mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-01 02:46:20 -05:00
added recording system for usage cases of GXS ids
This commit is contained in:
parent
94d099f43b
commit
ef0850e65b
@ -470,7 +470,7 @@ int RsGenExchange::createGroupSignatures(RsTlvKeySignatureSet& signSet, RsTlvBin
|
|||||||
if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, authorKey, sign))
|
if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, authorKey, sign))
|
||||||
{
|
{
|
||||||
id_ret = SIGN_SUCCESS;
|
id_ret = SIGN_SUCCESS;
|
||||||
mGixs->timeStampKey(grpMeta.mAuthorId) ;
|
mGixs->timeStampKey(grpMeta.mAuthorId,"Creation of group author signature for GrpId" + grpMeta.mGroupId.toStdString()) ;
|
||||||
signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
|
signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -638,7 +638,7 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar
|
|||||||
if(GxsSecurity::getSignature((char*)msgData.bin_data, msgData.bin_len, authorKey, sign))
|
if(GxsSecurity::getSignature((char*)msgData.bin_data, msgData.bin_len, authorKey, sign))
|
||||||
{
|
{
|
||||||
id_ret = SIGN_SUCCESS;
|
id_ret = SIGN_SUCCESS;
|
||||||
mGixs->timeStampKey(msgMeta.mAuthorId) ;
|
mGixs->timeStampKey(msgMeta.mAuthorId,"Creating author signature in group " + msgMeta.mGroupId.toStdString() + ", msg " + msgMeta.mMsgId.toStdString()) ;
|
||||||
signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
|
signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -855,7 +855,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
|
|||||||
{
|
{
|
||||||
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_IDENTITY];
|
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_IDENTITY];
|
||||||
idValidate &= GxsSecurity::validateNxsMsg(*msg, sign, authorKey);
|
idValidate &= GxsSecurity::validateNxsMsg(*msg, sign, authorKey);
|
||||||
mGixs->timeStampKey(metaData.mAuthorId) ;
|
mGixs->timeStampKey(metaData.mAuthorId,"Validation of author signature. Grp="+metaData.mGroupId.toStdString()+", msg="+metaData.mMsgId.toStdString()) ;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -986,7 +986,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp)
|
|||||||
#ifdef GEN_EXCH_DEBUG
|
#ifdef GEN_EXCH_DEBUG
|
||||||
std::cerr << " key ID validation result: " << idValidate << std::endl;
|
std::cerr << " key ID validation result: " << idValidate << std::endl;
|
||||||
#endif
|
#endif
|
||||||
mGixs->timeStampKey(metaData.mAuthorId) ;
|
mGixs->timeStampKey(metaData.mAuthorId,"Group author signature validation. GrpId=" + metaData.mGroupId.toStdString()) ;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -3145,7 +3145,7 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp)
|
|||||||
// also check this is the latest published group
|
// also check this is the latest published group
|
||||||
bool latest = newGrp.metaData->mPublishTs > oldGrpMeta.mPublishTs;
|
bool latest = newGrp.metaData->mPublishTs > oldGrpMeta.mPublishTs;
|
||||||
|
|
||||||
mGixs->timeStampKey(newGrp.metaData->mAuthorId) ;
|
mGixs->timeStampKey(newGrp.metaData->mAuthorId,"Validation of signature for updated grp " + oldGrpMeta.mGroupId.toStdString()) ;
|
||||||
return GxsSecurity::validateNxsGrp(newGrp, adminSign, keyMit->second) && latest;
|
return GxsSecurity::validateNxsGrp(newGrp, adminSign, keyMit->second) && latest;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -125,7 +125,7 @@ public:
|
|||||||
virtual bool getOwnIds(std::list<RsGxsId>& ids) = 0;
|
virtual bool getOwnIds(std::list<RsGxsId>& ids) = 0;
|
||||||
virtual bool isOwnId(const RsGxsId& key_id) = 0 ;
|
virtual bool isOwnId(const RsGxsId& key_id) = 0 ;
|
||||||
|
|
||||||
virtual void timeStampKey(const RsGxsId& key_id) = 0 ;
|
virtual void timeStampKey(const RsGxsId& key_id,const std::string& reason) = 0 ;
|
||||||
|
|
||||||
// Key related interface - used for validating msgs and groups.
