mirror of
https://github.com/status-im/status-go.git
synced 2025-01-12 15:45:07 +00:00
23f71c1125
This commit changes the format of the encryption id to be based off 3 things: 1) The group id 2) The timestamp 3) The actual key Previously this was solely based on the timestamp and the group id, but this might lead to conflicts. Moreover the format of the key was an uint32 and so it would wrap periodically. The migration is a bit tricky, so first we cleared the cache of keys, that's easier than migrating, and second we set the new field hash_id to the concatenation of group_id / key_id. This might lead on some duplication in case keys are re-received, but it should not have an impact on the correctness of the code. I have added 2 tests covering compatibility between old/new clients, as this should not be a breaking change. It also adds a new message to rekey in a single go, instead of having to send multiple messages
754 lines
22 KiB
Go
754 lines
22 KiB
Go
package encryption
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ecdsa"
|
|
"database/sql"
|
|
"fmt"
|
|
|
|
"go.uber.org/zap"
|
|
|
|
"github.com/golang/protobuf/proto"
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/status-im/status-go/eth-node/crypto"
|
|
"github.com/status-im/status-go/eth-node/types"
|
|
|
|
"github.com/status-im/status-go/protocol/encryption/multidevice"
|
|
"github.com/status-im/status-go/protocol/encryption/publisher"
|
|
"github.com/status-im/status-go/protocol/encryption/sharedsecret"
|
|
)
|
|
|
|
//go:generate protoc --go_out=. ./protocol_message.proto
|
|
|
|
const (
|
|
protocolVersion = 1
|
|
sharedSecretNegotiationVersion = 1
|
|
partitionedTopicMinVersion = 1
|
|
defaultMinVersion = 0
|
|
)
|
|
|
|
type PartitionTopicMode int
|
|
|
|
const (
|
|
PartitionTopicNoSupport PartitionTopicMode = iota
|
|
PartitionTopicV1
|
|
)
|
|
|
|
type ProtocolMessageSpec struct {
|
|
Message *ProtocolMessage
|
|
// Installations is the targeted devices
|
|
Installations []*multidevice.Installation
|
|
// SharedSecret is a shared secret established among the installations
|
|
SharedSecret *sharedsecret.Secret
|
|
// AgreedSecret indicates whether the shared secret has been agreed
|
|
AgreedSecret bool
|
|
// Public means that the spec contains a public wrapped message
|
|
Public bool
|
|
}
|
|
|
|
func (p *ProtocolMessageSpec) MinVersion() uint32 {
|
|
if len(p.Installations) == 0 {
|
|
return defaultMinVersion
|
|
}
|
|
|
|
version := p.Installations[0].Version
|
|
|
|
for _, installation := range p.Installations[1:] {
|
|
if installation.Version < version {
|
|
version = installation.Version
|
|
}
|
|
}
|
|
return version
|
|
}
|
|
|
|
func (p *ProtocolMessageSpec) PartitionedTopicMode() PartitionTopicMode {
|
|
if p.MinVersion() >= partitionedTopicMinVersion {
|
|
return PartitionTopicV1
|
|
}
|
|
return PartitionTopicNoSupport
|
|
}
|
|
|
|
type Protocol struct {
|
|
encryptor *encryptor
|
|
secret *sharedsecret.SharedSecret
|
|
multidevice *multidevice.Multidevice
|
|
publisher *publisher.Publisher
|
|
subscriptions *Subscriptions
|
|
|
|
logger *zap.Logger
|
|
}
|
|
|
|
var (
|
|
// ErrNoPayload means that there was no payload found in the received protocol message.
|
|
ErrNoPayload = errors.New("no payload")
|
|
)
|
|
|
|
// New creates a new ProtocolService instance
|
|
func New(
|
|
db *sql.DB,
|
|
installationID string,
|
|
logger *zap.Logger,
|
|
) *Protocol {
|
|
return NewWithEncryptorConfig(
|
|
db,
|
|
installationID,
|
|
defaultEncryptorConfig(installationID, logger),
|
|
logger,
|
|
)
|
|
}
|
|
|
|
// DB and migrations are shared between encryption package
|
|
// and its sub-packages.
