fixed a few bugs in ftServer for encrypted tunnel management

libretroshare/src/file_sharing/p3filelists.cc

@@ -628,6 +628,7 @@ bool p3FileDatabase::findChildPointer(void *ref, int row, void *& result, FileSe
     result = NULL ;
 
     if (ref == NULL)
+    {
         if(flags & RS_FILE_HINTS_LOCAL)
         {
             if(row != 0)
@@ -644,6 +645,7 @@ bool p3FileDatabase::findChildPointer(void *ref, int row, void *& result, FileSe
         }
         else
             return false;
+    }
 
     uint32_t fi;
     DirectoryStorage::EntryIndex e ;

libretroshare/src/ft/ftcontroller.cc

@@ -1825,7 +1825,7 @@ const std::string download_dir_ss("DOWN_DIR");
 const std::string partial_dir_ss("PART_DIR");
 const std::string default_chunk_strategy_ss("DEFAULT_CHUNK_STRATEGY");
 const std::string free_space_limit_ss("FREE_SPACE_LIMIT");
-const std::string default_encryption_policy("DEFAULT_ENCRYPTION_POLICY");
+const std::string default_encryption_policy_ss("DEFAULT_ENCRYPTION_POLICY");
 
 
 	/* p3Config Interface */
@@ -1873,6 +1873,8 @@ bool ftController::saveList(bool &cleanup, std::list<RsItem *>& saveData)
 																		break ;
 	}
 
+    configMap[default_encryption_policy_ss] = (mDefaultEncryptionPolicy==RS_FILE_CTRL_ENCRYPTION_POLICY_PERMISSIVE)?"PERMISSIVE":"STRICT" ;
+
 	rs_sprintf(s, "%lu", RsDiscSpace::freeSpaceLimit());
 	configMap[free_space_limit_ss] = s ;
 
@@ -2115,7 +2117,7 @@ bool  ftController::loadConfigMap(std::map<std::string, std::string> &configMap)
 		setPartialsDirectory(mit->second);
 	}
 
-    if (configMap.end() != (mit = configMap.find(default_encryption_policy)))
+    if (configMap.end() != (mit = configMap.find(default_encryption_policy_ss)))
     {
         if(mit->second == "STRICT")
         {

libretroshare/src/ft/ftserver.cc

@@ -57,6 +57,11 @@ const int ftserverzone = 29539;
  * #define SERVER_DEBUG_CACHE 1
  ***/
 
+#define SERVER_DEBUG       1
+
+#define FTSERVER_DEBUG() std::cerr << time(NULL) << " : FILE_SERVER : " << __FUNCTION__ << " : "
+#define FTSERVER_ERROR() std::cerr << "(EE) FILE_SERVER ERROR : "
+
 static const time_t FILE_TRANSFER_LOW_PRIORITY_TASKS_PERIOD = 5 ; // low priority tasks handling every 5 seconds
 
 	/* Setup */
@@ -259,8 +264,18 @@ bool ftServer::activateTunnels(const RsFileHash& hash,TransferRequestFlags flags
 
     if(onoff)
     {
-        if(flags & RS_FILE_REQ_ENCRYPTED)   mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ;
+        std::cerr << "Activating tunnels for hash " << hash << std::endl;
-        if(flags & RS_FILE_REQ_UNENCRYPTED) mTurtleRouter->monitorTunnels(hash,this,true) ;
+
+        if(flags & RS_FILE_REQ_ENCRYPTED)
+        {
+            std::cerr << "  flags require end-to-end encryption. Requesting hash of hash " << hash_of_hash << std::endl;
+            mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ;
+        }
+        if(flags & RS_FILE_REQ_UNENCRYPTED)
+        {
+            std::cerr << "  flags require no end-to-end encryption. Requesting hash " << hash << std::endl;
+            mTurtleRouter->monitorTunnels(hash,this,true) ;
+        }
     }
     else
     {
@@ -477,12 +492,42 @@ RsTurtleGenericTunnelItem *ftServer::deserialiseItem(void *data,uint32_t size) c
 
 void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir) 
 {
+#ifdef SERVER_DEBUG
+    FTSERVER_DEBUG() << "adding virtual peer. Direction=" << dir << ", hash=" << hash << ", vpid=" << virtual_peer_id << std::endl;
+#endif
     if(dir == RsTurtleGenericTunnelItem::DIRECTION_SERVER)
+    {
+        RsFileHash real_hash ;
+        if(findRealHash(hash,real_hash))
+        {
+#ifdef SERVER_DEBUG
+            FTSERVER_DEBUG() << "  direction is SERVER. Adding file source for end-to-end encrypted tunnel for real hash " << real_hash << ", virtual peer id = " << virtual_peer_id << std::endl;
+#endif
+            {
+                RS_STACK_MUTEX(srvMutex) ;
+                mEncryptedPeerIds[virtual_peer_id] = hash ;
+            }
+            mFtController->addFileSource(real_hash,virtual_peer_id) ;
+        }
+        else
+        {
+#ifdef SERVER_DEBUG
+            FTSERVER_DEBUG() << "  direction is SERVER. Adding file source for unencrypted tunnel" << std::endl;
+#endif
             mFtController->addFileSource(hash,virtual_peer_id) ;
         }
+    }
+}
 void ftServer::removeVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id) 
 {
+    RsFileHash real_hash ;
+    if(findRealHash(hash,real_hash))
+        mFtController->removeFileSource(real_hash,virtual_peer_id) ;
+    else
         mFtController->removeFileSource(hash,virtual_peer_id) ;
+
+    RS_STACK_MUTEX(srvMutex) ;
+    mEncryptedPeerIds.erase(virtual_peer_id) ;
 }
 
 bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_id)
@@ -520,7 +565,7 @@ bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_i
 		std::cerr << "   peer  = " << peer_id << std::endl;
 		std::cerr << "   flags = " << info.storage_permission_flags << std::endl;
 		std::cerr << "   local = " << rsFiles->FileDetails(hash, RS_FILE_HINTS_NETWORK_WIDE | RS_FILE_HINTS_LOCAL | RS_FILE_HINTS_EXTRA | RS_FILE_HINTS_SPEC_ONLY | RS_FILE_HINTS_DOWNLOAD, info) << std::endl;
-		std::cerr << "   groups= " ; for(std::list<std::string>::const_iterator it(info.parent_groups.begin());it!=info.parent_groups.end();++it) std::cerr << (*it) << ", " ; std::cerr << std::endl;
+        std::cerr << "   groups= " ; for(std::list<RsNodeGroupId>::const_iterator it(info.parent_groups.begin());it!=info.parent_groups.end();++it) std::cerr << (*it) << ", " ; std::cerr << std::endl;
 		std::cerr << "   clear = " << rsPeers->computePeerPermissionFlags(peer_id,info.storage_permission_flags,info.parent_groups) << std::endl;
 	}
 #endif
@@ -766,17 +811,19 @@ bool ftServer::shareDownloadDirectory(bool share)
 
 bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTurtleGenericTunnelItem *item)
 {
-    // first, we look for the encrypted hash map
+    // we cannot look in the encrypted hash map, since the same hash--on this side of the FT--can be used with both
-#warning code needed here
+    // encrypted and unencrypted peers ids. So the information comes from the virtual peer Id.
-    if(true)
+
-    {
+    RsFileHash encrypted_hash;
-        // we don't encrypt
+
-        mTurtleRouter->sendTurtleData(peerId,item) ;
+    if(findEncryptedHash(peerId,encrypted_hash))
-    }
-    else
     {
         // we encrypt the item
 
+#ifdef SERVER_DEBUG
+        FTSERVER_DEBUG() << "Sending turtle item to peer ID " << peerId << " using encrypted tunnel." << std::endl;
+#endif
+
         RsTurtleGenericDataItem *encrypted_item ;
 
         if(!encryptItem(item, hash, encrypted_item))
@@ -786,6 +833,14 @@ bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTu
 
         mTurtleRouter->sendTurtleData(peerId,encrypted_item) ;
     }
+    else
+    {
+#ifdef SERVER_DEBUG
+        FTSERVER_DEBUG() << "Sending turtle item to peer ID " << peerId << " using non uncrypted tunnel." << std::endl;
+#endif
+        mTurtleRouter->sendTurtleData(peerId,item) ;
+    }
+
     return true ;
 }
 
@@ -1230,8 +1285,24 @@ bool ftServer::encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash)
     return true ;
 }
 
+bool ftServer::findEncryptedHash(const RsPeerId& virtual_peer_id, RsFileHash& encrypted_hash)
+{
+    RS_STACK_MUTEX(srvMutex);
+
+    std::map<RsPeerId,RsFileHash>::const_iterator it = mEncryptedPeerIds.find(virtual_peer_id) ;
+
+    if(it != mEncryptedPeerIds.end())
+    {
+        encrypted_hash = it->second ;
+        return true ;
+    }
+    else
+        return false ;
+}
+
 bool ftServer::findRealHash(const RsFileHash& hash, RsFileHash& real_hash)
 {
+    RS_STACK_MUTEX(srvMutex);
     std::map<RsFileHash,RsFileHash>::const_iterator it = mEncryptedHashes.find(hash) ;
 
     if(it != mEncryptedHashes.end())
@@ -1391,9 +1462,6 @@ int ftServer::handleIncoming()
 	int nhandled = 0 ;
 
 	RsItem *item = NULL ;
-#ifdef SERVER_DEBUG
-	std::cerr << "ftServer::handleIncoming() " << std::endl;
-#endif
 
 	while(NULL != (item = recvItem()))
 	{

libretroshare/src/ft/ftserver.h

@@ -258,6 +258,7 @@ protected:
 
     // fnds out what is the real hash of encrypted hash hash
     bool findRealHash(const RsFileHash& hash, RsFileHash& real_hash);
+    bool findEncryptedHash(const RsPeerId& virtual_peer_id, RsFileHash& encrypted_hash);
     bool encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash);
 
 private:
@@ -286,6 +287,7 @@ private:
     std::string mPartialsPath;
 
     std::map<RsFileHash,RsFileHash> mEncryptedHashes ; // This map is such that sha1(it->second) = it->first
+    std::map<RsPeerId,RsFileHash> mEncryptedPeerIds ;  // This map holds the hash to be used with each peer id
 };
 
 

retroshare-gui/src/gui/settings/TransferPage.ui

@@ -144,6 +144,9 @@
           </item>
           <item>
            <widget class="QComboBox" name="_e2e_encryption_CB">
+            <property name="toolTip">
+             <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Anonymous tunnels can be end-o-end encrypted. In order to maintain backward compatibility, this can be made optional (choosing &amp;quot;Accepted&amp;quot;), but in the end, all Retroshare nodes will be switched to &amp;quot;Enforced&amp;quot;, meaning that all anonymous transfers will be end-to-end encrypted.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+            </property>
             <item>
              <property name="text">
               <string>Accepted</string>