|
// Key related interface - used for validating msgs and groups.
|
||||||
/*!
|
/*!
|
||||||
|
@ -339,7 +339,7 @@ bool RsGxsIntegrityCheck::check()
|
|||||||
// Note: we could time_stamp even in the case where the id is not cached. Anyway, it's not really a problem here, since IDs have a high chance of
|
// Note: we could time_stamp even in the case where the id is not cached. Anyway, it's not really a problem here, since IDs have a high chance of
|
||||||
// behing eventually stamped.
|
// behing eventually stamped.
|
||||||
|
|
||||||
mGixs->timeStampKey(gxs_ids[n]) ;
|
mGixs->timeStampKey(gxs_ids[n],"Used in service (Integrity check)") ;
|
||||||
}
|
}
|
||||||
|
|
||||||
gxs_ids[n] = gxs_ids[gxs_ids.size()-1] ;
|
gxs_ids[n] = gxs_ids[gxs_ids.size()-1] ;
|
||||||
|
@ -937,7 +937,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
|
|||||||
std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
|
std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
|
||||||
return ;
|
return ;
|
||||||
}
|
}
|
||||||
mGixs->timeStampKey(item->signature.keyId) ;
|
mGixs->timeStampKey(item->signature.keyId,"Used to validate GXS tunnel DH half-key.") ;
|
||||||
|
|
||||||
#ifdef DEBUG_GXS_TUNNEL
|
#ifdef DEBUG_GXS_TUNNEL
|
||||||
std::cerr << " Signature checks! Sender's ID = " << senders_id << std::endl;
|
std::cerr << " Signature checks! Sender's ID = " << senders_id << std::endl;
|
||||||
|
@ -130,6 +130,7 @@ RsIdentity *rsIdentity = NULL;
|
|||||||
|
|
||||||
#define CACHETEST_PERIOD 60
|
#define CACHETEST_PERIOD 60
|
||||||
#define DELAY_BETWEEN_CONFIG_UPDATES 300
|
#define DELAY_BETWEEN_CONFIG_UPDATES 300
|
||||||
|
#define GXS_MAX_KEY_TS_USAGE_MAP_SIZE 5
|
||||||
|
|
||||||
#define OWNID_RELOAD_DELAY 10
|
#define OWNID_RELOAD_DELAY 10
|
||||||
|
|
||||||
@ -255,23 +256,33 @@ void p3IdService::slowIndicateConfigChanged()
|
|||||||
}
|
}
|
||||||
time_t p3IdService::locked_getLastUsageTS(const RsGxsId& gxs_id)
|
time_t p3IdService::locked_getLastUsageTS(const RsGxsId& gxs_id)
|
||||||
{
|
{
|
||||||
std::map<RsGxsId,time_t>::const_iterator it = mKeysTS.find(gxs_id) ;
|
std::map<RsGxsId,keyTSInfo>::const_iterator it = mKeysTS.find(gxs_id) ;
|
||||||
|
|
||||||
if(it == mKeysTS.end())
|
if(it == mKeysTS.end())
|
||||||
return 0 ;
|
return 0 ;
|
||||||
else
|
else
|
||||||
return it->second ;
|
return it->second.TS ;
|
||||||
}
|
}
|
||||||
void p3IdService::timeStampKey(const RsGxsId& gxs_id)
|
void p3IdService::timeStampKey(const RsGxsId& gxs_id, const std::string& reason)
|
||||||
{
|
{
|
||||||
if(rsReputations->isIdentityBanned(gxs_id) )
|
if(rsReputations->isIdentityBanned(gxs_id) )
|
||||||
{
|
{
|
||||||
std::cerr << "(II) p3IdService:timeStampKey(): refusing to time stamp key " << gxs_id << " because it is banned." << std::endl;
|
std::cerr << "(II) p3IdService:timeStampKey(): refusing to time stamp key " << gxs_id << " because it is banned." << std::endl;
