Mercurial > ~mikael > mcabber > hg
comparison mcabber/src/jabglue.c @ 1067:a5dc85fdebde
Add key comparison for signatures & use user-provided PGP keys for encryption
When we receive a signed presence/message, we check that the key used matches
the one which has been set with "/pgp setkey".
If provided, we use this key for encryption too.
author | Mikael Berthe <mikael@lilotux.net> |
---|---|
date | Sat, 02 Dec 2006 13:11:44 +0100 |
parents | 230dca34dbea |
children | 866be086cc9b |
comparison
equal
deleted
inserted
replaced
1066:6de60e142372 | 1067:a5dc85fdebde |
---|---|
542 | 542 |
543 // If we can get a resource name, we use it. Else we use NULL, | 543 // If we can get a resource name, we use it. Else we use NULL, |
544 // which hopefully will give us the most likely resource. | 544 // which hopefully will give us the most likely resource. |
545 if (rname) | 545 if (rname) |
546 rname++; | 546 rname++; |
547 #endif | |
548 | 547 |
549 #ifdef HAVE_GPGME | 548 #ifdef HAVE_GPGME |
550 if (type == ROSTER_TYPE_USER && sl_buddy && gpg_enabled()) { | 549 if (type == ROSTER_TYPE_USER && sl_buddy && gpg_enabled()) { |
551 if (!settings_pgp_getdisabled(barejid)) { // disabled for this contact? | 550 if (!settings_pgp_getdisabled(barejid)) { // disabled for this contact? |
552 struct pgp_data *res_pgpdata; | 551 struct pgp_data *res_pgpdata; |
553 res_pgpdata = buddy_resource_pgp(sl_buddy->data, rname); | 552 res_pgpdata = buddy_resource_pgp(sl_buddy->data, rname); |
554 if (res_pgpdata && res_pgpdata->sign_keyid) | 553 if (res_pgpdata && res_pgpdata->sign_keyid) { |
555 enc = gpg_encrypt(text, res_pgpdata->sign_keyid); | 554 /* Remote client has PGP support (we have a signature). |
556 } | 555 * If the contact has a specific KeyId, we'll use it; |
557 } | 556 * if not, we'll use the key used for the signature. |
558 #endif | 557 * Both keys should match, in theory (cf. XEP-0027). */ |
559 #if defined HAVE_GPGME || defined JEP0022 || defined JEP0085 | 558 const char *key; |
559 key = settings_pgp_getkeyid(barejid); | |
560 if (!key) | |
561 key = res_pgpdata->sign_keyid; | |
562 enc = gpg_encrypt(text, key); | |
563 } | |
564 } | |
565 } | |
566 #endif // HAVE_GPGME | |
567 | |
560 g_free(barejid); | 568 g_free(barejid); |
561 #endif | 569 #endif // HAVE_GPGME || defined JEP0022 || defined JEP0085 |
562 | 570 |
563 x = jutil_msgnew(strtype, (char*)fjid, NULL, | 571 x = jutil_msgnew(strtype, (char*)fjid, NULL, |
564 (enc ? "This message is PGP-encrypted." : (char*)text)); | 572 (enc ? "This message is PGP-encrypted." : (char*)text)); |
565 if (subject) { | 573 if (subject) { |
566 xmlnode y; | 574 xmlnode y; |
1477 if (!p) | 1485 if (!p) |
1478 return; | 1486 return; |
1479 | 1487 |
1480 key = gpg_verify(p, text, &sigsum); | 1488 key = gpg_verify(p, text, &sigsum); |
1481 if (key) { | 1489 if (key) { |
1490 const char *expectedkey; | |
1491 char *buf; | |
1482 g_free(res_pgpdata->sign_keyid); | 1492 g_free(res_pgpdata->sign_keyid); |
1483 res_pgpdata->sign_keyid = key; | 1493 res_pgpdata->sign_keyid = key; |
1484 res_pgpdata->last_sigsum = sigsum; | 1494 res_pgpdata->last_sigsum = sigsum; |
1485 if (sigsum & GPGME_SIGSUM_RED) { | 1495 if (sigsum & GPGME_SIGSUM_RED) { |
1486 char *buf = g_strdup_printf("Bad signature from <%s/%s>", barejid, rname); | 1496 buf = g_strdup_printf("Bad signature from <%s/%s>", barejid, rname); |
1497 scr_WriteIncomingMessage(barejid, buf, 0, HBB_PREFIX_INFO); | |
1498 scr_LogPrint(LPRINT_LOGNORM, "%s", buf); | |
1499 g_free(buf); | |
1500 } | |
1501 // Verify that the key id is the one we expect. | |
1502 expectedkey = settings_pgp_getkeyid(barejid); | |
1503 if (expectedkey && strcasecmp(key, expectedkey)) { | |
1504 buf = g_strdup_printf("Warning: The KeyId from <%s/%s> doesn't match " | |
1505 "the key you set up", barejid, rname); | |
1487 scr_WriteIncomingMessage(barejid, buf, 0, HBB_PREFIX_INFO); | 1506 scr_WriteIncomingMessage(barejid, buf, 0, HBB_PREFIX_INFO); |
1488 scr_LogPrint(LPRINT_LOGNORM, "%s", buf); | 1507 scr_LogPrint(LPRINT_LOGNORM, "%s", buf); |
1489 g_free(buf); | 1508 g_free(buf); |
1490 } | 1509 } |
1491 } | 1510 } |