fixed compilation and several problems following separation of public/private keys

This commit is contained in:
csoler 2016-06-04 21:39:40 -04:00
parent 590be092e5
commit a2ca0385db
16 changed files with 291 additions and 523 deletions

View File

@ -406,7 +406,7 @@ class RsChatDHPublicKeyItem: public RsChatItem
BIGNUM *public_key ;
RsTlvKeySignature signature ; // signs the public key in a row.
RsTlvSecurityKey_deprecated gxs_key ; // public key of the signer
RsTlvPublicRSAKey gxs_key ; // public key of the signer
private:
RsChatDHPublicKeyItem(const RsChatDHPublicKeyItem&) : RsChatItem(RS_PKT_SUBTYPE_DISTANT_CHAT_DH_PUBLIC_KEY) {} // make the object non copy-able

View File

@ -1958,8 +1958,6 @@ bool p3GRouter::signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& signi
{
try
{
RsTlvSecurityKey_deprecated signature_key ;
#ifdef GROUTER_DEBUG
std::cerr << "p3GRouter::signDataItem()" << std::endl;
std::cerr << " Key ID = " << signing_id << std::endl;

View File

@ -174,17 +174,6 @@ bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key)
return true ;
}
static void setRSAPrivateKeyData(RsTlvSecurityKey_deprecated & key, RSA *rsa_priv)
{
unsigned char *data = NULL ;
int reqspace = i2d_RSAPrivateKey(rsa_priv, &data);
key.keyData.setBinData(data, reqspace);
key.keyId = getRsaKeyFingerprint(rsa_priv);
free(data) ;
}
bool GxsSecurity::generateKeyPair(RsTlvPublicRSAKey& public_key,RsTlvPrivateRSAKey& private_key)
{
// admin keys
@ -991,8 +980,7 @@ bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& s
#endif
/* extract admin key */
#warning Souldn't need to do that HERE!!
RSA *rsakey = (key.keyFlags & RSTLV_KEY_TYPE_FULL)? d2i_RSAPrivateKey(NULL, &(keyptr), keylen): d2i_RSAPublicKey(NULL, &(keyptr), keylen);
RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen);
if (!rsakey)
{
@ -1067,4 +1055,21 @@ bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& s
return false;
}
void GxsSecurity::createPublicKeysFromPrivateKeys(RsTlvSecurityKeySet& keyset)
{
for( std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it = keyset.private_keys.begin(); it != keyset.private_keys.end() ; ++it)
if(keyset.public_keys.find(it->second.keyId) == keyset.public_keys.end())
{
RsTlvPublicRSAKey pub_key ;
if(!extractPublicKey(it->second,pub_key))
{
std::cerr << "(EE) ERROR when trying to generate public key from private key for ID " << it->second.keyId << ". This is probably a bug with security implications." << std::endl;
continue ;
}
keyset.public_keys[it->second.keyId] = pub_key ;
std::cerr << "(II) Generated missing public key for ID " << it->second.keyId << " from private key." << std::endl;
}
}

View File

@ -125,6 +125,15 @@ class GxsSecurity
static bool checkPublicKey(const RsTlvPublicRSAKey &key);
static bool checkPrivateKey(const RsTlvPrivateRSAKey &key);
/*!
* Adds possibly missing public keys when private keys are present.
*
* \brief createPublicKeysForPrivateKeys
* \param set set of keys to consider
* \return
*/
static void createPublicKeysFromPrivateKeys(RsTlvSecurityKeySet& set) ;
};
#endif // GXSSECURITY_H

View File

@ -373,20 +373,6 @@ void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet, bool genPubli
}
}
void RsGenExchange::generatePublicFromPrivateKeys(RsTlvSecurityKeySet& keySet)
{
// actually just copy settings of one key except mark its key flags public
keySet.public_keys.clear() ;
for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator cit=keySet.private_keys.begin(); cit != keySet.private_keys.end(); ++cit)
{
RsTlvPublicRSAKey pubkey ;
if(GxsSecurity::extractPublicKey(cit->second,pubkey))
keySet.public_keys.insert(std::make_pair(pubkey.keyId, pubkey));
}
}
uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& keySet)
{
#ifdef GEN_EXCH_DEBUG
@ -2166,7 +2152,9 @@ void RsGenExchange::processGroupUpdatePublish()
if(checkKeys(meta->keys))
{
ggps.mKeys = meta->keys;
generatePublicFromPrivateKeys(ggps.mKeys);
GxsSecurity::createPublicKeysFromPrivateKeys(ggps.mKeys) ;
ggps.mHaveKeys = true;
ggps.mStartTS = time(NULL);
ggps.mLastAttemptTS = 0;
@ -2599,6 +2587,7 @@ bool RsGenExchange::getGroupKeys(const RsGxsGroupId &grpId, RsTlvSecurityKeySet
return false;
keySet = meta->keys;
GxsSecurity::createPublicKeysFromPrivateKeys(keySet) ;
for(std::map<RsGxsGroupId, RsGxsGrpMetaData*>::iterator it=grpMeta.begin();it!=grpMeta.end();++it)
delete it->second ;

