add peer ID editor; implement support in the peer lookup and FNE to validate whether or not a peer can perform a encryption key request;

Author: gatekeep

CMakeLists.txt

@@ -298,6 +298,7 @@ if (NOT TARGET strip)
                     COMMAND arm-linux-gnueabihf-strip -s dvmmon
                     COMMAND arm-linux-gnueabihf-strip -s sysview
                     COMMAND arm-linux-gnueabihf-strip -s tged
+                    COMMAND arm-linux-gnueabihf-strip -s peered
                     COMMAND arm-linux-gnueabihf-strip -s dvmbridge)
         else()
             add_custom_target(strip
@@ -315,6 +316,7 @@ if (NOT TARGET strip)
                 COMMAND aarch64-linux-gnu-strip -s dvmmon
                 COMMAND aarch64-linux-gnu-strip -s sysview
                 COMMAND aarch64-linux-gnu-strip -s tged
+                COMMAND aarch64-linux-gnu-strip -s peered
                 COMMAND aarch64-linux-gnu-strip -s dvmbridge)
         else()
             add_custom_target(strip
@@ -346,6 +348,7 @@ if (NOT TARGET strip)
                 COMMAND strip -s dvmmon
                 COMMAND strip -s sysview
                 COMMAND strip -s tged
+                COMMAND strip -s peered
                 COMMAND strip -s dvmbridge)
         else()
             add_custom_target(strip
@@ -379,6 +382,7 @@ if (NOT TARGET tarball)
             COMMAND cp -v dvmmon ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v sysview ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v tged ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
+            COMMAND cp -v peered ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v dvmfne ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v dvmbridge ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp ${CMAKE_SOURCE_DIR}/tools/*.sh ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm
@@ -457,6 +461,7 @@ if (NOT TARGET tarball_notools)
             COMMAND cp -v dvmmon ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v sysview ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v tged ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
+            COMMAND cp -v peered ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v dvmfne ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v dvmbridge ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm/bin
             COMMAND cp -v ${CMAKE_SOURCE_DIR}/configs/*.yml ${CMAKE_INSTALL_PREFIX_TARBALL}/dvm
@@ -532,6 +537,7 @@ add_custom_target(old_install
     COMMAND install -m 755 dvmmon ${CMAKE_LEGACY_INSTALL_PREFIX}/bin
     COMMAND install -m 755 sysview ${CMAKE_LEGACY_INSTALL_PREFIX}/bin
     COMMAND install -m 755 tged ${CMAKE_LEGACY_INSTALL_PREFIX}/bin
+    COMMAND install -m 755 peered ${CMAKE_LEGACY_INSTALL_PREFIX}/bin
     COMMAND install -m 755 dvmfne ${CMAKE_LEGACY_INSTALL_PREFIX}/bin
     COMMAND install -m 755 dvmbridge ${CMAKE_LEGACY_INSTALL_PREFIX}/bin
     COMMAND install -m 644 ${CMAKE_SOURCE_DIR}/configs/config.example.yml ${CMAKE_LEGACY_INSTALL_PREFIX}/config.example.yml

configs/peer_list.example.dat

@@ -1,9 +1,9 @@
 #
 # This file sets the valid peer IDs allowed on a FNE.
 #
-# Entry Format: "Peer ID,Peer Password,Peer Link (1 = Enabled / 0 = Disabled),Peer Alias (optional),<newline>"
-#1234,,0,
-#5678,MYSECUREPASSWORD,0,
-#9876,MYSECUREPASSWORD,1,
-#5432,MYSECUREPASSWORD,,Peer Alias 1,
-#1012,MYSECUREPASSWORD,1,Peer Alias 2,
+# Entry Format: "Peer ID,Peer Password,Peer Link (1 = Enabled / 0 = Disabled),Peer Alias (optional),Can Request Keys (1 = Enabled / 0 = Disabled),<newline>"
+#1234,,0,,1,
+#5678,MYSECUREPASSWORD,0,,0,
+#9876,MYSECUREPASSWORD,1,,0,
+#5432,MYSECUREPASSWORD,,Peer Alias 1,0,
+#1012,MYSECUREPASSWORD,1,Peer Alias 2,1,

src/CMakeLists.txt

@@ -113,6 +113,16 @@ if (ENABLE_TUI_SUPPORT AND (NOT DISABLE_TUI_APPS))
     target_include_directories(tged PRIVATE ${OPENSSL_INCLUDE_DIR} websocketpp src src/host src/tged)
 endif (ENABLE_TUI_SUPPORT AND (NOT DISABLE_TUI_APPS))
 
