search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Upstream tarball 9445
[amule.git] / src / ClientCreditsList.cpp
blob5691e33493ac838296f56b7834baeb7ebe9ef404
1 //
2 // This file is part of the aMule Project.
3 //
4 // Copyright (c) 2003-2008 aMule Team ( admin@amule.org / http://www.amule.org )
5 // Copyright (c) 2002-2008 Merkur ( devs@emule-project.net / http://www.emule-project.net )
6 //
7 // Any parts of this program derived from the xMule, lMule or eMule project,
8 // or contributed by third-party developers are copyrighted by their
9 // respective authors.
10 //
11 // This program is free software; you can redistribute it and/or modify
12 // it under the terms of the GNU General Public License as published by
13 // the Free Software Foundation; either version 2 of the License, or
14 // (at your option) any later version.
15 //
16 // This program is distributed in the hope that it will be useful,
17 // but WITHOUT ANY WARRANTY; without even the implied warranty of
18 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 // GNU General Public License for more details.
20 //
21 // You should have received a copy of the GNU General Public License
22 // along with this program; if not, write to the Free Software
23 // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 //
25
26 #include "ClientCreditsList.h" // Interface declarations
27
28
29 #include <protocol/ed2k/Constants.h>
30 #include <common/Macros.h>
31 #include <common/DataFileVersion.h>
32 #include <common/FileFunctions.h> // Needed for GetFileSize
33
34
35 #include "GetTickCount.h" // Needed for GetTickCount
36 #include "Preferences.h" // Needed for thePrefs
37 #include "ClientCredits.h" // Needed for CClientCredits
38 #include "amule.h" // Needed for theApp
39 #include "CFile.h" // Needed for CFile
40 #include "Logger.h" // Needed for Add(Debug)LogLine
41 #include "CryptoPP_Inc.h" // Needed for Crypto functions
42
43
44 #define CLIENTS_MET_FILENAME wxT("clients.met")
45 #define CLIENTS_MET_BAK_FILENAME wxT("clients.met.BAK")
46 #define CRYPTKEY_FILENAME wxT("cryptkey.dat")
47
48
49 CClientCreditsList::CClientCreditsList()
50 {
51 m_nLastSaved = ::GetTickCount();
52 LoadList();
53
54 InitalizeCrypting();
55 }
56
57
58 CClientCreditsList::~CClientCreditsList()
59 {
60 ClientMap::iterator it = m_mapClients.begin();
61 for ( ; it != m_mapClients.end(); ++it ){
62 delete it->second;
63 }
64 m_mapClients.clear();
65 delete static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(m_pSignkey);
66 }
67
68
69 void CClientCreditsList::LoadList()
70 {
71 CFile file;
72 CPath fileName = CPath(theApp->ConfigDir + CLIENTS_MET_FILENAME);
73
74 if (!fileName.FileExists()) {
75 return;
76 }
77
78 try {
79 file.Open(fileName, CFile::read);
80
81 if (file.ReadUInt8() != CREDITFILE_VERSION) {
82 AddDebugLogLineM( true, logCredits,
83 wxT("Creditfile is out of date and will be replaced") );
84 file.Close();
85 return;
86 }
87
88 // everything is ok, lets see if the backup exist...
89 CPath bakFileName = CPath(theApp->ConfigDir + CLIENTS_MET_BAK_FILENAME);
90
91 bool bCreateBackup = TRUE;
92 if (bakFileName.FileExists()) {
93 // Ok, the backup exist, get the size
94 CFile hBakFile(bakFileName);
95 if ( hBakFile.GetLength() > file.GetLength()) {
96 // the size of the backup was larger then the
97 // org. file, something is wrong here, don't
98 // overwrite old backup..
99 bCreateBackup = FALSE;
100 }
101 // else: backup is smaller or the same size as org.
