backport #1911 to GNOME 43 (based on v54)

refactor(core): update certificate generation

Update the certificate generation to produce EC-based certificates
with the required device ID format.

refactor(core): reject invalid device IDs

Check incoming device IDs and reject connections from those with
an ID not matching `/[a-zA-Z0-9_]{32,38}/`.

refactor(device): generate device IDs per protocol v8

refactor(core): migrate installations to new certificates

Migrate installations to new certificates, with device IDs
following the protocol v8 constraints.

test: update certificates and private keys

feat(daemon): add migration notification

Add a brief notification, explaining that GSConnect has been
updated and some devices may require re-pairing.

device: support protocol v8 verification key

See: https://invent.kde.org/network/kdeconnect-meta/-/merge_requests/10

feat: add support for protocol version 8

Add support for the planned changes in protocol version 8.

See: https://invent.kde.org/network/kdeconnect-android/-/commit/454b2fd5d7b3162443fbec4a6f0b7cafa1b554ee

installed-tests/data/local-certificate.pem

@@ -1,33 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIIFpTCCA42gAwIBAgIUYVlJk/6vssQfUOXo9SNb7NfxixwwDQYJKoZIhvcNAQEL
-BQAwYjEdMBsGA1UECgwUYW5keWhvbG1lcy5naXRodWIuaW8xEjAQBgNVBAsMCUdT
-Q29ubmVjdDEtMCsGA1UEAwwkZDJkMjExN2EtNDlmNy00NzllLThkYWYtNjhjODlh
-M2Y3YWQyMB4XDTIwMDgyNTIyMDEwOVoXDTMwMDgyMzIyMDEwOVowYjEdMBsGA1UE
-CgwUYW5keWhvbG1lcy5naXRodWIuaW8xEjAQBgNVBAsMCUdTQ29ubmVjdDEtMCsG
-A1UEAwwkZDJkMjExN2EtNDlmNy00NzllLThkYWYtNjhjODlhM2Y3YWQyMIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxsFITnzdsa4lhk8opxJ8lcvEWZvn
-WwhjJIiu6qFnzlg9VAnS0QrUUMxNxOVVhmeSSPlV3+r23h3y4I/Irzm8PBOcBM4A
-uvYZneP9+K/24edrCsdoAIcws5nI2JTvbqF5XowRKy4YX9EaIQS3EvYfKrjYDiiF
-0rVmV57GotrC/ntElF5CZlKO2338FuC78lWhnKHd6vJ6OyciMvdz10BsfkLBd0ME
-7v74n1P0w6jV40J1KORtdtXKRo2XHgDBiDM557jHJTiIFNhb5LLOfcinCXgSuVXf
-otfwsBuD1evRrnA3hY/k/LHYUNEE0HscQXmhrPA7BdrSB4Cc5lPLVyTQa3rCD6vQ
-j/RL6dAwNeiiW8lgC+l4x8QBvxks8JLpLzLO6LwBf0QoOBQOlksgFI4qa+vku39k
-GLHihWK7T0eNW5ly1v3siQfcX1Y2BSJ+mywS7rqWLjAFbBLmwjKErYIoOpOC316c
-9Z7YhQ8r8CBf1f91h5uyxIZ01NWyqn91ncJ5yn9ivXBEdF/w0YAYvh9LU18sUYYK
-AJR4RmE7uFGBmXO638MCXxItxyX2kvAVjJ3zxQbuMnBKVYDh/9vywwpgfIx96e3A
-PIZMXQPDuFX362FwXRKsf5hWOZMA7Si9CTLRxz05z+OedMR0IpAQLOdAGm9ll3YD
-HYuuUOFDyiiYP5cCAwEAAaNTMFEwHQYDVR0OBBYEFMjbPPr7CRy6OYk9H/G8BAHj
-TU94MB8GA1UdIwQYMBaAFMjbPPr7CRy6OYk9H/G8BAHjTU94MA8GA1UdEwEB/wQF
-MAMBAf8wDQYJKoZIhvcNAQELBQADggIBALXCEPO2z4TghwbDkxK0YQiqokKDs1I/
-o6j5HKYw4OhL2WMQPkT0r39bFLazW1EO2mrH9twRSJ9im0Hwrggmw91CNMdy9fuH
-uNCExw9j+lbJeyBEAZTk/SwruKArEdksEUF7Gpe8eBnJ8epJWfiN95pNkMCxd3Oj
-mQ7UhALjuDwBAiOrQ9/iQPNU0tubbgfSLC500ycaE8SmEpdMF6bNzURYZLsMaBdi
-j9/pTezujrch66KVEIjsCHXSguxBR4imZC3nK3x70ILHqd+bOFJNVn1xNfc8fpxy
-ftRhZphBNb/hN7dlDG2ZkFAXfRu7F2xGmuC3n4OHKOSAEOP3EmYP7YS77+K4bk3s
-njbjnwZWE9wQPfbuK7fN5Sf8mKUFVZhkPKT22ARvhmKpCjcEnwxLgWxAfpEX60vr
-41oZwnXbZwBKzSWhtzo8jQA4otEBS7qO4THi6iUWRcj4Cz4ThzeV6RgWSQemUU0v
-v8PR/ob84uisQN0nwPRPgHmwSRIb3TgguibKlOCEhNMRwmlPtQZp33AOLL8oPeP3
-YTkVajMbUpTvUogh8Cf0xhJ0mHicxgkPbo/tvnnVxkjyCUmyX/juEaQTEbiSk+ww
-N7W1qp2gz7Sfjr1z4N4QQybEt9yknMoKL1wL1uKSdH/oQcGr9vaZUtJFcSVGlMX5
-qCyBnxGQDn60
+MIICGTCCAb+gAwIBAgIUVw9/gMZ6nAXyg01TnEvA1b/+MZ0wCgYIKoZIzj0EAwIw
+YjEdMBsGA1UECgwUYW5keWhvbG1lcy5naXRodWIuaW8xEjAQBgNVBAsMCUdTQ29u
+bmVjdDEtMCsGA1UEAwwkNzI3ZjFlNjZfOGNjYV80ZmJjXzhjZWZfYmI1ZjhhNmQ3
+NmE4MB4XDTI1MDEyMjIzNDA0NloXDTM1MDEyMDIzNDA0NlowYjEdMBsGA1UECgwU
+YW5keWhvbG1lcy5naXRodWIuaW8xEjAQBgNVBAsMCUdTQ29ubmVjdDEtMCsGA1UE
+AwwkNzI3ZjFlNjZfOGNjYV80ZmJjXzhjZWZfYmI1ZjhhNmQ3NmE4MFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEmfrGvWuO+B7HYMVLpwPwvj37tMI56M+mGD3vJqtC
+czlbUc93QWInx321DdiTvkSemZMVIiaNcLUTIPVhIBcXXKNTMFEwHQYDVR0OBBYE
+FOopjpkIVg+dDG8I61h+rGOXXUxiMB8GA1UdIwQYMBaAFOopjpkIVg+dDG8I61h+
+rGOXXUxiMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIpSmOMp
+NFzHPtcZ5EA8UGRe6dM1qtM/rDpWl60gX1W5AiAT5yHnLF3y5SQmDrI4DRJZ3uEj
+5lAze4JDN3O3SZNWxA==
 -----END CERTIFICATE-----

