From 590be092e5b5533cb5bd6f717c4c29d5a2387cac Mon Sep 17 00:00:00 2001 From: csoler Date: Thu, 2 Jun 2016 23:47:57 -0400 Subject: [PATCH] separated RsTlvSecurityKey into two incompatible classes to enforce the correct usage of private vs. public keys --- libretroshare/src/chat/rschatitems.h | 2 +- libretroshare/src/grouter/p3grouter.cc | 2 +- libretroshare/src/gxs/gxssecurity.cc | 62 +++-- libretroshare/src/gxs/gxssecurity.h | 24 +- libretroshare/src/gxs/rsgenexchange.cc | 201 +++++++------- libretroshare/src/gxs/rsgenexchange.h | 9 +- libretroshare/src/gxs/rsgixs.h | 4 +- libretroshare/src/gxs/rsgxsnetservice.cc | 94 +++---- libretroshare/src/gxs/rsgxsnetservice.h | 2 +- libretroshare/src/gxstunnel/p3gxstunnel.cc | 8 +- .../src/gxstunnel/rsgxstunnelitems.h | 2 +- .../src/serialiser/rsgxsrecognitems.h | 2 +- libretroshare/src/serialiser/rsnxsitems.cc | 2 +- libretroshare/src/serialiser/rsnxsitems.h | 8 +- libretroshare/src/serialiser/rstlvbase.h | 6 +- libretroshare/src/serialiser/rstlvkeys.cc | 256 ++++++++++++++---- libretroshare/src/serialiser/rstlvkeys.h | 88 +++++- libretroshare/src/services/p3idservice.cc | 87 ++---- libretroshare/src/services/p3idservice.h | 58 +++- libretroshare/src/util/rsrecogn.cc | 6 +- libretroshare/src/util/rsrecogn.h | 2 +- .../gxs/gen_exchange/rsdummyservices.h | 4 +- .../gxs/security/gxssecurity_test.cc | 6 +- .../libretroshare/serialiser/support.cc | 8 +- .../libretroshare/serialiser/support.h | 4 +- .../serialiser/tlvrandom_test.cc | 4 +- 26 files changed, 600 insertions(+), 351 deletions(-) diff --git a/libretroshare/src/chat/rschatitems.h b/libretroshare/src/chat/rschatitems.h index 8a21cb404..ab75f8cec 100644 --- a/libretroshare/src/chat/rschatitems.h +++ b/libretroshare/src/chat/rschatitems.h @@ -406,7 +406,7 @@ class RsChatDHPublicKeyItem: public RsChatItem BIGNUM *public_key ; RsTlvKeySignature signature ; // signs the public key in a row. - RsTlvSecurityKey gxs_key ; // public key of the signer + RsTlvSecurityKey_deprecated gxs_key ; // public key of the signer private: RsChatDHPublicKeyItem(const RsChatDHPublicKeyItem&) : RsChatItem(RS_PKT_SUBTYPE_DISTANT_CHAT_DH_PUBLIC_KEY) {} // make the object non copy-able diff --git a/libretroshare/src/grouter/p3grouter.cc b/libretroshare/src/grouter/p3grouter.cc index 306f72d74..9d72bca49 100644 --- a/libretroshare/src/grouter/p3grouter.cc +++ b/libretroshare/src/grouter/p3grouter.cc @@ -1958,7 +1958,7 @@ bool p3GRouter::signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& signi { try { - RsTlvSecurityKey signature_key ; + RsTlvSecurityKey_deprecated signature_key ; #ifdef GROUTER_DEBUG std::cerr << "p3GRouter::signDataItem()" << std::endl; diff --git a/libretroshare/src/gxs/gxssecurity.cc b/libretroshare/src/gxs/gxssecurity.cc index 7440a9b40..5042267ef 100644 --- a/libretroshare/src/gxs/gxssecurity.cc +++ b/libretroshare/src/gxs/gxssecurity.cc @@ -59,7 +59,7 @@ static RsGxsId getRsaKeyFingerprint(RSA *pubkey) return RsGxsId(s.toStdString().substr(0,2*CERTSIGNLEN)); } -static RSA *extractPrivateKey(const RsTlvSecurityKey & key) +static RSA *extractPrivateKey(const RsTlvPrivateRSAKey& key) { assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ; @@ -72,7 +72,7 @@ static RSA *extractPrivateKey(const RsTlvSecurityKey & key) return rsakey; } -static RSA *extractPublicKey(const RsTlvSecurityKey& key) +static RSA *extractPublicKey(const RsTlvPublicRSAKey& key) { assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ; @@ -84,18 +84,30 @@ static RSA *extractPublicKey(const RsTlvSecurityKey& key) return rsakey; } -static void setRSAPublicKeyData(RsTlvSecurityKey & key, RSA *rsa_pub) +static void setRSAPublicKeyData(RsTlvPublicRSAKey& key, RSA *rsa_pub) { + assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ; unsigned char *data = NULL ; // this works for OpenSSL > 0.9.7 int reqspace = i2d_RSAPublicKey(rsa_pub, &data); key.keyData.setBinData(data, reqspace); key.keyId = getRsaKeyFingerprint(rsa_pub); - free(data) ; + free(data) ; } -bool GxsSecurity::checkPrivateKey(const RsTlvSecurityKey& key) +static void setRSAPrivateKeyData(RsTlvPrivateRSAKey& key, RSA *rsa_pub) +{ + assert(key.keyFlags & RSTLV_KEY_TYPE_FULL) ; + unsigned char *data = NULL ; // this works for OpenSSL > 0.9.7 + int reqspace = i2d_RSAPublicKey(rsa_pub, &data); + + key.keyData.setBinData(data, reqspace); + key.keyId = getRsaKeyFingerprint(rsa_pub); + + free(data) ; +} +bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key) { #ifdef GXS_SECURITY_DEBUG std::cerr << "Checking private key " << key.keyId << " ..." << std::endl; @@ -132,7 +144,7 @@ bool GxsSecurity::checkPrivateKey(const RsTlvSecurityKey& key) return true ; } -bool GxsSecurity::checkPublicKey(const RsTlvSecurityKey& key) +bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key) { #ifdef GXS_SECURITY_DEBUG std::cerr << "Checking public key " << key.keyId << " ..." << std::endl; @@ -162,7 +174,7 @@ bool GxsSecurity::checkPublicKey(const RsTlvSecurityKey& key) return true ; } -static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv) +static void setRSAPrivateKeyData(RsTlvSecurityKey_deprecated & key, RSA *rsa_priv) { unsigned char *data = NULL ; int reqspace = i2d_RSAPrivateKey(rsa_priv, &data); @@ -173,7 +185,7 @@ static void setRSAPrivateKeyData(RsTlvSecurityKey & key, RSA *rsa_priv) free(data) ; } -bool GxsSecurity::generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& private_key) +bool GxsSecurity::generateKeyPair(RsTlvPublicRSAKey& public_key,RsTlvPrivateRSAKey& private_key) { // admin keys RSA *rsa = RSA_generate_key(2048, 65537, NULL, NULL); @@ -194,10 +206,16 @@ bool GxsSecurity::generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& RSA_free(rsa); RSA_free(rsa_pub); - return true ; + if(!(private_key.check() && public_key.check())) + { + std::cerr << "(EE) ERROR while generating keys. Something inconsistent in flags. This is probably a bad sign!" << std::endl; + return false ; + } + + return true ; } -bool GxsSecurity::extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecurityKey& public_key) +bool GxsSecurity::extractPublicKey(const RsTlvPrivateRSAKey &private_key, RsTlvPublicRSAKey &public_key) { public_key.TlvClear() ; @@ -241,7 +259,7 @@ bool GxsSecurity::extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecu return true ; } -bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign) +bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvPrivateRSAKey &privKey, RsTlvKeySignature& sign) { RSA* rsa_pub = extractPrivateKey(privKey); @@ -272,12 +290,11 @@ bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvS return ok; } -bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& key, const RsTlvKeySignature& signature) +bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const RsTlvPublicRSAKey &key, const RsTlvKeySignature& signature) { - RSA *tmpkey = (key.keyFlags & RSTLV_KEY_TYPE_FULL)?(::extractPrivateKey(key)):(::extractPublicKey(key)) ; - - RSA *rsakey = RSAPublicKey_dup(tmpkey) ; // always extract public key - RSA_free(tmpkey) ; + assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ; + + RSA *rsakey = ::extractPublicKey(key) ; if(!rsakey) { @@ -303,7 +320,7 @@ bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const R return signOk; } -bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key) +bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey& key) { #ifdef GXS_SECURITY_DEBUG std::cerr << "GxsSecurity::validateNxsMsg()"; @@ -417,7 +434,7 @@ bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& s return false; } -bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) +bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPublicRSAKey& key) { #ifdef DISTRIB_DEBUG std::cerr << "GxsSecurity::encrypt() " << std::endl; @@ -532,7 +549,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u return true; } -bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector& keys) +bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector &keys) { #ifdef DISTRIB_DEBUG std::cerr << "GxsSecurity::encrypt() " << std::endl; @@ -685,7 +702,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u } } -bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) +bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvPrivateRSAKey &key) { // Decrypts (in,inlen) into (out,outlen) using the given RSA public key. // The format of the encrypted data (in) is: @@ -791,7 +808,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, return true; } -bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector& keys) +bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector &keys) { // Decrypts (in,inlen) into (out,outlen) using one of the given RSA public keys, trying them all in a row. // The format of the encrypted data is: @@ -936,7 +953,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, return false; } } -bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key) +bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey &key) { #ifdef GXS_SECURITY_DEBUG std::cerr << "GxsSecurity::validateNxsGrp()"; @@ -974,6 +991,7 @@ bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& s #endif /* extract admin key */ +#warning Souldn't need to do that HERE!! RSA *rsakey = (key.keyFlags & RSTLV_KEY_TYPE_FULL)? d2i_RSAPrivateKey(NULL, &(keyptr), keylen): d2i_RSAPublicKey(NULL, &(keyptr), keylen); if (!rsakey) diff --git a/libretroshare/src/gxs/gxssecurity.h b/libretroshare/src/gxs/gxssecurity.h index 22ac03b98..4642cc512 100644 --- a/libretroshare/src/gxs/gxssecurity.h +++ b/libretroshare/src/gxs/gxssecurity.h @@ -45,7 +45,7 @@ class GxsSecurity /*! * Extracts a public key from a private key. */ - static bool extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecurityKey& public_key) ; + static bool extractPublicKey(const RsTlvPrivateRSAKey& private_key,RsTlvPublicRSAKey& public_key) ; /*! * Generates a public/private RSA keypair. To be used for all GXS purposes. @@ -53,7 +53,7 @@ class GxsSecurity * @param RsTlvSecurityKey private RSA key * @return true if the generate was successful, false otherwise. */ - static bool generateKeyPair(RsTlvSecurityKey& public_key,RsTlvSecurityKey& private_key) ; + static bool generateKeyPair(RsTlvPublicRSAKey &public_key, RsTlvPrivateRSAKey &private_key) ; /*! * Encrypts data using envelope encryption (taken from open ssl's evp_sealinit ) @@ -63,8 +63,8 @@ class GxsSecurity *@param in *@param inlen */ - static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) ; - static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector& keys) ; + static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPublicRSAKey& key) ; + static bool encrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const std::vector& keys) ; /** * Decrypts data using evelope decryption (taken from open ssl's evp_sealinit ) @@ -75,8 +75,8 @@ class GxsSecurity * @param inlen * @return false if encryption failed */ - static bool decrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvSecurityKey& key) ; - static bool decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector& keys); + static bool decrypt(uint8_t *&out, uint32_t &outlen, const uint8_t *in, uint32_t inlen, const RsTlvPrivateRSAKey& key) ; + static bool decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const std::vector& keys); /*! * uses grp signature to check if group has been @@ -86,7 +86,7 @@ class GxsSecurity * @param key the public key to use to check signature * @return true if group valid false otherwise */ - static bool validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key); + static bool validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey& key); /*! * Validate a msg's signature using the given public key @@ -95,7 +95,7 @@ class GxsSecurity * @param key the public key to use to check signature * @return false if verfication of signature is not passed */ - static bool validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvSecurityKey& key); + static bool validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& sign, const RsTlvPublicRSAKey &key); /*! @@ -105,7 +105,7 @@ class GxsSecurity * @param sign the signature is stored here * @return false if signature creation failed, true is signature created */ - static bool getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign); + static bool getSignature(const char *data, uint32_t data_len, const RsTlvPrivateRSAKey& privKey, RsTlvKeySignature& sign); /*! * @param data data that has been signed @@ -114,7 +114,7 @@ class GxsSecurity * @param sign Signature for the data * @return true if signature checks */ - static bool validateSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& pubKey, const RsTlvKeySignature& sign); + static bool validateSignature(const char *data, uint32_t data_len, const RsTlvPublicRSAKey& pubKey, const RsTlvKeySignature& sign); /*! * Checks that the public key has correct fingerprint and correct flags. @@ -123,8 +123,8 @@ class GxsSecurity * @return false if the key is invalid. */ - static bool checkPublicKey(const RsTlvSecurityKey &key); - static bool checkPrivateKey(const RsTlvSecurityKey &key); + static bool checkPublicKey(const RsTlvPublicRSAKey &key); + static bool checkPrivateKey(const RsTlvPrivateRSAKey &key); }; #endif // GXSSECURITY_H diff --git a/libretroshare/src/gxs/rsgenexchange.cc b/libretroshare/src/gxs/rsgenexchange.cc index 2f06786ec..3b512c90d 100644 --- a/libretroshare/src/gxs/rsgenexchange.cc +++ b/libretroshare/src/gxs/rsgenexchange.cc @@ -341,47 +341,53 @@ bool RsGenExchange::acknowledgeTokenGrp(const uint32_t& token, RsGxsGroupId& grp return true; } -void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet, bool genPublishKeys) +void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet, bool genPublishKeys) { - /* create Keys */ - RsTlvSecurityKey adminKey, privAdminKey; - GxsSecurity::generateKeyPair(adminKey,privAdminKey) ; + /* create Keys */ + RsTlvPublicRSAKey pubAdminKey ; + RsTlvPrivateRSAKey privAdminKey; - // for now all public - adminKey.keyFlags = RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_PUBLIC_ONLY; - privAdminKey.keyFlags = RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL; + GxsSecurity::generateKeyPair(pubAdminKey,privAdminKey) ; - publickeySet.keys[adminKey.keyId] = adminKey; - privatekeySet.keys[privAdminKey.keyId] = privAdminKey; + // for now all public + pubAdminKey.keyFlags |= RSTLV_KEY_DISTRIB_ADMIN ; + privAdminKey.keyFlags |= RSTLV_KEY_DISTRIB_ADMIN ; - if(genPublishKeys) + keySet.public_keys[pubAdminKey.keyId] = pubAdminKey; + keySet.private_keys[privAdminKey.keyId] = privAdminKey; + + if(genPublishKeys) + { + /* set publish keys */ + RsTlvPublicRSAKey pubPublishKey ; + RsTlvPrivateRSAKey privPublishKey; + + GxsSecurity::generateKeyPair(pubPublishKey,privPublishKey) ; + + // for now all public + pubPublishKey.keyFlags |= RSTLV_KEY_DISTRIB_PUBLISH ; + privPublishKey.keyFlags |= RSTLV_KEY_DISTRIB_PUBLISH ; + + keySet.public_keys[pubPublishKey.keyId] = pubPublishKey; + keySet.private_keys[privPublishKey.keyId] = privPublishKey; + } +} + +void RsGenExchange::generatePublicFromPrivateKeys(RsTlvSecurityKeySet& keySet) +{ + // actually just copy settings of one key except mark its key flags public + + keySet.public_keys.clear() ; + + for(std::map::const_iterator cit=keySet.private_keys.begin(); cit != keySet.private_keys.end(); ++cit) { - /* set publish keys */ - RsTlvSecurityKey publishKey, privPublishKey; - GxsSecurity::generateKeyPair(publishKey,privPublishKey) ; - - // for now all public - publishKey.keyFlags = RSTLV_KEY_DISTRIB_PUBLISH | RSTLV_KEY_TYPE_PUBLIC_ONLY; - privPublishKey.keyFlags = RSTLV_KEY_DISTRIB_PUBLISH | RSTLV_KEY_TYPE_FULL; - - publickeySet.keys[publishKey.keyId] = publishKey; - privatekeySet.keys[privPublishKey.keyId] = privPublishKey; + RsTlvPublicRSAKey pubkey ; + if(GxsSecurity::extractPublicKey(cit->second,pubkey)) + keySet.public_keys.insert(std::make_pair(pubkey.keyId, pubkey)); } } -void RsGenExchange::generatePublicFromPrivateKeys(const RsTlvSecurityKeySet &privatekeySet, RsTlvSecurityKeySet &publickeySet) -{ - // actually just copy settings of one key except mark its key flags public - - publickeySet = RsTlvSecurityKeySet() ; - RsTlvSecurityKey pubkey ; - - for(std::map::const_iterator cit=privatekeySet.keys.begin(); cit != privatekeySet.keys.end(); ++cit) - if(GxsSecurity::extractPublicKey(cit->second,pubkey)) - publickeySet.keys.insert(std::make_pair(pubkey.keyId, pubkey)); -} - -uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKeySet, RsTlvSecurityKeySet& publicKeySet) +uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& keySet) { #ifdef GEN_EXCH_DEBUG std::cerr << "RsGenExchange::createGroup()"; @@ -393,19 +399,18 @@ uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKe /* add public admin and publish keys to grp */ // find private admin key - RsTlvSecurityKey privAdminKey; - std::map::iterator mit = privateKeySet.keys.begin(); - + RsTlvPrivateRSAKey privAdminKey; bool privKeyFound = false; // private admin key - for(; mit != privateKeySet.keys.end(); ++mit) + + for( std::map::iterator mit = keySet.private_keys.begin(); mit != keySet.private_keys.end(); ++mit) { - RsTlvSecurityKey& key = mit->second; + RsTlvPrivateRSAKey& key = mit->second; if((key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (key.keyFlags & RSTLV_KEY_TYPE_FULL)) { privAdminKey = key; privKeyFound = true; - break ; + break ; } } @@ -417,13 +422,17 @@ uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKe return false; } - meta->keys = publicKeySet; // only public keys are included to be transported + // only public keys are included to be transported. The 2nd line below is very important. + + meta->keys = keySet; + meta->keys.private_keys.clear() ; // group is self signing // for the creation of group signature // only public admin and publish keys are present in meta uint32_t metaDataLen = meta->serial_size(RS_GXS_GRP_META_DATA_CURRENT_API_VERSION); uint32_t allGrpDataLen = metaDataLen + grp->grp.bin_len; + char* metaData = new char[metaDataLen]; char* allGrpData = new char[allGrpDataLen]; // msgData + metaData @@ -503,12 +512,11 @@ int RsGenExchange::createGroupSignatures(RsTlvKeySignatureSet& signSet, RsTlvBin