Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Second stage in abstracting GXS identities usage cases (almost done)

Browse Source
This commit is contained in:
csoler 2017-01-02 23:53:39 +01:00
parent 17fc89e3c0
commit a9670a569a
10 changed files with 64 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libretroshare/src/chat/distributedchat.cc
View File

@ -237,8 +237,9 @@ bool DistributedChatService::checkSignature(RsChatLobbyBouncingObject *obj,const
}
uint32_t error_status ;
RsIdentityUsage use_info(RS_SERVICE_TYPE_CHAT,RsIdentityUsage::CHAT_LOBBY_MSG_VALIDATION,RsGxsGroupId(),RsGxsMessageId(),obj->lobby_id) ;
if(!mGixs->validateData(memory,obj->signed_serial_size(),obj->signature,false,"Chat lobby "+RsUtil::NumberToString(obj->lobby_id,true),error_status))
if(!mGixs->validateData(memory,obj->signed_serial_size(),obj->signature,false,use_info,error_status))
{
bool res = false ;

14
libretroshare/src/grouter/p3grouter.cc
View File

@ -1555,7 +1555,7 @@ void p3GRouter::handleIncomingReceiptItem(RsGRouterSignedReceiptItem *receipt_it
uint32_t error_status ;
if(! verifySignedDataItem(receipt_item,"GRouter incoming receipt item",error_status))
if(! verifySignedDataItem(receipt_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CHECK,error_status))
if( (it->second.routing_flags & GRouterRoutingInfo::ROUTING_FLAGS_IS_ORIGIN) || (error_status != RsGixs::RS_GIXS_ERROR_KEY_NOT_AVAILABLE))
{
std::cerr << " checking receipt signature : FAILED. Receipt is dropped. Error status=" << error_status << std::endl;
@ -1711,7 +1711,7 @@ void p3GRouter::handleIncomingDataItem(RsGRouterGenericDataItem *data_item)
#endif
uint32_t error_status ;
if(!verifySignedDataItem(data_item,"Incoming distant message",error_status)) // we should get proper flags out of this
if(!verifySignedDataItem(data_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CHECK,error_status)) // we should get proper flags out of this
{
std::cerr << " verifying item signature: FAILED! Droping that item" ;
std::cerr << " You probably received a message from a person you don't have key." << std::endl;
@ -1980,7 +1980,7 @@ bool p3GRouter::signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& signi
return false ;
}
}
bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::string& info,uint32_t& error_status)
bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const RsIdentityUsage::UsageCode& info,uint32_t& error_status)
{
try
{
@ -1999,7 +1999,9 @@ bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::s
if(!item->serialise_signed_data(data,data_size))
throw std::runtime_error("Cannot serialise signed data.") ;
if(!mGixs->validateData(data,data_size,item->signature,true,info, error_status))
RsIdentityUsage use(RS_SERVICE_TYPE_GROUTER,info) ;
if(!mGixs->validateData(data,data_size,item->signature,true,use, error_status))
{
switch(error_status)
{
@ -2010,7 +2012,7 @@ bool p3GRouter::verifySignedDataItem(RsGRouterAbstractMsgItem *item,const std::s
std::cerr << "(EE) Key for GXS Id " << item->signature.keyId << " is not available. Cannot verify. Asking key to peer " << item->PeerId() << std::endl;
mGixs->requestKey(item->signature.keyId,peer_ids,info) ; // request the key around
mGixs->requestKey(item->signature.keyId,peer_ids,use) ; // request the key around
}
break ;
case RsGixs::RS_GIXS_ERROR_SIGNATURE_MISMATCH: std::cerr << "(EE) Signature mismatch. Spoofing/Corrupted/MITM?." << std::endl;
@ -2116,7 +2118,7 @@ bool p3GRouter::sendData(const RsGxsId& destination,const GRouterServiceId& clie
// Verify the signature. If that fails, there's a bug somewhere!!
uint32_t error_status;
if(!verifySignedDataItem(data_item,"GRouter own signature check for outgoing msg",error_status))
if(!verifySignedDataItem(data_item,RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CREATION,error_status))
{
std::cerr << "Cannot verify data item that was just signed. Some error occured!" << std::endl;
delete data_item;

