File Coverage

blib/lib/FTN/Crypt.pm

Criterion	Covered	Total	%
statement	131	194	67.5
branch	31	66	46.9
condition	3	9	33.3
subroutine	18	21	85.7
pod	3	3	100.0
total	186	293	63.4

line	stmt	bran	cond	sub	pod	time	code
1							# FTN::Crypt - Encryption of the FTN messages
2							#
3							# Copyright (C) 2019 by Petr Antonov
4							#
5							# This library is free software; you can redistribute it and/or modify it
6							# under the same terms as Perl 5.10.0. For more details, see the full text
7							# of the licenses at https://opensource.org/licenses/Artistic-1.0, and
8							# http://www.gnu.org/licenses/gpl-2.0.html.
9							#
10							# This package is provided "as is" and without any express or implied
11							# warranties, including, without limitation, the implied warranties of
12							# merchantability and fitness for a particular purpose.
13							#
14
15							package FTN::Crypt;
16
17	2			2		135378	use strict;
	2					15
	2					55
18	2			2		10	use warnings;
	2					4
	2					48
19	2			2		25	use v5.10.1;
	2					7
20
21	2			2		10	use base qw/FTN::Crypt::Error/;
	2					4
	2					895
22
23							#----------------------------------------------------------------------#
24
25							=head1 NAME
26
27							FTN::Crypt - Encryption of the FTN messages.
28
29							=head2 VERSION
30
31							0.5.1
32
33							=cut
34
35							our $VERSION = '0.5.1';
36
37							#----------------------------------------------------------------------#
38
39							=head1 SYNOPSIS
40
41							use FTN::Crypt;
42
43							my $obj = FTN::Crypt->new(
44							Nodelist => 'NODELIST.*',
45							Pointlist => [
46							'pointlist_1.*',
47							'pointlist_2',
48							],
49							) or die FTN::Crypt->error;
50
51							$obj->encrypt_message(
52							Address => $ftn_address,
53							Message => $msg,
54							) or die $obj->error;
55
56							=head1 DESCRIPTION
57
58							The possibility of FTN netmail encryption may be sometimes a useful option.
59							Corresponding nodelist flag was proposed in FSC-0073.
60
61							Although current FidoNet Policy (version 4.07 dated June 9, 1989) clearly
62							forbids routing of encrypted traffic without the express permission of
63							all the links in the delivery system, it's still possible to deliver such
64							messages directly. And, obviously, such routing may be allowed in FTN
65							networks other than FidoNet.
66
67							The proposed nodelist userflag is ENCRYPT:[TYPE], where [TYPE] is one of
68							'PGP2', 'PGP5', 'GnuPG'. So encryption-capable node should have something
69							like U,ENCRYPT:PGP5 in his nodelist record.
70
71							=cut
72
73							#----------------------------------------------------------------------#
74
75	2			2		806	use FTN::Crypt::Constants;
	2					4
	2					58
76	2			2		878	use FTN::Crypt::Msg;
	2					6
	2					67
77	2			2		846	use FTN::Crypt::Nodelist;
	2					5
	2					74
78
79	2			2		1140	use GnuPG::Interface;
	2					698274
	2					81
80
81	2			2		17	use IO::Handle;
	2					4
	2					76
82
83	2			2		902	use PGP::Finger;
	2					2388020
	2					246
84
85	2			2		33	use Try::Tiny;
	2					10
	2					4223
86
87							#----------------------------------------------------------------------#
88
89							my $DEFAULT_KEYSERVER_URL = 'https://zimmermann.mayfirst.org/pks/lookup';
90
91							my $GPG2_BVER = '2.1.0';
92
93							#----------------------------------------------------------------------#
94
95							=head1 METHODS
96
97							=cut
98
99							#----------------------------------------------------------------------#
100
101							=head2 new()
102
103							Constructor.
104
105							=head3 Parameters:
106
107							=over 4
108
109							=item * C<Nodelist>: Path to nodelist file(s), either scalar or arrayref. If contains wildcard, file with maximum number in digital extension will be selected.
