From 6eb1b53e60a12f82c8d47a5824bf9cee954ccdc2 Mon Sep 17 00:00:00 2001 From: hrxi Date: Mon, 19 Jun 2023 14:08:57 +0200 Subject: Merge `signal-protocol` into `omemo` plugin Same reasoning as for the `openpgp` plugin. --- plugins/omemo/src/signal/context.vala | 103 ++++++++ plugins/omemo/src/signal/signal_helper.c | 377 +++++++++++++++++++++++++++ plugins/omemo/src/signal/signal_helper.h | 45 ++++ plugins/omemo/src/signal/simple_iks.vala | 40 +++ plugins/omemo/src/signal/simple_pks.vala | 33 +++ plugins/omemo/src/signal/simple_spks.vala | 33 +++ plugins/omemo/src/signal/simple_ss.vala | 75 ++++++ plugins/omemo/src/signal/store.vala | 415 ++++++++++++++++++++++++++++++ plugins/omemo/src/signal/util.vala | 45 ++++ 9 files changed, 1166 insertions(+) create mode 100644 plugins/omemo/src/signal/context.vala create mode 100644 plugins/omemo/src/signal/signal_helper.c create mode 100644 plugins/omemo/src/signal/signal_helper.h create mode 100644 plugins/omemo/src/signal/simple_iks.vala create mode 100644 plugins/omemo/src/signal/simple_pks.vala create mode 100644 plugins/omemo/src/signal/simple_spks.vala create mode 100644 plugins/omemo/src/signal/simple_ss.vala create mode 100644 plugins/omemo/src/signal/store.vala create mode 100644 plugins/omemo/src/signal/util.vala (limited to 'plugins/omemo/src') diff --git a/plugins/omemo/src/signal/context.vala b/plugins/omemo/src/signal/context.vala new file mode 100644 index 00000000..40a07b0f --- /dev/null +++ b/plugins/omemo/src/signal/context.vala @@ -0,0 +1,103 @@ +namespace Signal { + +public class Context { + internal NativeContext native_context; + private RecMutex mutex = RecMutex(); + + static void locking_function_lock(void* user_data) { + Context ctx = (Context) user_data; + ctx.mutex.lock(); + } + + static void locking_function_unlock(void* user_data) { + Context ctx = (Context) user_data; + ctx.mutex.unlock(); + } + + static void stderr_log(LogLevel level, string message, size_t len, void* user_data) { + printerr(@"$level: $message\n"); + } + + public Context(bool log = false) throws Error { + throw_by_code(NativeContext.create(out native_context, this), "Error initializing native context"); + throw_by_code(native_context.set_locking_functions(locking_function_lock, locking_function_unlock), "Error initializing native locking functions"); + if (log) native_context.set_log_function(stderr_log); + setup_crypto_provider(native_context); + } + + public Store create_store() { + return new Store(this); + } + + public void randomize(uint8[] data) throws Error { + throw_by_code(Signal.native_random(data)); + } + + public SignedPreKeyRecord generate_signed_pre_key(IdentityKeyPair identity_key_pair, int32 id, uint64 timestamp = 0) throws Error { + if (timestamp == 0) timestamp = new DateTime.now_utc().to_unix(); + SignedPreKeyRecord res; + throw_by_code(Protocol.KeyHelper.generate_signed_pre_key(out res, identity_key_pair, id, timestamp, native_context)); + return res; + } + + public Gee.Set generate_pre_keys(uint start, uint count) throws Error { + Gee.Set res = new Gee.HashSet(); + for(uint i = start; i < start+count; i++) { + ECKeyPair pair = generate_key_pair(); + PreKeyRecord record; + throw_by_code(PreKeyRecord.create(out record, i, pair)); + res.add(record); + } + return res; + } + + public ECPublicKey decode_public_key(uint8[] bytes) throws Error { + ECPublicKey public_key; + throw_by_code(curve_decode_point(out public_key, bytes, native_context), "Error decoding public key"); + return public_key; + } + + public ECPrivateKey decode_private_key(uint8[] bytes) throws Error { + ECPrivateKey private_key; + throw_by_code(curve_decode_private_point(out