3
libretroshare/src/grouter/p3grouter.h
View File

@ -32,6 +32,7 @@
#include "retroshare/rsgrouter.h"
#include "retroshare/rstypes.h"
#include "retroshare/rstypes.h"
#include "retroshare/rsidentity.h"
#include "turtle/turtleclientservice.h"
#include "services/p3service.h"
@ -254,7 +255,7 @@ private:
// signs an item with the given key.
bool signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& id) ;
bool verifySignedDataItem(RsGRouterAbstractMsgItem *item, const std::string &info, uint32_t &error_status) ;
bool verifySignedDataItem(RsGRouterAbstractMsgItem *item, const RsIdentityUsage::UsageCode &info, uint32_t &error_status) ;
bool encryptDataItem(RsGRouterGenericDataItem *item,const RsGxsId& destination_key) ;
bool decryptDataItem(RsGRouterGenericDataItem *item) ;

4
libretroshare/src/gxs/rsgenexchange.cc
View File

@ -904,7 +904,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
{
std::list<RsPeerId> peers;
peers.push_back(msg->PeerId());
mGixs->requestKey(metaData.mAuthorId, peers,"Validation of author signature, service: " + rsServiceControl->getServiceName(serviceFullType()) + ". Grp="+metaData.mGroupId.toStdString()+", msg="+metaData.mMsgId.toStdString());
mGixs->requestKey(metaData.mAuthorId, peers, RsIdentityUsage(serviceType(),RsIdentityUsage::MESSAGE_AUTHOR_SIGNATURE_VALIDATION,metaData.mGroupId,metaData.mMsgId));
#ifdef GEN_EXCH_DEBUG
std::cerr << ", Key missing. Retry later." << std::endl;
@ -999,7 +999,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp)
#endif
std::list<RsPeerId> peers;
peers.push_back(grp->PeerId());
mGixs->requestKey(metaData.mAuthorId, peers,"Group author signature validation. GrpId=" + metaData.mGroupId.toStdString());
mGixs->requestKey(metaData.mAuthorId, peers,RsIdentityUsage(mServType,RsIdentityUsage::GROUP_AUTHOR_SIGNATURE_VALIDATION,metaData.mGroupId));
return VALIDATE_FAIL_TRY_LATER;
}
}

2
libretroshare/src/gxs/rsgixs.h
View File

@ -117,7 +117,7 @@ public:
*/
virtual bool signData(const uint8_t *data,uint32_t data_size,const RsGxsId& signer_id,RsTlvKeySignature& signature,uint32_t& signing_error) = 0 ;
virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error) = 0 ;
virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const RsIdentityUsage& info,uint32_t& signing_error) = 0 ;
virtual bool encryptData(const uint8_t *clear_data,uint32_t clear_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& encryption_error) = 0 ;
virtual bool decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& clear_data,uint32_t& clear_data_size,const RsGxsId& encryption_key_id,uint32_t& encryption_error) = 0 ;

2
libretroshare/src/gxs/rsgxsutil.cc
View File

@ -270,7 +270,7 @@ bool RsGxsIntegrityCheck::check()
GXSUTIL_DEBUG() << "TimeStamping message authors' key ID " << msg->metaData->mAuthorId << " in message " << msg->msgId << ", group ID " << msg->grpId<< std::endl;
#endif
if(rsIdentity!=NULL && rsIdentity->overallReputationLevel(msg->metaData->mAuthorId) > RsReputations::REPUTATION_LOCALLY_NEGATIVE)
used_gxs_ids.insert(std::make_pair(msg->metaData->mAuthorId,std::make_pair(msg->metaData->mGroupId,msg->metaData->mMsgId))) ;
used_gxs_ids.insert(std::make_pair(msg->metaData->mAuthorId,RsIdentityUsage(mGenExchangeClient->serviceType(),RsIdentityUsage::MESSAGE_AUTHOR_KEEP_ALIVE,msg->metaData->mGroupId,msg->metaData->mMsgId))) ;
}
delete msg;

