Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

separated RsTlvSecurityKey into two incompatible classes to enforce the correct usage of private vs. public keys

Browse Source
This commit is contained in:
csoler 2016-06-02 23:47:57 -04:00
parent cbef01451c
commit 590be092e5
26 changed files with 600 additions and 351 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libretroshare/src/chat/rschatitems.h
View File

@ -406,7 +406,7 @@ class RsChatDHPublicKeyItem: public RsChatItem
BIGNUM *public_key ;
RsTlvKeySignature signature ; // signs the public key in a row.
RsTlvSecurityKey gxs_key ; // public key of the signer
RsTlvSecurityKey_deprecated gxs_key ; // public key of the signer
private:
RsChatDHPublicKeyItem(const RsChatDHPublicKeyItem&) : RsChatItem(RS_PKT_SUBTYPE_DISTANT_CHAT_DH_PUBLIC_KEY) {} // make the object non copy-able

2
libretroshare/src/grouter/p3grouter.cc
View File

@ -1958,7 +1958,7 @@ bool p3GRouter::signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& signi
{
try
{
RsTlvSecurityKey signature_key ;
RsTlvSecurityKey_deprecated signature_key ;
#ifdef GROUTER_DEBUG
std::cerr << "p3GRouter::signDataItem()" << std::endl;

62
libretroshare/src/gxs/gxssecurity.cc
View File

@ -59,7 +59,7 @@ static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
return RsGxsId(s.toStdString().substr(0,2*CERTSIGNLEN));
}
static RSA *extractPrivateKey(const RsTlvSecurityKey & key)
static RSA *extractPrivateKey(const RsTlvPrivateRSAKey& key)
{
assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
@ -72,7 +72,7 @@ static RSA *extractPrivateKey(const RsTlvSecurityKey & key)
return rsakey;
}
static RSA *extractPublicKey(const RsTlvSecurityKey& key)
static RSA *extractPublicKey(const RsTlvPublicRSAKey& key)
{
assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
@ -84,18 +84,30 @@ static RSA *extractPublicKey(const RsTlvSecurityKey& key)
return rsakey;
}
static void setRSAPublicKeyData(RsTlvSecurityKey & key, RSA *rsa_pub)
static void setRSAPublicKeyData(RsTlvPublicRSAKey& key, RSA *rsa_pub)
{
assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
unsigned char *data = NULL ; // this works for OpenSSL > 0.9.7
int reqspace = i2d_RSAPublicKey(rsa_pub, &data);
key.keyData.setBinData(data, reqspace);
key.keyId = getRsaKeyFingerprint(rsa_pub);
free(data) ;
free(data) ;
}
bool GxsSecurity::checkPrivateKey(const RsTlvSecurityKey& key)
static void setRSAPrivateKeyData(RsTlvPrivateRSAKey& key, RSA *rsa_pub)
{
assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
unsigned char *data = NULL ; // this works for OpenSSL > 0.9.7
int reqspace = i2d_RSAPublicKey(rsa_pub, &data);
key.keyData.setBinData(data, reqspace);
key.keyId = getRsaKeyFingerprint(rsa_pub);
free(data) ;
}
bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key)
{
#ifdef GXS_SECURITY_DEBUG
std::cerr << "Checking private key " << key.keyId << " ..." << std::endl;
@ -132,7 +144,7 @@ bool GxsSecurity::checkPrivateKey(const RsTlvSecurityKey& key)
return true ;
}
bool GxsSecurity::checkPublicKey(const RsTlvSecurityKey& key)
bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key)
{
#ifdef GXS_SECURITY_DEBUG
std::cerr << "Checking public key " << key.keyId << " ..." << std::endl;
@ -162,7 +174,7 @@ bool GxsSecurity::checkPublicKey(const RsTlvSecurityKey& key)
return true ;
}
static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv)
static void setRSAPrivateKeyData(RsTlvSecurityKey_deprecated & key, RSA *rsa_priv)
{
unsigned char *data = NULL ;
int reqspace = i2d_RSAPrivateKey(rsa_priv, &data);
@ -173,7 +185,7 @@ static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv)
free(data) ;
}
bool GxsSecurity::generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& private_key)
bool GxsSecurity::generateKeyPair(RsTlvPublicRSAKey& public_key,RsTlvPrivateRSAKey& private_key)
{
// admin keys
RSA *rsa = RSA_generate_key(2048, 65537, NULL, NULL);
@ -194,10 +206,16 @@ bool GxsSecurity::generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey&
RSA_free(rsa);
RSA_free(rsa_pub);
return true ;
if(!(private_key.check() && public_key.check()))
{
std::cerr << "(EE) ERROR while generating keys. Something inconsistent in flags. This is probably a bad sign!" << std::endl;
return false ;
}
return true ;
}
bool GxsSecurity::extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecurityKey& public_key)
bool GxsSecurity::extractPublicKey(const RsTlvPrivateRSAKey &private_key, RsTlvPublicRSAKey &public_key)
{
public_key.TlvClear() ;
@ -241,7 +259,7 @@ bool GxsSecurity::extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecu
return true ;
}
bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign)
bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvPrivateRSAKey &privKey, RsTlvKeySignature& sign)
{
RSA* rsa_pub = extractPrivateKey(privKey);
@ -272,12 +290,11 @@ bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvS
return ok;
}
bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& key, const RsTlvKeySignature& signature)
bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const RsTlvPublicRSAKey &key, const RsTlvKeySignature& signature)
{
RSA *tmpkey = (key.keyFlags & RSTLV_KEY_TYPE_FULL)?(::extractPrivateKey(key)):(::extractPublicKey(key)) ;
RSA *rsakey = RSAPublicKey_dup(tmpkey) ; // always extract public key
RSA_free(tmpkey) ;
assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
RSA *rsakey = ::extractPublicKey(key) ;
if(!rsakey)
{
@ -303,7 +320,7 @@ bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const R
return signOk;
}
bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key)
bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey& key)
{
#ifdef GXS_SECURITY_DEBUG
std::cerr << "GxsSecurity::validateNxsMsg()";
@ -417,7 +434,7 @@ bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& s
return false;
}
bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key)
bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPublicRSAKey& key)
{
#ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity::encrypt() " << std::endl;
@ -532,7 +549,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
return true;
}
bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys)
bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvPublicRSAKey> &keys)
{
#ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity::encrypt() " << std::endl;
@ -685,7 +702,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
}
}
bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key)
bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvPrivateRSAKey &key)
{
// Decrypts (in,inlen) into (out,outlen) using the given RSA public key.
// The format of the encrypted data (in) is:
@ -791,7 +808,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
return true;
}
bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys)
bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvPrivateRSAKey> &keys)
{
// Decrypts (in,inlen) into (out,outlen) using one of the given RSA public keys, trying them all in a row.
// The format of the encrypted data is:
@ -936,7 +953,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
return false;
}
}
bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key)
bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey &key)
{
#ifdef GXS_SECURITY_DEBUG
std::cerr << "GxsSecurity::validateNxsGrp()";
@ -974,6 +991,7 @@ bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& s
#endif
/* extract admin key */
#warning Souldn't need to do that HERE!!
RSA *rsakey = (key.keyFlags & RSTLV_KEY_TYPE_FULL)? d2i_RSAPrivateKey(NULL, &(keyptr), keylen): d2i_RSAPublicKey(NULL, &(keyptr), keylen);
if (!rsakey)

24
libretroshare/src/gxs/gxssecurity.h
View File

@ -45,7 +45,7 @@ class GxsSecurity
/*!
* Extracts a public key from a private key.
*/
static bool extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecurityKey& public_key) ;
static bool extractPublicKey(const RsTlvPrivateRSAKey& private_key,RsTlvPublicRSAKey& public_key) ;
/*!
* Generates a public/private RSA keypair. To be used for all GXS purposes.
@ -53,7 +53,7 @@ class GxsSecurity
* @param RsTlvSecurityKey private RSA key
* @return true if the generate was successful, false otherwise.
*/
static bool generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& private_key) ;
static bool generateKeyPair(RsTlvPublicRSAKey &public_key, RsTlvPrivateRSAKey &private_key) ;
/*!
* Encrypts data using envelope encryption (taken from open ssl's evp_sealinit )
@ -63,8 +63,8 @@ class GxsSecurity
*@param in
*@param inlen
*/
static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) ;
static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys) ;
static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPublicRSAKey& key) ;
static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvPublicRSAKey>& keys) ;
/**
* Decrypts data using evelope decryption (taken from open ssl's evp_sealinit )
@ -75,8 +75,8 @@ class GxsSecurity
* @param inlen
* @return false if encryption failed
*/
static bool decrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) ;
static bool decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvSecurityKey>& keys);
static bool decrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPrivateRSAKey& key) ;
static bool decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector<RsTlvPrivateRSAKey>& keys);
/*!
* uses grp signature to check if group has been
@ -86,7 +86,7 @@ class GxsSecurity
* @param key the public key to use to check signature
* @return true if group valid false otherwise
*/
static bool validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key);
static bool validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey& key);
/*!
* Validate a msg's signature using the given public key
@ -95,7 +95,7 @@ class GxsSecurity
* @param key the public key to use to check signature
* @return false if verfication of signature is not passed
*/
static bool validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key);
static bool validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey &key);
/*!
@ -105,7 +105,7 @@ class GxsSecurity
* @param sign the signature is stored here
* @return false if signature creation failed, true is signature created
*/
static bool getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign);
static bool getSignature(const char *data, uint32_t data_len, const RsTlvPrivateRSAKey& privKey, RsTlvKeySignature& sign);
/*!
* @param data data that has been signed
@ -114,7 +114,7 @@ class GxsSecurity
* @param sign Signature for the data
* @return true if signature checks
*/
static bool validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& pubKey, const RsTlvKeySignature& sign);
static bool validateSignature(const char *data, uint32_t data_len, const RsTlvPublicRSAKey& pubKey, const RsTlvKeySignature& sign);
/*!
* Checks that the public key has correct fingerprint and correct flags.
@ -123,8 +123,8 @@ class GxsSecurity
* @return false if the key is invalid.
*/
static bool checkPublicKey(const RsTlvSecurityKey &key);
static bool checkPrivateKey(const RsTlvSecurityKey &key);
static bool checkPublicKey(const RsTlvPublicRSAKey &key);
static bool checkPrivateKey(const RsTlvPrivateRSAKey &key);
};
#endif // GXSSECURITY_H

