cwtch.im
/
cwtch
13
16
Fork 14
Code Issues 22 Pull Requests 0 Releases 35 Wiki Activity
Official cwtch.im peer and server implementations. https://cwtch.im
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
413 Commits
86 Branches
12 MiB
 
 
 
Tree: 695a622963
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '695a622963'
${ noResults }
cwtch/model/profile.go

420 lines
12 KiB
Raw Blame History 

  1. package model

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"cwtch.im/cwtch/protocol"

  6. 	"encoding/base32"

  7. 	"encoding/hex"

  8. 	"encoding/json"

  9. 	"errors"

  10. 	"git.openprivacy.ca/openprivacy/libricochet-go/utils"

  11. 	"github.com/golang/protobuf/proto"

  12. 	"golang.org/x/crypto/ed25519"

  13. 	"io"

  14. 	"path/filepath"

  15. 	"strings"

  16. 	"sync"

  17. 	"time"

  18. )

  19. 

  20. // PublicProfile is a local copy of a CwtchIdentity

  21. type PublicProfile struct {

  22. 	Name             string

  23. 	Ed25519PublicKey ed25519.PublicKey

  24. 	Trusted          bool

  25. 	Blocked          bool

  26. 	Onion            string

  27. 	Attributes       map[string]string

  28. 	//Timeline         Timeline `json:"-"` // TODO: cache recent messages for client

  29. 	LocalID string // used by storage engine

  30. 	State   string `json:"-"`

  31. 	lock    sync.Mutex

  32. }

  33. 

  34. // Profile encapsulates all the attributes necessary to be a Cwtch Peer.

  35. type Profile struct {

  36. 	PublicProfile

  37. 	Contacts          map[string]*PublicProfile

  38. 	Ed25519PrivateKey ed25519.PrivateKey

  39. 	Groups            map[string]*Group

  40. }

  41. 

  42. // MaxGroupMessageLength is the maximum length of a message posted to a server group.

  43. // TODO: Should this be per server?

  44. const MaxGroupMessageLength = 1800

  45. 

  46. func generateRandomID() string {

  47. 	randBytes := make([]byte, 16)

  48. 	rand.Read(randBytes)

  49. 	return filepath.Join(hex.EncodeToString(randBytes))

  50. }

  51. 

  52. func (p *PublicProfile) init() {

  53. 	if p.Attributes == nil {

  54. 		p.Attributes = make(map[string]string)

  55. 	}

  56. 	p.LocalID = generateRandomID()

  57. }

  58. 

  59. // SetAttribute allows applications to store arbitrary configuration info at the profile level.

  60. func (p *PublicProfile) SetAttribute(name string, value string) {

  61. 	p.lock.Lock()

  62. 	defer p.lock.Unlock()

  63. 	p.Attributes[name] = value

  64. }

  65. 

  66. // GetAttribute returns the value of a value set with SetCustomAttribute. If no such value has been set exists is set to false.

  67. func (p *PublicProfile) GetAttribute(name string) (value string, exists bool) {

  68. 	p.lock.Lock()

  69. 	defer p.lock.Unlock()

  70. 	value, exists = p.Attributes[name]

  71. 	return

  72. }

  73. 

  74. // GenerateNewProfile creates a new profile, with new encryption and signing keys, and a profile name.

  75. func GenerateNewProfile(name string) *Profile {

  76. 	p := new(Profile)

  77. 	p.init()

  78. 	p.Name = name

  79. 	pub, priv, _ := ed25519.GenerateKey(rand.Reader)

  80. 	p.Ed25519PublicKey = pub

  81. 	p.Ed25519PrivateKey = priv

  82. 	p.Onion = utils.GetTorV3Hostname(pub)

  83. 

  84. 	p.Contacts = make(map[string]*PublicProfile)

  85. 	p.Contacts[p.Onion] = &p.PublicProfile

  86. 	p.Groups = make(map[string]*Group)

  87. 	return p

  88. }

  89. 

  90. // GetCwtchIdentityPacket returns the wire message for conveying this profiles identity.

  91. func (p *Profile) GetCwtchIdentityPacket() (message []byte) {

  92. 	ci := &protocol.CwtchIdentity{

  93. 		Name:             p.Name,

  94. 		Ed25519PublicKey: p.Ed25519PublicKey,

  95. 	}

  96. 	cpp := &protocol.CwtchPeerPacket{

  97. 		CwtchIdentify: ci,

  98. 	}

  99. 	message, err := proto.Marshal(cpp)

  100. 	utils.CheckError(err)

  101. 	return

  102. }

  103. 