102 // file, proceed with copying of file
103 }
104
105 //else: the backup doesn't exist, create it
106 if (bCreateBackup) {
107 file.Close(); // close the file before copying
108 if (!CPath::CloneFile(fileName, bakFileName, true)) {
109 AddDebugLogLineM(true, logCredits,
110 CFormat(wxT("Could not create backup file '%s'")) % fileName);
111 }
112 // reopen file
113 if (!file.Open(fileName, CFile::read)) {
114 AddDebugLogLineM( true, logCredits,
115 wxT("Failed to load creditfile") );
116 return;
117 }
118
119 file.Seek(1);
120 }
121
122
123 uint32 count = file.ReadUInt32();
124
125 const uint32 dwExpired = time(NULL) - 12960000; // today - 150 day
126 uint32 cDeleted = 0;
127 for (uint32 i = 0; i < count; i++){
128 CreditStruct* newcstruct = new CreditStruct();
129
130 newcstruct->key = file.ReadHash();
131 newcstruct->uploaded = file.ReadUInt32();
132 newcstruct->downloaded = file.ReadUInt32();
133 newcstruct->nLastSeen = file.ReadUInt32();
134 newcstruct->uploaded += static_cast<uint64>(file.ReadUInt32()) << 32;
135 newcstruct->downloaded += static_cast<uint64>(file.ReadUInt32()) << 32;
136 newcstruct->nReserved3 = file.ReadUInt16();
137 newcstruct->nKeySize = file.ReadUInt8();
138 file.Read(newcstruct->abySecureIdent, MAXPUBKEYSIZE);
139
140 if ( newcstruct->nKeySize > MAXPUBKEYSIZE ) {
141 // Oh dear, this is bad mojo, the file is most likely corrupt
142 // We can no longer assume that any of the clients in the file are valid
143 // and will have to discard it.
144 delete newcstruct;
145
146 // Remove already read, and possibly invalid, entries
147 ClientMap::iterator it = m_mapClients.begin();
148 for ( ; it != m_mapClients.end(); ++it ){
149 delete it->second;
150 }
151 m_mapClients.clear();
152
153 AddDebugLogLineM( true, logCredits,
154 wxT("WARNING: Corruptions found while reading Creditfile!") );
155 return;
156 }
157
158 if (newcstruct->nLastSeen < dwExpired){
159 cDeleted++;
160 delete newcstruct;
161 continue;
162 }
163
164 CClientCredits* newcredits = new CClientCredits(newcstruct);
165 m_mapClients[newcredits->GetKey()] = newcredits;
166 }
167
168 AddLogLineM(false, wxString::Format(wxPLURAL("Creditfile loaded, %u client is known", "Creditfile loaded, %u clients are known", count - cDeleted), count - cDeleted));
169
170 if (cDeleted) {
171 AddLogLineM(false, wxString::Format(wxPLURAL(" - Credits expired for %u client!", " - Credits expired for %u clients!", cDeleted), cDeleted));
172 }
173 } catch (const CSafeIOException& e) {
174 AddDebugLogLineM(true, logCredits, wxT("IO error while loading clients.met file: ") + e.what());
175 }
176 }
177
178
179 void CClientCreditsList::SaveList()
180 {
181 AddDebugLogLineM( false, logCredits, wxT("Saved Credit list"));
182 m_nLastSaved = ::GetTickCount();
183
184 wxString name(theApp->ConfigDir + CLIENTS_MET_FILENAME);
185 CFile file;
186
187 if ( !file.Create(name, true) ) {
188 AddDebugLogLineM( true, logCredits, wxT("Failed to create creditfile") );
189 return;
190 }
191
192 if ( file.Open(name, CFile::write) ) {
193 try {
194 uint32 count = 0;
195
196 file.WriteUInt8( CREDITFILE_VERSION );
197 // Temporary place-holder for number of stucts
198 file.WriteUInt32( 0 );
199
200 ClientMap::iterator it = m_mapClients.begin();
201 for ( ; it != m_mapClients.end(); ++it ) {
202 CClientCredits* cur_credit = it->second;
203
204 if ( cur_credit->GetUploadedTotal() || cur_credit->GetDownloadedTotal() ) {
205 const CreditStruct* const cstruct = cur_credit->GetDataStruct();
206 file.WriteHash(cstruct->key);
207 file.WriteUInt32(static_cast<uint32>(cstruct->uploaded));
208 file.WriteUInt32(static_cast<uint32>(cstruct->downloaded));
209 file.WriteUInt32(cstruct->nLastSeen);
210 file.WriteUInt32(static_cast<uint32>(cstruct->uploaded >> 32));
211 file.WriteUInt32(static_cast<uint32>(cstruct->downloaded >> 32));
212 file.WriteUInt16(cstruct->nReserved3);
213 file.WriteUInt8(cstruct->nKeySize);
214 // Doesn't matter if this saves garbage, will be fixed on load.