110
111							=item * B<Optional> C<Pointlist>: Path to pointlist file(s), either scalar or arrayref. If contains wildcard, file with maximum number in digital extension will be selected.
112
113							=item * B<Optional> C<Keyserver> Keyserver (defaults to 'https://zimmermann.mayfirst.org/pks/lookup').
114
115							=item * B<Optional> C<Pubring> Public keyring file.
116
117							=item * B<Optional> C<Secring> Secret keyring file.
118
119							=back
120
121							=head3 Returns:
122
123							Created object or error in C<FTN::Crypt-E<gt>error>.
124
125							Sample:
126
127							my $obj = FTN::Crypt->new(
128							Nodelist => 'NODELIST.*',
129							Pointlist => [
130							'pointlist_1.*',
131							'pointlist_2',
132							],
133							) or die FTN::Crypt->error;
134
135							=cut
136
137							sub new {
138	1			1	1	1212	my $class = shift;
139	1					6	my (%opts) = @_;
140
141	1	50				5	unless (%opts) {
142	0					0	$class->set_error('No options specified');
143	0					0	return;
144							}
145
146							my $self = {
147	1	50				23	keyserver_url => $opts{Keyserver} ? $opts{Keyserver} : $DEFAULT_KEYSERVER_URL,
148							gnupg => GnuPG::Interface->new(),
149							};
150
151							$self->{nodelist} = FTN::Crypt::Nodelist->new(
152							Nodelist => $opts{Nodelist},
153							Pointlist => $opts{Pointlist},
154	1					4216	);
155	1	50				11	unless ($self->{nodelist}) {
156	0					0	$class->set_error(FTN::Crypt::Nodelist->error);
157	0					0	return;
158							}
159
160							$self->{gnupg}->options->hash_init(
161	1					28	armor => 1,
162							meta_interactive => 0,
163							);
164
165	1	50				14338	$self->{gnupg}->options->push_extra_args('--keyring', $opts{Pubring}) if $opts{Pubring};
166	1	50				170	$self->{gnupg}->options->push_extra_args('--secret-keyring', $opts{Secring}) if $opts{Secring};
167	1					81	$self->{gnupg}->options->push_extra_args('--always-trust');
168
169	1					65	$self = bless $self, $class;
170	1					5	return $self;
171							}
172
173							#----------------------------------------------------------------------#
174
175							=head2 encrypt_message()
176
177							Message encryption.
178
179							=head3 Parameters:
180
181							=over 4
182
183							=item * C<Address>: Recipient's FTN address.
184
185							=item * C<Message>: FTN message text with kludges.
186
187							=back
188
189							=head3 Returns:
