2019-07-17 22:25:42 +00:00
package encryption
import (
"bytes"
"crypto/ecdsa"
2024-04-17 14:53:51 +00:00
"crypto/rand"
2019-07-30 06:14:13 +00:00
"database/sql"
2019-07-17 22:25:42 +00:00
"fmt"
"go.uber.org/zap"
2022-09-21 16:05:29 +00:00
"github.com/golang/protobuf/proto"
2019-07-17 22:25:42 +00:00
"github.com/pkg/errors"
2019-11-23 17:57:05 +00:00
"github.com/status-im/status-go/eth-node/crypto"
2020-11-24 12:36:52 +00:00
"github.com/status-im/status-go/eth-node/types"
2019-11-23 17:57:05 +00:00
2019-11-21 16:19:22 +00:00
"github.com/status-im/status-go/protocol/encryption/multidevice"
"github.com/status-im/status-go/protocol/encryption/publisher"
"github.com/status-im/status-go/protocol/encryption/sharedsecret"
2019-07-17 22:25:42 +00:00
)
//go:generate protoc --go_out=. ./protocol_message.proto
const (
protocolVersion = 1
sharedSecretNegotiationVersion = 1
partitionedTopicMinVersion = 1
defaultMinVersion = 0
2024-02-29 09:51:38 +00:00
maxKeysChannelSize = 10000
2019-07-17 22:25:42 +00:00
)
type PartitionTopicMode int
const (
PartitionTopicNoSupport PartitionTopicMode = iota
PartitionTopicV1
)
type ProtocolMessageSpec struct {
Message * ProtocolMessage
// Installations is the targeted devices
Installations [ ] * multidevice . Installation
// SharedSecret is a shared secret established among the installations
2020-07-31 12:22:05 +00:00
SharedSecret * sharedsecret . Secret
// AgreedSecret indicates whether the shared secret has been agreed
AgreedSecret bool
2019-07-17 22:25:42 +00:00
// Public means that the spec contains a public wrapped message
Public bool
}
func ( p * ProtocolMessageSpec ) MinVersion ( ) uint32 {
if len ( p . Installations ) == 0 {
return defaultMinVersion
}
version := p . Installations [ 0 ] . Version
for _ , installation := range p . Installations [ 1 : ] {
if installation . Version < version {
version = installation . Version
}
}
return version
}
func ( p * ProtocolMessageSpec ) PartitionedTopicMode ( ) PartitionTopicMode {
if p . MinVersion ( ) >= partitionedTopicMinVersion {
return PartitionTopicV1
}
return PartitionTopicNoSupport
}
type Protocol struct {
2020-07-31 09:08:09 +00:00
encryptor * encryptor
secret * sharedsecret . SharedSecret
multidevice * multidevice . Multidevice
publisher * publisher . Publisher
subscriptions * Subscriptions
2019-07-17 22:25:42 +00:00
logger * zap . Logger
}
var (
// ErrNoPayload means that there was no payload found in the received protocol message.
2024-01-23 16:56:51 +00:00
ErrNoPayload = errors . New ( "no payload" )
ErrNoRatchetKey = errors . New ( "no ratchet key for given keyID" )
2019-07-17 22:25:42 +00:00
)
// New creates a new ProtocolService instance
func New (
2019-07-30 06:14:13 +00:00
db * sql . DB ,
2019-07-17 22:25:42 +00:00
installationID string ,
logger * zap . Logger ,
2019-07-30 06:14:13 +00:00
) * Protocol {
2019-07-17 22:25:42 +00:00
return NewWithEncryptorConfig (
2019-07-30 06:14:13 +00:00
db ,
2019-07-17 22:25:42 +00:00
installationID ,
defaultEncryptorConfig ( installationID , logger ) ,
logger ,
)
}
2019-07-30 06:14:13 +00:00
// DB and migrations are shared between encryption package
// and its sub-packages.
2019-07-17 22:25:42 +00:00
func NewWithEncryptorConfig (
2019-07-30 06:14:13 +00:00
db * sql . DB ,
2019-07-17 22:25:42 +00:00
installationID string ,
encryptorConfig encryptorConfig ,
logger * zap . Logger ,
2019-07-30 06:14:13 +00:00
) * Protocol {
2019-07-17 22:25:42 +00:00
return & Protocol {
2019-07-30 06:14:13 +00:00
encryptor : newEncryptor ( db , encryptorConfig ) ,
2019-07-17 22:25:42 +00:00
secret : sharedsecret . New ( db , logger ) ,
multidevice : multidevice . New ( db , & multidevice . Config {
MaxInstallations : 3 ,
ProtocolVersion : protocolVersion ,
InstallationID : installationID ,
} ) ,
2020-07-31 12:22:05 +00:00
publisher : publisher . New ( logger ) ,
logger : logger . With ( zap . Namespace ( "Protocol" ) ) ,
2019-07-30 06:14:13 +00:00
}
2019-07-17 22:25:42 +00:00
}
2020-07-31 09:08:09 +00:00
type Subscriptions struct {
2024-02-29 09:51:38 +00:00
SharedSecrets [ ] * sharedsecret . Secret
SendContactCode <- chan struct { }
NewHashRatchetKeys chan [ ] * HashRatchetInfo
Quit chan struct { }
2020-07-31 09:08:09 +00:00
}
func ( p * Protocol ) Start ( myIdentity * ecdsa . PrivateKey ) ( * Subscriptions , error ) {
2019-07-17 22:25:42 +00:00
// Propagate currently cached shared secrets.