201
libretroshare/src/gxs/rsgenexchange.cc
View File

@ -341,47 +341,53 @@ bool RsGenExchange::acknowledgeTokenGrp(const uint32_t& token, RsGxsGroupId& grp
return true;
}
void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet, bool genPublishKeys)
void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet, bool genPublishKeys)
{
/* create Keys */
RsTlvSecurityKey adminKey, privAdminKey;
GxsSecurity::generateKeyPair(adminKey,privAdminKey) ;
/* create Keys */
RsTlvPublicRSAKey pubAdminKey ;
RsTlvPrivateRSAKey privAdminKey;
// for now all public
adminKey.keyFlags = RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_PUBLIC_ONLY;
privAdminKey.keyFlags = RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL;
GxsSecurity::generateKeyPair(pubAdminKey,privAdminKey) ;
publickeySet.keys[adminKey.keyId] = adminKey;
privatekeySet.keys[privAdminKey.keyId] = privAdminKey;
// for now all public
pubAdminKey.keyFlags |= RSTLV_KEY_DISTRIB_ADMIN ;
privAdminKey.keyFlags |= RSTLV_KEY_DISTRIB_ADMIN ;
if(genPublishKeys)
keySet.public_keys[pubAdminKey.keyId] = pubAdminKey;
keySet.private_keys[privAdminKey.keyId] = privAdminKey;
if(genPublishKeys)
{
/* set publish keys */
RsTlvPublicRSAKey pubPublishKey ;
RsTlvPrivateRSAKey privPublishKey;
GxsSecurity::generateKeyPair(pubPublishKey,privPublishKey) ;
// for now all public
pubPublishKey.keyFlags |= RSTLV_KEY_DISTRIB_PUBLISH ;
privPublishKey.keyFlags |= RSTLV_KEY_DISTRIB_PUBLISH ;
keySet.public_keys[pubPublishKey.keyId] = pubPublishKey;
keySet.private_keys[privPublishKey.keyId] = privPublishKey;
}
}
void RsGenExchange::generatePublicFromPrivateKeys(RsTlvSecurityKeySet& keySet)
{
// actually just copy settings of one key except mark its key flags public
keySet.public_keys.clear() ;
for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator cit=keySet.private_keys.begin(); cit != keySet.private_keys.end(); ++cit)
{
/* set publish keys */
RsTlvSecurityKey publishKey, privPublishKey;
GxsSecurity::generateKeyPair(publishKey,privPublishKey) ;
// for now all public
publishKey.keyFlags = RSTLV_KEY_DISTRIB_PUBLISH | RSTLV_KEY_TYPE_PUBLIC_ONLY;
privPublishKey.keyFlags = RSTLV_KEY_DISTRIB_PUBLISH | RSTLV_KEY_TYPE_FULL;
publickeySet.keys[publishKey.keyId] = publishKey;
privatekeySet.keys[privPublishKey.keyId] = privPublishKey;
RsTlvPublicRSAKey pubkey ;
if(GxsSecurity::extractPublicKey(cit->second,pubkey))
keySet.public_keys.insert(std::make_pair(pubkey.keyId, pubkey));
}
}
void RsGenExchange::generatePublicFromPrivateKeys(const RsTlvSecurityKeySet &privatekeySet, RsTlvSecurityKeySet &publickeySet)
{
// actually just copy settings of one key except mark its key flags public
publickeySet = RsTlvSecurityKeySet() ;
RsTlvSecurityKey pubkey ;
for(std::map<RsGxsId, RsTlvSecurityKey>::const_iterator cit=privatekeySet.keys.begin(); cit != privatekeySet.keys.end(); ++cit)
if(GxsSecurity::extractPublicKey(cit->second,pubkey))
publickeySet.keys.insert(std::make_pair(pubkey.keyId, pubkey));
}
uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKeySet, RsTlvSecurityKeySet& publicKeySet)
uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& keySet)
{
#ifdef GEN_EXCH_DEBUG
std::cerr << "RsGenExchange::createGroup()";
@ -393,19 +399,18 @@ uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKe
/* add public admin and publish keys to grp */
// find private admin key
RsTlvSecurityKey privAdminKey;
std::map<RsGxsId, RsTlvSecurityKey>::iterator mit = privateKeySet.keys.begin();
RsTlvPrivateRSAKey privAdminKey;
bool privKeyFound = false; // private admin key
for(; mit != privateKeySet.keys.end(); ++mit)
for( std::map<RsGxsId, RsTlvPrivateRSAKey>::iterator mit = keySet.private_keys.begin(); mit != keySet.private_keys.end(); ++mit)
{
RsTlvSecurityKey& key = mit->second;
RsTlvPrivateRSAKey& key = mit->second;
if((key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (key.keyFlags & RSTLV_KEY_TYPE_FULL))
{
privAdminKey = key;
privKeyFound = true;
break ;
break ;
}
}
@ -417,13 +422,17 @@ uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKe
return false;
}
meta->keys = publicKeySet; // only public keys are included to be transported
// only public keys are included to be transported. The 2nd line below is very important.
meta->keys = keySet;
meta->keys.private_keys.clear() ;
// group is self signing
// for the creation of group signature
// only public admin and publish keys are present in meta
uint32_t metaDataLen = meta->serial_size(RS_GXS_GRP_META_DATA_CURRENT_API_VERSION);
uint32_t allGrpDataLen = metaDataLen + grp->grp.bin_len;
char* metaData = new char[metaDataLen];
char* allGrpData = new char[allGrpDataLen]; // msgData + metaData
@ -503,12 +512,11 @@ int RsGenExchange::createGroupSignatures(RsTlvKeySignatureSet& signSet, RsTlvBin
if(haveKey)
{
RsTlvSecurityKey authorKey;
RsTlvPrivateRSAKey authorKey;
mGixs->getPrivateKey(grpMeta.mAuthorId, authorKey);
RsTlvKeySignature sign;
if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len,
authorKey, sign))
if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, authorKey, sign))
{
id_ret = SIGN_SUCCESS;
mGixs->timeStampKey(grpMeta.mAuthorId) ;
@ -623,12 +631,12 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar
if(needPublishSign)
{
// public and shared is publish key
RsTlvSecurityKeySet& keys = grpMeta.keys;
RsTlvSecurityKey* publishKey;
const RsTlvSecurityKeySet& keys = grpMeta.keys;
const RsTlvPrivateRSAKey *publishKey;
std::map<RsGxsId, RsTlvSecurityKey>::iterator mit =
keys.keys.begin(), mit_end = keys.keys.end();
std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator mit = keys.private_keys.begin(), mit_end = keys.private_keys.end();
bool publish_key_found = false;
for(; mit != mit_end; ++mit)
{
@ -672,7 +680,7 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar
if(haveKey)
{
RsTlvSecurityKey authorKey;
RsTlvPrivateRSAKey authorKey;
mGixs->getPrivateKey(msgMeta.mAuthorId, authorKey);
RsTlvKeySignature sign;
@ -841,13 +849,13 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
{
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_PUBLISH];
std::map<RsGxsId, RsTlvSecurityKey>& keys = grpKeySet.keys;
std::map<RsGxsId, RsTlvSecurityKey>::iterator mit = keys.begin();
std::map<RsGxsId, RsTlvPublicRSAKey>& keys = grpKeySet.public_keys;
std::map<RsGxsId, RsTlvPublicRSAKey>::iterator mit = keys.begin();
RsGxsId keyId;
for(; mit != keys.end() ; ++mit)
{
RsTlvSecurityKey& key = mit->second;
RsTlvPublicRSAKey& key = mit->second;
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLIC_deprecated)
{
@ -865,7 +873,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