private_key, bytes, native_context), "Error decoding private key"); + return private_key; + } + + public ECKeyPair generate_key_pair() throws Error { + ECKeyPair key_pair; + throw_by_code(curve_generate_key_pair(native_context, out key_pair), "Error generating key pair"); + return key_pair; + } + + public uint8[] calculate_signature(ECPrivateKey signing_key, uint8[] message) throws Error { + Buffer signature; + throw_by_code(Curve.calculate_signature(native_context, out signature, signing_key, message), "Error calculating signature"); + return signature.data; + } + + public SignalMessage deserialize_signal_message(uint8[] data) throws Error { + SignalMessage res; + throw_by_code(signal_message_deserialize(out res, data, native_context)); + return res; + } + + public SignalMessage copy_signal_message(CiphertextMessage original) throws Error { + SignalMessage res; + throw_by_code(signal_message_copy(out res, (SignalMessage) original, native_context)); + return res; + } + + public PreKeySignalMessage deserialize_pre_key_signal_message(uint8[] data) throws Error { + PreKeySignalMessage res; + throw_by_code(pre_key_signal_message_deserialize(out res, data, native_context)); + return res; + } + + public PreKeySignalMessage copy_pre_key_signal_message(CiphertextMessage original) throws Error { + PreKeySignalMessage res; + throw_by_code(pre_key_signal_message_copy(out res, (PreKeySignalMessage) original, native_context)); + return res; + } +} + +} diff --git a/plugins/omemo/src/signal/signal_helper.c b/plugins/omemo/src/signal/signal_helper.c new file mode 100644 index 00000000..17682929 --- /dev/null +++ b/plugins/omemo/src/signal/signal_helper.c @@ -0,0 +1,377 @@ +#include "signal_helper.h" + +#include + +signal_type_base* signal_type_ref_vapi(void* instance) { + g_return_val_if_fail(instance != NULL, NULL); + signal_type_ref(instance); + return instance; +} + +signal_type_base* signal_type_unref_vapi(void* instance) { + g_return_val_if_fail(instance != NULL, NULL); + signal_type_unref(instance); + return NULL; +} + +signal_protocol_address* signal_protocol_address_new(const gchar* name, int32_t device_id) { + g_return_val_if_fail(name != NULL, NULL); + signal_protocol_address* address = malloc(sizeof(signal_protocol_address)); + address->device_id = -1; + address->name = NULL; + signal_protocol_address_set_name(address, name); + signal_protocol_address_set_device_id(address, device_id); + return address; +} + +void signal_protocol_address_free(signal_protocol_address* ptr) { + g_return_if_fail(ptr != NULL); + if (ptr->name) { + g_free((void*)ptr->name); + } + return free(ptr); +} + +void signal_protocol_address_set_name(signal_protocol_address* self, const gchar* name) { + g_return_if_fail(self != NULL); + g_return_if_fail(name != NULL); + gchar* n = g_malloc(strlen(name)+1); + memcpy(n, name, strlen(name)); + n[strlen(name)] = 0; + if (self->name) { + g_free((void*)self->name); + } + self->name = n; + self->name_len = strlen(n); +} + +gchar* signal_protocol_address_get_name(signal_protocol_address* self) { + g_return_val_if_fail(self != NULL, NULL); + g_return_val_if_fail(self->name != NULL, 0); + gchar* res = g_malloc(sizeof(char) * (self->name_len + 1)); + memcpy(res, self->name, self->name_len); + res[self->name_len] = 0; + return res; +} + +int32_t signal_protocol_address_get_device_id(signal_protocol_address* self) { + g_return_val_if_fail(self != NULL, -1); + return self->device_id; +} + +void signal_protocol_address_set_device_id(signal_protocol_address* self, int32_t device_id) { + g_return_if_fail(self != NULL); + self->device_id = device_id; +} + +int