From a9670a569a93054f267f7dc9c2ea279425a4db78 Mon Sep 17 00:00:00 2001 From: csoler Date: Mon, 2 Jan 2017 23:53:39 +0100 Subject: [PATCH] Second stage in abstracting GXS identities usage cases (almost done) --- libretroshare/src/chat/distributedchat.cc | 3 +- libretroshare/src/grouter/p3grouter.cc | 14 ++-- libretroshare/src/grouter/p3grouter.h | 3 +- libretroshare/src/gxs/rsgenexchange.cc | 4 +- libretroshare/src/gxs/rsgixs.h | 2 +- libretroshare/src/gxs/rsgxsutil.cc | 2 +- libretroshare/src/gxstunnel/p3gxstunnel.cc | 2 +- libretroshare/src/retroshare/rsidentity.h | 74 ++++++++++++---------- libretroshare/src/services/p3idservice.cc | 12 ++-- libretroshare/src/services/p3idservice.h | 4 +- 10 files changed, 64 insertions(+), 56 deletions(-) diff --git a/libretroshare/src/chat/distributedchat.cc b/libretroshare/src/chat/distributedchat.cc index 6124aedd4..1b618593e 100644 --- a/libretroshare/src/chat/distributedchat.cc +++ b/libretroshare/src/chat/distributedchat.cc @@ -237,8 +237,9 @@ bool DistributedChatService::checkSignature(RsChatLobbyBouncingObject *obj,const } uint32_t error_status ; + RsIdentityUsage use_info(RS_SERVICE_TYPE_CHAT,RsIdentityUsage::CHAT_LOBBY_MSG_VALIDATION,RsGxsGroupId(),RsGxsMessageId(),obj->lobby_id) ; - if(!mGixs->validateData(memory,obj->signed_serial_size(),obj->signature,false,"Chat lobby "+RsUtil::NumberToString(obj->lobby_id,true),error_status)) + if(!mGixs->validateData(memory,obj->signed_serial_size(),obj->signature,false,use_info,error_status)) { bool res = false ; diff --git a/libretroshare/src/grouter/p3grouter.cc b/libretroshare/src/grouter/p3grouter.cc index 1cb8cb360..b04a97cb4 100644 --- a/libretroshare/src/grouter/p3grouter.cc +++ b/libretroshare/src/grouter/p3grouter.cc @@ -1555,7 +1555,7 @@ void p3GRouter::handleIncomingReceiptItem(RsGRouterSignedReceiptItem *receipt_it uint32_t error_status ; - if(! verifySignedDataItem(receipt_item,"GRouter incoming receipt item",error_status)) + if(! verifySignedDataItem(receipt_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CHECK,error_status)) if( (it->second.routing_flags & GRouterRoutingInfo::ROUTING_FLAGS_IS_ORIGIN) || (error_status != RsGixs::RS_GIXS_ERROR_KEY_NOT_AVAILABLE)) { std::cerr << " checking receipt signature : FAILED. Receipt is dropped. Error status=" << error_status << std::endl; @@ -1711,7 +1711,7 @@ void p3GRouter::handleIncomingDataItem(RsGRouterGenericDataItem *data_item) #endif uint32_t error_status ; - if(!verifySignedDataItem(data_item,"Incoming distant message",error_status)) // we should get proper flags out of this + if(!verifySignedDataItem(data_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CHECK,error_status)) // we should get proper flags out of this { std::cerr << " verifying item signature: FAILED! Droping that item" ; std::cerr << " You probably received a message from a person you don't have key." << std::endl; @@ -1980,7 +1980,7 @@ bool p3GRouter::signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& signi return false ; } } -bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::string& info,uint32_t& error_status) +bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const RsIdentityUsage::UsageCode& info,uint32_t& error_status) { try { @@ -1999,7 +1999,9 @@ bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::s if(!item->serialise_signed_data(data,data_size)) throw std::runtime_error("Cannot serialise signed data.") ; - if(!mGixs->validateData(data,data_size,item->signature,true,info, error_status)) + RsIdentityUsage use(RS_SERVICE_TYPE_GROUTER,info) ; + + if(!mGixs->validateData(data,data_size,item->signature,true,use, error_status)) { switch(error_status) { @@ -2010,7 +2012,7 @@ bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::s std::cerr << "(EE) Key for GXS Id " << item->signature.keyId << " is not available. Cannot verify. Asking key to peer " << item->PeerId() << std::endl; - mGixs->requestKey(item->signature.keyId,peer_ids,info) ; // request the key around + mGixs->requestKey(item->signature.keyId,peer_ids,use) ; // request the key around } break ; case RsGixs::RS_GIXS_ERROR_SIGNATURE_MISMATCH: std::cerr << "(EE) Signature mismatch. Spoofing/Corrupted/MITM?." << std::endl; @@ -2116,7 +2118,7 @@ bool p3GRouter::sendData(const RsGxsId& destination,const GRouterServiceId& clie // Verify the signature. If that fails, there's a bug somewhere!! uint32_t error_status; - if(!verifySignedDataItem(data_item,"GRouter own signature check for outgoing msg",error_status)) + if(!verifySignedDataItem(data_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CREATION,error_status)) { std::cerr << "Cannot verify data item that was just signed. Some error occured!" << std::endl; delete data_item; diff --git a/libretroshare/src/grouter/p3grouter.h b/libretroshare/src/grouter/p3grouter.h index 19d704add..4ed537496 100644 --- a/libretroshare/src/grouter/p3grouter.h +++ b/libretroshare/src/grouter/p3grouter.h @@ -32,6 +32,7 @@ #include "retroshare/rsgrouter.h" #include "retroshare/rstypes.h" #include "retroshare/rstypes.h" +#include "retroshare/rsidentity.h" #include "turtle/turtleclientservice.h" #include "services/p3service.h" @@ -254,7 +255,7 @@ private: // signs an item with the given key. bool signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& id) ; - bool verifySignedDataItem(RsGRouterAbstractMsgItem *item, const std::string &info, uint32_t &error_status) ; + bool verifySignedDataItem(RsGRouterAbstractMsgItem *item, const RsIdentityUsage::UsageCode &info, uint32_t &error_status) ; bool encryptDataItem(RsGRouterGenericDataItem *item,const RsGxsId& destination_key) ; bool decryptDataItem(RsGRouterGenericDataItem *item) ; diff --git a/libretroshare/src/gxs/rsgenexchange.cc b/libretroshare/src/gxs/rsgenexchange.cc index e86a21253..968d2d664 100644 --- a/libretroshare/src/gxs/rsgenexchange.cc +++ b/libretroshare/src/gxs/rsgenexchange.cc @@ -904,7 +904,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin { std::list peers; peers.push_back(msg->PeerId()); - mGixs->requestKey(metaData.mAuthorId, peers,"Validation of author signature, service: " + rsServiceControl->getServiceName(serviceFullType()) + ". Grp="+metaData.mGroupId.toStdString()+", msg="+metaData.mMsgId.toStdString()); + mGixs->requestKey(metaData.mAuthorId, peers, RsIdentityUsage(serviceType(),RsIdentityUsage::MESSAGE_AUTHOR_SIGNATURE_VALIDATION,metaData.mGroupId,metaData.mMsgId)); #ifdef GEN_EXCH_DEBUG std::cerr << ", Key missing. Retry later." << std::endl; @@ -999,7 +999,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp) #endif std::list peers; peers.push_back(grp->PeerId()); - mGixs->requestKey(metaData.mAuthorId, peers,"Group author signature validation. GrpId=" + metaData.mGroupId.toStdString()); + mGixs->requestKey(metaData.mAuthorId, peers,RsIdentityUsage(mServType,RsIdentityUsage::GROUP_AUTHOR_SIGNATURE_VALIDATION,metaData.mGroupId)); return VALIDATE_FAIL_TRY_LATER; } } diff --git a/libretroshare/src/gxs/rsgixs.h b/libretroshare/src/gxs/rsgixs.h index 6ce361f60..45e485de2 100644 --- a/libretroshare/src/gxs/rsgixs.h +++ b/libretroshare/src/gxs/rsgixs.h @@ -117,7 +117,7 @@ public: */ virtual bool signData(const uint8_t *data,uint32_t data_size,const RsGxsId& signer_id,RsTlvKeySignature& signature,uint32_t& signing_error) = 0 ; - virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error) = 0 ; + virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const RsIdentityUsage& info,uint32_t& signing_error) = 0 ; virtual bool encryptData(const uint8_t *clear_data,uint32_t clear_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& encryption_error) = 0 ; virtual bool decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& clear_data,uint32_t& clear_data_size,const RsGxsId& encryption_key_id,uint32_t& encryption_error) = 0 ; diff --git a/libretroshare/src/gxs/rsgxsutil.cc b/libretroshare/src/gxs/rsgxsutil.cc index 3f9396779..f0736917c 100644 --- a/libretroshare/src/gxs/rsgxsutil.cc +++ b/libretroshare/src/gxs/rsgxsutil.cc @@ -270,7 +270,7 @@ bool RsGxsIntegrityCheck::check() GXSUTIL_DEBUG() << "TimeStamping message authors' key ID " << msg->metaData->mAuthorId << " in message " << msg->msgId << ", group ID " << msg->grpId<< std::endl; #endif if(rsIdentity!