+#
+## peered
+#
+if (ENABLE_TUI_SUPPORT AND (NOT DISABLE_TUI_APPS))
+    include(src/peered/CMakeLists.txt)
+    add_executable(peered ${common_INCLUDE} ${peered_SRC})
+    target_link_libraries(peered PRIVATE common ${OPENSSL_LIBRARIES} asio::asio finalcut Threads::Threads)
+    target_include_directories(peered PRIVATE ${OPENSSL_INCLUDE_DIR} websocketpp src src/host src/peered)
+endif (ENABLE_TUI_SUPPORT AND (NOT DISABLE_TUI_APPS))
+
 #
 ## dvmcmd
 #

src/common/lookups/PeerListLookup.cpp

@@ -5,7 +5,7 @@
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  *  Copyright (C) 2016 Jonathan Naylor, G4KLX
- *  Copyright (C) 2017-2022,2024 Bryan Biedenkapp, N2PLL
+ *  Copyright (C) 2017-2022,2024,2025 Bryan Biedenkapp, N2PLL
  *  Copyright (c) 2024 Patrick McDonnell, W3AXL
  *  Copyright (c) 2024 Caleb, KO4UYJ
  *
@@ -46,16 +46,16 @@ void PeerListLookup::clear()
 
 /* Adds a new entry to the list. */
 
-void PeerListLookup::addEntry(uint32_t id, const std::string& alias, const std::string& password, bool peerLink)
+void PeerListLookup::addEntry(uint32_t id, const std::string& alias, const std::string& password, bool peerLink, bool canRequestKeys)
 {
-    PeerId entry = PeerId(id, alias, password, peerLink, false);
+    PeerId entry = PeerId(id, alias, password, peerLink, canRequestKeys, false);
 
     std::lock_guard<std::mutex> lock(m_mutex);
     try {
         PeerId _entry = m_table.at(id);
         // if either the alias or the enabled flag doesn't match, update the entry
         if (_entry.peerId() == id) {
-            _entry = PeerId(id, alias, password, peerLink, false);
+            _entry = PeerId(id, alias, password, peerLink, canRequestKeys, false);
             m_table[id] = _entry;
         }
     } catch (...) {
@@ -87,7 +87,7 @@ PeerId PeerListLookup::find(uint32_t id)
     try {
         entry = m_table.at(id);
     } catch (...) {
-        entry = PeerId(0U, "", "", false, true);
+        entry = PeerId(0U, "", "", false, false, true);
     }
 
     return entry;
@@ -226,19 +226,25 @@ bool PeerListLookup::load()
             if (parsed.size() >= 3)
                 peerLink = ::atoi(parsed[2].c_str()) == 1;
 
+            // Parse can request keys flag
+            bool canRequestKeys = false;
+            if (parsed.size() >= 5)
+                canRequestKeys = ::atoi(parsed[4].c_str()) == 1;
+
             // Parse optional password
             std::string password = "";
             if (parsed.size() >= 2)
                 password = parsed[1].c_str();
 
             // Load into table
-            m_table[id] = PeerId(id, alias, password, peerLink, false);
+            m_table[id] = PeerId(id, alias, password, peerLink, canRequestKeys, false);
 
             // Log depending on what was loaded
             LogMessage(LOG_HOST, "Loaded peer ID %u%s into peer ID lookup table, %s%s", id,
                 (!alias.empty() ? (" (" + alias + ")").c_str() : ""),
                 (!password.empty() ? "using unique peer password" : "using master password"),
-                (peerLink) ? ", Peer-Link Enabled" : "");
+                (peerLink) ? ", Peer-Link Enabled" : "",
+                (canRequestKeys) ? ", Can Request Keys" : "");
         }
     }
 
@@ -299,6 +305,15 @@ bool PeerListLookup::save()
         if (alias.length() > 0) {
             line += alias;
             line += ",";
+        } else {
+            line += ",";
+        }
+        // Add canRequestKeys flag
+        bool canRequestKeys = entry.second.canRequestKeys();
+        if (canRequestKeys) {
+            line += "1,";
+        } else {
+            line += "0,";
         }
         // Add the newline
         line += "\n";

