Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-02-28 10:51:30 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

removed dead code in GxsSecurity

Browse Source
This commit is contained in:
csoler 2016-02-20 21:25:21 -05:00
parent 41a03eb331
commit 09a6efad52
4 changed files with 0 additions and 439 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

204
libretroshare/src/gxs/gxssecurity.cc
View File

@ -414,122 +414,6 @@ bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& s
return false; return false;
} }
#ifdef TO_REMOVE
bool GxsSecurity::initEncryption(GxsSecurity::MultiEncryptionContext& encryption_context, const std::vector<RsTlvSecurityKey>& keys)
{
// prepare an array of encrypted keys ek and public keys puk
try
{
encryption_context.clear() ;
encryption_context.ek = new unsigned char *[keys.size()] ;
encryption_context.ekl = new int [keys.size()] ;
encryption_context.ids.resize(keys.size()) ;
EVP_PKEY **pubk = new EVP_PKEY *[keys.size()] ;
memset(pubk,0,keys.size()*sizeof(EVP_PKEY *)) ;
memset(encryption_context.ek ,0,keys.size()*sizeof(unsigned char *)) ;
memset(encryption_context.ekl ,0,keys.size()*sizeof(int )) ;
for(uint32_t i=0;i<keys.size();++i)
{
RSA *tmpkey = ::extractPublicKey(keys[i]) ;
RSA *rsa_publish_pub = RSAPublicKey_dup(tmpkey) ;
RSA_free(tmpkey) ;
if(rsa_publish_pub == NULL)
throw std::runtime_error("Wrong key in input key table. Cannot extract public key.") ;
pubk[i] = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pubk[i], rsa_publish_pub);
int max_evp_key_size = EVP_PKEY_size(pubk[i]);
encryption_context.ek [i] = (unsigned char*)malloc(max_evp_key_size);
encryption_context.ekl[i] = max_evp_key_size ;
encryption_context.ids[i] = keys[i].keyId ;
}
EVP_CIPHER_CTX_init(&encryption_context.ctx);
const EVP_CIPHER *cipher = EVP_aes_128_cbc();
// intialize context and send store encrypted cipher key in ek
if(!EVP_SealInit(&encryption_context.ctx, cipher, encryption_context.ek, encryption_context.ekl, encryption_context.iv, pubk, keys.size()))
throw std::runtime_error("Error in EVP_SealInit. Cannot init encryption. Something's wrong.") ;
return true ;
}
catch(std::exception& e)
{
std::cerr << "(EE) cannot init encryption context: " << e.what() << std::endl;
encryption_context.clear() ;
return false ;
}
}
bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, GxsSecurity::MultiEncryptionContext& encryption_context)
{
// encrypting for a single security key. This is a proxy function.
out = NULL ;
try
{
int eklen, net_ekl;
int out_currOffset = 0;
int out_offset = 0;
int size_net_ekl = sizeof(net_ekl);
const EVP_CIPHER *cipher = EVP_CIPHER_CTX_cipher(&encryption_context.ctx) ;
int cipher_block_size = EVP_CIPHER_block_size(cipher);
int max_outlen = inlen + cipher_block_size ;
// now assign memory to out accounting for data, and cipher block size, key length, and key length val
out = (uint8_t*)malloc(max_outlen) ;
if(out == NULL)
throw std::runtime_error("GxsSecurity::encrypt(): cannot allocate memory") ;
// now encrypt actual data
if(!EVP_SealUpdate(&encryption_context.ctx, (unsigned char*)out, &out_currOffset, (unsigned char*) in, inlen))
throw std::runtime_error("(EE) EVP_SealUpdate failed. Cannot encrypt.") ;
// move along to partial block space
out_offset += out_currOffset;
out_currOffset = 0 ;
// add padding
if(!EVP_SealFinal(&encryption_context.ctx, (unsigned char*)&out[out_offset], &out_currOffset))
throw std::runtime_error("(EE) EVP_SealFinal failed. Cannot encrypt.") ;
// move to end
out_offset += out_currOffset;
// make sure offset has not gone passed valid memory bounds
if(out_offset > max_outlen)
throw std::runtime_error("(EE) GxsSecurity::encrypt(): exceeded memory bounds! This is a serious bug.") ;
outlen = out_offset;
return true;
}
catch(std::exception& e)
{
if(out)
free(out) ;
return false ;
}
}
#endif
bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key)
{ {
#ifdef DISTRIB_DEBUG #ifdef DISTRIB_DEBUG
@ -782,94 +666,6 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
} }
} }
#ifdef TO_REMOVE
bool GxsSecurity::initDecryption(GxsSecurity::MultiEncryptionContext& encryption_context, const RsTlvSecurityKey& key,unsigned char *IV,uint32_t IV_size,unsigned char *encrypted_session_key,uint32_t encrypted_session_key_size)
{
// prepare an array of encrypted keys ek and public keys puk
try
{
encryption_context.clear() ;
encryption_context.ek = new unsigned char *[1] ;
encryption_context.ekl = new int [1] ;
RSA *rsa_publish = extractPrivateKey(key) ;
if(rsa_publish == NULL)
{
#ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity(): Could not generate publish key " << grpId
<< std::endl;
#endif
return false;
}
EVP_PKEY *privateKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(privateKey, rsa_publish);
encryption_context.ek[0] = (unsigned char*)malloc(EVP_PKEY_size(privateKey));
encryption_context.ekl[0] = encrypted_session_key_size ;
memcpy(encryption_context.ek[0],encrypted_session_key,encrypted_session_key_size) ;
EVP_CIPHER_CTX_init(&encryption_context.ctx);
const EVP_CIPHER* cipher = EVP_aes_128_cbc();
if(!EVP_OpenInit(&encryption_context.ctx, cipher, encryption_context.ek[0], encryption_context.ekl[0], IV, privateKey))
{
std::cerr << "(EE) Cannot decrypt data. Most likely reason: private GXS key is missing." << std::endl;
encryption_context.clear() ;
return false;
}
return true ;
}
catch(std::exception& e)
{
std::cerr << "(EE) cannot init decryption context: " << e.what() << std::endl;
encryption_context.clear() ;
return false ;
}
}
bool GxsSecurity::decrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, MultiEncryptionContext& encryption_context)
{
out = (uint8_t*)malloc(inlen); // this is conservative
if(out == NULL)
{
std::cerr << "gxssecurity::decrypt(): cannot allocate memory of size " << inlen << " to decrypt data." << std::endl;
return false;
}
int out_currOffset = 0 ;
if(!EVP_OpenUpdate(&encryption_context.ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in, inlen))
{
std::cerr << "(EE) EVP_OpenUpdate failed! Decryption context is probably not inited correctly" << std::endl;
free(out) ;
out = NULL ;
outlen=0 ;
return false;
}
outlen = out_currOffset;
if(!EVP_OpenFinal(&encryption_context.ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
{
free(out) ;
out = NULL ;
outlen=0 ;
return false;
}
outlen += out_currOffset;
return true ;
}
#endif
bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key)
{ {
// Decrypts (in,inlen) into (out,outlen) using the given RSA public key. // Decrypts (in,inlen) into (out,outlen) using the given RSA public key.