secrets , err := p . secret . All ( )
if err != nil {
2020-07-31 09:08:09 +00:00
return nil , errors . Wrap ( err , "failed to get all secrets" )
}
p . subscriptions = & Subscriptions {
2024-02-29 09:51:38 +00:00
SharedSecrets : secrets ,
SendContactCode : p . publisher . Start ( ) ,
NewHashRatchetKeys : make ( chan [ ] * HashRatchetInfo , maxKeysChannelSize ) ,
Quit : make ( chan struct { } ) ,
2020-07-31 09:46:38 +00:00
}
2020-07-31 09:08:09 +00:00
return p . subscriptions , nil
}
func ( p * Protocol ) Stop ( ) error {
p . publisher . Stop ( )
if p . subscriptions != nil {
close ( p . subscriptions . Quit )
}
2019-07-17 22:25:42 +00:00
return nil
}
2019-09-26 07:01:17 +00:00
func ( p * Protocol ) addBundle ( myIdentityKey * ecdsa . PrivateKey , msg * ProtocolMessage ) error {
2019-07-17 22:25:42 +00:00
// Get a bundle
installations , err := p . multidevice . GetOurActiveInstallations ( & myIdentityKey . PublicKey )
if err != nil {
return err
}
bundle , err := p . encryptor . CreateBundle ( myIdentityKey , installations )
if err != nil {
return err
}
2019-09-26 07:01:17 +00:00
msg . Bundles = [ ] * Bundle { bundle }
2019-07-17 22:25:42 +00:00
return nil
}
// BuildPublicMessage marshals a public chat message given the user identity private key and a payload
func ( p * Protocol ) BuildPublicMessage ( myIdentityKey * ecdsa . PrivateKey , payload [ ] byte ) ( * ProtocolMessageSpec , error ) {
// Build message not encrypted
message := & ProtocolMessage {
InstallationId : p . encryptor . config . InstallationID ,
PublicMessage : payload ,
}
2019-09-26 07:01:17 +00:00
err := p . addBundle ( myIdentityKey , message )
2019-07-17 22:25:42 +00:00
if err != nil {
return nil , err
}
return & ProtocolMessageSpec { Message : message , Public : true } , nil
}
2021-09-21 15:47:04 +00:00
// BuildEncryptedMessage returns a 1:1 chat message and optionally a negotiated topic given the user identity private key, the recipient's public key, and a payload
func ( p * Protocol ) BuildEncryptedMessage ( myIdentityKey * ecdsa . PrivateKey , publicKey * ecdsa . PublicKey , payload [ ] byte ) ( * ProtocolMessageSpec , error ) {
2019-07-17 22:25:42 +00:00
// Get recipients installations.
activeInstallations , err := p . multidevice . GetActiveInstallations ( publicKey )
if err != nil {
return nil , err
}
// Encrypt payload
2021-09-21 15:47:04 +00:00
encryptedMessagesByInstalls , installations , err := p . encryptor . EncryptPayload ( publicKey , myIdentityKey , activeInstallations , payload )
2019-07-17 22:25:42 +00:00
if err != nil {
return nil , err
}
// Build message
message := & ProtocolMessage {
2021-09-21 15:47:04 +00:00
InstallationId : p . encryptor . config . InstallationID ,
EncryptedMessage : encryptedMessagesByInstalls ,
2019-07-17 22:25:42 +00:00
}
2019-09-26 07:01:17 +00:00
err = p . addBundle ( myIdentityKey , message )
2019-07-17 22:25:42 +00:00
if err != nil {
return nil , err
}
// Check who we are sending the message to, and see if we have a shared secret
// across devices
var installationIDs [ ] string
2021-09-21 15:47:04 +00:00
for installationID := range message . GetEncryptedMessage ( ) {
2019-07-17 22:25:42 +00:00
if installationID != noInstallationID {
installationIDs = append ( installationIDs , installationID )
}
}
sharedSecret , agreed , err := p . secret . Agreed ( myIdentityKey , p . encryptor . config . InstallationID , publicKey , installationIDs )
if err != nil {
return nil , err
}
spec := & ProtocolMessageSpec {
2020-07-31 12:22:05 +00:00
SharedSecret : sharedSecret ,
AgreedSecret : agreed ,
2019-07-17 22:25:42 +00:00
Message : message ,
Installations : installations ,
}
return spec , nil
}
2023-10-12 15:45:23 +00:00
func ( p * Protocol ) GenerateHashRatchetKey ( groupID [ ] byte ) ( * HashRatchetKeyCompatibility , error ) {
2022-05-27 09:14:40 +00:00
return p . encryptor . GenerateHashRatchetKey ( groupID )
}
2024-02-21 10:54:33 +00:00
// Deprecated: This function is deprecated as it does not marshal groupID. Kept for backward compatibility.
