tomato-testing/toxcore/group_moderation.c
Green Sky aae086cc65 Squashed 'external/toxcore/c-toxcore/' changes from e2c01e457b..b03b571272
b03b571272 fix: flaky tcp test This only fixes the symptoms, not the real problem. Sometimes or consistently on some platforms a socket might need a moment before it can be written to.
32e67ab4c2 cleanup: use typedef for private message ID's in callback
7b1db6adc1 feat: add message IDs to private group messages
99e0bcc27d refactor: Observers/ignored peers can now send and receive custom packets
b3c3c49d26 fix: Disable IPv6 in Windows cross-compilation tests
e742deddff feat: Check hashes of Windows dependencies when cross-compiling
dfb9a0b02b fix: Test the current Windows Dockerfile, not an old Dockerhub image
14de93ccec chore: Use WineHQ's Wine as Debian Bookworm's crashes
ed37616249 docs: Update the Windows cross-compilation section
9bb79c174f cleanup: Remove a couple of unnecessary misc_tools dependencies
19475adb70 chore: Statically link OpenMP into the cracker fun util on Windows
1be311e51f feat: Build the fun utils when cross-compiling to Windows
88133f8446 chore: Strip Windows binaries
3cc0ae7535 refactor: Copy over all of the required static dependencies
c4fa8f7fb1 feat: Generate .def, .exp and .lib files when building for Windows
74bbac5363 feat: Let CMake create the dll instead of doing so ourselves
246642e9ae feat: Harden Windows cross-compilation
8d431c0d11 chore: Bump Windows build dependency versions
e519f7998b fix: Remove unnecessary wsock32 dependency on Windows
ed2b60c217 chore: Use a specific non-broken slimcc version.
d7f21010a1 chore: Update github actions.
e71a68b7f2 docs: Update the list of CMake options
77e08876ff chore: Remove mod and founder from group API naming scheme
12bc042767 docs: add the experimental api build option to INSTALL.md
e1fa5cae96 refactor: Rename Queries to Query to align with other enums.
be82a3ea30 fix: Correct type for conference offline peer numbers.
0627c36716 test: Add pkgsrc build.
92578afe4b test: Add FreeBSD VM action on GitHub.
52ece0f57b test: Build toxcore on NetBSD (VM).
3fe8ee2c11 chore: Only install tox_private.h on request.
9a8dfa06ab fix: save_compatibility_test failing on big-endian systems
86f5e55578 fix: Don't serve files from websockify.
710eb674a5 fix: Correctly pass extended public keys to group moderation code.
021db7031c refactor: Use `struct`s for extended public/secret keys.
a1e999fd80 chore: Compile libsodium reference implementation with compcert.
fbe3c19cf5 cleanup: correct a few nullable annotations
623e3ee5c3 cleanup: Don't use `memcpy` to cast arbitrary `struct`s to `uint8_t[]`.
c71567dc18 fix: Pass array, not array pointer, to `memcmp`.
9b46a08144 cleanup: Never pass `void*` directly to `memcpy`.
5d7b7a7bbc refactor: Use tox rng to seed the keypair generation.
961891d568 cleanup: Small improvements found by PVS Studio.
8201019f0d chore: Disable NGC saving by default, enable through Tox_Options.
5dd9ee3f65 cleanup: Replace pointer arithmetic with explicit `&arr[i]`.
ca4606d49d refactor: Use strong typedef for NGC peer id.
442213b722 cleanup: Simplify custom packet length check in NGC.
08d3393def fix: Correct a few potential null derefs in bootstrap daemon.
b9877b32b0 fix: Add missing memunlock of local variable when it goes out of scope.
dab5fe44b9 fix: Zero out stack-allocated secret key before return.
f058103299 refactor: Make prune_gc_sanctions_list more obviously correct.
3ba7a0dec9 docs: Add static analysis tool list to README.
8d0811a0f3 docs: Run prettier-markdown on markdown files.
969e3a2bfc refactor: Fix network test not using the strong typedef
93c83fbc7c refactor: Use strong typedef instead of struct for `Socket`.
9fe18b176f fix: Fix some false positive from PVS Studio.
7c44379ccb cleanup: Check that WINXP macro exists before comparing it.
5c93231bef refactor: Make tox mutex non-recursive.
aacff73939 docs: Fix up doxyfile.
d55fc85ff5 docs: Add more documentation to crypto_core.