if(!keyId.isNull())
{
RsTlvSecurityKey& key = keys[keyId];
RsTlvPublicRSAKey& key = keys[keyId];
publishValidate &= GxsSecurity::validateNxsMsg(*msg, sign, key);
}
else
@ -889,7 +897,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
if(haveKey)
{
RsTlvSecurityKey authorKey;
RsTlvPublicRSAKey authorKey;
bool auth_key_fetched = mGixs->getKey(metaData.mAuthorId, authorKey) ;
if (auth_key_fetched)
@ -1008,7 +1016,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp)
std::cerr << " have ID key in cache: yes" << std::endl;
#endif
RsTlvSecurityKey authorKey;
RsTlvPublicRSAKey authorKey;
bool auth_key_fetched = mGixs->getKey(metaData.mAuthorId, authorKey) ;
if (auth_key_fetched)
@ -2155,20 +2163,21 @@ void RsGenExchange::processGroupUpdatePublish()
//gup.grpItem->meta = *meta;
GxsGrpPendingSign ggps(gup.grpItem, gup.mToken);
bool publishAndAdminPrivatePresent = checkKeys(meta->keys);
if(publishAndAdminPrivatePresent)
if(checkKeys(meta->keys))
{
ggps.mPrivateKeys = meta->keys;
generatePublicFromPrivateKeys(ggps.mPrivateKeys, ggps.mPublicKeys);
ggps.mKeys = meta->keys;
generatePublicFromPrivateKeys(ggps.mKeys);
ggps.mHaveKeys = true;
ggps.mStartTS = time(NULL);
ggps.mLastAttemptTS = 0;
ggps.mIsUpdate = true;
ggps.mToken = gup.mToken;
mGrpsToPublish.push_back(ggps);
}else
}
else
{
std::cerr << "(EE) publish group fails because RS cannot find the private publish and author keys" << std::endl;
delete gup.grpItem;
mDataAccess->updatePublicRequestStatus(gup.mToken, RsTokenService::GXS_REQUEST_V2_STATUS_FAILED);
}
@ -2291,14 +2300,15 @@ void RsGenExchange::processMessageDelete()
bool RsGenExchange::checkKeys(const RsTlvSecurityKeySet& keySet)
{
typedef std::map<RsGxsId, RsTlvSecurityKey> keyMap;
const keyMap& allKeys = keySet.keys;
typedef std::map<RsGxsId, RsTlvPrivateRSAKey> keyMap;
const keyMap& allKeys = keySet.private_keys;
keyMap::const_iterator cit = allKeys.begin();
bool adminFound = false, publishFound = false;
for(; cit != allKeys.end(); ++cit)
{
const RsTlvSecurityKey& key = cit->second;
if(key.keyFlags & RSTLV_KEY_TYPE_FULL)
const RsTlvPrivateRSAKey& key = cit->second;
if(key.keyFlags & RSTLV_KEY_TYPE_FULL) // this one is not useful. Just a security.
{
if(key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN)
adminFound = true;
@ -2307,6 +2317,11 @@ bool RsGenExchange::checkKeys(const RsTlvSecurityKeySet& keySet)
publishFound = true;
}
else if(key.keyFlags & RSTLV_KEY_TYPE_PUBLIC_ONLY) // this one is not useful. Just a security.
{
std::cerr << "(EE) found a public only key in the private key list" << std::endl;
return false ;
}
}
// user must have both private and public parts of publish and admin keys
@ -2345,29 +2360,23 @@ void RsGenExchange::publishGrps()
RsNxsGrp* grp = new RsNxsGrp(mServType);
RsGxsGrpItem* grpItem = ggps.mItem;
RsTlvSecurityKeySet privatekeySet, publicKeySet;
RsTlvSecurityKeySet fullKeySet;
if(!(ggps.mHaveKeys))
{
generateGroupKeys(privatekeySet, publicKeySet, true);
generateGroupKeys(fullKeySet, true);
ggps.mHaveKeys = true;
ggps.mPrivateKeys = privatekeySet;
ggps.mPublicKeys = publicKeySet;
ggps.mKeys = fullKeySet;
}
else
{
privatekeySet = ggps.mPrivateKeys;
publicKeySet = ggps.mPublicKeys;
}
// find private admin key
RsTlvSecurityKey privAdminKey;
std::map<RsGxsId, RsTlvSecurityKey>::iterator mit_keys = privatekeySet.keys.begin();
fullKeySet = ggps.mKeys;
// find private admin key
RsTlvPrivateRSAKey privAdminKey;
bool privKeyFound = false;
for(; mit_keys != privatekeySet.keys.end(); ++mit_keys)
for(std::map<RsGxsId, RsTlvPrivateRSAKey>::iterator mit_keys = fullKeySet.private_keys.begin(); mit_keys != fullKeySet.private_keys.end(); ++mit_keys)
{
RsTlvSecurityKey& key = mit_keys->second;
RsTlvPrivateRSAKey& key = mit_keys->second;
if(key.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL))
{
@ -2383,8 +2392,7 @@ void RsGenExchange::publishGrps()
// get group id from private admin key id
grpItem->meta.mGroupId = grp->grpId = RsGxsGroupId(privAdminKey.keyId);
ServiceCreate_Return ret = service_CreateGroup(grpItem, privatekeySet);
ServiceCreate_Return ret = service_CreateGroup(grpItem, fullKeySet);
bool serialOk = false, servCreateOk;
@ -2412,7 +2420,7 @@ void RsGenExchange::publishGrps()
grp->metaData->mSubscribeFlags = GXS_SERV::GROUP_SUBSCRIBE_ADMIN | GXS_SERV::GROUP_SUBSCRIBE_SUBSCRIBED
| GXS_SERV::GROUP_SUBSCRIBE_PUBLISH;
create = createGroup(grp, privatekeySet, publicKeySet);
create = createGroup(grp, fullKeySet);
#ifdef GEN_EXCH_DEBUG
std::cerr << "RsGenExchange::publishGrps() ";
@ -2424,15 +2432,22 @@ void RsGenExchange::publishGrps()
if(create == CREATE_SUCCESS)
{
// Here we need to make sure that no private keys are included. This is very important since private keys
// can be used to modify the group. Normally the private key set is whiped out by createGroup, but
grp->metaData->keys.private_keys.clear() ;
uint32_t mdSize = grp->metaData->serial_size(RS_GXS_GRP_META_DATA_CURRENT_API_VERSION);
char* metaData = new char[mdSize];
serialOk = grp->metaData->serialise(metaData, mdSize,RS_GXS_GRP_META_DATA_CURRENT_API_VERSION);
grp->meta.setBinData(metaData, mdSize);
delete[] metaData;
{
RsTemporaryMemory metaData(mdSize);
serialOk = grp->metaData->serialise(metaData, mdSize,RS_GXS_GRP_META_DATA_CURRENT_API_VERSION);
#warning TODO: grp->meta should be renamed grp->public_meta !
grp->meta.setBinData(metaData, mdSize);
}
// place back private keys for publisher
grp->metaData->keys = privatekeySet;
// Place back private keys for publisher and database storage
grp->metaData->keys.private_keys = fullKeySet.private_keys;
if(mDataStore->validSize(grp) && serialOk)
{
@ -2443,10 +2458,10 @@ void RsGenExchange::publishGrps()
if(ggps.mIsUpdate)
mDataAccess->updateGroupData(grp);
else
mDataAccess->addGroupData(grp);
if(mNetService!=NULL)
mNetService->subscribeStatusChanged(grpId,true) ;
mDataAccess->addGroupData(grp);
#warning this is bad: addGroupData/updateGroupData actially deletes grp. But it may be used below? grp should be a class object and not deleted manually!
if(mNetService!=NULL)
mNetService->subscribeStatusChanged(grpId,true) ;
}
else
{
@ -3074,8 +3089,8 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp)
RsTlvKeySignature adminSign = mit->second;
std::map<RsGxsId, RsTlvSecurityKey>& keys = oldGrpMeta.keys.keys;
std::map<RsGxsId, RsTlvSecurityKey>::iterator keyMit = keys.find(RsGxsId(oldGrpMeta.mGroupId));
std::map<RsGxsId, RsTlvPublicRSAKey>& keys = oldGrpMeta.keys.public_keys;
std::map<RsGxsId, RsTlvPublicRSAKey>::iterator keyMit = keys.find(RsGxsId(oldGrpMeta.mGroupId));
if(keyMit == keys.end())
{

