carps 0.2.1

data/lib/carps/crypt/mailbox.rb

@@ -0,0 +1,265 @@
+# Copyright 2010 John Morrice
+
+# This file is part of CARPS.
+
+# CARPS is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# CARPS is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with CARPS.  If not, see <http://www.gnu.org/licenses/>.
+
+# This mailbox receives all messages that come in
+
+require "carps/ui/warn"
+
+require "carps/util/process"
+require "carps/util/files"
+
+require "drb"
+
+module CARPS
+
+   # The mailbox's responsibility is in sending messages and securely and robustly receiving them
+   #
+   # It has knowledge is of the public keys of the Mailer s of the remote peers
+   class Mailbox
+
+      include DRbUndumped
+
+      # Create the mailbox from a simple, synchronous mail sender and receiver.
+      #
+      # The third parameter is a MessageParser.
+      #
+      # The fourth parameter is a SessionManager.
+      def initialize sender, receiver, parser, manager
+         @manager = manager 
+         @receiver = receiver
+         @parser = parser
+         @sender = sender
+         @mail = []
+         @peers = {}
+         @secure = false
+         # Semaphore to make sure only one thread can send mail at any one time
+         @ssemaphore = Mutex.new
+         # Semaphore to make sure only one thread can receive mail at any one time 
+         @rsemaphore = Mutex.new
+         # Load mails from the last session
+         load_old_mails
+         # Receive mail
+         receive_forever
+      end
+
+      # Shutdown the mailbox
+      def shutdown
+         @child.kill
+      end
+
+      # Add a new peer
+      def add_peer peer
+         @peers[peer.addr] = peer
+      end
+
+      # Is this already a peer?
+      def peer? peer
+         @peers.member? peer
+      end
+
+      # Send a message
+      def send to, message
+         @ssemaphore.synchronize do
+            @sender.send to, message
+         end
+      end
+
+      # Tag some text
+      def tag text
+         @manager.tag text
+      end
+
+      # Securely read a message.  Block until one occurs.
+      def read type, must_be_from=nil
+         msg = nil
+         until msg
+            msg = search type, must_be_from
+            sleep 1
+         end
+         # Ding!
+         puts "\a"
+         return msg
+      end
+
+      # Check for a new message.  Don't block
+      def check type, must_be_from=nil
+         search type, must_be_from
+      end
+
+      # Insecurely read a message.  Block until one comes.
+      def insecure_read type, must_be_from=nil
+         msg = nil
+         until msg
+            msg = insecure_search type, must_be_from
+            sleep 1
+         end
+         # Ding!
+         puts "\a"
+         return msg
+      end
+
+      # Check for new messages insecurely.  Don't block.
+      def insecure_check type, must_be_from=nil
+         insecure_search type, must_be_from
+      end
+
+      private
+
+      # See if there is an appropriate message in the mail box
+      def search type, must_be_from
+         @rsemaphore.synchronize do
+            @mail.each_index do |index|
+               mail = @mail[index]
+               from = mail.from
+               if secure from
+                  unless @peers[from].verify mail
+                     remove_mail index
+                     next
+                  end
+               end
+               pass = appropriate?(mail, type, must_be_from)
+               if pass
+                  remove_mail index