5bdaaaedb6 refactor: Remove `Tox *` from `tox_dispatch`.
e202341e76 refactor: Don't rely on tox_dispatch passing tox in tests.
34df938f52 chore: Use C++ mode for clang-tidy.
8b05296a78 chore: Check that both gtest and gmock exist for tests.
42010660e1 test: Add slimcc compiler compatibility test.
b473630321 chore: Add some comments to the astyle config.
b7404f24f6 cleanup: Remove implicit bool conversions.
4e2dba4d9f chore: Reformat sources with astyle.
4359e3a6bc chore: Rename C++ headers to .hh suffixes.
0c05566e58 cleanup: Further `#include` cleanups.
8d29935b7a chore: Only check the bootstrap daemon checksum on release.
f70e588bc6 cleanup: Add more `const` where possible.
511bfe39c8 cleanup: Use Bazel modules to enforce proper `#include` hygiene.
1710a0d091 refactor: Move pack/unpack `IP_Port` from DHT into network module.
a975943564 chore: Really fix coverage docker image build.
c08409390f chore: Fix post-submit coverage image.
39aadf8922 fix: Don't use `memcmp` to compare `IP_Port`s.
d94246a906 fix: partially fix a bug that prevented group part messages from sending.
eeaa039222 chore: Fix rpm build; add a CI check for it.
8328449c1a chore: Speed up docker builds a bit by reducing layer count.
d6d67d56f3 cleanup: Add `const` where possible in auto tests.
6aa9e6850d cleanup: Minor cleanup of event unpack code.
bdf460a3a9 refactor: Rename `system_{memory,...}` to `os_{memory,...}`.
203e1af81e fix: a few off by one errors in group autotests
5c093c4888 cleanup: Remove all uses of `SIZEOF_VLA`.
662c2140f3 test: Add goblint static analyser.
8f07755834 cleanup: Use `memzero(x, s)` instead of `memset(x, 0, s)`.
a7258e40cf cleanup: Use explicit 0 instead of `PACKET_ID_PADDING`.
6370d0f15d cleanup: Expand the `Tox_Options` accessor macros.
14a1a0b9bd cleanup: Remove plan9 support.
a05dccad13 test: Add a simple new/delete test for Tox.
1cdcf938b9 cleanup: Add comment after every `#endif`.
ba99d4dc4b test: Fix comment I broke in the events test PR.
e07248debb refactor: Migrate auto_tests to new events API.
bdd42b5452 refactor: Add common msgpack array packer with callback.
3c659f5288 cleanup: Rename group to conference in groupav documentation.
89957be230 cleanup: Ensure handler params are named after callback params.
c650d9d345 refactor: Pass `this` pointer as first param to s11n callbacks.
e7fb91ddb8 refactor: Allow NULL pointers for byte arrays in events.
5e2c8cabc1 cleanup: make some improvements to group moderation test
259de4867e cleanup: Remove `bin_pack_{new,free}`.
21a8ff5895 cleanup: skip a do_gc iteration before removing peers marked for deletion
16809dc36e feat: Add dht_get_nodes_response event to the events system.

git-subtree-dir: external/toxcore/c-toxcore
git-subtree-split: b03b5712720de9a9901ea12fd741f177327a7021
2024-03-07 23:12:55 +01:00

872 lines
25 KiB
C

/* SPDX-License-Identifier: GPL-3.0-or-later
* Copyright © 2016-2020 The TokTok team.
* Copyright © 2015 Tox project.
*/
/**
* An implementation of massive text only group chats.
