diff --git a/libretroshare/src/file_sharing/p3filelists.cc b/libretroshare/src/file_sharing/p3filelists.cc index 199641298..bad026bbf 100644 --- a/libretroshare/src/file_sharing/p3filelists.cc +++ b/libretroshare/src/file_sharing/p3filelists.cc @@ -628,6 +628,7 @@ bool p3FileDatabase::findChildPointer(void *ref, int row, void *& result, FileSe result = NULL ; if (ref == NULL) + { if(flags & RS_FILE_HINTS_LOCAL) { if(row != 0) @@ -642,8 +643,9 @@ bool p3FileDatabase::findChildPointer(void *ref, int row, void *& result, FileSe convertEntryIndexToPointer(mRemoteDirectories[row]->root(),row+1,result); return true; } - else - return false; + else + return false; + } uint32_t fi; DirectoryStorage::EntryIndex e ; diff --git a/libretroshare/src/ft/ftcontroller.cc b/libretroshare/src/ft/ftcontroller.cc index 91e0c0dd9..6e0bbccbd 100644 --- a/libretroshare/src/ft/ftcontroller.cc +++ b/libretroshare/src/ft/ftcontroller.cc @@ -1825,7 +1825,7 @@ const std::string download_dir_ss("DOWN_DIR"); const std::string partial_dir_ss("PART_DIR"); const std::string default_chunk_strategy_ss("DEFAULT_CHUNK_STRATEGY"); const std::string free_space_limit_ss("FREE_SPACE_LIMIT"); -const std::string default_encryption_policy("DEFAULT_ENCRYPTION_POLICY"); +const std::string default_encryption_policy_ss("DEFAULT_ENCRYPTION_POLICY"); /* p3Config Interface */ @@ -1873,6 +1873,8 @@ bool ftController::saveList(bool &cleanup, std::list& saveData) break ; } + configMap[default_encryption_policy_ss] = (mDefaultEncryptionPolicy==RS_FILE_CTRL_ENCRYPTION_POLICY_PERMISSIVE)?"PERMISSIVE":"STRICT" ; + rs_sprintf(s, "%lu", RsDiscSpace::freeSpaceLimit()); configMap[free_space_limit_ss] = s ; @@ -2115,7 +2117,7 @@ bool ftController::loadConfigMap(std::map &configMap) setPartialsDirectory(mit->second); } - if (configMap.end() != (mit = configMap.find(default_encryption_policy))) + if (configMap.end() != (mit = configMap.find(default_encryption_policy_ss))) { if(mit->second == "STRICT") { diff --git a/libretroshare/src/ft/ftserver.cc b/libretroshare/src/ft/ftserver.cc index 97bbf1b04..517f5e387 100644 --- a/libretroshare/src/ft/ftserver.cc +++ b/libretroshare/src/ft/ftserver.cc @@ -57,6 +57,11 @@ const int ftserverzone = 29539; * #define SERVER_DEBUG_CACHE 1 ***/ +#define SERVER_DEBUG 1 + +#define FTSERVER_DEBUG() std::cerr << time(NULL) << " : FILE_SERVER : " << __FUNCTION__ << " : " +#define FTSERVER_ERROR() std::cerr << "(EE) FILE_SERVER ERROR : " + static const time_t FILE_TRANSFER_LOW_PRIORITY_TASKS_PERIOD = 5 ; // low priority tasks handling every 5 seconds /* Setup */ @@ -259,8 +264,18 @@ bool ftServer::activateTunnels(const RsFileHash& hash,TransferRequestFlags flags if(onoff) { - if(flags & RS_FILE_REQ_ENCRYPTED) mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ; - if(flags & RS_FILE_REQ_UNENCRYPTED) mTurtleRouter->monitorTunnels(hash,this,true) ; + std::cerr << "Activating tunnels for hash " << hash << std::endl; + + if(flags & RS_FILE_REQ_ENCRYPTED) + { + std::cerr << " flags require end-to-end encryption. Requesting hash of hash " << hash_of_hash << std::endl; + mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ; + } + if(flags & RS_FILE_REQ_UNENCRYPTED) + { + std::cerr << " flags require no end-to-end encryption. Requesting hash " << hash << std::endl; + mTurtleRouter->monitorTunnels(hash,this,true) ; + } } else { @@ -477,12 +492,42 @@ RsTurtleGenericTunnelItem *ftServer::deserialiseItem(void *data,uint32_t size) c void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir) { - if(dir == RsTurtleGenericTunnelItem::DIRECTION_SERVER) - mFtController->addFileSource(hash,virtual_peer_id) ; +#ifdef SERVER_DEBUG + FTSERVER_DEBUG() << "adding virtual peer. Direction=" << dir << ", hash=" << hash << ", vpid=" << virtual_peer_id << std::endl; +#endif + if(dir == RsTurtleGenericTunnelItem::DIRECTION_SERVER) + { + RsFileHash real_hash ; + if(findRealHash(hash,real_hash)) + { +#ifdef SERVER_DEBUG + FTSERVER_DEBUG() << " direction is SERVER. Adding file source for end-to-end encrypted tunnel for real hash " << real_hash << ", virtual peer id = " << virtual_peer_id << std::endl; +#endif + { + RS_STACK_MUTEX(srvMutex) ; + mEncryptedPeerIds[virtual_peer_id] = hash ; + } + mFtController->addFileSource(real_hash,virtual_peer_id) ; + } + else + { +#ifdef SERVER_DEBUG + FTSERVER_DEBUG() << " direction is SERVER. Adding file source for unencrypted tunnel" << std::endl; +#endif + mFtController->addFileSource(hash,virtual_peer_id) ; + } + } } void ftServer::removeVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id) { - mFtController->removeFileSource(hash,virtual_peer_id) ; + RsFileHash real_hash ; + if(findRealHash(hash,real_hash)) + mFtController->removeFileSource(real_hash,virtual_peer_id) ; + else + mFtController->removeFileSource(hash,virtual_peer_id) ; + + RS_STACK_MUTEX(srvMutex) ; + mEncryptedPeerIds.erase(virtual_peer_id) ; } bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_id) @@ -520,7 +565,7 @@ bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_i std::cerr << " peer = " << peer_id << std::endl; std::cerr << " flags = " << info.storage_permission_flags << std::endl; std::cerr << " local = " << rsFiles->FileDetails(hash, RS_FILE_HINTS_NETWORK_WIDE | RS_FILE_HINTS_LOCAL | RS_FILE_HINTS_EXTRA | RS_FILE_HINTS_SPEC_ONLY | RS_FILE_HINTS_DOWNLOAD, info) << std::endl; - std::cerr << " groups= " ; for(std::list::const_iterator it(info.parent_groups.begin());it!=info.parent_groups.end();++it) std::cerr << (*it) << ", " ; std::cerr << std::endl; + std::cerr << " groups= " ; for(std::list::const_iterator it(info.parent_groups.begin());it!=info.parent_groups.end();++it) std::cerr << (*it) << ", " ; std::cerr << std::endl; std::cerr << " clear = " << rsPeers->computePeerPermissionFlags(peer_id,info.storage_permission_flags,info.parent_groups) << std::endl; } #endif @@ -766,17 +811,19 @@ bool ftServer::shareDownloadDirectory(bool share) bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTurtleGenericTunnelItem *item) { - // first, we look for the encrypted hash map -#warning code needed here - if(true) - { - // we don't encrypt - mTurtleRouter->sendTurtleData(peerId,item) ; - } - else + // we cannot look in the encrypted hash map, since the same hash--on this side of the FT--can be used with both + // encrypted and unencrypted peers ids. So the information comes from the virtual peer Id. + + RsFileHash encrypted_hash; + + if(findEncryptedHash(peerId,encrypted_hash)) { // we encrypt the item +#ifdef SERVER_DEBUG + FTSERVER_DEBUG() << "Sending turtle item to peer ID " << peerId << " using encrypted tunnel." << std::endl; +#endif + RsTurtleGenericDataItem *encrypted_item ; if(!encryptItem(item, hash, encrypted_item)) @@ -786,6 +833,14 @@ bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTu mTurtleRouter->sendTurtleData(peerId,encrypted_item) ; } + else + { +#ifdef SERVER_DEBUG + FTSERVER_DEBUG() << "Sending turtle item to peer ID " << peerId << " using non uncrypted tunnel." << std::endl; +#endif + mTurtleRouter->sendTurtleData(peerId,item) ; + } + return true ; } @@ -1230,8 +1285,24 @@ bool ftServer::encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash) return true ; } +bool ftServer::findEncryptedHash(const RsPeerId& virtual_peer_id, RsFileHash& encrypted_hash) +{ + RS_STACK_MUTEX(srvMutex); + + std::map::const_iterator it = mEncryptedPeerIds.find(virtual_peer_id) ; + + if(it != mEncryptedPeerIds.end()) + { + encrypted_hash = it->second ; + return true ; + } + else + return false ; +} + bool ftServer::findRealHash(const RsFileHash& hash, RsFileHash& real_hash) { + RS_STACK_MUTEX(srvMutex); std::map::const_iterator it = mEncryptedHashes.find(hash) ; if(it != mEncryptedHashes.end()) @@ -1391,9 +1462,6 @@ int ftServer::handleIncoming() int nhandled = 0 ; RsItem *item = NULL ; -#ifdef SERVER_DEBUG - std::cerr << "ftServer::handleIncoming() " << std::endl; -#endif while(NULL != (item = recvItem())) { diff --git a/libretroshare/src/ft/ftserver.h b/libretroshare/src/ft/ftserver.h index f585c67f9..5d17da77e 100644 --- a/libretroshare/src/ft/ftserver.h +++ b/libretroshare/src/ft/ftserver.h @@ -258,6 +258,7 @@ protected: // fnds out what is the real hash of encrypted hash hash bool findRealHash(const RsFileHash& hash, RsFileHash& real_hash); + bool findEncryptedHash(const RsPeerId& virtual_peer_id, RsFileHash& encrypted_hash); bool encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash); private: @@ -286,6 +287,7 @@ private: std::string mPartialsPath; std::map mEncryptedHashes ; // This map is such that sha1(it->second) = it->first + std::map mEncryptedPeerIds ; // This map holds the hash to be used with each peer id }; diff --git a/retroshare-gui/src/gui/settings/TransferPage.ui b/retroshare-gui/src/gui/settings/TransferPage.ui index 88f8a3730..665009d65 100644 --- a/retroshare-gui/src/gui/settings/TransferPage.ui +++ b/retroshare-gui/src/gui/settings/TransferPage.ui @@ -144,6 +144,9 @@ + + <html><head/><body><p>Anonymous tunnels can be end-o-end encrypted. In order to maintain backward compatibility, this can be made optional (choosing &quot;Accepted&quot;), but in the end, all Retroshare nodes will be switched to &quot;Enforced&quot;, meaning that all anonymous transfers will be end-to-end encrypted.</p></body></html> + Accepted