mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-28 17:09:34 -05:00
Second stage in abstracting GXS identities usage cases (almost done)
This commit is contained in:
parent
17fc89e3c0
commit
a9670a569a
@ -237,8 +237,9 @@ bool DistributedChatService::checkSignature(RsChatLobbyBouncingObject *obj,const
|
||||
}
|
||||
|
||||
uint32_t error_status ;
|
||||
RsIdentityUsage use_info(RS_SERVICE_TYPE_CHAT,RsIdentityUsage::CHAT_LOBBY_MSG_VALIDATION,RsGxsGroupId(),RsGxsMessageId(),obj->lobby_id) ;
|
||||
|
||||
if(!mGixs->validateData(memory,obj->signed_serial_size(),obj->signature,false,"Chat lobby "+RsUtil::NumberToString(obj->lobby_id,true),error_status))
|
||||
if(!mGixs->validateData(memory,obj->signed_serial_size(),obj->signature,false,use_info,error_status))
|
||||
{
|
||||
bool res = false ;
|
||||
|
||||
|
@ -1555,7 +1555,7 @@ void p3GRouter::handleIncomingReceiptItem(RsGRouterSignedReceiptItem *receipt_it
|
||||
|
||||
uint32_t error_status ;
|
||||
|
||||
if(! verifySignedDataItem(receipt_item,"GRouter incoming receipt item",error_status))
|
||||
if(! verifySignedDataItem(receipt_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CHECK,error_status))
|
||||
if( (it->second.routing_flags & GRouterRoutingInfo::ROUTING_FLAGS_IS_ORIGIN) || (error_status != RsGixs::RS_GIXS_ERROR_KEY_NOT_AVAILABLE))
|
||||
{
|
||||
std::cerr << " checking receipt signature : FAILED. Receipt is dropped. Error status=" << error_status << std::endl;
|
||||
@ -1711,7 +1711,7 @@ void p3GRouter::handleIncomingDataItem(RsGRouterGenericDataItem *data_item)
|
||||
#endif
|
||||
uint32_t error_status ;
|
||||
|
||||
if(!verifySignedDataItem(data_item,"Incoming distant message",error_status)) // we should get proper flags out of this
|
||||
if(!verifySignedDataItem(data_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CHECK,error_status)) // we should get proper flags out of this
|
||||
{
|
||||
std::cerr << " verifying item signature: FAILED! Droping that item" ;
|
||||
std::cerr << " You probably received a message from a person you don't have key." << std::endl;
|
||||
@ -1980,7 +1980,7 @@ bool p3GRouter::signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& signi
|
||||
return false ;
|
||||
}
|
||||
}
|
||||
bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::string& info,uint32_t& error_status)
|
||||
bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const RsIdentityUsage::UsageCode& info,uint32_t& error_status)
|
||||
{
|
||||
try
|
||||
{
|
||||
@ -1999,7 +1999,9 @@ bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::s
|
||||
if(!item->serialise_signed_data(data,data_size))
|
||||
throw std::runtime_error("Cannot serialise signed data.") ;
|
||||
|
||||
if(!mGixs->validateData(data,data_size,item->signature,true,info, error_status))
|
||||
RsIdentityUsage use(RS_SERVICE_TYPE_GROUTER,info) ;
|
||||
|
||||
if(!mGixs->validateData(data,data_size,item->signature,true,use, error_status))
|
||||
{
|
||||
switch(error_status)
|
||||
{
|
||||
@ -2010,7 +2012,7 @@ bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::s
|
||||
|
||||
std::cerr << "(EE) Key for GXS Id " << item->signature.keyId << " is not available. Cannot verify. Asking key to peer " << item->PeerId() << std::endl;
|
||||
|
||||
mGixs->requestKey(item->signature.keyId,peer_ids,info) ; // request the key around
|
||||
mGixs->requestKey(item->signature.keyId,peer_ids,use) ; // request the key around
|
||||
}
|
||||
break ;
|
||||
case RsGixs::RS_GIXS_ERROR_SIGNATURE_MISMATCH: std::cerr << "(EE) Signature mismatch. Spoofing/Corrupted/MITM?." << std::endl;
|
||||
@ -2116,7 +2118,7 @@ bool p3GRouter::sendData(const RsGxsId& destination,const GRouterServiceId& clie
|
||||
// Verify the signature. If that fails, there's a bug somewhere!!