9
libretroshare/src/gxs/rsgenexchange.h
View File

@ -79,8 +79,7 @@ public:
RsGxsGrpItem* mItem;
bool mHaveKeys; // mKeys->first == true if key present
bool mIsUpdate;
RsTlvSecurityKeySet mPrivateKeys;
RsTlvSecurityKeySet mPublicKeys;
RsTlvSecurityKeySet mKeys;
};
typedef std::map<RsGxsGroupId, std::vector<RsGxsMsgItem*> > GxsMsgDataMap;
@ -694,7 +693,7 @@ private:
* @return CREATE_SUCCESS for success, CREATE_FAIL for fail,
* CREATE_FAIL_TRY_LATER for Id sign key not avail (but requested)
*/
uint8_t createGroup(RsNxsGrp* grp, RsTlvSecurityKeySet& privateKeySet, RsTlvSecurityKeySet& publicKeySet);
uint8_t createGroup(RsNxsGrp* grp, RsTlvSecurityKeySet& keySet);
/*!
* This completes the creation of an instance on RsNxsMsg
@ -742,7 +741,7 @@ private:
* @param publickeySet contains public generated keys (counterpart of private)
* @param genPublicKeys should publish key pair also be generated
*/
void generateGroupKeys(RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet, bool genPublishKeys);
void generateGroupKeys(RsTlvSecurityKeySet& keySet, bool genPublishKeys);
/*!
* Generate public set of keys from their private counterparts
@ -751,7 +750,7 @@ private:
* @param publickeySet contains public generated keys (counterpart of private)
* @return false if key gen failed for a key set
*/
void generatePublicFromPrivateKeys(const RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet);
void generatePublicFromPrivateKeys(RsTlvSecurityKeySet& keySet);
/*!
* Attempts to validate msg signatures

4
libretroshare/src/gxs/rsgixs.h
View File

@ -160,8 +160,8 @@ public:
* @return a pointer to a valid profile if successful, otherwise NULL
*
*/
virtual bool getKey(const RsGxsId &id, RsTlvSecurityKey &key) = 0;
virtual bool getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key) = 0; // For signing outgoing messages.
virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey& key) = 0;
virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey& key) = 0; // For signing outgoing messages.
virtual bool getIdDetails(const RsGxsId& id, RsIdentityDetails& details) = 0 ; // Proxy function so that we get p3Identity info from Gxs
};

94
libretroshare/src/gxs/rsgxsnetservice.cc
View File

@ -3297,6 +3297,7 @@ void RsGxsNetService::locked_genSendGrpsTransaction(NxsTransaction* tr)
RsPeerId peerId = tr->mTransaction->PeerId();
for(;mit != grps.end(); ++mit)
{
#warning Should make sure that no private key information is sneaked in here for the grp
mit->second->PeerId(peerId); // set so it gets sent to right peer
mit->second->transactionNumber = transN;
newTr->mItems.push_back(mit->second);
@ -3694,11 +3695,11 @@ bool RsGxsNetService::encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId&
#ifdef NXS_NET_DEBUG_7
GXSNETDEBUG_P_ (item->PeerId()) << " Dest Ids: " << std::endl;
#endif
std::vector<RsTlvSecurityKey> recipient_keys ;
std::vector<RsTlvPublicRSAKey> recipient_keys ;
for(std::list<RsGxsId>::const_iterator it(recipients.begin());it!=recipients.end();++it)
{
RsTlvSecurityKey pkey ;
RsTlvPublicRSAKey pkey ;
if(!mGixs->getKey(*it,pkey))
{
@ -3770,7 +3771,7 @@ bool RsGxsNetService::processTransactionForDecryption(NxsTransaction *tr)
#endif
std::list<RsNxsItem*> decrypted_items ;
std::vector<RsTlvSecurityKey> private_keys ;
std::vector<RsTlvPrivateRSAKey> private_keys ;
// get all private keys. Normally we should look into the circle name and only supply the keys that we have
@ -3806,13 +3807,13 @@ bool RsGxsNetService::processTransactionForDecryption(NxsTransaction *tr)
return true ;
}
bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *& nxsitem,std::vector<RsTlvSecurityKey> *pprivate_keys)
bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *& nxsitem,std::vector<RsTlvPrivateRSAKey> *pprivate_keys)
{
// if private_keys storage is supplied use/update them, otherwise, find which key should be used, and store them in a local std::vector.
nxsitem = NULL ;
std::vector<RsTlvSecurityKey> local_keys ;
std::vector<RsTlvSecurityKey>& private_keys = pprivate_keys?(*pprivate_keys):local_keys ;
std::vector<RsTlvPrivateRSAKey> local_keys ;
std::vector<RsTlvPrivateRSAKey>& private_keys = pprivate_keys?(*pprivate_keys):local_keys ;
// we need the private keys to decrypt the item. First load them in!
bool key_loading_failed = false ;
@ -3828,7 +3829,7 @@ bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypt
for(std::list<RsGxsId>::const_iterator it(own_keys.begin());it!=own_keys.end();++it)
{
RsTlvSecurityKey private_key ;
RsTlvPrivateRSAKey private_key ;
if(mGixs->getPrivateKey(*it,private_key))
{
@ -4848,9 +4849,9 @@ void RsGxsNetService::sharePublishKeysPending()
const RsTlvSecurityKeySet& keys = grpMeta->keys;
std::map<RsGxsId, RsTlvSecurityKey>::const_iterator kit = keys.keys.begin(), kit_end = keys.keys.end();
std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator kit = keys.private_keys.begin(), kit_end = keys.private_keys.end();
bool publish_key_found = false;
RsTlvSecurityKey publishKey ;
RsTlvPrivateRSAKey publishKey ;
for(; kit != kit_end && !publish_key_found; ++kit)
{
@ -4900,7 +4901,7 @@ void RsGxsNetService::sharePublishKeysPending()
void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
{
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << "RsGxsNetService::sharePublishKeys() " << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << "RsGxsNetService::sharePublishKeys() " << std::endl;
#endif
if (!item)
@ -4909,62 +4910,61 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
RS_STACK_MUTEX(mNxsMutex) ;
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " PeerId : " << item->PeerId() << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " GrpId: " << item->grpId << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " Got key Item: " << item->key.keyId << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " PeerId : " << item->PeerId() << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " GrpId: " << item->grpId << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " Got key Item: " << item->key.keyId << std::endl;
#endif
// Get the meta data for this group Id
//
RsGxsMetaDataTemporaryMap<RsGxsGrpMetaData> grpMetaMap;
grpMetaMap[item->grpId] = NULL;
mDataStore->retrieveGxsGrpMetaData(grpMetaMap);
// Get the meta data for this group Id
//
RsGxsMetaDataTemporaryMap<RsGxsGrpMetaData> grpMetaMap;
grpMetaMap[item->grpId] = NULL;
// update the publish keys in this group meta info
mDataStore->retrieveGxsGrpMetaData(grpMetaMap);
RsGxsGrpMetaData *grpMeta = grpMetaMap[item->grpId] ;
// update the publish keys in this group meta info
// Check that the keys correspond, and that FULL keys are supplied, etc.
RsGxsGrpMetaData *grpMeta = grpMetaMap[item->grpId] ;
// Check that the keys correspond, and that FULL keys are supplied, etc.
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key received: " << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key received: " << std::endl;
#endif
bool admin = (item->key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
bool publi = (item->key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
bool admin = (item->key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
bool publi = (item->key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->key.endTS << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->key.endTS << std::endl;
#endif
if(!(!admin && publi))
{
std::cerr << " Key is not a publish private key. Discarding!" << std::endl;
return ;
}
// Also check that we don't already have full keys for that group.
std::map<RsGxsId,RsTlvSecurityKey>::iterator it = grpMeta->keys.keys.find(item->key.keyId) ;
if(!(!admin && publi))
{
std::cerr << " Key is not a publish private key. Discarding!" << std::endl;
return ;
}
// Also check that we don't already have full keys for that group.
if(it == grpMeta->keys.keys.end())
{
std::cerr << " (EE) Key not found in known group keys. This is an inconsistency." << std::endl;
return ;
}
if(grpMeta->keys.public_keys.find(item->key.keyId) == grpMeta->keys.public_keys.end())
{
std::cerr << " (EE) Key not found in known group keys. This is an inconsistency." << std::endl;
return ;
}
if((it->second.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (it->second.keyFlags & RSTLV_KEY_TYPE_FULL))
{
if(grpMeta->keys.private_keys.find(item->key.keyId) != grpMeta->keys.private_keys.end())
{
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " (EE) Publish key already present in database. Discarding message." << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " (EE) Publish key already present in database. Discarding message." << std::endl;
#endif
return ;
}
return ;
}
// Store/update the info.
// Store/update the info.
it->second = item->key ;
bool ret = mDataStore->updateGroupKeys(item->grpId,grpMeta->keys, grpMeta->mSubscribeFlags | GXS_SERV::GROUP_SUBSCRIBE_PUBLISH) ;
grpMeta->keys.private_keys[item->key.keyId] = item->key ;
bool ret = mDataStore->updateGroupKeys(item->grpId,grpMeta->keys, grpMeta->mSubscribeFlags | GXS_SERV::GROUP_SUBSCRIBE_PUBLISH) ;
if(ret)
{

2
libretroshare/src/gxs/rsgxsnetservice.h
View File

@ -455,7 +455,7 @@ private:
* encrypts/decrypts the transaction for the destination circle id.
*/
bool encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId& destination_circle, const RsGxsGroupId &destination_group, RsNxsItem *& encrypted_item, uint32_t &status) ;
bool decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *&nxsitem, std::vector<RsTlvSecurityKey> *private_keys=NULL);
bool decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *&nxsitem, std::vector<RsTlvPrivateRSAKey> *private_keys=NULL);
bool processTransactionForDecryption(NxsTransaction *tr); // return false when the keys are not loaded => need retry later
void cleanRejectedMessages();