2
libretroshare/src/gxstunnel/p3gxstunnel.cc
View File

@ -937,7 +937,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
return ;
}
mGixs->timeStampKey(item->signature.keyId,"Used to validate GXS tunnel DH half-key.") ;
mGixs->timeStampKey(item->signature.keyId,RsIdentityUsage(RS_SERVICE_TYPE_GXS_TUNNEL,RsIdentityUsage::GXS_TUNNEL_DH_SIGNATURE_CHECK));
#ifdef DEBUG_GXS_TUNNEL
std::cerr << " Signature checks! Sender's ID = " << senders_id << std::endl;

74
libretroshare/src/retroshare/rsidentity.h
View File

@ -162,39 +162,6 @@ class RsRecognTagDetails
bool is_pending;
};
class RsIdentityDetails
{
public:
RsIdentityDetails()
: mFlags(0), mLastUsageTS(0) { return; }
RsGxsId mId;
// identity details.
std::string mNickname;
uint32_t mFlags ;
// PGP Stuff.
RsPgpId mPgpId;
// Recogn details.
std::list<RsRecognTag> mRecognTags;
// Cyril: Reputation details. At some point we might want to merge information
// between the two into a single global score. Since the old reputation system
// is not finished yet, I leave this in place. We should decide what to do with it.
RsReputations::ReputationInfo mReputation;
// avatar
RsGxsImage mAvatar ;
// last usage
time_t mLastUsageTS ;
std::map<std::string,time_t> mUseCases ;
};
class RsIdOpinion
{
public:
@ -224,10 +191,14 @@ public:
MESSAGE_AUTHOR_SIGNATURE_VALIDATION = 0x06,
GROUP_AUTHOR_KEEP_ALIVE = 0x07, // Identities are stamped regularly by crawlign the set of messages for all groups. That helps keepign the useful identities in hand.
MESSAGE_AUTHOR_KEEP_ALIVE = 0x08, // Identities are stamped regularly by crawlign the set of messages for all groups. That helps keepign the useful identities in hand.
CHAT_LOBBY_MSG_VALIDATION = 0x09 // Chat lobby msgs are signed, so each time one comes, or a chat lobby event comes, a signature verificaiton happens.
CHAT_LOBBY_MSG_VALIDATION = 0x09, // Chat lobby msgs are signed, so each time one comes, or a chat lobby event comes, a signature verificaiton happens.
GLOBAL_ROUTER_SIGNATURE_CHECK = 0x0a, // Global router message validation
GLOBAL_ROUTER_SIGNATURE_CREATION = 0x0b, // Global router message signature
GXS_TUNNEL_DH_SIGNATURE_CHECK = 0x0c, //
GXS_TUNNEL_DH_SIGNATURE_CREATION = 0x0d //
} ;
RsIdentityUsage(uint16_t service,const RsIdentityUsage::UsageCode& code,const RsGxsGroupId& gid,const RsGxsMessageId& mid=RsGxsMessageId(),uint64_t additional_id=0,const std::string& comment = std::string())
RsIdentityUsage(uint16_t service,const RsIdentityUsage::UsageCode& code,const RsGxsGroupId& gid=RsGxsGroupId(),const RsGxsMessageId& mid=RsGxsMessageId(),uint64_t additional_id=0,const std::string& comment = std::string())
: mServiceId(service), mUsageCode(code), mGrpId(gid), mMsgId(mid),mAdditionalId(additional_id),mComment(comment) {}
uint16_t mServiceId; // Id of the service using that identity
@ -239,6 +210,39 @@ public:
std::string mComment ; // additional comment to be used mainly for debugging, but not GUI display
};
class RsIdentityDetails
{
public:
RsIdentityDetails()
: mFlags(0), mLastUsageTS(0) { return; }
RsGxsId mId;
// identity details.
std::string mNickname;
uint32_t mFlags ;
// PGP Stuff.
RsPgpId mPgpId;
// Recogn details.
std::list<RsRecognTag> mRecognTags;
// Cyril: Reputation details. At some point we might want to merge information
// between the two into a single global score. Since the old reputation system
// is not finished yet, I leave this in place. We should decide what to do with it.
RsReputations::ReputationInfo mReputation;
// avatar
RsGxsImage mAvatar ;
// last usage
time_t mLastUsageTS ;
std::map<RsIdentityUsage,time_t> mUseCases ;
};
class RsIdentity: public RsGxsIfaceHelper