190
191							Encrypted message or error in C<$obj-E<gt>error>.
192
193							Sample:
194
195							my $res = $obj->encrypt_message(
196							Address => $ftn_address,
197							Message => $msg,
198							) or die $obj->error;
199
200							=cut
201
202							sub encrypt_message {
203	1			1	1	924	my $self = shift;
204	1					5	my (%opts) = @_;
205
206							my $msg = FTN::Crypt::Msg->new(
207							Address => $opts{Address},
208							Message => $opts{Message},
209	1					15	);
210	1	50				3	unless ($msg) {
211	0					0	$self->set_error(FTN::Crypt::Msg->error);
212	0					0	return;
213							}
214
215	1					2	my $res;
216
217	1					7	my ($addr, $method) = $self->{nodelist}->get_email_addr($msg->get_address);
218	1	50				36	unless ($addr) {
219	0					0	$self->set_error('Encryption-capable address not found', $self->{nodelist}->error);
220	0					0	return;
221							}
222
223	1					7	my $gnupg_ver = $self->{gnupg}->version;
224	1	50				18145	if ($method eq 'PGP2') {
		50
225	0	0				0	if (version->parse($gnupg_ver) < version->parse($GPG2_BVER)) {
226	0					0	$self->{gnupg}->options->meta_pgp_2_compatible(1);
227							} else {
228	0					0	$self->set_error("GnuPG is too new (ver. $gnupg_ver), can't ensure required encryption method ($method)");
229	0					0	return;
230							}
231							} elsif ($method eq 'PGP5') {
232	1					66	$self->{gnupg}->options->meta_pgp_5_compatible(1);
233							}
234
235	1	50	33			138	unless ($self->_lookup_key($addr) \|\| $self->_import_key($addr)) {
236	0					0	$self->set_error("PGP key for $addr not found");
237	0					0	return;
238							}
239
240	1					25	my $key_id = $self->_select_key($addr);
241	1					36	$self->{gnupg}->options->push_recipients($key_id);
242
243	1					125	my ($in_fh, $out_fh, $err_fh) = (IO::Handle->new(), IO::Handle->new(),
244							IO::Handle->new());
245
246	1					141	my $handles = GnuPG::Handles->new(
247							stdin => $in_fh,
248							stdout => $out_fh,
249							stderr => $err_fh,
250							);
251
252	1					572	my $pid = $self->{gnupg}->encrypt(handles => $handles);
253
254	1					4976	print $in_fh $msg->get_text;
255	1					15	close $in_fh;
256
257	1					9921	my $msg_enc = join '', <$out_fh>;
258	1					25	close $out_fh;
259
260	1					19	close $err_fh;
261
262	1					18	waitpid $pid, 0;
263
264	1	50				12	if ($msg_enc) {
265	1	50				13	unless ($msg->set_text($msg_enc)) {
266	0					0	$self->set_error("Can't write message text", $msg->error);
267	0					0	return;
268							}
269	1	50				7	unless ($msg->add_kludge("$FTN::Crypt::Constants::ENC_MESSAGE_KLUDGE: $method")) {
270	0					0	$self->set_error("Can't modify message kludges", $msg->error);
271	0					0	return;
272							}
273
274	1					5	$res = $msg->get_message;
275	1	50				5	unless ($res) {
276	0					0	$self->set_error("Can't get message", $msg->error);
277	0					0	return;
278							}
279							} else {
280	0					0	$self->set_error('Message enccryption failed');
281	0					0	return;
282							}
283
284	1					221	return $res;
285							}
286
287							#----------------------------------------------------------------------#
288
289							=head2 decrypt_message()
290
291							Message decryption.
292
293							=head3 Parameters:
294
295							=over 4
296
297							=item * C<Address>: Recipient's FTN address.
298
299							=item * C<Message>: FTN message text with kludges.
300
301							=item * C<Passphrase>: Key passphrase.
302
303							=back
304
305							=head3 Returns:
306
307							Decrypted message or error in C<$obj-E<gt>error>.
308
309							Sample:
310
311							my $res = $obj->decrypt_message(
312							Address => $ftn_address,
313							Message => $msg,
314							Passphrase => $pass,
315							) or die $obj->error;
316
317							=cut
318
319							sub decrypt_message {
320	1			1	1	1600	my $self = shift;
321	1					15	my (%opts) = @_;
322
323	1	50				7	unless (%opts) {