func ( p * Protocol ) GetAllHRKeysMarshaledV1 ( groupID [ ] byte ) ( [ ] byte , error ) {
keys , err := p . GetAllHRKeys ( groupID )
2022-11-07 17:30:00 +00:00
if err != nil {
return nil , err
}
2024-02-21 10:54:33 +00:00
if keys == nil {
return nil , nil
}
return proto . Marshal ( keys )
}
func ( p * Protocol ) GetAllHRKeysMarshaledV2 ( groupID [ ] byte ) ( [ ] byte , error ) {
keys , err := p . GetAllHRKeys ( groupID )
if err != nil {
return nil , err
}
if keys == nil {
2022-11-07 17:30:00 +00:00
return nil , nil
}
2021-09-21 15:47:04 +00:00
2024-02-21 10:54:33 +00:00
header := & HRHeader {
SeqNo : 0 ,
GroupId : groupID ,
Keys : keys ,
}
return proto . Marshal ( header )
}
func ( p * Protocol ) GetAllHRKeys ( groupID [ ] byte ) ( * HRKeys , error ) {
ratchets , err := p . encryptor . persistence . GetKeysForGroup ( groupID )
if err != nil {
return nil , err
}
if len ( ratchets ) == 0 {
return nil , nil
}
return p . GetHRKeys ( ratchets ) , nil
2022-11-07 17:30:00 +00:00
}
2023-05-24 14:25:10 +00:00
// GetKeyIDsForGroup returns a slice of key IDs belonging to a given group ID
2023-10-12 15:45:23 +00:00
func ( p * Protocol ) GetKeysForGroup ( groupID [ ] byte ) ( [ ] * HashRatchetKeyCompatibility , error ) {
return p . encryptor . persistence . GetKeysForGroup ( groupID )
2023-05-24 14:25:10 +00:00
}
2024-02-21 10:54:33 +00:00
func ( p * Protocol ) GetHRKeys ( ratchets [ ] * HashRatchetKeyCompatibility ) * HRKeys {
2022-09-21 16:05:29 +00:00
keys := & HRKeys { }
2023-10-12 15:45:23 +00:00
for _ , ratchet := range ratchets {
2022-09-21 16:05:29 +00:00
key := & HRKey {
2023-10-12 15:45:23 +00:00
DeprecatedKeyId : ratchet . DeprecatedKeyID ( ) ,
Key : ratchet . Key ,
Timestamp : ratchet . Timestamp ,
2022-09-21 16:05:29 +00:00
}
keys . Keys = append ( keys . Keys , key )
}
2024-01-23 16:56:51 +00:00
return keys
2022-11-07 17:30:00 +00:00
}
2024-01-23 16:56:51 +00:00
// BuildHashRatchetRekeyGroup builds a public message
2023-10-12 15:45:23 +00:00
// with the new key
2024-01-23 16:56:51 +00:00
func ( p * Protocol ) BuildHashRatchetReKeyGroupMessage ( myIdentityKey * ecdsa . PrivateKey , recipients [ ] * ecdsa . PublicKey , groupID [ ] byte , payload [ ] byte , ratchet * HashRatchetKeyCompatibility ) ( * ProtocolMessageSpec , error ) {
2023-10-12 15:45:23 +00:00
var err error
if ratchet == nil {
ratchet , err = p . GenerateHashRatchetKey ( groupID )
if err != nil {
return nil , err
}
}
2024-01-23 16:56:51 +00:00
message , err := buildGroupRekeyMessage ( myIdentityKey , groupID , ratchet . Timestamp , ratchet . Key , recipients )
2023-10-12 15:45:23 +00:00
if err != nil {
return nil , err
}
2024-01-23 16:56:51 +00:00
keys := & HRKeys {
RekeyGroup : message ,
}
spec := & ProtocolMessageSpec {
Public : true ,
Message : & ProtocolMessage {
2023-10-12 15:45:23 +00:00
InstallationId : p . encryptor . config . InstallationID ,
EncryptedMessage : map [ string ] * EncryptedMessageProtocol { noInstallationID : & EncryptedMessageProtocol {
HRHeader : & HRHeader {
SeqNo : 0 ,
GroupId : groupID ,
2024-01-23 16:56:51 +00:00
Keys : keys ,
2023-10-12 15:45:23 +00:00
} ,
Payload : payload ,
} ,
} ,
2024-01-23 16:56:51 +00:00
} ,
2023-10-12 15:45:23 +00:00
}
2024-01-23 16:56:51 +00:00
return spec , nil
2023-10-12 15:45:23 +00:00
}
2022-11-07 17:30:00 +00:00
// BuildHashRatchetKeyExchangeMessage builds a 1:1 message
// containing newly generated hash ratchet key
2023-10-12 15:45:23 +00:00
func ( p * Protocol ) BuildHashRatchetKeyExchangeMessage ( myIdentityKey * ecdsa . PrivateKey , publicKey * ecdsa . PublicKey , groupID [ ] byte , ratchets [ ] * HashRatchetKeyCompatibility ) ( * ProtocolMessageSpec , error ) {
2022-11-07 17:30:00 +00:00
2024-02-21 10:54:33 +00:00
keys := p . GetHRKeys ( ratchets )
2024-01-23 16:56:51 +00:00
encodedKeys , err := proto . Marshal ( keys )
2021-09-21 15:47:04 +00:00
if err != nil {
return nil , err
}
2022-09-21 16:05:29 +00:00
response , err := p . BuildEncryptedMessage ( myIdentityKey , publicKey , encodedKeys )
2021-09-21 15:47:04 +00:00
if err != nil {
return nil , err
}
// Loop through installations and assign HRHeader
// SeqNo=0 has a special meaning for HandleMessage
// and signifies a message with hash ratchet key payload
for _ , v := range response . Message . EncryptedMessage {
v . HRHeader = & HRHeader {
SeqNo : 0 ,
GroupId : groupID ,
2024-01-23 16:56:51 +00:00
Keys : keys ,
}
}