|
||||
uint32_t error_status;
|
||||
|
||||
if(!verifySignedDataItem(data_item,"GRouter own signature check for outgoing msg",error_status))
|
||||
if(!verifySignedDataItem(data_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CREATION,error_status))
|
||||
{
|
||||
std::cerr << "Cannot verify data item that was just signed. Some error occured!" << std::endl;
|
||||
delete data_item;
|
||||
|
@ -32,6 +32,7 @@
|
||||
#include "retroshare/rsgrouter.h"
|
||||
#include "retroshare/rstypes.h"
|
||||
#include "retroshare/rstypes.h"
|
||||
#include "retroshare/rsidentity.h"
|
||||
|
||||
#include "turtle/turtleclientservice.h"
|
||||
#include "services/p3service.h"
|
||||
@ -254,7 +255,7 @@ private:
|
||||
|
||||
// signs an item with the given key.
|
||||
bool signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& id) ;
|
||||
bool verifySignedDataItem(RsGRouterAbstractMsgItem *item, const std::string &info, uint32_t &error_status) ;
|
||||
bool verifySignedDataItem(RsGRouterAbstractMsgItem *item, const RsIdentityUsage::UsageCode &info, uint32_t &error_status) ;
|
||||
bool encryptDataItem(RsGRouterGenericDataItem *item,const RsGxsId& destination_key) ;
|
||||
bool decryptDataItem(RsGRouterGenericDataItem *item) ;
|
||||
|
||||
|
@ -904,7 +904,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
|
||||
{
|
||||
std::list<RsPeerId> peers;
|
||||
peers.push_back(msg->PeerId());
|
||||
mGixs->requestKey(metaData.mAuthorId, peers,"Validation of author signature, service: " + rsServiceControl->getServiceName(serviceFullType()) + ". Grp="+metaData.mGroupId.toStdString()+", msg="+metaData.mMsgId.toStdString());
|
||||
mGixs->requestKey(metaData.mAuthorId, peers, RsIdentityUsage(serviceType(),RsIdentityUsage::MESSAGE_AUTHOR_SIGNATURE_VALIDATION,metaData.mGroupId,metaData.mMsgId));
|
||||
|
||||
#ifdef GEN_EXCH_DEBUG
|
||||
std::cerr << ", Key missing. Retry later." << std::endl;
|
||||
@ -999,7 +999,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp)
|
||||
#endif
|
||||
std::list<RsPeerId> peers;
|
||||
peers.push_back(grp->PeerId());
|
||||
mGixs->requestKey(metaData.mAuthorId, peers,"Group author signature validation. GrpId=" + metaData.mGroupId.toStdString());
|
||||
mGixs->requestKey(metaData.mAuthorId, peers,RsIdentityUsage(mServType,RsIdentityUsage::GROUP_AUTHOR_SIGNATURE_VALIDATION,metaData.mGroupId));
|
||||
return VALIDATE_FAIL_TRY_LATER;
|
||||
}
|
||||
}
|
||||
|
@ -117,7 +117,7 @@ public:
|
||||
*/
|
||||
|
||||
virtual bool signData(const uint8_t *data,uint32_t data_size,const RsGxsId& signer_id,RsTlvKeySignature& signature,uint32_t& signing_error) = 0 ;
|
||||
virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error) = 0 ;
|
||||
virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const RsIdentityUsage& info,uint32_t& signing_error) = 0 ;
|
||||
|
||||
virtual bool encryptData(const uint8_t *clear_data,uint32_t clear_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& encryption_error) = 0 ;
|
||||
virtual bool decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& clear_data,uint32_t& clear_data_size,const RsGxsId& encryption_key_id,uint32_t& encryption_error) = 0 ;
|
||||
|
@ -270,7 +270,7 @@ bool RsGxsIntegrityCheck::check()
|
||||
GXSUTIL_DEBUG() << "TimeStamping message authors' key ID " << msg->metaData->mAuthorId << " in message " << msg->msgId << ", group ID " << msg->grpId<< std::endl;
|
||||
#endif
|
||||
if(rsIdentity!=NULL && rsIdentity->overallReputationLevel(msg->metaData->mAuthorId) > RsReputations::REPUTATION_LOCALLY_NEGATIVE)
|
||||
used_gxs_ids.insert(std::make_pair(msg->metaData->mAuthorId,std::make_pair(msg->metaData->mGroupId,msg->metaData->mMsgId))) ;
|
||||
used_gxs_ids.insert(std::make_pair(msg->metaData->mAuthorId,RsIdentityUsage(mGenExchangeClient->serviceType(),RsIdentityUsage::MESSAGE_AUTHOR_KEEP_ALIVE,msg->metaData->mGroupId,msg->metaData->mMsgId))) ;
|
||||
}
|
||||
|
||||
delete msg;
|
||||
|
@ -937,7 +937,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
|
||||
std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
|
||||
return ;
|
||||
}
|
||||
mGixs->timeStampKey(item->signature.keyId,"Used to validate GXS tunnel DH half-key.") ;
|
||||
mGixs->timeStampKey(item->signature.keyId,RsIdentityUsage(RS_SERVICE_TYPE_GXS_TUNNEL,RsIdentityUsage::GXS_TUNNEL_DH_SIGNATURE_CHECK));
|
||||
|
||||
#ifdef DEBUG_GXS_TUNNEL
|
||||
std::cerr << " Signature checks! Sender's ID = " << senders_id << std::endl;
|
||||
|
@ -162,39 +162,6 @@ class RsRecognTagDetails
|
||||
bool is_pending;
|
||||
};
|
||||
|
||||
class RsIdentityDetails
|
||||
{
|
||||
public:
|
||||
RsIdentityDetails()
|
||||
: mFlags(0), mLastUsageTS(0) { return; }
|
||||
|
||||
RsGxsId mId;
|
||||
|
||||
// identity details.