if(haveKey) { - RsTlvSecurityKey authorKey; + RsTlvPrivateRSAKey authorKey; mGixs->getPrivateKey(grpMeta.mAuthorId, authorKey); RsTlvKeySignature sign; - if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, - authorKey, sign)) + if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, authorKey, sign)) { id_ret = SIGN_SUCCESS; mGixs->timeStampKey(grpMeta.mAuthorId) ; @@ -623,12 +631,12 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar if(needPublishSign) { // public and shared is publish key - RsTlvSecurityKeySet& keys = grpMeta.keys; - RsTlvSecurityKey* publishKey; + const RsTlvSecurityKeySet& keys = grpMeta.keys; + const RsTlvPrivateRSAKey *publishKey; - std::map::iterator mit = - keys.keys.begin(), mit_end = keys.keys.end(); + std::map::const_iterator mit = keys.private_keys.begin(), mit_end = keys.private_keys.end(); bool publish_key_found = false; + for(; mit != mit_end; ++mit) { @@ -672,7 +680,7 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar if(haveKey) { - RsTlvSecurityKey authorKey; + RsTlvPrivateRSAKey authorKey; mGixs->getPrivateKey(msgMeta.mAuthorId, authorKey); RsTlvKeySignature sign; @@ -841,13 +849,13 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin { RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_PUBLISH]; - std::map& keys = grpKeySet.keys; - std::map::iterator mit = keys.begin(); + std::map& keys = grpKeySet.public_keys; + std::map::iterator mit = keys.begin(); RsGxsId keyId; for(; mit != keys.end() ; ++mit) { - RsTlvSecurityKey& key = mit->second; + RsTlvPublicRSAKey& key = mit->second; if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLIC_deprecated) { @@ -865,7 +873,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin if(!keyId.isNull()) { - RsTlvSecurityKey& key = keys[keyId]; + RsTlvPublicRSAKey& key = keys[keyId]; publishValidate &= GxsSecurity::validateNxsMsg(*msg, sign, key); } else @@ -889,7 +897,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin if(haveKey) { - RsTlvSecurityKey authorKey; + RsTlvPublicRSAKey authorKey; bool auth_key_fetched = mGixs->getKey(metaData.mAuthorId, authorKey) ; if (auth_key_fetched) @@ -1008,7 +1016,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp) std::cerr << " have ID key in cache: yes" << std::endl; #endif - RsTlvSecurityKey authorKey; + RsTlvPublicRSAKey authorKey; bool auth_key_fetched = mGixs->getKey(metaData.mAuthorId, authorKey) ; if (auth_key_fetched) @@ -2155,20 +2163,21 @@ void RsGenExchange::processGroupUpdatePublish() //gup.grpItem->meta = *meta; GxsGrpPendingSign ggps(gup.grpItem, gup.mToken); - bool publishAndAdminPrivatePresent = checkKeys(meta->keys); - - if(publishAndAdminPrivatePresent) + if(checkKeys(meta->keys)) { - ggps.mPrivateKeys = meta->keys; - generatePublicFromPrivateKeys(ggps.mPrivateKeys, ggps.mPublicKeys); + ggps.mKeys = meta->keys; + generatePublicFromPrivateKeys(ggps.mKeys); ggps.mHaveKeys = true; ggps.mStartTS = time(NULL); ggps.mLastAttemptTS = 0; ggps.mIsUpdate = true; ggps.mToken = gup.mToken; mGrpsToPublish.push_back(ggps); - }else + } + else { + std::cerr << "(EE) publish group fails because RS cannot find the private publish and author keys" << std::endl; + delete gup.grpItem; mDataAccess->updatePublicRequestStatus(gup.mToken, RsTokenService::GXS_REQUEST_V2_STATUS_FAILED); } @@ -2291,14 +2300,15 @@ void RsGenExchange::processMessageDelete() bool RsGenExchange::checkKeys(const RsTlvSecurityKeySet& keySet) { - typedef std::map keyMap; - const keyMap& allKeys = keySet.keys; + typedef std::map keyMap; + const keyMap& allKeys = keySet.private_keys; keyMap::const_iterator cit = allKeys.begin(); + bool adminFound = false, publishFound = false; for(; cit != allKeys.end(); ++cit) { - const RsTlvSecurityKey& key = cit->second; - if(key.keyFlags & RSTLV_KEY_TYPE_FULL) + const RsTlvPrivateRSAKey& key = cit->second; + if(key.keyFlags & RSTLV_KEY_TYPE_FULL) // this one is not useful. Just a security. { if(key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) adminFound = true; @@ -2307,6 +2317,11 @@ bool RsGenExchange::checkKeys(const RsTlvSecurityKeySet& keySet) publishFound = true; } + else if(key.keyFlags & RSTLV_KEY_TYPE_PUBLIC_ONLY) // this one is not useful. Just a security. + { + std::cerr << "(EE) found a public only key in the private key list" << std::endl; + return false ; + } } // user must have both private and public parts of publish and admin keys @@ -2345,29 +2360,23 @@ void RsGenExchange::publishGrps() RsNxsGrp* grp = new RsNxsGrp(mServType); RsGxsGrpItem* grpItem = ggps.mItem; - RsTlvSecurityKeySet privatekeySet, publicKeySet; + RsTlvSecurityKeySet fullKeySet; if(!(ggps.mHaveKeys)) { - generateGroupKeys(privatekeySet, publicKeySet, true); + generateGroupKeys(fullKeySet, true); ggps.mHaveKeys = true; - ggps.mPrivateKeys = privatekeySet; - ggps.mPublicKeys = publicKeySet; + ggps.mKeys = fullKeySet; } else - { - privatekeySet = ggps.mPrivateKeys; - publicKeySet = ggps.mPublicKeys; - } - - // find private admin key - RsTlvSecurityKey privAdminKey; - std::map::iterator mit_keys = privatekeySet.keys.begin(); + fullKeySet = ggps.mKeys; + // find private admin key + RsTlvPrivateRSAKey privAdminKey; bool privKeyFound = false; - for(; mit_keys != privatekeySet.keys.end(); ++mit_keys) + for(std::map::iterator mit_keys = fullKeySet.private_keys.begin(); mit_keys != fullKeySet.private_keys.end(); ++mit_keys) { - RsTlvSecurityKey& key = mit_keys->second; + RsTlvPrivateRSAKey& key = mit_keys->second; if(key.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL)) { @@ -2383,8 +2392,7 @@ void RsGenExchange::publishGrps() // get group id from private admin key id grpItem->meta.mGroupId = grp->grpId = RsGxsGroupId(privAdminKey.keyId); - ServiceCreate_Return ret = service_CreateGroup(grpItem, privatekeySet); - + ServiceCreate_Return ret = service_CreateGroup(grpItem, fullKeySet); bool serialOk = false, servCreateOk; @@ -2412,7 +2420,7 @@ void RsGenExchange::publishGrps() grp->metaData->mSubscribeFlags = GXS_SERV::GROUP_SUBSCRIBE_ADMIN | GXS_SERV::GROUP_SUBSCRIBE_SUBSCRIBED | GXS_SERV::GROUP_SUBSCRIBE_PUBLISH; - create = createGroup(grp, privatekeySet, publicKeySet); + create = createGroup(grp, fullKeySet); #ifdef GEN_EXCH_DEBUG std::cerr << "RsGenExchange::publishGrps() "; @@ -2424,15 +2432,22 @@ void RsGenExchange::publishGrps() if(create == CREATE_SUCCESS) { + // Here we need to make sure that no private keys are included. This is very important since private keys + // can be used to modify the group. Normally the private key set is whiped out by createGroup, but + grp->metaData->keys.private_keys.clear() ; + uint32_t mdSize = grp->metaData->serial_size(RS_GXS_GRP_META_DATA_CURRENT_API_VERSION); - char* metaData = new char[mdSize]; - serialOk = grp->metaData->serialise(metaData, mdSize,RS_GXS_GRP_META_DATA_CURRENT_API_VERSION); - grp->meta.setBinData(metaData, mdSize); - delete[] metaData; + + { + RsTemporaryMemory metaData(mdSize); + serialOk = grp->metaData->serialise(metaData, mdSize,RS_GXS_GRP_META_DATA_CURRENT_API_VERSION); +#warning TODO: grp->meta should be renamed grp->public_meta ! + grp->meta.setBinData(metaData, mdSize); + } - // place back private keys for publisher - grp->metaData->keys = privatekeySet; + // Place back private keys for publisher and database storage + grp->metaData->keys.private_keys = fullKeySet.private_keys; if(mDataStore->validSize(grp) && serialOk) { @@ -2443,10 +2458,10 @@ void RsGenExchange::publishGrps() if(ggps.mIsUpdate) mDataAccess->updateGroupData(grp); else - mDataAccess->addGroupData(grp); - - if(mNetService!=NULL) - mNetService->subscribeStatusChanged(grpId,true) ; + mDataAccess->addGroupData(grp); +#warning this is bad: addGroupData/updateGroupData actially deletes grp. But it may be used below? grp should be a class object and not deleted manually! + if(mNetService!