From e2dfadf352872c750bf868e11d9bb223ed3634e0 Mon Sep 17 00:00:00 2001 From: csoler Date: Sat, 31 Dec 2016 14:23:37 +0100 Subject: [PATCH 1/5] started documentation of GXS flags. Fixed a bug in p3gxscircles authentication policy --- libretroshare/src/retroshare/rsgxsflags.h | 20 +++++++++---------- .../src/retroshare/rsgxsifacetypes.h | 2 +- libretroshare/src/services/p3gxscircles.cc | 9 +++------ 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/libretroshare/src/retroshare/rsgxsflags.h b/libretroshare/src/retroshare/rsgxsflags.h index a4f060245..66f0f3e37 100644 --- a/libretroshare/src/retroshare/rsgxsflags.h +++ b/libretroshare/src/retroshare/rsgxsflags.h @@ -19,9 +19,9 @@ namespace GXS_SERV { /** START privacy **/ static const uint32_t FLAG_PRIVACY_MASK = 0x0000000f; - static const uint32_t FLAG_PRIVACY_PRIVATE = 0x00000001; // pub key encrypted - static const uint32_t FLAG_PRIVACY_RESTRICTED = 0x00000002; // publish private key needed to publish - static const uint32_t FLAG_PRIVACY_PUBLIC = 0x00000004; // anyone can publish, publish key pair not needed + static const uint32_t FLAG_PRIVACY_PRIVATE = 0x00000001; // pub key encrypted. No-one can read unless he has the key to decrypt the publish key. + static const uint32_t FLAG_PRIVACY_RESTRICTED = 0x00000002; // publish private key needed to publish. Typical usage: channels. + static const uint32_t FLAG_PRIVACY_PUBLIC = 0x00000004; // anyone can publish, publish key pair not needed. Typical usage: forums. /** END privacy **/ @@ -30,11 +30,11 @@ namespace GXS_SERV { /** START author authentication flags **/ static const uint32_t FLAG_AUTHOR_AUTHENTICATION_MASK = 0x0000ff00; static const uint32_t FLAG_AUTHOR_AUTHENTICATION_NONE = 0x00000000; - static const uint32_t FLAG_AUTHOR_AUTHENTICATION_GPG = 0x00000100; + static const uint32_t FLAG_AUTHOR_AUTHENTICATION_GPG = 0x00000100; // Anti-spam feature. Allows to ask higher reputation to anonymous IDs static const uint32_t FLAG_AUTHOR_AUTHENTICATION_REQUIRED = 0x00000200; static const uint32_t FLAG_AUTHOR_AUTHENTICATION_IFNOPUBSIGN = 0x00000400; static const uint32_t FLAG_AUTHOR_AUTHENTICATION_TRACK_MESSAGES = 0x00000800; // not used anymore - static const uint32_t FLAG_AUTHOR_AUTHENTICATION_GPG_KNOWN = 0x00001000; + static const uint32_t FLAG_AUTHOR_AUTHENTICATION_GPG_KNOWN = 0x00001000; // Anti-spam feature. Allows to ask higher reputation to unknown IDs and anonymous IDs static const uint32_t FLAG_GROUP_SIGN_PUBLISH_MASK = 0x000000ff; static const uint32_t FLAG_GROUP_SIGN_PUBLISH_ENCRYPTED = 0x00000001; @@ -45,16 +45,16 @@ namespace GXS_SERV { /** START msg authentication flags **/ static const uint8_t MSG_AUTHEN_MASK = 0x0f; - static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01; - static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02; - static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04; - static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08; + static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01; // means: new threads need to be signed by the publish signature of the group + static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02; // means: all messages need to be signed by the publish signature of the group + static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04; // means: new threads need to be signed by the author of the message + static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08; // means: all messages need to be signed by the author of the message /** END msg authentication flags **/ /** START group options flag **/ - static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01; + static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01; // means: the group needs to be signed by a specific author stored in GroupMeta.mAuthorId /** END group options flag **/ diff --git a/libretroshare/src/retroshare/rsgxsifacetypes.h b/libretroshare/src/retroshare/rsgxsifacetypes.h index 87f024430..1c832bff5 100644 --- a/libretroshare/src/retroshare/rsgxsifacetypes.h +++ b/libretroshare/src/retroshare/rsgxsifacetypes.h @@ -59,7 +59,7 @@ public: RsGxsGroupId mGroupId; std::string mGroupName; - uint32_t mGroupFlags; + uint32_t mGroupFlags; // Combination of FLAGS_PRIVACY_PRIVATE | FLAGS_PRIVACY_RESTRICTED | FLAGS_PRIVACY_PUBLIC uint32_t mSignFlags; // Combination of RSGXS_GROUP_SIGN_PUBLISH_MASK & RSGXS_GROUP_SIGN_AUTHOR_MASK. time_t mPublishTs; // Mandatory. diff --git a/libretroshare/src/services/p3gxscircles.cc b/libretroshare/src/services/p3gxscircles.cc index c9087cea1..734dd107a 100644 --- a/libretroshare/src/services/p3gxscircles.cc +++ b/libretroshare/src/services/p3gxscircles.cc @@ -159,16 +159,13 @@ RsServiceInfo