|
||||
std::string mNickname;
|
||||
|
||||
uint32_t mFlags ;
|
||||
|
||||
// PGP Stuff.
|
||||
RsPgpId mPgpId;
|
||||
|
||||
// Recogn details.
|
||||
std::list<RsRecognTag> mRecognTags;
|
||||
|
||||
// Cyril: Reputation details. At some point we might want to merge information
|
||||
// between the two into a single global score. Since the old reputation system
|
||||
// is not finished yet, I leave this in place. We should decide what to do with it.
|
||||
RsReputations::ReputationInfo mReputation;
|
||||
|
||||
// avatar
|
||||
RsGxsImage mAvatar ;
|
||||
|
||||
// last usage
|
||||
time_t mLastUsageTS ;
|
||||
std::map<std::string,time_t> mUseCases ;
|
||||
};
|
||||
|
||||
|
||||
class RsIdOpinion
|
||||
{
|
||||
public:
|
||||
@ -224,10 +191,14 @@ public:
|
||||
MESSAGE_AUTHOR_SIGNATURE_VALIDATION = 0x06,
|
||||
GROUP_AUTHOR_KEEP_ALIVE = 0x07, // Identities are stamped regularly by crawlign the set of messages for all groups. That helps keepign the useful identities in hand.
|
||||
MESSAGE_AUTHOR_KEEP_ALIVE = 0x08, // Identities are stamped regularly by crawlign the set of messages for all groups. That helps keepign the useful identities in hand.
|
||||
CHAT_LOBBY_MSG_VALIDATION = 0x09 // Chat lobby msgs are signed, so each time one comes, or a chat lobby event comes, a signature verificaiton happens.
|
||||
CHAT_LOBBY_MSG_VALIDATION = 0x09, // Chat lobby msgs are signed, so each time one comes, or a chat lobby event comes, a signature verificaiton happens.
|
||||
GLOBAL_ROUTER_SIGNATURE_CHECK = 0x0a, // Global router message validation
|
||||
GLOBAL_ROUTER_SIGNATURE_CREATION = 0x0b, // Global router message signature
|
||||
GXS_TUNNEL_DH_SIGNATURE_CHECK = 0x0c, //
|
||||
GXS_TUNNEL_DH_SIGNATURE_CREATION = 0x0d //
|
||||
} ;
|
||||
|
||||
RsIdentityUsage(uint16_t service,const RsIdentityUsage::UsageCode& code,const RsGxsGroupId& gid,const RsGxsMessageId& mid=RsGxsMessageId(),uint64_t additional_id=0,const std::string& comment = std::string())
|
||||
RsIdentityUsage(uint16_t service,const RsIdentityUsage::UsageCode& code,const RsGxsGroupId& gid=RsGxsGroupId(),const RsGxsMessageId& mid=RsGxsMessageId(),uint64_t additional_id=0,const std::string& comment = std::string())
|
||||
: mServiceId(service), mUsageCode(code), mGrpId(gid), mMsgId(mid),mAdditionalId(additional_id),mComment(comment) {}
|
||||
|
||||
uint16_t mServiceId; // Id of the service using that identity
|
||||
@ -239,6 +210,39 @@ public:
|
||||
std::string mComment ; // additional comment to be used mainly for debugging, but not GUI display
|
||||
};
|
||||
|
||||
class RsIdentityDetails
|
||||
{
|
||||
public:
|
||||
RsIdentityDetails()
|
||||
: mFlags(0), mLastUsageTS(0) { return; }
|
||||
|
||||
RsGxsId mId;
|
||||
|
||||
// identity details.
|
||||
std::string mNickname;
|
||||
|
||||
uint32_t mFlags ;
|
||||
|
||||
// PGP Stuff.
|
||||
RsPgpId mPgpId;
|
||||
|
||||
// Recogn details.