8
libretroshare/src/gxstunnel/p3gxstunnel.cc
View File

@ -890,7 +890,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
RsTemporaryMemory data(pubkey_size) ;
BN_bn2bin(item->public_key, data) ;
RsTlvSecurityKey signature_key ;
RsTlvPublicRSAKey signature_key ;
// We need to get the key of the sender, but if the key is not cached, we
// need to get it first. So we let the system work for 2-3 seconds before
@ -1059,9 +1059,9 @@ bool p3GxsTunnelService::locked_sendDHPublicKey(const DH *dh,const RsGxsId& own_
// we should also sign the data and check the signature on the other end.
//
RsTlvKeySignature signature ;
RsTlvSecurityKey signature_key ;
RsTlvSecurityKey signature_key_public ;
RsTlvKeySignature signature ;
RsTlvPrivateRSAKey signature_key ;
RsTlvPublicRSAKey signature_key_public ;
uint32_t error_status ;

2
libretroshare/src/gxstunnel/rsgxstunnelitems.h
View File

@ -146,7 +146,7 @@ class RsGxsTunnelDHPublicKeyItem: public RsGxsTunnelItem
BIGNUM *public_key ;
RsTlvKeySignature signature ; // signs the public key in a row.
RsTlvSecurityKey gxs_key ; // public key of the signer
RsTlvPublicRSAKey gxs_key ; // public key of the signer
private:
// make the object non copy-able

2
libretroshare/src/serialiser/rsgxsrecognitems.h
View File

@ -117,7 +117,7 @@ virtual void clear();
std::ostream &print(std::ostream &out, uint16_t indent = 0);
RsTlvServiceIdSet signing_classes;
RsTlvSecurityKey key; // has from->to, and flags.
RsTlvSecurityKey_deprecated key; // has from->to, and flags.
RsTlvKeySignature sign;
};

2
libretroshare/src/serialiser/rsnxsitems.cc
View File

@ -1237,7 +1237,7 @@ RsNxsGrp* RsNxsGrp::clone() const {
if(this->metaData)
{
grp->metaData = new RsGxsGrpMetaData();
*(grp->metaData) = *(this->metaData);
// *(grp->metaData) = *(this->metaData);
}
return grp;

8
libretroshare/src/serialiser/rsnxsitems.h
View File

@ -157,7 +157,8 @@ public:
virtual uint32_t serial_size() const;
RsGxsGroupId grpId ;
RsTlvSecurityKey key ;
#warning should be renamed private_key
RsTlvPrivateRSAKey key ;
};
@ -330,9 +331,12 @@ public:
* This should contains all data
* which is not specific to the Gxs service data
*/
// This is the binary data for the group meta that is sent to friends. It *should not* contain any private
// key parts. This is ensured in RsGenExchange
RsTlvBinaryData meta;
// deserialised metaData, this is not serialised
// Deserialised metaData, this is not serialised by the serialize() method. So it may contain private key parts in some cases.
RsGxsGrpMetaData* metaData;
};

6
libretroshare/src/serialiser/rstlvbase.h
View File

@ -207,8 +207,10 @@ const uint16_t TLV_TYPE_GXSCIRCLEIDSET= 0x1026;
const uint16_t TLV_TYPE_SERVICESET = 0x1030;
const uint16_t TLV_TYPE_SECURITYKEY = 0x1040;
const uint16_t TLV_TYPE_SECURITYKEYSET= 0x1041;
const uint16_t TLV_TYPE_SECURITYKEY_deprecated = 0x1040;
const uint16_t TLV_TYPE_SECURITYKEYSET = 0x1041;
const uint16_t TLV_TYPE_RSA_KEY_PUBLIC = 0x1042;
const uint16_t TLV_TYPE_RSA_KEY_PRIVATE= 0x1043;
const uint16_t TLV_TYPE_KEYSIGNATURE = 0x1050;
const uint16_t TLV_TYPE_KEYSIGNATURESET = 0x1051;

256
libretroshare/src/serialiser/rstlvkeys.cc
View File

@ -27,6 +27,7 @@
#include "rstlvkeys.h"
#include "rstlvbase.h"
#include "rsbaseserial.h"
#include "util/stacktrace.h"
#include <iostream>
@ -37,13 +38,13 @@
/************************************* RsTlvSecurityKey ************************************/
RsTlvSecurityKey::RsTlvSecurityKey()
RsTlvSecurityKey_deprecated::RsTlvSecurityKey_deprecated()
:RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY)
{
return;
}
void RsTlvSecurityKey::TlvClear()
void RsTlvSecurityKey_deprecated::TlvClear()
{
keyId.clear();
keyFlags = 0;
@ -53,7 +54,7 @@ void RsTlvSecurityKey::TlvClear()
}
/* clears keyData - but doesn't delete */
void RsTlvSecurityKey::ShallowClear()
void RsTlvSecurityKey_deprecated::ShallowClear()
{
keyId.clear();
keyFlags = 0;
@ -63,8 +64,22 @@ void RsTlvSecurityKey::ShallowClear()
keyData.bin_len = 0;
}
uint32_t RsTlvRSAKey::TlvSize() const
{
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
uint32_t RsTlvSecurityKey::TlvSize() const
/* now add comment and title length of this tlv object */
s += keyId.serial_size();
s += 4;
s += 4;
s += 4;
s += keyData.TlvSize();
return s;
}
uint32_t RsTlvSecurityKey_deprecated::TlvSize() const
{
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
@ -81,15 +96,48 @@ uint32_t RsTlvSecurityKey::TlvSize() const
s += keyData.TlvSize();
return s;
}
bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const
bool RsTlvRSAKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const
{
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
{
std::cerr << "RsTlvSecurityKey::SetTlv() Failed not enough space";
std::cerr << std::endl;
return false; /* not enough space */
}
bool ok = checkFlags(keyFlags); // check before serialise, just in case
/* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, tlvType(), tlvsize);
ok &= keyId.serialise(data, tlvend, *offset) ;
ok &= setRawUInt32(data, tlvend, offset, keyFlags);
ok &= setRawUInt32(data, tlvend, offset, startTS);
ok &= setRawUInt32(data, tlvend, offset, endTS);
ok &= keyData.SetTlv(data, tlvend, offset);
return ok;
}
bool RsTlvSecurityKey_deprecated::SetTlv(void *data, uint32_t size, uint32_t *offset) const
{
std::cerr << "(EE) Serialisation of an old security key format. Will not be done! callstack is:" << std::cerr << std::endl;
print_stacktrace() ;
#warning REMOVE THIS CODE BELOW WHEN IT IS NOT CALLED ANYMORE
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
{
//#ifdef TLV_DEBUG
@ -104,7 +152,7 @@ bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) cons
/* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize);
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY_deprecated, tlvsize);
#ifdef KEEP_OLD_SIGNATURE_SERIALISE_FORMAT
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId.toStdString());
@ -120,8 +168,7 @@ bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) cons
}
bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
bool RsTlvRSAKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
@ -139,7 +186,75 @@ bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
return false; /* not enough space */
}
if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */
if (tlvtype != tlvType()) /* check type */
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Fail, wrong type";
std::cerr << std::endl;
#endif
return false;
}
bool ok = true;
/* ready to load */
TlvClear();
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
ok &= keyId.deserialise(data, tlvend, *offset) ;
ok &= getRawUInt32(data, tlvend, offset, &(keyFlags));
ok &= getRawUInt32(data, tlvend, offset, &(startTS));
ok &= getRawUInt32(data, tlvend, offset, &(endTS));
ok &= keyData.GetTlv(data, tlvend, offset);
ok &= checkFlags(keyFlags) ;
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
*
* We must chew up the extra characters to conform with TLV specifications
***************************************************************************/
if (*offset != tlvend)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl;
#endif
*offset = tlvend;
}
if (!ok)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Failed somewhere ok == false";
std::cerr << std::endl;
#endif
}
return ok;
}
bool RsTlvSecurityKey_deprecated::GetTlv(void *data, uint32_t size, uint32_t *offset)
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Fail, not enough space";
std::cerr << std::endl;
#endif
return false; /* not enough space */
}
if (tlvtype != TLV_TYPE_SECURITYKEY_deprecated) /* check type */
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Fail, wrong type";
@ -196,7 +311,7 @@ bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
}
std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent) const
std::ostream &RsTlvSecurityKey_deprecated::print(std::ostream &out, uint16_t indent) const
{
printBase(out, "RsTlvSecurityKey", indent);
uint16_t int_Indent = indent + 2;
@ -233,7 +348,10 @@ std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent) const
void RsTlvSecurityKeySet::TlvClear()
{
groupId.clear();
keys.clear(); //empty list
#ifdef TODO
public_keys.clear(); //empty list
private_keys.clear(); //empty list
#endif
}
uint32_t RsTlvSecurityKeySet::TlvSize() const
@ -241,17 +359,13 @@ uint32_t RsTlvSecurityKeySet::TlvSize() const
uint32_t s = TLV_HEADER_SIZE; /* header */
std::map<RsGxsId, RsTlvSecurityKey>::const_iterator it;
s += GetTlvStringSize(groupId);
if(!keys.empty())
{
for(it = keys.begin(); it != keys.end() ; ++it)
s += (it->second).TlvSize();
}
for(std::map<RsGxsId, RsTlvPublicRSAKey>::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it)
s += (it->second).TlvSize();
for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it)
s += (it->second).TlvSize();
return s;
}
@ -279,17 +393,13 @@ bool RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) c
/* groupId */
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
if(!keys.empty())
{
std::map<RsGxsId, RsTlvSecurityKey>::const_iterator it;
for(it = keys.begin(); it != keys.end() ; ++it)
for(std::map<RsGxsId, RsTlvPublicRSAKey>::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it)
ok &= (it->second).SetTlv(data, size, offset);
for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it)
ok &= (it->second).SetTlv(data, size, offset);
}
return ok;
return ok;
}
@ -319,37 +429,72 @@ bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset)
/* groupId */
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId);
/* while there is TLV */
while((*offset) + 2 < tlvend)
{
/* get the next type */
uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
/* while there is TLV */
while((*offset) + 2 < tlvend)
{
/* get the next type */
uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
switch(tlvsubtype)
{
case TLV_TYPE_SECURITYKEY:
switch(tlvsubtype)
{
case TLV_TYPE_SECURITYKEY_deprecated:
{
RsTlvSecurityKey_deprecated key;
ok &= key.GetTlv(data, size, offset);
if (ok)
{
RsTlvSecurityKey key;
ok &= key.GetTlv(data, size, offset);
if (ok)
{
keys[key.keyId] = key;
key.TlvClear(); /* so that the Map can get control - should be ref counted*/
}
std::cerr << "(WW) read RSA key with old format. Will be converted to new format. Flags=" << std::hex << key.keyFlags << std::dec << std::endl;
if(key.keyFlags & RSTLV_KEY_TYPE_FULL)
private_keys[key.keyId] = RsTlvPrivateRSAKey(key);
else
public_keys[key.keyId] = RsTlvPublicRSAKey(key);
key.TlvClear(); /* so that the Map can get control - should be ref counted*/
}
break;
default:
ok &= SkipUnknownTlv(data, tlvend, offset);
break;
}
break ;
}
case TLV_TYPE_RSA_KEY_PRIVATE:
{
RsTlvPrivateRSAKey key;
if (!ok)
if(key.GetTlv(data, size, offset))
private_keys[key.keyId] = key;
else
ok = false ;
key.TlvClear(); /* so that the Map can get control - should be ref counted*/
}
break;
case TLV_TYPE_RSA_KEY_PUBLIC:
{
RsTlvPublicRSAKey key;
if(key.GetTlv(data, size, offset))
public_keys[key.keyId] = key;
else
ok = false ;
key.TlvClear(); /* so that the Map can get control - should be ref counted*/
}
break;
default:
ok &= SkipUnknownTlv(data, tlvend, offset);
break;
}
if (!ok)
break;
}
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
@ -378,8 +523,9 @@ std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent) con
out << "GroupId: " << groupId;
out << std::endl;
std::map<RsGxsId, RsTlvSecurityKey>::const_iterator it;
for(it = keys.begin(); it != keys.end() ; ++it)
for( std::map<RsGxsId, RsTlvPublicRSAKey>::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it)
(it->second).print(out, int_Indent);
for( std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it)
(it->second).print(out, int_Indent);
printEnd(out, "RsTlvSecurityKeySet", indent);