installed-tests/data/local-private.pem

@@ -1,52 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDGwUhOfN2xriWG
-TyinEnyVy8RZm+dbCGMkiK7qoWfOWD1UCdLRCtRQzE3E5VWGZ5JI+VXf6vbeHfLg
-j8ivObw8E5wEzgC69hmd4/34r/bh52sKx2gAhzCzmcjYlO9uoXlejBErLhhf0Roh
-BLcS9h8quNgOKIXStWZXnsai2sL+e0SUXkJmUo7bffwW4LvyVaGcod3q8no7JyIy
-93PXQGx+QsF3QwTu/vifU/TDqNXjQnUo5G121cpGjZceAMGIMznnuMclOIgU2Fvk
-ss59yKcJeBK5Vd+i1/CwG4PV69GucDeFj+T8sdhQ0QTQexxBeaGs8DsF2tIHgJzm
-U8tXJNBresIPq9CP9Evp0DA16KJbyWAL6XjHxAG/GSzwkukvMs7ovAF/RCg4FA6W
-SyAUjipr6+S7f2QYseKFYrtPR41bmXLW/eyJB9xfVjYFIn6bLBLuupYuMAVsEubC
-MoStgig6k4LfXpz1ntiFDyvwIF/V/3WHm7LEhnTU1bKqf3WdwnnKf2K9cER0X/DR
-gBi+H0tTXyxRhgoAlHhGYTu4UYGZc7rfwwJfEi3HJfaS8BWMnfPFBu4ycEpVgOH/
-2/LDCmB8jH3p7cA8hkxdA8O4VffrYXBdEqx/mFY5kwDtKL0JMtHHPTnP4550xHQi
-kBAs50Aab2WXdgMdi65Q4UPKKJg/lwIDAQABAoICAQCwa0f/Qx6VZHqyaPkws1wa
-qrAyygvl5d/6wchhQ7uckP5+5elW3EHxJiexqc7samqSk58CDtHp/rNjWL1Nq/XF
-bbKDIUfMrD24xHLel3KQupVtD+rk7RrxkIOSm0Cb9oCAx9tFdLj18+k5fbHzBrxL
-c59zkcyXZ6TcCXdPftauhEQvXiuaH5XmhkGJHRo21IOLQLJ2pZyRfP8CNluAqRKk
-UCTh838hlPiilCcitW6FNqxAC+KOJN5TGcMVQp6GgtHXOVCrXS6NMi7/JSfcxope
-AVK9Z9gF958Q8ptm+tc3+yuNRlh/ZG0Z7y5Sz7QY+hnkI6iAXecn+aVLXP2U8Hx+
-GSc4iJsBzqixYCNBrtkfEBXeL6AR+9z6aLJsYVlxkI7Zbw1uV/wPI5YDyqG3pBLZ
-fdiqQNd99K6jg/nJdigCXY5KMBAmtj8Cm/B9hsrrhOqBCNEcQ7ES9mprM3YF+euW
-fNVMUXSnwpH6mFN6KiJnxUJdgzqF3OJiGPAu9JSVZHxH3IZ4gVvjLh5Zg/zKO48v
-pNvvNLLDg/kU4OZmq9NojRmUhhEITodtky1pysroD+5jJyg4CuE5ewl9eQvSY0o9
-0TrA2dbFzrYjT7jW7CEZLZlTd0Sh48qS7KXo19rFSllBWRU686tkukb5JJAuSZf3
-2FI/ZJGlNNIuMFQeaq/gIQKCAQEA8am/oZlAp+3ySPlkNwDZUvfbRJ2sAy/aK1IP
-4o/368YpXiMK0wSY1o4jUZGRX0c6Y65b+3AJdJ/5hr8lxKq7Yjek1F20wdXo6qI9
-wnWQQvvEw2PiYvXj2nk05+deOotDZQgfPAY9FiJG5ohlhePlM0Ndv2cDl1rZLG8X
-l8q5fHJTS1TGIIXQR/j3qitiRLBMwn4rOvS/JyNuCTJc3DLHETsiLB13wUWGqy6B
