Git-Mirrors/LXMF
1
0
Fork 0
mirror of https://github.com/markqvist/LXMF.git synced 2025-02-26 01:41:16 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added signature validation on incoming messages

Browse Source
This commit is contained in:
Mark Qvist 2021-05-04 10:19:07 +02:00
parent 0c32bbcb68
commit 01b5ba60d0
1 changed files with 118 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
LXMF/LXMF.py
View File

@ -24,6 +24,10 @@ class LXMessage:
PROPAGATED = 0x03 PROPAGATED = 0x03
valid_methods = [OPPORTUNISTIC, DIRECT, PROPAGATED] valid_methods = [OPPORTUNISTIC, DIRECT, PROPAGATED]
SOURCE_UNKNOWN = 0x01
SIGNATURE_INVALID = 0x02
unverified_reasons = [SOURCE_UNKNOWN, SIGNATURE_INVALID]
DESTINATION_LENGTH = RNS.Identity.TRUNCATED_HASHLENGTH//8 DESTINATION_LENGTH = RNS.Identity.TRUNCATED_HASHLENGTH//8
SIGNATURE_LENGTH = RNS.Identity.SIGLENGTH//8 SIGNATURE_LENGTH = RNS.Identity.SIGLENGTH//8
@ -100,6 +104,10 @@ class LXMessage:
self.state = LXMessage.DRAFT self.state = LXMessage.DRAFT
self.method = LXMessage.UNKNOWN self.method = LXMessage.UNKNOWN
self.incoming = False
self.signature_validated = False
self.unverified_reason = None
self.representation = LXMessage.UNKNOWN self.representation = LXMessage.UNKNOWN
self.desired_method = desired_method self.desired_method = desired_method
self.delivery_attempts = 0 self.delivery_attempts = 0
@ -163,6 +171,7 @@ class LXMessage:
self.__delivery_destination = delivery_destination self.__delivery_destination = delivery_destination
def pack(self): def pack(self):
if not self.packed:
self.timestamp = time.time() self.timestamp = time.time()
self.payload = [self.timestamp, self.title, self.content, self.fields] self.payload = [self.timestamp, self.title, self.content, self.fields]
@ -177,6 +186,7 @@ class LXMessage:
signed_part += hashed_part signed_part += hashed_part
signed_part += self.hash signed_part += self.hash
self.signature = self.__source.sign(signed_part) self.signature = self.__source.sign(signed_part)
self.signature_validated = True
self.packed = b"" self.packed = b""
self.packed += self.__destination.hash self.packed += self.__destination.hash
@ -214,6 +224,9 @@ class LXMessage:
else: else:
self.method = self.desired_method self.method = self.desired_method
self.representation = LXMessage.RESOURCE self.representation = LXMessage.RESOURCE
else:
raise ValueError("Attempt to re-pack LXMessage "+str(self)+" that was already packed")
def send(self): def send(self):
if self.method == LXMessage.OPPORTUNISTIC: if self.method == LXMessage.OPPORTUNISTIC:
@ -274,9 +287,13 @@ class LXMessage:
source_hash = lxmf_bytes[LXMessage.DESTINATION_LENGTH:2*LXMessage.DESTINATION_LENGTH] source_hash = lxmf_bytes[LXMessage.DESTINATION_LENGTH:2*LXMessage.DESTINATION_LENGTH]
signature = lxmf_bytes[2*LXMessage.DESTINATION_LENGTH:2*LXMessage.DESTINATION_LENGTH+LXMessage.SIGNATURE_LENGTH] signature = lxmf_bytes[2*LXMessage.DESTINATION_LENGTH:2*LXMessage.DESTINATION_LENGTH+LXMessage.SIGNATURE_LENGTH]
packed_payload = lxmf_bytes[2*LXMessage.DESTINATION_LENGTH+LXMessage.SIGNATURE_LENGTH:] packed_payload = lxmf_bytes[2*LXMessage.DESTINATION_LENGTH+LXMessage.SIGNATURE_LENGTH:]
hashed_part = b"" + destination_hash + source_hash + packed_payload
message_hash = RNS.Identity.fullHash(hashed_part)
signed_part = b"" + hashed_part + message_hash
unpacked_payload = msgpack.unpackb(packed_payload) unpacked_payload = msgpack.unpackb(packed_payload)
