#ifndef RSGIXS_H #define RSGIXS_H /* * libretroshare/src/gxs: gxs.h * * General Identity Exchange Service interface for RetroShare. * * Copyright 2011-2011 by Robert Fernie, Christopher Evi-Prker * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public * License Version 2 as published by the Free Software Foundation. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Library General Public License for more details. * * You should have received a copy of the GNU Library General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA. * * Please report all bugs and problems to "retroshare@lunamutt.com". * */ #include "gxs/rsgxs.h" #include #include /*! * GIXP: General Identity Exchange Service. * * As we're always running into troubles with GPG signatures... we are going to * create a layer of RSA Keys for the following properties: * * 1) RSA Keys can be Anonymous, Self-Signed with Pseudonym, Signed by GPG Key. * To clarify: * a. This forms a layer of keys stay between GPG and pub/priv publish key ? * b. Difference between anonymous and pseudonym keys? * - Anonymous cannot be signed? * - * c. To some extent this determines security model of RsGeneralExchangeService * - Anonymous & Pseudonym Keys will be shared network-wide (Hop by Hop). - GPG signed Keys will only be shared if we can validate the signature (providing similar behaviour to existing GPG Keys). - GPG signed Keys can optionally be marked for Network-wide sharing. * 2) These keys can be used anywhere, specifically in the protocols described below. * 3) These keys can be used to sign, encrypt, verify & decrypt * 4) Keys will never need to be directly accessed - stored in this class. * a. I guess can work solely through Id * b. Use Case: Receivve a message, has a key id, request * 5) They will be cached locally and exchanged p2p, by pull request. * 6) This class will use the generalised packet storage for efficient caching & loading. * 7) Data will be stored encrypted. */ /*! * Storage class for private and public publish keys * */ class GixsKey { KeyRef mKeyId; /// public key EVP_PKEY *mPubKey; /// NULL if non-existant */ EVP_PKEY *mPrivKey; }; /*! * * */ class KeyRef { std::string refId; }; class KeyRefSet { std::set mKeyRefSet; }; class SignatureSet { std::set mSignatureSet; }; /*! * * */ class RsGxsSignature { KeyRef mKeyRef; }; /*! * This is the actual identity \n * In a sense the group description with the GixsKey the "message" */ class RsGixsProfile { public: KeyRef mKeyRef; std::string name; /// may be superseded by newer timestamps time_t mTimeStamp; uint32_t mProfileType; // TODO: add permissions members RsGxsSignature mSignature; }; /*! * Retroshare general identity exchange service * * Purpose: \n * Provides a means to distribute identities among peers \n * Also provides encyption, decryption, verification, \n * and signing functionality using any created or received identities \n * * This may best be implemented as a singleton like current AuthGPG? \n * */ class RsIdentityExchangeService : RsGxsService { public: enum IdentityType { Pseudonym, Signed, Anonymous }; RsGixs(); /*! * creates gixs profile and shares it * @param profile * @param type the type of profile to create, self signed, anonymous, and GPG signed */ virtual bool createKey(RsGixsProfile& profile, uint32_t type) = 0; /* fills in mKeyId, and signature */ /*! * Use to query a whether given key is available by its key reference * @param keyref the keyref of key that is being checked for * @return true if available, false otherwise */ virtual bool haveKey(const KeyRef& keyref) = 0; /*! * Use to query whether private key member of the given key reference is available * @param keyref the KeyRef of the key being checked for * @return true if private key is held here, false otherwise */ virtual bool havePrivateKey(const KeyRef& keyref) = 0; /*! * Use to request a given key reference * @param keyref the KeyRef of the key being requested * @return will */ virtual bool requestKey(const KeyRef& keyref) = 0; /*! * Retrieves a key identity * @param keyref * @return a pointer to a valid profile if successful, otherwise NULL * */ virtual RsGixsProfile* getProfile(const KeyRef& keyref) = 0; /*** process data ***/ /*! * Use to sign data with a given key * @param keyref the key to sign the data with * @param data the data to be signed * @param dataLen the length of the data * @param signature is set with the signature from signing with keyref * @return false if signing failed, true otherwise */ virtual bool sign(const KeyRef& keyref, unsigned char* data, uint32_t dataLen, std::string& signature) = 0; /*! * Verify that the data is signed by the key owner * @param keyref * @param data * @param dataLen * @param signature * @return false if verification failed, false otherwise */ virtual bool verify(const KeyRef& keyref, unsigned char* data, int dataLen, std::string& signature) = 0; /*! * Attempt to decrypt data with a given key * @param keyref * @param data data to be decrypted * @param dataLen length of data * @param decryptedData decrypted data * @param decryptDataLen length of decrypted data * @return false */ virtual bool decrypt(const KeyRef& keyref, unsigned char* data, int dataLen, unsigned char*& decryptedData, uint32_t& decyptDataLen) = 0; /*! * Attempt to encrypt data with a given key * @param keyref * @param data data to be encrypted * @param dataLen length of data * @param encryptedData encrypted data * @param encryptDataLen length of encrypted data */ virtual bool encrypt(const KeyRef& keyref, unsigned char* data, int dataLen, unsigned char*& encryptedData, uint32_t& encryptDataLen) = 0; }; #endif // RSGIXS_H