|
||||||
return ;
|
return ;
|
||||||
}
|
}
|
||||||
|
std::cerr << "(II) time stamping key " << gxs_id << " for the following reason: " << reason << std::endl;
|
||||||
|
|
||||||
RS_STACK_MUTEX(mIdMtx) ;
|
RS_STACK_MUTEX(mIdMtx) ;
|
||||||
mKeysTS[gxs_id] = time(NULL) ;
|
|
||||||
|
time_t now = time(NULL) ;
|
||||||
|
|
||||||
|
keyTSInfo& info(mKeysTS[gxs_id]) ;
|
||||||
|
|
||||||
|
info.TS = now ;
|
||||||
|
info.usage_map[now] = reason ;
|
||||||
|
|
||||||
|
while(info.usage_map.size() > GXS_MAX_KEY_TS_USAGE_MAP_SIZE)
|
||||||
|
info.usage_map.erase(info.usage_map.begin());
|
||||||
|
|
||||||
slowIndicateConfigChanged() ;
|
slowIndicateConfigChanged() ;
|
||||||
}
|
}
|
||||||
@ -286,7 +297,7 @@ bool p3IdService::loadList(std::list<RsItem*>& items)
|
|||||||
if( (lii = dynamic_cast<RsGxsIdLocalInfoItem*>(*it)) != NULL)
|
if( (lii = dynamic_cast<RsGxsIdLocalInfoItem*>(*it)) != NULL)
|
||||||
{
|
{
|
||||||
for(std::map<RsGxsId,time_t>::const_iterator it2 = lii->mTimeStamps.begin();it2!=lii->mTimeStamps.end();++it2)
|
for(std::map<RsGxsId,time_t>::const_iterator it2 = lii->mTimeStamps.begin();it2!=lii->mTimeStamps.end();++it2)
|
||||||
mKeysTS.insert(*it2) ;
|
mKeysTS[it2->first].TS = it2->second;
|
||||||
|
|
||||||
mContacts = lii->mContacts ;
|
mContacts = lii->mContacts ;
|
||||||
}
|
}
|
||||||
@ -307,7 +318,10 @@ bool p3IdService::saveList(bool& cleanup,std::list<RsItem*>& items)
|
|||||||
RS_STACK_MUTEX(mIdMtx) ;
|
RS_STACK_MUTEX(mIdMtx) ;
|
||||||
cleanup = true ;
|
cleanup = true ;
|
||||||
RsGxsIdLocalInfoItem *item = new RsGxsIdLocalInfoItem ;
|
RsGxsIdLocalInfoItem *item = new RsGxsIdLocalInfoItem ;
|
||||||
item->mTimeStamps = mKeysTS ;
|
|
||||||
|
for(std::map<RsGxsId,keyTSInfo>::const_iterator it(mKeysTS.begin());it!=mKeysTS.end();++it)
|
||||||
|
item->mTimeStamps[it->first] = it->second.TS;
|
||||||
|
|
||||||
item->mContacts = mContacts ;
|
item->mContacts = mContacts ;
|
||||||
|
|
||||||
items.push_back(item) ;
|
items.push_back(item) ;
|
||||||
@ -317,7 +331,7 @@ bool p3IdService::saveList(bool& cleanup,std::list<RsItem*>& items)
|
|||||||
class IdCacheEntryCleaner
|
class IdCacheEntryCleaner
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
IdCacheEntryCleaner(const std::map<RsGxsId,time_t>& last_usage_TSs) : mLastUsageTS(last_usage_TSs) {}
|
IdCacheEntryCleaner(const std::map<RsGxsId,p3IdService::keyTSInfo>& last_usage_TSs) : mLastUsageTS(last_usage_TSs) {}
|
||||||
|
|
||||||
bool processEntry(RsGxsIdCache& entry)
|
bool processEntry(RsGxsIdCache& entry)
|
||||||
{
|
{
|
||||||
@ -338,11 +352,11 @@ public:
|
|||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::map<RsGxsId,time_t>::const_iterator it = mLastUsageTS.find(gxs_id) ;
|
std::map<RsGxsId,p3IdService::keyTSInfo>::const_iterator it = mLastUsageTS.find(gxs_id) ;
|
||||||
|
|
||||||
bool no_ts = (it == mLastUsageTS.end()) ;
|