215 file.Write(cstruct->abySecureIdent, MAXPUBKEYSIZE);
216 count++;
217 }
218 }
219
220 // Write the actual number of structs
221 file.Seek( 1 );
222 file.WriteUInt32( count );
223 } catch (const CIOFailureException& e) {
224 AddDebugLogLineM(true, logCredits, wxT("IO failure while saving clients.met: ") + e.what());
225 }
226 } else {
227 AddDebugLogLineM(true, logCredits, wxT("Failed to open existing creditfile!"));
228 }
229 }
230
231
232 CClientCredits* CClientCreditsList::GetCredit(const CMD4Hash& key)
233 {
234 CClientCredits* result;
235
236 ClientMap::iterator it = m_mapClients.find( key );
237
238
239 if ( it == m_mapClients.end() ){
240 result = new CClientCredits(key);
241 m_mapClients[result->GetKey()] = result;
242 } else {
243 result = it->second;
244 }
245
246 result->SetLastSeen();
247
248 return result;
249 }
250
251
252 void CClientCreditsList::Process()
253 {
254 if (::GetTickCount() - m_nLastSaved > MIN2MS(13))
255 SaveList();
256 }
257
258
259 bool CClientCreditsList::CreateKeyPair()
260 {
261 try{
262 CryptoPP::AutoSeededX917RNG<CryptoPP::DES_EDE3> rng;
263 CryptoPP::InvertibleRSAFunction privkey;
264 privkey.Initialize(rng, RSAKEYSIZE);
265
266 // Nothing we can do against this filename2char :/
267 wxCharBuffer filename = filename2char(theApp->ConfigDir + CRYPTKEY_FILENAME);
268 CryptoPP::FileSink *fileSink = new CryptoPP::FileSink(filename);
269 CryptoPP::Base64Encoder *privkeysink = new CryptoPP::Base64Encoder(fileSink);
270 privkey.DEREncode(*privkeysink);
271 privkeysink->MessageEnd();
272
273 // Do not delete these pointers or it will blow in your face.
274 // cryptopp semantics is giving ownership of these objects.
275 //
276 // delete privkeysink;
277 // delete fileSink;
278
279 AddDebugLogLineM( true, logCredits, wxT("Created new RSA keypair"));
280 } catch(const CryptoPP::Exception& e) {
281 AddDebugLogLineM(true, logCredits,
282 wxString(wxT("Failed to create new RSA keypair: ")) +
283 char2unicode(e.what()));
284 wxFAIL;
285 return false;
286 }
287
288 return true;
289 }
290
291
292 void CClientCreditsList::InitalizeCrypting()
293 {
294 m_nMyPublicKeyLen = 0;
295 memset(m_abyMyPublicKey,0,80); // not really needed; better for debugging tho
296 m_pSignkey = NULL;
297
298 if (!thePrefs::IsSecureIdentEnabled()) {
299 return;
300 }
301
302 try {
303 // check if keyfile is there
304 if (wxFileExists(theApp->ConfigDir + CRYPTKEY_FILENAME)) {
305 off_t keySize = CPath::GetFileSize(theApp->ConfigDir + CRYPTKEY_FILENAME);
306
307 if (keySize == wxInvalidOffset) {
308 AddDebugLogLineM(true, logCredits, wxT("Cannot access 'cryptkey.dat', please check permissions."));
309 return;
310 } else if (keySize == 0) {
311 AddDebugLogLineM(true, logCredits, wxT("'cryptkey.dat' is empty, recreating keypair."));
312 CreateKeyPair();
313 }
314 } else {
315 AddLogLineM( false, _("No 'cryptkey.dat' file found, creating.") );
316 CreateKeyPair();
317 }
318
319 // load private key
320 CryptoPP::FileSource filesource(filename2char(theApp->ConfigDir + CRYPTKEY_FILENAME), true, new CryptoPP::Base64Decoder);
321 m_pSignkey = new CryptoPP::RSASSA_PKCS1v15_SHA_Signer(filesource);
322 // calculate and store public key
323 CryptoPP::RSASSA_PKCS1v15_SHA_Verifier pubkey(*static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(m_pSignkey));