12
libretroshare/src/services/p3idservice.cc
View File

@ -287,10 +287,10 @@ void p3IdService::timeStampKey(const RsGxsId& gxs_id, const RsIdentityUsage& rea
{
// This is very costly, but normally the outerloop should never be rolled more than once.
std::map<std::string,time_t>::iterator best_it ;
std::map<RsIdentityUsage,time_t>::iterator best_it ;
time_t best_time = now+1;
for(std::map<std::string,time_t>::iterator it(info.usage_map.begin());it!=info.usage_map.end();++it)
for(std::map<RsIdentityUsage,time_t>::iterator it(info.usage_map.begin());it!=info.usage_map.end();++it)
if(it->second < best_time)
{
best_time = it->second ;
@ -788,7 +788,7 @@ static void mergeIds(std::map<RsGxsId,std::list<RsPeerId> >& idmap,const RsGxsId
old_peers.push_back(*it) ;
}
bool p3IdService::requestKey(const RsGxsId &id, const std::list<RsPeerId>& peers,const RsIdentityUsage& info)
bool p3IdService::requestKey(const RsGxsId &id, const std::list<RsPeerId>& peers,const RsIdentityUsage& use_info)
{
if(id.isNull())
{
@ -834,7 +834,7 @@ bool p3IdService::requestKey(const RsGxsId &id, const std::list<RsPeerId>& peers
}
{
RS_STACK_MUTEX(mIdMtx); /********** STACK LOCKED MTX ******/
mKeysTS[id].usage_map["Requested to friends: "+info] = time(NULL) ;
mKeysTS[id].usage_map[use_info] = time(NULL) ;
}
return cache_request_load(id, peers);
@ -935,7 +935,7 @@ bool p3IdService::signData(const uint8_t *data,uint32_t data_size,const RsGxsId&
timeStampKey(own_gxs_id,"Own GXS id") ;
return true ;
}
bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error)
bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const RsIdentityUsage& info,uint32_t& signing_error)
{
// RsIdentityDetails details ;
// getIdDetails(signature.keyId,details);
@ -969,7 +969,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl
}
signing_error = RS_GIXS_ERROR_NO_ERROR ;
timeStampKey(signature.keyId,"Used in signature checking: "+info_string ) ;
timeStampKey(signature.keyId,info);
return true ;
}
bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status)

4
libretroshare/src/services/p3idservice.h
View File

@ -286,7 +286,7 @@ public:
virtual bool isOwnId(const RsGxsId& key_id) ;
virtual bool signData(const uint8_t *data,uint32_t data_size,const RsGxsId& signer_id,RsTlvKeySignature& signature,uint32_t& signing_error) ;
virtual bool validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,const std::string& info_string,uint32_t& signing_error) ;
virtual bool validateData(const uint8_t *data, uint32_t data_size, const RsTlvKeySignature& signature, bool force_load, const RsIdentityUsage &info, uint32_t& signing_error) ;
virtual bool encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& encryption_error) ;
virtual bool decryptData(const uint8_t *encrypted_data,uint32_t encrypted_data_size,uint8_t *& decrypted_data,uint32_t& decrypted_data_size,const RsGxsId& encryption_key_id,uint32_t& encryption_error) ;
@ -297,7 +297,7 @@ public:
virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey &key);
virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key);
virtual bool requestKey(const RsGxsId &id, const std::list<RsPeerId> &peers, const RsIdentityUsage &info);
virtual bool requestKey(const RsGxsId &id, const std::list<RsPeerId> &peers, const RsIdentityUsage &use_info);
virtual bool requestPrivateKey(const RsGxsId &id);