return response , err
}
func ( p * Protocol ) BuildHashRatchetKeyExchangeMessageWithPayload ( myIdentityKey * ecdsa . PrivateKey , publicKey * ecdsa . PublicKey , groupID [ ] byte , ratchets [ ] * HashRatchetKeyCompatibility , payload [ ] byte ) ( * ProtocolMessageSpec , error ) {
2024-02-21 10:54:33 +00:00
keys := p . GetHRKeys ( ratchets )
2024-01-23 16:56:51 +00:00
response , err := p . BuildEncryptedMessage ( myIdentityKey , publicKey , payload )
if err != nil {
return nil , err
}
// Loop through installations and assign HRHeader
// SeqNo=0 has a special meaning for HandleMessage
// and signifies a message with hash ratchet key payload
for _ , v := range response . Message . EncryptedMessage {
v . HRHeader = & HRHeader {
SeqNo : 0 ,
GroupId : groupID ,
Keys : keys ,
2021-09-21 15:47:04 +00:00
}
}
return response , err
}
2023-10-12 15:45:23 +00:00
func ( p * Protocol ) GetCurrentKeyForGroup ( groupID [ ] byte ) ( * HashRatchetKeyCompatibility , error ) {
2022-05-27 09:14:40 +00:00
return p . encryptor . persistence . GetCurrentKeyForGroup ( groupID )
}
2021-09-21 15:47:04 +00:00
// BuildHashRatchetMessage returns a hash ratchet chat message
func ( p * Protocol ) BuildHashRatchetMessage ( groupID [ ] byte , payload [ ] byte ) ( * ProtocolMessageSpec , error ) {
2023-10-12 15:45:23 +00:00
ratchet , err := p . encryptor . persistence . GetCurrentKeyForGroup ( groupID )
2021-09-21 15:47:04 +00:00
if err != nil {
return nil , err
}
// Encrypt payload
2023-10-12 15:45:23 +00:00
encryptedMessagesByInstalls , err := p . encryptor . EncryptHashRatchetPayload ( ratchet , payload )
2021-09-21 15:47:04 +00:00
if err != nil {
return nil , err
}
// Build message
message := & ProtocolMessage {
InstallationId : p . encryptor . config . InstallationID ,
EncryptedMessage : encryptedMessagesByInstalls ,
}
spec := & ProtocolMessageSpec {
Message : message ,
}
return spec , nil
}
2024-04-17 14:53:51 +00:00
func ( p * Protocol ) EncryptCommunityGrants ( privateKey * ecdsa . PrivateKey , recipientGrants map [ * ecdsa . PublicKey ] [ ] byte ) ( map [ uint32 ] [ ] byte , error ) {
grants := make ( map [ uint32 ] [ ] byte )
for recipientKey , grant := range recipientGrants {
2024-06-27 15:29:03 +00:00
sharedKey , err := GenerateSharedKey ( privateKey , recipientKey )
2024-04-17 14:53:51 +00:00
if err != nil {
return nil , err
}
encryptedGrant , err := encrypt ( grant , sharedKey , rand . Reader )
if err != nil {
return nil , err
}
kBytes := publicKeyMostRelevantBytes ( recipientKey )
grants [ kBytes ] = encryptedGrant
}
return grants , nil
}
func ( p * Protocol ) DecryptCommunityGrant ( myIdentityKey * ecdsa . PrivateKey , senderKey * ecdsa . PublicKey , grants map [ uint32 ] [ ] byte ) ( [ ] byte , error ) {
kBytes := publicKeyMostRelevantBytes ( & myIdentityKey . PublicKey )
ecryptedGrant , ok := grants [ kBytes ]
if ! ok {
return nil , errors . New ( "can't find related grant in the map" )
}
2024-06-27 15:29:03 +00:00
sharedKey , err := GenerateSharedKey ( myIdentityKey , senderKey )
2024-04-17 14:53:51 +00:00
if err != nil {
return nil , err
}
return decrypt ( ecryptedGrant , sharedKey )
}
2023-10-12 15:45:23 +00:00
func ( p * Protocol ) GetKeyExMessageSpecs ( groupID [ ] byte , identity * ecdsa . PrivateKey , recipients [ ] * ecdsa . PublicKey , forceRekey bool ) ( [ ] * ProtocolMessageSpec , error ) {
var ratchets [ ] * HashRatchetKeyCompatibility
2022-05-27 09:14:40 +00:00
var err error
if ! forceRekey {
2023-10-12 15:45:23 +00:00
ratchets , err = p . encryptor . persistence . GetKeysForGroup ( groupID )
2022-05-27 09:14:40 +00:00
if err != nil {
return nil , err
}
}
2023-10-12 15:45:23 +00:00
if len ( ratchets ) == 0 || forceRekey {
ratchet , err := p . GenerateHashRatchetKey ( groupID )
2022-05-27 09:14:40 +00:00
if err != nil {
return nil , err
}
2023-10-12 15:45:23 +00:00
ratchets = [ ] * HashRatchetKeyCompatibility { ratchet }
2022-05-27 09:14:40 +00:00
}
specs := make ( [ ] * ProtocolMessageSpec , len ( recipients ) )
for i , recipient := range recipients {
2023-10-12 15:45:23 +00:00
keyExMsg , err := p . BuildHashRatchetKeyExchangeMessage ( identity , recipient , groupID , ratchets )
2022-05-27 09:14:40 +00:00
if err != nil {
return nil , err
}
specs [ i ] = keyExMsg
}
return specs , nil
}
2019-07-17 22:25:42 +00:00
// BuildDHMessage builds a message with DH encryption so that it can be decrypted by any other device.