=NULL) + mNetService->subscribeStatusChanged(grpId,true) ; } else { @@ -3074,8 +3089,8 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp) RsTlvKeySignature adminSign = mit->second; - std::map& keys = oldGrpMeta.keys.keys; - std::map::iterator keyMit = keys.find(RsGxsId(oldGrpMeta.mGroupId)); + std::map& keys = oldGrpMeta.keys.public_keys; + std::map::iterator keyMit = keys.find(RsGxsId(oldGrpMeta.mGroupId)); if(keyMit == keys.end()) { diff --git a/libretroshare/src/gxs/rsgenexchange.h b/libretroshare/src/gxs/rsgenexchange.h index 4707f8ee2..2b72c9d5e 100644 --- a/libretroshare/src/gxs/rsgenexchange.h +++ b/libretroshare/src/gxs/rsgenexchange.h @@ -79,8 +79,7 @@ public: RsGxsGrpItem* mItem; bool mHaveKeys; // mKeys->first == true if key present bool mIsUpdate; - RsTlvSecurityKeySet mPrivateKeys; - RsTlvSecurityKeySet mPublicKeys; + RsTlvSecurityKeySet mKeys; }; typedef std::map > GxsMsgDataMap; @@ -694,7 +693,7 @@ private: * @return CREATE_SUCCESS for success, CREATE_FAIL for fail, * CREATE_FAIL_TRY_LATER for Id sign key not avail (but requested) */ - uint8_t createGroup(RsNxsGrp* grp, RsTlvSecurityKeySet& privateKeySet, RsTlvSecurityKeySet& publicKeySet); + uint8_t createGroup(RsNxsGrp* grp, RsTlvSecurityKeySet& keySet); /*! * This completes the creation of an instance on RsNxsMsg @@ -742,7 +741,7 @@ private: * @param publickeySet contains public generated keys (counterpart of private) * @param genPublicKeys should publish key pair also be generated */ - void generateGroupKeys(RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet, bool genPublishKeys); + void generateGroupKeys(RsTlvSecurityKeySet& keySet, bool genPublishKeys); /*! * Generate public set of keys from their private counterparts @@ -751,7 +750,7 @@ private: * @param publickeySet contains public generated keys (counterpart of private) * @return false if key gen failed for a key set */ - void generatePublicFromPrivateKeys(const RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet); + void generatePublicFromPrivateKeys(RsTlvSecurityKeySet& keySet); /*! * Attempts to validate msg signatures diff --git a/libretroshare/src/gxs/rsgixs.h b/libretroshare/src/gxs/rsgixs.h index 5c19f6067..bdb58337c 100644 --- a/libretroshare/src/gxs/rsgixs.h +++ b/libretroshare/src/gxs/rsgixs.h @@ -160,8 +160,8 @@ public: * @return a pointer to a valid profile if successful, otherwise NULL * */ - virtual bool getKey(const RsGxsId &id, RsTlvSecurityKey &key) = 0; - virtual bool getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key) = 0; // For signing outgoing messages. + virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey& key) = 0; + virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey& key) = 0; // For signing outgoing messages. virtual bool getIdDetails(const RsGxsId& id, RsIdentityDetails& details) = 0 ; // Proxy function so that we get p3Identity info from Gxs }; diff --git a/libretroshare/src/gxs/rsgxsnetservice.cc b/libretroshare/src/gxs/rsgxsnetservice.cc index eb8fc6f3a..dae7b5089 100644 --- a/libretroshare/src/gxs/rsgxsnetservice.cc +++ b/libretroshare/src/gxs/rsgxsnetservice.cc @@ -3297,6 +3297,7 @@ void RsGxsNetService::locked_genSendGrpsTransaction(NxsTransaction* tr) RsPeerId peerId = tr->mTransaction->PeerId(); for(;mit != grps.end(); ++mit) { +#warning Should make sure that no private key information is sneaked in here for the grp mit->second->PeerId(peerId); // set so it gets sent to right peer mit->second->transactionNumber = transN; newTr->mItems.push_back(mit->second); @@ -3694,11 +3695,11 @@ bool RsGxsNetService::encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId& #ifdef NXS_NET_DEBUG_7 GXSNETDEBUG_P_ (item->PeerId()) << " Dest Ids: " << std::endl; #endif - std::vector recipient_keys ; + std::vector recipient_keys ; for(std::list::const_iterator it(recipients.begin());it!=recipients.end();++it) { - RsTlvSecurityKey pkey ; + RsTlvPublicRSAKey pkey ; if(!mGixs->getKey(*it,pkey)) { @@ -3770,7 +3771,7 @@ bool RsGxsNetService::processTransactionForDecryption(NxsTransaction *tr) #endif std::list decrypted_items ; - std::vector private_keys ; + std::vector private_keys ; // get all private keys. Normally we should look into the circle name and only supply the keys that we have @@ -3806,13 +3807,13 @@ bool RsGxsNetService::processTransactionForDecryption(NxsTransaction *tr) return true ; } -bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *& nxsitem,std::vector *pprivate_keys) +bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *& nxsitem,std::vector *pprivate_keys) { // if private_keys storage is supplied use/update them, otherwise, find which key should be used, and store them in a local std::vector. nxsitem = NULL ; - std::vector local_keys ; - std::vector& private_keys = pprivate_keys?(*pprivate_keys):local_keys ; + std::vector local_keys ; + std::vector& private_keys = pprivate_keys?(*pprivate_keys):local_keys ; // we need the private keys to decrypt the item. First load them in! bool key_loading_failed = false ; @@ -3828,7 +3829,7 @@ bool RsGxsNetService::decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypt for(std::list::const_iterator it(own_keys.begin());it!=own_keys.end();++it) { - RsTlvSecurityKey private_key ; + RsTlvPrivateRSAKey private_key ; if(mGixs->getPrivateKey(*it,private_key)) { @@ -4848,9 +4849,9 @@ void RsGxsNetService::sharePublishKeysPending() const RsTlvSecurityKeySet& keys = grpMeta->keys; - std::map::const_iterator kit = keys.keys.begin(), kit_end = keys.keys.end(); + std::map::const_iterator kit = keys.private_keys.begin(), kit_end = keys.private_keys.end(); bool publish_key_found = false; - RsTlvSecurityKey publishKey ; + RsTlvPrivateRSAKey publishKey ; for(; kit != kit_end && !publish_key_found; ++kit) { @@ -4900,7 +4901,7 @@ void RsGxsNetService::sharePublishKeysPending() void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item) { #ifdef NXS_NET_DEBUG_3 - GXSNETDEBUG_PG(item->PeerId(),item->grpId) << "RsGxsNetService::sharePublishKeys() " << std::endl; + GXSNETDEBUG_PG(item->PeerId(),item->grpId) << "RsGxsNetService::sharePublishKeys() " << std::endl; #endif if (!item) @@ -4909,62 +4910,61 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item) RS_STACK_MUTEX(mNxsMutex) ; #ifdef NXS_NET_DEBUG_3 - GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " PeerId : " << item->PeerId() << std::endl; - GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " GrpId: " << item->grpId << std::endl; - GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " Got key Item: " << item->key.keyId << std::endl; + GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " PeerId : " << item->PeerId() << std::endl; + GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " GrpId: " << item->grpId << std::endl; + GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " Got key Item: " << item->key.keyId << std::endl; #endif - // Get the meta data for this group Id - // - RsGxsMetaDataTemporaryMap grpMetaMap; - grpMetaMap[item->grpId] = NULL; - - mDataStore->retrieveGxsGrpMetaData(grpMetaMap); + // Get the meta data for this group Id + // + RsGxsMetaDataTemporaryMap grpMetaMap; + grpMetaMap[item->grpId] = NULL; - // update the publish keys in this group meta info + mDataStore->retrieveGxsGrpMetaData(grpMetaMap); - RsGxsGrpMetaData *grpMeta = grpMetaMap[item->grpId] ; + // update the publish keys in this group meta info - // Check that the keys correspond, and that FULL keys are supplied, etc. + RsGxsGrpMetaData *grpMeta = grpMetaMap[item->grpId] ; + + // Check that the keys correspond, and that FULL keys are supplied, etc. #ifdef NXS_NET_DEBUG_3 - GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key received: " << std::endl; + GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key received: " << std::endl; #endif - bool admin = (item->key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ; - bool publi = (item->key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ; + bool admin = (item->key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ; + bool publi = (item->key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ; #ifdef NXS_NET_DEBUG_3 - GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->key.endTS << std::endl; + GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->key.endTS << std::endl; #endif - if(!(!admin && publi)) - { - std::cerr << " Key is not a publish private key. Discarding!" << std::endl; - return ; - } - // Also check that we don't already have full keys for that group. - - std::map::iterator it = grpMeta->keys.keys.find(item->key.keyId) ; + if(!(!admin && publi)) + { + std::cerr << " Key is not a publish private key. Discarding!" << std::endl; + return ; + } + // Also check that we don't already have full keys for that group. - if(it == grpMeta->keys.keys.end()) - { - std::cerr << " (EE) Key not found in known group keys. This is an inconsistency." << std::endl; - return ; - } + if(grpMeta->keys.public_keys.find(item->key.keyId) == grpMeta->keys.public_keys.end()) + { + std::cerr << " (EE) Key not found in known group keys. This is an inconsistency." << std::endl; + return ; + } - if((it->second.