|
|
func NewWithEncryptorConfig(
|
|
db *sql.DB,
|
|
installationID string,
|
|
encryptorConfig encryptorConfig,
|
|
logger *zap.Logger,
|
|
) *Protocol {
|
|
return &Protocol{
|
|
encryptor: newEncryptor(db, encryptorConfig),
|
|
secret: sharedsecret.New(db, logger),
|
|
multidevice: multidevice.New(db, &multidevice.Config{
|
|
MaxInstallations: 3,
|
|
ProtocolVersion: protocolVersion,
|
|
InstallationID: installationID,
|
|
}),
|
|
publisher: publisher.New(logger),
|
|
logger: logger.With(zap.Namespace("Protocol")),
|
|
}
|
|
}
|
|
|
|
type Subscriptions struct {
|
|
SharedSecrets []*sharedsecret.Secret
|
|
SendContactCode <-chan struct{}
|
|
Quit chan struct{}
|
|
}
|
|
|
|
func (p *Protocol) Start(myIdentity *ecdsa.PrivateKey) (*Subscriptions, error) {
|
|
// Propagate currently cached shared secrets.
|
|
secrets, err := p.secret.All()
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "failed to get all secrets")
|
|
}
|
|
p.subscriptions = &Subscriptions{
|
|
SharedSecrets: secrets,
|
|
SendContactCode: p.publisher.Start(),
|
|
Quit: make(chan struct{}),
|
|
}
|
|
return p.subscriptions, nil
|
|
}
|
|
|
|
func (p *Protocol) Stop() error {
|
|
p.publisher.Stop()
|
|
if p.subscriptions != nil {
|
|
close(p.subscriptions.Quit)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *Protocol) addBundle(myIdentityKey *ecdsa.PrivateKey, msg *ProtocolMessage) error {
|
|
// Get a bundle
|
|
installations, err := p.multidevice.GetOurActiveInstallations(&myIdentityKey.PublicKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
bundle, err := p.encryptor.CreateBundle(myIdentityKey, installations)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
msg.Bundles = []*Bundle{bundle}
|
|
|
|
return nil
|
|
}
|
|
|
|
// BuildPublicMessage marshals a public chat message given the user identity private key and a payload
|
|
func (p *Protocol) BuildPublicMessage(myIdentityKey *ecdsa.PrivateKey, payload []byte) (*ProtocolMessageSpec, error) {
|
|
// Build message not encrypted
|
|
message := &ProtocolMessage{
|
|
InstallationId: p.encryptor.config.InstallationID,
|
|
PublicMessage: payload,
|
|
}
|
|
|
|
err := p.addBundle(myIdentityKey, message)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &ProtocolMessageSpec{Message: message, Public: true}, nil
|
|
}
|
|
|
|
// BuildEncryptedMessage returns a 1:1 chat message and optionally a negotiated topic given the user identity private key, the recipient's public key, and a payload
|
|
func (p *Protocol) BuildEncryptedMessage(myIdentityKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey, payload []byte) (*ProtocolMessageSpec, error) {
|
|
|
|
// Get recipients installations.