View File

@ -743,15 +743,6 @@ private:
*/
void generateGroupKeys(RsTlvSecurityKeySet& keySet, bool genPublishKeys);
/*!
* Generate public set of keys from their private counterparts
* No keys will be generated if one fails
* @param privatekeySet contains private generated keys
* @param publickeySet contains public generated keys (counterpart of private)
* @return false if key gen failed for a key set
*/
void generatePublicFromPrivateKeys(RsTlvSecurityKeySet& keySet);
/*!
* Attempts to validate msg signatures
* @param msg message to be validated

View File

@ -4877,7 +4877,7 @@ void RsGxsNetService::sharePublishKeysPending()
publishKeyItem->clear();
publishKeyItem->grpId = mit->first;
publishKeyItem->key = publishKey ;
publishKeyItem->private_key = publishKey ;
publishKeyItem->PeerId(*it);
sendItem(publishKeyItem);
@ -4932,8 +4932,8 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key received: " << std::endl;
#endif
bool admin = (item->key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
bool publi = (item->key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (item->key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
bool admin = (item->private_key.keyFlags & RSTLV_KEY_DISTRIB_ADMIN) && (item->private_key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
bool publi = (item->private_key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (item->private_key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->key.endTS << std::endl;
@ -4946,13 +4946,13 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
}
// Also check that we don't already have full keys for that group.
if(grpMeta->keys.public_keys.find(item->key.keyId) == grpMeta->keys.public_keys.end())
if(grpMeta->keys.public_keys.find(item->private_key.keyId) == grpMeta->keys.public_keys.end())
{
std::cerr << " (EE) Key not found in known group keys. This is an inconsistency." << std::endl;
return ;
}
if(grpMeta->keys.private_keys.find(item->key.keyId) != grpMeta->keys.private_keys.end())
if(grpMeta->keys.private_keys.find(item->private_key.keyId) != grpMeta->keys.private_keys.end())
{
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " (EE) Publish key already present in database. Discarding message." << std::endl;
@ -4962,7 +4962,7 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
// Store/update the info.
grpMeta->keys.private_keys[item->key.keyId] = item->key ;
grpMeta->keys.private_keys[item->private_key.keyId] = item->private_key ;
bool ret = mDataStore->updateGroupKeys(item->grpId,grpMeta->keys, grpMeta->mSubscribeFlags | GXS_SERV::GROUP_SUBSCRIBE_PUBLISH) ;

View File

@ -117,7 +117,7 @@ virtual void clear();
std::ostream &print(std::ostream &out, uint16_t indent = 0);
RsTlvServiceIdSet signing_classes;
RsTlvSecurityKey_deprecated key; // has from->to, and flags.
RsTlvPublicRSAKey key; // has from->to, and flags.
RsTlvKeySignature sign;
};

View File

@ -401,7 +401,7 @@ bool RsNxsGroupPublishKeyItem::serialise(void *data, uint32_t& size) const
return false ;
ok &= grpId.serialise(data, size, offset) ;
ok &= key.SetTlv(data, size, &offset) ;
ok &= private_key.SetTlv(data, size, &offset) ;
if(offset != tlvsize)
{
@ -811,7 +811,7 @@ RsNxsGroupPublishKeyItem* RsNxsSerialiser::deserialNxsGroupPublishKeyItem(void *
RsNxsGroupPublishKeyItem* item = new RsNxsGroupPublishKeyItem(SERVICE_TYPE);
ok &= item->grpId.deserialise(data, *size, offset);
ok &= item->key.GetTlv(data, *size, &offset) ;
ok &= item->private_key.GetTlv(data, *size, &offset) ;
if (offset != *size)
{
@ -957,7 +957,7 @@ uint32_t RsNxsGroupPublishKeyItem::serial_size() const
uint32_t s = 8; // header size
s += grpId.serial_size() ;
s += key.TlvSize();
s += private_key.TlvSize();
return s;
}
@ -1091,7 +1091,7 @@ void RsNxsSyncGrpReqItem::clear()
}
void RsNxsGroupPublishKeyItem::clear()
{
key.TlvClear();
private_key.TlvClear();
}
void RsNxsSyncMsgReqItem::clear()
{
@ -1163,7 +1163,7 @@ std::ostream& RsNxsGroupPublishKeyItem::print(std::ostream &out, uint16_t indent
printIndent(out , int_Indent);
out << "GroupId: " << grpId << std::endl;
printIndent(out , int_Indent);
out << "keyId: " << key.keyId << std::endl;
out << "keyId: " << private_key.keyId << std::endl;
printRsItemEnd(out ,"RsNxsGroupPublishKeyItem", indent);

View File

@ -157,8 +157,7 @@ public:
virtual uint32_t serial_size() const;
RsGxsGroupId grpId ;
#warning should be renamed private_key
RsTlvPrivateRSAKey key ;
RsTlvPrivateRSAKey private_key ;
};

