Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-13 08:29:32 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed password handling in deferred signature algorithm (in case of cancel, enter wrong passphrase, etc)

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8423 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2015-06-12 21:04:11 +00:00
parent 46c5e08f31
commit f360e9d0ba
8 changed files with 201 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libretroshare/src/gxs/rsgenexchange.cc
View File

@ -2285,6 +2285,8 @@ void RsGenExchange::publishGrps()
{
create = CREATE_FAIL_TRY_LATER;
}
else if(ret == SERVICE_CREATE_FAIL)
create = CREATE_FAIL;
}
else
{

2
libretroshare/src/pgp/pgpauxutils.h
View File

@ -58,7 +58,7 @@ public:
virtual bool getKeyFingerprint(const RsPgpId& id,PGPFingerprintType& fp) const;
virtual bool VerifySignBin(const void *data, uint32_t len, unsigned char *sign, unsigned int signlen, const PGPFingerprintType& withfingerprint);
virtual bool getGPGAllList(std::list<RsPgpId> &ids);
virtual bool askForDeferredSelfSignature(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen,int& signature_result );
virtual bool askForDeferredSelfSignature(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen,int& signature_result );
};

32
libretroshare/src/pgp/pgphandler.cc
View File

@ -1312,19 +1312,31 @@ bool PGPHandler::SignDataBin(const RsPgpId& id,const void *data, const uint32_t
PGPFingerprintType fp(f.fingerprint) ;
#endif
bool cancelled =false;
std::string passphrase = _passphrase_callback(NULL,uid_hint.c_str(),"Please enter passwd for encrypting your key : ",false,&cancelled) ;
ops_secret_key_t *secret_key = ops_decrypt_secret_key_from_data(key,passphrase.c_str()) ;
bool last_passwd_was_wrong = false ;
ops_secret_key_t *secret_key = NULL ;
if(!secret_key)
{
std::cerr << "Key decryption went wrong. Wrong passwd?" << std::endl;
return false ;
}
if(cancelled)
for(int i=0;i<3;++i)
{
std::cerr << "Key entering cancelled" << std::endl;
bool cancelled =false;
std::string passphrase = _passphrase_callback(NULL,uid_hint.c_str(),"Please enter passwd for encrypting your key : ",last_passwd_was_wrong,&cancelled) ;
secret_key = ops_decrypt_secret_key_from_data(key,passphrase.c_str()) ;
if(cancelled)
{
std::cerr << "Key entering cancelled" << std::endl;
return false ;
}
if(secret_key)
break ;
std::cerr << "Key decryption went wrong. Wrong passwd?" << std::endl;
last_passwd_was_wrong = true ;
}
if(!secret_key)
{
std::cerr << "Could not obtain secret key. Signature cancelled." << std::endl;
return false ;
}

2
libretroshare/src/pqi/authgpg.cc
View File

@ -595,7 +595,7 @@ bool AuthGPG::decryptDataBin(const void *data, unsigned int datalen, unsigned ch
{
return PGPHandler::decryptDataBin(mOwnGpgId,data,datalen,sign,signlen) ;
}
bool AuthGPG::SignDataBin(const void *data, unsigned int datalen, unsigned char *sign, unsigned int *signlen)
bool AuthGPG::SignDataBin(const void *data, unsigned int datalen, unsigned char *sign, unsigned int *signlen)
{
return DoOwnSignature(data, datalen, sign, signlen);
}

7
libretroshare/src/pqi/p3netmgr.cc
View File

@ -552,7 +552,6 @@ void p3NetMgrIMPL::netTick()
case RS_NET_LOOPBACK:
//don't do a shutdown because a client in a computer without local network might be usefull for debug.
//shutdown();
std::cerr << "p3NetMgrIMPL::netTick() STATUS: RS_NET_LOOPBACK" << std::endl;
#if defined(NETMGR_DEBUG_TICK) || defined(NETMGR_DEBUG_RESET)
std::cerr << "p3NetMgrIMPL::netTick() STATUS: RS_NET_LOOPBACK" << std::endl;
#endif
@ -961,8 +960,10 @@ bool p3NetMgrIMPL::checkNetAddress()
if (mNetMode & RS_NET_MODE_TRY_LOOPBACK)
{
std::cerr << "p3NetMgrIMPL::checkNetAddress() LOOPBACK ... forcing to 127.0.0.1";
std::cerr << std::endl;
#if defined(NETMGR_DEBUG_TICK) || defined(NETMGR_DEBUG_RESET)
std::cerr << "p3NetMgrIMPL::checkNetAddress() LOOPBACK ... forcing to 127.0.0.1";
std::cerr << std::endl;
#endif
sockaddr_storage_ipv4_aton(prefAddr, "127.0.0.1");
validAddr = true;
}

