Missed these files from libretroshare

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@1267 b45a01b8-16f6-495d-af2f-9b41ad6348cc

libretroshare/src/pqi/authgpg.h

@@ -0,0 +1,378 @@
+/*
+ * libretroshare/src/   : gpgauthmgr.h
+ *
+ * GPG  interface for RetroShare.
+ *
+ * Copyright 2008-2009 by Raghu Dev R.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License Version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA.
+ *
+ * Please report all bugs and problems to "retroshare@lunamutt.com".
+ *
+ * This is *THE* auth manager. It provides the web-of-trust via
+ * gpgme, and authenticates the certificates that are managed
+ * by the sublayer AuthSSL.
+ *
+ */
+
+#ifndef RS_GPG_AUTH_HEADER
+#define RS_GPG_AUTH_HEADER
+
+//#include "p3authmgr.h"
+#include "authssl.h"
+#include <gpgme.h>
+
+/* gpgcert is the identifier for a person.
+ * It is a wrapper class for a GPGme OpenPGP certificate.
+ */
+
+class gpgcert
+{
+	public:
+		pqiAuthDetails user;
+		gpgme_key_t key;
+};
+
+/*
+ * The certificate map type
+ */
+typedef std::map<std::string, gpgcert> certmap;
+	
+class GPGAuthMgr: public AuthSSL
+{
+	public:
+
+	GPGAuthMgr();
+	~GPGAuthMgr();
+
+	X509* 	SignX509Req(X509_REQ *req, long days, std::string);
+	bool 	AuthX509(X509 *x509);
+
+	bool 	DoOwnSignature(void *, unsigned int, void *, unsigned int *);
+	bool    VerifySignature(std::string id, void *data, int datalen, 
+							void *sig, unsigned int siglen);
+
+	bool    availablePGPCertificates(std::list<std::string> &ids);
+
+	int	GPGInit(std::string ownId, std::string name, std::string passwd);
+	int	GPGInit(std::string name, std::string comment, 
+			std::string email, std::string passwd);
+	/* Sign/Trust stuff */
+	int	signCertificate(std::string id);
+	int	revokeCertificate(std::string id);		/* revoke the signature on Certificate */
+	int	trustCertificate(std::string id, int trustlvl);
+
+	/* SKTAN */
+	void showData(gpgme_data_t dh);
+	void createDummyFriends(void); //NYI
+
+/*********************************************************************************/
+/************************* STAGE 1 ***********************************************/
+/*********************************************************************************/
+/*****
+ * STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
+ * will be different. Just move the initialisation functions over....
+ *
+ * As GPGMe requires external calls to the GPG executable, which could potentially
+ * be expensive, We'll want to cache the GPG keys in this class.
+ * This should be done at initialisation, and saved in a map.
+ * (see storage at the end of the class)
+ *
+ ****/
+
+		/* initialisation -> done by derived classes */
+  bool    active(); 
+
+	/* Init by generating new Own PGP Cert, or selecting existing PGP Cert
+	 */
+
+	/* Arguments passed on to AuthSSL */
+  int     InitAuth(const char *srvr_cert, const char *priv_key, 
+                                        const char *passwd);
+  bool    CloseAuth();
+ // int     setConfigDirectories(std::string confFile, std::string neighDir);
+
+// store all keys in map mKeyList to avoid calling gpgme exe repeatedly
+  bool    storeAllKeys();
+  bool    updateTrustAllKeys();
+
+  bool    printAllKeys();
+  bool    printOwnKeys();
+
+  
+
+/*********************************************************************************/
+/************************* STAGE 2 ***********************************************/
+/*********************************************************************************/
+/*****
+ * STAGE 2: These are some of the most commonly used functions in Retroshare.
+ *
+ * provide access to the cache list that was created in stage 1.
+ * 
+ ****/
+
+		/* get Certificate Ids */
+
+  std::string OwnId();
+  bool	getAllList(std::list<std::string> &ids);
+  bool	getAuthenticatedList(std::list<std::string> &ids);
+  bool	getUnknownList(std::list<std::string> &ids);
+
+/*********************************************************************************/
+/************************* STAGE 3 ***********************************************/
+/*********************************************************************************/
+/*****
+ * STAGE 3: These are some of the most commonly used functions in Retroshare.
+ *
+ * More commonly used functions.
+ *
+ * provide access to details in cache list.
+ *
+ ****/
+
+		/* get Details from the Certificates */
+
+ 	bool	isValid(std::string id);
+ 	bool	isAuthenticated(std::string id);
+ 	std::string getName(std::string id);
+ 	bool	getDetails(std::string id, pqiAuthDetails &details);
+
+	virtual bool isTrustingMe(std::string);
+	virtual void addTrustingPeer(std::string);
+
+
+	/* PGP versions of Certificate Fns */
+
+	std::string PGPOwnId();
+  	bool	getPGPAllList(std::list<std::string> &ids);
+  	bool	getPGPAuthenticatedList(std::list<std::string> &ids);
+  	bool	getPGPUnknownList(std::list<std::string> &ids);
+ 	bool	isPGPValid(std::string id);
+ 	bool	isPGPAuthenticated(std::string id);
+ 	bool	getPGPDetails(std::string id, pqiAuthDetails &details);
+
+/*********************************************************************************/
+/************************* STAGE 4 ***********************************************/
+/*********************************************************************************/
+/*****
+ * STAGE 4: Loading and Saving Certificates. (Strings and Files)
+ *
+ ****/
+
+
+		/* Load/Save certificates */
+  bool LoadCertificateFromString(std::string pem, std::string &id);