324 CryptoPP::ArraySink asink(m_abyMyPublicKey, 80);
325 pubkey.DEREncode(asink);
326 m_nMyPublicKeyLen = asink.TotalPutLength();
327 asink.MessageEnd();
328 } catch (const CryptoPP::Exception& e) {
329 delete static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(m_pSignkey);
330 m_pSignkey = NULL;
331
332 AddDebugLogLineM(true, logCredits,
333 wxString(wxT("Error while initializing encryption keys: ")) +
334 char2unicode(e.what()));
335 }
336 }
337
338
339 uint8 CClientCreditsList::CreateSignature(CClientCredits* pTarget, byte* pachOutput, uint8 nMaxSize, uint32 ChallengeIP, uint8 byChaIPKind, void* sigkey)
340 {
341 CryptoPP::RSASSA_PKCS1v15_SHA_Signer* signer =
342 static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(sigkey);
343 // signer param is used for debug only
344 if (signer == NULL)
345 signer = static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(m_pSignkey);
346
347 // create a signature of the public key from pTarget
348 wxASSERT( pTarget );
349 wxASSERT( pachOutput );
350
351 if ( !CryptoAvailable() ) {
352 return 0;
353 }
354
355 try {
356 CryptoPP::SecByteBlock sbbSignature(signer->SignatureLength());
357 CryptoPP::AutoSeededX917RNG<CryptoPP::DES_EDE3> rng;
358 byte abyBuffer[MAXPUBKEYSIZE+9];
359 uint32 keylen = pTarget->GetSecIDKeyLen();
360 memcpy(abyBuffer,pTarget->GetSecureIdent(),keylen);
361 // 4 additional bytes random data send from this client
362 uint32 challenge = pTarget->m_dwCryptRndChallengeFrom;
363 wxASSERT ( challenge != 0 );
364 PokeUInt32(abyBuffer+keylen,challenge);
365
366 uint16 ChIpLen = 0;
367 if ( byChaIPKind != 0){
368 ChIpLen = 5;
369 PokeUInt32(abyBuffer+keylen+4, ChallengeIP);
370 PokeUInt8(abyBuffer+keylen+4+4,byChaIPKind);
371 }
372 signer->SignMessage(rng, abyBuffer ,keylen+4+ChIpLen , sbbSignature.begin());
373 CryptoPP::ArraySink asink(pachOutput, nMaxSize);
374 asink.Put(sbbSignature.begin(), sbbSignature.size());
375
376 return asink.TotalPutLength();
377 } catch (const CryptoPP::Exception& e) {
378 AddDebugLogLineM(true, logCredits, wxString(wxT("Error while creating signature: ")) + char2unicode(e.what()));
379 wxFAIL;
380
381 return 0;
382 }
383 }
384
385
386 bool CClientCreditsList::VerifyIdent(CClientCredits* pTarget, const byte* pachSignature, uint8 nInputSize, uint32 dwForIP, uint8 byChaIPKind)
387 {
388 wxASSERT( pTarget );
389 wxASSERT( pachSignature );
390 if ( !CryptoAvailable() ){
391 pTarget->SetIdentState(IS_NOTAVAILABLE);
392 return false;
393 }
394 bool bResult;
395 try {
396 CryptoPP::StringSource ss_Pubkey((byte*)pTarget->GetSecureIdent(),pTarget->GetSecIDKeyLen(),true,0);
397 CryptoPP::RSASSA_PKCS1v15_SHA_Verifier pubkey(ss_Pubkey);
398 // 4 additional bytes random data send from this client +5 bytes v2
399 byte abyBuffer[MAXPUBKEYSIZE+9];
400 memcpy(abyBuffer,m_abyMyPublicKey,m_nMyPublicKeyLen);
401 uint32 challenge = pTarget->m_dwCryptRndChallengeFor;
402 wxASSERT ( challenge != 0 );
403 PokeUInt32(abyBuffer+m_nMyPublicKeyLen, challenge);
404
405 // v2 security improvments (not supported by 29b, not used as default by 29c)
406 uint8 nChIpSize = 0;
407 if (byChaIPKind != 0){
408 nChIpSize = 5;
409 uint32 ChallengeIP = 0;
410 switch (byChaIPKind){
411 case CRYPT_CIP_LOCALCLIENT:
412 ChallengeIP = dwForIP;
413 break;
414 case CRYPT_CIP_REMOTECLIENT:
415 // Ignore local ip...