View File

@ -207,10 +207,12 @@ const uint16_t TLV_TYPE_GXSCIRCLEIDSET= 0x1026;
const uint16_t TLV_TYPE_SERVICESET = 0x1030;
const uint16_t TLV_TYPE_SECURITYKEY_deprecated = 0x1040;
// *_deprectate should not be used anymore!!
// We use 1040 for both public and private keys, so that transmitting them still works (backward compatibility), and so that
// signatures are kept. But the two different classes will check that the flags are correct when deserialising.
const uint16_t TLV_TYPE_SECURITY_KEY = 0x1040;
const uint16_t TLV_TYPE_SECURITYKEYSET = 0x1041;
const uint16_t TLV_TYPE_RSA_KEY_PUBLIC = 0x1042;
const uint16_t TLV_TYPE_RSA_KEY_PRIVATE= 0x1043;
const uint16_t TLV_TYPE_KEYSIGNATURE = 0x1050;
const uint16_t TLV_TYPE_KEYSIGNATURESET = 0x1051;

View File

@ -38,13 +38,13 @@
/************************************* RsTlvSecurityKey ************************************/
RsTlvSecurityKey_deprecated::RsTlvSecurityKey_deprecated()
RsTlvRSAKey::RsTlvRSAKey()
:RsTlvItem(), keyFlags(0), startTS(0), endTS(0), keyData(TLV_TYPE_KEY_EVP_PKEY)
{
return;
}
void RsTlvSecurityKey_deprecated::TlvClear()
void RsTlvRSAKey::TlvClear()
{
keyId.clear();
keyFlags = 0;
@ -54,7 +54,7 @@ void RsTlvSecurityKey_deprecated::TlvClear()
}
/* clears keyData - but doesn't delete */
void RsTlvSecurityKey_deprecated::ShallowClear()
void RsTlvRSAKey::ShallowClear()
{
keyId.clear();
keyFlags = 0;
@ -70,21 +70,6 @@ uint32_t RsTlvRSAKey::TlvSize() const
/* now add comment and title length of this tlv object */
s += keyId.serial_size();
s += 4;
s += 4;
s += 4;
s += keyData.TlvSize();
return s;
}
uint32_t RsTlvSecurityKey_deprecated::TlvSize() const
{
uint32_t s = TLV_HEADER_SIZE; /* header + 4 for size */
/* now add comment and title length of this tlv object */
#ifdef KEEP_OLD_SIGNATURE_SERIALISE_FORMAT
s += GetTlvStringSize(keyId.toStdString()) ;
#else
@ -116,44 +101,7 @@ bool RsTlvRSAKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const
/* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, tlvType(), tlvsize);
ok &= keyId.serialise(data, tlvend, *offset) ;
ok &= setRawUInt32(data, tlvend, offset, keyFlags);
ok &= setRawUInt32(data, tlvend, offset, startTS);
ok &= setRawUInt32(data, tlvend, offset, endTS);
ok &= keyData.SetTlv(data, tlvend, offset);
return ok;
}
bool RsTlvSecurityKey_deprecated::SetTlv(void *data, uint32_t size, uint32_t *offset) const
{
std::cerr << "(EE) Serialisation of an old security key format. Will not be done! callstack is:" << std::cerr << std::endl;
print_stacktrace() ;
#warning REMOVE THIS CODE BELOW WHEN IT IS NOT CALLED ANYMORE
/* must check sizes */
uint32_t tlvsize = TlvSize();
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend)
{
//#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::SetTlv() Failed not enough space";
std::cerr << std::endl;
//#endif
return false; /* not enough space */
}
bool ok = true;
/* start at data[offset] */
/* add mandatory parts first */
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITYKEY_deprecated, tlvsize);
ok &= SetTlvBase(data, tlvend, offset, TLV_TYPE_SECURITY_KEY, tlvsize);
#ifdef KEEP_OLD_SIGNATURE_SERIALISE_FORMAT
ok &= SetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, keyId.toStdString());
#else
@ -186,7 +134,7 @@ bool RsTlvRSAKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
return false; /* not enough space */
}
if (tlvtype != tlvType()) /* check type */
if (tlvtype != TLV_TYPE_SECURITY_KEY) /* check type */
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Fail, wrong type";
@ -202,75 +150,6 @@ bool RsTlvRSAKey::GetTlv(void *data, uint32_t size, uint32_t *offset)
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
ok &= keyId.deserialise(data, tlvend, *offset) ;
ok &= getRawUInt32(data, tlvend, offset, &(keyFlags));
ok &= getRawUInt32(data, tlvend, offset, &(startTS));
ok &= getRawUInt32(data, tlvend, offset, &(endTS));
ok &= keyData.GetTlv(data, tlvend, offset);
ok &= checkFlags(keyFlags) ;
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
*
* We must chew up the extra characters to conform with TLV specifications
***************************************************************************/
if (*offset != tlvend)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Warning extra bytes at end of item";
std::cerr << std::endl;
#endif
*offset = tlvend;
}
if (!ok)
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Failed somewhere ok == false";
std::cerr << std::endl;
#endif
}
return ok;
}
bool RsTlvSecurityKey_deprecated::GetTlv(void *data, uint32_t size, uint32_t *offset)
{
if (size < *offset + TLV_HEADER_SIZE)
return false;
uint16_t tlvtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
uint32_t tlvsize = GetTlvSize( &(((uint8_t *) data)[*offset]) );
uint32_t tlvend = *offset + tlvsize;
if (size < tlvend) /* check size */
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Fail, not enough space";
std::cerr << std::endl;
#endif
return false; /* not enough space */
}
if (tlvtype != TLV_TYPE_SECURITYKEY_deprecated) /* check type */
{
#ifdef TLV_DEBUG
std::cerr << "RsTlvSecurityKey::GetTlv() Fail, wrong type";
std::cerr << std::endl;
#endif
return false;
}
bool ok = true;
/* ready to load */
TlvClear();
/* skip the header */
(*offset) += TLV_HEADER_SIZE;
#ifdef KEEP_OLD_SIGNATURE_SERIALISE_FORMAT
std::string s ;
ok &= GetTlvString(data, tlvend, offset, TLV_TYPE_STR_KEYID, s);
@ -283,7 +162,6 @@ bool RsTlvSecurityKey_deprecated::GetTlv(void *data, uint32_t size, uint32_t *o
ok &= getRawUInt32(data, tlvend, offset, &(endTS));
ok &= keyData.GetTlv(data, tlvend, offset);
/***************************************************************************
* NB: extra components could be added (for future expansion of the type).
* or be present (if this code is reading an extended version).
@ -306,12 +184,10 @@ bool RsTlvSecurityKey_deprecated::GetTlv(void *data, uint32_t size, uint32_t *o
std::cerr << std::endl;
#endif
}
return ok;
return ok && checkFlags(keyFlags) ;
}
std::ostream &RsTlvSecurityKey_deprecated::print(std::ostream &out, uint16_t indent) const
std::ostream& RsTlvRSAKey::print(std::ostream &out, uint16_t indent) const
{
printBase(out, "RsTlvSecurityKey", indent);
uint16_t int_Indent = indent + 2;
@ -435,51 +311,27 @@ bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset)
/* get the next type */
uint16_t tlvsubtype = GetTlvType( &(((uint8_t *) data)[*offset]) );
// Security key set can be composed of public or private keys. We sort them into the correct bins after deserialisation
switch(tlvsubtype)
{
case TLV_TYPE_SECURITYKEY_deprecated:
case TLV_TYPE_SECURITY_KEY:
{
RsTlvSecurityKey_deprecated key;
uint32_t offset_save = *offset ;
ok &= key.GetTlv(data, size, offset);
RsTlvPublicRSAKey public_key;
if (ok)
{
std::cerr << "(WW) read RSA key with old format. Will be converted to new format. Flags=" << std::hex << key.keyFlags << std::dec << std::endl;
if(key.keyFlags & RSTLV_KEY_TYPE_FULL)
private_keys[key.keyId] = RsTlvPrivateRSAKey(key);
if(public_key.GetTlv(data, tlvend, offset))
public_keys[public_key.keyId] = public_key;
else
public_keys[key.keyId] = RsTlvPublicRSAKey(key);
key.TlvClear(); /* so that the Map can get control - should be ref counted*/
}
}
break ;
case TLV_TYPE_RSA_KEY_PRIVATE:
{
RsTlvPrivateRSAKey key;
*offset = offset_save ;
if(key.GetTlv(data, size, offset))
private_keys[key.keyId] = key;
else
ok = false ;
RsTlvPrivateRSAKey private_key;
key.TlvClear(); /* so that the Map can get control - should be ref counted*/
if(private_key.GetTlv(data, tlvend, offset))
private_keys[private_key.keyId] = private_key;
}
break;
case TLV_TYPE_RSA_KEY_PUBLIC:
{
RsTlvPublicRSAKey key;
if(key.GetTlv(data, size, offset))
public_keys[key.keyId] = key;
else
ok = false ;
key.TlvClear(); /* so that the Map can get control - should be ref counted*/
}
break ;
@ -513,6 +365,7 @@ bool RsTlvSecurityKeySet::GetTlv(void *data, uint32_t size, uint32_t *offset)
return ok;
}
// prints out contents of RsTlvSecurityKeySet
std::ostream &RsTlvSecurityKeySet::print(std::ostream &out, uint16_t indent) const
{
@ -855,3 +708,23 @@ uint32_t RsTlvKeySignatureSet::TlvSize() const
return s;
}

