mirror of
https://github.com/servalproject/serval-dna.git
synced 2025-01-29 15:43:56 +00:00
Don't encrypt by default when the recipient is broadcast
This commit is contained in:
Jeremy Lakeman
parent
15ad333195
commit
2c1a995275
@ -608,6 +608,10 @@ int cf_cmp_uint16_nonzero(const uint16_t *a, const uint16_t *b)
|
||||
|
||||
int cf_opt_sid(sid_t *sidp, const char *text)
|
||||
{
|
||||
if (strcasecmp(text, "broadcast")==0){
|
||||
memset(sidp->binary, 0xFF, SID_SIZE);
|
||||
return CFOK;
|
||||
}
|
||||
if (!str_is_subscriber_id(text))
|
||||
return CFINVALID;
|
||||
size_t n = fromhex(sidp->binary, text, SID_SIZE);
|
||||
|
||||
@ -783,10 +783,15 @@ int rhizome_fill_manifest(rhizome_manifest *m, const char *filepath, const sid_t
|
||||
|
||||
// anything sent from one person to another should be considered private and encrypted by default
|
||||
if (sender && recipient){
|
||||
if (config.debug.rhizome)
|
||||
DEBUGF("Implicitly adding payload encryption due to presense of sender & recipient fields");
|
||||
m->payloadEncryption=1;
|
||||
rhizome_manifest_set_ll(m,"crypt",1);
|
||||
sid_t s_sender, s_recipient;
|
||||
if (cf_opt_sid(&s_sender, sender)==CFOK
|
||||
&& cf_opt_sid(&s_recipient, recipient)==CFOK
|
||||
&& !is_sid_broadcast(s_recipient.binary)){
|
||||
if (config.debug.rhizome)
|
||||
DEBUGF("Implicitly adding payload encryption due to presense of sender & recipient fields");
|
||||
m->payloadEncryption=1;
|
||||
rhizome_manifest_set_ll(m,"crypt",1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -151,7 +151,7 @@ static int prepare_data(struct rhizome_write *write_state, unsigned char *buffer
|
||||
write_state->file_offset+=data_size;
|
||||
|
||||
if (config.debug.rhizome)
|
||||
DEBUGF("Processesd %"PRId64" of %"PRId64, write_state->file_offset, write_state->file_length);
|
||||
DEBUGF("Processed %"PRId64" of %"PRId64, write_state->file_offset, write_state->file_length);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -216,14 +216,6 @@ static int write_data(struct rhizome_write *write_state, uint64_t file_offset, u
|
||||
return 0;
|
||||
}
|
||||
|
||||
// hash and write data to disk, assumes database lock has been opened
|
||||
static int stream_data(struct rhizome_write *write_state, unsigned char *buffer, int data_size){
|
||||
uint64_t file_offset = write_state->file_offset;
|
||||
if (prepare_data(write_state, buffer, data_size))
|
||||
return -1;
|
||||
return write_data(write_state, file_offset, buffer, data_size);
|
||||
}
|
||||
|
||||
// close database locks
|
||||
static int write_release_lock(struct rhizome_write *write_state){
|
||||
if (write_state->blob_fd>=0)
|
||||
@ -383,7 +375,7 @@ int rhizome_write_file(struct rhizome_write *write, const char *filename){
|
||||
goto end;
|
||||
}
|
||||
DEBUGF("Read %d from file", r);
|
||||
if (stream_data(write, buffer, r)){
|
||||
if (rhizome_write_buffer(write, buffer, r)){
|
||||
ret=-1;
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -186,15 +186,6 @@ unpack_manifest_for_grep() {
|
||||
re_name=$(escape_grep_basic "$re_name")
|
||||
re_sender=$($SED -n -e '/^sender=/s///p' "$filename.manifest")
|
||||
re_recipient=$($SED -n -e '/^recipient=/s///p' "$filename.manifest")
|
||||
case "$re_service" in
|
||||
file)
|
||||
re_sender=
|
||||
re_recipient=
|
||||
;;
|
||||
*)
|
||||
re_name=
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -664,6 +664,48 @@ test_EncryptedPayload() {
|
||||
assert ! diff file1 file1y
|
||||
}
|
||||
|
||||
doc_RecipientIsEncrypted="Sender & recipient triggers encryption by default"
|
||||
setup_RecipientIsEncrypted() {
|
||||
setup_servald
|
||||
setup_rhizome
|
||||
echo "Clear Text" >file1
|
||||
echo -e "service=file\nsender=$SIDB1\nrecipient=$SIDB2" >file1.manifest
|
||||
}
|
||||
test_RecipientIsEncrypted() {
|
||||
executeOk_servald rhizome add file $SIDB1 file1 file1.manifest
|
||||
tfw_cat --stdout --stderr
|
||||
assert_stdout_add_file file1
|
||||
assert_manifest_complete file1.manifest
|
||||
executeOk_servald rhizome list
|
||||
assert_rhizome_list --fromhere=1 file1
|
||||
extract_manifest_id BID file1.manifest
|
||||
executeOk_servald rhizome extract file $BID file1x
|
||||
tfw_cat --stdout --stderr
|
||||
assert diff file1 file1x
|
||||
extract_manifest_filehash filehash file1.manifest
|
||||
executeOk_servald rhizome export file $filehash file1y
|
||||
assert ! diff file1 file1y
|
||||
}
|
||||
|
||||
doc_BroadcastNotEncrypted="Broadcast recipients are not encrypted by default"
|
||||
setup_BroadcastNotEncrypted() {
|
||||
setup_servald
|
||||
setup_rhizome
|
||||
echo "Clear Text" >file1
|
||||
echo -e "service=file\nsender=$SIDB1\nrecipient=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" >file1.manifest
|
||||
}
|
||||
test_BroadcastNotEncrypted() {
|
||||
executeOk_servald rhizome add file $SIDB1 file1 file1.manifest
|
||||
tfw_cat --stdout --stderr
|
||||
assert_stdout_add_file file1
|
||||
assert_manifest_complete file1.manifest
|
||||
executeOk_servald rhizome list
|
||||
assert_rhizome_list --fromhere=1 file1
|
||||
extract_manifest_filehash filehash file1.manifest
|
||||
executeOk_servald rhizome export file $filehash file1y
|
||||
assert diff file1 file1y
|
||||
}
|
||||
|
||||
doc_JournalAdd="Create and append to a journal"
|
||||
setup_JournalAdd() {
|
||||
setup_servald
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user