p3GxsCircles::getServiceInfo() uint32_t p3GxsCircles::circleAuthenPolicy() { - uint32_t policy = 0; uint8_t flag = 0; - - //flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN; - //flag = GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN; - //flag = GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN; - //flag = GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN; + flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN; RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS); + + flags |= GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN; RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS); RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS); From c71cf7a5ee50a5b82076e66d5c80769c9e0d590d Mon Sep 17 00:00:00 2001 From: csoler Date: Sun, 1 Jan 2017 17:47:24 +0100 Subject: [PATCH 2/5] removed timestamping of key that was in the wrong place --- libretroshare/src/gxs/rsgenexchange.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/libretroshare/src/gxs/rsgenexchange.cc b/libretroshare/src/gxs/rsgenexchange.cc index 7e1331396..095de4483 100644 --- a/libretroshare/src/gxs/rsgenexchange.cc +++ b/libretroshare/src/gxs/rsgenexchange.cc @@ -3132,7 +3132,6 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp) // also check this is the latest published group bool latest = newGrp.metaData->mPublishTs > oldGrpMeta.mPublishTs; - mGixs->timeStampKey(newGrp.metaData->mAuthorId,"Validation of signature for updated grp " + oldGrpMeta.mGroupId.toStdString()) ; return GxsSecurity::validateNxsGrp(newGrp, adminSign, keyMit->second) && latest; } From fcf8a3508150a1b14589e3af0afff53ea38c8088 Mon Sep 17 00:00:00 2001 From: csoler Date: Sun, 1 Jan 2017 17:49:34 +0100 Subject: [PATCH 3/5] check that author id is not null before complaining that it does not exist --- libretroshare/src/gxs/rsgxsnetservice.cc | 29 ++++++++++++++---------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/libretroshare/src/gxs/rsgxsnetservice.cc b/libretroshare/src/gxs/rsgxsnetservice.cc index 089f97a8c..a041dae96 100644 --- a/libretroshare/src/gxs/rsgxsnetservice.cc +++ b/libretroshare/src/gxs/rsgxsnetservice.cc @@ -4218,20 +4218,25 @@ void RsGxsNetService::handleRecvSyncMessage(RsNxsSyncMsgReqItem *item,bool item_ { RsGxsMsgMetaData* m = *vit; - RsIdentityDetails details ; + // Check reputation - if(!rsIdentity->getIdDetails(m->mAuthorId,details)) - { - std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending grp message ID " << (*vit)->mMsgId << ", because the identity of the author is not accessible (unknown/not cached)" << std::endl; - continue ; - } - - if(details.mReputation.mOverallReputationLevel < minReputationForForwardingMessages(grpMeta->mSignFlags, details.mFlags)) + if(!m->mAuthorId.isNull()) { -//#ifdef NXS_NET_DEBUG_0 - std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending item ID " << (*vit)->mMsgId << ", because the author is flags " << std::hex << details.mFlags << std::dec << " and reputation level " << details.mReputation.mOverallReputationLevel << std::endl; -//#endif - continue ; + RsIdentityDetails details ; + + if(!rsIdentity->getIdDetails(m->mAuthorId,details)) + { + std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending grp message ID " << (*vit)->mMsgId << ", because the identity of the author (" << m->mAuthorId << ") is not accessible (unknown/not cached)" << std::endl; + continue ; + } + + if(details.mReputation.mOverallReputationLevel < minReputationForForwardingMessages(grpMeta->mSignFlags, details.mFlags)) + { + //#ifdef NXS_NET_DEBUG_0 + std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending item ID " << (*vit)->mMsgId << ", because the author is flags " << std::hex << details.mFlags << std::dec << " and reputation level " << details.mReputation.mOverallReputationLevel << std::endl; + //#endif + continue ; + } } // Check publish TS From e312848d24ea208a176747c56c18cd57dc5851e1 Mon Sep 17 00:00:00 2001 From: csoler Date: Sun, 1 Jan 2017 17:50:09 +0100 Subject: [PATCH 4/5] added documentation of flags in GXS msg authentication policy --- libretroshare/src/retroshare/rsgxsflags.h | 27 ++++++++++++----------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/libretroshare/src/retroshare/rsgxsflags.h b/libretroshare/src/retroshare/rsgxsflags.h index 66f0f3e37..921c843fa 100644 --- a/libretroshare/src/retroshare/rsgxsflags.h +++ b/libretroshare/src/retroshare/rsgxsflags.h @@ -45,24 +45,25 @@ namespace GXS_SERV { /** START msg authentication flags **/ static const uint8_t MSG_AUTHEN_MASK = 0x0f; - static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01; // means: new threads need to be signed by the publish signature of