|
||||
std::list<RsRecognTag> mRecognTags;
|
||||
|
||||
// Cyril: Reputation details. At some point we might want to merge information
|
||||
// between the two into a single global score. Since the old reputation system
|
||||
// is not finished yet, I leave this in place. We should decide what to do with it.
|
||||
RsReputations::ReputationInfo mReputation;
|
||||
|
||||
// avatar
|
||||
RsGxsImage mAvatar ;
|
||||
|
||||
// last usage
|
||||
time_t mLastUsageTS ;
|
||||
std::map<RsIdentityUsage,time_t> mUseCases ;
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
class RsIdentity: public RsGxsIfaceHelper
|
||||
|
@ -287,10 +287,10 @@ void p3IdService::timeStampKey(const RsGxsId& gxs_id, const RsIdentityUsage& rea
|
||||
{
|
||||
// This is very costly, but normally the outerloop should never be rolled more than once.
|
||||
|
||||
std::map<std::string,time_t>::iterator best_it ;
|
||||
std::map<RsIdentityUsage,time_t>::iterator best_it ;
|
||||
time_t best_time = now+1;
|
||||
|
||||
for(std::map<std::string,time_t>::iterator it(info.usage_map.begin());it!=info.usage_map.end();++it)
|
||||
for(std::map<RsIdentityUsage,time_t>::iterator it(info.usage_map.begin());it!=info.usage_map.end();++it)
|
||||
if(it->second < best_time)
|
||||
{
|
||||
best_time = it->second ;
|
||||
@ -788,7 +788,7 @@ static void mergeIds(std::map<RsGxsId,std::list<RsPeerId> >& idmap,const RsGxsId
|
||||
old_peers.push_back(*it) ;
|
||||
}
|
||||
|
||||
bool p3IdService::requestKey(const RsGxsId &id, const std::list<RsPeerId>& peers,const RsIdentityUsage& info)
|
||||
bool p3IdService::requestKey(const RsGxsId &id, const std::list<RsPeerId>& peers,const RsIdentityUsage& use_info)
|
||||
{
|
||||
if(id.isNull())
|
||||
{
|
||||
@ -834,7 +834,7 @@ bool p3IdService::requestKey(const RsGxsId &id, const std::list<RsPeerId>& peers
|
||||
}
|
||||
{
|
||||
RS_STACK_MUTEX(mIdMtx); /********** STACK LOCKED MTX ******/
|
||||
mKeysTS[id].usage_map["Requested to friends: "+info] = time(NULL) ;
|
||||
mKeysTS[id].usage_map[use_info] = time(NULL) ;
|
||||
}
|
||||
|
||||
return cache_request_load(id, peers);
|
||||
@ -935,7 +935,7 @@ bool p3IdService::signData(const uint8_t *data,uint32_t data_size,const RsGxsId&
|
||||
timeStampKey(own_gxs_id,"Own GXS id") ;
|
||||
return true ;
|
||||
}
|
||||
bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error)
|
||||
bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const RsIdentityUsage& info,uint32_t& signing_error)
|
||||
{
|
||||
// RsIdentityDetails details ;
|
||||
// getIdDetails(signature.keyId,details);
|
||||
@ -969,7 +969,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl
|
||||
}
|
||||
signing_error = RS_GIXS_ERROR_NO_ERROR ;
|
||||
|
||||
timeStampKey(signature.keyId,"Used in signature checking: "+info_string ) ;
|
||||
timeStampKey(signature.keyId,info);
|
||||
return true ;
|
||||
}
|
||||
bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status)
|
||||
|
@ -286,7 +286,7 @@ public:
|
||||
virtual bool isOwnId(const RsGxsId& key_id) ;
|
||||
|
||||
virtual bool signData(const uint8_t *data,uint32_t data_size,const RsGxsId& signer_id,RsTlvKeySignature& signature,uint32_t& signing_error) ;
|
||||
virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error) ;
|
||||
virtual bool validateData(const uint8_t *data, uint32_t data_size, const RsTlvKeySignature& signature, bool force_load, const RsIdentityUsage &info, uint32_t& signing_error) ;
|
||||
|
||||
virtual bool encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& encryption_error) ;
|
||||
virtual bool decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& decrypted_data,uint32_t& decrypted_data_size,const RsGxsId& encryption_key_id,uint32_t& encryption_error) ;
|
||||
@ -297,7 +297,7 @@ public:
|
||||
virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey &key);
|
||||
virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key);
|
||||
|
||||
virtual bool requestKey(const RsGxsId &id, const std::list<RsPeerId> &peers, const RsIdentityUsage &info);
|
||||
virtual bool requestKey(const RsGxsId &id, const std::list<RsPeerId> &peers, const RsIdentityUsage &use_info);
|
||||
virtual bool requestPrivateKey(const RsGxsId &id);
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user