half way through RsNxsItem encryption

libretroshare/src/gxs/rsgixs.h

@@ -220,6 +220,7 @@ class RsGcxs
         virtual int  canSend(const RsGxsCircleId &circleId, const RsPgpId &id) = 0;
         virtual int  canReceive(const RsGxsCircleId &circleId, const RsPgpId &id) = 0;
         virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsPgpId>& friendlist) = 0;
+        virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsGxsId>& idlist) = 0;
 };
 
 

libretroshare/src/gxs/rsgxsnetservice.cc

@@ -29,6 +29,7 @@
 #include <math.h>
 
 #include "rsgxsnetservice.h"
+#include "gxssecurity.h"
 #include "retroshare/rsconfig.h"
 #include "retroshare/rsgxsflags.h"
 #include "retroshare/rsgxscircles.h"
@@ -2356,6 +2357,11 @@ void RsGxsNetService::locked_genSendGrpsTransaction(NxsTransaction* tr)
 
 void RsGxsNetService::runVetting()
 {
+    // The vetting operation consists in transforming pending group/msg Id requests and grp/msg content requests
+    // into real transactions, based on the authorisations of the Peer Id these transactions are targeted to using the
+    // reputation system.
+    //
+    
 	RS_STACK_MUTEX(mNxsMutex) ;
 
 	std::vector<AuthorPending*>::iterator vit = mPendingResp.begin();
@@ -2364,6 +2370,8 @@ void RsGxsNetService::runVetting()
 	{
 		AuthorPending* ap = *vit;
 
+        	// ap->accepted() looks into the reputation of the destination
+        
 		if(ap->accepted() || ap->expired())
 		{
 			// add to transactions
@@ -2523,6 +2531,11 @@ void RsGxsNetService::locked_genSendMsgsTransaction(NxsTransaction* tr)
 	    return;
     }
 
+    // now if transaction is limited to an external group, encrypt it for members of the group.
+
+    if()
+	    encryptTransaction(newTr,circl_EId
+
 	                       uint32_t updateTS = 0;
 
 	                    ServerMsgMap::const_iterator cit = mServerMsgUpdateMap.find(grpId);
@@ -2562,20 +2575,109 @@ bool RsGxsNetService::locked_addTransaction(NxsTransaction* tr)
 	                != transMap.end();
 
 
-	if(transNumExist){
+	if(transNumExist)
+	{
 #ifdef NXS_NET_DEBUG
 		std::cerr << "locked_addTransaction() " << std::endl;
 		std::cerr << "Transaction number exist already, transN: " << transN << std::endl;
 #endif
 		return false;
-	}else{
+	}
+
 #ifdef NXS_NET_DEBUG
 	std::cerr << "locked_addTransaction() " << std::endl;
 	std::cerr << "Added transaction number " << transN << std::endl;
 #endif
+
 	transMap[transN] = tr;
+
+	if(!tr->destination_circle.isNull())
+		encryptTransaction(tr);
+
 	return true;
 }
+
+bool RsGxsNetService::encryptTransaction(NxsTransaction *tr)
+{
+    std::cerr << "RsGxsNetService::encryptTransaction()" << std::endl;
+    std::cerr << "  Circle Id: " << tr->destination_circle << std::endl;
+         
+    // 1 - Find out the list of GXS ids to encrypt for
+    //     We could do smarter things (like see if the peer_id owns one of the circle's identities
+    //     but for now we aim at the simplest solution: encrypt for all identities in the circle.
+    
+    std::list<RsGxsId> recipients ;
+    
+    if(!mCircles->recipients(tr->destination_circle,recipients))
+    {
+        std::cerr << "  (EE) Cannot encrypt transaction: recipients list not available." << std::endl;
+        return false ;
+    }
+    
+    std::cerr << "  Dest  Ids: " << std::endl;
+    
+    for(std::list<RsGxsId>::const_iterator it(recipients.begin());it!=recipients.end();++it)
+        std::cerr << "    " << *it << std::endl;
+    
+    // 2 - call GXSSecurity to make a header item that encrypts for the given list of peers.
+    
+    GxsSecurity::MultiEncryptionContext muctx ; 
+    GxsSecurity::initMultiEncryption(muctx,recipients);
+            
+    // 3 - serialise and encrypt each message, converting it into a NxsEncryptedDataItem
+    
+    std::list<RsNxsItem*> encrypted_items ;
+    
+    for(std::list<RsNxsItem*>::const_iterator it(tr->mItems.begin());it!=tr->mItems.end();++it)
+    {
+        uint32_t size = (*it)->serial_size() ;
+        RsTemporaryMemory tempmem( size ) ;
+        
+        if(!(*it)->serialise(tempmem,size))
+        {
+            std::cerr << "  (EE) Cannot serialise item. Something went wrong." << std::endl;
+            continue ;
+        }
+        
+        unsigned char *encrypted_data = NULL ;
+        unsigned char *encrypted_len  = 0 ;
+        
+        if(!GxsSecurity::encrypt(muctx,tempmem,tempmemsize,encryted_data, encryted_len))
+        {
+            std::cerr << "  (EE) Cannot multi-encrypt item. Something went wrong." << std::endl;
+            continue ;
+        }
+        
+        RsNxsEncryptedDataItem *enc_item = new RsNxsEncryptedDataItem() ;
+        
+        enc_item->aes_encrypted_data.bin_len  = encrypted_len ;
+        enc_item->aes_encrypted_data.bin_data = encrypted_data ;
+        enc_item->aes_encrypted_data.tlvtype  = TLV_TYPE_BIN_ENCRYPTED ;
+        
+        encrypted_items.push_back(enc_item) ;
+    }
+        
+    // 4 - put back in transaction.
+    
+    for(std::list<RsNxsItem*>::const_iterator it(tr->mItems.begin());it!=tr->mItems.end();++it)
+        delete *it ;
+    
+    tr->mItems = encrypted_items ;
+    tr->mItems.push_front(session_key_item) ;
+}
+
+bool RsGxsNetService::decryptTransaction(NxsTransaction *tr)
+{
+    // 1 - Checks that the transaction is encrypted. It should contain
+    // 	   one packet with an encrypted session key for the group,
+    //     and as many encrypted data items as necessary.
+    
+    // 2 - Try to decrypt the session key. If not, return false. That probably means
+    //     we don't own that identity.
+    
+    // 3 - Using session key, decrypt all packets, by calling GXSSecurity.
+    
+    // 4 - Deserialise packets from the decrypted data and restore the clear transaction.
 }
 