|
|
activeInstallations, err := p.multidevice.GetActiveInstallations(publicKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Encrypt payload
|
|
encryptedMessagesByInstalls, installations, err := p.encryptor.EncryptPayload(publicKey, myIdentityKey, activeInstallations, payload)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Build message
|
|
message := &ProtocolMessage{
|
|
InstallationId: p.encryptor.config.InstallationID,
|
|
EncryptedMessage: encryptedMessagesByInstalls,
|
|
}
|
|
|
|
err = p.addBundle(myIdentityKey, message)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Check who we are sending the message to, and see if we have a shared secret
|
|
// across devices
|
|
var installationIDs []string
|
|
for installationID := range message.GetEncryptedMessage() {
|
|
if installationID != noInstallationID {
|
|
installationIDs = append(installationIDs, installationID)
|
|
}
|
|
}
|
|
|
|
sharedSecret, agreed, err := p.secret.Agreed(myIdentityKey, p.encryptor.config.InstallationID, publicKey, installationIDs)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
spec := &ProtocolMessageSpec{
|
|
SharedSecret: sharedSecret,
|
|
AgreedSecret: agreed,
|
|
Message: message,
|
|
Installations: installations,
|
|
}
|
|
return spec, nil
|
|
}
|
|
|
|
func (p *Protocol) GenerateHashRatchetKey(groupID []byte) (*HashRatchetKeyCompatibility, error) {
|
|
return p.encryptor.GenerateHashRatchetKey(groupID)
|
|
}
|
|
|
|
func (p *Protocol) GetAllHREncodedKeys(groupID []byte) ([]byte, error) {
|
|
keys, err := p.encryptor.persistence.GetKeysForGroup(groupID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if len(keys) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
return p.GetHREncodedKeys(groupID, keys)
|
|
}
|
|
|
|
// GetKeyIDsForGroup returns a slice of key IDs belonging to a given group ID
|
|
func (p *Protocol) GetKeysForGroup(groupID []byte) ([]*HashRatchetKeyCompatibility, error) {
|
|
return p.encryptor.persistence.GetKeysForGroup(groupID)
|
|
}
|
|
|
|
func (p *Protocol) GetHREncodedKeys(groupID []byte, ratchets []*HashRatchetKeyCompatibility) ([]byte, error) {
|
|
keys := &HRKeys{}
|
|
for _, ratchet := range ratchets {
|
|
key := &HRKey{
|
|
DeprecatedKeyId: ratchet.DeprecatedKeyID(),
|
|
Key: ratchet.Key,
|
|
Timestamp: ratchet.Timestamp,
|
|
}
|
|
keys.Keys = append(keys.Keys, key)
|
|
}
|
|
|
|
return proto.Marshal(keys)
|
|
}
|
|
|
|
var maxGroupKeyRecipients = 10000
|
|
|
|
// BuildHashRatchetRekeyGroup builds a set of public messages
|
|
// with the new key
|
|
func (p *Protocol) BuildHashRatchetReKeyGroupMessage(myIdentityKey *ecdsa.PrivateKey, recipients []*ecdsa.PublicKey, groupID []byte, ratchet *HashRatchetKeyCompatibility) ([]*ProtocolMessageSpec, error) {
|
|
|
|
var err error
|
|
if ratchet == nil {
|
|
ratchet, err = p.GenerateHashRatchetKey(groupID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
messages, err := buildGroupRekeyMessage(myIdentityKey, groupID, ratchet.Timestamp, ratchet.Key, recipients, maxGroupKeyRecipients)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var specs []*ProtocolMessageSpec
|
|
|
|
for _, message := range messages {
|
|
keys := &HRKeys{
|
|
RekeyGroup: message,
|
|
}
|
|
payload, err := proto.Marshal(keys)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
message := &ProtocolMessage{
|
|
InstallationId: p.encryptor.config.InstallationID,
|
|
EncryptedMessage: map[string]*EncryptedMessageProtocol{noInstallationID: &EncryptedMessageProtocol{
|
|
HRHeader: &HRHeader{
|
|
SeqNo: 0,
|
|
GroupId: groupID,
|
|
},
|
|
Payload: payload,
|
|
},
|
|
},
|
|
}
|
|
|
|
specs = append(specs, &ProtocolMessageSpec{Message: message, Public: true})
|
|
|
|
}
|
|
return specs, nil
|
|
}
|
|
|
|
// BuildHashRatchetKeyExchangeMessage builds a 1:1 message
|
|
// containing newly generated hash ratchet key
|
|
func (p *Protocol) BuildHashRatchetKeyExchangeMessage(myIdentityKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey, groupID []byte, ratchets []*HashRatchetKeyCompatibility) (*ProtocolMessageSpec, error) {
|
|
|
|
encodedKeys, err := p.GetHREncodedKeys(groupID, ratchets)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
response, err := p.BuildEncryptedMessage(myIdentityKey, publicKey, encodedKeys)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Loop through installations and assign HRHeader