+                  return mail
+               end
+            end
+            nil
+         end
+      end
+
+      # Was the mail message appropriate?
+      def appropriate? mail, type, must_be_from
+         pass = mail.class == type
+         if must_be_from
+            pass = pass and mail.from == must_be_from
+         end
+         pass and @manager.belong? mail
+      end
+
+      # Remove a mail message
+      def remove_mail index
+         @mail[index].delete
+         @mail.delete_at index
+      end
+
+      # Communication with someone is secure if there is a peer for them
+      def secure addr
+         @peers.member? addr
+      end
+
+      # Insecurely see if there is an appropriate message in the mail box
+      def insecure_search type, must_be_from
+         @rsemaphore.synchronize do
+            @mail.each_index do |index|
+               mail = @mail[index]
+               pass = appropriate?(mail, type, must_be_from)
+               if pass
+                  remove_mail index
+                  return mail
+               end
+            end
+            nil
+         end
+      end
+
+      # Receive new mail
+      def receive_forever
+         @child = Thread.fork do
+            loop do
+               receive_new
+               sleep 1
+            end
+         end
+      end
+
+      # Read new mail messages into the mail box
+      def receive_new
+         mail = @receiver.read
+         mail.each do |blob|
+            decode_mail blob
+         end
+      end
+
+      # Read a new mail message from a blob of text
+      def decode_mail blob, persistence = {:save_mail => true}
+         input = blob
+         who = nil
+
+         begin
+            # Find who sent the message
+            who, blob = find K.addr, blob
+         rescue Expected
+            UI::warn "Mail message did not contain sender.", blob
+            return
+         end
+
+         # Get the security information from the mail
+         delayed_crypt, blob = security_info blob
+
+         # Find the message's session
+         session = nil
+         begin
+            session, blob = find K.session, blob
+         rescue Expected
+            UI::warn "Mail message did not contain session.", blob
+            return
+         end
+
+         # Parse a message
+         msg = @parser.parse blob
+
+         if msg
+            msg.session = session
+            msg.crypt = delayed_crypt
+            msg.from = who 
+            puts "Mail from #{who}: #{msg.class.to_s}"
+            # Save the text we parsed the message from.
+            if persistence[:save_mail] 
+               msg.save input
+            end
+            path = persistence[:path]
+            if path
+               msg.path = path
+            end
+            @rsemaphore.synchronize do
+               @mail.push msg
+            end
+         else
+            UI::warn "Failed to parse message from #{who}"
+         end
+      end
+
+      # Load mails from the last session
+      def load_old_mails
+         old_mails = files $CONFIG + "/.mail"
+         old_mails.each do |fn|
+            blob = nil
+            begin
+               blob = File.read fn
+            rescue StandardError => e
+               UI::put_error "Could not read old message: #{e}"
+            end
+            if blob
+               blob.force_encoding "ASCII-8BIT"
+               decode_mail blob, {:save_mail => false, :path => fn}
+            end
+         end
+      end
+
+   end
+
+end

