mirror of
https://github.com/status-im/status-go.git
synced 2025-01-10 14:47:06 +00:00
605fe40e32
This commit fixes a few issues with communities encryption: Key distribution was disconnected from the community description, this created a case where the key would arrive after the community description and that would result in the client thinking that it was kicked. To overcome this, we added a message that signals the user that is kicked. Also, we distribute the key with the community description so that there's no more issues with timing. This is a bit expensive for large communities, and it will require some further optimizations. Key distribution is now also connected to the request to join response, so there are no timing issues. Fixes an issue with key distribution (race condition) where the community would be modified before being compared, resulting in a comparison of two identical communities, which would result in no key being distributed. This commit only partially address the issue.
165 lines
3.6 KiB
Go
165 lines
3.6 KiB
Go
package encryption
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/ecdsa"
|
|
"crypto/rand"
|
|
"encoding/binary"
|
|
"errors"
|
|
"io"
|
|
"time"
|
|
|
|
"github.com/status-im/status-go/eth-node/crypto"
|
|
"github.com/status-im/status-go/eth-node/crypto/ecies"
|
|
)
|
|
|
|
const keyBumpValue = uint64(10)
|
|
|
|
// GetCurrentTime64 returns the current unix time in milliseconds
|
|
func GetCurrentTime() uint64 {
|
|
return (uint64)(time.Now().UnixNano() / int64(time.Millisecond))
|
|
}
|
|
|
|
// bumpKeyID takes a timestampID and returns its value incremented by the keyBumpValue
|
|
func bumpKeyID(timestampID uint64) uint64 {
|
|
return timestampID + keyBumpValue
|
|
}
|
|
|
|
func generateHashRatchetKeyID(groupID []byte, timestamp uint64, keyBytes []byte) []byte {
|
|
var keyMaterial []byte
|
|
|
|
keyMaterial = append(keyMaterial, groupID...)
|
|
|
|
timestampBytes := make([]byte, 8) // 8 bytes for a uint64
|
|
binary.LittleEndian.PutUint64(timestampBytes, timestamp)
|
|
keyMaterial = append(keyMaterial, timestampBytes...)
|
|
|
|
keyMaterial = append(keyMaterial, keyBytes...)
|
|
|
|
return crypto.Keccak256(keyMaterial)
|
|
}
|
|
|
|
func publicKeyMostRelevantBytes(key *ecdsa.PublicKey) uint32 {
|
|
|
|
keyBytes := crypto.FromECDSAPub(key)
|
|
|
|
return binary.LittleEndian.Uint32(keyBytes[1:5])
|
|
}
|
|
|
|
func encrypt(plaintext []byte, key []byte, reader io.Reader) ([]byte, error) {
|
|
c, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
gcm, err := cipher.NewGCM(c)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
nonce := make([]byte, gcm.NonceSize())
|
|
if _, err = io.ReadFull(reader, nonce); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return gcm.Seal(nonce, nonce, plaintext, nil), nil
|
|
}
|
|
|
|
func generateSharedKey(privateKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey) ([]byte, error) {
|
|
|
|
const encryptedPayloadKeyLength = 16
|
|
|
|
return ecies.ImportECDSA(privateKey).GenerateShared(
|
|
ecies.ImportECDSAPublic(publicKey),
|
|
encryptedPayloadKeyLength,
|
|
encryptedPayloadKeyLength,
|
|
)
|
|
}
|
|
|
|
func buildGroupRekeyMessage(privateKey *ecdsa.PrivateKey, groupID []byte, timestamp uint64, keyMaterial []byte, keys []*ecdsa.PublicKey) (*RekeyGroup, error) {
|
|
|
|
message := &RekeyGroup{
|
|
Timestamp: timestamp,
|
|
}
|
|
|
|
message.Keys = make(map[uint32][]byte)
|
|
|
|
for _, k := range keys {
|
|
|
|
sharedKey, err := generateSharedKey(privateKey, k)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
encryptedKey, err := encrypt(keyMaterial, sharedKey, rand.Reader)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
kBytes := publicKeyMostRelevantBytes(k)
|
|
|
|
if message.Keys[kBytes] == nil {
|
|
message.Keys[kBytes] = encryptedKey
|
|
} else {
|
|
message.Keys[kBytes] = append(message.Keys[kBytes], encryptedKey...)
|
|
}
|
|
}
|
|
|
|
return message, nil
|
|
}
|
|
|
|
const nonceLength = 12
|
|
|
|
func decrypt(cyphertext []byte, key []byte) ([]byte, error) {
|
|
if len(cyphertext) < nonceLength {
|
|
return nil, errors.New("invalid cyphertext length")
|
|
}
|
|
|
|
c, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
gcm, err := cipher.NewGCM(c)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
nonce := cyphertext[:nonceLength]
|
|
return gcm.Open(nil, nonce, cyphertext[nonceLength:], nil)
|
|
}
|
|
|
|
const keySize = 60
|
|
|
|
func decryptGroupRekeyMessage(privateKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey, message *RekeyGroup) ([]byte, error) {
|
|
kBytes := publicKeyMostRelevantBytes(&privateKey.PublicKey)
|
|
if message.Keys == nil || message.Keys[kBytes] == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
sharedKey, err := generateSharedKey(privateKey, publicKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
keys := message.Keys[kBytes]
|
|
|
|
nKeys := len(keys) / keySize
|
|
|
|
var decryptedKey []byte
|
|
for i := 0; i < nKeys; i++ {
|
|
|
|
encryptedKey := keys[i*keySize : i*keySize+keySize]
|
|
decryptedKey, err = decrypt(encryptedKey, sharedKey)
|
|
if err != nil {
|
|
continue
|
|
} else {
|
|
break
|
|
}
|
|
|
|
}
|
|
|
|
return decryptedKey, nil
|
|
}
|