62
libretroshare/src/gxs/gxssecurity.h
View File

@ -42,53 +42,6 @@
class GxsSecurity class GxsSecurity
{ {
public: public:
/*!
* \brief The MultiEncryptionContext struct
*
* This structure is used to store encryption keys generated when encrypting for multiple keys at once, so that
* the client doesn't need to know about all the libcrypto variables involved.
* Typically, the client will first ask to init a MultiEncryptionContext by providing several GXS ids,
* and then pass the structure as a parameter to encrypt some data with the same key.
*/
class MultiEncryptionContext
{
public:
MultiEncryptionContext() { ekl=NULL;ek=NULL;}
~MultiEncryptionContext() { clear() ;}
void clear()
{
for(uint32_t i=0;i<ids.size();++i)
free(ek[i]) ;
if(ekl)
free(ekl) ;
if(ek)
free(ek) ;
ekl = NULL ;
ek = NULL ;
ids.clear() ;
}
// The functions below give access to the encrypted symmetric key to be used.
//
int n_encrypted_keys() const { return ids.size();}
RsGxsId encrypted_key_id (int i) const { return ids[i];}
unsigned char *encrypted_key_data(int i) const { return ek[i];}
int encrypted_key_size(int i) { return ekl[i] ; }
const unsigned char *initialisation_vector() const { return iv ; }
protected:
std::vector<RsGxsId> ids; // array of destination ids
int *ekl ; // array of encrypted keys length
unsigned char **ek ; // array of encrypted keys
EVP_CIPHER_CTX ctx; // EVP encryption context
unsigned char iv[EVP_MAX_IV_LENGTH]; // initialization vector of the cipher.
friend class GxsSecurity ;
};
/*! /*!
* Extracts a public key from a private key. * Extracts a public key from a private key.
*/ */
@ -112,21 +65,6 @@ class GxsSecurity
*/ */
static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) ; static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) ;
static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys) ; static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys) ;
#ifdef TO_REMOVE
/*!
* Encrypts/decrypt data using envelope encryption using the key pre-computed in the encryption context passed as
* parameter.
*/
static bool initEncryption(MultiEncryptionContext& encryption_context, const std::vector<RsTlvSecurityKey> &keys) ;
static bool initDecryption(MultiEncryptionContext& encryption_context, const RsTlvSecurityKey& key, unsigned char *IV, uint32_t IV_size, unsigned char *encrypted_session_key, uint32_t encrypted_session_key_size) ;
/*!
* Encrypts/decrypt data using envelope encryption using the key pre-computed in the encryption context passed as
* parameter.
*/
static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, MultiEncryptionContext& encryption_context) ;
static bool decrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, MultiEncryptionContext& encryption_context) ;
#endif
/** /**
* Decrypts data using evelope decryption (taken from open ssl's evp_sealinit ) * Decrypts data using evelope decryption (taken from open ssl's evp_sealinit )

