Mercurial > ~mikael > mcabber > hg

comparison mcabber/src/jabglue.c @ 1067:a5dc85fdebde

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add key comparison for signatures & use user-provided PGP keys for encryption When we receive a signed presence/message, we check that the key used matches the one which has been set with "/pgp setkey". If provided, we use this key for encryption too.
author Mikael Berthe <mikael@lilotux.net>
date Sat, 02 Dec 2006 13:11:44 +0100
parents 230dca34dbea
children 866be086cc9b
comparison
equal deleted inserted replaced
1066:6de60e142372 1067:a5dc85fdebde
542 542
543 // If we can get a resource name, we use it. Else we use NULL, 543 // If we can get a resource name, we use it. Else we use NULL,
544 // which hopefully will give us the most likely resource. 544 // which hopefully will give us the most likely resource.
545 if (rname) 545 if (rname)
546 rname++; 546 rname++;
547 #endif
548 547
549 #ifdef HAVE_GPGME 548 #ifdef HAVE_GPGME
550 if (type == ROSTER_TYPE_USER && sl_buddy && gpg_enabled()) { 549 if (type == ROSTER_TYPE_USER && sl_buddy && gpg_enabled()) {
551 if (!settings_pgp_getdisabled(barejid)) { // disabled for this contact? 550 if (!settings_pgp_getdisabled(barejid)) { // disabled for this contact?
552 struct pgp_data *res_pgpdata; 551 struct pgp_data *res_pgpdata;
553 res_pgpdata = buddy_resource_pgp(sl_buddy->data, rname); 552 res_pgpdata = buddy_resource_pgp(sl_buddy->data, rname);
554 if (res_pgpdata && res_pgpdata->sign_keyid) 553 if (res_pgpdata && res_pgpdata->sign_keyid) {
555 enc = gpg_encrypt(text, res_pgpdata->sign_keyid); 554 /* Remote client has PGP support (we have a signature).
556 } 555 * If the contact has a specific KeyId, we'll use it;
557 } 556 * if not, we'll use the key used for the signature.
558 #endif 557 * Both keys should match, in theory (cf. XEP-0027). */
559 #if defined HAVE_GPGME || defined JEP0022 || defined JEP0085 558 const char *key;
559 key = settings_pgp_getkeyid(barejid);
560 if (!key)
561 key = res_pgpdata->sign_keyid;
562 enc = gpg_encrypt(text, key);
563 }
564 }
565 }
566 #endif // HAVE_GPGME
567
560 g_free(barejid); 568 g_free(barejid);
561 #endif 569 #endif // HAVE_GPGME || defined JEP0022 || defined JEP0085
562 570
563 x = jutil_msgnew(strtype, (char*)fjid, NULL, 571 x = jutil_msgnew(strtype, (char*)fjid, NULL,
564 (enc ? "This message is PGP-encrypted." : (char*)text)); 572 (enc ? "This message is PGP-encrypted." : (char*)text));
565 if (subject) { 573 if (subject) {
566 xmlnode y; 574 xmlnode y;
1477 if (!p) 1485 if (!p)
1478 return; 1486 return;
1479 1487
1480 key = gpg_verify(p, text, &sigsum); 1488 key = gpg_verify(p, text, &sigsum);
1481 if (key) { 1489 if (key) {
1490 const char *expectedkey;
1491 char *buf;
1482 g_free(res_pgpdata->sign_keyid); 1492 g_free(res_pgpdata->sign_keyid);
1483 res_pgpdata->sign_keyid = key; 1493 res_pgpdata->sign_keyid = key;
1484 res_pgpdata->last_sigsum = sigsum; 1494 res_pgpdata->last_sigsum = sigsum;
1485 if (sigsum & GPGME_SIGSUM_RED) { 1495 if (sigsum & GPGME_SIGSUM_RED) {
1486 char *buf = g_strdup_printf("Bad signature from <%s/%s>", barejid, rname); 1496 buf = g_strdup_printf("Bad signature from <%s/%s>", barejid, rname);
1497 scr_WriteIncomingMessage(barejid, buf, 0, HBB_PREFIX_INFO);
1498 scr_LogPrint(LPRINT_LOGNORM, "%s", buf);
1499 g_free(buf);
1500 }
1501 // Verify that the key id is the one we expect.
1502 expectedkey = settings_pgp_getkeyid(barejid);
1503 if (expectedkey && strcasecmp(key, expectedkey)) {
1504 buf = g_strdup_printf("Warning: The KeyId from <%s/%s> doesn't match "
1505 "the key you set up", barejid, rname);
1487 scr_WriteIncomingMessage(barejid, buf, 0, HBB_PREFIX_INFO); 1506 scr_WriteIncomingMessage(barejid, buf, 0, HBB_PREFIX_INFO);
1488 scr_LogPrint(LPRINT_LOGNORM, "%s", buf); 1507 scr_LogPrint(LPRINT_LOGNORM, "%s", buf);
1489 g_free(buf); 1508 g_free(buf);
1490 } 1509 }
1491 } 1510 }