the group - static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02; // means: all messages need to be signed by the publish signature of the group - static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04; // means: new threads need to be signed by the author of the message - static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08; // means: all messages need to be signed by the author of the message + static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01; // means: new threads need to be signed by the publish signature of the group. Typical use: posts in channels. + static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02; // means: all messages need to be signed by the publish signature of the group. Typical use: channels were comments are restricted to the publisher. + static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04; // means: new threads need to be signed by the author of the message. Typical use: forums, since posts are signed. + static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08; // means: all messages need to be signed by the author of the message. Typical use: forums since response to posts are signed, and signed comments in channels. /** END msg authentication flags **/ /** START group options flag **/ - static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01; // means: the group needs to be signed by a specific author stored in GroupMeta.mAuthorId + static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01; // means: the group options (serialised grp data) needs to be signed by a specific author stored in GroupMeta.mAuthorId + // note that it is always signed by the *admin* (means the creator) of the group. This author signature is just an option here. /** END group options flag **/ /** START Subscription Flags. (LOCAL) **/ - static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x01; - static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x02; - static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x04; + static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x01;// means: you have the admin key for this group + static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x02;// means: you have the publish key for thiss group. Typical use: publish key in channels are shared with specific friends. + static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x04;// means: you are subscribed to a group, which makes you a source for this group to your friend nodes. static const uint32_t GROUP_SUBSCRIBE_NOT_SUBSCRIBED = 0x08; /*! @@ -82,11 +83,11 @@ namespace GXS_SERV { * NOTE: RsGxsCommentService uses 0x000f0000. */ static const uint32_t GXS_MSG_STATUS_GEN_MASK = 0x0000ffff; - static const uint32_t GXS_MSG_STATUS_UNPROCESSED = 0x00000001; - static const uint32_t GXS_MSG_STATUS_GUI_UNREAD = 0x00000002; - static const uint32_t GXS_MSG_STATUS_GUI_NEW = 0x00000004; - static const uint32_t GXS_MSG_STATUS_KEEP = 0x00000008; - static const uint32_t GXS_MSG_STATUS_DELETE = 0x00000020; + static const uint32_t GXS_MSG_STATUS_UNPROCESSED = 0x00000001; // Flags to store the read/process status of group messages. + static const uint32_t GXS_MSG_STATUS_GUI_UNREAD = 0x00000002; // The actual meaning may depend on the type of service. + static const uint32_t GXS_MSG_STATUS_GUI_NEW = 0x00000004; // + static const uint32_t GXS_MSG_STATUS_KEEP = 0x00000008; // + static const uint32_t GXS_MSG_STATUS_DELETE = 0x00000020; // /** END GXS Msg status flags **/ From f07ebbf605eb13da2447c42075b1e3f4d9dea804 Mon Sep 17 00:00:00 2001 From: csoler Date: Sun, 1 Jan 2017 17:51:03 +0100 Subject: [PATCH 5/5] fixed circle authentication policy --- libretroshare/src/services/p3gxscircles.cc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libretroshare/src/services/p3gxscircles.cc b/libretroshare/src/services/p3gxscircles.cc index 734dd107a..9e79f27fe 100644 --- a/libretroshare/src/services/p3gxscircles.cc +++ b/libretroshare/src/services/p3gxscircles.cc @@ -162,15 +162,14 @@ uint32_t p3GxsCircles::circleAuthenPolicy() uint32_t policy = 0; uint8_t flag = 0; - flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN; + flag = GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN; RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS); - flags |= GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN; + flag |= GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN; RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS); RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS); flag = 0; - //flag = GXS_SERV::GRP_OPTION_AUTHEN_AUTHOR_SIGN; RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::GRP_OPTION_BITS); return policy;