implement signing

- implement entry signing - allow passing subdirectory in wine prefix - implement non-recursive scanning
rcpoison · Oct 6, 2018 · adeb21c · adeb21c
2 parents a75e631 + 515c143
commit adeb21c
Show file tree

Hide file tree

Showing 57 changed files with 4,195 additions and 100 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ This only works for regular wine prefixes, as steam/proton does it's own thing,
 
 Client:
 - Fetches missing DxvkStateCacheEntry's and patches the .dxvk-cache.
-- Submits local DxvkStateCacheEntry's not present on server.
+- Submits DxvkStateCacheEntry's generated locally since the last run.
 
 Server:
 - Centralized storage. Provides REST interface to access caches.
@@ -44,16 +44,27 @@ Both client and server require Java >= 8.
 
 ```bash
 $ ./dxvk-cache-client -h
-usage: dvxk-cache-client  directory... [-h] [--host <url>]
-       [--verbose]
- -h,--help            show this help
-    --host <url>      Server URL
-    --verbose         verbose output
+usage: dvxk-cache-client  directory... [--download-verified] [-h] [--host
+       <url>] [--init-keys] [--min-signatures <count>] [--non-recursive]
+       [--only-verified] [--verbose]
+    --download-verified        Download verified public keys and
+                               associated verification data
+ -h,--help                     show this help
+    --host <url>               Server URL
+    --init-keys                Ensure keys exist and exit
+    --min-signatures <count>   Minimum required signatures to download a
+                               cache entry
+    --non-recursive            Do not scan direcories recursively
+    --only-verified            Only download entries from verified
+                               uploaders
+    --verbose                  Verbose output
 ```
 
 #### Environment
 
-For wine to use the shared caches you should set DXVK_STATE_CACHE_PATH as a variable and point it to `c:/dxvk-cache-pool`.
+For wine to use the shared caches you should set DXVK_STATE_CACHE_PATH as a variable and point it to either:
+- `$XDG_CACHE_HOME/dxvk-cache-pool` will work for most people
+- or `c:/dxvk-cache-pool` if you did sandbox your wine prefix (`winetricks sandbox`) as in that case wine can't access your home directory. You need to run `dxvk-cache-client` against all your wine prefixes in this case.
 
 It doesn't affect steam/proton, proton is doing it's own thing and overrides that variable.
 
@@ -64,9 +75,6 @@ Set it up globally.
 
 See [dxvk-cache-pool.sh](dxvk-cache-pool.sh) for an example you can put directly into `/etc/profile.d/`. The arch package already includes it.
 
-Warning: in this case you need to run the client against all your wine prefixes,
-otherwise the symlinks to the cache directory will be missing and DXVK won't be able to open/create a cache file.
-
 
 ##### The hard way
 
@@ -77,7 +85,7 @@ You can probably configure it in Lutris for the wine prefix you want to use or c
 
 ##### Why this is necessary
 
-The client will create a symlink inside each wine prefix it encounters when scanning from drive_c/dxvk-cache-pool to $XDG_CACHE_HOME/dxvk-cache-pool.
+The client will create a symlink inside each wine prefix it encounters when scanning from `drive_c/dxvk-cache-pool` to `$XDG_CACHE_HOME/dxvk-cache-pool`.
 
 All caches will be written to $XDG_CACHE_HOME/dxvk-cache-pool, 
 so if your wine prefix is missing that symlink or the DXVK_STATE_CACHE_PATH isn't set DXVK won't find the cache.
@@ -118,6 +126,29 @@ usage: dvxk-cache-server [-h] [--port <port>] [--storage <path>]
     --versions <version>   DXVK state cache versions to accept
 ```
 
+## Security
+
+All state cache entries are signed.
+
+
+### Submission
+
+The client will automatically generate a key pair on the first run.
+Every entry uploaded by the client will be signed with your public key.
+The signature for each entry is validated on the server and kept for every uploader.
+
+
+### Download
+
+The user decides on the desired level of security.
+By default only cache entries with more than two signature will be downloaded.
+You can opt to only download cache entries which are signed by verified users (`--only-verified`).
+
+### Becoming a verified user
+
+See [Verification](Verification.md).
+
+
 ## Implementation problems
 
 ### Identifying a game
@@ -130,10 +161,5 @@ Possible Solutions:
 - ~~Exe name plus parent directory.~~ ~~Still suboptimal but right now what I opted for. Assumes users don't go around changing the installation folder name. Should work well for Steam.~~
 
 
-### Security
-
-There is none.
 
-- Anybody can submit entries. Nothing prevents cache poisoning. Even authentication and a network of trust would be of little help as:
-- Currently there is no way to validate the DxvkStateCacheEntry struct and its members. Doing so would be hard to impossible.
 
diff --git a/Verification.md b/Verification.md
@@ -0,0 +1,14 @@
+# Getting verified
+
+For the moment I will verify your keys manually until I've implemented automation for it.
+
+Required from you:
+- Your **public** GPG key in binary format (`gpg --output public.key --export your-key-id`)
+- Your **public** dxvk-cache-pool  key (`$XDG_CONFIG_HOME/dxvk-cache-pool/ec.pub`)
+- A *detached* GPG signature for your dxvk-cache-pool **public** key (`gpg --output ec.pub.sig --detach-sig ec.pub`)
+
+And create a tarball/zip it.
+
+(Or you can just use the [requestVerification.sh](requestVerification.sh) script.)
+
+Either create a ticket and attach your verification information or send it to me by email (rc dot poison at gmail dot com).