bool no_ts = (it == mLastUsageTS.end()) ;
|
||||||
|
|
||||||
time_t last_usage_ts = no_ts?0:(it->second);
|
time_t last_usage_ts = no_ts?0:(it->second.TS);
|
||||||
time_t max_keep_time ;
|
time_t max_keep_time ;
|
||||||
|
|
||||||
if(no_ts)
|
if(no_ts)
|
||||||
@ -370,7 +384,7 @@ public:
|
|||||||
}
|
}
|
||||||
|
|
||||||
std::list<RsGxsId> ids_to_delete ;
|
std::list<RsGxsId> ids_to_delete ;
|
||||||
const std::map<RsGxsId,time_t>& mLastUsageTS;
|
const std::map<RsGxsId,p3IdService::keyTSInfo>& mLastUsageTS;
|
||||||
};
|
};
|
||||||
|
|
||||||
void p3IdService::cleanUnusedKeys()
|
void p3IdService::cleanUnusedKeys()
|
||||||
@ -495,7 +509,7 @@ void p3IdService::notifyChanges(std::vector<RsGxsNotify *> &changes)
|
|||||||
|
|
||||||
// also time_stamp the key that this group represents
|
// also time_stamp the key that this group represents
|
||||||
|
|
||||||
timeStampKey(RsGxsId(*git)) ;
|
timeStampKey(RsGxsId(*git),"Group info changed") ;
|
||||||
|
|
||||||
++git;
|
++git;
|
||||||
}
|
}
|
||||||
@ -892,7 +906,7 @@ bool p3IdService::signData(const uint8_t *data,uint32_t data_size,const RsGxsId&
|
|||||||
return false ;
|
return false ;
|
||||||
}
|
}
|
||||||
error_status = RS_GIXS_ERROR_NO_ERROR ;
|
error_status = RS_GIXS_ERROR_NO_ERROR ;
|
||||||
timeStampKey(own_gxs_id) ;
|
timeStampKey(own_gxs_id,"own GXS id") ;
|
||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,uint32_t& signing_error)
|
bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,uint32_t& signing_error)
|
||||||
@ -929,7 +943,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl
|
|||||||
}
|
}
|
||||||
signing_error = RS_GIXS_ERROR_NO_ERROR ;
|
signing_error = RS_GIXS_ERROR_NO_ERROR ;
|
||||||
|
|
||||||
timeStampKey(signature.keyId) ;
|
timeStampKey(signature.keyId,"Used in signature checking." ) ;
|
||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status)
|
bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status)
|
||||||
@ -957,7 +971,7 @@ bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_d
|
|||||||
return false ;
|
return false ;
|
||||||
}
|
}
|
||||||
error_status = RS_GIXS_ERROR_NO_ERROR ;
|
error_status = RS_GIXS_ERROR_NO_ERROR ;
|
||||||
timeStampKey(encryption_key_id) ;
|
timeStampKey(encryption_key_id,"Used to encrypt data") ;
|
||||||
|
|
||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
@ -989,7 +1003,7 @@ bool p3IdService::decryptData(const uint8_t *encrypted_data,uint32_t encrypted_d
|
|||||||
return false ;
|
return false ;
|
||||||
}
|
}
|
||||||
error_status = RS_GIXS_ERROR_NO_ERROR ;
|
error_status = RS_GIXS_ERROR_NO_ERROR ;
|
||||||
timeStampKey(key_id) ;
|
timeStampKey(key_id,"Used to decrypt data") ;
|
||||||
|
|
||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
@ -2399,7 +2413,8 @@ bool p3IdService::cache_load_ownids(uint32_t token)
|
|||||||
|
|
||||||
// This prevents automatic deletion to get rid of them.