  104. // AddContact allows direct manipulation of cwtch contacts

  105. func (p *Profile) AddContact(onion string, profile *PublicProfile) {

  106. 	p.lock.Lock()

  107. 	profile.init()

  108. 	// TODO: More Robust V3 Onion Handling

  109. 	decodedPub, _ := base32.StdEncoding.DecodeString(strings.ToUpper(onion[:56]))

  110. 	profile.Ed25519PublicKey = ed25519.PublicKey(decodedPub[:32])

  111. 	p.Contacts[onion] = profile

  112. 	p.lock.Unlock()

  113. }

  114. 

  115. // DeleteContact deletes a peer contact

  116. func (p *Profile) DeleteContact(onion string) {

  117. 	p.lock.Lock()

  118. 	defer p.lock.Unlock()

  119. 	delete(p.Contacts, onion)

  120. }

  121. 

  122. // DeleteGroup deletes a group

  123. func (p *Profile) DeleteGroup(groupID string) {

  124. 	p.lock.Lock()

  125. 	defer p.lock.Unlock()

  126. 	delete(p.Groups, groupID)

  127. }

  128. 

  129. // RejectInvite rejects and removes a group invite

  130. func (p *Profile) RejectInvite(groupID string) {

  131. 	p.lock.Lock()

  132. 	delete(p.Groups, groupID)

  133. 	p.lock.Unlock()

  134. }

  135. 

  136. /*

  137. // AddMessageToContactTimeline allows the saving of a message sent via a direct connection chat to the profile.

  138. func (p *Profile) AddMessageToContactTimeline(onion string, fromMe bool, message string, sent time.Time) {

  139. 	p.lock.Lock()

  140. 	defer p.lock.Unlock()

  141. 	contact, ok := p.Contacts[onion]

  142. 

  143. 	// We don't really need a Signature here, but we use it to maintain order

  144. 	now := time.Now()

  145. 	sig := p.SignMessage(onion + message + sent.String() + now.String())

  146. 	if ok {

  147. 		if fromMe {

  148. 			contact.Timeline.Insert(&Message{PeerID: p.Onion, Message: message, Timestamp: sent, Received: now, Signature: sig})

  149. 		} else {

  150. 			contact.Timeline.Insert(&Message{PeerID: onion, Message: message, Timestamp: sent, Received: now, Signature: sig})

  151. 		}

  152. 	}

  153. }

  154. */

  155. 

  156. // AcceptInvite accepts a group invite

  157. func (p *Profile) AcceptInvite(groupID string) (err error) {

  158. 	p.lock.Lock()

  159. 	defer p.lock.Unlock()

  160. 	group, ok := p.Groups[groupID]

  161. 	if ok {

  162. 		group.Accepted = true

  163. 	} else {

  164. 		err = errors.New("group does not exist")

  165. 	}

  166. 	return

  167. }

  168. 

  169. // GetGroups returns an unordered list of group IDs associated with this profile.

  170. func (p *Profile) GetGroups() []string {

  171. 	p.lock.Lock()

  172. 	defer p.lock.Unlock()

  173. 	var keys []string

  174. 	for onion := range p.Groups {

  175. 		keys = append(keys, onion)

  176. 	}

  177. 	return keys

  178. }

  179. 

  180. // GetContacts returns an unordered list of contact onions associated with this profile.

  181. func (p *Profile) GetContacts() []string {

  182. 	p.lock.Lock()

  183. 	defer p.lock.Unlock()

  184. 	var keys []string

  185. 	for onion := range p.Contacts {

  186. 		if onion != p.Onion {

  187. 			keys = append(keys, onion)

  188. 		}

  189. 	}

  190. 	return keys

  191. }

  192. 

  193. // BlockPeer blocks a contact

  194. func (p *Profile) BlockPeer(onion string) (err error) {

  195. 	p.lock.Lock()

  196. 	defer p.lock.Unlock()

  197. 	contact, ok := p.Contacts[onion]

  198. 	if ok {

  199. 		contact.Blocked = true

  200. 	} else {

  201. 		err = errors.New("peer does not exist")

  202. 	}

  203. 	return

  204. }

  205. 

  206. // BlockedPeers calculates a list of Peers who have been Blocked.

  207. func (p *Profile) BlockedPeers() []string {

  208. 	blockedPeers := []string{}

  209. 	for _, contact := range p.GetContacts() {

  210. 		c, _ := p.GetContact(contact)

  211. 		if c.Blocked {

  212. 			blockedPeers = append(blockedPeers, c.Onion)

  213. 		}

  214. 	}

  215. 	return blockedPeers

  216. }

  217. 