signal_vala_randomize(uint8_t *data, size_t len) { + gcry_randomize(data, len, GCRY_STRONG_RANDOM); + return SG_SUCCESS; +} + +int signal_vala_random_generator(uint8_t *data, size_t len, void *user_data) { + gcry_randomize(data, len, GCRY_STRONG_RANDOM); + return SG_SUCCESS; +} + +int signal_vala_hmac_sha256_init(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data) { + gcry_mac_hd_t* ctx = malloc(sizeof(gcry_mac_hd_t)); + if (!ctx) return SG_ERR_NOMEM; + + if (gcry_mac_open(ctx, GCRY_MAC_HMAC_SHA256, 0, 0)) { + free(ctx); + return SG_ERR_UNKNOWN; + } + + if (gcry_mac_setkey(*ctx, key, key_len)) { + free(ctx); + return SG_ERR_UNKNOWN; + } + + *hmac_context = ctx; + + return SG_SUCCESS; +} + +int signal_vala_hmac_sha256_update(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data) { + gcry_mac_hd_t* ctx = hmac_context; + + if (gcry_mac_write(*ctx, data, data_len)) return SG_ERR_UNKNOWN; + + return SG_SUCCESS; +} + +int signal_vala_hmac_sha256_final(void *hmac_context, signal_buffer **output, void *user_data) { + size_t len = gcry_mac_get_algo_maclen(GCRY_MAC_HMAC_SHA256); + uint8_t md[len]; + gcry_mac_hd_t* ctx = hmac_context; + + if (gcry_mac_read(*ctx, md, &len)) return SG_ERR_UNKNOWN; + + signal_buffer *output_buffer = signal_buffer_create(md, len); + if (!output_buffer) return SG_ERR_NOMEM; + + *output = output_buffer; + + return SG_SUCCESS; +} + +void signal_vala_hmac_sha256_cleanup(void *hmac_context, void *user_data) { + gcry_mac_hd_t* ctx = hmac_context; + if (ctx) { + gcry_mac_close(*ctx); + free(ctx); + } +} + +int signal_vala_sha512_digest_init(void **digest_context, void *user_data) { + gcry_md_hd_t* ctx = malloc(sizeof(gcry_mac_hd_t)); + if (!ctx) return SG_ERR_NOMEM; + + if (gcry_md_open(ctx, GCRY_MD_SHA512, 0)) { + free(ctx); + return SG_ERR_UNKNOWN; + } + + *digest_context = ctx; + + return SG_SUCCESS; +} + +int signal_vala_sha512_digest_update(void *digest_context, const uint8_t *data, size_t data_len, void *user_data) { + gcry_md_hd_t* ctx = digest_context; + + gcry_md_write(*ctx, data, data_len); + + return SG_SUCCESS; +} + +int signal_vala_sha512_digest_final(void *digest_context, signal_buffer **output, void *user_data) { + size_t len = gcry_md_get_algo_dlen(GCRY_MD_SHA512); + gcry_md_hd_t* ctx = digest_context; + + uint8_t* md = gcry_md_read(*ctx, GCRY_MD_SHA512); + if (!md) return SG_ERR_UNKNOWN; + + gcry_md_reset(*ctx); + + signal_buffer *output_buffer = signal_buffer_create(md, len); + free(md); + if (!output_buffer) return SG_ERR_NOMEM; + + *output = output_buffer; + + return SG_SUCCESS; +} + +void signal_vala_sha512_digest_cleanup(void *digest_context, void *user_data) { + gcry_md_hd_t* ctx = digest_context; + if (ctx) { + gcry_md_close(*ctx); + free(ctx); + } +} + +const int aes_cipher(int cipher, size_t key_len, int* algo, int* mode) { + switch (key_len) { + case 16: + *algo = GCRY_CIPHER_AES128; + break; + case 24: + *algo = GCRY_CIPHER_AES192; + break; + case 32: + *algo = GCRY_CIPHER_AES256; + break; + default: + return SG_ERR_UNKNOWN; + } + switch (cipher) { + case SG_CIPHER_AES_CBC_PKCS5: + *mode = GCRY_CIPHER_MODE_CBC; + break; + case SG_CIPHER_AES_CTR_NOPADDING: + *mode = GCRY_CIPHER_MODE_CTR; + break; + case SG_CIPHER_AES_GCM_NOPADDING: + *mode = GCRY_CIPHER_MODE_GCM; + break; + default: + return SG_ERR_UNKNOWN; + } + return SG_SUCCESS; +} + +int signal_vala_encrypt(signal_buffer **output, + int cipher, + const uint8_t *key, size_t key_len, + const uint8_t *iv, size_t iv_len, + const uint8_t *plaintext, size_t plaintext_len, + void *user_data) { + int algo, mode, error_code = SG_ERR_UNKNOWN; + if (aes_cipher(cipher, key_len, &algo, &mode)) return