destination = RNS.Identity.recall(destination_hash) destination = RNS.Identity.recall(destination_hash)
source = RNS.Identity.recall(source_hash) source_identity = RNS.Identity.recall(source_hash)
source = RNS.Destination(source_identity, RNS.Destination.OUT, RNS.Destination.SINGLE, APP_NAME, "delivery")
timestamp = unpacked_payload[0] timestamp = unpacked_payload[0]
title_bytes = unpacked_payload[1] title_bytes = unpacked_payload[1]
content_bytes = unpacked_payload[2] content_bytes = unpacked_payload[2]
@ -291,15 +308,31 @@ class LXMessage:
destination_hash = destination_hash, destination_hash = destination_hash,
source_hash = source_hash) source_hash = source_hash)
message.hash = message_hash
message.signature = signature
message.incoming = True
message.timestamp = timestamp
message.packed = lxmf_bytes
message.set_title_from_bytes(title_bytes) message.set_title_from_bytes(title_bytes)
message.set_content_from_bytes(content_bytes) message.set_content_from_bytes(content_bytes)
message.timestamp = timestamp
try:
if source:
if source.identity.validate(signature, signed_part):
message.signature_validated = True
else:
message.signature_validated = False
message.unverified_reason = LXMessage.SIGNATURE_INVALID
else:
signature_validated = False
message.unverified_reason = LXMessage.SOURCE_UNKNOWN
RNS.log("LXMF message signature could not be validated, since source identity is unknown")
except Exception as e:
message.signature_validated = False
RNS.log("Error while validating LXMF message signature. The contained exception was: "+str(e), RNS.LOG_ERROR)
return message return message
@staticmethod
def unpack_from_file(lxmf_file_handle):
pass
class LXMRouter: class LXMRouter:
MAX_DELIVERY_ATTEMPTS = 3 MAX_DELIVERY_ATTEMPTS = 3
@ -352,9 +385,6 @@ class LXMRouter:
def lxmf_delivery(self, lxmf_data, destination_type = None): def lxmf_delivery(self, lxmf_data, destination_type = None):
try: try:
message = LXMessage.unpack_from_bytes(lxmf_data) message = LXMessage.unpack_from_bytes(lxmf_data)
except Exception as e:
RNS.log("Could not assemble LXMF message from received data", RNS.LOG_NOTICE)
RNS.log("The contained exception was: "+str(e), RNS.LOG_DEBUG)
if RNS.Reticulum.should_allow_unencrypted(): if RNS.Reticulum.should_allow_unencrypted():
message.transport_encryption = "Consider unencrypted (Disabling encryption was allowed in Reticulum configuration)" message.transport_encryption = "Consider unencrypted (Disabling encryption was allowed in Reticulum configuration)"
@ -373,6 +403,13 @@ class LXMRouter:
return True return True
except Exception as e:
RNS.log("Could not assemble LXMF message from received data", RNS.LOG_NOTICE)
RNS.log("The contained exception was: "+str(e), RNS.LOG_DEBUG)
raise e
return False
def delivery_packet(self, data, packet): def delivery_packet(self, data, packet):
try: try:
if packet.destination.type != RNS.Destination.LINK: if packet.destination.type != RNS.Destination.LINK:
@ -404,7 +441,7 @@ class LXMRouter:
def resource_transfer_concluded(self, resource): def resource_transfer_concluded(self, resource):
RNS.log("Transfer concluded for resource "+str(resource), RNS.LOG_DEBUG) RNS.log("Transfer concluded for resource "+str(resource), RNS.LOG_DEBUG)
if resource.status == RNS.Resource.COMPLETE: if resource.status == RNS.Resource.COMPLETE:
self.lxmf_delivery(resource.data, resource.link.type) self.lxmf_delivery(resource.data.read(), resource.link.type)
def jobloop(self): def jobloop(self):
while (True): while (True):