status-im
/
status-go
mirror of https://github.com/status-im/status-go.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
status-go/services/shhext/chat/encryption.go

637 lines
18 KiB
Go
Raw Normal View History

Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
package chat
import (
"bytes"
"crypto/ecdsa"
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
"encoding/hex"
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
"errors"
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
"fmt"
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
"sync"
"time"
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
ecrypto "github.com/ethereum/go-ethereum/crypto"
"github.com/ethereum/go-ethereum/crypto/ecies"
"github.com/ethereum/go-ethereum/log"
dr "github.com/status-im/doubleratchet"
"github.com/status-im/status-go/services/shhext/chat/crypto"
)
var ErrSessionNotFound = errors.New("session not found")
Notify user when the device is missing (#1298) * Notify user when the device is missing * Update services/shhext/chat/encryption.go Co-Authored-By: cammellos <andrea.maria.piana@gmail.com>
2018-12-05 08:22:49 +00:00
var ErrDeviceNotFound = errors.New("device not found")
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
// If we have no bundles, we use a constant so that the message can reach any device.
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
const noInstallationID = "none"
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
type ConfirmationData struct {
header *dr.MessageHeader
drInfo *RatchetInfo
}
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
// EncryptionService defines a service that is responsible for the encryption aspect of the protocol.
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
type EncryptionService struct {
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
log log.Logger
persistence PersistenceService
config EncryptionServiceConfig
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
messageIDs map[string]*ConfirmationData
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
mutex sync.Mutex
}
type EncryptionServiceConfig struct {
InstallationID string
// Max number of installations we keep synchronized.
MaxInstallations int
// How many consecutive messages can be skipped in the receiving chain.
MaxSkip int
// Any message with seqNo <= currentSeq - maxKeep will be deleted.
MaxKeep int
// How many keys do we store in total per session.
MaxMessageKeysPerSession int
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
// How long before we refresh the interval in milliseconds
BundleRefreshInterval int64
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
type IdentityAndIDPair [2]string
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
// DefaultEncryptionServiceConfig returns the default values used by the encryption service
func DefaultEncryptionServiceConfig(installationID string) EncryptionServiceConfig {
return EncryptionServiceConfig{
Allow multiple bundles, change n devices & bundle refresh (#1331) Change to support sending multiple bundles, as needed for group chats, limit number of devices to 3 as already done in the UI and refresh bundle daily.
2018-12-21 10:07:25 +00:00
MaxInstallations: 3,
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
MaxSkip: 1000,
MaxKeep: 3000,
MaxMessageKeysPerSession: 2000,
Allow multiple bundles, change n devices & bundle refresh (#1331) Change to support sending multiple bundles, as needed for group chats, limit number of devices to 3 as already done in the UI and refresh bundle daily.
2018-12-21 10:07:25 +00:00
BundleRefreshInterval: 24 * 60 * 60 * 1000,
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
InstallationID: installationID,
}
}
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
// NewEncryptionService creates a new EncryptionService instance.