-42vUlKi9vDRawkpDLyatLEMEKFhNadL/2eg8KB9je1vyz+W9YMxZJujamwfoze6f
-i8Br46RqI6xof68MagIHcSP2Bb44G5dAlOlH44TvDs036jzzIwKCAQEA0oveZVlB
-WXPh6He/mzpCgXChI1LELcBsD0wGXDdDu0hJFX2UXhUIdGr+bDc+mBbndKniI/To
-5jXsk32AoO1Tfr/M3U8lpDqQSJqnteaQ2iv/TIs4t0MmYqbBJDwQhoBt6WgIk6p7
-zqQNxpBF1tMaJgO29XxQwLvz1LKzraZycrK5MX3qmlgndK0gv2uh+41Vj6fq9+9/
-CwQmOnL6GqA3XuqMWwCDHzKWuQMw0mlilDj4zEBZrnzSfV/ABlcZfUURY4O0Eamj
-A0Yw3k6j99tFMPwqkw/7xS+EFf0aRnPIFF9Ad5N6C6nfyDgbUQPTNH7VGzQIcheO
-Vh3tTAlnNaaS/QKCAQBG/Jj47B6M9Z1tCC0C5zHvaDU1k6c6jGzmusVFxQqLbHss
-VtjQIZKPu9LuG/d66F5jd403b7KnWnKevTln6sr+T+AQLbJyGdbATYYcwBHvSyuC
-Ra3zac1TmLUMxe7s/Yl/fQJHzIFXJhxzjW9dBBOImmpIVgc9B4exwLRKd1dDEgYb
-o7xLQ2NqMNz3VKUaDjuOCifCurAH3CVveCbE2/mTuy4PjVxnHngvgorO9hbM0EBj
-r3FVjyDrEc5eqRTokP+0bTGQneJF2uqLCvhpT0/wxjYN8up8Dbe5/jVJhO1sQhiX
-gAZ2M0JPRWdQOcMD7ttmZ2imFVxzndHnJCsfmGXHAoIBAEAD0syRxLLD7w3VSuaR
-YiMk8Xlh8s/OT4yfGtfy3Z8VrVLhabjpQDbVSSHx8hAf9qOb+2vfTOihwJpfcDp9
-rgM9obYwGEvEmpXYn+FIhwYulmLZeZcOzZ71AIhZ0tRyO/jZbrInBZmge6fBudpF
-ORAR1RDyiULwYoRrCQJlNyr0eCY6GJhw8R4ifXB18zwejsMs1N4pbUEWM+FVkAGE
-cRFk0uPgVf2oTfdWpwNyk0xpvgusDRhmT0FbWXEUDmXuGAlfw+IS58NZFgahdm0n
-t/Pa1776/xvHBKwC1nhRP6YiB+HTbyoYrjecB4IsXYz6eyTYPzEhRF+encWenkjL
-qqkCggEBAMhz/VK+dTBoawGF5gHd7ppBmpuyvxTaFjy9ZkTq6FC5G4yZtSsOhtOQ
-ve1EF+7hZMkdUIV7B6EzTs6bXPgLaLHbpJym1gTdTGUFNWQvdcF38oSfqEmfBnze
-CbdbMtCY8+Izx1l6gfduz0J4yBQ0ME2uo8FMOjcWFQuqRRkDIE+UF+LFJuINRqT+
-N7RMZH+UYT/a6H+jolqaD+N/qUZzz3fU+GGTwJUpoI+dIUL5kUcGjIg972/XoPRX
-4gFWdEG7qKGRPd+IARhXNxfkJwHv8S89RfEOZL2f6LI3mOqHlwda14WTmH6ct9S6
-258ZGWdYdv8bBRaaLpN7nTcu8+o411E=
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgyI4fgKyLmxTgZpQG
+3ReQ8ipNctiJP2+NW+7PQEJGWTahRANCAASZ+sa9a474HsdgxUunA/C+Pfu0wjno
+z6YYPe8mq0JzOVtRz3dBYifHfbUN2JO+RJ6ZkxUiJo1wtRMg9WEgFxdc
 -----END PRIVATE KEY-----