|
|
// SeqNo=0 has a special meaning for HandleMessage
|
|
// and signifies a message with hash ratchet key payload
|
|
for _, v := range response.Message.EncryptedMessage {
|
|
v.HRHeader = &HRHeader{
|
|
SeqNo: 0,
|
|
GroupId: groupID,
|
|
}
|
|
|
|
}
|
|
|
|
return response, err
|
|
}
|
|
|
|
func (p *Protocol) GetCurrentKeyForGroup(groupID []byte) (*HashRatchetKeyCompatibility, error) {
|
|
return p.encryptor.persistence.GetCurrentKeyForGroup(groupID)
|
|
|
|
}
|
|
|
|
// BuildHashRatchetMessage returns a hash ratchet chat message
|
|
func (p *Protocol) BuildHashRatchetMessage(groupID []byte, payload []byte) (*ProtocolMessageSpec, error) {
|
|
|
|
ratchet, err := p.encryptor.persistence.GetCurrentKeyForGroup(groupID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Encrypt payload
|
|
encryptedMessagesByInstalls, err := p.encryptor.EncryptHashRatchetPayload(ratchet, payload)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Build message
|
|
message := &ProtocolMessage{
|
|
InstallationId: p.encryptor.config.InstallationID,
|
|
EncryptedMessage: encryptedMessagesByInstalls,
|
|
}
|
|
|
|
spec := &ProtocolMessageSpec{
|
|
Message: message,
|
|
}
|
|
return spec, nil
|
|
}
|
|
|
|
func (p *Protocol) GetKeyExMessageSpecs(groupID []byte, identity *ecdsa.PrivateKey, recipients []*ecdsa.PublicKey, forceRekey bool) ([]*ProtocolMessageSpec, error) {
|
|
var ratchets []*HashRatchetKeyCompatibility
|
|
var err error
|
|
if !forceRekey {
|
|
ratchets, err = p.encryptor.persistence.GetKeysForGroup(groupID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
if len(ratchets) == 0 || forceRekey {
|
|
ratchet, err := p.GenerateHashRatchetKey(groupID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
ratchets = []*HashRatchetKeyCompatibility{ratchet}
|
|
}
|
|
specs := make([]*ProtocolMessageSpec, len(recipients))
|
|
for i, recipient := range recipients {
|
|
keyExMsg, err := p.BuildHashRatchetKeyExchangeMessage(identity, recipient, groupID, ratchets)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
specs[i] = keyExMsg
|
|
|
|
}
|
|
|
|
return specs, nil
|
|
}
|
|
|
|
// BuildDHMessage builds a message with DH encryption so that it can be decrypted by any other device.
|
|
func (p *Protocol) BuildDHMessage(myIdentityKey *ecdsa.PrivateKey, destination *ecdsa.PublicKey, payload []byte) (*ProtocolMessageSpec, error) {
|
|
// Encrypt payload
|
|
encryptionResponse, err := p.encryptor.EncryptPayloadWithDH(destination, payload)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Build message
|
|
message := &ProtocolMessage{
|
|
InstallationId: p.encryptor.config.InstallationID,
|
|
EncryptedMessage: encryptionResponse,
|
|
}
|
|
|
|
err = p.addBundle(myIdentityKey, message)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &ProtocolMessageSpec{Message: message}, nil
|
|
}
|
|
|
|
// ProcessPublicBundle processes a received X3DH bundle.
|
|
func (p *Protocol) ProcessPublicBundle(myIdentityKey *ecdsa.PrivateKey, bundle *Bundle) ([]*multidevice.Installation, error) {
|
|
logger := p.logger.With(zap.String("site", "ProcessPublicBundle"))
|
|
|
|
if err := p.encryptor.ProcessPublicBundle(myIdentityKey, bundle); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
installations, enabled, err := p.recoverInstallationsFromBundle(myIdentityKey, bundle)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO(adam): why do we add installations using identity obtained from GetIdentity()
|
|
// instead of the output of crypto.CompressPubkey()? I tried the second option
|
|
// and the unit tests TestTopic and TestMaxDevices fail.
|
|
identityFromBundle := bundle.GetIdentity()
|
|
theirIdentity, err := ExtractIdentity(bundle)
|
|
if err != nil {
|
|
logger.Panic("unrecoverable error extracting identity", zap.Error(err))
|
|
}
|
|
compressedIdentity := crypto.CompressPubkey(theirIdentity)
|
|
if !bytes.Equal(identityFromBundle, compressedIdentity) {
|
|
logger.Panic("identity from bundle and compressed are not equal")
|
|
}
|
|
|
|
return p.multidevice.AddInstallations(bundle.GetIdentity(), bundle.GetTimestamp(), installations, enabled)
|
|
}
|
|
|
|
func (p *Protocol) GetMultiDevice() *multidevice.Multidevice {
|
|
return p.multidevice
|
|
}
|
|
|
|
// recoverInstallationsFromBundle extracts installations from the bundle.
