added PGP-encryption to server communication to avoid data harvesting

2024-10-01 02:35:48 -04:00 · 2022-01-16 15:50:21 +01:00 · 2022-01-16 15:50:21 +01:00 · 365682d771
commit 365682d771
parent 4a54587500
4 changed files with 88 additions and 30 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit a7a430008b76e53727598c4d13106e7ce95221d7
+Subproject commit 89b4d9c3352c02630cd555918515b1412b3264ff
--- a/retroshare-friendserver/src/friendserver.cc
+++ b/retroshare-friendserver/src/friendserver.cc
@ -4,6 +4,8 @@
 #include "util/rsbase64.h"
 #include "util/radix64.h"

+#include "crypto/hashstream.h"
+
 #include "pgp/pgpkeyutil.h"
 #include "pgp/rscertificate.h"
 #include "pgp/openpgpsdkhandler.h"
@ -60,7 +62,7 @@ void FriendServer::threadTick()
    if(last_debugprint_TS + DELAY_BETWEEN_TWO_DEBUG_PRINT < now)
    {
        last_debugprint_TS = now;
-        debugPrint();
+        debugPrint(false);
    }
 }

@ -82,12 +84,12 @@ void FriendServer::handleClientPublish(const RsFriendServerClientPublishItem *it

        RsDbg() << "Sending response item to " << item->PeerId() ;

-        RsFriendServerServerResponseItem *sr_item = new RsFriendServerServerResponseItem;
+        RsFriendServerServerResponseItem sr_item;

        std::map<RsPeerId,RsPgpFingerprint> friends;
-        sr_item->nonce = pi->second.last_nonce;
-        sr_item->friend_invites = computeListOfFriendInvites(item->n_requested_friends,pi->first,friends);
-        sr_item->PeerId(item->PeerId());
+        sr_item.nonce = pi->second.last_nonce;
+        sr_item.friend_invites = computeListOfFriendInvites(item->n_requested_friends,pi->first,friends);
+        sr_item.PeerId(item->PeerId());

        // Update the have_added_as_friend for the list of each peer. We do that before sending because sending destroys
        // the item.
@ -100,10 +102,29 @@ void FriendServer::handleClientPublish(const RsFriendServerClientPublishItem *it

        // Now encrypt the item with the public PGP key of the destination. This prevents the wrong person to request for
        // someone else's data.
-#warning TODO
+        RsFriendServerEncryptedServerResponseItem *encrypted_response_item = new RsFriendServerEncryptedServerResponseItem;
+        uint32_t serialized_clear_size = FsSerializer().size(&sr_item);
+        RsTemporaryMemory serialized_clear_mem(serialized_clear_size);
+        FsSerializer().serialise(&sr_item,serialized_clear_mem,&serialized_clear_size);
+
+        uint32_t encrypted_mem_size = serialized_clear_size+1000;	// leave some extra space
+        RsTemporaryMemory encrypted_mem(encrypted_mem_size);
+
+        if(!mPgpHandler->encryptDataBin(PGPHandler::pgpIdFromFingerprint(pi->second.pgp_fingerprint),
+                                        serialized_clear_mem,serialized_clear_size,
+                                        encrypted_mem,&encrypted_mem_size))
+        {
+            RsErr() << "Cannot encrypt item for PGP Id/FPR " << pi->second.pgp_fingerprint << ". Something went wrong." ;
+            return;
+        }
+        encrypted_response_item->PeerId(item->PeerId());
+        encrypted_response_item->bin_len = encrypted_mem_size;
+        encrypted_response_item->bin_data = malloc(encrypted_mem_size);
+
+        memcpy(encrypted_response_item->bin_data,encrypted_mem,encrypted_mem_size);

        // Send the item.
-        mni->SendItem(sr_item);
+        mni->SendItem(encrypted_response_item);

        // Update the list of closest peers for all peers currently in the database.

@ -349,8 +370,6 @@ void FriendServer::run()
 void FriendServer::autoWash()
 {
    rstime_t now = time(nullptr);
-    RsDbg() << "autoWash..." ;
-
    std::list<RsPeerId> to_remove;

    for(std::map<RsPeerId,PeerInfo>::iterator it(mCurrentClientPeers.begin());it!=mCurrentClientPeers.end();++it)
@ -380,32 +399,68 @@ void FriendServer::updateClosestPeers(const RsPeerId& pid,const RsPgpFingerprint
        }
 }