324	0					0	$self->set_error('No options specified');
325	0					0	return;
326							}
327	1	50				3	unless (defined $opts{Passphrase}) {
328	0					0	$self->set_error('No passphrase specified');
329	0					0	return;
330							}
331
332							my $msg = FTN::Crypt::Msg->new(
333							Address => $opts{Address},
334							Message => $opts{Message},
335	1					15	);
336	1	50				4	unless ($msg) {
337	0					0	$self->set_error(FTN::Crypt::Msg->error);
338	0					0	return;
339							}
340
341	1					8	my $res;
342
343							my $method_used;
344	1					3	foreach my $c (@{$msg->get_kludges}) {
	1					5
345	2					4	foreach my $k (@{$c}) {
	2					4
346	8	100				64	$method_used = $1 if $k =~ /^$FTN::Crypt::Constants::ENC_MESSAGE_KLUDGE:\s+(\w+)$/;
347							}
348							}
349	1	50				4	unless ($method_used) {
350	0					0	$self->set_error('Message seems not to be encrypted');
351	0					0	return;
352							}
353
354	1					11	my ($addr, $method) = $self->{nodelist}->get_email_addr($msg->get_address);
355	1	50				29	unless ($addr) {
356	0					0	$self->set_error('Encryption-capable address not found', $self->{nodelist}->error);
357	0					0	return;
358							}
359	1	50				4	unless ($method) {
360	0					0	$self->set_error('Encryption method not found', $self->{nodelist}->error);
361	0					0	return;
362							}
363
364	1	50				4	if ($method ne $method_used) {
365	0					0	$self->set_error("Message is encrypted with $method_used while node uses $method");
366	0					0	return;
367							}
368
369	1					21	my ($in_fh, $out_fh, $err_fh, $pass_fh) = (IO::Handle->new(),
370							IO::Handle->new(), IO::Handle->new(), IO::Handle->new());
371
372	1					178	my $handles = GnuPG::Handles->new(
373							stdin => $in_fh,
374							stdout => $out_fh,
375							stderr => $err_fh,
376							passphrase => $pass_fh,
377							);
378
379	1					665	my $pid = $self->{gnupg}->decrypt(handles => $handles);
380
381	1					5147	print $pass_fh $opts{Passphrase};
382	1					23	close $pass_fh;
383
384	1					47	print $in_fh $msg->get_text;
385	1					25	close $in_fh;
386
387	1					12624	my $msg_dec = join '', <$out_fh>;
388	1					32	close $out_fh;
389
390	1					16	close $err_fh;
391
392	1					29	waitpid $pid, 0;
393
394	1	50				19	if ($msg_dec) {
395	1	50				93	unless ($msg->set_text($msg_dec)) {
396	0					0	$self->set_error("Can't write message text", $msg->error);
397	0					0	return;
398							}
399	1	50				14	unless ($msg->remove_kludge($FTN::Crypt::Constants::ENC_MESSAGE_KLUDGE)) {
400	0					0	$self->set_error("Can't modify message kludges", $msg->error);
401	0					0	return;
402							}
403
404	1					63	$res = $msg->get_message;
405	1	50				10	unless ($res) {
406	0					0	$self->set_error("Can't get message", $msg->error);
407	0					0	return;
408							}
409							} else {
410	0					0	$self->set_error('Message decryption failed');
411	0					0	return;
412							}
413
414	1					138	return $res;
415							}
416
417							#----------------------------------------------------------------------#
418
419							sub _lookup_key {
420	2			2		369	my $self = shift;
421	2					11	my ($uid) = @_;
422
423	2					63	my ($out_fh, $err_fh) = (IO::Handle->new(), IO::Handle->new());
424
425	2					296	my $handles = GnuPG::Handles->new(
426							stdout => $out_fh,
427							stderr => $err_fh,
428							);
429
430							my $pid = $self->{gnupg}->list_public_keys(
431	2					928	handles => $handles,
432							command_args => [$uid],
433							);
434
435	2					26210	my $out = join '', <$out_fh>;
436
437	2					51	close $out_fh;
438	2					28	close $err_fh;
439
440	2					47	waitpid $pid, 0;
441
442	2	50				173	return $out ? 1 : 0;
443							}
444
445							#----------------------------------------------------------------------#
446
447							sub _import_key {
448	0			0		0	my ($self, $uid) = @_;
449
450	0	0				0	return if $self->_lookup_key($uid);
451
452	0					0	my $res;