88
libretroshare/src/serialiser/rstlvkeys.h
View File

@ -31,6 +31,7 @@
#include "serialiser/rstlvitem.h"
#include "serialiser/rstlvbinary.h"
#include "serialiser/rstlvbase.h"
#include "retroshare/rsgxsifacetypes.h"
#include <map>
@ -46,11 +47,13 @@ const uint32_t RSTLV_KEY_DISTRIB_ADMIN = 0x0040;
const uint32_t RSTLV_KEY_DISTRIB_IDENTITY = 0x0080;
const uint32_t RSTLV_KEY_DISTRIB_MASK = 0x00f0;
class RsTlvSecurityKey: public RsTlvItem
// Old class for RsTlvSecurityKey. Is kept for backward compatibility, but should not be serialised anymore
class RsTlvSecurityKey_deprecated: public RsTlvItem
{
public:
RsTlvSecurityKey();
virtual ~RsTlvSecurityKey() {}
RsTlvSecurityKey_deprecated();
virtual ~RsTlvSecurityKey_deprecated() {}
virtual uint32_t TlvSize() const;
virtual void TlvClear();
@ -61,26 +64,83 @@ class RsTlvSecurityKey: public RsTlvItem
/* clears KeyData - but doesn't delete - to transfer ownership */
void ShallowClear();
RsGxsId keyId; // Mandatory :
RsGxsId keyId; // Mandatory :
uint32_t keyFlags; // Mandatory ;
uint32_t startTS; // Mandatory :
uint32_t endTS; // Mandatory :
RsTlvBinaryData keyData; // Mandatory :
};
class RsTlvRSAKey
{
public:
virtual uint32_t tlvType() const = 0 ;
virtual bool checkFlags(uint32_t flags) const = 0 ;
virtual uint32_t TlvSize() const;
virtual void TlvClear();
virtual bool SetTlv(void *data, uint32_t size, uint32_t *offset) const;
virtual bool GetTlv(void *data, uint32_t size, uint32_t *offset);
virtual std::ostream &print(std::ostream &out, uint16_t indent) const;
/* clears KeyData - but doesn't delete - to transfer ownership */
void ShallowClear();
bool check() const { return checkFlags(keyFlags) && (!keyId.isNull()) ; }
RsGxsId keyId; // Mandatory :
uint32_t keyFlags; // Mandatory ;
uint32_t startTS; // Mandatory :
uint32_t endTS; // Mandatory :
RsTlvBinaryData keyData; // Mandatory :
};
// The two classes below are by design incompatible, making it impossible to pass a private key as a public key
class RsTlvPrivateRSAKey: public RsTlvRSAKey
{
public:
RsTlvPrivateRSAKey();
explicit RsTlvPrivateRSAKey(RsTlvSecurityKey_deprecated& key); // convertion tool. Should be called explicitely and performs some checks
virtual ~RsTlvPrivateRSAKey() {}
virtual bool checkFlags(uint32_t flags) const { return bool(flags & RSTLV_KEY_TYPE_FULL) && !bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) ; }
virtual uint32_t tlvType() const { return TLV_TYPE_RSA_KEY_PRIVATE ; }
};
class RsTlvPublicRSAKey: public RsTlvRSAKey
{
#warning TEST IF WE CAN CONVERT PUBLIC TO PRIVATE AND VIS VERSA. NORMALLY WE SHOULDNT
public:
RsTlvPublicRSAKey();
virtual ~RsTlvPublicRSAKey() {}
explicit RsTlvPublicRSAKey(RsTlvSecurityKey_deprecated& key); // convertion tool. Should be called explicitely and performs some checks
virtual bool checkFlags(uint32_t flags) const { return bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && !bool(flags & RSTLV_KEY_TYPE_FULL) ; }
virtual uint32_t tlvType() const { return TLV_TYPE_RSA_KEY_PUBLIC ; }
};
class RsTlvSecurityKeySet: public RsTlvItem
{
public:
RsTlvSecurityKeySet() { return; }
virtual ~RsTlvSecurityKeySet() { return; }
virtual uint32_t TlvSize() const;
virtual void TlvClear();
virtual bool SetTlv(void *data, uint32_t size, uint32_t *offset) const;
virtual bool GetTlv(void *data, uint32_t size, uint32_t *offset);
virtual std::ostream &print(std::ostream &out, uint16_t indent) const;
public:
RsTlvSecurityKeySet() { return; }
virtual ~RsTlvSecurityKeySet() { return; }
void initFromPublicKeys(const RsTlvSecurityKeySet& skset) ;
virtual uint32_t TlvSize() const;
virtual void TlvClear();
virtual bool SetTlv(void *data, uint32_t size, uint32_t *offset) const;
virtual bool GetTlv(void *data, uint32_t size, uint32_t *offset);
virtual std::ostream &print(std::ostream &out, uint16_t indent) const;
std::string groupId; // Mandatory :
std::map<RsGxsId, RsTlvSecurityKey> keys; // Mandatory :
std::string groupId; // Mandatory :
std::map<RsGxsId, RsTlvPublicRSAKey> public_keys; // Mandatory :
std::map<RsGxsId, RsTlvPrivateRSAKey> private_keys; // Mandatory :
//private:
// RsTlvSecurityKeySet& operator=(const RsTlvSecurityKeySet&) { std::cerr << "(EE) " <<__PRETTY_FUNCTION__ << " shouldn't be called!" << std::endl; return *this;}
// RsTlvSecurityKeySet(const RsTlvSecurityKeySet&) { std::cerr << "(EE) " <<__PRETTY_FUNCTION__ << " shouldn't be called!" << std::endl;}
};