*/
#include "group_moderation.h"
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "DHT.h"
#include "attributes.h"
#include "ccompat.h"
#include "crypto_core.h"
#include "logger.h"
#include "network.h"
#include "util.h"
static_assert(MOD_SANCTIONS_CREDS_SIZE <= MAX_PACKET_SIZE_NO_HEADERS,
"MOD_SANCTIONS_CREDS_SIZE must be <= the maximum allowed payload size");
static_assert(MOD_MAX_NUM_SANCTIONS * MOD_SANCTION_PACKED_SIZE + MOD_SANCTIONS_CREDS_SIZE <= MAX_PACKET_SIZE_NO_HEADERS,
"MOD_MAX_NUM_SANCTIONS must be able to fit inside the maximum allowed payload size");
static_assert(MOD_MAX_NUM_MODERATORS * MOD_LIST_ENTRY_SIZE <= MAX_PACKET_SIZE_NO_HEADERS,
"MOD_MAX_NUM_MODERATORS must be able to fit insize the maximum allowed payload size");
static_assert(MOD_MAX_NUM_MODERATORS <= MOD_MAX_NUM_MODERATORS_LIMIT,
"MOD_MAX_NUM_MODERATORS must be <= MOD_MAX_NUM_MODERATORS_LIMIT");
static_assert(MOD_MAX_NUM_SANCTIONS <= MOD_MAX_NUM_SANCTIONS_LIMIT,
"MOD_MAX_NUM_SANCTIONS must be <= MOD_MAX_NUM_SANCTIONS_LIMIT");
uint16_t mod_list_packed_size(const Moderation *moderation)
{
return moderation->num_mods * MOD_LIST_ENTRY_SIZE;
}
int mod_list_unpack(Moderation *moderation, const uint8_t *data, uint16_t length, uint16_t num_mods)
{
if (length < num_mods * MOD_LIST_ENTRY_SIZE) {
return -1;
}
mod_list_cleanup(moderation);
if (num_mods == 0) {
return 0;
}
uint8_t **tmp_list = (uint8_t **)calloc(num_mods, sizeof(uint8_t *));
if (tmp_list == nullptr) {
return -1;
}
uint16_t unpacked_len = 0;
for (uint16_t i = 0; i < num_mods; ++i) {
uint8_t *entry = (uint8_t *)malloc(MOD_LIST_ENTRY_SIZE);
if (entry == nullptr) {
free_uint8_t_pointer_array(moderation->mem, tmp_list, i);
return -1;
}
memcpy(entry, &data[i * MOD_LIST_ENTRY_SIZE], MOD_LIST_ENTRY_SIZE);
tmp_list[i] = entry;
unpacked_len += MOD_LIST_ENTRY_SIZE;
}
moderation->mod_list = tmp_list;
moderation->num_mods = num_mods;
return unpacked_len;
}
void mod_list_pack(const Moderation *moderation, uint8_t *data)
{
for (uint16_t i = 0; i < moderation->num_mods; ++i) {
memcpy(&data[i * MOD_LIST_ENTRY_SIZE], moderation->mod_list[i], MOD_LIST_ENTRY_SIZE);
}
}
void mod_list_get_data_hash(uint8_t *hash, const uint8_t *packed_mod_list, uint16_t length)
{
crypto_sha256(hash, packed_mod_list, length);
}
bool mod_list_make_hash(const Moderation *moderation, uint8_t *hash)
{
if (moderation->num_mods == 0) {
memzero(hash, MOD_MODERATION_HASH_SIZE);
return true;
}
const size_t data_buf_size = mod_list_packed_size(moderation);
assert(data_buf_size > 0);
uint8_t *data = (uint8_t *)malloc(data_buf_size);
if (data == nullptr) {
return false;
}
mod_list_pack(moderation, data);
mod_list_get_data_hash(hash, data, data_buf_size);
free(data);
return true;
}
/**
* Returns moderator list index for public_sig_key.
* Returns -1 if key is not in the list.
*/
non_null()
static int mod_list_index_of_sig_pk(const Moderation *moderation, const uint8_t *public_sig_key)
{
for (uint16_t i = 0; i < moderation->num_mods; ++i) {
if (memcmp(moderation->mod_list[i], public_sig_key, SIG_PUBLIC_KEY_SIZE) == 0) {
return i;
}
}
return -1;
}
bool mod_list_verify_sig_pk(const Moderation *moderation, const uint8_t *sig_pk)
{
if (memcmp(moderation->founder_public_sig_key, sig_pk, SIG_PUBLIC_KEY_SIZE) == 0) {
return true;
}
for (uint16_t i = 0; i < moderation->num_mods; ++i) {
if (memcmp(moderation->mod_list[i], sig_pk, SIG_PUBLIC_KEY_SIZE) == 0) {
return true;
}
}
return false;
}
bool mod_list_remove_index(Moderation *moderation, uint16_t index)
{
if (index >= moderation->num_mods) {
return false;
}
if ((moderation->num_mods - 1) == 0) {
mod_list_cleanup(moderation);