7
libretroshare/src/retroshare/rspeers.h
View File

@ -51,6 +51,11 @@ const uint32_t RS_TRUST_LVL_MARGINAL = 3;
const uint32_t RS_TRUST_LVL_FULL = 4;
const uint32_t RS_TRUST_LVL_ULTIMATE = 5;
const uint32_t SELF_SIGNATURE_RESULT_PENDING = 0x00;
const uint32_t SELF_SIGNATURE_RESULT_SUCCESS = 0x01;
const uint32_t SELF_SIGNATURE_RESULT_FAILED = 0x02;
/* Net Mode */
const uint32_t RS_NETMODE_UDP = 0x0001;
const uint32_t RS_NETMODE_UPNP = 0x0002;
@ -322,7 +327,7 @@ class RsPeers
virtual bool getGPGValidList(std::list<RsPgpId> &gpg_ids) = 0;
virtual bool getGPGAllList(std::list<RsPgpId> &gpg_ids) = 0;
virtual bool getAssociatedSSLIds(const RsPgpId& gpg_id, std::list<RsPeerId>& ids) = 0;
virtual bool gpgSignData(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen) = 0;
virtual bool gpgSignData(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen) = 0;
/* Add/Remove Friends */
virtual bool addFriend(const RsPeerId &ssl_id, const RsPgpId &gpg_id,ServicePermissionFlags flags = RS_NODE_PERM_DEFAULT) = 0;