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
func NewEncryptionService(p PersistenceService, config EncryptionServiceConfig) *EncryptionService {
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
logger := log.New("package", "status-go/services/sshext.chat")
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
logger.Info("Initialized encryption service", "installationID", config.InstallationID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
return &EncryptionService{
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
log: logger,
persistence: p,
config: config,
mutex: sync.Mutex{},
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
messageIDs: make(map[string]*ConfirmationData),
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
}
func (s *EncryptionService) keyFromActiveX3DH(theirIdentityKey []byte, theirSignedPreKey []byte, myIdentityKey *ecdsa.PrivateKey) ([]byte, *ecdsa.PublicKey, error) {
sharedKey, ephemeralPubKey, err := PerformActiveX3DH(theirIdentityKey, theirSignedPreKey, myIdentityKey)
if err != nil {
return nil, nil, err
}
return sharedKey, ephemeralPubKey, nil
}
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
func (s *EncryptionService) getDRSession(id []byte) (dr.Session, error) {
sessionStorage := s.persistence.GetSessionStorage()
return dr.Load(
id,
sessionStorage,
dr.WithKeysStorage(s.persistence.GetKeysStorage()),
dr.WithMaxSkip(s.config.MaxSkip),
dr.WithMaxKeep(s.config.MaxKeep),
dr.WithMaxMessageKeysPerSession(s.config.MaxMessageKeysPerSession),
dr.WithCrypto(crypto.EthereumCrypto{}),
)
}
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
func confirmationIDString(id []byte) string {
return hex.EncodeToString(id)
}
// ConfirmMessagesProcessed confirms and deletes message keys for the given messages
func (s *EncryptionService) ConfirmMessagesProcessed(messageIDs [][]byte) error {
s.mutex.Lock()
defer s.mutex.Unlock()
for _, idByte := range messageIDs {
id := confirmationIDString(idByte)
confirmationData, ok := s.messageIDs[id]
if !ok {
Allow messages to be decrypted from previous bundles (#1400) Currently we only decrypt messages if received on the current bundle. This changes the behavior so that messages can be decrypted if sent to previous bundles as well, as otherwise is a bit restrictive
2019-02-28 12:09:43 +00:00
s.log.Debug("Could not confirm message", "messageID", id)
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
continue
}
// Load session from store first
session, err := s.getDRSession(confirmationData.drInfo.ID)
if err != nil {
return err
}
if err := session.DeleteMk(confirmationData.header.DH, confirmationData.header.N); err != nil {
return err
}
}
return nil
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// CreateBundle retrieves or creates an X3DH bundle given a private key
func (s *EncryptionService) CreateBundle(privateKey *ecdsa.PrivateKey) (*Bundle, error) {
ourIdentityKeyC := ecrypto.CompressPubkey(&privateKey.PublicKey)
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
installations, err := s.persistence.GetActiveInstallations(s.config.MaxInstallations-1, ourIdentityKeyC)
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
if err != nil {
return nil, err
}
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
installations = append(installations, &Installation{
ID: s.config.InstallationID,
Version: protocolCurrentVersion,
})
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
bundleContainer, err := s.persistence.GetAnyPrivateBundle(ourIdentityKeyC, installations)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
return nil, err
}
// If the bundle has expired we create a new one
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
if bundleContainer != nil && bundleContainer.GetBundle().Timestamp < time.Now().Add(-1*time.Duration(s.config.BundleRefreshInterval)*time.Millisecond).UnixNano() {
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// Mark sessions has expired
if err := s.persistence.MarkBundleExpired(bundleContainer.GetBundle().GetIdentity()); err != nil {
return nil, err
}
} else if bundleContainer != nil {
err = SignBundle(privateKey, bundleContainer)
if err != nil {
return nil, err
}
return bundleContainer.GetBundle(), nil
}
// needs transaction/mutex to avoid creating multiple bundles
// although not a problem
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
bundleContainer, err = NewBundleContainer(privateKey, s.config.InstallationID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
return nil, err
}
if err = s.persistence.AddPrivateBundle(bundleContainer); err != nil {
return nil, err
}
return s.CreateBundle(privateKey)
}