return true;
}
--moderation->num_mods;
if (index != moderation->num_mods) {
memcpy(moderation->mod_list[index], moderation->mod_list[moderation->num_mods],
MOD_LIST_ENTRY_SIZE);
}
free(moderation->mod_list[moderation->num_mods]);
moderation->mod_list[moderation->num_mods] = nullptr;
uint8_t **tmp_list = (uint8_t **)realloc(moderation->mod_list, moderation->num_mods * sizeof(uint8_t *));
if (tmp_list == nullptr) {
return false;
}
moderation->mod_list = tmp_list;
return true;
}
bool mod_list_remove_entry(Moderation *moderation, const uint8_t *public_sig_key)
{
if (moderation->num_mods == 0) {
return false;
}
const int idx = mod_list_index_of_sig_pk(moderation, public_sig_key);
if (idx == -1) {
return false;
}
assert(idx <= UINT16_MAX);
return mod_list_remove_index(moderation, (uint16_t)idx);
}
bool mod_list_add_entry(Moderation *moderation, const uint8_t *mod_data)
{
if (moderation->num_mods >= MOD_MAX_NUM_MODERATORS) {
return false;
}
uint8_t **tmp_list = (uint8_t **)realloc(moderation->mod_list, (moderation->num_mods + 1) * sizeof(uint8_t *));
if (tmp_list == nullptr) {
return false;
}
moderation->mod_list = tmp_list;
uint8_t *entry = (uint8_t *)malloc(MOD_LIST_ENTRY_SIZE);
if (entry == nullptr) {
return false;
}
memcpy(entry, mod_data, MOD_LIST_ENTRY_SIZE);
tmp_list[moderation->num_mods] = entry;
++moderation->num_mods;
return true;
}
void mod_list_cleanup(Moderation *moderation)
{
free_uint8_t_pointer_array(moderation->mem, moderation->mod_list, moderation->num_mods);
moderation->num_mods = 0;
moderation->mod_list = nullptr;
}
uint16_t sanctions_creds_pack(const Mod_Sanction_Creds *creds, uint8_t *data)
{
uint16_t packed_len = 0;
net_pack_u32(&data[packed_len], creds->version);
packed_len += sizeof(uint32_t);
memcpy(&data[packed_len], creds->hash, MOD_SANCTION_HASH_SIZE);
packed_len += MOD_SANCTION_HASH_SIZE;
net_pack_u16(&data[packed_len], creds->checksum);
packed_len += sizeof(uint16_t);
memcpy(&data[packed_len], creds->sig_pk, SIG_PUBLIC_KEY_SIZE);
packed_len += SIG_PUBLIC_KEY_SIZE;
memcpy(&data[packed_len], creds->sig, SIGNATURE_SIZE);
packed_len += SIGNATURE_SIZE;
return packed_len;
}
uint16_t sanctions_list_packed_size(uint16_t num_sanctions)
{
return MOD_SANCTION_PACKED_SIZE * num_sanctions;
}
int sanctions_list_pack(uint8_t *data, uint16_t length, const Mod_Sanction *sanctions, uint16_t num_sanctions,
const Mod_Sanction_Creds *creds)
{
assert(sanctions != nullptr || num_sanctions == 0);
assert(sanctions != nullptr || creds != nullptr);
uint16_t packed_len = 0;
for (uint16_t i = 0; i < num_sanctions; ++i) {
if (packed_len + sizeof(uint8_t) + SIG_PUBLIC_KEY_SIZE + TIME_STAMP_SIZE > length) {
return -1;
}
memcpy(&data[packed_len], &sanctions[i].type, sizeof(uint8_t));
packed_len += sizeof(uint8_t);
memcpy(&data[packed_len], sanctions[i].setter_public_sig_key, SIG_PUBLIC_KEY_SIZE);
packed_len += SIG_PUBLIC_KEY_SIZE;
net_pack_u64(&data[packed_len], sanctions[i].time_set);
packed_len += TIME_STAMP_SIZE;
const uint8_t sanctions_type = sanctions[i].type;
if (sanctions_type == SA_OBSERVER) {
if (packed_len + ENC_PUBLIC_KEY_SIZE > length) {
return -1;
}
memcpy(&data[packed_len], sanctions[i].target_public_enc_key, ENC_PUBLIC_KEY_SIZE);
packed_len += ENC_PUBLIC_KEY_SIZE;
} else {
return -1;
}
if (packed_len + SIGNATURE_SIZE > length) {
return -1;
}
/* Signature must be packed last */
memcpy(&data[packed_len], sanctions[i].signature, SIGNATURE_SIZE);
packed_len += SIGNATURE_SIZE;
}
if (creds == nullptr) {
return packed_len;
}
if (length < packed_len || length - packed_len < MOD_SANCTIONS_CREDS_SIZE) {
return -1;
}
