#pragma once /* * GXS Mailing Service * Copyright (C) 2016-2017 Gioacchino Mazzurco * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ #include #include "rsgxsitems.h" #include "serialiser/rsbaseserial.h" #include "serialiser/rstlvidset.h" #include "retroshare/rsgxsflags.h" #include "retroshare/rsgxscircles.h" // For: GXS_CIRCLE_TYPE_PUBLIC #include "services/p3idservice.h" /// Subservices identifiers (like port for TCP) enum class GxsMailSubServices : uint16_t { UNKNOWN = 0, TEST_SERVICE = 1, P3_MSG_SERVICE = 2 }; /// Values must fit into uint8_t enum class GxsMailItemsSubtypes : uint8_t { GXS_MAIL_SUBTYPE_MAIL = 1, GXS_MAIL_SUBTYPE_RECEIPT = 2, GXS_MAIL_SUBTYPE_GROUP = 3, OUTGOING_RECORD_ITEM = 4 }; typedef uint64_t RsGxsMailId; struct RsNxsMailPresignedReceipt : RsNxsMsg { RsNxsMailPresignedReceipt() : RsNxsMsg(RS_SERVICE_TYPE_GXS_MAIL) {} }; struct RsGxsMailBaseItem : RsGxsMsgItem { RsGxsMailBaseItem(GxsMailItemsSubtypes subtype) : RsGxsMsgItem( RS_SERVICE_TYPE_GXS_MAIL, static_cast(subtype) ), mailId(0) {} RsGxsMailId mailId; void inline clear() { mailId = 0; meta = RsMsgMetaData(); } static uint32_t inline size() { return 8 + // Header 8; // mailId } bool serialize(uint8_t* data, uint32_t size, uint32_t& offset) const; bool deserialize(const uint8_t* data, uint32_t& size, uint32_t& offset); std::ostream &print(std::ostream &out, uint16_t /*indent = 0*/); }; struct RsGxsMailPresignedReceipt : RsGxsMailBaseItem { RsGxsMailPresignedReceipt() : RsGxsMailBaseItem(GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_RECEIPT) {} }; enum class RsGxsMailEncryptionMode : uint8_t { CLEAR_TEXT = 1, RSA = 2, UNDEFINED_ENCRYPTION = 250 }; struct RsGxsMailItem : RsGxsMailBaseItem { RsGxsMailItem() : RsGxsMailBaseItem(GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_MAIL), cryptoType(RsGxsMailEncryptionMode::UNDEFINED_ENCRYPTION) {} RsGxsMailEncryptionMode cryptoType; /** * @brief recipientsHint used instead of plain recipient id, so sender can * decide the equilibrium between exposing the recipient and the cost of * completely anonymize it. So a bunch of luky non recipient can conclude * rapidly that they are not the recipient without trying to decrypt the * message. * * To be able to decide how much metadata we disclose sending a message we * send an hint instead of the recipient id in clear, the hint cannot be * false (the recipient would discard the mail) but may be arbitrarly * obscure like 0xFF...FF so potentially everyone could be the recipient, or * may expose the complete recipient id or be a middle ground. * To calculate arbitrary precise hint one do a bitwise OR of the recipients * keys and an arbitrary salt, the more recipients has the mail and the more * 1 bits has the salt the less accurate is the hint. * This way the sender is able to adjust the metadata privacy needed for the * message, in the more private case (recipientsHint == 0xFFF...FFF) no one * has a clue about who is the actual recipient, while this imply the cost * that every potencial recipient has to try to decrypt it to know if it is * for herself. This way a bunch of non recipients can rapidly discover that * the message is not directed to them without attempting it's decryption. * * To check if one id may be the recipient of the mail or not one need to * bitwise compare the hint with the id, if at least one bit of the hint is * 0 while the corrisponding bit in the id is 1 then the id cannot be the * recipient of the mail. * * Note that by design one can prove that an id is not recipient of the mail * but cannot prove it is. * Also in the extreme case of using 0x00...00 as salt that is equivalent * to not salting at all (aka the plain recipient id is used as hint) a * malicious observer could not demostrate in a conclusive manner that the * mail is directed to the actual recipient as the "apparently" * corresponding hint may be fruit of a "luky" salting of another id. */ RsGxsId recipientsHint; void inline saltRecipientHint(const RsGxsId& salt) { recipientsHint = recipientsHint | salt; } /** * @brief maybeRecipient given an id and an hint check if they match * @see recipientHint * @return true if the id may be recipient of the hint, false otherwise */ bool inline maybeRecipient(const RsGxsId& id) const { return (~id|recipientsHint) == allRecipientsHint; } const static RsGxsId allRecipientsHint; /** This should travel encrypted, unless EncryptionMode::CLEAR_TEXT * is specified */ std::vector payload; uint32_t size() const { return RsGxsMailBaseItem::size() + 1 + // cryptoType recipientsHint.serial_size() + payload.size(); } bool serialize(uint8_t* data, uint32_t size, uint32_t& offset) const { bool ok = size < MAX_SIZE; ok = ok && RsGxsMailBaseItem::serialize(data, size, offset); ok = ok && setRawUInt8( data, size, &offset, static_cast(cryptoType) ); ok = ok && recipientsHint.serialise(data, size, offset); uint32_t psz = payload.size(); ok = ok && memcpy(data+offset, &payload[0], psz); offset += psz; return ok; } bool deserialize(const uint8_t* data, uint32_t& size, uint32_t& offset) { void* sizePtr = const_cast(data+offset); uint32_t rssize = getRsItemSize(sizePtr); uint32_t roffset = offset; bool ok = rssize <= size && size < MAX_SIZE; ok = ok && RsGxsMailBaseItem::deserialize(data, rssize, roffset); void* dataPtr = const_cast(data); uint8_t crType; ok = ok && getRawUInt8(dataPtr, rssize, &roffset, &crType); cryptoType = static_cast(crType); ok = ok && recipientsHint.deserialise(dataPtr, rssize, roffset); uint32_t psz = rssize - roffset; ok = ok && (payload.resize(psz), memcpy(&payload[0], data+roffset, psz)); ok = ok && (roffset += psz); if(ok) { size = rssize; offset = roffset; } else size = 0; return ok; } void clear() { RsGxsMailBaseItem::clear(); cryptoType = RsGxsMailEncryptionMode::UNDEFINED_ENCRYPTION; recipientsHint.clear(); payload.clear(); } /// Maximum mail size in bytes 10 MiB is more than anything sane can need const static uint32_t MAX_SIZE = 10*8*1024*1024; }; struct RsGxsMailGroupItem : RsGxsGrpItem { RsGxsMailGroupItem() : RsGxsGrpItem( RS_SERVICE_TYPE_GXS_MAIL, static_cast( GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_GROUP) ) { meta.mGroupFlags = GXS_SERV::FLAG_PRIVACY_PUBLIC; meta.mGroupName = "Mail"; meta.mCircleType = GXS_CIRCLE_TYPE_PUBLIC; } void clear() {} std::ostream &print(std::ostream &out, uint16_t /*indent = 0*/) { return out; } }; enum class GxsMailStatus : uint8_t { UNKNOWN = 0, PENDING_PROCESSING, PENDING_PREFERRED_GROUP, PENDING_RECEIPT_CREATE, PENDING_RECEIPT_SIGNATURE, PENDING_SERIALIZATION, PENDING_PAYLOAD_CREATE, PENDING_PAYLOAD_ENCRYPT, PENDING_PUBLISH, /** This will be useful so the user can know if the mail reached at least * some friend node, in case of internet connection interruption */ //PENDING_TRANSFER, PENDING_RECEIPT_RECEIVE, /// Records with status >= RECEIPT_RECEIVED get deleted RECEIPT_RECEIVED, FAILED_RECEIPT_SIGNATURE = 240, FAILED_ENCRYPTION }; class RsGxsMailSerializer; struct OutgoingRecord : RsItem { OutgoingRecord( RsGxsId rec, GxsMailSubServices cs, const uint8_t* data, uint32_t size ); GxsMailStatus status; RsGxsId recipient; /// Don't use a pointer would be invalid after publish RsGxsMailItem mailItem; std::vector mailData; GxsMailSubServices clientService; RsNxsMailPresignedReceipt presignedReceipt; uint32_t size() const; bool serialize(uint8_t* data, uint32_t size, uint32_t& offset) const; bool deserialize(const uint8_t* data, uint32_t& size, uint32_t& offset); virtual void clear(); virtual std::ostream &print(std::ostream &out, uint16_t indent = 0); private: friend class RsGxsMailSerializer; OutgoingRecord(); }; struct RsGxsMailSerializer : RsSerialType { RsGxsMailSerializer() : RsSerialType( RS_PKT_VERSION_SERVICE, RS_SERVICE_TYPE_GXS_MAIL ) {} ~RsGxsMailSerializer() {} uint32_t size(RsItem* item) { uint32_t sz = 0; switch(static_cast(item->PacketSubType())) { case GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_MAIL: { RsGxsMailItem* i = dynamic_cast(item); if(i) sz = i->size(); break; } case GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_RECEIPT: sz = RsGxsMailPresignedReceipt::size(); break; case GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_GROUP: sz = 8; break; case GxsMailItemsSubtypes::OUTGOING_RECORD_ITEM: { OutgoingRecord* ci = dynamic_cast(item); if(ci) sz = ci->size(); break; } default: break; } return sz; } bool serialise(RsItem* item, void* data, uint32_t* size); RsItem* deserialise(void* data, uint32_t* size) { uint32_t rstype = getRsItemId(data); uint32_t rssize = getRsItemSize(data); uint8_t pktv = getRsItemVersion(rstype); uint16_t srvc = getRsItemService(rstype); const uint8_t* dataPtr = reinterpret_cast(data); if ( (RS_PKT_VERSION_SERVICE != pktv) || // 0x02 (RS_SERVICE_TYPE_GXS_MAIL != srvc) || // 0x0230 = 560 (*size < rssize) ) { print_stacktrace(); return NULL; } *size = rssize; bool ok = true; RsItem* ret = NULL; switch (static_cast(getRsItemSubType(rstype))) { case GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_MAIL: { RsGxsMailItem* i = new RsGxsMailItem(); uint32_t offset = 0; ok = ok && i->deserialize(dataPtr, *size, offset); ret = i; break; } case GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_RECEIPT: { RsGxsMailPresignedReceipt* i = new RsGxsMailPresignedReceipt(); uint32_t offset = 0; ok &= i->deserialize(dataPtr, *size, offset); ret = i; break; } case GxsMailItemsSubtypes::GXS_MAIL_SUBTYPE_GROUP: { ret = new RsGxsMailGroupItem(); break; } case GxsMailItemsSubtypes::OUTGOING_RECORD_ITEM: { OutgoingRecord* i = new OutgoingRecord(); uint32_t offset = 0; ok = ok && i->deserialize(dataPtr, *size, offset); ret = i; break; } default: ok = false; break; } if(ok) return ret; delete ret; return NULL; } };