|
|
// It returns extracted installations and true if the installations
|
|
// are ours, i.e. the bundle was created by our identity key.
|
|
func (p *Protocol) recoverInstallationsFromBundle(myIdentityKey *ecdsa.PrivateKey, bundle *Bundle) ([]*multidevice.Installation, bool, error) {
|
|
var installations []*multidevice.Installation
|
|
|
|
theirIdentity, err := ExtractIdentity(bundle)
|
|
if err != nil {
|
|
return nil, false, err
|
|
}
|
|
|
|
myIdentityStr := fmt.Sprintf("0x%x", crypto.FromECDSAPub(&myIdentityKey.PublicKey))
|
|
theirIdentityStr := fmt.Sprintf("0x%x", crypto.FromECDSAPub(theirIdentity))
|
|
// Any device from other peers will be considered enabled, ours needs to
|
|
// be explicitly enabled.
|
|
enabled := theirIdentityStr != myIdentityStr
|
|
signedPreKeys := bundle.GetSignedPreKeys()
|
|
|
|
for installationID, signedPreKey := range signedPreKeys {
|
|
if installationID != p.multidevice.InstallationID() {
|
|
installations = append(installations, &multidevice.Installation{
|
|
Identity: theirIdentityStr,
|
|
ID: installationID,
|
|
Version: signedPreKey.GetProtocolVersion(),
|
|
})
|
|
}
|
|
}
|
|
|
|
return installations, enabled, nil
|
|
}
|
|
|
|
// GetBundle retrieves or creates a X3DH bundle, given a private identity key.
|
|
func (p *Protocol) GetBundle(myIdentityKey *ecdsa.PrivateKey) (*Bundle, error) {
|
|
installations, err := p.multidevice.GetOurActiveInstallations(&myIdentityKey.PublicKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return p.encryptor.CreateBundle(myIdentityKey, installations)
|
|
}
|
|
|
|
// EnableInstallation enables an installation for multi-device sync.
|
|
func (p *Protocol) EnableInstallation(myIdentityKey *ecdsa.PublicKey, installationID string) error {
|
|
return p.multidevice.EnableInstallation(myIdentityKey, installationID)
|
|
}
|
|
|
|
// DisableInstallation disables an installation for multi-device sync.
|
|
func (p *Protocol) DisableInstallation(myIdentityKey *ecdsa.PublicKey, installationID string) error {
|
|
return p.multidevice.DisableInstallation(myIdentityKey, installationID)
|
|
}
|
|
|
|
// GetOurInstallations returns all the installations available given an identity
|
|
func (p *Protocol) GetOurInstallations(myIdentityKey *ecdsa.PublicKey) ([]*multidevice.Installation, error) {
|
|
return p.multidevice.GetOurInstallations(myIdentityKey)
|
|
}
|
|
|
|
// GetOurActiveInstallations returns all the active installations available given an identity
|
|
func (p *Protocol) GetOurActiveInstallations(myIdentityKey *ecdsa.PublicKey) ([]*multidevice.Installation, error) {
|
|
return p.multidevice.GetOurActiveInstallations(myIdentityKey)
|
|
}
|
|
|
|
// SetInstallationMetadata sets the metadata for our own installation
|
|
func (p *Protocol) SetInstallationMetadata(myIdentityKey *ecdsa.PublicKey, installationID string, data *multidevice.InstallationMetadata) error {
|
|
return p.multidevice.SetInstallationMetadata(myIdentityKey, installationID, data)
|
|
}
|
|
|
|
// SetInstallationName sets the metadata for our own installation
|
|
func (p *Protocol) SetInstallationName(myIdentityKey *ecdsa.PublicKey, installationID string, name string) error {
|
|
return p.multidevice.SetInstallationName(myIdentityKey, installationID, name)
|
|
}
|
|
|
|
// GetPublicBundle retrieves a public bundle given an identity
|
|
func (p *Protocol) GetPublicBundle(theirIdentityKey *ecdsa.PublicKey) (*Bundle, error) {
|
|