installed-tests/data/remote-certificate.pem

@@ -1,33 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIIFpTCCA42gAwIBAgIUOMN5eqYOJUP5/eKfKD2xrUkaBFowDQYJKoZIhvcNAQEL
-BQAwYjEdMBsGA1UECgwUYW5keWhvbG1lcy5naXRodWIuaW8xEjAQBgNVBAsMCUdT
-Q29ubmVjdDEtMCsGA1UEAwwkNTBkMmFhZGYtNDg5Zi00YTQwLWI5ZWUtMTFjYmQ0
-YWJkZDkyMB4XDTIwMDgyNTIyMDY1N1oXDTMwMDgyMzIyMDY1N1owYjEdMBsGA1UE
-CgwUYW5keWhvbG1lcy5naXRodWIuaW8xEjAQBgNVBAsMCUdTQ29ubmVjdDEtMCsG
-A1UEAwwkNTBkMmFhZGYtNDg5Zi00YTQwLWI5ZWUtMTFjYmQ0YWJkZDkyMIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwma5h3ijVffMtvjCGQpaPsgpYpDg
-MBxH+gmSJrHCGLFl6oAOUWLCZL/b870/zhFolZ0ncGuyQRH/nnapbpMAzBFjO/B3
-hmSa9hEEIqhpDYDMdAr7lJDP+DsoO1KB5NuawJhQDdtAdF7Gpb/GaQV8FFi7BKRo
-b9NfQVoMJ0h/TrgtaPaGgmLZj3rfHqtfuf7W6g0qy5gBM1Ty/FJ6ih4dK/SMOQj9
-FbI6jdQXbwMiLLRiaUozXMNMoZiYE12MUoCUQDyeQAj3afqjPX4eqJ3zcTZyCtha
-Qy+1goVjCDLcm1VGKJWJEZ4P5Vii1+U74KfoRgrvXK8xCaVhewWSxzO5L4sPPPCO
-4MEO4JerDqiIjEm2ft4JNtwKjaY9kOhc5Oymg/R9ylWbjizEgZdECXnqrjeqVmIm
-xOm++5Ov4ovl6gRjgwarZjd2EvK66tKuZiMNRRM++gKsIsNdzv87fwPforSTs7jG
-V9tdN4f0HAbDGCUs5VtDym+VBfEPiO6ujHM3w42yOPI7sMKOpkOA8BbrMzOp4zPa
-qBdssQvqW7T0yWqPHBB92NFBI61j4NBS5P5QWcPoOAPTlopvoASdv7Ol5gnzi8o2
-mNbc6Z3Prr7PlzRcYSLEqqduTwjL+BAH83B47xH81GUL0ORO3SpKp1iA13y4nzFC
-JUu+lVaVVKgfuKkCAwEAAaNTMFEwHQYDVR0OBBYEFP0VzjfOBxXa98JtmYAVD3H/
-1PMpMB8GA1UdIwQYMBaAFP0VzjfOBxXa98JtmYAVD3H/1PMpMA8GA1UdEwEB/wQF
-MAMBAf8wDQYJKoZIhvcNAQELBQADggIBABCXawCETkwtTMMcOtw1RjxqLupv9tmZ
-A6Y8dRtwaalIFxnwmki7nNbWjI1xIvkGA/gFmNUsKcCyCVaQxgTevmlOaSj0/v0/
-kUmyOVbhb+HUVC4swBL5R+EirBREwpZF712KZdirdeqemtO1l2lmqhLYo3dHnbiX
-ZJguVN73ccAT2B+v+q724BLN25ztVXDLAT043uOCDr4uRKtuJ7pOhEfyjJOJa4J1
-nScl07UVoC7WxMeeMtErtbZmY7FOhmjVGs/a+uP+7LME5APE3h3oYBz9LgwUvNaD
-7HsAlHO3aTuRFE7T0AHmFghBsL7sfNqyEeveuvmZNOUW9Xj8CRZ94cvn7pucElEs
-9uTbr6q5WWIXzIOJAiXMevtXCuNixw2S1U2prahJ5vUU5iSiWynFsI7+w8aLr7Oi
-2mdqKd4a7QF0kwMhqxWsdbTWvhLugOX6MjYyZ9iXwg0LFOS63wqkMrIQgcf+rPXL
-jQ38b+xdl/OMDvfozeOnKXAxWFwLiHqFcIGrp1XJKYEYbDE3PK3sS7tPZ1goM+1S
-tarfmqhtMZ5FLAjPP7QJ0v82b2Y+PFRkbkFqn3HAbCcjgBEODTmH4W+VoqQAViW6
-Ghu8N3E0hCigwybhy8/nM4kXPI98ROoQGXpOJnyeTAODXcAvv2ecmunh6J/NqcI7
-cmX79mp8S+vH
+MIICGTCCAb+gAwIBAgIUegLNGL0VV3bIGpnKNNn6yOH+oHEwCgYIKoZIzj0EAwIw
+YjEdMBsGA1UECgwUYW5keWhvbG1lcy5naXRodWIuaW8xEjAQBgNVBAsMCUdTQ29u
+bmVjdDEtMCsGA1UEAwwkOTZjYTFmY2NfNzUyMV80MjI4X2FiYTVfN2M0MGQ0ODc5
+ODA0MB4XDTI1MDEyMjIzNDI1MloXDTM1MDEyMDIzNDI1MlowYjEdMBsGA1UECgwU
+YW5keWhvbG1lcy5naXRodWIuaW8xEjAQBgNVBAsMCUdTQ29ubmVjdDEtMCsGA1UE
+AwwkOTZjYTFmY2NfNzUyMV80MjI4X2FiYTVfN2M0MGQ0ODc5ODA0MFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEqouOOaOeXSXTyLkzQ2bdZZ+XCTa0PO/EnRL3PSFK
+iMEDn5o8rZN2hvTpkBRTHlQcF97mMJ7K+h7eBVoz8tSgM6NTMFEwHQYDVR0OBBYE
+FAyHzYDRVOR9uh9aQBd7EVrWeMWnMB8GA1UdIwQYMBaAFAyHzYDRVOR9uh9aQBd7
+EVrWeMWnMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAOQuvcDt
+CPqkhcAJkqn3DqIjDeEf3SJwyOFDszlC8bxpAiAqLfHPlk5bnhwtboWxZ9sC+Jpq
+5QpPPhfQGmk6lfIzuw==
 -----END CERTIFICATE-----