-void FriendServer::debugPrint()
+Sha1CheckSum FriendServer::computeDataHash()
 {
-    RsDbg() << "========== FriendServer statistics ============";
-    RsDbg() << "  Base directory: "<< mBaseDirectory;
-    RsDbg() << "  Random peer bias: "<< mRandomPeerBias;
-    RsDbg() << "  Network interface: ";
-    RsDbg() << "  Max peers in n-closest list: " << MAXIMUM_PEERS_TO_REQUEST;
-    RsDbg() << "  Current active peers: " << mCurrentClientPeers.size() ;
+    librs::crypto::HashStream s(librs::crypto::HashStream::SHA1);

-    rstime_t now = time(nullptr);
-
-    for(const auto& it:mCurrentClientPeers)
+    for(auto p(mCurrentClientPeers.begin());p!=mCurrentClientPeers.end();++p)
    {
-        RsDbg() << "   " << it.first << ": nonce=" << std::hex << it.second.last_nonce << std::dec << " fpr: " << it.second.pgp_fingerprint << ", last contact: " << now - it.second.last_connection_TS << " secs ago.";
-        RsDbg() << "   Closest peers:" ;
+        s << p->first;

-        for(const auto& pit:it.second.closest_peers)
-            RsDbg() << "      " << pit.second << " distance=" << pit.first ;
+        const auto& inf(p->second);

-        RsDbg() << "   Have added this peer:" ;
+        s << inf.pgp_fingerprint;
+        s << inf.short_certificate;
+        s << (uint64_t)inf.last_connection_TS;
+        s << inf.last_nonce;

-        for(const auto& pit:it.second.have_added_this_peer)
-            RsDbg() << "      " << pit.second << " distance=" << pit.first ;
+        for(auto d(inf.closest_peers.begin());d!=inf.closest_peers.end();++d)
+        {
+            s << d->first ;
+            s << d->second;
+        }
+        for(auto d(inf.have_added_this_peer.begin());d!=inf.have_added_this_peer.end();++d)
+        {
+            s << d->first ;
+            s << d->second;
+        }
    }
+    return s.hash();
+}
+void FriendServer::debugPrint(bool force)
+{
+    auto h = computeDataHash();

-    RsDbg() << "===============================================";
+    if((h != mCurrentDataHash) || force)
+    {
+        RsDbg() << "========== FriendServer statistics ============";
+        RsDbg() << "  Base directory: "<< mBaseDirectory;
+        RsDbg() << "  Random peer bias: "<< mRandomPeerBias;
+        RsDbg() << "  Current hash: "<< h;
+        RsDbg() << "  Network interface: ";
+        RsDbg() << "  Max peers in n-closest list: " << MAXIMUM_PEERS_TO_REQUEST;
+        RsDbg() << "  Current active peers: " << mCurrentClientPeers.size() ;
+
+        rstime_t now = time(nullptr);
+
+        for(const auto& it:mCurrentClientPeers)
+        {
+            RsDbg() << "   " << it.first << ": nonce=" << std::hex << it.second.last_nonce << std::dec << " fpr: " << it.second.pgp_fingerprint << ", last contact: " << now - it.second.last_connection_TS << " secs ago.";
+            RsDbg() << "   Closest peers:" ;
+
+            for(const auto& pit:it.second.closest_peers)
+                RsDbg() << "      " << pit.second << " distance=" << pit.first ;
+
+            RsDbg() << "   Have added this peer:" ;
+
+            for(const auto& pit:it.second.have_added_this_peer)
+                RsDbg() << "      " << pit.second << " distance=" << pit.first ;
+        }
+
+        RsDbg() << "===============================================";
+
+        mCurrentDataHash = h;
+    }

 }

--- a/retroshare-friendserver/src/friendserver.h
+++ b/retroshare-friendserver/src/friendserver.h
@ -75,7 +75,8 @@ private:
    PeerInfo::PeerDistance computePeerDistance(const RsPgpFingerprint &p1, const RsPgpFingerprint &p2);

    void autoWash();
-    void debugPrint();
+    void debugPrint(bool force);
+    Sha1CheckSum computeDataHash();

    // Local members

@ -88,4 +89,6 @@ private:
    std::map<RsPeerId, PeerInfo> mCurrentClientPeers;
    std::string mListeningAddress;
    uint16_t mListeningPort;
+
+    Sha1CheckSum mCurrentDataHash;
 };
--- a/retroshare-gui/src/gui/settings/ServerPage.ui
+++ b/retroshare-gui/src/gui/settings/ServerPage.ui
@ -6,7 +6,7 @@
   <rect>
    <x>0</x>
    <y>0</y>
-    <width>726</width>
+    <width>738</width>
    <height>579</height>
   </rect>
  </property>