View File

@ -49,33 +49,11 @@ const uint32_t RSTLV_KEY_DISTRIB_MASK = 0x00f0;
// Old class for RsTlvSecurityKey. Is kept for backward compatibility, but should not be serialised anymore
class RsTlvSecurityKey_deprecated: public RsTlvItem
class RsTlvRSAKey: public RsTlvItem
{
public:
RsTlvSecurityKey_deprecated();
virtual ~RsTlvSecurityKey_deprecated() {}
virtual uint32_t TlvSize() const;
virtual void TlvClear();
virtual bool SetTlv(void *data, uint32_t size, uint32_t *offset) const;
virtual bool GetTlv(void *data, uint32_t size, uint32_t *offset);
virtual std::ostream &print(std::ostream &out, uint16_t indent) const;
/* clears KeyData - but doesn't delete - to transfer ownership */
void ShallowClear();
RsGxsId keyId; // Mandatory :
uint32_t keyFlags; // Mandatory ;
uint32_t startTS; // Mandatory :
uint32_t endTS; // Mandatory :
RsTlvBinaryData keyData; // Mandatory :
};
class RsTlvRSAKey
{
public:
virtual uint32_t tlvType() const = 0 ;
virtual bool checkFlags(uint32_t flags) const = 0 ;
RsTlvRSAKey();
virtual bool checkFlags(uint32_t flags) const = 0 ; // this pure virtual forces people to explicitly declare if they use a public or a private key.
virtual uint32_t TlvSize() const;
virtual void TlvClear();
@ -100,24 +78,16 @@ public:
class RsTlvPrivateRSAKey: public RsTlvRSAKey
{
public:
RsTlvPrivateRSAKey();
explicit RsTlvPrivateRSAKey(RsTlvSecurityKey_deprecated& key); // convertion tool. Should be called explicitely and performs some checks
virtual ~RsTlvPrivateRSAKey() {}
virtual bool checkFlags(uint32_t flags) const { return bool(flags & RSTLV_KEY_TYPE_FULL) && !bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) ; }
virtual uint32_t tlvType() const { return TLV_TYPE_RSA_KEY_PRIVATE ; }
};
class RsTlvPublicRSAKey: public RsTlvRSAKey
{
#warning TEST IF WE CAN CONVERT PUBLIC TO PRIVATE AND VIS VERSA. NORMALLY WE SHOULDNT
public:
RsTlvPublicRSAKey();
virtual ~RsTlvPublicRSAKey() {}
explicit RsTlvPublicRSAKey(RsTlvSecurityKey_deprecated& key); // convertion tool. Should be called explicitely and performs some checks
virtual bool checkFlags(uint32_t flags) const { return bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && !bool(flags & RSTLV_KEY_TYPE_FULL) ; }
virtual uint32_t tlvType() const { return TLV_TYPE_RSA_KEY_PUBLIC ; }
};
class RsTlvSecurityKeySet: public RsTlvItem
@ -126,7 +96,9 @@ public:
RsTlvSecurityKeySet() { return; }
virtual ~RsTlvSecurityKeySet() { return; }
void initFromPublicKeys(const RsTlvSecurityKeySet& skset) ;
// creates the public keys that are possible missing although the private keys are present.
void createPublicFromPrivateKeys();
virtual uint32_t TlvSize() const;
virtual void TlvClear();
@ -137,10 +109,6 @@ public:
std::string groupId; // Mandatory :
std::map<RsGxsId, RsTlvPublicRSAKey> public_keys; // Mandatory :
std::map<RsGxsId, RsTlvPrivateRSAKey> private_keys; // Mandatory :
//private:
// RsTlvSecurityKeySet& operator=(const RsTlvSecurityKeySet&) { std::cerr << "(EE) " <<__PRETTY_FUNCTION__ << " shouldn't be called!" << std::endl; return *this;}
// RsTlvSecurityKeySet(const RsTlvSecurityKeySet&) { std::cerr << "(EE) " <<__PRETTY_FUNCTION__ << " shouldn't be called!" << std::endl;}
};

