From fb1e030cb65be97dc6c9f8374dfcb7ccf523c5df Mon Sep 17 00:00:00 2001 From: csoler Date: Sun, 24 Jan 2010 13:59:22 +0000 Subject: [PATCH] corrected missing return, added some debug printfs git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2116 b45a01b8-16f6-495d-af2f-9b41ad6348cc --- libretroshare/src/pqi/authgpg.cc | 73 +++++++++++++------------ libretroshare/src/pqi/authssl.cc | 92 ++++++++++++++++++++------------ 2 files changed, 97 insertions(+), 68 deletions(-) diff --git a/libretroshare/src/pqi/authgpg.cc b/libretroshare/src/pqi/authgpg.cc index 93d79dd62..232f36dac 100644 --- a/libretroshare/src/pqi/authgpg.cc +++ b/libretroshare/src/pqi/authgpg.cc @@ -293,6 +293,7 @@ bool AuthGPG::storeAllKeys_timed() { RsStackMutex stack(pgpMtx); /******* LOCKED ******/ storeAllKeys_locked(); } + return true ; } // store all keys in map mKeyList to avoid callin gpgme exe repeatedly @@ -961,44 +962,44 @@ bool AuthGPG::getGPGAllList(std::list &ids) bool AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d) { #ifdef GPG_DEBUG - std::cerr << "AuthGPG::getPGPDetails() called for : " << id << std::endl; + std::cerr << "AuthGPG::getPGPDetails() called for : " << id << std::endl; #endif - storeAllKeys_timed(); - RsStackMutex stack(pgpMtx); /******* LOCKED ******/ + storeAllKeys_timed(); + RsStackMutex stack(pgpMtx); /******* LOCKED ******/ - /* add an id for each pgp certificate */ - certmap::iterator it; - if (mKeyList.end() != (it = mKeyList.find(id))) { - d.id = it->second.id; //keep, it but can be bug gen - d.gpg_id = it->second.id; - d.name = it->second.name; - d.email = it->second.email; - d.trustLvl = it->second.trustLvl; - d.validLvl = it->second.validLvl; - d.ownsign = it->second.ownsign; - d.gpgSigners = it->second.signers; - d.fpr = it->second.fpr; + /* add an id for each pgp certificate */ + certmap::iterator it; + if (mKeyList.end() != (it = mKeyList.find(id))) + { + d.id = it->second.id; //keep, it but can be bug gen + d.gpg_id = it->second.id; + d.name = it->second.name; + d.email = it->second.email; + d.trustLvl = it->second.trustLvl; + d.validLvl = it->second.validLvl; + d.ownsign = it->second.ownsign; + d.gpgSigners = it->second.signers; + d.fpr = it->second.fpr; - d.accept_connection = it->second.accept_connection; + d.accept_connection = it->second.accept_connection; - //did the peer signed me ? - d.hasSignedMe = false; - std::list::iterator signersIt; - for(signersIt = mOwnGpgCert.signers.begin(); signersIt != mOwnGpgCert.signers.end() ; ++signersIt) { - if (*signersIt == d.id) { - d.hasSignedMe = true; - break; - } - } + //did the peer signed me ? + d.hasSignedMe = false; + std::list::iterator signersIt; + for(signersIt = mOwnGpgCert.signers.begin(); signersIt != mOwnGpgCert.signers.end() ; ++signersIt) + if (*signersIt == d.id) + { + d.hasSignedMe = true; + break; + } #ifdef GPG_DEBUG - std::cerr << "AuthGPG::getPGPDetails() Name : " << it->second.name << std::endl; + std::cerr << "AuthGPG::getPGPDetails() Name : " << it->second.name << std::endl; #endif - return true; - } else { - return false; - } + return true; + } + return false; } bool AuthGPG::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) { @@ -1898,21 +1899,25 @@ static gpg_error_t keySignCallback(void *opaque, gpgme_status_code_t status, \ } if (result) - { + { fprintf(stderr,"keySignCallback result:%s\n", result); #ifndef WINDOWS_SYS if (*result) + { write (fd, result, strlen (result)); - write (fd, "\n", 1); + write (fd, "\n", 1); + } #else DWORD written = 0; HANDLE winFd = (HANDLE) fd; if (*result) + { WriteFile(winFd, result, strlen(result), &written, NULL); - WriteFile(winFd, "\n", 1, &written, NULL); + WriteFile(winFd, "\n", 1, &written, NULL); + } #endif - } + } fprintf(stderr,"keySignCallback Error status\n"); ProcessPGPmeError(params->err); diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc index 21b75fa77..ec439573b 100644 --- a/libretroshare/src/pqi/authssl.cc +++ b/libretroshare/src/pqi/authssl.cc @@ -1147,6 +1147,7 @@ bool AuthSSL::SignDataBin(const void *data, const uint32_t len, return true; } +#define AUTHSSL_DEBUG2 bool AuthSSL::VerifySignBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int signlen) @@ -1154,13 +1155,21 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len, RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/ /* find the peer */ +#ifdef AUTHSSL_DEBUG2 + std::cerr << "In AuthSSL::VerifySignBin" << std::endl ; +#endif sslcert *peer = mOwnCert; EVP_PKEY *peerkey = peer->certificate->cert_info->key->pkey; if(peerkey == NULL) + { +#ifdef AUTHSSL_DEBUG2 + std::cerr << "AuthSSL::VerifySignBin: no public key available !!" << std::endl ; +#endif return false ; + } EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); @@ -1182,6 +1191,9 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len, if(signlen == 0 || sign == NULL) { +#ifdef AUTHSSL_DEBUG2 + std::cerr << "AuthSSL::VerifySignBin: signlen=" << signlen << ", sign=" << (void*)sign << "!!" << std::endl ; +#endif EVP_MD_CTX_destroy(mdctx); return false ; } @@ -1679,7 +1691,7 @@ bool getX509id(X509 *x509, std::string &xid) { /* switched to the other end of the signature. for * more randomness */ - for(uint32_t i = signlen - CERTSIGNLEN; i < signlen; i++) + for(int i = signlen - CERTSIGNLEN; i < signlen; i++) { id << std::hex << std::setw(2) << std::setfill('0') << (uint16_t) (((uint8_t *) (signdata))[i]); @@ -1907,7 +1919,9 @@ bool AuthSSL::AuthX509(X509 *x509) /* extract CN for peer Id */ std::string issuer = getX509CNString(x509->cert_info->issuer); RsPeerDetails pd; - if (!AuthGPG::getAuthGPG()->getGPGDetails(issuer, pd)) { + std::cerr << "Checking GPG issuer : " << issuer << std::endl ; + if (!AuthGPG::getAuthGPG()->getGPGDetails(issuer, pd)) + { std::cerr << "AuthSSL::AuthX509() X509 NOT authenticated : AuthGPG::getAuthGPG()->getGPGDetails() returned false." << std::endl; return false; } @@ -1991,6 +2005,10 @@ bool AuthSSL::AuthX509(X509 *x509) /* NOW check sign via GPG Functions */ //get the fingerprint of the key that is supposed to sign std::cerr << "AuthSSL::AuthX509() verifying the gpg sig with keyprint : " << pd.fpr << std::endl; + std::cerr << "Sigoutl = " << sigoutl << std::endl ; + std::cerr << "pd.fpr = " << pd.fpr << std::endl ; + std::cerr << "hashoutl = " << hashoutl << std::endl ; + if (!AuthGPG::getAuthGPG()->VerifySignBin(buf_hashout, hashoutl, buf_sigout, (unsigned int) sigoutl, pd.fpr)) { sigoutl = 0; goto err; @@ -2007,20 +2025,29 @@ bool AuthSSL::AuthX509(X509 *x509) bool AuthSSL::ValidateCertificate(X509 *x509, std::string &peerId) { /* check self signed */ - if (!AuthX509(x509) || !getX509id(x509, peerId)) { + if (!AuthX509(x509)) + { #ifdef AUTHSSL_DEBUG - std::cerr << "AuthSSL::ValidateCertificate() bad certificate."; - std::cerr << std::endl; + std::cerr << "AuthSSL::ValidateCertificate() bad certificate."; + std::cerr << std::endl; #endif - return false; + return false; + } + if(!getX509id(x509, peerId)) + { +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ValidateCertificate() Cannot retrieve peer id from certificate.."; + std::cerr << std::endl; +#endif + return false; } #ifdef AUTHSSL_DEBUG - std::cerr << "AuthSSL::ValidateCertificate() good certificate."; + std::cerr << "AuthSSL::ValidateCertificate() good certificate."; std::cerr << std::endl; #endif - return true; + return true; } /* store for discovery */ @@ -2039,6 +2066,8 @@ bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std out = malloc(inlen); memcpy(out, in, inlen); outlen = inlen; + + return true ; } bool AuthSSL::decrypt(void *&out, int &outlen, const void *in, int inlen) @@ -2050,6 +2079,8 @@ bool AuthSSL::decrypt(void *&out, int &outlen, const void *in, int inlen) out = malloc(inlen); memcpy(out, in, inlen); outlen = inlen; + + return true ; } @@ -2160,9 +2191,9 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx) { fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n"); fprintf(stderr, "issuer pgpid : "); - fprintf(stderr, pgpid.c_str()); + fprintf(stderr, "%s\n",pgpid.c_str()); fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : "); - fprintf(stderr, AuthGPG::getAuthGPG()->getGPGOwnId().c_str()); + fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str()); fprintf(stderr, "\n"); return false; } @@ -2176,9 +2207,9 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx) { fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n"); fprintf(stderr, "issuer pgpid : "); - fprintf(stderr, pgpid.c_str()); + fprintf(stderr, "%s\n",pgpid.c_str()); fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : "); - fprintf(stderr, AuthGPG::getAuthGPG()->getGPGOwnId().c_str()); + fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str()); fprintf(stderr, "\n"); return false; } @@ -2258,11 +2289,9 @@ int LoadCheckX509andGetLocation(const char *cert_file, std::string &location, st FILE *tmpfp = fopen(cert_file, "r"); if (tmpfp == NULL) { -#ifdef AUTHSSL_DEBUG std::cerr << "sslroot::LoadCheckAndGetX509Name()"; std::cerr << " Failed to open Certificate File:" << cert_file; std::cerr << std::endl; -#endif return 0; } @@ -2270,33 +2299,29 @@ int LoadCheckX509andGetLocation(const char *cert_file, std::string &location, st X509 *x509 = PEM_read_X509(tmpfp, NULL, NULL, NULL); fclose(tmpfp); + if(x509 == NULL) + { + std::cerr << "PEM_read_X509 failed !!" << std::endl ; + return false ; + } + // check the certificate. - bool valid = false; - if (x509) + // + + if (AuthSSL::getAuthSSL()->ValidateCertificate(x509, userId)) + location = getX509LocString(x509->cert_info->subject); + else { - valid =AuthSSL::getAuthSSL()->ValidateCertificate(x509, userId); - } - - if (valid) - { - // extract the name. - location = getX509LocString(x509->cert_info->subject); + std::cerr << "certificate validation failed !!" << std::endl ; + return false ; } + std::cerr << "getX509LocString ok. Info:" << std::endl ; std::cout << getX509Info(x509) << std::endl ; // clean up. X509_free(x509); - if (valid) - { - // happy! - return 1; - } - else - { - // something went wrong! - return 0; - } + return true ; } @@ -2464,7 +2489,6 @@ std::string getX509Info(X509 *cert) { std::stringstream out; long l; - int i,j; out << "X509 Certificate:" << std::endl; l=X509_get_version(cert);