=NULL && rsIdentity->overallReputationLevel(msg->metaData->mAuthorId) > RsReputations::REPUTATION_LOCALLY_NEGATIVE) - used_gxs_ids.insert(std::make_pair(msg->metaData->mAuthorId,std::make_pair(msg->metaData->mGroupId,msg->metaData->mMsgId))) ; + used_gxs_ids.insert(std::make_pair(msg->metaData->mAuthorId,RsIdentityUsage(mGenExchangeClient->serviceType(),RsIdentityUsage::MESSAGE_AUTHOR_KEEP_ALIVE,msg->metaData->mGroupId,msg->metaData->mMsgId))) ; } delete msg; diff --git a/libretroshare/src/gxstunnel/p3gxstunnel.cc b/libretroshare/src/gxstunnel/p3gxstunnel.cc index c64cf6572..a05ba34d0 100644 --- a/libretroshare/src/gxstunnel/p3gxstunnel.cc +++ b/libretroshare/src/gxstunnel/p3gxstunnel.cc @@ -937,7 +937,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item) std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl; return ; } - mGixs->timeStampKey(item->signature.keyId,"Used to validate GXS tunnel DH half-key.") ; + mGixs->timeStampKey(item->signature.keyId,RsIdentityUsage(RS_SERVICE_TYPE_GXS_TUNNEL,RsIdentityUsage::GXS_TUNNEL_DH_SIGNATURE_CHECK)); #ifdef DEBUG_GXS_TUNNEL std::cerr << " Signature checks! Sender's ID = " << senders_id << std::endl; diff --git a/libretroshare/src/retroshare/rsidentity.h b/libretroshare/src/retroshare/rsidentity.h index 9fce700e8..e0fdac678 100644 --- a/libretroshare/src/retroshare/rsidentity.h +++ b/libretroshare/src/retroshare/rsidentity.h @@ -162,39 +162,6 @@ class RsRecognTagDetails bool is_pending; }; -class RsIdentityDetails -{ -public: - RsIdentityDetails() - : mFlags(0), mLastUsageTS(0) { return; } - - RsGxsId mId; - - // identity details. - std::string mNickname; - - uint32_t mFlags ; - - // PGP Stuff. - RsPgpId mPgpId; - - // Recogn details. - std::list mRecognTags; - - // Cyril: Reputation details. At some point we might want to merge information - // between the two into a single global score. Since the old reputation system - // is not finished yet, I leave this in place. We should decide what to do with it. - RsReputations::ReputationInfo mReputation; - - // avatar - RsGxsImage mAvatar ; - - // last usage - time_t mLastUsageTS ; - std::map mUseCases ; -}; - - class RsIdOpinion { public: @@ -224,10 +191,14 @@ public: MESSAGE_AUTHOR_SIGNATURE_VALIDATION = 0x06, GROUP_AUTHOR_KEEP_ALIVE = 0x07, // Identities are stamped regularly by crawlign the set of messages for all groups. That helps keepign the useful identities in hand. MESSAGE_AUTHOR_KEEP_ALIVE = 0x08, // Identities are stamped regularly by crawlign the set of messages for all groups. That helps keepign the useful identities in hand. - CHAT_LOBBY_MSG_VALIDATION = 0x09 // Chat lobby msgs are signed, so each time one comes, or a chat lobby event comes, a signature verificaiton happens. + CHAT_LOBBY_MSG_VALIDATION = 0x09, // Chat lobby msgs are signed, so each time one comes, or a chat lobby event comes, a signature verificaiton happens. + GLOBAL_ROUTER_SIGNATURE_CHECK = 0x0a, // Global router message validation + GLOBAL_ROUTER_SIGNATURE_CREATION = 0x0b, // Global router message signature + GXS_TUNNEL_DH_SIGNATURE_CHECK = 0x0c, // + GXS_TUNNEL_DH_SIGNATURE_CREATION = 0x0d // } ; - RsIdentityUsage(uint16_t service,const RsIdentityUsage::UsageCode& code,const RsGxsGroupId& gid,const RsGxsMessageId& mid=RsGxsMessageId(),uint64_t additional_id=0,const std::string& comment = std::string()) + RsIdentityUsage(uint16_t service,const RsIdentityUsage::UsageCode& code,const RsGxsGroupId& gid=RsGxsGroupId(),const RsGxsMessageId& mid=RsGxsMessageId(),uint64_t additional_id=0,const std::string& comment = std::string()) : mServiceId(service), mUsageCode(code), mGrpId(gid), mMsgId(mid),mAdditionalId(additional_id),mComment(comment) {} uint16_t mServiceId; // Id of the service using that identity @@ -239,6 +210,39 @@ public: std::string mComment ; // additional comment to be used mainly for debugging, but not GUI display }; +class RsIdentityDetails +{ +public: + RsIdentityDetails() + : mFlags(0), mLastUsageTS(0) { return; } + + RsGxsId