data/lib/carps/crypt/mailer.rb

@@ -0,0 +1,220 @@
+# Copyright 2010 John Morrice
+
+# This file is part of CARPS.
+
+# CARPS is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# CARPS is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with CARPS.  If not, see <http://www.gnu.org/licenses/>.
+
+
+require "carps/protocol/keyword"
+
+require "carps/ui/warn"
+require "carps/ui/question"
+
+require "carps/util/process"
+require "carps/util/files"
+
+require "carps/crypt/handshake"
+require "carps/crypt/public_key"
+require "carps/crypt/accept_handshake"
+require "carps/crypt/peer"
+
+require "digest/md5"
+
+require "openssl"
+
+module CARPS
+
+   # High level CARPS mail client supporting strong cryptographic message signing.
+   #
+   # It has knowledge of our own public and private key.  Its big responsibility is turning Messages into Strings and signing them.
+   class Mailer
+
+      # Extend protocol for sharing our address
+      protoval :addr  
+
+      # The first parameter is the email address
+      #
+      # The second the Mailbox.
+      def initialize address, mailbox
+         @addr = address
+         @mailbox = mailbox
+         @private_key = get_keys
+         @public_key = @private_key.public_key
+         # Load the old peers
+         load_peers
+      end
+
+      # Perform a handshake to authenticate with a peer
+      def handshake to
+         if @mailbox.peer? to
+            puts "No need for handshake: " + to + " is already a known peer."
+         else
+            puts "Offering cryptographic handshake to #{to}"
+            # Create a new peer
+            peer = Peer.new to
+            @mailbox.add_peer peer
+            # Request a handshake 
+            send to, Handshake.new
+            # Get the peer's key
+            their_key = @mailbox.insecure_read PublicKey, to
+            peer.your_key their_key.key
+            peer.save 
+            # Send our key
+            send to, PublicKey.new(@public_key)
+            # Receive an okay message
+            read AcceptHandshake, to
+            puts "Established spoof-proof communications with #{to}"
+         end
+      end
+
+      # Shutdown the mailer
+      def shutdown
+         @mailbox.shutdown
+      end
+
+      # Check for handshakes
+      def check_handshake
+         @mailbox.insecure_check Handshake
+      end
+
+      # Respond to a handshake request
+      def handle_handshake handshake
+         # Get the peer's address
+         from = handshake.from
+         puts "Receiving handshake request from #{from}."
+         if @mailbox.peer? from
+            UI::warn "Handshake request from #{from} has been dropped because #{from} is already a known peer",  "Possible spoofing attack."
+         else
+            # See if the user accepts the handshake.
+            accept = accept_handshake? from
+            if accept
+               # Send our key to the peer
+               send from, PublicKey.new(@public_key)
+               # Get their key
+               peer_key = @mailbox.insecure_read PublicKey, from
+               # Create a new peer
+               peer = Peer.new from
+               @mailbox.add_peer peer
+               peer.your_key peer_key.key
+               peer.save
+               # Send an okay message
+               send from, AcceptHandshake.new
+               puts "Established spoof-proof communications with #{from}."
+            end
+         end
+      end
+
+      # Give our address to interested parties
+      def address
+         @addr
+      end
+
+      # Send a message
+      def send to, message
+         text = message.emit
+         # The mailbox tags the message with a session key
+         text = @mailbox.tag text
+         # Sign the message
+         digest = Digest::MD5.digest text
+         sig = @private_key.syssign digest
+         mail = (V.addr @addr) + (V.sig sig) + text + K.end
+         @mailbox.send to, mail
+         puts "#{message.class} sent to " + to
+      end
+
+      # Receive a message.  Block until it is here.
+      def read type, must_be_from=nil
+         @mailbox.read type, must_be_from
+      end
+
+      # Check for a message.  Don't block!  Return nil if nothing is available.
+      def check type, must_be_from=nil
+         @mailbox.check type, must_be_from
+      end
+
+      protected
+
+      # Ask the user if they accept the handshake.
+      #
+      # Refactored out for tinkering and automated testing.
+      def accept_handshake? from
+         UI::confirm "Accept handshake from #{from}?"
+      end
+
+
+      private
+
+      # Get cryptographic keys
+      #
+      # If we can't find them, regenerate them
+      def get_keys
+         pkey = OpenSSL::PKey
+         if File.exists? keyfile 
+            begin
+               pem = File.read keyfile
+               return pkey::DSA.new pem
+            rescue
+            end
+         end
+         UI::warn "Could not read cryptographic key from #{keyfile}"
+         return keygen
+      end 
+
+      # The key file
+      def keyfile
+         keyfile = $CONFIG + ".key"
+      end
+
+      # Generate keys
+      def keygen
+         puts "Generating cryptographic keys.  This may take a minute."
+         key = OpenSSL::PKey::DSA.generate 2048
+         begin
+            pri = File.new keyfile, "w"
+            pri.chmod 0600
+            pri.write key.to_pem
+            pri.close
+         rescue
+            UI::warn "Could not save cryptographic keys in #{keyfile}", "They will be regenerated next time CARPS is run."
+         end
+         key
+      end
+
+
+      # Peer directory
+      def peer_dir
+         # Yes, this is strange.  It's to cope with needed to have two mailers at once for testing, which never would normally happen.
+         # In other words, global variables are bad and Haskell is right.
+         unless @peer_dir
+            @peer_dir = $CONFIG + "/.peers/"
+         end
+         @peer_dir
+      end
+
+      # Load previous peers
+      def load_peers
+         peer_file_names = files peer_dir
+         peer_file_names.each do |p|
+            load_peer p
+         end
+      end
+
+      # Load a peer
+      def load_peer peer_file_name
+         peer = Peer.load ".peers/" + File.basename(peer_file_name)
+         @mailbox.add_peer peer
+      end
+
+   end
+end