installed-tests/data/remote-private.pem

@@ -1,52 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCZrmHeKNV98y2
-+MIZClo+yClikOAwHEf6CZImscIYsWXqgA5RYsJkv9vzvT/OEWiVnSdwa7JBEf+e
-dqlukwDMEWM78HeGZJr2EQQiqGkNgMx0CvuUkM/4Oyg7UoHk25rAmFAN20B0Xsal
-v8ZpBXwUWLsEpGhv019BWgwnSH9OuC1o9oaCYtmPet8eq1+5/tbqDSrLmAEzVPL8
-UnqKHh0r9Iw5CP0VsjqN1BdvAyIstGJpSjNcw0yhmJgTXYxSgJRAPJ5ACPdp+qM9
-fh6onfNxNnIK2FpDL7WChWMIMtybVUYolYkRng/lWKLX5Tvgp+hGCu9crzEJpWF7
-BZLHM7kviw888I7gwQ7gl6sOqIiMSbZ+3gk23AqNpj2Q6Fzk7KaD9H3KVZuOLMSB
-l0QJeequN6pWYibE6b77k6/ii+XqBGODBqtmN3YS8rrq0q5mIw1FEz76Aqwiw13O
-/zt/A9+itJOzuMZX2103h/QcBsMYJSzlW0PKb5UF8Q+I7q6MczfDjbI48juwwo6m
-Q4DwFuszM6njM9qoF2yxC+pbtPTJao8cEH3Y0UEjrWPg0FLk/lBZw+g4A9OWim+g
-BJ2/s6XmCfOLyjaY1tzpnc+uvs+XNFxhIsSqp25PCMv4EAfzcHjvEfzUZQvQ5E7d
-KkqnWIDXfLifMUIlS76VVpVUqB+4qQIDAQABAoICAFHz1ErUBKd9K4QHImxD/P9y
-il/PC3O8uGskFcTSMy0NvBU7ns2YgLLQXv1FztwkYp6P/cxa2m6sE8LN62d9+VwO
-CHOAUCMLznflfITP0lmq7oYNCzn6QnI3HiLECZZdLcP7ceQlheqI+d1uF0q20TQS
-o+S1GoHp7cIzH+R/n4ukASC6rMHSwjzGY8EeJeDXGerZWi0yC2+EZFsSui33u/yH
-v4Vb0LWQyTZ5LtfRzlpiQQp6CWUVv/xvw8yGJ12wbs8VvvDn1sWKr76AqJQU4kfb
-1//SbVrdhftcF/+g0Xd6X3VEdOBEbhcVYrD5JmDy5+x/N6EvCdEzMwEVvGbV2z7/
-FH9VIn5kK39b9LJPS9AD9MgYbKG6uFVQzRBysYGX8KQo1bJuIDhx+XEefSCOQ+Gx
-ukfVlCRXdnJy8a/W1jY0Bo6jCFy2lqp4b6fVkBR+3thvFrJXLXo1xV7jgrGOJEvh
-KZJW61d8jVMEeII43wrOVV0IsKp+bmbQ+eC5Rsz4Y8yBkXOqgrprUVBmU12jgFCa
-1GNj5zstJ03VJxTMm2EzLBm7gVb9Fjg0O6xc8rIdF/rLLOV7rTIOcgS76B2TqP4/
-v3jCwfbEwdwoWHRAF84XSpjG6P0Lh0GsdhbJwU71EV4zCvIUnd7a2zLp6Zo/3DZS
-115vZEfgqyk+Pen5xL3BAoIBAQDwiX9S6lLIUBRIYOT6YfZNG7/4npkKNBY2PqGv
-t48l0gDcxQd70tGMw47ctUM5LQrJYDEKR3zPPX6cUn1O0UVHnP5JzLzPw8sC463U
-dzUVXeNKcmHDXWa3fsFGgw+mHC9KMNJCfDqZxNXNP1hndLTdaLD+7FFHva4kqQGy
-LJJafNT+LPveb5ywkDJ7XmAzLbSlhOGy7jNCp3P86+DEpDLvrw81PYu4WImVvIZ+