installations, err := p.multidevice.GetActiveInstallations(theirIdentityKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return p.encryptor.GetPublicBundle(theirIdentityKey, installations)
|
|
}
|
|
|
|
// ConfirmMessageProcessed confirms and deletes message keys for the given messages
|
|
func (p *Protocol) ConfirmMessageProcessed(messageID []byte) error {
|
|
logger := p.logger.With(zap.String("site", "ConfirmMessageProcessed"))
|
|
logger.Debug("confirming message", zap.String("messageID", types.EncodeHex(messageID)))
|
|
return p.encryptor.ConfirmMessageProcessed(messageID)
|
|
}
|
|
|
|
type HashRatchetInfo struct {
|
|
GroupID []byte
|
|
KeyID []byte
|
|
}
|
|
type DecryptMessageResponse struct {
|
|
DecryptedMessage []byte
|
|
Installations []*multidevice.Installation
|
|
SharedSecrets []*sharedsecret.Secret
|
|
HashRatchetInfo []*HashRatchetInfo
|
|
}
|
|
|
|
func (p *Protocol) HandleHashRatchetKeys(groupID, encodedKeys []byte, myIdentityKey *ecdsa.PrivateKey, theirIdentityKey *ecdsa.PublicKey) ([]*HashRatchetInfo, error) {
|
|
|
|
var info []*HashRatchetInfo
|
|
keys := &HRKeys{}
|
|
err := proto.Unmarshal(encodedKeys, keys)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
for _, key := range keys.Keys {
|
|
ratchet := &HashRatchetKeyCompatibility{
|
|
GroupID: groupID,
|
|
Timestamp: key.Timestamp,
|
|
Key: key.Key,
|
|
}
|
|
|
|
// If there's no timestamp, is coming from an older client
|
|
if key.Timestamp == 0 {
|
|
ratchet.Timestamp = uint64(key.DeprecatedKeyId)
|
|
}
|
|
keyID, err := ratchet.GetKeyID()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Payload contains hash ratchet key
|
|
err = p.encryptor.persistence.SaveHashRatchetKey(ratchet)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
info = append(info, &HashRatchetInfo{GroupID: groupID, KeyID: keyID})
|
|
}
|
|
|
|
if keys.RekeyGroup != nil {
|
|
if keys.RekeyGroup.Timestamp == 0 {
|
|
return nil, errors.New("timestamp can't be nil")
|
|
}
|
|
|
|
encryptionKey, err := decryptGroupRekeyMessage(myIdentityKey, theirIdentityKey, keys.RekeyGroup)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(encryptionKey) != 0 {
|
|
|
|
ratchet := &HashRatchetKeyCompatibility{
|
|
GroupID: groupID,
|
|
Timestamp: keys.RekeyGroup.Timestamp,
|
|
Key: encryptionKey,
|
|
}
|
|
|
|
keyID, err := ratchet.GetKeyID()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// Payload contains hash ratchet key
|
|
err = p.encryptor.persistence.SaveHashRatchetKey(ratchet)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
info = append(info, &HashRatchetInfo{GroupID: groupID, KeyID: keyID})
|
|
|
|
}
|
|
}
|
|
|
|
return info, nil
|
|
}
|
|
|
|
// HandleMessage unmarshals a message and processes it, decrypting it if it is a 1:1 message.
|
|
func (p *Protocol) HandleMessage(
|
|
myIdentityKey *ecdsa.PrivateKey,
|
|
theirPublicKey *ecdsa.PublicKey,
|
|
protocolMessage *ProtocolMessage,
|
|
messageID []byte,
|
|
) (*DecryptMessageResponse, error) {
|
|
logger := p.logger.With(zap.String("site", "HandleMessage"))
|
|
response := &DecryptMessageResponse{}
|
|
|
|
logger.Debug("received a protocol message",
|
|
zap.String("sender-public-key",
|
|
types.EncodeHex(crypto.FromECDSAPub(theirPublicKey))),
|
|
zap.String("my-installation-id", p.encryptor.config.InstallationID),
|
|
zap.String("messageID", types.EncodeHex(messageID)))
|
|
|
|
if p.encryptor == nil {
|
|
return nil, errors.New("encryption service not initialized")
|
|
}
|
|
|
|
// Process bundles
|
|
for _, bundle := range protocolMessage.GetBundles() {
|
|
// Should we stop processing if the bundle cannot be verified?