func ( p * Protocol ) BuildDHMessage ( myIdentityKey * ecdsa . PrivateKey , destination * ecdsa . PublicKey , payload [ ] byte ) ( * ProtocolMessageSpec , error ) {
// Encrypt payload
encryptionResponse , err := p . encryptor . EncryptPayloadWithDH ( destination , payload )
if err != nil {
return nil , err
}
// Build message
message := & ProtocolMessage {
2021-09-21 15:47:04 +00:00
InstallationId : p . encryptor . config . InstallationID ,
EncryptedMessage : encryptionResponse ,
2019-07-17 22:25:42 +00:00
}
2019-09-26 07:01:17 +00:00
err = p . addBundle ( myIdentityKey , message )
2019-07-17 22:25:42 +00:00
if err != nil {
return nil , err
}
return & ProtocolMessageSpec { Message : message } , nil
}
// ProcessPublicBundle processes a received X3DH bundle.
func ( p * Protocol ) ProcessPublicBundle ( myIdentityKey * ecdsa . PrivateKey , bundle * Bundle ) ( [ ] * multidevice . Installation , error ) {
logger := p . logger . With ( zap . String ( "site" , "ProcessPublicBundle" ) )
if err := p . encryptor . ProcessPublicBundle ( myIdentityKey , bundle ) ; err != nil {
return nil , err
}
installations , enabled , err := p . recoverInstallationsFromBundle ( myIdentityKey , bundle )
if err != nil {
return nil , err
}
// TODO(adam): why do we add installations using identity obtained from GetIdentity()
// instead of the output of crypto.CompressPubkey()? I tried the second option
// and the unit tests TestTopic and TestMaxDevices fail.
identityFromBundle := bundle . GetIdentity ( )
theirIdentity , err := ExtractIdentity ( bundle )
if err != nil {
logger . Panic ( "unrecoverable error extracting identity" , zap . Error ( err ) )
}
compressedIdentity := crypto . CompressPubkey ( theirIdentity )
if ! bytes . Equal ( identityFromBundle , compressedIdentity ) {
logger . Panic ( "identity from bundle and compressed are not equal" )
}
return p . multidevice . AddInstallations ( bundle . GetIdentity ( ) , bundle . GetTimestamp ( ) , installations , enabled )
2023-02-28 12:32:45 +00:00
}
func ( p * Protocol ) GetMultiDevice ( ) * multidevice . Multidevice {
return p . multidevice
2019-07-17 22:25:42 +00:00
}
// recoverInstallationsFromBundle extracts installations from the bundle.
// It returns extracted installations and true if the installations
// are ours, i.e. the bundle was created by our identity key.
func ( p * Protocol ) recoverInstallationsFromBundle ( myIdentityKey * ecdsa . PrivateKey , bundle * Bundle ) ( [ ] * multidevice . Installation , bool , error ) {
var installations [ ] * multidevice . Installation
theirIdentity , err := ExtractIdentity ( bundle )
if err != nil {
return nil , false , err
}
myIdentityStr := fmt . Sprintf ( "0x%x" , crypto . FromECDSAPub ( & myIdentityKey . PublicKey ) )
theirIdentityStr := fmt . Sprintf ( "0x%x" , crypto . FromECDSAPub ( theirIdentity ) )
// Any device from other peers will be considered enabled, ours needs to
// be explicitly enabled.
enabled := theirIdentityStr != myIdentityStr
signedPreKeys := bundle . GetSignedPreKeys ( )
for installationID , signedPreKey := range signedPreKeys {
if installationID != p . multidevice . InstallationID ( ) {
installations = append ( installations , & multidevice . Installation {
Identity : theirIdentityStr ,
ID : installationID ,
Version : signedPreKey . GetProtocolVersion ( ) ,
} )
}
}
return installations , enabled , nil
}
// GetBundle retrieves or creates a X3DH bundle, given a private identity key.
func ( p * Protocol ) GetBundle ( myIdentityKey * ecdsa . PrivateKey ) ( * Bundle , error ) {
installations , err := p . multidevice . GetOurActiveInstallations ( & myIdentityKey . PublicKey )
if err != nil {
return nil , err
}
return p . encryptor . CreateBundle ( myIdentityKey , installations )
}
// EnableInstallation enables an installation for multi-device sync.
func ( p * Protocol ) EnableInstallation ( myIdentityKey * ecdsa . PublicKey , installationID string ) error {
return p . multidevice . EnableInstallation ( myIdentityKey , installationID )
}
// DisableInstallation disables an installation for multi-device sync.
