79,8 @@ class PGPHandler
|
||||
bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ;
|
||||
void setAcceptConnexion(const PGPIdType&,bool) ;
|
||||
|
||||
bool isKeySupported(const PGPIdType& id) const ;
|
||||
|
||||
// Write keyring
|
||||
bool publicKeyringChanged() const { return _pubring_changed ; }
|
||||
bool secretKeyringChanged() const { return _secring_changed ; }
|
||||
|
@ -718,6 +718,16 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER)
|
||||
}
|
||||
#endif
|
||||
|
||||
bool AuthGPG::isKeySupported(const std::string& id) const
|
||||
{
|
||||
const PGPCertificateInfo *pc = PGPHandler::getCertificateInfo(PGPIdType(id)) ;
|
||||
|
||||
if(pc == NULL)
|
||||
return false ;
|
||||
|
||||
return !(pc->_flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM) ;
|
||||
}
|
||||
|
||||
bool AuthGPG::getGPGDetails(const std::string& id, RsPeerDetails &d)
|
||||
{
|
||||
RsStackMutex stack(gpgMtxData); /******* LOCKED ******/
|
||||
|
@ -161,6 +161,7 @@ class AuthGPG: public p3Config, public RsThread, public PGPHandler
|
||||
virtual std::string getGPGOwnName();
|
||||
|
||||
//virtual std::string getGPGOwnEmail();
|
||||
virtual bool isKeySupported(const std::string &id) const ;
|
||||
virtual bool getGPGDetails(const std::string &id, RsPeerDetails &d);
|
||||
virtual bool getGPGAllList(std::list<std::string> &ids);
|
||||
virtual bool getGPGValidList(std::list<std::string> &ids);
|
||||
|
@ -231,6 +231,7 @@ virtual bool getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d)
|
||||
/* Using PGP Ids */
|
||||
virtual std::string getGPGOwnId() = 0;
|
||||
virtual std::string getGPGId(const std::string &sslid_or_gpgid) = 0; //return the gpg id of the given gpg or ssl id
|
||||
virtual bool isKeySupported(const std::string& gpg_ids) = 0;
|
||||
virtual bool getGPGAcceptedList(std::list<std::string> &gpg_ids) = 0;
|
||||
virtual bool getGPGSignedList(std::list<std::string> &gpg_ids) = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
|
||||
virtual bool getGPGValidList(std::list<std::string> &gpg_ids) = 0;
|
||||
|
@ -610,6 +610,10 @@ bool p3Peers::getPeerDetails(const std::string &id, RsPeerDetails &d)
|
||||
}
|
||||
#endif
|
||||
|
||||
bool p3Peers::isKeySupported(const std::string& id)
|
||||
{
|
||||
return AuthGPG::getAuthGPG()->isKeySupported(id);
|
||||
}
|
||||
|
||||
std::string p3Peers::getGPGName(const std::string &gpg_id)
|
||||
{
|
||||
|
@ -63,6 +63,7 @@ virtual bool getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d);
|
||||
/* Using PGP Ids */
|
||||
virtual std::string getGPGOwnId();
|
||||
virtual std::string getGPGId(const std::string &ssl_id);
|
||||
virtual bool isKeySupported(const std::string& ids);
|
||||
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
|
||||
virtual bool getGPGSignedList(std::list<std::string> &ids);
|
||||
virtual bool getGPGValidList(std::list<std::string> &ids);
|
||||
|
@ -1100,7 +1100,6 @@ static bool checkAccount(std::string accountdir, accountId &id)
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "checkAccount() dir: " << accountdir << std::endl;
|
||||
#endif
|
||||
|
||||
bool ret = false;
|
||||
|
||||
/* check against authmanagers private keys */
|
||||
@ -1108,16 +1107,15 @@ static bool checkAccount(std::string accountdir, accountId &id)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl;
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl;
|
||||
#endif
|
||||
|
||||
if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail))
|
||||
return false ;
|
||||
|
||||
if(!AuthGPG::getAuthGPG()->isKeySupported(id.pgpId))
|
||||
return false ;
|
||||
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName;
|
||||
std::cerr << " email: " << id.pgpEmail << std::endl;
|
||||
|
@ -140,6 +140,17 @@ void ConfCertDialog::load()
|
||||
return;
|
||||
}
|
||||
|
||||
if(!rsPeers->isKeySupported(mId))
|
||||
{
|
||||
ui.make_friend_button->setEnabled(false) ;
|
||||
ui.make_friend_button->setToolTip(tr("The supplied key algorithm is not supported by RetroShare\n(Only RSA keys are supported at the moment)")) ;
|
||||
}
|
||||
else
|
||||
{
|
||||
ui.make_friend_button->setEnabled(true) ;
|
||||
ui.make_friend_button->setToolTip("") ;
|
||||
}
|
||||
|
||||
ui.name->setText(QString::fromUtf8(detail.name.c_str()));
|
||||
ui.peerid->setText(QString::fromStdString(detail.id));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user