src/common/lookups/PeerListLookup.h

@@ -5,7 +5,7 @@
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  *  Copyright (C) 2016 Jonathan Naylor, G4KLX
- *  Copyright (C) 2017-2022,2024 Bryan Biedenkapp, N2PLL
+ *  Copyright (C) 2017-2022,2024,2025 Bryan Biedenkapp, N2PLL
  *  Copyright (c) 2024 Patrick McDonnell, W3AXL
  *  Copyright (c) 2024 Caleb, KO4UYJ
  *
@@ -50,6 +50,7 @@ namespace lookups
             m_peerAlias(),
             m_peerPassword(),
             m_peerLink(false),
+            m_canRequestKeys(false),
             m_peerDefault(false)
         {
             /* stub */
@@ -60,13 +61,16 @@ namespace lookups
          * @param peerAlias Peer alias
          * @param peerPassword Per Peer Password.
          * @param sendConfiguration Flag indicating this peer participates in peer link and should be sent configuration.
+         * @param peerLink lag indicating if the peer participates in peer link and should be sent configuration.
+         * @param canRequestKeys Flag indicating if the peer can request encryption keys.
          * @param peerDefault Flag indicating this is a "default" (i.e. undefined) peer.
          */
-        PeerId(uint32_t peerId, const std::string& peerAlias, const std::string& peerPassword, bool peerLink, bool peerDefault) :
+        PeerId(uint32_t peerId, const std::string& peerAlias, const std::string& peerPassword, bool peerLink, bool canRequestKeys, bool peerDefault) :
             m_peerId(peerId),
             m_peerAlias(peerAlias),
             m_peerPassword(peerPassword),
             m_peerLink(peerLink),
+            m_canRequestKeys(canRequestKeys),
             m_peerDefault(peerDefault)
         {
             /* stub */
@@ -83,6 +87,7 @@ namespace lookups
                 m_peerAlias = data.m_peerAlias;
                 m_peerPassword = data.m_peerPassword;
                 m_peerLink = data.m_peerLink;
+                m_canRequestKeys = data.m_canRequestKeys;
                 m_peerDefault = data.m_peerDefault;
             }
 
@@ -95,14 +100,17 @@ namespace lookups
          * @param peerAlias Peer Alias
          * @param peerPassword Per Peer Password.
          * @param sendConfiguration Flag indicating this peer participates in peer link and should be sent configuration.
+         * @param peerLink lag indicating if the peer participates in peer link and should be sent configuration.
+         * @param canRequestKeys Flag indicating if the peer can request encryption keys.
          * @param peerDefault Flag indicating this is a "default" (i.e. undefined) peer.
          */
-        void set(uint32_t peerId, const std::string& peerAlias, const std::string& peerPassword, bool peerLink, bool peerDefault)
+        void set(uint32_t peerId, const std::string& peerAlias, const std::string& peerPassword, bool peerLink, bool canRequestKeys, bool peerDefault)
         {
             m_peerId = peerId;
             m_peerAlias = peerAlias;
             m_peerPassword =  peerPassword;
             m_peerLink = peerLink;
+            m_canRequestKeys = canRequestKeys;
             m_peerDefault = peerDefault;
         }
 
@@ -123,6 +131,10 @@ namespace lookups
          * @brief Flag indicating if the peer participates in peer link and should be sent configuration.
          */
         __PROPERTY_PLAIN(bool, peerLink);
+        /**
+         * @brief Flag indicating if the peer can request encryption keys.
+         */
+        __PROPERTY_PLAIN(bool, canRequestKeys);
         /**
          * @brief Flag indicating if the peer is default.
          */
@@ -166,8 +178,9 @@ namespace lookups
          * @param peerId Unique peer ID to add.
          * @param password Per Peer Password.
          * @param peerLink Flag indicating this peer will participate in peer link and should be sent configuration.
+         * @param canRequestKeys Flag indicating if the peer can request encryption keys.
          */
-        void addEntry(uint32_t id, const std::string& alias = "", const std::string& password = "", bool peerLink = false);
+        void addEntry(uint32_t id, const std::string& alias = "", const std::string& password = "", bool peerLink = false, bool canRequestKeys = false);
         /**
          * @brief Removes an existing entry from the list.
          * @param peerId Unique peer ID to remove.

src/fne/network/FNENetwork.cpp

@@ -1102,6 +1102,19 @@ void* FNENetwork::threadedNetworkRx(void* arg)
 
                             // validate peer (simple validation really)
                             if (connection->connected() && connection->address() == ip) {
+                                // is this peer allowed to request keys?
+                                if (network->m_peerListLookup->getACL()) {
+                                    if (network->m_peerListLookup->getMode() == lookups::PeerListLookup::WHITELIST) {
+                                        lookups::PeerId peerEntry = network->m_peerListLookup->find(peerId);
+                                        if (peerEntry.peerDefault()) {
+                                            break;
+                                        } else {
+                                            if (!peerEntry.canRequestKeys())
+                                                break;
+                                        }
+                                    }
+                                }
+
                                 std::unique_ptr<KMMFrame> frame = KMMFactory::create(req->buffer + 11U);
                                 if (frame == nullptr) {
                                     LogWarning(LOG_NET, "PEER %u (%s), undecodable KMM frame from peer", peerId, connection->identity().c_str());

src/peered/CMakeLists.txt

@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#/*
+# * Digital Voice Modem - Peer ID Editor
+# * GPLv2 Open Source. Use is subject to license terms.
+# * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+# *
+# *  Copyright (C) 2024 Bryan Biedenkapp, N2PLL
+# *
+# */
+file(GLOB peered_SRC
+    "src/peered/*.h"
+    "src/peered/*.cpp"
+)