func ( p * Protocol ) DisableInstallation ( myIdentityKey * ecdsa . PublicKey , installationID string ) error {
return p . multidevice . DisableInstallation ( myIdentityKey , installationID )
}
// GetOurInstallations returns all the installations available given an identity
func ( p * Protocol ) GetOurInstallations ( myIdentityKey * ecdsa . PublicKey ) ( [ ] * multidevice . Installation , error ) {
return p . multidevice . GetOurInstallations ( myIdentityKey )
Move to protobuf for Message type (#1706)
* Use a single Message type `v1/message.go` and `message.go` are the same now, and they embed `protobuf.ChatMessage`
* Use `SendChatMessage` for sending chat messages, this is basically the old `Send` but a bit more flexible so we can send different message types (stickers,commands), and not just text.
* Remove dedup from services/shhext. Because now we process in status-protocol, dedup makes less sense, as those messages are going to be processed anyway, so removing for now, we can re-evaluate if bringing it to status-go or not.
* Change the various retrieveX method to a single one:
`RetrieveAll` will be processing those messages that it can process (Currently only `Message`), and return the rest in `RawMessages` (still transit). The format for the response is:
`Chats`: -> The chats updated by receiving the message
`Messages`: -> The messages retrieved (already matched to a chat)
`Contacts`: -> The contacts updated by the messages
`RawMessages` -> Anything else that can't be parsed, eventually as we move everything to status-protocol-go this will go away.
2019-12-05 16:25:34 +00:00
}
// GetOurActiveInstallations returns all the active installations available given an identity
func ( p * Protocol ) GetOurActiveInstallations ( myIdentityKey * ecdsa . PublicKey ) ( [ ] * multidevice . Installation , error ) {
return p . multidevice . GetOurActiveInstallations ( myIdentityKey )
2019-07-17 22:25:42 +00:00
}
// SetInstallationMetadata sets the metadata for our own installation
func ( p * Protocol ) SetInstallationMetadata ( myIdentityKey * ecdsa . PublicKey , installationID string , data * multidevice . InstallationMetadata ) error {
return p . multidevice . SetInstallationMetadata ( myIdentityKey , installationID , data )
}
2023-03-20 12:51:17 +00:00
// SetInstallationName sets the metadata for our own installation
func ( p * Protocol ) SetInstallationName ( myIdentityKey * ecdsa . PublicKey , installationID string , name string ) error {
return p . multidevice . SetInstallationName ( myIdentityKey , installationID , name )
}
2019-07-17 22:25:42 +00:00
// GetPublicBundle retrieves a public bundle given an identity
func ( p * Protocol ) GetPublicBundle ( theirIdentityKey * ecdsa . PublicKey ) ( * Bundle , error ) {
installations , err := p . multidevice . GetActiveInstallations ( theirIdentityKey )
if err != nil {
return nil , err
}
return p . encryptor . GetPublicBundle ( theirIdentityKey , installations )
}
// ConfirmMessageProcessed confirms and deletes message keys for the given messages
func ( p * Protocol ) ConfirmMessageProcessed ( messageID [ ] byte ) error {
2019-08-20 11:20:25 +00:00
logger := p . logger . With ( zap . String ( "site" , "ConfirmMessageProcessed" ) )
2021-10-29 14:29:28 +00:00
logger . Debug ( "confirming message" , zap . String ( "messageID" , types . EncodeHex ( messageID ) ) )
2019-07-17 22:25:42 +00:00
return p . encryptor . ConfirmMessageProcessed ( messageID )
}
2022-09-21 16:05:29 +00:00
type HashRatchetInfo struct {
GroupID [ ] byte
2023-10-12 15:45:23 +00:00
KeyID [ ] byte
2022-09-21 16:05:29 +00:00
}
2020-07-31 12:22:05 +00:00
type DecryptMessageResponse struct {
DecryptedMessage [ ] byte
Installations [ ] * multidevice . Installation
SharedSecrets [ ] * sharedsecret . Secret
2022-09-21 16:05:29 +00:00
HashRatchetInfo [ ] * HashRatchetInfo
2020-07-31 09:46:38 +00:00
}
2024-01-23 16:56:51 +00:00
func ( p * Protocol ) HandleHashRatchetKeysPayload ( groupID , encodedKeys [ ] byte , myIdentityKey * ecdsa . PrivateKey , theirIdentityKey * ecdsa . PublicKey ) ( [ ] * HashRatchetInfo , error ) {