// DecryptWithDH decrypts message sent with a DH key exchange, and throws away the key after decryption
func (s *EncryptionService) DecryptWithDH(myIdentityKey *ecdsa.PrivateKey, theirEphemeralKey *ecdsa.PublicKey, payload []byte) ([]byte, error) {
key, err := PerformDH(
ecies.ImportECDSA(myIdentityKey),
ecies.ImportECDSAPublic(theirEphemeralKey),
)
if err != nil {
return nil, err
}
return crypto.DecryptSymmetric(key, payload)
}
// keyFromPassiveX3DH decrypts message sent with a X3DH key exchange, storing the key for future exchanges
func (s *EncryptionService) keyFromPassiveX3DH(myIdentityKey *ecdsa.PrivateKey, theirIdentityKey *ecdsa.PublicKey, theirEphemeralKey *ecdsa.PublicKey, ourBundleID []byte) ([]byte, error) {
bundlePrivateKey, err := s.persistence.GetPrivateKeyBundle(ourBundleID)
if err != nil {
s.log.Error("Could not get private bundle", "err", err)
return nil, err
}
if bundlePrivateKey == nil {
return nil, ErrSessionNotFound
}
signedPreKey, err := ecrypto.ToECDSA(bundlePrivateKey)
if err != nil {
s.log.Error("Could not convert to ecdsa", "err", err)
return nil, err
}
key, err := PerformPassiveX3DH(
theirIdentityKey,
signedPreKey,
theirEphemeralKey,
myIdentityKey,
)
if err != nil {
s.log.Error("Could not perform passive x3dh", "err", err)
return nil, err
}
return key, nil
}
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
func (s *EncryptionService) EnableInstallation(myIdentityKey *ecdsa.PublicKey, installationID string) error {
myIdentityKeyC := ecrypto.CompressPubkey(myIdentityKey)
return s.persistence.EnableInstallation(myIdentityKeyC, installationID)
}
func (s *EncryptionService) DisableInstallation(myIdentityKey *ecdsa.PublicKey, installationID string) error {
myIdentityKeyC := ecrypto.CompressPubkey(myIdentityKey)
return s.persistence.DisableInstallation(myIdentityKeyC, installationID)
}
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
// ProcessPublicBundle persists a bundle and returns a list of tuples identity/installationID
func (s *EncryptionService) ProcessPublicBundle(myIdentityKey *ecdsa.PrivateKey, b *Bundle) ([]IdentityAndIDPair, error) {
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// Make sure the bundle belongs to who signed it
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
identity, err := ExtractIdentity(b)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
return nil, err
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
signedPreKeys := b.GetSignedPreKeys()
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
var response []IdentityAndIDPair
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
var installations []*Installation
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
myIdentityStr := fmt.Sprintf("0x%x", ecrypto.FromECDSAPub(&myIdentityKey.PublicKey))
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
// Any device from other peers will be considered enabled, ours needs to
// be explicitly enabled
fromOurIdentity := identity != myIdentityStr
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
for installationID, signedPreKey := range signedPreKeys {
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
if installationID != s.config.InstallationID {
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
installations = append(installations, &Installation{
ID: installationID,
Version: signedPreKey.GetProtocolVersion(),
})
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
response = append(response, IdentityAndIDPair{identity, installationID})
}
}
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
if err = s.persistence.AddInstallations(b.GetIdentity(), b.GetTimestamp(), installations, fromOurIdentity); err != nil {
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
return nil, err
}
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
if err = s.persistence.AddPublicBundle(b); err != nil {
return nil, err
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
}
return response, nil
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
// DecryptPayload decrypts the payload of a DirectMessageProtocol, given an identity private key and the sender's public key
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
func (s *EncryptionService) DecryptPayload(myIdentityKey *ecdsa.PrivateKey, theirIdentityKey *ecdsa.PublicKey, theirInstallationID string, msgs map[string]*DirectMessageProtocol, messageID []byte) ([]byte, error) {
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.mutex.Lock()
defer s.mutex.Unlock()
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
msg := msgs[s.config.InstallationID]
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if msg == nil {
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
msg = msgs[noInstallationID]
