added check for DSA/RSA key algorithm. Disabled make friend, login and cert creation, with unsupported keys

git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5221 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2024-10-01 02:35:48 -04:00 · 2012-06-14 20:13:31 +00:00 · 2012-06-14 20:13:31 +00:00 · dba66cdd7a
commit dba66cdd7a
parent 36bec260b9
9 changed files with 65 additions and 30 deletions
--- a/libretroshare/src/pgp/pgphandler.cc
+++ b/libretroshare/src/pgp/pgphandler.cc
@ -183,6 +183,9 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_
 	ops_fingerprint(&f,&keydata->key.pkey) ; 

 	cert._fpr = PGPFingerprintType(f.fingerprint) ;
+
+	if(keydata->key.pkey.algorithm != OPS_PKA_RSA)
+		cert._flags |= PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ;
 }

 void PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata)
@ -224,7 +227,7 @@ bool PGPHandler::printKeys() const
 		std::cerr << "\tName          : " <<  it->second._name << std::endl;
 		std::cerr << "\tEmail         : " <<  it->second._email << std::endl;
 		std::cerr << "\tOwnSign       : " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
-		std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
+		std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION) << std::endl;
 		std::cerr << "\ttrustLvl      : " <<  it->second._trustLvl << std::endl;
 		std::cerr << "\tvalidLvl      : " <<  it->second._validLvl << std::endl;
 		std::cerr << "\tfingerprint   : " <<  it->second._fpr.toStdString() << std::endl;
@ -271,7 +274,10 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& i
 		// check that the key is in the pubring as well

 		if(ops_keyring_find_key_by_id(_pubring,keydata->key_id) != NULL)
-			ids.push_back(PGPIdType(keydata->key_id)) ;
+			if(keydata->key.pkey.algorithm == OPS_PKA_RSA)
+				ids.push_back(PGPIdType(keydata->key_id)) ;
+			else
+				std::cerr << "Skipping keypair " << PGPIdType(keydata->key_id).toStdString() << ", unsupported algorithm: " <<  keydata->key.pkey.algorithm << std::endl;
 	}

 	return true ;
--- a/libretroshare/src/pgp/pgphandler.h
+++ b/libretroshare/src/pgp/pgphandler.h
@ -44,9 +44,10 @@ class PGPCertificateInfo

 		uint32_t _key_index ;			// index to array of keys in the public keyring 

-		static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION   = 0x0001 ;
-		static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE  = 0x0002 ;
-		static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME      = 0x0004 ;
+		static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION      = 0x0001 ;
+		static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE     = 0x0002 ;
+		static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME         = 0x0004 ;
+		static const uint32_t PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM = 0x0008 ;	// set when the key is not RSA, so that RS avoids to use it.
 };

 class PGPHandler
@ -78,6 +79,8 @@ class PGPHandler
 		bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ;
 		void setAcceptConnexion(const PGPIdType&,bool) ;

+		bool isKeySupported(const PGPIdType& id) const ;
+
 		// Write keyring
 		bool publicKeyringChanged() const { return _pubring_changed ; }
 		bool secretKeyringChanged() const { return _secring_changed ; }
--- a/libretroshare/src/pqi/authgpg.cc
+++ b/libretroshare/src/pqi/authgpg.cc
@ -718,6 +718,16 @@ bool 	AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER)
 }
 #endif

+bool AuthGPG::isKeySupported(const std::string& id) const
+{
+	const PGPCertificateInfo *pc = PGPHandler::getCertificateInfo(PGPIdType(id)) ;
+
+	if(pc == NULL)
+		return false ;
+
+	return !(pc->_flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM) ;
+}
+
 bool AuthGPG::getGPGDetails(const std::string& id, RsPeerDetails &d) 
 {
 	RsStackMutex stack(gpgMtxData); /******* LOCKED ******/
--- a/libretroshare/src/pqi/authgpg.h
+++ b/libretroshare/src/pqi/authgpg.h
@ -161,6 +161,7 @@ class AuthGPG: public p3Config, public RsThread, public PGPHandler
 		virtual std::string getGPGOwnName();