SG_ERR_INVAL; + + gcry_cipher_hd_t ctx = {0}; + + if (gcry_cipher_open(&ctx, algo, mode, 0)) return SG_ERR_NOMEM; + + signal_buffer* padded = 0; + signal_buffer* out_buf = 0; + goto no_error; +error: + gcry_cipher_close(ctx); + if (padded != 0) { + signal_buffer_bzero_free(padded); + } + if (out_buf != 0) { + signal_buffer_free(out_buf); + } + return error_code; +no_error: + + if (gcry_cipher_setkey(ctx, key, key_len)) goto error; + + uint8_t tag_len = 0, pad_len = 0; + switch (cipher) { + case SG_CIPHER_AES_CBC_PKCS5: + if (gcry_cipher_setiv(ctx, iv, iv_len)) goto error; + pad_len = 16 - (plaintext_len % 16); + if (pad_len == 0) pad_len = 16; + break; + case SG_CIPHER_AES_CTR_NOPADDING: + if (gcry_cipher_setctr(ctx, iv, iv_len)) goto error; + break; + case SG_CIPHER_AES_GCM_NOPADDING: + if (gcry_cipher_setiv(ctx, iv, iv_len)) goto error; + tag_len = 16; + break; + default: + return SG_ERR_UNKNOWN; + } + + size_t padded_len = plaintext_len + pad_len; + padded = signal_buffer_alloc(padded_len); + if (padded == 0) { + error_code = SG_ERR_NOMEM; + goto error; + } + + memset(signal_buffer_data(padded) + plaintext_len, pad_len, pad_len); + memcpy(signal_buffer_data(padded), plaintext, plaintext_len); + + out_buf = signal_buffer_alloc(padded_len + tag_len); + if (out_buf == 0) { + error_code = SG_ERR_NOMEM; + goto error; + } + + if (gcry_cipher_encrypt(ctx, signal_buffer_data(out_buf), padded_len, signal_buffer_data(padded), padded_len)) goto error; + + if (tag_len > 0) { + if (gcry_cipher_gettag(ctx, signal_buffer_data(out_buf) + padded_len, tag_len)) goto error; + } + + *output = out_buf; + out_buf = 0; + + signal_buffer_bzero_free(padded); + padded = 0; + + gcry_cipher_close(ctx); + return SG_SUCCESS; +} + +int signal_vala_decrypt(signal_buffer **output, + int cipher, + const uint8_t *key, size_t key_len, + const uint8_t *iv, size_t iv_len, + const uint8_t *ciphertext, size_t ciphertext_len, + void *user_data) { + int algo, mode, error_code = SG_ERR_UNKNOWN; + *output = 0; + if (aes_cipher(cipher, key_len, &algo, &mode)) return SG_ERR_INVAL; + if (ciphertext_len == 0) return SG_ERR_INVAL; + + gcry_cipher_hd_t ctx = {0}; + + if (gcry_cipher_open(&ctx, algo, mode, 0)) return SG_ERR_NOMEM; + + signal_buffer* out_buf = 0; + goto no_error; +error: + gcry_cipher_close(ctx); + if (out_buf != 0) { + signal_buffer_bzero_free(out_buf); + } + return error_code; +no_error: + + if (gcry_cipher_setkey(ctx, key, key_len)) goto error; + + uint8_t tag_len = 0, pkcs_pad = FALSE; + switch (cipher) { + case SG_CIPHER_AES_CBC_PKCS5: + if (gcry_cipher_setiv(ctx, iv, iv_len)) goto error; + pkcs_pad = TRUE; + break; + case SG_CIPHER_AES_CTR_NOPADDING: + if (gcry_cipher_setctr(ctx, iv, iv_len)) goto error; + break; + case SG_CIPHER_AES_GCM_NOPADDING: + if (gcry_cipher_setiv(ctx, iv, iv_len)) goto error; + if (ciphertext_len < 16) goto error; + tag_len = 16; + break; + default: + goto error; + } + + size_t padded_len = ciphertext_len - tag_len; + out_buf = signal_buffer_alloc(padded_len); + if (out_buf == 0) { + error_code = SG_ERR_NOMEM; + goto error; + } + + if (gcry_cipher_decrypt(ctx, signal_buffer_data(out_buf), signal_buffer_len(out_buf), ciphertext, padded_len)) goto error; + + if (tag_len > 0) { + if (gcry_cipher_checktag(ctx, ciphertext + padded_len, tag_len)) goto error; + } + + if (pkcs_pad) { + uint8_t pad_len = signal_buffer_data(out_buf)[padded_len - 1]; + if (pad_len > 16 || pad_len > padded_len) goto error; + *output = signal_buffer_create(signal_buffer_data(out_buf), padded_len - pad_len); + signal_buffer_bzero_free(out_buf); + out_buf = 0; + } else { + *output = out_buf; + out_buf = 