|
// This prevents automatic deletion to get rid of them.
|
||||||
// In other words, own ids are always used.
|
// In other words, own ids are always used.
|
||||||
mKeysTS[RsGxsId(item->meta.mGroupId)] = time(NULL) ;
|
|
||||||
|
mKeysTS[RsGxsId(item->meta.mGroupId)].TS = time(NULL) ;
|
||||||
}
|
}
|
||||||
delete item ;
|
delete item ;
|
||||||
}
|
}
|
||||||
@ -2691,7 +2706,7 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
|
|||||||
std::cerr << std::endl;
|
std::cerr << std::endl;
|
||||||
return SERVICE_CREATE_FAIL;
|
return SERVICE_CREATE_FAIL;
|
||||||
}
|
}
|
||||||
mKeysTS[RsGxsId(item->meta.mGroupId)] = time(NULL) ;
|
mKeysTS[RsGxsId(item->meta.mGroupId)].TS = time(NULL) ;
|
||||||
|
|
||||||
/********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
|
/********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
|
||||||
|
|
||||||
@ -2851,7 +2866,7 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
|
|||||||
if (std::find(mOwnIds.begin(), mOwnIds.end(), gxsId) == mOwnIds.end())
|
if (std::find(mOwnIds.begin(), mOwnIds.end(), gxsId) == mOwnIds.end())
|
||||||
{
|
{
|
||||||
mOwnIds.push_back(gxsId);
|
mOwnIds.push_back(gxsId);
|
||||||
mKeysTS[gxsId] = time(NULL) ;
|
mKeysTS[gxsId].TS = time(NULL) ;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -467,7 +467,7 @@ private:
|
|||||||
void cleanUnusedKeys() ;
|
void cleanUnusedKeys() ;
|
||||||
void slowIndicateConfigChanged() ;
|
void slowIndicateConfigChanged() ;
|
||||||
|
|
||||||
virtual void timeStampKey(const RsGxsId& id) ;
|
virtual void timeStampKey(const RsGxsId& id,const std::string& reason) ;
|
||||||
time_t locked_getLastUsageTS(const RsGxsId& gxs_id);
|
time_t locked_getLastUsageTS(const RsGxsId& gxs_id);
|
||||||
|
|
||||||
std::string genRandomId(int len = 20);
|
std::string genRandomId(int len = 20);
|
||||||
@ -507,10 +507,19 @@ private:
|
|||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
||||||
|
struct keyTSInfo
|
||||||
|
{
|
||||||
|
keyTSInfo() : TS(0) {}
|
||||||
|
|
||||||
|
time_t TS ;
|
||||||
|
std::map<std::string,time_t> usage_map ;
|
||||||
|
};
|
||||||
|
friend class IdCacheEntryCleaner;
|
||||||
|
|
||||||
std::map<uint32_t, std::set<RsGxsGroupId> > mIdsPendingCache;
|
std::map<uint32_t, std::set<RsGxsGroupId> > mIdsPendingCache;
|
||||||
std::map<uint32_t, std::list<RsGxsGroupId> > mGroupNotPresent;
|
std::map<uint32_t, std::list<RsGxsGroupId> > mGroupNotPresent;
|
||||||
std::map<RsGxsId, std::list<RsPeerId> > mIdsNotPresent;
|
std::map<RsGxsId, std::list<RsPeerId> > mIdsNotPresent;
|
||||||
std::map<RsGxsId,time_t> mKeysTS ;
|
std::map<RsGxsId,keyTSInfo> mKeysTS ;
|
||||||
|
|
||||||
// keep a list of regular contacts. This is useful to sort IDs, and allow some services to priviledged ids only.
|
// keep a list of regular contacts. This is useful to sort IDs, and allow some services to priviledged ids only.
|
||||||
std::set<RsGxsId> mContacts;
|
std::set<RsGxsId> mContacts;
|
||||||
|
Loading…
Reference in New Issue
Block a user