-5s8v7PffTVOg1XrmnFD7vF+ovSxnhwT2of26xPjtwbWKTIDg1ZwzCBGut46dlkOX
-K3HoxXzkk0UZyRv3ejcesX3A5Ib6dSzChrdw9CcC61VY01G1AoIBAQDO5fkgDbWH
-+sWRtSUolwtCRvGgGa+nRPQcGSoBvHXS0W9S7ruf+h59hE+TBt7B+nXmyNDNSmpa
-rK/XkBKxSzqaVgrIcWZdxOCS+eP0UgG7jsWwyjWaYAfP1O3Wp0O7/+uZoRQWNFXk
-CeAQN4AdwZ9Pn1T1Nt1Y+sOycwpD0E8g6ggfPGWNKLq6Oq8DXX5xas3OQXzGd9yu
-M3nNTvb+i7Aawa/Bdp0YfV0/diBhqjZ/m6704QLGE5bE9bYqYNLxT6u6iVuNZLSM
-Ibdw0WfV7LLt7ZVxl5I4m/F+crgRmb9Un7wdr8kLI/xXJdbPn8ufL5YDJ+WQeN6F
-G6g+np3fMTOlAoIBAQCSp+K/lSsAAwM61gkGODBJ9z9mwJwiwntAe5NtZYeb0ZzA
-/kh/0Jv/LUSvgL0J4VKQUVvVHp0UZjQJ76mDIskQzsGkEXaVXpUqn9LelggBjQsF
-2xOMYCg+fMQuz73803Zpz7aC3ueD1aVdzN+DxH55+FjiNQehrB6/L2RfVBmvnijn
-CFpQ1tA8Ps7otTQGQDnCKXDK/by3SQ3JCbAzdMGxrZSiK3JC5YiNiTKfsO5mFB9V
-QPpaN48FiA1ATywr35txS7tU/JONCoeTvuWG+vohG1xvKN5PHo+PuYxgYRbEi5SI
-cNpSzHGGxDdTOXio4S0DC+pMeILkFZiriPyyebV5AoIBAQDMe7ZQ27vCfTKu452q
-FD5obr14Qmq8owWwj55YwO6iQaQJDzIY1pcz7oTHB0854FSOl4LmotmibHIOVrJi
-z7tHtipKGOnXWzGpkZiebD6SJHV2WSPJQ4f0/LlkIURslm9AE1dK6sbI7omo/XF9
-91OA2jSZdnQl8RFhWRmYFFVgbm1Akey8KrkCPeWjKdBCQBDP/SFY9jYBZZbIN3cd
-9OlESJFwX8672YtDoXg3job2b+Pm2kxngAzO9RnpoHBbVyae4gq+H/3hUaF/uzco
-0xu008+TyP4XPOjc1HzfyFi1RnohzQ6iGBrZ9ufrpD8XQWy+Cbx1oUArxj3uRc46
-POKRAoIBACCXn8r3LYG71D2zLkjVVB93mfcx4abY3r31m+9rXAW6GZVZS+taQLpv
-zLCqat2G3zBVhXy99ASPy6DcoPFtkYWjdUz9V6jbzv/MtrEtU2kTSzziBPrwU4nl
-fzzPCuthccNwwEYan9hE33Qx7wJp/Hjk5mllZeBC5A3HhpjWxUsgwoJZpALGQg3L
-KIcNLj2GJ/8NelNDFr3MhBMMW5wtoXxzktyR/b1aMd54bTYAeluzjbDqBhtyja9r
-bvD+0sVLbcef7UVK5ruEVakj8QuR6GClkECalGVM1hcpj8LmibxdspA3NuYMliNx
-SVzCqFfXsK8zOqWYSt/6D5e3BA6cM/8=
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfRzQEA8iVvpaFKiU
+MfVMeNbQN0T5l6QGx3SHvrC1ZVChRANCAASqi445o55dJdPIuTNDZt1ln5cJNrQ8
+78SdEvc9IUqIwQOfmjytk3aG9OmQFFMeVBwX3uYwnsr6Ht4FWjPy1KAz
 -----END PRIVATE KEY-----

