added check for DSA/RSA key algorithm. Disabled make friend, login and cert creation, with unsupported keys

git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5221 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2012-06-14 20:13:31 +00:00
parent 36bec260b9
commit dba66cdd7a
9 changed files with 65 additions and 30 deletions

View File

@ -183,6 +183,9 @@ void PGPHandler::initCertificateInfo(PGPCertificateInfo& cert,const ops_keydata_
ops_fingerprint(&f,&keydata->key.pkey) ;
cert._fpr = PGPFingerprintType(f.fingerprint) ;
if(keydata->key.pkey.algorithm != OPS_PKA_RSA)
cert._flags |= PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ;
}
void PGPHandler::validateAndUpdateSignatures(PGPCertificateInfo& cert,const ops_keydata_t *keydata)
@ -224,7 +227,7 @@ bool PGPHandler::printKeys() const
std::cerr << "\tName : " << it->second._name << std::endl;
std::cerr << "\tEmail : " << it->second._email << std::endl;
std::cerr << "\tOwnSign : " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE) << std::endl;
std::cerr << "\tAccept Connect: " << (it->second._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION) << std::endl;
std::cerr << "\ttrustLvl : " << it->second._trustLvl << std::endl;
std::cerr << "\tvalidLvl : " << it->second._validLvl << std::endl;
std::cerr << "\tfingerprint : " << it->second._fpr.toStdString() << std::endl;
@ -271,7 +274,10 @@ bool PGPHandler::availableGPGCertificatesWithPrivateKeys(std::list<PGPIdType>& i
// check that the key is in the pubring as well
if(ops_keyring_find_key_by_id(_pubring,keydata->key_id) != NULL)
ids.push_back(PGPIdType(keydata->key_id)) ;
if(keydata->key.pkey.algorithm == OPS_PKA_RSA)
ids.push_back(PGPIdType(keydata->key_id)) ;
else
std::cerr << "Skipping keypair " << PGPIdType(keydata->key_id).toStdString() << ", unsupported algorithm: " << keydata->key.pkey.algorithm << std::endl;
}
return true ;

View File

@ -44,9 +44,10 @@ class PGPCertificateInfo
uint32_t _key_index ; // index to array of keys in the public keyring
static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION = 0x0001 ;
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE = 0x0002 ;
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME = 0x0004 ;
static const uint32_t PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION = 0x0001 ;
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE = 0x0002 ;
static const uint32_t PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME = 0x0004 ;
static const uint32_t PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM = 0x0008 ; // set when the key is not RSA, so that RS avoids to use it.
};
class PGPHandler
@ -78,6 +79,8 @@ class PGPHandler
bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ;
void setAcceptConnexion(const PGPIdType&,bool) ;
bool isKeySupported(const PGPIdType& id) const ;
// Write keyring
bool publicKeyringChanged() const { return _pubring_changed ; }
bool secretKeyringChanged() const { return _secring_changed ; }

View File

@ -718,6 +718,16 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER)
}
#endif
bool AuthGPG::isKeySupported(const std::string& id) const
{
const PGPCertificateInfo *pc = PGPHandler::getCertificateInfo(PGPIdType(id)) ;
if(pc == NULL)
return false ;
return !(pc->_flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM) ;
}
bool AuthGPG::getGPGDetails(const std::string& id, RsPeerDetails &d)
{
RsStackMutex stack(gpgMtxData); /******* LOCKED ******/

View File

@ -161,6 +161,7 @@ class AuthGPG: public p3Config, public RsThread, public PGPHandler
virtual std::string getGPGOwnName();
//virtual std::string getGPGOwnEmail();
virtual bool isKeySupported(const std::string &id) const ;
virtual bool getGPGDetails(const std::string &id, RsPeerDetails &d);
virtual bool getGPGAllList(std::list<std::string> &ids);
virtual bool getGPGValidList(std::list<std::string> &ids);

View File

@ -231,6 +231,7 @@ virtual bool getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d)
/* Using PGP Ids */
virtual std::string getGPGOwnId() = 0;
virtual std::string getGPGId(const std::string &sslid_or_gpgid) = 0; //return the gpg id of the given gpg or ssl id
virtual bool isKeySupported(const std::string& gpg_ids) = 0;
virtual bool getGPGAcceptedList(std::list<std::string> &gpg_ids) = 0;
virtual bool getGPGSignedList(std::list<std::string> &gpg_ids) = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
virtual bool getGPGValidList(std::list<std::string> &gpg_ids) = 0;

View File

@ -610,6 +610,10 @@ bool p3Peers::getPeerDetails(const std::string &id, RsPeerDetails &d)
}
#endif
bool p3Peers::isKeySupported(const std::string& id)
{
return AuthGPG::getAuthGPG()->isKeySupported(id);
}
std::string p3Peers::getGPGName(const std::string &gpg_id)
{

View File

@ -63,6 +63,7 @@ virtual bool getPeerDetails(const std::string &ssl_or_gpg_id, RsPeerDetails &d);
/* Using PGP Ids */
virtual std::string getGPGOwnId();
virtual std::string getGPGId(const std::string &ssl_id);
virtual bool isKeySupported(const std::string& ids);
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
virtual bool getGPGSignedList(std::list<std::string> &ids);
virtual bool getGPGValidList(std::list<std::string> &ids);

View File

@ -1097,38 +1097,36 @@ static bool checkAccount(std::string accountdir, accountId &id)
std::string cert_name = basename + "_cert.pem";
std::string userName, userId;
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
std::cerr << "checkAccount() dir: " << accountdir << std::endl;
#endif
#endif
bool ret = false;
/* check against authmanagers private keys */
if (LoadCheckX509(cert_name.c_str(), id.pgpId, id.location, id.sslId))
{
#ifdef AUTHSSL_DEBUG
std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl;
#endif
if (LoadCheckX509(cert_name.c_str(), id.pgpId, id.location, id.sslId))
{
#ifdef AUTHSSL_DEBUG
std::cerr << "location: " << id.location << " id: " << id.sslId << std::endl;
std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl;
#endif
if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail))
return false ;
#ifdef GPG_DEBUG
std::cerr << "issuerName: " << id.pgpId << " id: " << id.sslId << std::endl;
#endif
if(!AuthGPG::getAuthGPG()->isKeySupported(id.pgpId))
return false ;
if(! RsInit::GetPGPLoginDetails(id.pgpId, id.pgpName, id.pgpEmail))
return false ;
#ifdef GPG_DEBUG
std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName;
std::cerr << " email: " << id.pgpEmail << std::endl;
#endif
ret = true;
}
else
{
std::cerr << "GetIssuerName FAILED!" << std::endl;
ret = false;
}
#ifdef GPG_DEBUG
std::cerr << "PGPLoginDetails: " << id.pgpId << " name: " << id.pgpName;
std::cerr << " email: " << id.pgpEmail << std::endl;
#endif
ret = true;
}
else
{
std::cerr << "GetIssuerName FAILED!" << std::endl;
ret = false;
}
return ret;
}

View File

@ -140,6 +140,17 @@ void ConfCertDialog::load()
return;
}
if(!rsPeers->isKeySupported(mId))
{
ui.make_friend_button->setEnabled(false) ;
ui.make_friend_button->setToolTip(tr("The supplied key algorithm is not supported by RetroShare\n(Only RSA keys are supported at the moment)")) ;
}
else
{
ui.make_friend_button->setEnabled(true) ;
ui.make_friend_button->setToolTip("") ;
}
ui.name->setText(QString::fromUtf8(detail.name.c_str()));
ui.peerid->setText(QString::fromStdString(detail.id));