416 if (!theApp->GetPublicIP(true)) {
417 if (::IsLowID(theApp->GetED2KID())){
418 AddDebugLogLineM( false, logCredits, wxT("Warning: Maybe SecureHash Ident fails because LocalIP is unknown"));
419 // Fallback to local ip...
420 ChallengeIP = theApp->GetPublicIP();
421 } else {
422 ChallengeIP = theApp->GetED2KID();
423 }
424 } else {
425 ChallengeIP = theApp->GetPublicIP();
426 }
427 break;
428 case CRYPT_CIP_NONECLIENT: // maybe not supported in future versions
429 ChallengeIP = 0;
430 break;
431 }
432 PokeUInt32(abyBuffer+m_nMyPublicKeyLen+4, ChallengeIP);
433 PokeUInt8(abyBuffer+m_nMyPublicKeyLen+4+4, byChaIPKind);
434 }
435 //v2 end
436
437 bResult = pubkey.VerifyMessage(abyBuffer, m_nMyPublicKeyLen+4+nChIpSize, pachSignature, nInputSize);
438 } catch (const CryptoPP::Exception& e) {
439 AddDebugLogLineM(true, logCredits, wxString(wxT("Error while verifying identity: ")) + char2unicode(e.what()));
440 bResult = false;
441 }
442
443 if (!bResult){
444 if (pTarget->GetIdentState() == IS_IDNEEDED)
445 pTarget->SetIdentState(IS_IDFAILED);
446 } else {
447 pTarget->Verified(dwForIP);
448 }
449
450 return bResult;
451 }
452
453
454 bool CClientCreditsList::CryptoAvailable() const
455 {
456 return m_nMyPublicKeyLen > 0 && m_pSignkey != NULL;
457 }
458
459
460 #ifdef _DEBUG
461 bool CClientCreditsList::Debug_CheckCrypting(){
462 // create random key
463 CryptoPP::AutoSeededX917RNG<CryptoPP::DES_EDE3> rng;
464
465 CryptoPP::RSASSA_PKCS1v15_SHA_Signer priv(rng, 384);
466 CryptoPP::RSASSA_PKCS1v15_SHA_Verifier pub(priv);
467
468 byte abyPublicKey[80];
469 CryptoPP::ArraySink asink(abyPublicKey, 80);
470 pub.DEREncode(asink);
471 int8 PublicKeyLen = asink.TotalPutLength();
472 asink.MessageEnd();
473 uint32 challenge = rand();
474 // create fake client which pretends to be this emule
475 CreditStruct* newcstruct = new CreditStruct();
476 CClientCredits newcredits(newcstruct);
477 newcredits.SetSecureIdent(m_abyMyPublicKey,m_nMyPublicKeyLen);
478 newcredits.m_dwCryptRndChallengeFrom = challenge;
479 // create signature with fake priv key
480 byte pachSignature[200];
481 memset(pachSignature,0,200);
482 uint8 sigsize = CreateSignature(&newcredits,pachSignature,200,0,false, &priv);
483
484
485 // next fake client uses the random created public key
486 CreditStruct* newcstruct2 = new CreditStruct();
487 CClientCredits newcredits2(newcstruct2);
488 newcredits2.m_dwCryptRndChallengeFor = challenge;
489
490 // if you uncomment one of the following lines the check has to fail
491 //abyPublicKey[5] = 34;
492 //m_abyMyPublicKey[5] = 22;
493 //pachSignature[5] = 232;
494
495 newcredits2.SetSecureIdent(abyPublicKey,PublicKeyLen);
496
497 //now verify this signature - if it's true everything is fine
498 return VerifyIdent(&newcredits2,pachSignature,sigsize,0,0);
499 }
500 #endif
501 // File_checked_for_headers
aMule P2P client