  218. // TrustPeer sets a contact to trusted

  219. func (p *Profile) TrustPeer(onion string) (err error) {

  220. 	p.lock.Lock()

  221. 	defer p.lock.Unlock()

  222. 	contact, ok := p.Contacts[onion]

  223. 	if ok {

  224. 		contact.Trusted = true

  225. 	} else {

  226. 		err = errors.New("peer does not exist")

  227. 	}

  228. 	return

  229. }

  230. 

  231. // IsBlocked returns true if the contact has been blocked, false otherwise

  232. func (p *Profile) IsBlocked(onion string) bool {

  233. 	contact, ok := p.GetContact(onion)

  234. 	if ok {

  235. 		return contact.Blocked

  236. 	}

  237. 	return false

  238. }

  239. 

  240. // GetContact returns a contact if the profile has it

  241. func (p *Profile) GetContact(onion string) (*PublicProfile, bool) {

  242. 	p.lock.Lock()

  243. 	defer p.lock.Unlock()

  244. 	contact, ok := p.Contacts[onion]

  245. 	return contact, ok

  246. }

  247. 

  248. // VerifyGroupMessage confirms the authenticity of a message given an onion, message and signature.

  249. func (p *Profile) VerifyGroupMessage(onion string, groupID string, message string, timestamp int32, ciphertext []byte, signature []byte) bool {

  250. 

  251. 	group := p.GetGroupByGroupID(groupID)

  252. 	if group == nil {

  253. 		return false

  254. 	}

  255. 

  256. 	if onion == p.Onion {

  257. 		m := groupID + group.GroupServer + string(ciphertext)

  258. 		return ed25519.Verify(p.Ed25519PublicKey, []byte(m), signature)

  259. 	}

  260. 

  261. 	m := groupID + group.GroupServer + string(ciphertext)

  262. 	decodedPub, err := base32.StdEncoding.DecodeString(strings.ToUpper(onion))

  263. 	if err == nil {

  264. 		return ed25519.Verify(decodedPub[:32], []byte(m), signature)

  265. 	}

  266. 	return false

  267. }

  268. 

  269. // SignMessage takes a given message and returns an Ed21159 signature

  270. func (p *Profile) SignMessage(message string) []byte {

  271. 	sig := ed25519.Sign(p.Ed25519PrivateKey, []byte(message))

  272. 	return sig

  273. }

  274. 

  275. // StartGroup when given a server, creates a new Group under this profile and returns the group id an a precomputed

  276. // invite which can be sent on the wire.

  277. func (p *Profile) StartGroup(server string) (groupID string, invite []byte, err error) {

  278. 	return p.StartGroupWithMessage(server, []byte{})

  279. }

  280. 

  281. // StartGroupWithMessage when given a server, and an initial message creates a new Group under this profile and returns the group id an a precomputed

  282. // invite which can be sent on the wire.

  283. func (p *Profile) StartGroupWithMessage(server string, initialMessage []byte) (groupID string, invite []byte, err error) {

  284. 	group, err := NewGroup(server)

  285. 	if err != nil {

  286. 		return "", nil, err

  287. 	}

  288. 	groupID = group.GroupID

  289. 	group.Owner = p.Onion

  290. 	signedGroupID := p.SignMessage(groupID + server)

  291. 	group.SignGroup(signedGroupID)

  292. 	invite, err = group.Invite(initialMessage)

  293. 	p.lock.Lock()

  294. 	defer p.lock.Unlock()

  295. 	p.Groups[group.GroupID] = group

  296. 	return

  297. }

  298. 

  299. // GetGroupByGroupID a pointer to a Group by the group Id, returns nil if no group found.

  300. func (p *Profile) GetGroupByGroupID(groupID string) (g *Group) {

  301. 	p.lock.Lock()

  302. 	defer p.lock.Unlock()

  303. 	g = p.Groups[groupID]

  304. 	return

  305. }

  306. 

  307. // ProcessInvite adds a new group invite to the profile.

  308. func (p *Profile) ProcessInvite(gci *protocol.GroupChatInvite, peerHostname string) {

  309. 	group := new(Group)

  310. 	group.GroupID = gci.GetGroupName()

  311. 	group.LocalID = generateRandomID()

  312. 	group.SignedGroupID = gci.GetSignedGroupId()

  313. 	copy(group.GroupKey[:], gci.GetGroupSharedKey()[:])

  314. 	group.GroupServer = gci.GetServerHost()

  315. 	group.InitialMessage = gci.GetInitialMessage()[:]

  316. 	group.Accepted = false

  317. 	group.Owner = peerHostname

  318. 	group.Attributes = make(map[string]string)

  319. 	p.AddGroup(group)

  320. }

  321. 