272
libretroshare/src/services/p3idservice.cc
View File

@ -34,6 +34,7 @@
#include "util/rsstring.h"
#include "util/radix64.h"
#include "gxs/gxssecurity.h"
#include "retroshare/rspeers.h"
//#include "pqi/authgpg.h"
@ -2448,188 +2449,195 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::service_CreateGroup()";
std::cerr << std::endl;
std::cerr << "p3IdService::service_CreateGroup()";
std::cerr << std::endl;
#endif // DEBUG_IDS
RsGxsIdGroupItem *item = dynamic_cast<RsGxsIdGroupItem *>(grpItem);
if (!item)
{
std::cerr << "p3IdService::service_CreateGroup() ERROR invalid cast";
std::cerr << std::endl;
return SERVICE_CREATE_FAIL;
}
RsGxsIdGroupItem *item = dynamic_cast<RsGxsIdGroupItem *>(grpItem);
if (!item)
{
std::cerr << "p3IdService::service_CreateGroup() ERROR invalid cast";
std::cerr << std::endl;
return SERVICE_CREATE_FAIL;
}
#ifdef DEBUG_IDS
std::cerr << "p3IdService::service_CreateGroup() Item is:";
std::cerr << std::endl;
item->print(std::cerr);
std::cerr << std::endl;
std::cerr << "p3IdService::service_CreateGroup() Item is:";
std::cerr << std::endl;
item->print(std::cerr);
std::cerr << std::endl;
#endif // DEBUG_IDS
/********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
// find private admin key
std::map<RsGxsId, RsTlvSecurityKey>::iterator mit = keySet.keys.begin();
for(; mit != keySet.keys.end(); ++mit)
{
RsTlvSecurityKey& pk = mit->second;
if(pk.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL))
{
/********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
// find private admin key
std::map<RsGxsId, RsTlvSecurityKey>::iterator mit = keySet.keys.begin();
for(; mit != keySet.keys.end(); ++mit)
{
RsTlvSecurityKey& pk = mit->second;
if(pk.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL))
{
item->meta.mGroupId = RsGxsGroupId(pk.keyId);
break;
}
}
if(mit == keySet.keys.end())
{
std::cerr << "p3IdService::service_CreateGroup() ERROR no admin key";
std::cerr << std::endl;
return SERVICE_CREATE_FAIL;
break;
}
}
if(mit == keySet.keys.end())
{
std::cerr << "p3IdService::service_CreateGroup() ERROR no admin key";
std::cerr << std::endl;
return SERVICE_CREATE_FAIL;
}
mKeysTS[RsGxsId(item->meta.mGroupId)] = time(NULL) ;
/********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
// SANITY CHECK.
// if (item->mMeta.mAuthorId != item->meta.mAuthorId)
// {
// std::cerr << "p3IdService::service_CreateGroup() AuthorId mismatch(";
// std::cerr << item->mMeta.mAuthorId;
// std::cerr << " vs ";
// std::cerr << item->meta.mAuthorId;
// std::cerr << std::endl;
// }
//
// if (item->group.mMeta.mGroupId != item->meta.mGroupId)
// {
// std::cerr << "p3IdService::service_CreateGroup() GroupId mismatch(";
// std::cerr << item->mMeta.mGroupId;
// std::cerr << " vs ";
// std::cerr << item->meta.mGroupId;
// std::cerr << std::endl;
// }
//
//
// if (item->group.mMeta.mGroupFlags != item->meta.mGroupFlags)
// {
// std::cerr << "p3IdService::service_CreateGroup() GroupFlags mismatch(";
// std::cerr << item->mMeta.mGroupFlags;
// std::cerr << " vs ";
// std::cerr << item->meta.mGroupFlags;
// std::cerr << std::endl;
// }
/********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
// SANITY CHECK.
// if (item->mMeta.mAuthorId != item->meta.mAuthorId)
// {
// std::cerr << "p3IdService::service_CreateGroup() AuthorId mismatch(";
// std::cerr << item->mMeta.mAuthorId;
// std::cerr << " vs ";
// std::cerr << item->meta.mAuthorId;
// std::cerr << std::endl;
// }
//
// if (item->group.mMeta.mGroupId != item->meta.mGroupId)
// {
// std::cerr << "p3IdService::service_CreateGroup() GroupId mismatch(";
// std::cerr << item->mMeta.mGroupId;
// std::cerr << " vs ";
// std::cerr << item->meta.mGroupId;
// std::cerr << std::endl;
// }
//
//
// if (item->group.mMeta.mGroupFlags != item->meta.mGroupFlags)
// {
// std::cerr << "p3IdService::service_CreateGroup() GroupFlags mismatch(";
// std::cerr << item->mMeta.mGroupFlags;
// std::cerr << " vs ";
// std::cerr << item->meta.mGroupFlags;
// std::cerr << std::endl;
// }
#ifdef DEBUG_IDS
std::cerr << "p3IdService::service_CreateGroup() for : " << item->mMeta.mGroupId;
std::cerr << std::endl;
std::cerr << "p3IdService::service_CreateGroup() Alt GroupId : " << item->meta.mGroupId;
std::cerr << std::endl;
std::cerr << std::endl;
std::cerr << "p3IdService::service_CreateGroup() Alt GroupId : " << item->meta.mGroupId;
std::cerr << std::endl;
#endif // DEBUG_IDS
ServiceCreate_Return createStatus;
ServiceCreate_Return createStatus;
if (item->meta.mGroupFlags & RSGXSID_GROUPFLAG_REALID)
{
/* create the hash */
Sha1CheckSum hash;
{
/* create the hash */
Sha1CheckSum hash;
/* */
PGPFingerprintType ownFinger;
RsPgpId ownId(mPgpUtils->getPGPOwnId());
/* */
PGPFingerprintType ownFinger;
RsPgpId ownId(mPgpUtils->getPGPOwnId());
