netpgp : decrypt and verify. Fixing needed in netpgp. netpgp cannot decrypt msg encrypted with gpg. netpgp can decrypt its own msg, but cannot verify own clearsign msg
authorEdouard Tisserant
Sat, 04 Apr 2015 01:01:22 +0200
changeset 1806008e35e7735
parent 179 112fadcf74b9
child 181 b6d34189c17f
netpgp : decrypt and verify. Fixing needed in netpgp. netpgp cannot decrypt msg encrypted with gpg. netpgp can decrypt its own msg, but cannot verify own clearsign msg
src/pgp_netpgp.c
     1.1 --- a/src/pgp_netpgp.c	Fri Apr 03 15:41:59 2015 +0200
     1.2 +++ b/src/pgp_netpgp.c	Sat Apr 04 01:01:22 2015 +0200
     1.3 @@ -9,6 +9,8 @@
     1.4  #include <netpgp/config.h>
     1.5  #include <netpgp/memory.h>
     1.6  #include <netpgp/crypto.h>
     1.7 +#include <netpgp/netpgpsdk.h>
     1.8 +#include <netpgp/validate.h>
     1.9  
    1.10  PEP_STATUS pgp_init(PEP_SESSION session, bool in_first)
    1.11  {
    1.12 @@ -28,6 +30,10 @@
    1.13  
    1.14  	memset(netpgp, 0x0, sizeof(session->ctx));
    1.15  
    1.16 +    // netpgp_setvar(netpgp, "max mem alloc", "4194304");
    1.17 +    netpgp_setvar(netpgp, "need seckey", "1");
    1.18 +    netpgp_setvar(netpgp, "need userid", "1");
    1.19 +
    1.20      // NetPGP shares home with GPG
    1.21      home = gpg_home();
    1.22      if(home){
    1.23 @@ -78,7 +84,12 @@
    1.24  {
    1.25      netpgp_t *netpgp;
    1.26  	pgp_memory_t *mem;
    1.27 +	pgp_memory_t *cat;
    1.28 +	pgp_validation_t vresult;
    1.29  	pgp_io_t *io;
    1.30 +    char *_ptext = NULL;
    1.31 +    size_t _psize = 0;
    1.32 +	int ret;
    1.33  
    1.34      PEP_STATUS result;
    1.35      stringlist_t *_keylist = NULL;
    1.36 @@ -105,20 +116,21 @@
    1.37                  netpgp->secring, netpgp->pubring,
    1.38                  1 /* armoured */,
    1.39                  0 /* sshkeys */,
    1.40 -                NULL, 0, NULL /* pass fp,attempts,cb */);
    1.41 +                NULL, -1, NULL  /* pass fp,attempts,cb */);
    1.42      if (mem == NULL) {
    1.43          return PEP_OUT_OF_MEMORY;
    1.44      }
    1.45  
    1.46 -	*psize = pgp_mem_len(mem);
    1.47 -	if ((ptext = calloc(1, *psize)) == NULL) {
    1.48 +	_psize = pgp_mem_len(mem);
    1.49 +	if ((_ptext = calloc(1, _psize)) == NULL) {
    1.50          return PEP_OUT_OF_MEMORY;
    1.51  	}
    1.52 -	memcpy(*ptext, pgp_mem_data(mem), *psize);
    1.53 -	pgp_memory_free(mem);
    1.54 +	memcpy(_ptext, pgp_mem_data(mem), _psize);
    1.55  
    1.56      result = PEP_DECRYPTED;
    1.57  
    1.58 +    cat = pgp_memory_new();
    1.59 +
    1.60      /* if recognized */
    1.61      /* decrypt */
    1.62      /* if OK, verify */
    1.63 @@ -130,6 +142,30 @@
    1.64      result = PEP_DECRYPT_NO_KEY;
    1.65      return PEP_OUT_OF_MEMORY;
    1.66      */
    1.67 +	(void) memset(&vresult, 0x0, sizeof(vresult));
    1.68 +	ret = pgp_validate_mem(io, &vresult, mem,
    1.69 +				&cat, 1, netpgp->pubring);
    1.70 +
    1.71 +	// pgp_memory_free(mem) done by pgp_validate_mem
    1.72 +
    1.73 +	if (ret) {
    1.74 +		// resultp(io, "<stdin>", &vresult, netpgp->pubring);
    1.75 +	    // signedmem is freed from pgp_validate_mem
    1.76 +        result = PEP_DECRYPTED_AND_VERIFIED;
    1.77 +	}else{
    1.78 +        if (vresult.validc + vresult.invalidc + vresult.unknownc == 0) {
    1.79 +            // No signatures found - is this memory signed?
    1.80 +            result = PEP_DECRYPT_NO_KEY;
    1.81 +        } else if (vresult.invalidc == 0 && vresult.unknownc == 0) {
    1.82 +            // memory verification failure: invalid signature time
    1.83 +            result = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
    1.84 +        } else {
    1.85 +            // memory verification failure: 
    1.86 +            // invalid signatures result.invalidc
    1.87 +            // unknown signatures result.unknownc
    1.88 +            result = PEP_DECRYPT_WRONG_FORMAT;
    1.89 +        }
    1.90 +    }
    1.91      //result = PEP_UNKNOWN_ERROR;
    1.92      //            stringlist_t *k;
    1.93      //            _keylist = new_stringlist(NULL);
    1.94 @@ -143,6 +179,19 @@
    1.95      //                    k = stringlist_add(k, "SIGNATURE FPR"/*TODO*/);
    1.96      //            } while (0 /* TODO sign next*/);
    1.97  
    1.98 +    pgp_memory_free(cat);
    1.99 +
   1.100 +    if (result == PEP_DECRYPTED_AND_VERIFIED
   1.101 +        || result == PEP_DECRYPTED) {
   1.102 +        *ptext = _ptext;
   1.103 +        *psize = _psize;
   1.104 +        (*ptext)[*psize] = 0; // safeguard for naive users
   1.105 +        // *keylist = _keylist;
   1.106 +    }
   1.107 +    else {
   1.108 +        // free_stringlist(_keylist);
   1.109 +        free(_ptext);
   1.110 +    }
   1.111      return result;
   1.112  }
   1.113