2022-11-07 17:30:00 +00:00
keys := & HRKeys { }
err := proto . Unmarshal ( encodedKeys , keys )
if err != nil {
return nil , err
}
2024-01-23 16:56:51 +00:00
return p . HandleHashRatchetKeys ( groupID , keys , myIdentityKey , theirIdentityKey )
}
2024-02-21 10:54:33 +00:00
func ( p * Protocol ) HandleHashRatchetHeadersPayload ( encodedHeaders [ ] [ ] byte ) error {
for _ , encodedHeader := range encodedHeaders {
header := & HRHeader { }
err := proto . Unmarshal ( encodedHeader , header )
if err != nil {
return err
}
_ , err = p . HandleHashRatchetKeys ( header . GroupId , header . Keys , nil , nil )
if err != nil {
return err
}
}
return nil
}
2024-01-23 16:56:51 +00:00
func ( p * Protocol ) HandleHashRatchetKeys ( groupID [ ] byte , keys * HRKeys , myIdentityKey * ecdsa . PrivateKey , theirIdentityKey * ecdsa . PublicKey ) ( [ ] * HashRatchetInfo , error ) {
if keys == nil {
return nil , nil
}
var info [ ] * HashRatchetInfo
2022-11-07 17:30:00 +00:00
for _ , key := range keys . Keys {
2023-10-12 15:45:23 +00:00
ratchet := & HashRatchetKeyCompatibility {
GroupID : groupID ,
Timestamp : key . Timestamp ,
Key : key . Key ,
}
// If there's no timestamp, is coming from an older client
if key . Timestamp == 0 {
ratchet . Timestamp = uint64 ( key . DeprecatedKeyId )
}
keyID , err := ratchet . GetKeyID ( )
if err != nil {
return nil , err
}
2024-01-23 16:56:51 +00:00
p . logger . Debug ( "retrieved keys" , zap . String ( "keyID" , types . Bytes2Hex ( keyID ) ) )
2023-10-12 15:45:23 +00:00
2022-11-07 17:30:00 +00:00
// Payload contains hash ratchet key
2023-10-12 15:45:23 +00:00
err = p . encryptor . persistence . SaveHashRatchetKey ( ratchet )
if err != nil {
return nil , err
}
info = append ( info , & HashRatchetInfo { GroupID : groupID , KeyID : keyID } )
}
if keys . RekeyGroup != nil {
if keys . RekeyGroup . Timestamp == 0 {
return nil , errors . New ( "timestamp can't be nil" )
}
encryptionKey , err := decryptGroupRekeyMessage ( myIdentityKey , theirIdentityKey , keys . RekeyGroup )
2022-11-07 17:30:00 +00:00
if err != nil {
return nil , err
}
2023-10-12 15:45:23 +00:00
if len ( encryptionKey ) != 0 {
ratchet := & HashRatchetKeyCompatibility {
GroupID : groupID ,
Timestamp : keys . RekeyGroup . Timestamp ,
Key : encryptionKey ,
}
keyID , err := ratchet . GetKeyID ( )
if err != nil {
return nil , err
}
2024-01-23 16:56:51 +00:00
p . logger . Debug ( "retrieved group keys" , zap . String ( "keyID" , types . Bytes2Hex ( keyID ) ) )
2023-10-12 15:45:23 +00:00
// Payload contains hash ratchet key
err = p . encryptor . persistence . SaveHashRatchetKey ( ratchet )
if err != nil {
return nil , err
}
info = append ( info , & HashRatchetInfo { GroupID : groupID , KeyID : keyID } )
}
2022-11-07 17:30:00 +00:00
}
2024-02-29 09:51:38 +00:00
if p . subscriptions != nil {
p . subscriptions . NewHashRatchetKeys <- info
}
2022-11-07 17:30:00 +00:00
return info , nil
}
2019-07-17 22:25:42 +00:00
// HandleMessage unmarshals a message and processes it, decrypting it if it is a 1:1 message.
func ( p * Protocol ) HandleMessage (
myIdentityKey * ecdsa . PrivateKey ,
theirPublicKey * ecdsa . PublicKey ,
protocolMessage * ProtocolMessage ,
messageID [ ] byte ,
2020-07-31 12:22:05 +00:00
) ( * DecryptMessageResponse , error ) {
2019-07-17 22:25:42 +00:00
logger := p . logger . With ( zap . String ( "site" , "HandleMessage" ) )
2020-07-31 12:22:05 +00:00
response := & DecryptMessageResponse { }
2019-07-17 22:25:42 +00:00
2020-11-24 12:36:52 +00:00
logger . Debug ( "received a protocol message" ,
zap . String ( "sender-public-key" ,
types . EncodeHex ( crypto . FromECDSAPub ( theirPublicKey ) ) ) ,
zap . String ( "my-installation-id" , p . encryptor . config . InstallationID ) ,
2021-10-29 14:29:28 +00:00
zap . String ( "messageID" , types . EncodeHex ( messageID ) ) )
2019-07-17 22:25:42 +00:00
if p . encryptor == nil {
return nil , errors . New ( "encryption service not initialized" )
}
// Process bundles
for _ , bundle := range protocolMessage . GetBundles ( ) {
// Should we stop processing if the bundle cannot be verified?