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (it->second.keyFlags & RSTLV_KEY_TYPE_FULL)) - { + if(grpMeta->keys.private_keys.find(item->key.keyId) != grpMeta->keys.private_keys.end()) + { #ifdef NXS_NET_DEBUG_3 - GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " (EE) Publish key already present in database. Discarding message." << std::endl; + GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " (EE) Publish key already present in database. Discarding message." << std::endl; #endif - return ; - } + return ; + } - // Store/update the info. + // Store/update the info. - it->second = item->key ; - bool ret = mDataStore->updateGroupKeys(item->grpId,grpMeta->keys, grpMeta->mSubscribeFlags | GXS_SERV::GROUP_SUBSCRIBE_PUBLISH) ; + grpMeta->keys.private_keys[item->key.keyId] = item->key ; + + bool ret = mDataStore->updateGroupKeys(item->grpId,grpMeta->keys, grpMeta->mSubscribeFlags | GXS_SERV::GROUP_SUBSCRIBE_PUBLISH) ; if(ret) { diff --git a/libretroshare/src/gxs/rsgxsnetservice.h b/libretroshare/src/gxs/rsgxsnetservice.h index e9556701c..3ed83960a 100644 --- a/libretroshare/src/gxs/rsgxsnetservice.h +++ b/libretroshare/src/gxs/rsgxsnetservice.h @@ -455,7 +455,7 @@ private: * encrypts/decrypts the transaction for the destination circle id. */ bool encryptSingleNxsItem(RsNxsItem *item, const RsGxsCircleId& destination_circle, const RsGxsGroupId &destination_group, RsNxsItem *& encrypted_item, uint32_t &status) ; - bool decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *&nxsitem, std::vector *private_keys=NULL); + bool decryptSingleNxsItem(const RsNxsEncryptedDataItem *encrypted_item, RsNxsItem *&nxsitem, std::vector *private_keys=NULL); bool processTransactionForDecryption(NxsTransaction *tr); // return false when the keys are not loaded => need retry later void cleanRejectedMessages(); diff --git a/libretroshare/src/gxstunnel/p3gxstunnel.cc b/libretroshare/src/gxstunnel/p3gxstunnel.cc index eb0c32812..38d2b8525 100644 --- a/libretroshare/src/gxstunnel/p3gxstunnel.cc +++ b/libretroshare/src/gxstunnel/p3gxstunnel.cc @@ -890,7 +890,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item) RsTemporaryMemory data(pubkey_size) ; BN_bn2bin(item->public_key, data) ; - RsTlvSecurityKey signature_key ; + RsTlvPublicRSAKey signature_key ; // We need to get the key of the sender, but if the key is not cached, we // need to get it first. So we let the system work for 2-3 seconds before @@ -1059,9 +1059,9 @@ bool p3GxsTunnelService::locked_sendDHPublicKey(const DH *dh,const RsGxsId& own_ // we should also sign the data and check the signature on the other end. // - RsTlvKeySignature signature ; - RsTlvSecurityKey signature_key ; - RsTlvSecurityKey signature_key_public ; + RsTlvKeySignature signature ; + RsTlvPrivateRSAKey signature_key ; + RsTlvPublicRSAKey signature_key_public ; uint32_t error_status ; diff --git a/libretroshare/src/gxstunnel/rsgxstunnelitems.h b/libretroshare/src/gxstunnel/rsgxstunnelitems.h index dac8ab60a..c23a8b9a1 100644 --- a/libretroshare/src/gxstunnel/rsgxstunnelitems.h +++ b/libretroshare/src/gxstunnel/rsgxstunnelitems.h @@ -146,7 +146,7 @@ class RsGxsTunnelDHPublicKeyItem: public RsGxsTunnelItem BIGNUM *public_key ; RsTlvKeySignature signature ; // signs the public key in a row. - RsTlvSecurityKey gxs_key ; // public key of the signer + RsTlvPublicRSAKey gxs_key ; // public key of the signer private: // make the object non copy-able diff --git a/libretroshare/src/serialiser/rsgxsrecognitems.h b/libretroshare/src/serialiser/rsgxsrecognitems.h index 5d75db34a..fedc7eafb 100644 --- a/libretroshare/src/serialiser/rsgxsrecognitems.h +++ b/libretroshare/src/serialiser/rsgxsrecognitems.h @@ -117,7 +117,7 @@ virtual void clear(); std::ostream &print(std::ostream &out, uint16_t indent = 0); RsTlvServiceIdSet signing_classes; - RsTlvSecurityKey key; // has from->to, and flags. + RsTlvSecurityKey_deprecated key; // has from->to, and flags. RsTlvKeySignature sign; }; diff --git a/libretroshare/src/serialiser/rsnxsitems.cc b/libretroshare/src/serialiser/rsnxsitems.cc index 1a7cf45b4..55501195d 100644 --- a/libretroshare/src/serialiser/rsnxsitems.cc +++ b/libretroshare/src/serialiser/rsnxsitems.cc @@ -1237,7 +1237,7 @@ RsNxsGrp* RsNxsGrp::clone() const { if(this->metaData) { grp->metaData = new RsGxsGrpMetaData(); - *(grp->metaData) = *(this->metaData); +// *(grp->metaData) = *(this->metaData); } return grp; diff --git a/libretroshare/src/serialiser/rsnxsitems.h b/libretroshare/src/serialiser/rsnxsitems.h index 6be81ecbe..8bc19d501 100644 --- a/libretroshare/src/serialiser/rsnxsitems.h +++ b/libretroshare/src/serialiser/rsnxsitems.h @@ -157,7 +157,8 @@ public: virtual uint32_t serial_size() const; RsGxsGroupId grpId ; - RsTlvSecurityKey key ; +#warning should be renamed private_key + RsTlvPrivateRSAKey key ; }; @@ -330,9 +331,12 @@ public: * This should contains all data * which is not specific to the Gxs service data */ + // This is the binary data for the group meta that is sent to friends. It *should not* contain any private + // key parts. This is ensured in RsGenExchange + RsTlvBinaryData meta; - // deserialised metaData, this is not serialised + // Deserialised metaData, this is not serialised by the serialize() method. So it may contain private key parts in some cases. RsGxsGrpMetaData* metaData; }; diff --git a/libretroshare/src/serialiser/rstlvbase.h b/libretroshare/src/serialiser/rstlvbase.h index 41dd344e5..8e463214f 100644 --- a/libretroshare/src/serialiser/rstlvbase.h +++ b/libretroshare/src/serialiser/rstlvbase.h @@ -207,8 +207,10 @@ const uint16_t TLV_TYPE_GXSCIRCLEIDSET= 0x1026; const uint16_t TLV_TYPE_SERVICESET = 0x1030; -const uint16_t TLV_TYPE_SECURITYKEY = 0x1040; -const uint16_t TLV_TYPE_SECURITYKEYSET= 0x1041; +const uint16_t TLV_TYPE_SECURITYKEY_deprecated = 0x1040; +const uint16_t TLV_TYPE_SECURITYKEYSET = 0x1041; +const uint16_t TLV_TYPE_RSA_KEY_PUBLIC = 0x1042; +const uint16_t TLV_TYPE_RSA_KEY_PRIVATE= 0x1043; const uint16_t TLV_TYPE_KEYSIGNATURE = 0x1050; const uint16_t TLV_TYPE_KEYSIGNATURESET = 0x1051; diff --git a/libretroshare/src/serialiser/rstlvkeys.cc b/libretroshare/src/serialiser/rstlvkeys.cc index 968b09d83..302951f9f 100644 --- a/libretroshare/src/serialiser/rstlvkeys.cc +++ b/libretroshare/src/serialiser/rstlvkeys.cc @@ -27,6 +27,7 @@ #include "rstlvkeys.h" #include "rstlvbase.h" #include "rsbaseserial.h" +#include "util/stacktrace.h" #include @@ -37,13 +38,13 @@ /************************************* RsTlvSecurityKey ************************************/ -RsTlvSecurityKey::RsTlvSecurityKey() +RsTlvSecurityKey_deprecated::RsTlvSecurityKey_deprecated() :RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY) { return; } -void RsTlvSecurityKey::TlvClear() +void RsTlvSecurityKey_deprecated::TlvClear() { keyId.clear(); keyFlags = 0; @@ -53,7 +54,7 @@ void RsTlvSecurityKey::TlvClear() } /* clears keyData - but doesn't delete */ -void RsTlvSecurityKey::ShallowClear() +void RsTlvSecurityKey_deprecated::ShallowClear() { keyId.clear(); keyFlags = 0; @@ -63,8 +64,22 @@ void RsTlvSecurityKey::ShallowClear() keyData.bin_len = 0; } +uint32_t RsTlvRSAKey::TlvSize() const +{ + uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */ -uint32_t RsTlvSecurityKey::TlvSize() const + /* now add comment and title length of this tlv object */ + + s += keyId.serial_size(); + s += 4; + s += 4; + s += 4; + s += keyData.TlvSize(); + + return s; + +} +uint32_t RsTlvSecurityKey_deprecated::TlvSize() const { uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */ @@ -81,15 +96,48 @@ uint32_t RsTlvSecurityKey::TlvSize() const s += keyData.TlvSize(); return s; - } -bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const +bool RsTlvRSAKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const { /* must check sizes */ uint32_t tlvsize = TlvSize(); uint32_t tlvend = *offset + tlvsize; + if (size < tlvend) + { + std::cerr << "RsTlvSecurityKey::SetTlv() Failed not enough space"; + std::cerr << std::endl; + return false; /* not enough space */ + } + + bool ok = checkFlags(keyFlags); // check before serialise, just in case + + /* start at data[offset] */ + /* add mandatory parts first */ + + ok &= SetTlvBase(data, tlvend, offset, tlvType(), tlvsize); + + ok &= keyId.serialise(data, tlvend, *offset) ; + ok &= setRawUInt32(data, tlvend, offset, keyFlags); + ok &= setRawUInt32(data, tlvend, offset, startTS); + ok &= setRawUInt32(data, tlvend, offset, endTS); + ok &= keyData.SetTlv(data, tlvend, offset); + + return ok; + +} +bool RsTlvSecurityKey_deprecated::SetTlv(void *data, uint32_t size, uint32_t *offset) const +{ + std::cerr << "(EE) Serialisation of an old security key format. Will not be done! callstack is:" << std::cerr << std::endl; + print_stacktrace() ; + +#warning REMOVE THIS CODE BELOW WHEN IT IS NOT CALLED ANYMORE + + /* must check sizes */ + uint32_t tlvsize = TlvSize(); + uint32_t tlvend = *offset + tlvsize; + if (size < tlvend) { //#ifdef TLV_DEBUG @@ -104,7 +152,7 @@ bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) cons /* start at data[offset] */ /* add mandatory parts first */ - ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY, tlvsize); + ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY_deprecated, tlvsize); #ifdef KEEP_OLD_SIGNATURE_SERIALISE_FORMAT ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId.toStdString()); @@ -120,8 +168,7 @@ bool RsTlvSecurityKey::SetTlv(void *data, uint32_t size, uint32_t *offset) cons } - -bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) +bool RsTlvRSAKey::GetTlv(void *data, uint32_t size, uint32_t *offset) { if (size < *offset + TLV_HEADER_SIZE) return false; @@ -139,7 +186,75 @@ bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) return false; /* not enough space */ } - if (tlvtype != TLV_TYPE_SECURITYKEY) /* check type */ + if (tlvtype != tlvType()) /* check type */ + { +#ifdef TLV_DEBUG + std::cerr << "RsTlvSecurityKey::GetTlv() Fail, wrong type"; + std::cerr << std::endl; +#endif + return false; + } + + bool ok = true; + + /* ready to load */ + TlvClear(); + + /* skip the header */ + (*offset) += TLV_HEADER_SIZE; + + ok &= keyId.deserialise(data, tlvend, *offset) ; + ok &= getRawUInt32(data, tlvend, offset, &(keyFlags)); + ok &= getRawUInt32(data, tlvend, offset, &(startTS)); + ok &= getRawUInt32(data, tlvend, offset, &(endTS)); + ok &= keyData.GetTlv(data, tlvend, offset); + + ok &= checkFlags(keyFlags) ; + + /*************************************************************************** + * NB: extra components could be added (for future expansion of the type). + * or be present (if this code is reading an extended version). + * + * We must chew up the extra characters to conform with TLV specifications + ***************************************************************************/ + if (*offset != tlvend) + { +#ifdef TLV_DEBUG + std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item"; + std::cerr << std::endl; +#endif + *offset = tlvend; + } + + if (!ok) + { +#ifdef TLV_DEBUG + std::cerr << "RsTlvSecurityKey::GetTlv() Failed somewhere ok == false"; + std::cerr << std::endl; +#endif + } + + return ok; +} +bool RsTlvSecurityKey_deprecated::GetTlv(void *data, uint32_t size, uint32_t *offset) +{ + if (size < *offset + TLV_HEADER_SIZE) + return false; + + uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) ); + uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) ); + uint32_t tlvend = *offset + tlvsize; + + if (size < tlvend) /* check size */ + { +#ifdef TLV_DEBUG + std::cerr << "RsTlvSecurityKey::GetTlv() Fail, not enough space"; + std::cerr << std::endl; +#endif + return false; /* not enough space */ + } + + if (tlvtype != TLV_TYPE_SECURITYKEY_deprecated) /* check type */ { #ifdef TLV_DEBUG std::cerr << "RsTlvSecurityKey::GetTlv() Fail, wrong type"; @@ -196,7 +311,7 @@ bool RsTlvSecurityKey::GetTlv(void *data, uint32_t size, uint32_t *offset) } -std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent) const +std::ostream &RsTlvSecurityKey_deprecated::print(std::ostream &out, uint16_t indent) const { printBase(out, "RsTlvSecurityKey", indent); uint16_t int_Indent = indent + 2; @@ -233,7 +348,10 @@ std::ostream &RsTlvSecurityKey::print(std::ostream &out, uint16_t indent) const void RsTlvSecurityKeySet::TlvClear() { groupId.clear(); - keys.clear(); //empty list +#ifdef TODO + public_keys.clear(); //empty list + private_keys.clear(); //empty list +#endif } uint32_t RsTlvSecurityKeySet::TlvSize() const @@ -241,17 +359,13 @@ uint32_t RsTlvSecurityKeySet::TlvSize() const uint32_t s = TLV_HEADER_SIZE; /* header */ - std::map::const_iterator it; - s += GetTlvStringSize(groupId); - if(!keys.empty()) - { - - for(it = keys.begin(); it != keys.end() ; ++it) - s += (it->second).TlvSize(); - - } + for(std::map::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it) + s += (it->second).TlvSize(); + + for(std::map::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it) + s += (it->second).TlvSize(); return s; } @@ -279,17 +393,13 @@ bool RsTlvSecurityKeySet::SetTlv(void *data, uint32_t size, uint32_t *offset) c /* groupId */ ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId); - if(!keys.empty()) - { - std::map::const_iterator it; - - for(it = keys.begin(); it != keys.end() ; ++it) + for(std::map::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it) + ok &= (it->second).SetTlv(data, size, offset); + + for(std::map::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it) ok &= (it->second).SetTlv(data, size, offset); - } - - -return ok; + return ok; } @@ -319,37 +429,72 @@ bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset) /* groupId */ ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_GROUPID, groupId); - /* while there is TLV */ - while((*offset) + 2 < tlvend) - { - /* get the next type */ - uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) ); + /* while there is TLV */ + while((*offset) + 2 < tlvend) + { + /* get the next type */ + uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) ); - switch(tlvsubtype) - { - case TLV_TYPE_SECURITYKEY: + switch(tlvsubtype) + { + case TLV_TYPE_SECURITYKEY_deprecated: + { + RsTlvSecurityKey_deprecated key; + + ok &= key.GetTlv(data, size, offset); + + if (ok) { - RsTlvSecurityKey key; - ok &= key.GetTlv(data, size, offset); - if (ok) - { - keys[key.keyId] = key; - key.TlvClear(); /* so that the Map can get control - should be ref counted*/ - } + std::cerr << "(WW) read RSA key with old format. Will be converted to new format. Flags=" << std::hex << key.keyFlags << std::dec << std::endl; + + if(key.keyFlags & RSTLV_KEY_TYPE_FULL) + private_keys[key.keyId] = RsTlvPrivateRSAKey(key); + else + public_keys[key.keyId] = RsTlvPublicRSAKey(key); + + key.TlvClear(); /* so that the Map can get control - should be ref counted*/ } - break; - default: - ok &= SkipUnknownTlv(data, tlvend, offset); - break; + } + break ; - } + case TLV_TYPE_RSA_KEY_PRIVATE: + { + RsTlvPrivateRSAKey key; - if (!ok) + if(key.GetTlv(data, size, offset)) + private_keys[key.keyId] = key; + else + ok = false ; + + key.TlvClear(); /* so that the Map can get control - should be ref counted*/ + } + break; + + case TLV_TYPE_RSA_KEY_PUBLIC: + { + RsTlvPublicRSAKey key; + + if(key.GetTlv(data, size, offset)) + public_keys[key.keyId] = key; + else + ok = false ; + + key.TlvClear(); /* so that the Map can get control - should be ref counted*/ + } + break; + + default: + ok &= SkipUnknownTlv(data, tlvend, offset); + break; + + } + + if (!ok) break; } - - + + /*************************************************************************** * NB: extra components could be added (for future expansion of the type). * or be present (if this code is reading an extended version). @@ -378,8 +523,9 @@ std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent) con out << "GroupId: " << groupId; out << std::endl; - std::map::const_iterator it; - for(it = keys.begin(); it != keys.end() ; ++it) + for( std::map::const_iterator it = public_keys.begin(); it != public_keys.end() ; ++it) + (it->second).print(out, int_Indent); + for( std::map::const_iterator it = private_keys.begin(); it != private_keys.end() ; ++it) (it->second).print(out, int_Indent); printEnd(out, "RsTlvSecurityKeySet", indent); diff --git a/libretroshare/src/serialiser/rstlvkeys.h b/libretroshare/src/serialiser/rstlvkeys.h index 7e78e1a94..d65f92b2d 100644 --- a/libretroshare/src/serialiser/rstlvkeys.h +++ b/libretroshare/src/serialiser/rstlvkeys.h @@ -31,6 +31,7 @@ #include "serialiser/rstlvitem.h" #include "serialiser/rstlvbinary.h" +#include "serialiser/rstlvbase.h" #include "retroshare/rsgxsifacetypes.h" #include @@ -46,11 +47,13 @@ const uint32_t RSTLV_KEY_DISTRIB_ADMIN = 0x0040; const uint32_t RSTLV_KEY_DISTRIB_IDENTITY = 0x0080; const uint32_t RSTLV_KEY_DISTRIB_MASK = 0x00f0; -class RsTlvSecurityKey: public RsTlvItem +// Old class for RsTlvSecurityKey. Is kept for backward compatibility, but should not be serialised anymore + +class RsTlvSecurityKey_deprecated: public RsTlvItem { public: - RsTlvSecurityKey(); - virtual ~RsTlvSecurityKey() {} + RsTlvSecurityKey_deprecated(); + virtual ~RsTlvSecurityKey_deprecated() {} virtual uint32_t TlvSize() const; virtual void TlvClear(); @@ -61,26 +64,83 @@ class RsTlvSecurityKey: public RsTlvItem /* clears KeyData - but doesn't delete - to transfer ownership */ void ShallowClear(); - RsGxsId keyId; // Mandatory : + RsGxsId keyId; // Mandatory : uint32_t keyFlags; // Mandatory ; uint32_t startTS; // Mandatory : uint32_t endTS; // Mandatory : RsTlvBinaryData keyData; // Mandatory : }; +class RsTlvRSAKey +{ +public: + virtual uint32_t tlvType() const = 0 ; + virtual bool checkFlags(uint32_t flags) const = 0 ; + + virtual uint32_t TlvSize() const; + virtual void TlvClear(); + virtual bool SetTlv(void *data, uint32_t size, uint32_t *offset) const; + virtual bool GetTlv(void *data, uint32_t size, uint32_t *offset); + virtual std::ostream &print(std::ostream &out, uint16_t indent) const; + + /* clears KeyData - but doesn't delete - to transfer ownership */ + void ShallowClear(); + + bool check() const { return checkFlags(keyFlags) && (!keyId.isNull()) ; } + + RsGxsId keyId; // Mandatory : + uint32_t keyFlags; // Mandatory ; + uint32_t startTS; // Mandatory : + uint32_t endTS; // Mandatory : + RsTlvBinaryData keyData; // Mandatory : +}; + +// The two classes below are by design incompatible, making it impossible to pass a private key as a public key + +class RsTlvPrivateRSAKey: public RsTlvRSAKey +{ + public: + RsTlvPrivateRSAKey(); + explicit RsTlvPrivateRSAKey(RsTlvSecurityKey_deprecated& key); // convertion tool. Should be called explicitely and performs some checks + + virtual ~RsTlvPrivateRSAKey() {} + + virtual bool checkFlags(uint32_t flags) const { return bool(flags & RSTLV_KEY_TYPE_FULL) && !bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) ; } + virtual uint32_t tlvType() const { return TLV_TYPE_RSA_KEY_PRIVATE ; } +}; +class RsTlvPublicRSAKey: public RsTlvRSAKey +{ +#warning TEST IF WE CAN CONVERT PUBLIC TO PRIVATE AND VIS VERSA. NORMALLY WE SHOULDNT + public: + RsTlvPublicRSAKey(); + virtual ~RsTlvPublicRSAKey() {} + explicit RsTlvPublicRSAKey(RsTlvSecurityKey_deprecated& key); // convertion tool. Should be called explicitely and performs some checks + + virtual bool checkFlags(uint32_t flags) const { return bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && !bool(flags & RSTLV_KEY_TYPE_FULL) ; } + virtual uint32_t