#ifdef DEBUG_IDS
std::cerr << "p3IdService::service_CreateGroup() OwnPgpID: " << ownId.toStdString();
std::cerr << std::endl;
std::cerr << "p3IdService::service_CreateGroup() OwnPgpID: " << ownId.toStdString();
std::cerr << std::endl;
#endif
#ifdef GXSID_GEN_DUMMY_DATA
// if (item->group.mMeta.mAuthorId != "")
// {
// ownId = RsPgpId(item->group.mMeta.mAuthorId);
// }
// if (item->group.mMeta.mAuthorId != "")
// {
// ownId = RsPgpId(item->group.mMeta.mAuthorId);
// }
#endif
if (!mPgpUtils->getKeyFingerprint(ownId,ownFinger))
{
std::cerr << "p3IdService::service_CreateGroup() ERROR Own Finger is stuck";
std::cerr << std::endl;
return SERVICE_CREATE_FAIL; // abandon attempt!
}
if (!mPgpUtils->getKeyFingerprint(ownId,ownFinger))
{
std::cerr << "p3IdService::service_CreateGroup() ERROR Own Finger is stuck";
std::cerr << std::endl;
return SERVICE_CREATE_FAIL; // abandon attempt!
}
#ifdef DEBUG_IDS
std::cerr << "p3IdService::service_CreateGroup() OwnFingerprint: " << ownFinger.toStdString();
std::cerr << std::endl;
std::cerr << "p3IdService::service_CreateGroup() OwnFingerprint: " << ownFinger.toStdString();
std::cerr << std::endl;
#endif
RsGxsId gxsId(item->meta.mGroupId.toStdString());
calcPGPHash(gxsId, ownFinger, hash);
calcPGPHash(gxsId, ownFinger, hash);
item->mPgpIdHash = hash;
#ifdef DEBUG_IDS
std::cerr << "p3IdService::service_CreateGroup() Calculated PgpIdHash : " << item->group.mPgpIdHash;
std::cerr << std::endl;
std::cerr << "p3IdService::service_CreateGroup() Calculated PgpIdHash : " << item->group.mPgpIdHash;
std::cerr << std::endl;
#endif // DEBUG_IDS
/* do signature */
/* do signature */
#define MAX_SIGN_SIZE 2048
uint8_t signarray[MAX_SIGN_SIZE];
unsigned int sign_size = MAX_SIGN_SIZE;
uint8_t signarray[MAX_SIGN_SIZE];
unsigned int sign_size = MAX_SIGN_SIZE;
int result ;
memset(signarray,0,MAX_SIGN_SIZE) ; // just in case.
if (!mPgpUtils->askForDeferredSelfSignature((void *) hash.toByteArray(), hash.SIZE_IN_BYTES, signarray, &sign_size,result))
{
/* error */
std::cerr << "p3IdService::service_CreateGroup() ERROR Signing stuff";
std::cerr << std::endl;
createStatus = SERVICE_CREATE_FAIL_TRY_LATER;
}
else
mPgpUtils->askForDeferredSelfSignature((void *) hash.toByteArray(), hash.SIZE_IN_BYTES, signarray, &sign_size,result) ;
/* error */
switch(result)
{
case SELF_SIGNATURE_RESULT_PENDING : createStatus = SERVICE_CREATE_FAIL_TRY_LATER;
std::cerr << "p3IdService::service_CreateGroup() signature still pending" << std::endl;
break ;
default:
case SELF_SIGNATURE_RESULT_FAILED: return SERVICE_CREATE_FAIL ;
std::cerr << "p3IdService::service_CreateGroup() signature failed" << std::endl;
break ;
case SELF_SIGNATURE_RESULT_SUCCESS:
{
// Additional consistency checks.
if(sign_size == MAX_SIGN_SIZE)
{
// Additional consistency checks.
if(sign_size == MAX_SIGN_SIZE)
{
std::cerr << "Inconsistent result. Signature uses full buffer. This is probably an error." << std::endl;
return SERVICE_CREATE_FAIL; // abandon attempt!
}
std::cerr << "Inconsistent result. Signature uses full buffer. This is probably an error." << std::endl;
return SERVICE_CREATE_FAIL; // abandon attempt!
}
#ifdef DEBUG_IDS
std::cerr << "p3IdService::service_CreateGroup() Signature: ";
std::string strout;
std::cerr << "p3IdService::service_CreateGroup() Signature: ";
std::string strout;
#endif
/* push binary into string -> really bad! */
item->mPgpIdSign = "";
for(unsigned int i = 0; i < sign_size; i++)
{
/* push binary into string -> really bad! */
item->mPgpIdSign = "";
for(unsigned int i = 0; i < sign_size; i++)
{
#ifdef DEBUG_IDS
rs_sprintf_append(strout, "%02x", (uint32_t) signarray[i]);
rs_sprintf_append(strout, "%02x", (uint32_t) signarray[i]);
#endif
item->mPgpIdSign += signarray[i];
}
createStatus = SERVICE_CREATE_SUCCESS;
item->mPgpIdSign += signarray[i];
}
createStatus = SERVICE_CREATE_SUCCESS;
#ifdef DEBUG_IDS
std::cerr << strout;
std::cerr << std::endl;
std::cerr << strout;
std::cerr << std::endl;
#endif
}
/* done! */
}
else
{
createStatus = SERVICE_CREATE_SUCCESS;
}
}
}
/* done! */
}
else
{
createStatus = SERVICE_CREATE_SUCCESS;
}
// Enforce no AuthorId.
item->meta.mAuthorId.clear() ;
// Enforce no AuthorId.
item->meta.mAuthorId.clear() ;
//item->mMeta.mAuthorId.clear() ;
// copy meta data to be sure its all the same.
//item->group.mMeta = item->meta;
// copy meta data to be sure its all the same.
//item->group.mMeta = item->meta;
// do it like p3gxscircles: save the new grp id
// this allows the user interface
@ -2640,11 +2648,11 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
if (std::find(mOwnIds.begin(), mOwnIds.end(), gxsId) == mOwnIds.end())
{
mOwnIds.push_back(gxsId);
mKeysTS[gxsId] = time(NULL) ;
mKeysTS[gxsId] = time(NULL) ;
}
}
return createStatus;
return createStatus;
}