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
// We should not be sending a signal if it's coming from us, as we receive our own messages
Notify user when the device is missing (#1298) * Notify user when the device is missing * Update services/shhext/chat/encryption.go Co-Authored-By: cammellos <andrea.maria.piana@gmail.com>
2018-12-05 08:22:49 +00:00
if msg == nil && *theirIdentityKey != myIdentityKey.PublicKey {
return nil, ErrDeviceNotFound
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
payload := msg.GetPayload()
if x3dhHeader := msg.GetX3DHHeader(); x3dhHeader != nil {
bundleID := x3dhHeader.GetId()
theirEphemeralKey, err := ecrypto.DecompressPubkey(x3dhHeader.GetKey())
if err != nil {
return nil, err
}
symmetricKey, err := s.keyFromPassiveX3DH(myIdentityKey, theirIdentityKey, theirEphemeralKey, bundleID)
if err != nil {
return nil, err
}
theirIdentityKeyC := ecrypto.CompressPubkey(theirIdentityKey)
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
err = s.persistence.AddRatchetInfo(symmetricKey, theirIdentityKeyC, bundleID, nil, theirInstallationID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
return nil, err
}
}
if drHeader := msg.GetDRHeader(); drHeader != nil {
var dh [32]byte
copy(dh[:], drHeader.GetKey())
drMessage := &dr.Message{
Header: dr.MessageHeader{
N: drHeader.GetN(),
PN: drHeader.GetPn(),
DH: dh,
},
Ciphertext: msg.GetPayload(),
}
theirIdentityKeyC := ecrypto.CompressPubkey(theirIdentityKey)
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
drInfo, err := s.persistence.GetRatchetInfo(drHeader.GetId(), theirIdentityKeyC, theirInstallationID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
s.log.Error("Could not get ratchet info", "err", err)
return nil, err
}
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
// Add installations with a timestamp of 0, as we don't have bundle informations
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
if err = s.persistence.AddInstallations(theirIdentityKeyC, 0, []*Installation{{ID: theirInstallationID, Version: 0}}, true); err != nil {
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
return nil, err
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// We mark the exchange as successful so we stop sending x3dh header
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
if err = s.persistence.RatchetInfoConfirmed(drHeader.GetId(), theirIdentityKeyC, theirInstallationID); err != nil {
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.log.Error("Could not confirm ratchet info", "err", err)
return nil, err
}
if drInfo == nil {
s.log.Error("Could not find a session")
return nil, ErrSessionNotFound
}
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
confirmationData := &ConfirmationData{
header: &drMessage.Header,
drInfo: drInfo,
}
s.messageIDs[confirmationIDString(messageID)] = confirmationData
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
return s.decryptUsingDR(theirIdentityKey, drInfo, drMessage)
}
// Try DH
if header := msg.GetDHHeader(); header != nil {
decompressedKey, err := ecrypto.DecompressPubkey(header.GetKey())
if err != nil {
return nil, err
}
return s.DecryptWithDH(myIdentityKey, decompressedKey, payload)
}
return nil, errors.New("no key specified")
}
func (s *EncryptionService) createNewSession(drInfo *RatchetInfo, sk [32]byte, keyPair crypto.DHPair) (dr.Session, error) {
var err error
var session dr.Session
if drInfo.PrivateKey != nil {
session, err = dr.New(
drInfo.ID,
sk,
keyPair,
s.persistence.GetSessionStorage(),
dr.WithKeysStorage(s.persistence.GetKeysStorage()),
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
dr.WithMaxSkip(s.config.MaxSkip),
dr.WithMaxKeep(s.config.MaxKeep),
dr.WithMaxMessageKeysPerSession(s.config.MaxMessageKeysPerSession),
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
dr.WithCrypto(crypto.EthereumCrypto{}))
} else {
session, err = dr.NewWithRemoteKey(
drInfo.ID,
sk,
keyPair.PubKey,
s.persistence.GetSessionStorage(),
dr.WithKeysStorage(s.persistence.GetKeysStorage()),
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
dr.WithMaxSkip(s.config.MaxSkip),
dr.WithMaxKeep(s.config.MaxKeep),
dr.WithMaxMessageKeysPerSession(s.config.MaxMessageKeysPerSession),
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
dr.WithCrypto(crypto.EthereumCrypto{}))
}
return session, err
}
func (s *EncryptionService) encryptUsingDR(theirIdentityKey *ecdsa.PublicKey, drInfo *RatchetInfo, payload []byte) ([]byte, *DRHeader, error) {
var err error
var session dr.Session
var sk, publicKey, privateKey [32]byte
copy(sk[:], drInfo.Sk)
copy(publicKey[:], drInfo.PublicKey[:32])
copy(privateKey[:], drInfo.PrivateKey[:])
keyPair := crypto.DHPair{