View File

@ -147,8 +147,7 @@ RsIdentity *rsIdentity = NULL;
p3IdService::p3IdService(RsGeneralDataService *gds, RsNetworkExchangeService *nes, PgpAuxUtils *pgpUtils)
: RsGxsIdExchange(gds, nes, new RsGxsIdSerialiser(), RS_SERVICE_GXS_TYPE_GXSID, idAuthenPolicy()),
RsIdentity(this), GxsTokenQueue(this), RsTickEvent(),
mPublicKeyCache(GXSID_MAX_CACHE_SIZE, "GxsIdPublicKeyCache"),
mPrivateKeyCache(GXSID_MAX_CACHE_SIZE, "GxsIdPrivateKeyCache"),
mKeyCache(GXSID_MAX_CACHE_SIZE, "GxsIdKeyCache"),
mIdMtx("p3IdService"), mNes(nes),
mPgpUtils(pgpUtils)
{
@ -448,10 +447,9 @@ bool p3IdService:: getIdDetails(const RsGxsId &id, RsIdentityDetails &details)
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
{
RsGxsIdCache<RsTlvPublicRSAKey> data;
RsGxsIdCache data;
if (mPublicKeyCache.fetch(id, data))
if (mKeyCache.fetch(id, data))
{
details = data.details;
details.mLastUsageTS = locked_getLastUsageTS(id) ;
@ -469,23 +467,6 @@ bool p3IdService:: getIdDetails(const RsGxsId &id, RsIdentityDetails &details)
}
}
RsGxsIdCache<RsTlvPrivateRSAKey> data;
/* try private cache too */
if (mPrivateKeyCache.fetch(id, data))
{
details = data.details;
details.mLastUsageTS = locked_getLastUsageTS(id) ;
if(mContacts.find(id) != mContacts.end())
details.mFlags |= RS_IDENTITY_FLAGS_IS_A_CONTACT ;
rsReputations->getReputationInfo(id,details.mReputation) ;
return true;
}
}
/* it isn't there - add to public requests */
cache_request_load(id);
@ -598,36 +579,24 @@ bool p3IdService::getRecognTagRequest(const RsGxsId &id, const std::string &comm
std::cerr << "p3IdService::getRecognTagRequest()";
std::cerr << std::endl;
#endif
if (!havePrivateKey(id))
if(!isOwnId(id))
{
#ifdef DEBUG_RECOGN
std::cerr << "p3IdService::getRecognTagRequest() Dont have private key";
std::cerr << std::endl;
#endif
// attempt to load it.
cache_request_load(id);
std::cerr << "(EE) cannot retrieve own key to create tag request. KeyId=" << id << std::endl;
return false ;
}
RsTlvPrivateRSAKey key;
std::string nickname;
RsGxsIdCache data ;
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache<RsTlvPrivateRSAKey> data;
if (!mPrivateKeyCache.fetch(id, data))
{
#ifdef DEBUG_RECOGN
std::cerr << "p3IdService::getRecognTagRequest() Cache failure";
std::cerr << std::endl;
#endif
if(!mKeyCache.fetch(id, data))
return false ;
}
key = data.pubkey;
nickname = data.details.mNickname ;
key = data.priv_key ;
}
return RsRecogn::createTagRequest(key, id, nickname, tag_class, tag_type, comment, tag);
@ -642,13 +611,16 @@ bool p3IdService::getRecognTagRequest(const RsGxsId &id, const std::string &comm
bool p3IdService::haveKey(const RsGxsId &id)
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
return mPublicKeyCache.is_cached(id);
return mKeyCache.is_cached(id);
}
bool p3IdService::havePrivateKey(const RsGxsId &id)
{
if(! isOwnId(id))
return false ;
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
return mPrivateKeyCache.is_cached(id);
return mKeyCache.is_cached(id) ;
}
bool p3IdService::requestKey(const RsGxsId &id, const std::list<PeerId> &peers)
@ -680,11 +652,11 @@ bool p3IdService::getKey(const RsGxsId &id, RsTlvPublicRSAKey &key)
{
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache<RsTlvPublicRSAKey> data;
RsGxsIdCache data;
if (mPublicKeyCache.fetch(id, data))
if (mKeyCache.fetch(id, data))
{
key = data.pubkey;
key = data.pub_key;
return true;
}
}
@ -707,11 +679,11 @@ bool p3IdService::getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key)
{
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache<RsTlvPrivateRSAKey> data;
RsGxsIdCache data;
if (mPrivateKeyCache.fetch(id, data))
if (mKeyCache.fetch(id, data))
{
key = data.pubkey;
key = data.priv_key;
return true;
}
}
@ -888,9 +860,9 @@ bool p3IdService::getReputation(const RsGxsId &id, GixsReputation &rep)
/* this is the key part for accepting messages */
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache<RsTlvPublicRSAKey> data;
RsGxsIdCache data;
if (mPublicKeyCache.fetch(id, data))
if (mKeyCache.fetch(id, data))
{
rep.id = id;
rep.score = 0;//data.details.mReputation.mOverallScore;
@ -1172,7 +1144,7 @@ bool p3IdService::updateGroup(uint32_t& token, RsGxsIdGroup &group)
// if its in the cache - clear it.
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
if (mPublicKeyCache.erase(id))
if (mKeyCache.erase(id))