0; + } + + gcry_cipher_close(ctx); + return SG_SUCCESS; +} + +void setup_signal_vala_crypto_provider(signal_context *context) +{ + gcry_check_version(NULL); + + signal_crypto_provider provider = { + .random_func = signal_vala_random_generator, + .hmac_sha256_init_func = signal_vala_hmac_sha256_init, + .hmac_sha256_update_func = signal_vala_hmac_sha256_update, + .hmac_sha256_final_func = signal_vala_hmac_sha256_final, + .hmac_sha256_cleanup_func = signal_vala_hmac_sha256_cleanup, + .sha512_digest_init_func = signal_vala_sha512_digest_init, + .sha512_digest_update_func = signal_vala_sha512_digest_update, + .sha512_digest_final_func = signal_vala_sha512_digest_final, + .sha512_digest_cleanup_func = signal_vala_sha512_digest_cleanup, + .encrypt_func = signal_vala_encrypt, + .decrypt_func = signal_vala_decrypt, + .user_data = 0 + }; + + signal_context_set_crypto_provider(context, &provider); +} diff --git a/plugins/omemo/src/signal/signal_helper.h b/plugins/omemo/src/signal/signal_helper.h new file mode 100644 index 00000000..949a3c7b --- /dev/null +++ b/plugins/omemo/src/signal/signal_helper.h @@ -0,0 +1,45 @@ +#ifndef SIGNAL_PROTOCOL_VALA_HELPER +#define SIGNAL_PROTOCOL_VALA_HELPER 1 + +#include +#include +#include + +#define SG_CIPHER_AES_GCM_NOPADDING 1000 + +signal_type_base* signal_type_ref_vapi(void* what); +signal_type_base* signal_type_unref_vapi(void* what); + +signal_protocol_address* signal_protocol_address_new(const gchar* name, int32_t device_id); +void signal_protocol_address_free(signal_protocol_address* ptr); +void signal_protocol_address_set_name(signal_protocol_address* self, const gchar* name); +gchar* signal_protocol_address_get_name(signal_protocol_address* self); +void signal_protocol_address_set_device_id(signal_protocol_address* self, int32_t device_id); +int32_t signal_protocol_address_get_device_id(signal_protocol_address* self); + +int signal_vala_randomize(uint8_t *data, size_t len); +int signal_vala_random_generator(uint8_t *data, size_t len, void *user_data); +int signal_vala_hmac_sha256_init(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data); +int signal_vala_hmac_sha256_update(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data); +int signal_vala_hmac_sha256_final(void *hmac_context, signal_buffer **output, void *user_data); +void signal_vala_hmac_sha256_cleanup(void *hmac_context, void *user_data); +int signal_vala_sha512_digest_init(void **digest_context, void *user_data); +int signal_vala_sha512_digest_update(void *digest_context, const uint8_t *data, size_t data_len, void *user_data); +int signal_vala_sha512_digest_final(void *digest_context, signal_buffer **output, void *user_data); +void signal_vala_sha512_digest_cleanup(void *digest_context, void *user_data); + +int signal_vala_encrypt(signal_buffer **output, + int cipher, + const uint8_t *key, size_t key_len, + const uint8_t *iv, size_t iv_len, + const uint8_t *plaintext, size_t plaintext_len, + void *user_data); +int signal_vala_decrypt(signal_buffer **output, + int cipher, + const uint8_t *key, size_t key_len, + const uint8_t *iv, size_t iv_len, + const uint8_t *ciphertext, size_t ciphertext_len, + void *user_data); +void setup_signal_vala_crypto_provider(signal_context *context); + +#endif diff --git a/plugins/omemo/src/signal/simple_iks.vala b/plugins/omemo/src/signal/simple_iks.vala new file mode 100644 index 00000000..5247c455 --- /dev/null +++ b/plugins/omemo/src/signal/simple_iks.vala @@ -0,0 +1,40 @@ +using Gee; + +namespace Signal { + +public class SimpleIdentityKeyStore : IdentityKeyStore { + public override Bytes identity_key_private { get; set; } + public override Bytes identity_key_public { get; set; } + public override uint32 local_registration_id { get; set; } + private Map> trusted_identities = new HashMap>(); + + public override void save_identity(Address address, uint8[] key) throws Error { + string name = address.name; + if (trusted_identities.has_key(name)) { + if (trusted_identities[name].has_key(address.device_id)) { + trusted_identities[name][address.device_id].key = key; + trusted_identity_updated(trusted_identities[name][address.device_id]); + } else { + trusted_identities[name][address.device_id] = new TrustedIdentity.by_address(address, key); + trusted_identity_added(trusted_identities[name][address.device_id]); + } + } else { + trusted_identities[name] = new HashMap(); + trusted_identities[name][address.device_id] = new TrustedIdentity.by_address(address, key); + trusted_identity_added(trusted_identities[name][address.device_id]); + } + } + + public override bool is_trusted_identity(Address address, uint8[] key) throws Error { + if (!trusted_identities.has_key(address.name)) return true; + if (!trusted_identities[address.name].has_key(address.device_id)) return true; + uint8[] other_key = trusted_identities[address.name][address.device_id].key; + if (other_key.length != key.length) return false; + for (int i = 0; i < key.length; i++) { + if (other_key[i] != key[i]) return false; + } + return true; + } +} + +} diff --git a/plugins/omemo/src/signal/simple_pks.vala b/plugins/omemo/src/signal/simple_pks.vala new file mode 100644 index 00000000..1f059fda --- /dev/null +++ b/plugins/omemo/src/signal/simple_pks.vala @@ -0,0 +1,33 @@ +using Gee; + +namespace Signal { + +public class SimplePreKeyStore : PreKeyStore { + private Map pre_key_map = new HashMap(); + + public override uint8[]? load_pre_key(uint32 pre_key_id) throws Error { + if (contains_pre_key(pre_key_id)) { + return pre_key_map[pre_key_id].record; + } + return null; + } + + public override void store_pre_key(uint32 pre_key_id, uint8[] record) throws Error { + PreKeyStore.Key key = new Key(pre_key_id, record); + pre_key_map[pre_key_id] = key; + pre_key_stored(key); + } + + public override bool contains_pre_key(uint32 pre_key_id) throws Error { + return pre_key_map.has_key(pre_key_id); + } + + public override void delete_pre_key(uint32 pre_key_id) throws Error { + PreKeyStore.Key key; + if (pre_key_map.unset(pre_key_id, out key)) { + pre_key_deleted(key); + } + } +} + +} \ No newline at end of file diff --git a/plugins/omemo/src/signal/simple_spks.vala b/plugins/omemo/src/signal/simple_spks.vala new file mode 100644 index 00000000..f0fe09ab --- /dev/null +++ b/plugins/omemo/src/signal/simple_spks.vala @@ -0,0 +1,33 @@ +using Gee; + +namespace Signal { + +public class SimpleSignedPreKeyStore : SignedPreKeyStore { + private Map pre_key_map = new HashMap(); + + public override uint8[]? load_signed_pre_key(uint32 pre_key_id) throws Error { + if (contains_signed_pre_key(pre_key_id)) { + return pre_key_map[pre_key_id].record; + } + return null; + } + + public override void store_signed_pre_key(uint32 pre_key_id, uint8[] record) throws Error { + SignedPreKeyStore.Key key = new Key(pre_key_id, record); + pre_key_map[pre_key_id] = key; + signed_pre_key_stored(key); + } + + public override bool contains_signed_pre_key(uint32 pre_key_id) throws Error { + return pre_key_map.has_key(pre_key_id); + } + + public override void delete_signed_pre_key(uint32 pre_key_id) throws Error { + SignedPreKeyStore.Key key; + if (pre_key_map.unset(pre_key_id, out key)) { + signed_pre_key_deleted(key); + } + } +} + +} \ No newline at end of file diff --git a/plugins/omemo/src/signal/simple_ss.vala b/plugins/omemo/src/signal/simple_ss.vala