PrvKey: privateKey,
PubKey: publicKey,
}
// Load session from store first
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
session, err = s.getDRSession(drInfo.ID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
return nil, nil, err
}
// Create a new one
if session == nil {
session, err = s.createNewSession(drInfo, sk, keyPair)
if err != nil {
return nil, nil, err
}
}
response, err := session.RatchetEncrypt(payload, nil)
if err != nil {
return nil, nil, err
}
header := &DRHeader{
Id: drInfo.BundleID,
Key: response.Header.DH[:],
N: response.Header.N,
Pn: response.Header.PN,
}
return response.Ciphertext, header, nil
}
func (s *EncryptionService) decryptUsingDR(theirIdentityKey *ecdsa.PublicKey, drInfo *RatchetInfo, payload *dr.Message) ([]byte, error) {
var err error
var session dr.Session
var sk, publicKey, privateKey [32]byte
copy(sk[:], drInfo.Sk)
copy(publicKey[:], drInfo.PublicKey[:32])
copy(privateKey[:], drInfo.PrivateKey[:])
keyPair := crypto.DHPair{
PrvKey: privateKey,
PubKey: publicKey,
}
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
session, err = s.getDRSession(drInfo.ID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
return nil, err
}
if session == nil {
session, err = s.createNewSession(drInfo, sk, keyPair)
if err != nil {
return nil, err
}
}
plaintext, err := session.RatchetDecrypt(*payload, nil)
if err != nil {
return nil, err
}
return plaintext, nil
}
func (s *EncryptionService) encryptWithDH(theirIdentityKey *ecdsa.PublicKey, payload []byte) (*DirectMessageProtocol, error) {
symmetricKey, ourEphemeralKey, err := PerformActiveDH(theirIdentityKey)
if err != nil {
return nil, err
}
encryptedPayload, err := crypto.EncryptSymmetric(symmetricKey, payload)
if err != nil {
return nil, err
}
return &DirectMessageProtocol{
DHHeader: &DHHeader{
Key: ecrypto.CompressPubkey(ourEphemeralKey),
},
Payload: encryptedPayload,
}, nil
}
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
func (s *EncryptionService) EncryptPayloadWithDH(theirIdentityKey *ecdsa.PublicKey, payload []byte) (map[string]*DirectMessageProtocol, error) {
response := make(map[string]*DirectMessageProtocol)
dmp, err := s.encryptWithDH(theirIdentityKey, payload)
if err != nil {
return nil, err
}
response[noInstallationID] = dmp
return response, nil
}
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
// GetPublicBundle returns the active installations bundles for a given user
func (s *EncryptionService) GetPublicBundle(theirIdentityKey *ecdsa.PublicKey) (*Bundle, error) {
theirIdentityKeyC := ecrypto.CompressPubkey(theirIdentityKey)
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
installations, err := s.persistence.GetActiveInstallations(s.config.MaxInstallations, theirIdentityKeyC)
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
if err != nil {
return nil, err
}
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
return s.persistence.GetPublicBundle(theirIdentityKey, installations)
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// EncryptPayload returns a new DirectMessageProtocol with a given payload encrypted, given a recipient's public key and the sender private identity key
// TODO: refactor this
// nolint: gocyclo
func (s *EncryptionService) EncryptPayload(theirIdentityKey *ecdsa.PublicKey, myIdentityKey *ecdsa.PrivateKey, payload []byte) (map[string]*DirectMessageProtocol, error) {
s.mutex.Lock()
defer s.mutex.Unlock()
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
s.log.Debug("Sending message", "theirKey", theirIdentityKey)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
theirIdentityKeyC := ecrypto.CompressPubkey(theirIdentityKey)
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
// Get their installationIds
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
installations, err := s.persistence.GetActiveInstallations(s.config.MaxInstallations, theirIdentityKeyC)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
return nil, err
}
// We don't have any, send a message with DH
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
if installations == nil && !bytes.Equal(theirIdentityKeyC, ecrypto.CompressPubkey(&myIdentityKey.PublicKey)) {
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
return s.EncryptPayloadWithDH(theirIdentityKey, payload)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
response := make(map[string]*DirectMessageProtocol)
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
for _, installation := range installations {
installationID := installation.ID
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
s.log.Debug("Processing installation", "installationID", installationID)
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