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::updateGroup() Removed from PublicKeyCache";
@ -1184,21 +1156,6 @@ bool p3IdService::updateGroup(uint32_t& token, RsGxsIdGroup &group)
#ifdef DEBUG_IDS
std::cerr << "p3IdService::updateGroup() Not in PublicKeyCache";
std::cerr << std::endl;
#endif
}
if (mPrivateKeyCache.erase(id))
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::updateGroup() Removed from PrivateKeyCache";
std::cerr << std::endl;
#endif
}
else
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::updateGroup() Not in PrivateKeyCache";
std::cerr << std::endl;
#endif
}
}
@ -1223,7 +1180,7 @@ bool p3IdService::deleteGroup(uint32_t& token, RsGxsIdGroup &group)
// if its in the cache - clear it.
{
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
if (mPublicKeyCache.erase(id))
if (mKeyCache.erase(id))
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::deleteGroup() Removed from PublicKeyCache";
@ -1238,21 +1195,6 @@ bool p3IdService::deleteGroup(uint32_t& token, RsGxsIdGroup &group)
#endif
}
if (mPrivateKeyCache.erase(id))
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::deleteGroup() Removed from PrivateKeyCache";
std::cerr << std::endl;
#endif
}
else
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::deleteGroup() Not in PrivateKeyCache";
std::cerr << std::endl;
#endif
}
std::list<RsGxsId>::iterator lit = std::find( mOwnIds.begin(), mOwnIds.end(), id);
if (lit != mOwnIds.end())
{
@ -1642,6 +1584,59 @@ std::string SSGxsIdGroup::save() const
*
*/
RsGxsIdCache::RsGxsIdCache() {}
RsGxsIdCache::RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& in_pkey, const std::list<RsRecognTag> &tagList)
{
init(item,in_pkey,RsTlvPrivateRSAKey(),tagList) ;
}
RsGxsIdCache::RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& in_pkey, const RsTlvPrivateRSAKey& privkey, const std::list<RsRecognTag> &tagList)
{
init(item,in_pkey,privkey,tagList) ;
}
void RsGxsIdCache::init(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& in_pub_key, const RsTlvPrivateRSAKey& in_priv_key,const std::list<RsRecognTag> &tagList)
{
// Save Keys.
pub_key = in_pub_key;
priv_key = in_priv_key;
// Save Time for ServiceString comparisions.
mPublishTs = item->meta.mPublishTs;
// Save RecognTags.
mRecognTags = tagList;
details.mAvatar.copy((uint8_t *) item->mImage.binData.bin_data, item->mImage.binData.bin_len);
// Fill in Details.
details.mNickname = item->meta.mGroupName;
details.mId = RsGxsId(item->meta.mGroupId);
#ifdef DEBUG_IDS
std::cerr << "RsGxsIdCache::RsGxsIdCache() for: " << details.mId;
std::cerr << std::endl;
#endif // DEBUG_IDS
details.mFlags = 0 ;
if(item->meta.mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN) details.mFlags |= RS_IDENTITY_FLAGS_IS_OWN_ID;
if(item->meta.mGroupFlags & RSGXSID_GROUPFLAG_REALID) details.mFlags |= RS_IDENTITY_FLAGS_PGP_LINKED;
// do some tests
if(details.mFlags & RS_IDENTITY_FLAGS_IS_OWN_ID)
{
if(!priv_key.check())
std::cerr << "(EE) Private key missing for own identity " << pub_key.keyId << std::endl;
}
if(!pub_key.check())
std::cerr << "(EE) Public key missing for identity " << pub_key.keyId << std::endl;
/* rest must be retrived from ServiceString */
updateServiceString(item->meta.mServiceString);
}
void RsGxsIdCache::updateServiceString(std::string serviceString)
{
details.mRecognTags.clear();
@ -1853,6 +1848,7 @@ bool p3IdService::cache_process_recogntaginfo(const RsGxsIdGroupItem *item, std:
return true;
}
// Loads in the cache the group data from the given group item, retrieved from sqlite storage.
bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
{
@ -1865,56 +1861,42 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
/* extract key from keys */
RsTlvSecurityKeySet keySet;
RsTlvSecurityKey_deprecated pubkey;
RsTlvSecurityKey_deprecated fullkey;
RsTlvPublicRSAKey pubkey;
RsTlvPrivateRSAKey fullkey;
bool pub_key_ok = false;
bool full_key_ok = false;
RsGxsId id (item->meta.mGroupId.toStdString());
if (!getGroupKeys(RsGxsGroupId(id.toStdString()), keySet))
{
std::cerr << "p3IdService::cache_store() ERROR getting GroupKeys for: ";
std::cerr << item->meta.mGroupId;
std::cerr << std::endl;
std::cerr << "p3IdService::cache_store() ERROR getting GroupKeys for: "<< item->meta.mGroupId << std::endl;
return false;
}
std::map<RsGxsId, RsTlvSecurityKey_deprecated>::iterator kit;