87
libretroshare/src/services/p3idservice.cc
View File

@ -447,7 +447,10 @@ bool p3IdService:: getIdDetails(const RsGxsId &id, RsIdentityDetails &details)
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache data;
{
RsGxsIdCache<RsTlvPublicRSAKey> data;
if (mPublicKeyCache.fetch(id, data))
{
details = data.details;
@ -464,7 +467,10 @@ bool p3IdService:: getIdDetails(const RsGxsId &id, RsIdentityDetails &details)
return true;
}
}
RsGxsIdCache<RsTlvPrivateRSAKey> data;
/* try private cache too */
if (mPrivateKeyCache.fetch(id, data))
{
@ -604,12 +610,13 @@ bool p3IdService::getRecognTagRequest(const RsGxsId &id, const std::string &comm
return false;
}
RsTlvSecurityKey key;
RsTlvPrivateRSAKey key;
std::string nickname;
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache data;
RsGxsIdCache<RsTlvPrivateRSAKey> data;
if (!mPrivateKeyCache.fetch(id, data))
{
#ifdef DEBUG_RECOGN
@ -669,11 +676,12 @@ bool p3IdService::isPendingNetworkRequest(const RsGxsId& gxsId)
return false;
}
bool p3IdService::getKey(const RsGxsId &id, RsTlvSecurityKey &key)
bool p3IdService::getKey(const RsGxsId &id, RsTlvPublicRSAKey &key)
{
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache data;
RsGxsIdCache<RsTlvPublicRSAKey> data;
if (mPublicKeyCache.fetch(id, data))
{
key = data.pubkey;
@ -695,11 +703,12 @@ bool p3IdService::requestPrivateKey(const RsGxsId &id)
return cache_request_load(id);
}
bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key)
bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key)
{
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache data;
RsGxsIdCache<RsTlvPrivateRSAKey> data;
if (mPrivateKeyCache.fetch(id, data))
{
key = data.pubkey;
@ -716,10 +725,7 @@ bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key)
bool p3IdService::signData(const uint8_t *data,uint32_t data_size,const RsGxsId& own_gxs_id,RsTlvKeySignature& signature,uint32_t& error_status)
{
//RsIdentityDetails details ;
RsTlvSecurityKey signature_key ;
//getIdDetails(own_gxs_id,details);
RsTlvPrivateRSAKey signature_key ;
int i ;
for(i=0;i<6;++i)
@ -758,7 +764,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl
{
// RsIdentityDetails details ;
// getIdDetails(signature.keyId,details);
RsTlvSecurityKey signature_key ;
RsTlvPublicRSAKey signature_key ;
for(int i=0;i< (force_load?6:1);++i)
if(!getKey(signature.keyId,signature_key) || signature_key.keyData.bin_data == NULL)
@ -793,7 +799,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl
}
bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status)
{
RsTlvSecurityKey encryption_key ;
RsTlvPublicRSAKey encryption_key ;
// get the key, and let the cache find it.
for(int i=0;i<(force_load?6:1);++i)
@ -823,7 +829,7 @@ bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_d
bool p3IdService::decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& decrypted_data,uint32_t& decrypted_size,const RsGxsId& key_id,uint32_t& error_status)
{
RsTlvSecurityKey encryption_key ;
RsTlvPrivateRSAKey encryption_key ;
// Get the key, and let the cache find it. It's our own key, so we should be able to find it, even if it takes
// some seconds.
@ -882,7 +888,8 @@ bool p3IdService::getReputation(const RsGxsId &id, GixsReputation &rep)
/* this is the key part for accepting messages */
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache data;
RsGxsIdCache<RsTlvPublicRSAKey> data;
if (mPublicKeyCache.fetch(id, data))
{
rep.id = id;
@ -1635,42 +1642,6 @@ std::string SSGxsIdGroup::save() const
*
*/
RsGxsIdCache::RsGxsIdCache()
{
return;
}
RsGxsIdCache::RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvSecurityKey &in_pkey, const std::list<RsRecognTag> &tagList)
{
// Save Keys.
pubkey = in_pkey;
// Save Time for ServiceString comparisions.
mPublishTs = item->meta.mPublishTs;
// Save RecognTags.
mRecognTags = tagList;
details.mAvatar.copy((uint8_t *) item->mImage.binData.bin_data, item->mImage.binData.bin_len);
// Fill in Details.
details.mNickname = item->meta.mGroupName;
details.mId = RsGxsId(item->meta.mGroupId);
#ifdef DEBUG_IDS
std::cerr << "RsGxsIdCache::RsGxsIdCache() for: " << details.mId;
std::cerr << std::endl;
#endif // DEBUG_IDS
details.mFlags = 0 ;
if(item->meta.mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN) details.mFlags |= RS_IDENTITY_FLAGS_IS_OWN_ID;
if(item->meta.mGroupFlags & RSGXSID_GROUPFLAG_REALID) details.mFlags |= RS_IDENTITY_FLAGS_PGP_LINKED;
/* rest must be retrived from ServiceString */
updateServiceString(item->meta.mServiceString);
}
void RsGxsIdCache::updateServiceString(std::string serviceString)
{
details.mRecognTags.clear();
@ -1894,8 +1865,8 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
/* extract key from keys */
RsTlvSecurityKeySet keySet;
RsTlvSecurityKey pubkey;
RsTlvSecurityKey fullkey;
RsTlvSecurityKey_deprecated pubkey;
RsTlvSecurityKey_deprecated fullkey;
bool pub_key_ok = false;
bool full_key_ok = false;
@ -1908,7 +1879,7 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
return false;
}
std::map<RsGxsId, RsTlvSecurityKey>::iterator kit;
std::map<RsGxsId, RsTlvSecurityKey_deprecated>::iterator kit;
//std::cerr << "p3IdService::cache_store() KeySet is:";
//keySet.print(std::cerr, 10);
@ -2367,7 +2338,7 @@ bool p3IdService::cachetest_handlerequest(uint32_t token)
}
else
{
RsTlvSecurityKey seckey;
RsTlvSecurityKey_deprecated seckey;
if (getKey(*vit, seckey))
{
#ifdef DEBUG_IDS
@ -2399,7 +2370,7 @@ bool p3IdService::cachetest_handlerequest(uint32_t token)
}
else
{
RsTlvSecurityKey seckey;
RsTlvSecurityKey_deprecated seckey;
if (getPrivateKey(*vit, seckey))
{
// success!
@ -2541,10 +2512,10 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
/********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
// find private admin key
std::map<RsGxsId, RsTlvSecurityKey>::iterator mit = keySet.keys.begin();
std::map<RsGxsId, RsTlvSecurityKey_deprecated>::iterator mit = keySet.keys.begin();
for(; mit != keySet.keys.end(); ++mit)
{
RsTlvSecurityKey& pk = mit->second;
RsTlvSecurityKey_deprecated& pk = mit->second;
if(pk.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL))
{

58
libretroshare/src/services/p3idservice.h
View File

@ -32,6 +32,7 @@
#include "gxs/rsgixs.h" // Internal Interfaces.
#include "gxs/gxstokenqueue.h"
#include "serialiser/rsgxsiditems.h"
#include <map>
#include <string>
@ -189,20 +190,49 @@ virtual std::string save() const;
class RsGxsIdGroupItem;
class RsGxsIdCache
template<class KeyClass> class RsGxsIdCache
{
public:
RsGxsIdCache();
RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvSecurityKey &in_pkey,
const std::list<RsRecognTag> &tagList);
public:
RsGxsIdCache();
void updateServiceString(std::string serviceString);
RsGxsIdCache(const RsGxsIdGroupItem *item, const KeyClass& in_pkey, const std::list<RsRecognTag> &tagList)
{
// Save Keys.
pubkey = in_pkey;
// Save Time for ServiceString comparisions.
mPublishTs = item->meta.mPublishTs;
time_t mPublishTs;
std::list<RsRecognTag> mRecognTags; // Only partially validated.
// Save RecognTags.
mRecognTags = tagList;
RsIdentityDetails details;
RsTlvSecurityKey pubkey;
details.mAvatar.copy((uint8_t *) item->mImage.binData.bin_data, item->mImage.binData.bin_len);
// Fill in Details.
details.mNickname = item->meta.mGroupName;
details.mId = RsGxsId(item->meta.mGroupId);
#ifdef DEBUG_IDS
std::cerr << "RsGxsIdCache::RsGxsIdCache() for: " << details.mId;
std::cerr << std::endl;
#endif // DEBUG_IDS
details.mFlags = 0 ;
if(item->meta.mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN) details.mFlags |= RS_IDENTITY_FLAGS_IS_OWN_ID;
if(item->meta.mGroupFlags & RSGXSID_GROUPFLAG_REALID) details.mFlags |= RS_IDENTITY_FLAGS_PGP_LINKED;
/* rest must be retrived from ServiceString */
updateServiceString(item->meta.mServiceString);
}
void updateServiceString(std::string serviceString);
time_t mPublishTs;
std::list<RsRecognTag> mRecognTags; // Only partially validated.
RsIdentityDetails details;
#warning why the "pub" here??
KeyClass pubkey;
};
@ -286,8 +316,8 @@ virtual bool setAsRegularContact(const RsGxsId& id,bool is_a_contact) ;
virtual bool haveKey(const RsGxsId &id);
virtual bool havePrivateKey(const RsGxsId &id);
virtual bool getKey(const RsGxsId &id, RsTlvSecurityKey &key);
virtual bool getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key);
virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey &key);
virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key);
virtual bool requestKey(const RsGxsId &id, const std::list<PeerId> &peers);
virtual bool requestPrivateKey(const RsGxsId &id);
@ -350,8 +380,8 @@ virtual void handle_event(uint32_t event_type, const std::string &elabel);
std::map<RsGxsId, std::list<RsPeerId> > mCacheLoad_ToCache, mPendingCache;
// Switching to RsMemCache for Key Caching.
RsMemCache<RsGxsId, RsGxsIdCache> mPublicKeyCache;
RsMemCache<RsGxsId, RsGxsIdCache> mPrivateKeyCache;
RsMemCache<RsGxsId, RsGxsIdCache<RsTlvPublicRSAKey> > mPublicKeyCache;
RsMemCache<RsGxsId, RsGxsIdCache<RsTlvPrivateRSAKey> > mPrivateKeyCache;
/************************************************************************
* Refreshing own Ids.