mId; + + // identity details. + std::string mNickname; + + uint32_t mFlags ; + + // PGP Stuff. + RsPgpId mPgpId; + + // Recogn details. + std::list mRecognTags; + + // Cyril: Reputation details. At some point we might want to merge information + // between the two into a single global score. Since the old reputation system + // is not finished yet, I leave this in place. We should decide what to do with it. + RsReputations::ReputationInfo mReputation; + + // avatar + RsGxsImage mAvatar ; + + // last usage + time_t mLastUsageTS ; + std::map mUseCases ; +}; + + class RsIdentity: public RsGxsIfaceHelper diff --git a/libretroshare/src/services/p3idservice.cc b/libretroshare/src/services/p3idservice.cc index 9adc18847..cbf310a55 100644 --- a/libretroshare/src/services/p3idservice.cc +++ b/libretroshare/src/services/p3idservice.cc @@ -287,10 +287,10 @@ void p3IdService::timeStampKey(const RsGxsId& gxs_id, const RsIdentityUsage& rea { // This is very costly, but normally the outerloop should never be rolled more than once. - std::map::iterator best_it ; + std::map::iterator best_it ; time_t best_time = now+1; - for(std::map::iterator it(info.usage_map.begin());it!=info.usage_map.end();++it) + for(std::map::iterator it(info.usage_map.begin());it!=info.usage_map.end();++it) if(it->second < best_time) { best_time = it->second ; @@ -788,7 +788,7 @@ static void mergeIds(std::map >& idmap,const RsGxsId old_peers.push_back(*it) ; } -bool p3IdService::requestKey(const RsGxsId &id, const std::list& peers,const RsIdentityUsage& info) +bool p3IdService::requestKey(const RsGxsId &id, const std::list& peers,const RsIdentityUsage& use_info) { if(id.isNull()) { @@ -834,7 +834,7 @@ bool p3IdService::requestKey(const RsGxsId &id, const std::list& peers } { RS_STACK_MUTEX(mIdMtx); /********** STACK LOCKED MTX ******/ - mKeysTS[id].usage_map["Requested to friends: "+info] = time(NULL) ; + mKeysTS[id].usage_map[use_info] = time(NULL) ; } return cache_request_load(id, peers); @@ -935,7 +935,7 @@ bool p3IdService::signData(const uint8_t *data,uint32_t data_size,const RsGxsId& timeStampKey(own_gxs_id,"Own GXS id") ; return true ; } -bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error) +bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const RsIdentityUsage& info,uint32_t& signing_error) { // RsIdentityDetails details ; // getIdDetails(signature.keyId,details); @@ -969,7 +969,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl } signing_error = RS_GIXS_ERROR_NO_ERROR ; - timeStampKey(signature.keyId,"Used in signature checking: "+info_string ) ; + timeStampKey(signature.keyId,info); return true ; } bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status) diff --git a/libretroshare/src/services/p3idservice.h b/libretroshare/src/services/p3idservice.h index 8154bf372..00faa0e15 100644 --- a/libretroshare/src/services/p3idservice.h +++ b/libretroshare/src/services/p3idservice.h @@ -286,7 +286,7 @@ public: virtual bool isOwnId(const RsGxsId& key_id) ; virtual bool signData(const uint8_t *data,uint32_t data_size,const RsGxsId& signer_id,RsTlvKeySignature& signature,uint32_t& signing_error) ; - virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error) ; + virtual bool validateData(const uint8_t *data, uint32_t data_size, const RsTlvKeySignature& signature, bool force_load, const RsIdentityUsage &info, uint32_t& signing_error) ; virtual bool encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& encryption_error) ; virtual bool decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& decrypted_data,uint32_t& decrypted_data_size,const RsGxsId& encryption_key_id,uint32_t& encryption_error) ; @@ -297,7 +297,7 @@ public: virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey &key); virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key); - virtual bool requestKey(const RsGxsId &id, const std::list &peers, const RsIdentityUsage &info); + virtual bool requestKey(const RsGxsId &id, const std::list &peers, const RsIdentityUsage &use_info); virtual bool requestPrivateKey(const RsGxsId &id);