//std::cerr << "p3IdService::cache_store() KeySet is:";
//keySet.print(std::cerr, 10);
for (kit = keySet.keys.begin(); kit != keySet.keys.end(); ++kit)
{
for (std::map<RsGxsId, RsTlvPrivateRSAKey>::iterator kit = keySet.private_keys.begin(); kit != keySet.private_keys.end(); ++kit)
if (kit->second.keyFlags & RSTLV_KEY_DISTRIB_ADMIN)
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::cache_store() Found Admin Key";
std::cerr << std::endl;
#endif // DEBUG_IDS
/* save full key - if we have it */
if (kit->second.keyFlags & RSTLV_KEY_TYPE_FULL)
{
std::cerr << "p3IdService::cache_store() Found Admin Key" << std::endl;
#endif
fullkey = kit->second;
full_key_ok = true;
if(GxsSecurity::extractPublicKey(fullkey,pubkey))
pub_key_ok = true ;
}
else
for (std::map<RsGxsId, RsTlvPublicRSAKey>::iterator kit = keySet.public_keys.begin(); kit != keySet.public_keys.end(); ++kit)
if (kit->second.keyFlags & RSTLV_KEY_DISTRIB_ADMIN)
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::cache_store() Found Admin public Key" << std::endl;
#endif
pubkey = kit->second;
pub_key_ok = true ;
}
/* cache public key always
* we don't need to check the keyFlags,
* as both FULL and PUBLIC_ONLY keys contain the PUBLIC key
*/
}
}
assert(!( pubkey.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
assert(!full_key_ok || (fullkey.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
if (!pub_key_ok)
{
@ -1929,19 +1911,11 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
assert(!(pubkey.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
// Create Cache Data.
RsGxsIdCache pubcache(item, pubkey, tagList);
mPublicKeyCache.store(id, pubcache);
mPublicKeyCache.resize();
RsGxsIdCache keycache(item, pubkey, fullkey,tagList);
if (full_key_ok)
{
RsGxsIdCache fullcache(item, fullkey, tagList);
mPrivateKeyCache.store(id, fullcache);
mPrivateKeyCache.resize();
}
mKeyCache.store(id, keycache);
mKeyCache.resize();
return true;
}
@ -2145,31 +2119,18 @@ bool p3IdService::cache_update_if_cached(const RsGxsId &id, std::string serviceS
/* retrieve - update, save */
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
RsGxsIdCache pub_data;
if (mPublicKeyCache.fetch(id, pub_data))
RsGxsIdCache updated_data;
if(mKeyCache.fetch(id, updated_data))
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::cache_update_if_cached() Updating Public Cache";
std::cerr << std::endl;
#endif // DEBUG_IDS
assert(!(pub_data.pubkey.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
updated_data.updateServiceString(serviceString);
pub_data.updateServiceString(serviceString);
mPublicKeyCache.store(id, pub_data);
}
RsGxsIdCache priv_data;
if (mPrivateKeyCache.fetch(id, priv_data))
{
#ifdef DEBUG_IDS
std::cerr << "p3IdService::cache_update_if_cached() Updating Private Cache";
std::cerr << std::endl;
#endif // DEBUG_IDS
priv_data.updateServiceString(serviceString);
mPrivateKeyCache.store(id, priv_data);
mKeyCache.store(id, updated_data);
}
return true;
@ -2338,7 +2299,7 @@ bool p3IdService::cachetest_handlerequest(uint32_t token)
}
else
{
RsTlvSecurityKey_deprecated seckey;
RsTlvPublicRSAKey seckey;
if (getKey(*vit, seckey))
{
#ifdef DEBUG_IDS
@ -2370,7 +2331,7 @@ bool p3IdService::cachetest_handlerequest(uint32_t token)
}
else
{
RsTlvSecurityKey_deprecated seckey;
RsTlvPrivateRSAKey seckey;
if (getPrivateKey(*vit, seckey))
{
// success!
@ -2510,21 +2471,18 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
std::cerr << std::endl;
#endif // DEBUG_IDS
item->meta.mGroupId.clear();
/********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
// find private admin key
std::map<RsGxsId, RsTlvSecurityKey_deprecated>::iterator mit = keySet.keys.begin();
for(; mit != keySet.keys.end(); ++mit)
for(std::map<RsGxsId, RsTlvPrivateRSAKey>::iterator mit = keySet.private_keys.begin();mit != keySet.private_keys.end(); ++mit)
if(mit->second.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL))
{
RsTlvSecurityKey_deprecated& pk = mit->second;
if(pk.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL))
{
item->meta.mGroupId = RsGxsGroupId(pk.keyId);
item->meta.mGroupId = RsGxsGroupId(mit->second.keyId);
break;
}
}
if(mit == keySet.keys.end())
if(item->meta.mGroupId.isNull())
{
std::cerr << "p3IdService::service_CreateGroup() ERROR no admin key";
std::cerr << std::endl;