6
libretroshare/src/util/rsrecogn.cc
View File

@ -327,6 +327,7 @@ bool rsa_sanity_check(RSA *rsa)
}
#warning this code should be using GxsSecurity signature code. Not some own made signature call.
bool RsRecogn::signTag(EVP_PKEY *signKey, RsGxsRecognTagItem *item)
{
@ -374,6 +375,8 @@ bool RsRecogn::signTag(EVP_PKEY *signKey, RsGxsRecognTagItem *item)
return true;
}
#warning this code should be using GxsSecurity signature code. Not some own made signature call.
bool RsRecogn::signSigner(EVP_PKEY *signKey, RsGxsRecognSignerItem *item)
{
std::cerr << "RsRecogn::signSigner()";
@ -429,6 +432,7 @@ bool RsRecogn::signSigner(EVP_PKEY *signKey, RsGxsRecognSignerItem *item)
return true;
}
#warning this code should be using GxsSecurity signature code. Not some own made signature call.
bool RsRecogn::signTagRequest(EVP_PKEY *signKey, RsGxsRecognReqItem *item)
{
@ -560,7 +564,7 @@ RsGxsRecognTagItem *RsRecogn::extractTag(const std::string &encoded)
}
bool RsRecogn::createTagRequest(const RsTlvSecurityKey &key, const RsGxsId &id, const std::string &nickname, uint16_t tag_class, uint16_t tag_type, const std::string &comment, std::string &tag)
bool RsRecogn::createTagRequest(const RsTlvPrivateRSAKey &key, const RsGxsId &id, const std::string &nickname, uint16_t tag_class, uint16_t tag_type, const std::string &comment, std::string &tag)
{
EVP_PKEY *signKey = EVP_PKEY_new();
RSA *rsakey = d2i_RSAPrivateKey(NULL, (const unsigned char **)&key.keyData.bin_data, key.keyData.bin_len);

2
libretroshare/src/util/rsrecogn.h
View File

@ -52,7 +52,7 @@ std::string getRsaKeyId(RSA *pubkey);
RsGxsRecognTagItem *extractTag(const std::string &encoded);
bool createTagRequest(const RsTlvSecurityKey &key,
bool createTagRequest(const RsTlvPrivateRSAKey &key,
const RsGxsId &id, const std::string &nickname,
uint16_t tag_class, uint16_t tag_type,
const std::string &comment, std::string &tag);

4
tests/unittests/libretroshare/gxs/gen_exchange/rsdummyservices.h
View File

@ -155,8 +155,8 @@ public:
* @return a pointer to a valid profile if successful, otherwise NULL
*
*/
bool getKey(const RsGxsId &id, RsTlvSecurityKey &key){ return false; }
bool getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key){ return false; } // For signing outgoing messages.
bool getKey(const RsGxsId &id, RsTlvPrublicRSAKey& key){ return false; }
bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey& key){ return false; } // For signing outgoing messages.
private:

6
tests/unittests/libretroshare/gxs/security/gxssecurity_test.cc
View File

@ -35,8 +35,8 @@
TEST(libretroshare_gxs, GxsSecurity)
{
RsTlvSecurityKey pub_key ;
RsTlvSecurityKey priv_key ;
RsTlvSecurityKey_deprecated pub_key ;
RsTlvSecurityKey_deprecated priv_key ;
EXPECT_TRUE(GxsSecurity::generateKeyPair(pub_key,priv_key)) ;
@ -45,7 +45,7 @@ TEST(libretroshare_gxs, GxsSecurity)
EXPECT_TRUE( pub_key.keyId == priv_key.keyId );
EXPECT_TRUE( pub_key.startTS == priv_key.startTS );
RsTlvSecurityKey pub_key2 ;
RsTlvSecurityKey_deprecated pub_key2 ;
EXPECT_TRUE(GxsSecurity::extractPublicKey(priv_key,pub_key2)) ;
EXPECT_TRUE( pub_key.keyId == pub_key2.keyId );

8
tests/unittests/libretroshare/serialiser/support.cc
View File

@ -70,7 +70,7 @@ void init_item(RsTlvSecurityKeySet& ks)
RsGxsId a_str;
a_str = RsGxsId::random();
RsTlvSecurityKey& a_key = ks.keys[a_str];
RsTlvSecurityKey_deprecated& a_key = ks.keys[a_str];
init_item(a_key);
a_key.keyId = a_str;
}
@ -81,7 +81,7 @@ bool operator==(const RsTlvSecurityKeySet& l, const RsTlvSecurityKeySet& r)
if(l.groupId != r.groupId) return false;
std::map<RsGxsId, RsTlvSecurityKey>::const_iterator l_cit = l.keys.begin(),
std::map<RsGxsId, RsTlvSecurityKey_deprecated>::const_iterator l_cit = l.keys.begin(),
r_cit = r.keys.begin();
for(; l_cit != l.keys.end(); l_cit++, r_cit++){
@ -94,7 +94,7 @@ bool operator==(const RsTlvSecurityKeySet& l, const RsTlvSecurityKeySet& r)
bool operator==(const RsTlvSecurityKey& sk1, const RsTlvSecurityKey& sk2)
bool operator==(const RsTlvSecurityKey_deprecated& sk1, const RsTlvSecurityKey_deprecated& sk2)
{
if(sk1.startTS != sk2.startTS) return false;
@ -183,7 +183,7 @@ bool operator==(const RsTlvBinaryData& bd1, const RsTlvBinaryData& bd2)
}
void init_item(RsTlvSecurityKey& sk)
void init_item(RsTlvSecurityKey_deprecated& sk)
{
int randnum = rand()%313131;

4
tests/unittests/libretroshare/serialiser/support.h
View File

@ -58,7 +58,7 @@ void randString(const uint32_t, std::wstring&);
/* for testing compound tlv items */
void init_item(RsTlvSecurityKey&);
void init_item(RsTlvSecurityKey_deprecated&);
void init_item(RsTlvSecurityKeySet&);
void init_item(RsTlvKeySignature&);
void init_item(RsTlvKeySignatureSet&);
@ -70,7 +70,7 @@ void init_item(RsTlvPeerIdSet&);
void init_item(RsTlvImage&);
void init_item(RsTlvPeerIdSet&);
bool operator==(const RsTlvSecurityKey&, const RsTlvSecurityKey& );
bool operator==(const RsTlvSecurityKey_deprecated&, const RsTlvSecurityKey_deprecated& );
bool operator==(const RsTlvSecurityKeySet&, const RsTlvSecurityKeySet& );
bool operator==(const RsTlvKeySignature&, const RsTlvKeySignature& );
bool operator==(const RsTlvBinaryData&, const RsTlvBinaryData&);

4
tests/unittests/libretroshare/serialiser/tlvrandom_test.cc
View File

@ -68,7 +68,7 @@ int test_TlvRandom(void *data, uint32_t len, uint32_t offset)
uint32_t tmpoffset = 0;
/* List of all the TLV types it could be! */
RsTlvSecurityKey skey;
RsTlvSecurityKey_deprecated skey;
RsTlvSecurityKeySet skeyset;
RsTlvKeySignature keysign;
@ -114,7 +114,7 @@ int test_TlvRandom(void *data, uint32_t len, uint32_t offset)
EXPECT_TRUE(test_SetTlvItem(&kv, TLV_TYPE_KEYVALUE, data, len, offset));
EXPECT_TRUE(test_SetTlvItem(&kvset, TLV_TYPE_KEYVALUESET, data, len, offset));
std::cerr << "test_TlvRandom:: Testing Keys (TYPESET)" << std::endl;
EXPECT_TRUE(test_SetTlvItem(&skey, TLV_TYPE_SECURITYKEY, data, len, offset));
EXPECT_TRUE(test_SetTlvItem(&skey, TLV_TYPE_SECURITYKEY_deprecated, data, len, offset));
EXPECT_TRUE(test_SetTlvItem(&skeyset, TLV_TYPE_SECURITYKEYSET, data, len, offset));
EXPECT_TRUE(test_SetTlvItem(&keysign, TLV_TYPE_KEYSIGNATURE, data, len, offset));