453
454							try {
455							my $finger = PGP::Finger->new(
456							sources => [
457							PGP::Finger::Keyserver->new(
458							url => $self->{keyserver_url},
459	0			0		0	),
460							# Now there are no PGP-related DNS records in fidonet.net zone
461							#~ PGP::Finger::DNS->new(
462							#~ dnssec => 1,
463							#~ rr_types => ['OPENPGPKEY', 'TYPE61'],
464							#~ ),
465							],
466							);
467	0					0	$res = $finger->fetch($uid);
468							} catch {
469	0			0		0	return;
470	0					0	};
471
472	0	0				0	if ($res) {
473	0					0	my ($in_fh, $out_fh, $err_fh) = (IO::Handle->new(),
474							IO::Handle->new(), IO::Handle->new());
475
476	0					0	my $handles = GnuPG::Handles->new(
477							stdin => $in_fh,
478							stdout => $out_fh,
479							stderr => $err_fh,
480							);
481
482	0					0	my $pid = $self->{gnupg}->import_keys(handles => $handles);
483
484	0					0	print $in_fh $res->as_string('armored');
485	0					0	close $in_fh;
486
487	0					0	close $out_fh;
488	0					0	close $err_fh;
489
490	0					0	waitpid $pid, 0;
491
492	0					0	return 1;
493							}
494
495	0					0	return;
496							}
497
498							#----------------------------------------------------------------------#
499
500							sub _select_key {
501	1			1		11	my ($self, $uid) = @_;
502
503	1	50				16	return unless $self->_lookup_key($uid);
504
505	1					17	my @keys;
506	1					25	foreach my $key ($self->{gnupg}->get_public_keys($uid)) {
507	1	50	33			169151	push @keys, [$key->creation_date, $key->hex_id]
508							if !$self->_key_is_disabled($key) && $self->_key_can_encrypt($key);
509	1					53	foreach my $subkey (@{$key->subkeys_ref}) {
	1					20
510	1	50	33			7	push @keys, [$subkey->creation_date, $subkey->hex_id]
511							if !$self->_key_is_disabled($subkey) && $self->_key_can_encrypt($subkey);
512							}
513							}
514
515	1					9	@keys = map { '0x' . substr $_->[1], -8 }
516	1					76	sort { $b->[0] <=> $a->[0] }
	0					0
517							@keys;
518
519	1					5	return $keys[0];
520							}
521
522							#----------------------------------------------------------------------#
523
524							sub _key_is_disabled {
525	2			2		8	my ($self, $key) = @_;
526
527	2					47	return index($key->usage_flags, 'D') != -1;
528							}
529
530							#----------------------------------------------------------------------#
531
532							sub _key_can_encrypt {
533	2			2		63	my ($self, $key) = @_;
534
535	2					40	return index($key->usage_flags, 'E') != -1;
536							}
537
538							1;
539							__END__
540
541							=head1 AUTHOR
542
543							Petr Antonov, E<lt>pietro@cpan.orgE<gt>
544
545							=head1 COPYRIGHT AND LICENSE
546
547							Copyright (C) 2019 by Petr Antonov
548
549							This library is free software; you can redistribute it and/or modify it
550							under the same terms as Perl 5.10.0. For more details, see the full text
551							of the licenses at L<https://opensource.org/licenses/Artistic-1.0>, and
552							L<http://www.gnu.org/licenses/gpl-2.0.html>.
553
554							This package is provided "as is" and without any express or implied
555							warranties, including, without limitation, the implied warranties of
556							merchantability and fitness for a particular purpose.
557
558							=head1 INSTALLATION
559
560							Using C<cpan>:
561
562							$ cpan FTN::Crypt
563
564							Manual install:
565
566							$ perl Makefile.PL
567							$ make
568							$ make test
569							$ make install
570
571							=head1 REFERENCES
572
573							=over 4
574
575							=item 1 L<FidoNet Policy Document Version 4.07\|https://www.fidonet.org/policy4.txt>
576
577							=item 2 L<FTS-5001 - Nodelist flags and userflags\|http://ftsc.org/docs/fts-5001.006>
578
579							=item 3 L<FSC-0073 - Encrypted message identification for FidoNet Draft I\|http://ftsc.org/docs/fsc-0073.001>
580
581							=back
582
583							=cut