const uint16_t cred_len = sanctions_creds_pack(creds, &data[packed_len]);
if (cred_len != MOD_SANCTIONS_CREDS_SIZE) {
return -1;
}
return packed_len + cred_len;
}
uint16_t sanctions_creds_unpack(Mod_Sanction_Creds *creds, const uint8_t *data)
{
uint16_t len_processed = 0;
net_unpack_u32(&data[len_processed], &creds->version);
len_processed += sizeof(uint32_t);
memcpy(creds->hash, &data[len_processed], MOD_SANCTION_HASH_SIZE);
len_processed += MOD_SANCTION_HASH_SIZE;
net_unpack_u16(&data[len_processed], &creds->checksum);
len_processed += sizeof(uint16_t);
memcpy(creds->sig_pk, &data[len_processed], SIG_PUBLIC_KEY_SIZE);
len_processed += SIG_PUBLIC_KEY_SIZE;
memcpy(creds->sig, &data[len_processed], SIGNATURE_SIZE);
len_processed += SIGNATURE_SIZE;
return len_processed;
}
int sanctions_list_unpack(Mod_Sanction *sanctions, Mod_Sanction_Creds *creds, uint16_t max_sanctions,
const uint8_t *data, uint16_t length, uint16_t *processed_data_len)
{
uint16_t num = 0;
uint16_t len_processed = 0;
while (num < max_sanctions && num < MOD_MAX_NUM_SANCTIONS && len_processed < length) {
if (len_processed + sizeof(uint8_t) + SIG_PUBLIC_KEY_SIZE + TIME_STAMP_SIZE > length) {
return -1;
}
memcpy(&sanctions[num].type, &data[len_processed], sizeof(uint8_t));
len_processed += sizeof(uint8_t);
memcpy(sanctions[num].setter_public_sig_key, &data[len_processed], SIG_PUBLIC_KEY_SIZE);
len_processed += SIG_PUBLIC_KEY_SIZE;
net_unpack_u64(&data[len_processed], &sanctions[num].time_set);
len_processed += TIME_STAMP_SIZE;
if (sanctions[num].type == SA_OBSERVER) {
if (len_processed + ENC_PUBLIC_KEY_SIZE > length) {
return -1;
}
memcpy(sanctions[num].target_public_enc_key, &data[len_processed], ENC_PUBLIC_KEY_SIZE);
len_processed += ENC_PUBLIC_KEY_SIZE;
} else {
return -1;
}
if (len_processed + SIGNATURE_SIZE > length) {
return -1;
}
memcpy(sanctions[num].signature, &data[len_processed], SIGNATURE_SIZE);
len_processed += SIGNATURE_SIZE;
++num;
}
if (length <= len_processed || length - len_processed < MOD_SANCTIONS_CREDS_SIZE) {
if (length != len_processed) {
return -1;
}
if (processed_data_len != nullptr) {
*processed_data_len = len_processed;
}
return num;
}
const uint16_t creds_len = sanctions_creds_unpack(creds, &data[len_processed]);
if (creds_len != MOD_SANCTIONS_CREDS_SIZE) {
return -1;
}
if (processed_data_len != nullptr) {
*processed_data_len = len_processed + creds_len;
}
return num;
}
/** @brief Creates a new sanction list hash and puts it in hash.
*
* The hash is derived from the signature of all entries plus the version number.
* hash must have room for at least MOD_SANCTION_HASH_SIZE bytes.
*
* If num_sanctions is 0 the hash is zeroed.
*
* Return true on success.
*/
non_null(4) nullable(1)
static bool sanctions_list_make_hash(const Mod_Sanction *sanctions, uint32_t new_version, uint16_t num_sanctions,
uint8_t *hash)
{
if (num_sanctions == 0 || sanctions == nullptr) {
memzero(hash, MOD_SANCTION_HASH_SIZE);
return true;
}
const size_t sig_data_size = num_sanctions * SIGNATURE_SIZE;
const size_t data_buf_size = sig_data_size + sizeof(uint32_t);
// check for integer overflower
if (data_buf_size < num_sanctions) {
return false;
}
uint8_t *data = (uint8_t *)malloc(data_buf_size);
if (data == nullptr) {
return false;
}
for (uint16_t i = 0; i < num_sanctions; ++i) {
memcpy(&data[i * SIGNATURE_SIZE], sanctions[i].signature, SIGNATURE_SIZE);
}
memcpy(&data[sig_data_size], &new_version, sizeof(uint32_t));
crypto_sha256(hash, data, data_buf_size);
free(data);
return true;
}
/** @brief Verifies that sanction contains valid info and was assigned by a current mod or group founder.