View File

@ -190,40 +190,13 @@ virtual std::string save() const;
class RsGxsIdGroupItem;
template<class KeyClass> class RsGxsIdCache
class RsGxsIdCache
{
public:
RsGxsIdCache();
RsGxsIdCache(const RsGxsIdGroupItem *item, const KeyClass& in_pkey, const std::list<RsRecognTag> &tagList)
{
// Save Keys.
pubkey = in_pkey;
// Save Time for ServiceString comparisions.
mPublishTs = item->meta.mPublishTs;
// Save RecognTags.
mRecognTags = tagList;
details.mAvatar.copy((uint8_t *) item->mImage.binData.bin_data, item->mImage.binData.bin_len);
// Fill in Details.
details.mNickname = item->meta.mGroupName;
details.mId = RsGxsId(item->meta.mGroupId);
#ifdef DEBUG_IDS
std::cerr << "RsGxsIdCache::RsGxsIdCache() for: " << details.mId;
std::cerr << std::endl;
#endif // DEBUG_IDS
details.mFlags = 0 ;
if(item->meta.mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN) details.mFlags |= RS_IDENTITY_FLAGS_IS_OWN_ID;
if(item->meta.mGroupFlags & RSGXSID_GROUPFLAG_REALID) details.mFlags |= RS_IDENTITY_FLAGS_PGP_LINKED;
/* rest must be retrived from ServiceString */
updateServiceString(item->meta.mServiceString);
}
RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& in_pkey, const RsTlvPrivateRSAKey& privkey, const std::list<RsRecognTag> &tagList);
RsGxsIdCache(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& in_pkey, const std::list<RsRecognTag> &tagList);
void updateServiceString(std::string serviceString);
@ -231,8 +204,12 @@ public:
std::list<RsRecognTag> mRecognTags; // Only partially validated.
RsIdentityDetails details;
#warning why the "pub" here??
KeyClass pubkey;
RsTlvPublicRSAKey pub_key;
RsTlvPrivateRSAKey priv_key;
private:
void init(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& in_pub_key, const RsTlvPrivateRSAKey& in_priv_key,const std::list<RsRecognTag> &tagList);
};
@ -380,8 +357,7 @@ virtual void handle_event(uint32_t event_type, const std::string &elabel);
std::map<RsGxsId, std::list<RsPeerId> > mCacheLoad_ToCache, mPendingCache;
// Switching to RsMemCache for Key Caching.
RsMemCache<RsGxsId, RsGxsIdCache<RsTlvPublicRSAKey> > mPublicKeyCache;
RsMemCache<RsGxsId, RsGxsIdCache<RsTlvPrivateRSAKey> > mPrivateKeyCache;
RsMemCache<RsGxsId, RsGxsIdCache> mKeyCache;
/************************************************************************
* Refreshing own Ids.