124 lines
2.9 KiB
Go
124 lines
2.9 KiB
Go
package protocol
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/ecdsa"
|
|
|
|
"github.com/golang/protobuf/proto"
|
|
|
|
"github.com/status-im/status-go/eth-node/crypto/ecies"
|
|
"github.com/status-im/status-go/protocol/protobuf"
|
|
)
|
|
|
|
const encryptedPayloadKeyLength = 16
|
|
const nonceLength = 12
|
|
|
|
var ErrInvalidPushNotificationPreferencesVersion = errors.New("invalid version")
|
|
var ErrEmptyPushNotificationPreferencesPayload = errors.New("empty payload")
|
|
var ErrEmptyPushNotificationPreferencesPublicKey = errors.New("no public key")
|
|
var ErrCouldNotUnmarshalPushNotificationPreferences = errors.New("could not unmarshal preferences")
|
|
var ErrInvalidCiphertextLength = errors.New("invalid cyphertext length")
|
|
|
|
type Config struct {
|
|
// Identity is our identity key
|
|
Identity *ecdsa.PrivateKey
|
|
// GorushUrl is the url for the gorush service
|
|
GorushURL string
|
|
}
|
|
|
|
type Server struct {
|
|
persistence *Persistence
|
|
config *Config
|
|
}
|
|
|
|
func New(persistence *Persistence) *Server {
|
|
return &Server{persistence: persistence}
|
|
}
|
|
|
|
func (p *Server) generateSharedKey(publicKey *ecdsa.PublicKey) ([]byte, error) {
|
|
return ecies.ImportECDSA(p.config.Identity).GenerateShared(
|
|
ecies.ImportECDSAPublic(publicKey),
|
|
encryptedPayloadKeyLength,
|
|
encryptedPayloadKeyLength,
|
|
)
|
|
}
|
|
|
|
func (p *Server) ValidateRegistration(previousPreferences *protobuf.PushNotificationPreferences, publicKey *ecdsa.PublicKey, payload []byte) error {
|
|
if payload == nil {
|
|
return ErrEmptyPushNotificationPreferencesPayload
|
|
}
|
|
|
|
if publicKey == nil {
|
|
return ErrEmptyPushNotificationPreferencesPublicKey
|
|
}
|
|
|
|
sharedKey, err := p.generateSharedKey(publicKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
decryptedPayload, err := decrypt(payload, sharedKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
preferences := &protobuf.PushNotificationPreferences{}
|
|
|
|
if err := proto.Unmarshal(decryptedPayload, preferences); err != nil {
|
|
return ErrCouldNotUnmarshalPushNotificationPreferences
|
|
}
|
|
|
|
if preferences.Version < 1 {
|
|
return ErrInvalidPushNotificationPreferencesVersion
|
|
}
|
|
fmt.Println(decryptedPayload)
|
|
|
|
/*if newRegistration.Version < 1 {
|
|
return ErrInvalidPushNotificationPreferencesVersion
|
|
}*/
|
|
return nil
|
|
}
|
|
|
|
func decrypt(cyphertext []byte, key []byte) ([]byte, error) {
|
|
if len(cyphertext) < nonceLength {
|
|
return nil, ErrInvalidCiphertextLength
|
|
}
|
|
|
|
c, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
gcm, err := cipher.NewGCM(c)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
nonce := cyphertext[:nonceLength]
|
|
return gcm.Open(nil, nonce, cyphertext[nonceLength:], nil)
|
|
}
|
|
|
|
func encrypt(plaintext []byte, key []byte, reader io.Reader) ([]byte, error) {
|
|
c, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
gcm, err := cipher.NewGCM(c)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
nonce := make([]byte, gcm.NonceSize())
|
|
if _, err = io.ReadFull(reader, nonce); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return gcm.Seal(nonce, nonce, plaintext, nil), nil
|
|
}
|