*
* Returns true on success.
*/
non_null()
static bool sanctions_list_validate_entry(const Moderation *moderation, const Mod_Sanction *sanction)
{
if (!mod_list_verify_sig_pk(moderation, sanction->setter_public_sig_key)) {
return false;
}
if (sanction->type >= SA_INVALID) {
return false;
}
if (sanction->time_set == 0) {
return false;
}
uint8_t packed_data[MOD_SANCTION_PACKED_SIZE];
const int packed_len = sanctions_list_pack(packed_data, sizeof(packed_data), sanction, 1, nullptr);
if (packed_len <= SIGNATURE_SIZE) {
return false;
}
return crypto_signature_verify(sanction->signature, packed_data, packed_len - SIGNATURE_SIZE,
sanction->setter_public_sig_key);
}
non_null()
static uint16_t sanctions_creds_get_checksum(const Mod_Sanction_Creds *creds)
{
return data_checksum(creds->hash, sizeof(creds->hash));
}
non_null()
static void sanctions_creds_set_checksum(Mod_Sanction_Creds *creds)
{
creds->checksum = sanctions_creds_get_checksum(creds);
}
bool sanctions_list_make_creds(Moderation *moderation)
{
const Mod_Sanction_Creds old_creds = moderation->sanctions_creds;
++moderation->sanctions_creds.version;
memcpy(moderation->sanctions_creds.sig_pk, moderation->self_public_sig_key, SIG_PUBLIC_KEY_SIZE);
uint8_t hash[MOD_SANCTION_HASH_SIZE];
if (!sanctions_list_make_hash(moderation->sanctions, moderation->sanctions_creds.version,
moderation->num_sanctions, hash)) {
moderation->sanctions_creds = old_creds;
return false;
}
memcpy(moderation->sanctions_creds.hash, hash, MOD_SANCTION_HASH_SIZE);
sanctions_creds_set_checksum(&moderation->sanctions_creds);
if (!crypto_signature_create(moderation->sanctions_creds.sig, moderation->sanctions_creds.hash,
MOD_SANCTION_HASH_SIZE, moderation->self_secret_sig_key)) {
moderation->sanctions_creds = old_creds;
return false;
}
return true;
}
/** @brief Validates sanction list credentials.
*
* Verifies that:
* - the public signature key belongs to a mod or the founder
* - the signature for the hash was made by the owner of the public signature key.
* - the received hash matches our own hash of the new sanctions list
* - the received checksum matches the received hash
* - the new version is >= our current version
*
* Returns true on success.
*/
non_null(1, 3) nullable(2)
static bool sanctions_creds_validate(const Moderation *moderation, const Mod_Sanction *sanctions,
const Mod_Sanction_Creds *creds, uint16_t num_sanctions)
{
if (!mod_list_verify_sig_pk(moderation, creds->sig_pk)) {
LOGGER_WARNING(moderation->log, "Invalid credentials signature pk");
return false;
}
uint8_t hash[MOD_SANCTION_HASH_SIZE];
if (!sanctions_list_make_hash(sanctions, creds->version, num_sanctions, hash)) {
return false;
}
if (memcmp(hash, creds->hash, MOD_SANCTION_HASH_SIZE) != 0) {
LOGGER_WARNING(moderation->log, "Invalid credentials hash");
return false;
}
if (creds->checksum != sanctions_creds_get_checksum(creds)) {
LOGGER_WARNING(moderation->log, "Invalid credentials checksum");
return false;
}
if (moderation->shared_state_version > 0) {
if ((creds->version < moderation->sanctions_creds.version)
&& !(creds->version == 0 && moderation->sanctions_creds.version == UINT32_MAX)) {
LOGGER_WARNING(moderation->log, "Invalid version");
return false;
}
}
if (!crypto_signature_verify(creds->sig, hash, MOD_SANCTION_HASH_SIZE, creds->sig_pk)) {
LOGGER_WARNING(moderation->log, "Invalid signature");
return false;
}
return true;
}
bool sanctions_list_check_integrity(const Moderation *moderation, const Mod_Sanction_Creds *creds,
const Mod_Sanction *sanctions, uint16_t num_sanctions)
{
for (uint16_t i = 0; i < num_sanctions; ++i) {
if (!sanctions_list_validate_entry(moderation, &sanctions[i])) {
LOGGER_WARNING(moderation->log, "Invalid entry");
return false;
}
}
return sanctions_creds_validate(moderation, sanctions, creds, num_sanctions);
}
/** @brief Validates a sanctions list if credentials are supplied. If successful,
* or if no credentials are supplied, assigns new sanctions list and credentials
* to moderation object.