  322. // AddGroup is a convenience method for adding a group to a profile.

  323. func (p *Profile) AddGroup(group *Group) {

  324. 	_, exists := p.Groups[group.GroupID]

  325. 	if !exists {

  326. 		p.lock.Lock()

  327. 		defer p.lock.Unlock()

  328. 		p.Groups[group.GroupID] = group

  329. 	}

  330. }

  331. 

  332. // AttemptDecryption takes a ciphertext and signature and attempts to decrypt it under known groups.

  333. func (p *Profile) AttemptDecryption(ciphertext []byte, signature []byte) (bool, string, *Message, bool) {

  334. 	for _, group := range p.Groups {

  335. 		success, dgm := group.DecryptMessage(ciphertext)

  336. 		if success {

  337. 			verified := p.VerifyGroupMessage(dgm.GetOnion(), group.GroupID, dgm.GetText(), dgm.GetTimestamp(), ciphertext, signature)

  338. 

  339. 			// So we have a message that has a valid group key, but the signature can't be verified.

  340. 			// The most obvious explanation for this is that the group key has been compromised (or we are in an open group and the server is being malicious)

  341. 			// Either way, someone who has the private key is being detectably bad so we are just going to throw this message away and mark the group as Compromised.

  342. 			if !verified {

  343. 				group.Compromised()

  344. 				return false, group.GroupID, nil, false

  345. 			}

  346. 			message, seen := group.AddMessage(dgm, signature)

  347. 			return true, group.GroupID, message, seen

  348. 		}

  349. 	}

  350. 

  351. 	// If we couldn't find a group to decrypt the message with we just return false. This is an expected case

  352. 	return false, "", nil, false

  353. }

  354. 

  355. func getRandomness(arr *[]byte) {

  356. 	if _, err := io.ReadFull(rand.Reader, (*arr)[:]); err != nil {

  357. 		utils.CheckError(err)

  358. 	}

  359. }

  360. 

  361. // EncryptMessageToGroup when given a message and a group, encrypts and signs the message under the group and

  362. // profile

  363. func (p *Profile) EncryptMessageToGroup(message string, groupID string) ([]byte, []byte, error) {

  364. 

  365. 	if len(message) > MaxGroupMessageLength {

  366. 		return nil, nil, errors.New("group message is too long")

  367. 	}

  368. 

  369. 	group := p.GetGroupByGroupID(groupID)

  370. 	if group != nil {

  371. 		timestamp := time.Now().Unix()

  372. 

  373. 		var prevSig []byte

  374. 		if len(group.Timeline.Messages) > 0 {

  375. 			prevSig = group.Timeline.Messages[len(group.Timeline.Messages)-1].Signature

  376. 		} else {

  377. 			prevSig = group.SignedGroupID

  378. 		}

  379. 

  380. 		lenPadding := MaxGroupMessageLength - len(message)

  381. 		padding := make([]byte, lenPadding)

  382. 		getRandomness(&padding)

  383. 

  384. 		dm := &protocol.DecryptedGroupMessage{

  385. 			Onion:              proto.String(p.Onion),

  386. 			Text:               proto.String(message),

  387. 			SignedGroupId:      group.SignedGroupID[:],

  388. 			Timestamp:          proto.Int32(int32(timestamp)),

  389. 			PreviousMessageSig: prevSig,

  390. 			Padding:            padding[:],

  391. 		}

  392. 		ciphertext, err := group.EncryptMessage(dm)

  393. 		if err != nil {

  394. 			return nil, nil, err

  395. 		}

  396. 		signature := p.SignMessage(groupID + group.GroupServer + string(ciphertext))

  397. 		group.AddSentMessage(dm, signature)

  398. 		return ciphertext, signature, nil

  399. 	}

  400. 	return nil, nil, errors.New("group does not exist")

  401. }

  402. 

  403. // GetCopy returns a full deep copy of the Profile struct and its members (timeline inclusion control by arg)

  404. func (p *Profile) GetCopy(timeline bool) *Profile {

  405. 	p.lock.Lock()

  406. 	defer p.lock.Unlock()

  407. 

  408. 	newp := new(Profile)

  409. 	bytes, _ := json.Marshal(p)

  410. 	json.Unmarshal(bytes, &newp)

  411. 

  412. 	if timeline {

  413. 		for groupID := range newp.Groups {

  414. 			newp.Groups[groupID].Timeline = *p.Groups[groupID].Timeline.GetCopy()

  415. 		}

  416. 	}

  417. 

  418. 	return newp

  419. }