tlvType() const { return TLV_TYPE_RSA_KEY_PUBLIC ; } +}; + class RsTlvSecurityKeySet: public RsTlvItem { - public: - RsTlvSecurityKeySet() { return; } -virtual ~RsTlvSecurityKeySet() { return; } -virtual uint32_t TlvSize() const; -virtual void TlvClear(); -virtual bool SetTlv(void *data, uint32_t size, uint32_t *offset) const; -virtual bool GetTlv(void *data, uint32_t size, uint32_t *offset); -virtual std::ostream &print(std::ostream &out, uint16_t indent) const; +public: + RsTlvSecurityKeySet() { return; } + virtual ~RsTlvSecurityKeySet() { return; } + + void initFromPublicKeys(const RsTlvSecurityKeySet& skset) ; + + virtual uint32_t TlvSize() const; + virtual void TlvClear(); + virtual bool SetTlv(void *data, uint32_t size, uint32_t *offset) const; + virtual bool GetTlv(void *data, uint32_t size, uint32_t *offset); + virtual std::ostream &print(std::ostream &out, uint16_t indent) const; - std::string groupId; // Mandatory : - std::map keys; // Mandatory : + std::string groupId; // Mandatory : + std::map public_keys; // Mandatory : + std::map private_keys; // Mandatory : + +//private: +// RsTlvSecurityKeySet& operator=(const RsTlvSecurityKeySet&) { std::cerr << "(EE) " <<__PRETTY_FUNCTION__ << " shouldn't be called!" << std::endl; return *this;} +// RsTlvSecurityKeySet(const RsTlvSecurityKeySet&) { std::cerr << "(EE) " <<__PRETTY_FUNCTION__ << " shouldn't be called!" << std::endl;} }; diff --git a/libretroshare/src/services/p3idservice.cc b/libretroshare/src/services/p3idservice.cc index 0e2769205..a9e38b02c 100644 --- a/libretroshare/src/services/p3idservice.cc +++ b/libretroshare/src/services/p3idservice.cc @@ -447,7 +447,10 @@ bool p3IdService:: getIdDetails(const RsGxsId &id, RsIdentityDetails &details) { RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/ - RsGxsIdCache data; + + { + RsGxsIdCache data; + if (mPublicKeyCache.fetch(id, data)) { details = data.details; @@ -464,7 +467,10 @@ bool p3IdService:: getIdDetails(const RsGxsId &id, RsIdentityDetails &details) return true; } + } + RsGxsIdCache data; + /* try private cache too */ if (mPrivateKeyCache.fetch(id, data)) { @@ -604,12 +610,13 @@ bool p3IdService::getRecognTagRequest(const RsGxsId &id, const std::string &comm return false; } - RsTlvSecurityKey key; + RsTlvPrivateRSAKey key; std::string nickname; { RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/ - RsGxsIdCache data; + RsGxsIdCache data; + if (!mPrivateKeyCache.fetch(id, data)) { #ifdef DEBUG_RECOGN @@ -669,11 +676,12 @@ bool p3IdService::isPendingNetworkRequest(const RsGxsId& gxsId) return false; } -bool p3IdService::getKey(const RsGxsId &id, RsTlvSecurityKey &key) +bool p3IdService::getKey(const RsGxsId &id, RsTlvPublicRSAKey &key) { { RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/ - RsGxsIdCache data; + RsGxsIdCache data; + if (mPublicKeyCache.fetch(id, data)) { key = data.pubkey; @@ -695,11 +703,12 @@ bool p3IdService::requestPrivateKey(const RsGxsId &id) return cache_request_load(id); } -bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key) +bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key) { { RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/ - RsGxsIdCache data; + RsGxsIdCache data; + if (mPrivateKeyCache.fetch(id, data)) { key = data.pubkey; @@ -716,10 +725,7 @@ bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key) bool p3IdService::signData(const uint8_t *data,uint32_t data_size,const RsGxsId& own_gxs_id,RsTlvKeySignature& signature,uint32_t& error_status) { - //RsIdentityDetails details ; - RsTlvSecurityKey signature_key ; - - //getIdDetails(own_gxs_id,details); + RsTlvPrivateRSAKey signature_key ; int i ; for(i=0;i<6;++i) @@ -758,7 +764,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl { // RsIdentityDetails details ; // getIdDetails(signature.keyId,details); - RsTlvSecurityKey signature_key ; + RsTlvPublicRSAKey signature_key ; for(int i=0;i< (force_load?6:1);++i) if(!getKey(signature.keyId,signature_key) || signature_key.keyData.bin_data == NULL) @@ -793,7 +799,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl } bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status) { - RsTlvSecurityKey encryption_key ; + RsTlvPublicRSAKey encryption_key ; // get the key, and let the cache find it. for(int i=0;i<(force_load?6:1);++i) @@ -823,7 +829,7 @@ bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_d bool p3IdService::decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& decrypted_data,uint32_t& decrypted_size,const RsGxsId& key_id,uint32_t& error_status) { - RsTlvSecurityKey encryption_key ; + RsTlvPrivateRSAKey encryption_key ; // Get the key, and let the cache find it. It's our own key, so we should be able to find it, even if it takes // some seconds. @@ -882,7 +888,8 @@ bool p3IdService::getReputation(const RsGxsId &id, GixsReputation &rep) /* this is the key part for accepting messages */ RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/ - RsGxsIdCache data; + RsGxsIdCache data; + if (mPublicKeyCache.fetch(id, data)) { rep.id = id; @@ -1635,42 +1642,6 @@ std::string SSGxsIdGroup::save() const * */ -RsGxsIdCache::RsGxsIdCache() -{ - return; -} - -RsGxsIdCache::RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvSecurityKey &in_pkey, const std::list &tagList) -{ - // Save Keys. - pubkey = in_pkey; - - // Save Time for ServiceString comparisions. - mPublishTs = item->meta.mPublishTs; - - // Save RecognTags. - mRecognTags = tagList; - - details.mAvatar.copy((uint8_t *) item->mImage.binData.bin_data, item->mImage.binData.bin_len); - - // Fill in Details. - details.mNickname = item->meta.mGroupName; - details.mId = RsGxsId(item->meta.mGroupId); - -#ifdef DEBUG_IDS - std::cerr << "RsGxsIdCache::RsGxsIdCache() for: " << details.mId; - std::cerr << std::endl; -#endif // DEBUG_IDS - - details.mFlags = 0 ; - - if(item->meta.mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN) details.mFlags |= RS_IDENTITY_FLAGS_IS_OWN_ID; - if(item->meta.mGroupFlags & RSGXSID_GROUPFLAG_REALID) details.mFlags |= RS_IDENTITY_FLAGS_PGP_LINKED; - - /* rest must be retrived from ServiceString */ - updateServiceString(item->meta.mServiceString); -} - void RsGxsIdCache::updateServiceString(std::string serviceString) { details.mRecognTags.clear(); @@ -1894,8 +1865,8 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item) /* extract key from keys */ RsTlvSecurityKeySet keySet; - RsTlvSecurityKey pubkey; - RsTlvSecurityKey fullkey; + RsTlvSecurityKey_deprecated pubkey; + RsTlvSecurityKey_deprecated fullkey; bool pub_key_ok = false; bool full_key_ok = false; @@ -1908,7 +1879,7 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item) return false; } - std::map::iterator kit; + std::map::iterator kit; //std::cerr << "p3IdService::cache_store() KeySet is:"; //keySet.print(std::cerr, 10); @@ -2367,7 +2338,7 @@ bool p3IdService::cachetest_handlerequest(uint32_t token) } else { - RsTlvSecurityKey seckey; + RsTlvSecurityKey_deprecated seckey; if (getKey(*vit, seckey)) { #ifdef DEBUG_IDS @@ -2399,7 +2370,7 @@ bool p3IdService::cachetest_handlerequest(uint32_t token) } else { - RsTlvSecurityKey seckey; + RsTlvSecurityKey_deprecated seckey; if (getPrivateKey(*vit, seckey)) { // success! @@ -2541,10 +2512,10 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte /********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/ // find private admin key - std::map::iterator mit = keySet.keys.begin(); + std::map::iterator mit = keySet.keys.begin(); for(; mit != keySet.keys.end(); ++mit) { - RsTlvSecurityKey& pk = mit->second; + RsTlvSecurityKey_deprecated& pk = mit->second; if(pk.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL)) { diff --git a/libretroshare/src/services/p3idservice.h b/libretroshare/src/services/p3idservice.h index 72e11bd74..e64b931ff 100644 --- a/libretroshare/src/services/p3idservice.h +++ b/libretroshare/src/services/p3idservice.h @@ -32,6 +32,7 @@ #include "gxs/rsgixs.h" // Internal Interfaces. #include "gxs/gxstokenqueue.h" +#include "serialiser/rsgxsiditems.h" #include #include @@ -189,20 +190,49 @@ virtual std::string save() const; class RsGxsIdGroupItem; -class RsGxsIdCache +template class RsGxsIdCache { - public: - RsGxsIdCache(); - RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvSecurityKey &in_pkey, - const std::list &tagList); +public: + RsGxsIdCache(); -void updateServiceString(std::string serviceString); + RsGxsIdCache(const RsGxsIdGroupItem *item, const KeyClass& in_pkey, const std::list &tagList) + { + // Save Keys. + pubkey = in_pkey; + // Save Time for ServiceString comparisions. + mPublishTs = item->meta.mPublishTs; - time_t mPublishTs; - std::list mRecognTags; // Only partially validated. + // Save RecognTags. + mRecognTags = tagList; - RsIdentityDetails details; - RsTlvSecurityKey pubkey; + details.mAvatar.copy((uint8_t *) item->mImage.binData.bin_data, item->mImage.binData.bin_len); + + // Fill in Details. + details.mNickname = item->meta.mGroupName; + details.mId = RsGxsId(item->meta.mGroupId); + +#ifdef DEBUG_IDS + std::cerr << "RsGxsIdCache::RsGxsIdCache() for: " << details.mId; + std::cerr << std::endl; +#endif // DEBUG_IDS + + details.mFlags = 0 ; + + if(item->meta.mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN) details.mFlags |= RS_IDENTITY_FLAGS_IS_OWN_ID; + if(item->meta.mGroupFlags & RSGXSID_GROUPFLAG_REALID) details.mFlags |= RS_IDENTITY_FLAGS_PGP_LINKED; + + /* rest must be retrived from ServiceString */ + updateServiceString(item->meta.mServiceString); + } + + void updateServiceString(std::string serviceString); + + time_t mPublishTs; + std::list mRecognTags; // Only partially validated. + + RsIdentityDetails details; +#warning why the "pub" here?? + KeyClass pubkey; }; @@ -286,8 +316,8 @@ virtual bool setAsRegularContact(const RsGxsId& id,bool is_a_contact) ; virtual bool haveKey(const RsGxsId &id); virtual bool havePrivateKey(const RsGxsId &id); - virtual bool getKey(const RsGxsId &id, RsTlvSecurityKey &key); - virtual bool getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key); + virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey &key); + virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key); virtual bool requestKey(const RsGxsId &id, const std::list &peers); virtual bool requestPrivateKey(const RsGxsId &id); @@ -350,8 +380,8 @@ virtual void handle_event(uint32_t event_type, const std::string &elabel); std::map > mCacheLoad_ToCache, mPendingCache; // Switching to RsMemCache for Key Caching. - RsMemCache mPublicKeyCache; - RsMemCache mPrivateKeyCache; + RsMemCache > mPublicKeyCache; + RsMemCache > mPrivateKeyCache; /************************************************************************ * Refreshing own Ids. diff --git a/libretroshare/src/util/rsrecogn.cc b/libretroshare/src/util/rsrecogn.cc index 4ce5f5ef9..17f16d480 100644 --- a/libretroshare/src/util/rsrecogn.cc +++ b/libretroshare/src/util/rsrecogn.cc @@ -327,6 +327,7 @@ bool rsa_sanity_check(RSA *rsa) } +#warning this code should be using GxsSecurity signature code. Not some own made signature call. bool RsRecogn::signTag(EVP_PKEY *signKey, RsGxsRecognTagItem *item) { @@ -374,6 +375,8 @@ bool RsRecogn::signTag(EVP_PKEY *signKey, RsGxsRecognTagItem *item) return true; } +#warning this code should be using GxsSecurity signature code. Not some own made signature call. + bool RsRecogn::signSigner(EVP_PKEY *signKey, RsGxsRecognSignerItem *item) { std::cerr << "RsRecogn::signSigner()"; @@ -429,6 +432,7 @@ bool RsRecogn::signSigner(EVP_PKEY *signKey, RsGxsRecognSignerItem *item) return true; } +#warning this code should be using GxsSecurity signature code. Not some own made signature call. bool RsRecogn::signTagRequest(EVP_PKEY *signKey, RsGxsRecognReqItem *item) { @@ -560,7 +564,7 @@ RsGxsRecognTagItem *RsRecogn::extractTag(const std::string &encoded) } -bool RsRecogn::createTagRequest(const RsTlvSecurityKey &key, const RsGxsId &id, const std::string &nickname, uint16_t tag_class, uint16_t tag_type, const std::string &comment, std::string &tag) +bool RsRecogn::createTagRequest(const RsTlvPrivateRSAKey &key, const RsGxsId &id, const std::string &nickname, uint16_t tag_class, uint16_t tag_type, const std::string &comment, std::string &tag) { EVP_PKEY *signKey = EVP_PKEY_new(); RSA *rsakey = d2i_RSAPrivateKey(NULL, (const unsigned char **)&key.keyData.bin_data, key.keyData.bin_len); diff --git a/libretroshare/src/util/rsrecogn.h b/libretroshare/src/util/rsrecogn.h index 25507bfff..6909a34ce 100644 --- a/libretroshare/src/util/rsrecogn.h +++ b/libretroshare/src/util/rsrecogn.h @@ -52,7 +52,7 @@ std::string getRsaKeyId(RSA *pubkey); RsGxsRecognTagItem *extractTag(const std::string &encoded); -bool createTagRequest(const RsTlvSecurityKey &key, +bool createTagRequest(const RsTlvPrivateRSAKey &key, const RsGxsId &id, const std::string &nickname, uint16_t tag_class, uint16_t tag_type, const std::string &comment, std::string &tag); diff --git a/tests/unittests/libretroshare/gxs/gen_exchange/rsdummyservices.h b/tests/unittests/libretroshare/gxs/gen_exchange/rsdummyservices.h index ac4dbc243..d1ce8f0a9 100644 --- a/tests/unittests/libretroshare/gxs/gen_exchange/rsdummyservices.h +++ b/tests/unittests/libretroshare/gxs/gen_exchange/rsdummyservices.h @@ -155,8 +155,8 @@ public: * @return a pointer to a valid profile if successful, otherwise NULL * */ - bool getKey(const RsGxsId &id, RsTlvSecurityKey &key){ return false; } - bool getPrivateKey(const RsGxsId &id, RsTlvSecurityKey &key){ return false; } // For signing outgoing messages. + bool getKey(const RsGxsId &id, RsTlvPrublicRSAKey& key){ return false; } + bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey& key){ return false; } // For signing outgoing messages. private: diff --git a/tests/unittests/libretroshare/gxs/security/gxssecurity_test.cc b/tests/unittests/libretroshare/gxs/security/gxssecurity_test.cc index 62e0f8d93..238f2dc50 100644 --- a/tests/unittests/libretroshare/gxs/security/gxssecurity_test.cc +++ b/tests/unittests/libretroshare/gxs/security/gxssecurity_test.cc @@ -35,8 +35,8 @@ TEST(libretroshare_gxs, GxsSecurity) { - RsTlvSecurityKey pub_key ; - RsTlvSecurityKey priv_key ; + RsTlvSecurityKey_deprecated pub_key ; + RsTlvSecurityKey_deprecated priv_key ; EXPECT_TRUE(GxsSecurity::generateKeyPair(pub_key,priv_key)) ; @@ -45,7 +45,7 @@ TEST(libretroshare_gxs, GxsSecurity) EXPECT_TRUE( pub_key.keyId == priv_key.keyId ); EXPECT_TRUE( pub_key.startTS == priv_key.startTS ); - RsTlvSecurityKey pub_key2 ; + RsTlvSecurityKey_deprecated pub_key2 ; EXPECT_TRUE(GxsSecurity::extractPublicKey(priv_key,pub_key2)) ; EXPECT_TRUE( pub_key.keyId == pub_key2.keyId ); diff --git a/tests/unittests/libretroshare/serialiser/support.cc b/tests/unittests/libretroshare/serialiser/support.cc index 99a642c12..a46689255 100644 --- a/tests/unittests/libretroshare/serialiser/support.cc +++ b/tests/unittests/libretroshare/serialiser/support.cc @@ -70,7 +70,7 @@ void init_item(RsTlvSecurityKeySet& ks) RsGxsId a_str; a_str = RsGxsId::random(); - RsTlvSecurityKey& a_key = ks.keys[a_str]; + RsTlvSecurityKey_deprecated& a_key = ks.keys[a_str]; init_item(a_key); a_key.keyId = a_str; } @@ -81,7 +81,7 @@ bool operator==(const RsTlvSecurityKeySet& l, const RsTlvSecurityKeySet& r) if(l.groupId != r.groupId) return false; - std::map::const_iterator l_cit = l.keys.begin(), + std::map::const_iterator l_cit = l.keys.begin(), r_cit = r.keys.begin(); for(; l_cit != l.keys.end(); l_cit++, r_cit++){ @@ -94,7 +94,7 @@ bool operator==(const RsTlvSecurityKeySet& l, const RsTlvSecurityKeySet& r) -bool operator==(const RsTlvSecurityKey& sk1, const RsTlvSecurityKey& sk2) +bool operator==(const RsTlvSecurityKey_deprecated& sk1, const RsTlvSecurityKey_deprecated& sk2) { if(sk1.startTS != sk2.startTS) return false; @@ -183,7 +183,7 @@ bool operator==(const RsTlvBinaryData& bd1, const RsTlvBinaryData& bd2) } -void init_item(RsTlvSecurityKey& sk) +void init_item(RsTlvSecurityKey_deprecated& sk) { int randnum = rand()%313131; diff --git a/tests/unittests/libretroshare/serialiser/support.h b/tests/unittests/libretroshare/serialiser/support.h index 5841d22f5..0af3a3ebf 100644 --- a/tests/unittests/libretroshare/serialiser/support.h +++ b/tests/unittests/libretroshare/serialiser/support.h @@ -58,7 +58,7 @@ void randString(const uint32_t, std::wstring&); /* for testing compound tlv items */ -void init_item(RsTlvSecurityKey&); +void init_item(RsTlvSecurityKey_deprecated&); void init_item(RsTlvSecurityKeySet&); void init_item(RsTlvKeySignature&); void init_item(RsTlvKeySignatureSet&); @@ -70,7 +70,7 @@ void init_item(RsTlvPeerIdSet&); void init_item(RsTlvImage&); void init_item(RsTlvPeerIdSet&); -bool operator==(const RsTlvSecurityKey&, const RsTlvSecurityKey& ); +bool operator==(const RsTlvSecurityKey_deprecated&, const RsTlvSecurityKey_deprecated& ); bool operator==(const RsTlvSecurityKeySet&, const RsTlvSecurityKeySet& ); bool operator==(const RsTlvKeySignature&, const RsTlvKeySignature& ); bool operator==(const RsTlvBinaryData&, const RsTlvBinaryData&); diff --git a/tests/unittests/libretroshare/serialiser/tlvrandom_test.cc b/tests/unittests/libretroshare/serialiser/tlvrandom_test.cc index 3a087d1f8..60483e5e3 100644 --- a/tests/unittests/libretroshare/serialiser/tlvrandom_test.cc +++ b/tests/unittests/libretroshare/serialiser/tlvrandom_test.cc @@ -68,7 +68,7 @@ int test_TlvRandom(void *data, uint32_t len, uint32_t offset) uint32_t tmpoffset = 0; /* List of all the TLV types it could be! */ - RsTlvSecurityKey skey; + RsTlvSecurityKey_deprecated skey; RsTlvSecurityKeySet skeyset; RsTlvKeySignature keysign; @@ -114,7 +114,7 @@ int test_TlvRandom(void *data, uint32_t len, uint32_t offset) EXPECT_TRUE(test_SetTlvItem(&kv, TLV_TYPE_KEYVALUE, data, len, offset)); EXPECT_TRUE(test_SetTlvItem(&kvset, TLV_TYPE_KEYVALUESET, data, len, offset)); std::cerr << "test_TlvRandom:: Testing Keys (TYPESET)" << std::endl; - EXPECT_TRUE(test_SetTlvItem(&skey, TLV_TYPE_SECURITYKEY, data, len, offset)); + EXPECT_TRUE(test_SetTlvItem(&skey, TLV_TYPE_SECURITYKEY_deprecated, data, len, offset)); EXPECT_TRUE(test_SetTlvItem(&skeyset, TLV_TYPE_SECURITYKEYSET, data, len, offset)); EXPECT_TRUE(test_SetTlvItem(&keysign, TLV_TYPE_KEYSIGNATURE, data, len, offset));