|
|
newInstallations, err := p.ProcessPublicBundle(myIdentityKey, bundle)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
response.Installations = newInstallations
|
|
}
|
|
|
|
// Check if it's a public message
|
|
if publicMessage := protocolMessage.GetPublicMessage(); publicMessage != nil {
|
|
// Nothing to do, as already in cleartext
|
|
response.DecryptedMessage = publicMessage
|
|
return response, nil
|
|
}
|
|
|
|
// Decrypt message
|
|
if encryptedMessage := protocolMessage.GetEncryptedMessage(); encryptedMessage != nil {
|
|
message, err := p.encryptor.DecryptPayload(
|
|
myIdentityKey,
|
|
theirPublicKey,
|
|
protocolMessage.GetInstallationId(),
|
|
encryptedMessage,
|
|
messageID,
|
|
)
|
|
|
|
if err == ErrHashRatchetGroupIDNotFound {
|
|
msg := p.encryptor.GetMessage(encryptedMessage)
|
|
|
|
if msg != nil {
|
|
if header := msg.GetHRHeader(); header != nil {
|
|
response.HashRatchetInfo = append(response.HashRatchetInfo, &HashRatchetInfo{GroupID: header.GroupId, KeyID: header.KeyId})
|
|
}
|
|
}
|
|
return response, err
|
|
}
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dmProtocol := encryptedMessage[p.encryptor.config.InstallationID]
|
|
if dmProtocol == nil {
|
|
dmProtocol = encryptedMessage[noInstallationID]
|
|
}
|
|
if dmProtocol != nil {
|
|
hrHeader := dmProtocol.HRHeader
|
|
if hrHeader != nil && hrHeader.SeqNo == 0 {
|
|
hashRatchetKeys, err := p.HandleHashRatchetKeys(hrHeader.GroupId, message, myIdentityKey, theirPublicKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
response.HashRatchetInfo = hashRatchetKeys
|
|
}
|
|
}
|
|
|
|
bundles := protocolMessage.GetBundles()
|
|
version := getProtocolVersion(bundles, protocolMessage.GetInstallationId())
|
|
if version >= sharedSecretNegotiationVersion {
|
|
sharedSecret, err := p.secret.Generate(myIdentityKey, theirPublicKey, protocolMessage.GetInstallationId())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
response.SharedSecrets = []*sharedsecret.Secret{sharedSecret}
|
|
}
|
|
response.DecryptedMessage = message
|
|
return response, nil
|
|
}
|
|
|
|
// Return error
|
|
return nil, ErrNoPayload
|
|
}
|
|
|
|
func (p *Protocol) ShouldAdvertiseBundle(publicKey *ecdsa.PublicKey, time int64) (bool, error) {
|
|
return p.publisher.ShouldAdvertiseBundle(publicKey, time)
|
|
}
|
|
|
|
func (p *Protocol) ConfirmBundleAdvertisement(publicKey *ecdsa.PublicKey, time int64) {
|
|
p.publisher.SetLastAck(publicKey, time)
|
|
}
|
|
|
|
func (p *Protocol) BuildBundleAdvertiseMessage(myIdentityKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey) (*ProtocolMessageSpec, error) {
|
|
return p.BuildDHMessage(myIdentityKey, publicKey, nil)
|
|
}
|
|
|
|
func getProtocolVersion(bundles []*Bundle, installationID string) uint32 {
|
|
if installationID == "" {
|
|
return defaultMinVersion
|
|
}
|
|
|
|
for _, bundle := range bundles {
|
|
if bundle != nil {
|
|
signedPreKeys := bundle.GetSignedPreKeys()
|
|
if signedPreKeys == nil {
|
|
continue
|
|
}
|
|
|
|
signedPreKey := signedPreKeys[installationID]
|
|
if signedPreKey == nil {
|
|
return defaultMinVersion
|
|
}
|
|
|
|
return signedPreKey.GetProtocolVersion()
|
|
}
|
|
}
|
|
|
|
return defaultMinVersion
|
|
}
|