170
libretroshare/src/gxs/rsgxsnetservice.cc
View File

@ -3629,176 +3629,6 @@ bool RsGxsNetService::encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId&
return true ; return true ;
} }
#ifdef TO_REMOVE
bool RsGxsNetService::encryptTransaction(NxsTransaction *tr)
{
#ifdef NXS_NET_DEBUG_7
RsPeerId peerId = tr->mTransaction->PeerId() ;
GXSNETDEBUG_P_ (peerId) << "Service " << std::hex << ((mServiceInfo.mServiceType >> 8)& 0xffff) << std::dec << " - Encrypting transaction for peer " << peerId << ", for circle ID " << tr->destination_circle << std::endl;
#endif
std::cerr << "RsGxsNetService::encryptTransaction()" << std::endl;
// 1 - Find out the list of GXS ids to encrypt for
// We could do smarter things (like see if the peer_id owns one of the circle's identities
// but for now we aim at the simplest solution: encrypt for all identities in the circle.
std::list<RsGxsId> recipients ;
if(!mCircles->recipients(tr->destination_circle,recipients))
{
std::cerr << " (EE) Cannot encrypt transaction: recipients list not available." << std::endl;
return false ;
}
#ifdef NXS_NET_DEBUG_7
GXSNETDEBUG_P_ (peerId) << " Dest Ids: " << std::endl;
#endif
std::vector<RsTlvSecurityKey> recipient_keys ;
for(std::list<RsGxsId>::const_iterator it(recipients.begin());it!=recipients.end();++it)
{
RsTlvSecurityKey pkey ;
if(!mGixs->getKey(*it,pkey))
{
std::cerr << "(EE) Cannot retrieve public key " << *it << " for circle encryption." << std::endl;
// we should probably request the key.
continue ;
}
#ifdef NXS_NET_DEBUG_7
GXSNETDEBUG_P_ (peerId) << " added key " << *it << std::endl;
#endif
recipient_keys.push_back(pkey) ;
}
// 2 - call GXSSecurity to make a header item that encrypts for the given list of peers.
#ifdef NXS_NET_DEBUG_7
GXSNETDEBUG_P_ (peerId) << " Encrypting..." << std::endl;
#endif
#ifdef USE_MULTI_ENCRYPTION_WITH_SESSION_KEY
GxsSecurity::MultiEncryptionContext muctx ;
GxsSecurity::initEncryption(muctx,recipient_keys);
uint32_t trNumber = 0 ;
// 3 - serialise and encrypt each message, converting it into a NxsEncryptedDataItem
std::list<RsNxsItem*> encrypted_items ;
for(std::list<RsNxsItem*>::const_iterator it(tr->mItems.begin());it!=tr->mItems.end();++it)
{
uint32_t size = (*it)->serial_size() ;
RsTemporaryMemory tempmem( size ) ;
if(!(*it)->serialise(tempmem,size))
{
std::cerr << " (EE) Cannot serialise item. Something went wrong." << std::endl;
continue ;
}
unsigned char *encrypted_data = NULL ;
uint32_t encrypted_len = 0 ;
if(!GxsSecurity::encrypt(encrypted_data, encrypted_len,tempmem,size,muctx))
{
std::cerr << " (EE) Cannot multi-encrypt item. Something went wrong." << std::endl;
continue ;
}
RsNxsEncryptedDataItem *enc_item = new RsNxsEncryptedDataItem(mServType) ;
enc_item->aes_encrypted_data.bin_len = encrypted_len ;
enc_item->aes_encrypted_data.bin_data = encrypted_data ;
enc_item->transactionNumber = (*it)->transactionNumber ;
enc_item->PeerId((*it)->PeerId()) ;
trNumber= (*it)->transactionNumber ;
encrypted_items.push_back(enc_item) ;
#ifdef NXS_NET_DEBUG_7
GXSNETDEBUG_P_(peerId) << " encrypted item of size " << encrypted_len << std::endl;
#endif
}
// 4 - put back in transaction.
for(std::list<RsNxsItem*>::const_iterator it(tr->mItems.begin());it!=tr->mItems.end();++it)
delete *it ;