 void RsGxsNetService::cleanTransactionItems(NxsTransaction* tr) const
@@ -2775,6 +2877,9 @@ bool RsGxsNetService::canSendGrpId(const RsPeerId& sslId, RsGxsGrpMetaData& grpM
 			std::cerr << "RsGxsNetService::canSendGrpId() EXTERNAL_CIRCLE, checking mCircles->canSend";
 			std::cerr << std::endl;
 #endif
+	    // the sending authorisation is based on:
+	    //		getPgpId(peer_id)  being a signer of one GxsId in the Circle
+	    //
 			const RsPgpId& pgpId = mPgpUtils->getPGPId(sslId);
 			return mCircles->canSend(circleId, pgpId);
 		}

libretroshare/src/gxs/rsgxsnetutils.h

@@ -68,6 +68,8 @@ public:
      */
     RsNxsTransacItem* mTransaction;
     std::list<RsNxsItem*> mItems; // items received or sent
+    
+    mGxsCircleId destination_circle;
 };
 
 /*!

libretroshare/src/serialiser/rstlvbase.h

@@ -182,12 +182,10 @@ const uint16_t TLV_TYPE_KEY_PUB_RSA   = 0x0112; /* not used yet */
 const uint16_t TLV_TYPE_SIGN_RSA_SHA1 = 0x0120; /* Used (Distrib/Forums) */
 
 const uint16_t TLV_TYPE_BIN_IMAGE     = 0x0130; /* Used (Generic - Forums) */
-
 const uint16_t TLV_TYPE_BIN_FILEDATA  = 0x0140; /* Used - ACTIVE! */
-
 const uint16_t TLV_TYPE_BIN_SERIALISE = 0x0150; /* Used (Generic - Distrib) */
-
 const uint16_t TLV_TYPE_BIN_GENERIC   = 0x0160; /* Used (DSDV Data) */
+const uint16_t TLV_TYPE_BIN_ENCRYPTED = 0x0170; /* Encrypted data
 
 
 	/**** Compound Types ****/

libretroshare/src/services/p3gxscircles.cc

@@ -383,6 +383,19 @@ bool p3GxsCircles::recipients(const RsGxsCircleId &circleId, std::list<RsPgpId>
 	return false;
 }
 
+bool p3GxsCircles::recipients(const RsGxsCircleId& circleId, std::list<RsGxsId>& gxs_ids)
+{
+    RsGxsCircleDetails details ;
+
+    if(!getCircleDetails(circleId, details))
+	    return false;
+    
+    for(std::set<RsGxsId>::const_iterator it(details.mUnknownPeers.begin());it!=details.mUnknownPeers.end();+it)
+	    gxs_ids.push_back(*it) ;
+            
+    return true;
+}
+
 /********************************************************************************/
 /******************* Get/Set Data      ******************************************/
 /********************************************************************************/

libretroshare/src/services/p3gxscircles.h

@@ -178,6 +178,7 @@ virtual RsServiceInfo getServiceInfo();
 	virtual int canSend(const RsGxsCircleId &circleId, const RsPgpId &id);
 	virtual int canReceive(const RsGxsCircleId &circleId, const RsPgpId &id);
 	virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsPgpId> &friendlist);
+	virtual bool recipients(const RsGxsCircleId &circleId, std::list<RsGxsId> &gxs_ids);
 
 
 	virtual bool getGroupData(const uint32_t &token, std::vector<RsGxsCircleGroup> &groups);