2020-07-31 12:22:05 +00:00
newInstallations , err := p . ProcessPublicBundle ( myIdentityKey , bundle )
2019-07-17 22:25:42 +00:00
if err != nil {
return nil , err
}
2020-07-31 12:22:05 +00:00
response . Installations = newInstallations
2019-07-17 22:25:42 +00:00
}
// Check if it's a public message
if publicMessage := protocolMessage . GetPublicMessage ( ) ; publicMessage != nil {
// Nothing to do, as already in cleartext
2020-07-31 12:22:05 +00:00
response . DecryptedMessage = publicMessage
return response , nil
2019-07-17 22:25:42 +00:00
}
// Decrypt message
2021-09-21 15:47:04 +00:00
if encryptedMessage := protocolMessage . GetEncryptedMessage ( ) ; encryptedMessage != nil {
2019-07-17 22:25:42 +00:00
message , err := p . encryptor . DecryptPayload (
myIdentityKey ,
theirPublicKey ,
protocolMessage . GetInstallationId ( ) ,
2021-09-21 15:47:04 +00:00
encryptedMessage ,
2019-07-17 22:25:42 +00:00
messageID ,
)
2022-09-21 16:05:29 +00:00
if err == ErrHashRatchetGroupIDNotFound {
msg := p . encryptor . GetMessage ( encryptedMessage )
if msg != nil {
if header := msg . GetHRHeader ( ) ; header != nil {
response . HashRatchetInfo = append ( response . HashRatchetInfo , & HashRatchetInfo { GroupID : header . GroupId , KeyID : header . KeyId } )
}
}
return response , err
}
2019-07-17 22:25:42 +00:00
if err != nil {
return nil , err
}
2021-09-21 15:47:04 +00:00
dmProtocol := encryptedMessage [ p . encryptor . config . InstallationID ]
if dmProtocol == nil {
dmProtocol = encryptedMessage [ noInstallationID ]
}
2021-12-02 11:55:30 +00:00
if dmProtocol != nil {
hrHeader := dmProtocol . HRHeader
if hrHeader != nil && hrHeader . SeqNo == 0 {
2024-01-23 16:56:51 +00:00
var hashRatchetKeys [ ] * HashRatchetInfo
if hrHeader . Keys != nil {
hashRatchetKeys , err = p . HandleHashRatchetKeys ( hrHeader . GroupId , hrHeader . Keys , myIdentityKey , theirPublicKey )
if err != nil {
return nil , err
}
} else {
// For backward compatibility
hashRatchetKeys , err = p . HandleHashRatchetKeysPayload ( hrHeader . GroupId , message , myIdentityKey , theirPublicKey )
if err != nil {
return nil , err
}
2021-12-02 11:55:30 +00:00
}
2022-11-07 17:30:00 +00:00
response . HashRatchetInfo = hashRatchetKeys
2021-09-21 15:47:04 +00:00
}
}
2019-09-26 07:01:17 +00:00
bundles := protocolMessage . GetBundles ( )
2019-07-17 22:25:42 +00:00
version := getProtocolVersion ( bundles , protocolMessage . GetInstallationId ( ) )
if version >= sharedSecretNegotiationVersion {
sharedSecret , err := p . secret . Generate ( myIdentityKey , theirPublicKey , protocolMessage . GetInstallationId ( ) )
if err != nil {
return nil , err
}
2020-07-31 12:22:05 +00:00
response . SharedSecrets = [ ] * sharedsecret . Secret { sharedSecret }
2019-07-17 22:25:42 +00:00
}
2020-07-31 12:22:05 +00:00
response . DecryptedMessage = message
return response , nil
2019-07-17 22:25:42 +00:00
}
// Return error
return nil , ErrNoPayload
}
func ( p * Protocol ) ShouldAdvertiseBundle ( publicKey * ecdsa . PublicKey , time int64 ) ( bool , error ) {
return p . publisher . ShouldAdvertiseBundle ( publicKey , time )
}
func ( p * Protocol ) ConfirmBundleAdvertisement ( publicKey * ecdsa . PublicKey , time int64 ) {
p . publisher . SetLastAck ( publicKey , time )
}
func ( p * Protocol ) BuildBundleAdvertiseMessage ( myIdentityKey * ecdsa . PrivateKey , publicKey * ecdsa . PublicKey ) ( * ProtocolMessageSpec , error ) {
return p . BuildDHMessage ( myIdentityKey , publicKey , nil )
}
func getProtocolVersion ( bundles [ ] * Bundle , installationID string ) uint32 {
if installationID == "" {
return defaultMinVersion
}
for _ , bundle := range bundles {
if bundle != nil {
signedPreKeys := bundle . GetSignedPreKeys ( )
if signedPreKeys == nil {
continue
}
signedPreKey := signedPreKeys [ installationID ]
if signedPreKey == nil {
return defaultMinVersion
}
return signedPreKey . GetProtocolVersion ( )
}
}
return defaultMinVersion
}
2023-11-29 17:21:21 +00:00
func ( p * Protocol ) EncryptWithHashRatchet ( groupID [ ] byte , payload [ ] byte ) ( [ ] byte , * HashRatchetKeyCompatibility , uint32 , error ) {
ratchet , err := p . encryptor . persistence . GetCurrentKeyForGroup ( groupID )
if err != nil {
return nil , nil , 0 , err
}
encryptedPayload , newSeqNo , err := p . encryptor . EncryptWithHR ( ratchet , payload )
if err != nil {
return nil , nil , 0 , err
}
return encryptedPayload , ratchet , newSeqNo , nil
}
func ( p * Protocol ) DecryptWithHashRatchet ( keyID [ ] byte , seqNo uint32 , payload [ ] byte ) ( [ ] byte , error ) {
ratchet , err := p . encryptor . persistence . GetHashRatchetKeyByID ( keyID )
if err != nil {
return nil , err
}
if ratchet == nil {
2024-01-23 16:56:51 +00:00
return nil , ErrNoRatchetKey
2023-11-29 17:21:21 +00:00
}
return p . encryptor . DecryptWithHR ( ratchet , seqNo , payload )
}