+  std::string SaveCertificateToString(std::string id);
+  bool LoadCertificateFromFile(std::string filename, std::string &id);
+  bool SaveCertificateToFile(std::string id, std::string filename);
+
+/*********************************************************************************/
+/************************* STAGE 5 ***********************************************/
+/*********************************************************************************/
+/*****
+ * STAGE 5: Loading and Saving Certificates (Binary)
+ *
+ * The existing function arguments are based on OpenSSL functions.
+ * Feel free to change this format if required.
+ *
+ ****/
+
+
+  bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);
+  bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
+
+/*********************************************************************************/
+/************************* STAGE 6 ***********************************************/
+/*********************************************************************************/
+/*****
+ * STAGE 6: Authentication, Trust and Signing.
+ *
+ * This is some of the harder functions, but they should have been 
+ * done in gpgroot already.
+ *
+ ****/
+
+		/* Signatures */
+  bool AuthCertificate(std::string uid);
+  bool SignCertificate(std::string id);
+ 	bool RevokeCertificate(std::string id);  /* Particularly hard - leave for later */
+  bool TrustCertificate(std::string id, bool trust);
+
+/*********************************************************************************/
+/************************* STAGE 7 ***********************************************/
+/*********************************************************************************/
+/*****
+ * STAGE 7: Signing Data.
+ *
+ * There should also be Encryption Functions... (do later).
+ *
+ ****/
+
+#if 0
+virtual  bool SignData(std::string input, std::string &sign);
+virtual  bool SignData(const void *data, const uint32_t len, std::string &sign);
+virtual  bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
+virtual bool  SignDataBin(const void *data, const uint32_t len,
+                        unsigned char *sign, unsigned int *signlen);
+virtual bool VerifySignBin(std::string, const void*, uint32_t, unsigned char*, unsigned int);
+
+#endif
+
+
+/*********************************************************************************/
+/************************* PGP Specific functions ********************************/
+/*********************************************************************************/
+
+/*
+ * These support the authentication process.
+ *
+ */
+
+        /************* Virtual Functions from AuthSSL *************/
+virtual bool 	ValidateCertificate(X509 *x509, std::string &peerId);
+virtual int     VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx);
+        /************* Virtual Functions from AuthSSL *************/
+
+/*
+ *
+ */
+
+bool checkSignature(std::string id, std::string hash, std::string signature);
+
+
+
+
+/*********************************************************************************/
+/************************* OTHER FUNCTIONS ***************************************/
+/*********************************************************************************/
+
+		/* High Level Load/Save Configuration */
+/*****
+ * These functions call straight through to AuthSSL.
+ * We don't need these functions here - as GPG stores the keys for us.
+  bool FinalSaveCertificates();
+  bool CheckSaveCertificates();
+  bool saveCertificates();
+  bool loadCertificates();
+ ****/
+
+	private:
+
+	/* Example Storage - Change as needed */
+
+	certmap mKeyList;
+
+	bool gpgmeInit;
+	bool gpgmeKeySelected;
+	bool gpgmeX509Selected;
+
+	gpgme_engine_info_t INFO;
+	gpgme_ctx_t CTX;
+
+	std::string mOwnId;
+	std::string mX509id;
+
+	gpgcert mOwnGpgCert;
+
+	std::string passphrase;
+};
+
+/*****
+ *
+ * Support Functions for OpenSSL verification.
+ *
+ */
+
+//int verify_pgp_callback(int preverify_ok, X509_STORE_CTX *ctx);
+
+
+/* Sign a key */
+
+typedef enum
+{
+  SIGN_START,
+  SIGN_COMMAND,
+  SIGN_UIDS,
+  SIGN_SET_EXPIRE,
+  SIGN_SET_CHECK_LEVEL,
+  SIGN_ENTER_PASSPHRASE,
+  SIGN_CONFIRM,
+  SIGN_QUIT,
+  SIGN_SAVE,
+  SIGN_ERROR
+} SignState;
+
+
+/* Change the key ownertrust */
+
+typedef enum
+{
+  TRUST_START,
+  TRUST_COMMAND,
+  TRUST_VALUE,
+  TRUST_REALLY_ULTIMATE,
+  TRUST_QUIT,
+  TRUST_SAVE,
+  TRUST_ERROR
+} TrustState;
+
+
+
+/* This is the generic data object passed to the 
+ * callback function in a gpgme_op_edit operation. 
+ * The contents of this object are modified during 
+ * each callback, to keep track of states, errors 
+ * and other data.
+ */
+
+class EditParams
+{
+	public: 
+	int state;
+	/* The return code of gpgme_op_edit() is the return value of
+	 * the last invocation of the callback. But returning an error 
+	 * from the callback does not abort the edit operation, so we 
+	 * must remember any error.
+	 */		
+	gpg_error_t err;
+	
+	/* Parameters specific to the key operation */	
+	void *oParams;
+	
+	EditParams(int state, void *oParams) {
+		this->state = state;
+		this->err = gpgme_error(GPG_ERR_NO_ERROR);
+		this->oParams = oParams;
+	}
+			
+};
+
+/* Data specific to key signing */
+
+class SignParams 
+{
+	public:
+	
+	std::string checkLvl; 
+	std::string passphrase;
+		
+	SignParams(std::string checkLvl, std::string passphrase) {
+		this->checkLvl = checkLvl;
+		this->passphrase = passphrase;
+	}
+};
+
+
+#endif