installed-tests/fixtures/backend.js

@@ -299,7 +299,7 @@ var ChannelService = GObject.registerClass({
                 deviceId: this.id,
                 deviceName: this.name,
                 deviceType: 'desktop',
-                protocolVersion: 7,
+                protocolVersion: 8,
                 incomingCapabilities: [],
                 outgoingCapabilities: [],
                 tcpPort: this.port,

installed-tests/fixtures/utils.js

@@ -103,10 +103,10 @@ function generateIdentity(params = {}) {
         'id': Date.now(),
         'type': 'kdeconnect.identity',
         'body': {
-            'deviceId': GLib.uuid_string_random(),
+            'deviceId': Device.generateId(),
             'deviceName': 'Test Device',
             'deviceType': getDeviceType(),
-            'protocolVersion': 7,
+            'protocolVersion': 8,
             'incomingCapabilities': [],
             'outgoingCapabilities': [],
         },
@@ -391,4 +391,3 @@ var TestRig = class {
             removeDirectory(this._tmpdir);
     }
 };
-

installed-tests/suites/backends/testLanBackend.js

@@ -20,7 +20,7 @@ describe('A LAN channel service', function () {
         );
 
         local = new Lan.ChannelService({
-            id: GLib.uuid_string_random(),
+            id: localCert.common_name,
             certificate: localCert,
             port: 1717,
         });
@@ -31,7 +31,7 @@ describe('A LAN channel service', function () {
         );
 
         remote = new Lan.ChannelService({
-            id: GLib.uuid_string_random(),
+            id: remoteCert.common_name,
             certificate: remoteCert,
             port: 1718,
         });

installed-tests/suites/core/testDevice.js

@@ -30,7 +30,7 @@ describe('A device constructed from a packet', function () {
         expect(device.type).toBe(identity.body.deviceType);
 
         // expect(device.contacts).toBeTruthy();
-        expect(device.encryption_info).toBeTruthy();
+        expect(device.encryption_info).toBe('');
         expect(device.icon_name).toBeTruthy();
 
         expect(device.connected).toBeFalse();
@@ -65,7 +65,7 @@ describe('A device constructed from an ID', function () {
     let device, id;
 
     beforeAll(function () {
-        id = GLib.uuid_string_random();
+        id = Device.generateId();
         device = new Device.Device({body: {deviceId: id}});
     });
 
@@ -79,7 +79,7 @@ describe('A device constructed from an ID', function () {
         expect(device.type).toBe('smartphone');
 