tr->mItems = encrypted_items ;
// 5 - make session key item and push it front.
#ifdef NXS_NET_DEBUG_7
GXSNETDEBUG_P_(peerId) << " Creating session key" << std::endl;
#endif
RsNxsSessionKeyItem *session_key_item = new RsNxsSessionKeyItem(mServType) ;
session_key_item->PeerId(tr->mTransaction->PeerId()) ;
session_key_item->transactionNumber = trNumber ;
memcpy(session_key_item->iv,muctx.initialisation_vector(),EVP_MAX_IV_LENGTH) ;
for(int i=0;i<muctx.n_encrypted_keys();++i)
{
#ifdef NXS_NET_DEBUG_7
GXSNETDEBUG_P_(peerId) << " addign session key for ID " << muctx.encrypted_key_id(i) << std::endl;
#endif
RsTlvBinaryData data ;
data.setBinData(muctx.encrypted_key_data(i), muctx.encrypted_key_size(i)) ;
session_key_item->encrypted_session_keys[muctx.encrypted_key_id(i)] = data ;
}
tr->mItems.push_front(session_key_item) ;
#else
std::list<RsNxsItem*> encrypted_items ;
for(std::list<RsNxsItem*>::const_iterator it(tr->mItems.begin());it!=tr->mItems.end();++it)
{
uint32_t size = (*it)->serial_size() ;
RsTemporaryMemory tempmem( size ) ;
if(!(*it)->serialise(tempmem,size))
{
std::cerr << " (EE) Cannot serialise item. Something went wrong." << std::endl;
continue ;
}
unsigned char *encrypted_data = NULL ;
uint32_t encrypted_len = 0 ;
if(!GxsSecurity::encrypt(encrypted_data, encrypted_len,tempmem,size,recipient_keys))
{
std::cerr << " (EE) Cannot multi-encrypt item. Something went wrong." << std::endl;
continue ;
}
RsNxsEncryptedDataItem *enc_item = new RsNxsEncryptedDataItem(mServType) ;
enc_item->encrypted_data.bin_len = encrypted_len ;
enc_item->encrypted_data.bin_data = encrypted_data ;
enc_item->transactionNumber = (*it)->transactionNumber ;
enc_item->PeerId((*it)->PeerId()) ;
encrypted_items.push_back(enc_item) ;
#ifdef NXS_NET_DEBUG_7
GXSNETDEBUG_P_(peerId) << " encrypted item of size " << encrypted_len << std::endl;
#endif
}
for(std::list<RsNxsItem*>::const_iterator it(tr->mItems.begin());it!=tr->mItems.end();++it)
delete *it ;
tr->mItems = encrypted_items ;
#endif
return true ;
}
#endif
// Tries to decrypt the transaction. First load the keys and process all items. // Tries to decrypt the transaction. First load the keys and process all items.
// If keys are loaded, encrypted items that cannot be decrypted are discarded. // If keys are loaded, encrypted items that cannot be decrypted are discarded.
// Otherwise the transaction is untouched for retry later. // Otherwise the transaction is untouched for retry later.

3
libretroshare/src/gxs/rsgxsnetservice.h
View File

@ -452,9 +452,6 @@ private:
/*! /*!
* encrypts/decrypts the transaction for the destination circle id. * encrypts/decrypts the transaction for the destination circle id.
*/ */
#ifdef TO_REMOVE
bool encryptTransaction(NxsTransaction *tr);
#endif
bool encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId& destination_circle, RsNxsItem *& encrypted_item, uint32_t &status) ; bool encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId& destination_circle, RsNxsItem *& encrypted_item, uint32_t &status) ;
bool processTransactionForDecryption(NxsTransaction *tr); // return false when the keys are not loaded => need retry later bool processTransactionForDecryption(NxsTransaction *tr); // return false when the keys are not loaded => need retry later