libretroshare/src/pqi/gpgme_tst.c

@@ -0,0 +1,76 @@
+
+#include "pqi/authgpg.h"
+
+const std::string key_path("./tmp/privkey.pem");
+const std::string passwd("8764");
+const std::string gpg_passwd("aaaa");
+const std::string name("Test X509");
+const std::string email("test@email.com");
+const std::string org("Org");
+const std::string loc("Loc");
+const std::string state("State");
+const std::string country("GB");
+
+int main()
+{
+	/* Init the auth manager */
+
+	GPGAuthMgr mgr;
+
+
+	/* Select which GPG Keys we use */
+
+	/* print all keys */
+	mgr.printAllKeys();
+	mgr.printOwnKeys();
+
+	std::list<std::string> idList;
+	mgr.availablePGPCertificates(idList);
+
+	if (idList.size() < 1)
+	{
+		fprintf(stderr, "No GPG Certificate to use!\n");
+		exit(1);
+	}
+	std::string id = idList.front();
+	fprintf(stderr, "Using GPG Certificate:%s \n", id.c_str());
+
+ 	std::string noname;
+	mgr.GPGInit(id, "noname", gpg_passwd);
+
+	/* Init SSL library */
+	mgr.InitAuth(NULL, NULL, NULL);
+
+	/* then try to generate and sign a X509 certificate */
+        int nbits_in = 2048;
+	std::string errString;
+
+	/* Generate a Certificate Request */
+	X509_REQ *req = GenerateX509Req(key_path, passwd, name, email, org,
+			loc, state, country, nbits_in, errString);
+
+	        // setup output.
+        BIO *bio_out = NULL;
+        bio_out = BIO_new(BIO_s_file());
+        BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+
+	/* Print it out */
+	int nmflag = 0;
+	int reqflag = 0;
+
+        X509_REQ_print_ex(bio_out, req, nmflag, reqflag);
+
+	X509 *x509 = mgr.SignX509Req(req, 100, gpg_passwd);
+
+	X509_print_ex(bio_out, x509, nmflag, reqflag);
+
+	BIO_flush(bio_out);
+	BIO_free(bio_out);
+
+	/* now try to validate it */
+	mgr.AuthX509(x509);
+
+	//sleep(10);
+}
+
+