if s.config.InstallationID == installationID {
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
continue
}
Add protocol version to bundle
2019-05-23 07:54:28 +00:00
bundle, err := s.persistence.GetPublicBundle(theirIdentityKey, []*Installation{installation})
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
if err != nil {
return nil, err
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// See if a session is there already
drInfo, err := s.persistence.GetAnyRatchetInfo(theirIdentityKeyC, installationID)
if err != nil {
return nil, err
}
if drInfo != nil {
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
s.log.Debug("Found DR info", "installationID", installationID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
encryptedPayload, drHeader, err := s.encryptUsingDR(theirIdentityKey, drInfo, payload)
if err != nil {
return nil, err
}
dmp := DirectMessageProtocol{
Payload: encryptedPayload,
DRHeader: drHeader,
}
if drInfo.EphemeralKey != nil {
dmp.X3DHHeader = &X3DHHeader{
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
Key: drInfo.EphemeralKey,
Id: drInfo.BundleID,
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
}
response[drInfo.InstallationID] = &dmp
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
continue
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
theirSignedPreKeyContainer := bundle.GetSignedPreKeys()[installationID]
// This should not be nil at this point
if theirSignedPreKeyContainer == nil {
s.log.Warn("Could not find either a ratchet info or a bundle for installationId", "installationID", installationID)
continue
}
s.log.Debug("DR info not found, using bundle", "installationID", installationID)
theirSignedPreKey := theirSignedPreKeyContainer.GetSignedPreKey()
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
sharedKey, ourEphemeralKey, err := s.keyFromActiveX3DH(theirIdentityKeyC, theirSignedPreKey, myIdentityKey)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
return nil, err
}
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
theirIdentityKeyC := ecrypto.CompressPubkey(theirIdentityKey)
ourEphemeralKeyC := ecrypto.CompressPubkey(ourEphemeralKey)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
err = s.persistence.AddRatchetInfo(sharedKey, theirIdentityKeyC, theirSignedPreKey, ourEphemeralKeyC, installationID)
if err != nil {
return nil, err
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
x3dhHeader := &X3DHHeader{
Key: ourEphemeralKeyC,
Id: theirSignedPreKey,
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
drInfo, err = s.persistence.GetRatchetInfo(theirSignedPreKey, theirIdentityKeyC, installationID)
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
if err != nil {
return nil, err
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
if drInfo != nil {
encryptedPayload, drHeader, err := s.encryptUsingDR(theirIdentityKey, drInfo, payload)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
return nil, err
}
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
dmp := &DirectMessageProtocol{
Payload: encryptedPayload,
X3DHHeader: x3dhHeader,
DRHeader: drHeader,
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
Add enabling/disabling of installations (#1264) This commit adds a list new table, installations, which is used to keep track of which installation are active for a given identity key. In general, we limit the number of installation that we keep synchronized to 5, to avoid excessive usage of resources. Any installation coming from our own identity, will have to be manually enabled, otherwise we trust the other peer has correctly paired their devices. We use a timestamp to decide which installations to keep synchronized as a logical clock would have make the creation of the bundle more complicated, but this can always be converted to a logical clock at later stages without breaking compatibility.
2018-11-06 08:05:32 +00:00
response[drInfo.InstallationID] = dmp
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
}
Add GetContactCode call, add DH flag (#1367) This PR does a few things: 1) Add a call GetContactCode to check whether we have a bundle for a given user. 2) Add a DH flag to the API (non-breaking change), for those messages that we want to target all devices (contact-requests for example). 3) Fixes a few small issues with installations, namely if for example a messages is sent without a bundle (currently not done by any client), we still infer installation info, so that we can communicate securely and making it truly optional.
2019-02-12 11:07:13 +00:00
s.log.Debug("Built message", "theirKey", theirIdentityKey)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
return response, nil
}