*
* @param moderation The moderation object being operated on.
* @param new_sanctions The sanctions list to validate and assign to moderation object.
* @param new_creds The new sanctions credentials to be assigned to moderation object.
* @param num_sanctions The number of sanctions in the sanctions list.
*
* @retval false if sanctions credentials validation fails.
*/
non_null(1, 2) nullable(3)
static bool sanctions_apply_new(Moderation *moderation, Mod_Sanction *new_sanctions,
const Mod_Sanction_Creds *new_creds,
uint16_t num_sanctions)
{
if (new_creds != nullptr) {
if (!sanctions_creds_validate(moderation, new_sanctions, new_creds, num_sanctions)) {
LOGGER_WARNING(moderation->log, "Failed to validate credentials");
return false;
}
moderation->sanctions_creds = *new_creds;
}
sanctions_list_cleanup(moderation);
moderation->sanctions = new_sanctions;
moderation->num_sanctions = num_sanctions;
return true;
}
/** @brief Returns a copy of the sanctions list. The caller is responsible for freeing the
* memory returned by this function.
*/
non_null()
static Mod_Sanction *sanctions_list_copy(const Mod_Sanction *sanctions, uint16_t num_sanctions)
{
Mod_Sanction *copy = (Mod_Sanction *)calloc(num_sanctions, sizeof(Mod_Sanction));
if (copy == nullptr) {
return nullptr;
}
memcpy(copy, sanctions, num_sanctions * sizeof(Mod_Sanction));
return copy;
}
/** @brief Removes index-th sanction list entry.
*
* New credentials will be validated if creds is non-null.
*
* Returns true on success.
*/
non_null(1) nullable(3)
static bool sanctions_list_remove_index(Moderation *moderation, uint16_t index, const Mod_Sanction_Creds *creds)
{
if (index >= moderation->num_sanctions) {
return false;
}
const uint16_t new_num = moderation->num_sanctions - 1;
if (new_num == 0) {
if (creds != nullptr) {
if (!sanctions_creds_validate(moderation, nullptr, creds, 0)) {
return false;
}
moderation->sanctions_creds = *creds;
}
sanctions_list_cleanup(moderation);
return true;
}
/* Operate on a copy of the list in case something goes wrong. */
Mod_Sanction *sanctions_copy = sanctions_list_copy(moderation->sanctions, moderation->num_sanctions);
if (sanctions_copy == nullptr) {
return false;
}
if (index != new_num) {
sanctions_copy[index] = sanctions_copy[new_num];
}
Mod_Sanction *new_list = (Mod_Sanction *)realloc(sanctions_copy, new_num * sizeof(Mod_Sanction));
if (new_list == nullptr) {
free(sanctions_copy);
return false;
}
if (!sanctions_apply_new(moderation, new_list, creds, new_num)) {
free(new_list);
return false;
}
return true;
}
bool sanctions_list_remove_observer(Moderation *moderation, const uint8_t *public_key,
const Mod_Sanction_Creds *creds)
{
for (uint16_t i = 0; i < moderation->num_sanctions; ++i) {
const Mod_Sanction *curr_sanction = &moderation->sanctions[i];
if (curr_sanction->type != SA_OBSERVER) {
continue;
}
if (memcmp(public_key, curr_sanction->target_public_enc_key, ENC_PUBLIC_KEY_SIZE) == 0) {
if (!sanctions_list_remove_index(moderation, i, creds)) {
return false;
}
if (creds == nullptr) {
return sanctions_list_make_creds(moderation);
}
return true;
}
}
return false;
}
bool sanctions_list_is_observer(const Moderation *moderation, const uint8_t *public_key)
{
for (uint16_t i = 0; i < moderation->num_sanctions; ++i) {
const Mod_Sanction *curr_sanction = &moderation->sanctions[i];
if (curr_sanction->type != SA_OBSERVER) {
continue;
}
if (memcmp(curr_sanction->target_public_enc_key, public_key, ENC_PUBLIC_KEY_SIZE) == 0) {
return true;
}
}
return false;
}
bool sanctions_list_entry_exists(const Moderation *moderation, const Mod_Sanction *sanction)
{
if (sanction->type == SA_OBSERVER) {