data/lib/carps/crypt/peer.rb

@@ -0,0 +1,123 @@
+# Copyright 2010 John Morrice
+
+# This file is part of CARPS.
+
+# CARPS is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# CARPS is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with CARPS.  If not, see <http://www.gnu.org/licenses/>.
+
+require "carps/util"
+
+require "carps/ui"
+
+require "carps/protocol/keyword"
+
+require "openssl"
+
+require "yaml"
+
+module CARPS
+
+   # Clean the end of an email
+   #
+   # Strip the last end marker and any text after it 
+   def clean_end blob
+      rb = blob.reverse
+      before, after = rb.split K.end.reverse, 2
+      if after
+         return after.reverse
+      end
+      nil
+   end
+
+   # Fetch security information from an email
+   def security_info blob
+      blob = clean_end blob
+      sig = nil   
+      begin
+         sig, blob = find K.sig, blob
+      rescue
+         UI::warn "Message signature was malformed", blob
+         return nil
+      end
+      # If the digest is the hash of the message and the signature matches the digest then all is well
+      dig = Digest::MD5.digest blob
+      [[sig, dig], blob]
+   end
+
+   # Peers  
+   class Peer < UserConfig
+
+      # Extend protocol for signed data
+      protoval :sig 
+
+      # Create a new peer
+      def initialize addr
+         @addr = addr
+      end
+
+      def addr
+         @addr
+      end
+
+      # Tell this peer its key
+      def your_key key
+         @peer_key = key
+      end
+
+      # Perform a verification on an email
+      def verify mail
+         sig, dig = mail.crypt 
+         begin
+            pass = @peer_key.sysverify dig, sig
+         rescue OpenSSL::PKey::DSAError => e
+            UI::warn "Someone sent you an invalid signature: #{e.message}"
+            return false
+         end
+         if pass
+            return true
+         else
+            UI::warn "Someone has attempted to spoof an email from #{mail.from}", mail.to_s 
+            return false
+         end
+      end
+
+      # Save as YAML file in .peers
+      def save
+         y = emit.to_yaml 
+         begin
+            write_file_in ".peers/", y
+         rescue StandardError => e
+            UI::warn "Could not save Peer in .peers/"
+         end
+      end
+
+      protected
+
+      # Emit this peer as a yaml document
+      def emit
+         {"addr" => @addr, "key" => @peer_key.to_pem}
+      end
+
+      def parse_yaml conf
+         key_pem = read_conf conf, "key"
+         @addr = read_conf conf, "addr"
+         [key_pem]
+      end
+
+      def load_resources key_pem
+         @peer_key = OpenSSL::PKey::DSA.new key_pem
+      end
+
+   end
+
+end

data/lib/carps/crypt/public_key.rb

@@ -0,0 +1,60 @@
+# Copyright 2010 John Morrice
+
+# This file is part of CARPS.
+
+# CARPS is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# CARPS is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with CARPS.  If not, see <http://www.gnu.org/licenses/>.
+
+require "carps/protocol/message"
+require "carps/protocol/keyword"
+
+require "openssl"
+
+module CARPS
+
+   # Transmit public keys over email
+   class PublicKey < Message
+
+      # Extend the protocol for public_keys 
+      protoval "key"
+
+      # Create a new handshake
+      def initialize public_key
+         @public_key = public_key
+      end
+
+      # Parse from text
+      def PublicKey.parse blob
+         key, blob = find K.key, blob
+         pkey = OpenSSL::PKey
+         begin
+            key = pkey::DSA.new key
+            return [PublicKey.new(key), blob]
+         rescue pkey::DSAError
+            raise Expected, "Public key"
+         end
+      end
+
+      # Emit the handshake as text
+      def emit
+         V.key @public_key.to_pem
+      end
+
+      # Share the public key
+      def key
+         @public_key
+      end
+
+   end
+
+end

data/lib/carps/crypt.rb

@@ -0,0 +1,23 @@
+# Copyright 2010 John Morrice
+ 
+# This file is part of CARPS.
+
+# CARPS is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# CARPS is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with CARPS.  If not, see <http://www.gnu.org/licenses/>.
+
+require "carps/crypt/accept_handshake"
+require "carps/crypt/default_messages"
+require "carps/crypt/handshake"
+require "carps/crypt/mailbox"
+require "carps/crypt/mailer"
+require "carps/crypt/public_key"