 		//virtual std::string getGPGOwnEmail();
+		virtual bool	isKeySupported(const std::string &id) const ;
 		virtual bool	getGPGDetails(const std::string &id, RsPeerDetails &d);
 		virtual bool	getGPGAllList(std::list<std::string> &ids);
 		virtual bool	getGPGValidList(std::list<std::string> &ids);
--- a/libretroshare/src/retroshare/rspeers.h
+++ b/libretroshare/src/retroshare/rspeers.h
@ -231,6 +231,7 @@ virtual bool	getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d)
 		/* Using PGP Ids */
 virtual std::string getGPGOwnId()				= 0;
 virtual std::string getGPGId(const std::string &sslid_or_gpgid)	= 0; //return the gpg id of the given gpg or ssl id
+virtual bool    isKeySupported(const std::string& gpg_ids)   = 0;
 virtual bool    getGPGAcceptedList(std::list<std::string> &gpg_ids)   = 0;
 virtual bool    getGPGSignedList(std::list<std::string> &gpg_ids)   = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
 virtual bool    getGPGValidList(std::list<std::string> &gpg_ids)   = 0;
--- a/libretroshare/src/rsserver/p3peers.cc
+++ b/libretroshare/src/rsserver/p3peers.cc
@ -610,6 +610,10 @@ bool	p3Peers::getPeerDetails(const std::string &id, RsPeerDetails &d)
 }
 #endif

+bool p3Peers::isKeySupported(const std::string& id)
+{
+	return AuthGPG::getAuthGPG()->isKeySupported(id);
+}

 std::string p3Peers::getGPGName(const std::string &gpg_id)
 {
--- a/libretroshare/src/rsserver/p3peers.h
+++ b/libretroshare/src/rsserver/p3peers.h
@ -63,6 +63,7 @@ virtual bool	getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d);
                /* Using PGP Ids */
 virtual std::string getGPGOwnId();
 virtual std::string getGPGId(const std::string &ssl_id);
+virtual bool    isKeySupported(const std::string& ids);
 virtual bool    getGPGAcceptedList(std::list<std::string> &ids);
 virtual bool    getGPGSignedList(std::list<std::string> &ids);
 virtual bool    getGPGValidList(std::list<std::string> &ids);
--- a/libretroshare/src/rsserver/rsinit.cc
+++ b/libretroshare/src/rsserver/rsinit.cc
@ -1097,38 +1097,36 @@ static bool checkAccount(std::string accountdir, accountId &id)
 	std::string cert_name = basename + "_cert.pem";
 	std::string userName, userId;

-        #ifdef AUTHSSL_DEBUG
+#ifdef AUTHSSL_DEBUG
 	std::cerr << "checkAccount() dir: " << accountdir << std::endl;
-        #endif
-
+#endif
 	bool ret = false;

 	/* check against authmanagers private keys */
-        if (LoadCheckX509(cert_name.c_str(), id.pgpId, id.location, id.sslId))
-        {
-        	#ifdef AUTHSSL_DEBUG
-        	std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl;
-        	#endif
+	if (LoadCheckX509(cert_name.c_str(), id.pgpId, id.location, id.sslId))
+	{
+#ifdef AUTHSSL_DEBUG
+		std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl;
+		std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl;
+#endif

+		if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail))
+			return false ;

-                #ifdef GPG_DEBUG
-                std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl;
-                #endif
+		if(!AuthGPG::getAuthGPG()->isKeySupported(id.pgpId))
+			return false ;

-					 if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail))
-						 return false ;
-
-                #ifdef GPG_DEBUG
-                std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName;
-                std::cerr << " email: " << id.pgpEmail << std::endl;
-                #endif
-                ret = true;
-        }
-        else
-        {
-                std::cerr << "GetIssuerName FAILED!" << std::endl;
-                ret = false;
-        }
+#ifdef GPG_DEBUG
+		std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName;
+		std::cerr << " email: " << id.pgpEmail << std::endl;
+#endif
+		ret = true;
+	}
+	else
+	{
+		std::cerr << "GetIssuerName FAILED!" << std::endl;
+		ret = false;
+	}

 	return ret;
 }
--- a/retroshare-gui/src/gui/connect/ConfCertDialog.cpp
+++ b/retroshare-gui/src/gui/connect/ConfCertDialog.cpp
@ -140,6 +140,17 @@ void ConfCertDialog::load()
        return;
    }

+	 if(!rsPeers->isKeySupported(mId))
+	 {
+		 ui.make_friend_button->setEnabled(false) ;
+		 ui.make_friend_button->setToolTip(tr("The supplied key algorithm is not supported by RetroShare\n(Only RSA keys are supported at the moment)")) ;
+	 }
+	 else
+	 {
+		 ui.make_friend_button->setEnabled(true) ;
+		 ui.make_friend_button->setToolTip("") ;
+	 }
+
    ui.name->setText(QString::fromUtf8(detail.name.c_str()));
    ui.peerid->setText(QString::fromStdString(detail.id));