return sanctions_list_is_observer(moderation, sanction->target_public_enc_key);
}
return false;
}
bool sanctions_list_add_entry(Moderation *moderation, const Mod_Sanction *sanction, const Mod_Sanction_Creds *creds)
{
if (moderation->num_sanctions >= MOD_MAX_NUM_SANCTIONS) {
LOGGER_WARNING(moderation->log, "num_sanctions %d exceeds maximum", moderation->num_sanctions);
return false;
}
if (!sanctions_list_validate_entry(moderation, sanction)) {
LOGGER_ERROR(moderation->log, "Failed to validate sanction");
return false;
}
if (sanctions_list_entry_exists(moderation, sanction)) {
LOGGER_WARNING(moderation->log, "Attempted to add duplicate sanction");
return false;
}
/* Operate on a copy of the list in case something goes wrong. */
Mod_Sanction *sanctions_copy = nullptr;
if (moderation->num_sanctions > 0) {
sanctions_copy = sanctions_list_copy(moderation->sanctions, moderation->num_sanctions);
if (sanctions_copy == nullptr) {
return false;
}
}
const uint16_t index = moderation->num_sanctions;
Mod_Sanction *new_list = (Mod_Sanction *)realloc(sanctions_copy, (index + 1) * sizeof(Mod_Sanction));
if (new_list == nullptr) {
free(sanctions_copy);
return false;
}
new_list[index] = *sanction;
if (!sanctions_apply_new(moderation, new_list, creds, index + 1)) {
free(new_list);
return false;
}
return true;
}
/** @brief Signs packed sanction data.
*
* This function must be called by the owner of the entry's public_sig_key.
*
* Returns true on success.
*/
non_null()
static bool sanctions_list_sign_entry(const Moderation *moderation, Mod_Sanction *sanction)
{
uint8_t packed_data[MOD_SANCTION_PACKED_SIZE];
const int packed_len = sanctions_list_pack(packed_data, sizeof(packed_data), sanction, 1, nullptr);
if (packed_len <= SIGNATURE_SIZE) {
LOGGER_ERROR(moderation->log, "Failed to pack sanctions list: %d", packed_len);
return false;
}
return crypto_signature_create(sanction->signature, packed_data, packed_len - SIGNATURE_SIZE,
moderation->self_secret_sig_key);
}
bool sanctions_list_make_entry(Moderation *moderation, const uint8_t *public_key, Mod_Sanction *sanction,
uint8_t type)
{
*sanction = (Mod_Sanction) {
0
};
if (type == SA_OBSERVER) {
memcpy(sanction->target_public_enc_key, public_key, ENC_PUBLIC_KEY_SIZE);
} else {
LOGGER_ERROR(moderation->log, "Tried to create sanction with invalid type: %u", type);
return false;
}
memcpy(sanction->setter_public_sig_key, moderation->self_public_sig_key, SIG_PUBLIC_KEY_SIZE);
sanction->time_set = (uint64_t)time(nullptr);
sanction->type = type;
if (!sanctions_list_sign_entry(moderation, sanction)) {
LOGGER_ERROR(moderation->log, "Failed to sign sanction");
return false;
}
if (!sanctions_list_add_entry(moderation, sanction, nullptr)) {
return false;
}
if (!sanctions_list_make_creds(moderation)) {
LOGGER_ERROR(moderation->log, "Failed to make credentials for new sanction");
return false;
}
return true;
}
uint16_t sanctions_list_replace_sig(Moderation *moderation, const uint8_t *public_sig_key)
{
uint16_t count = 0;
for (uint16_t i = 0; i < moderation->num_sanctions; ++i) {
if (memcmp(moderation->sanctions[i].setter_public_sig_key, public_sig_key, SIG_PUBLIC_KEY_SIZE) != 0) {
continue;
}
memcpy(moderation->sanctions[i].setter_public_sig_key, moderation->self_public_sig_key, SIG_PUBLIC_KEY_SIZE);
if (!sanctions_list_sign_entry(moderation, &moderation->sanctions[i])) {
LOGGER_ERROR(moderation->log, "Failed to sign sanction");
continue;
}
++count;
}
if (count > 0) {
if (!sanctions_list_make_creds(moderation)) {
return 0;
}
}
return count;
}
void sanctions_list_cleanup(Moderation *moderation)
{
free(moderation->sanctions);
moderation->sanctions = nullptr;
moderation->num_sanctions = 0;
}