         // expect(device.contacts).toBeTruthy();
-        expect(device.encryption_info).toBeTruthy();
+        expect(device.encryption_info).toBe('');
         expect(device.icon_name).toBeTruthy();
 
         expect(device.connected).toBeFalse();

src/service/__init__.js

@@ -330,17 +330,18 @@ Gio.TlsCertificate.new_for_paths = function (certPath, keyPath, commonName = nul
     if (!certExists || !keyExists) {
         // If we weren't passed a common name, generate a random one
         if (!commonName)
-            commonName = GLib.uuid_string_random();
+            commonName = GLib.uuid_string_random().replaceAll('-', '_');
 
         const proc = new Gio.Subprocess({
             argv: [
                 Config.OPENSSL_PATH, 'req',
-                '-new', '-x509', '-sha256',
-                '-out', certPath,
-                '-newkey', 'rsa:4096', '-nodes',
+                '-newkey', 'ec',
+                '-pkeyopt', 'ec_paramgen_curve:prime256v1',
                 '-keyout', keyPath,
+                '-new', '-x509', '-nodes',
                 '-days', '3650',
                 '-subj', `/O=andyholmes.github.io/OU=GSConnect/CN=${commonName}`,
+                '-out', certPath,
             ],
             flags: (Gio.SubprocessFlags.STDOUT_SILENCE |
                     Gio.SubprocessFlags.STDERR_SILENCE),

src/service/backends/lan.js

@@ -6,6 +6,7 @@ const GObject = imports.gi.GObject;
 
 const Config = imports.config;
 const Core = imports.service.core;
+const Device = imports.service.device;
 
 
 /**
@@ -28,7 +29,7 @@ try {
         Gio.SocketType.STREAM,
         Gio.SocketProtocol.TCP
     ).get_option(6, 5);
-} catch (e) {
+} catch {
     _LINUX_SOCKETS = false;
 }
 
@@ -251,7 +252,7 @@ var ChannelService = GObject.registerClass({
             this._udp6_source = this._udp6.create_source(GLib.IOCondition.IN, null);
             this._udp6_source.set_callback(this._onIncomingIdentity.bind(this, this._udp6));
             this._udp6_source.attach(null);
-        } catch (e) {
+        } catch {
             this._udp6 = null;
         }
 
@@ -340,6 +341,10 @@ var ChannelService = GObject.registerClass({
             if (packet.body.deviceId === this.identity.body.deviceId)
                 return;
 
+            // Reject invalid device IDs
+            if (!Device.validateId(packet.body.deviceId))
+                throw new Error('invalid deviceId');
+
             debug(packet);
 
             // Create a new channel
@@ -605,7 +610,7 @@ var Channel = GObject.registerClass({
      * Authenticate a TLS connection.
      *
      * @param {Gio.TlsConnection} connection - A TLS connection
-     * @return {Promise} A promise for the operation
+     * @returns {Promise} A promise for the operation
      */
     async _authenticate(connection) {
         // Standard TLS Handshake
@@ -691,7 +696,7 @@ var Channel = GObject.registerClass({
      * Wrap the connection in Gio.TlsServerConnection and initiate handshake
      *
      * @param {Gio.TcpConnection} connection - The unauthenticated connection
-     * @return {Gio.TlsServerConnection} The authenticated connection
+     * @returns {Gio.TlsServerConnection} The authenticated connection
      */
     _encryptServer(connection) {
         _configureSocket(connection);
@@ -738,6 +743,10 @@ var Channel = GObject.registerClass({
                         if (!this.identity.body.deviceId)
                             throw new Error('missing deviceId');
 
+                        // Reject invalid device IDs
+                        if (!Device.validateId(this.identity.body.deviceId))
+                            throw new Error('invalid deviceId');
+
                         resolve();
                     } catch (e) {
                         reject(e);
@@ -784,6 +793,13 @@ var Channel = GObject.registerClass({
 
             await this._receiveIdent(this._connection);
             this._connection = await this._encryptClient(connection);
+
+            // Starting with protocol version 8, the devices are expected to
+            // exchange identity packets again after TLS negotiation
+            if (this.identity.body.protocolVersion >= 8) {
+                await this.sendPacket(this.backend.identity);
+                this.identity = await this.readPacket();
+            }
         } catch (e) {
             this.close();
             throw e;
@@ -804,6 +820,13 @@ var Channel = GObject.registerClass({
 
             await this._sendIdent(this._connection);
             this._connection = await this._encryptServer(connection);
+
+            // Starting with protocol version 8, the devices are expected to
+            // exchange identity packets again after TLS negotiation
+            if (this.identity.body.protocolVersion >= 8) {
+                await this.sendPacket(this.backend.identity);
+                this.identity = await this.readPacket();
+            }
         } catch (e) {
             this.close();
             throw e;