49
retroshare-gui/src/gui/notifyqt.cpp
View File

@ -153,7 +153,7 @@ class SignatureEventData
sign = (unsigned char *)malloc(_signlen) ;
signlen = new unsigned int ;
*signlen = _signlen ;
signature_result = 0 ;
signature_result = SELF_SIGNATURE_RESULT_PENDING ;
data = malloc(_len) ;
len = _len ;
memcpy(data,_data,len) ;
@ -167,16 +167,18 @@ class SignatureEventData
}
void performSignature()
{
if(rsPeers->gpgSignData(data,len,sign,signlen))
signature_result = 1 ;
}
{
if(rsPeers->gpgSignData(data,len,sign,signlen))
signature_result = SELF_SIGNATURE_RESULT_SUCCESS ;
else
signature_result = SELF_SIGNATURE_RESULT_FAILED ;
}
void *data ;
uint32_t len ;
unsigned char *sign ;
unsigned int *signlen ;
int signature_result ; // 0=pending, 1=done, 2=failed.
int signature_result ; // 0=pending, 1=done, 2=failed/cancelled.
};
bool NotifyQt::askForDeferredSelfSignature(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen,int& signature_result)
@ -190,28 +192,27 @@ bool NotifyQt::askForDeferredSelfSignature(const void *data, const uint32_t len,
Sha1CheckSum chksum = RsDirUtil::sha1sum((uint8_t*)data,len) ;
std::map<std::string,SignatureEventData*>::iterator it = _deferred_signature_queue.find(chksum.toStdString()) ;
std::map<std::string,SignatureEventData*>::iterator it = _deferred_signature_queue.find(chksum.toStdString()) ;
signature_result = SELF_SIGNATURE_RESULT_PENDING ;
if(it != _deferred_signature_queue.end())
{
if(it->second->signature_result != 0) // found it. Copy the result, and remove from the queue.
{
// We should check for the exact data match, for the sake of being totally secure.
//
std::cerr << "Found into queue: returning it" << std::endl;
{
signature_result = it->second->signature_result ;
memcpy(sign,it->second->sign,*it->second->signlen) ;
*signlen = *(it->second->signlen) ;
signature_result = it->second->signature_result ;
if(it->second->signature_result != SELF_SIGNATURE_RESULT_PENDING) // found it. Copy the result, and remove from the queue.
{
// We should check for the exact data match, for the sake of being totally secure.
//
std::cerr << "Found into queue: returning it" << std::endl;
delete it->second ;
_deferred_signature_queue.erase(it) ;
memcpy(sign,it->second->sign,*it->second->signlen) ;
*signlen = *(it->second->signlen) ;
return true ;
}
else
return false ; // already registered, but not done yet.
}
delete it->second ;
_deferred_signature_queue.erase(it) ;
}
return true ; // already registered, but not done yet.
}
// Not found. Store in the queue and emit a signal.
//
@ -222,7 +223,7 @@ bool NotifyQt::askForDeferredSelfSignature(const void *data, const uint32_t len,
_deferred_signature_queue[chksum.toStdString()] = edta ;
}
emit deferredSignatureHandlingRequested() ;
return false;
return true;
}
void NotifyQt::handleSignatureEvent()