new file mode 100644 index 00000000..5213f736 --- /dev/null +++ b/plugins/omemo/src/signal/simple_ss.vala @@ -0,0 +1,75 @@ +using Gee; + +namespace Signal { + +public class SimpleSessionStore : SessionStore { + + private Map> session_map = new HashMap>(); + + public override uint8[]? load_session(Address address) throws Error { + if (session_map.has_key(address.name)) { + foreach (SessionStore.Session session in session_map[address.name]) { + if (session.device_id == address.device_id) return session.record; + } + } + return null; + } + + public override IntList get_sub_device_sessions(string name) throws Error { + IntList res = new IntList(); + if (session_map.has_key(name)) { + foreach (SessionStore.Session session in session_map[name]) { + res.add(session.device_id); + } + } + return res; + } + + public override void store_session(Address address, uint8[] record) throws Error { + if (contains_session(address)) { + delete_session(address); + } + if (!session_map.has_key(address.name)) { + session_map[address.name] = new ArrayList(); + } + SessionStore.Session session = new Session() { name = address.name, device_id = address.device_id, record = record }; + session_map[address.name].add(session); + session_stored(session); + } + + public override bool contains_session(Address address) throws Error { + if (!session_map.has_key(address.name)) return false; + foreach (SessionStore.Session session in session_map[address.name]) { + if (session.device_id == address.device_id) return true; + } + return false; + } + + public override void delete_session(Address address) throws Error { + if (!session_map.has_key(address.name)) throw_by_code(ErrorCode.UNKNOWN, "No session found"); + foreach (SessionStore.Session session in session_map[address.name]) { + if (session.device_id == address.device_id) { + session_map[address.name].remove(session); + if (session_map[address.name].size == 0) { + session_map.unset(address.name); + } + session_removed(session); + return; + } + } + } + + public override void delete_all_sessions(string name) throws Error { + if (session_map.has_key(name)) { + foreach (SessionStore.Session session in session_map[name]) { + session_map[name].remove(session); + if (session_map[name].size == 0) { + session_map.unset(name); + } + session_removed(session); + } + } + } +} + +} \ No newline at end of file diff --git a/plugins/omemo/src/signal/store.vala b/plugins/omemo/src/signal/store.vala new file mode 100644 index 00000000..b440d838 --- /dev/null +++ b/plugins/omemo/src/signal/store.vala @@ -0,0 +1,415 @@ +namespace Signal { + +public abstract class IdentityKeyStore : Object { + public abstract Bytes identity_key_private { get; set; } + public abstract Bytes identity_key_public { get; set; } + public abstract uint32 local_registration_id { get; set; } + + public signal void trusted_identity_added(TrustedIdentity id); + public signal void trusted_identity_updated(TrustedIdentity id); + + public abstract void save_identity(Address address, uint8[] key) throws Error ; + + public abstract bool is_trusted_identity(Address address, uint8[] key) throws Error ; + + public class TrustedIdentity { + public uint8[] key { get; set; } + public string name { get; private set; } + public int device_id { get; private set; } + + public TrustedIdentity(string name, int device_id, uint8[] key) { + this.key = key; + this.name = name; + this.device_id = device_id; + } + + public TrustedIdentity.by_address(Address address, uint8[] key) { + this(address.name, address.device_id, key); + } + } +} + +public abstract class SessionStore : Object { + + public signal void session_stored(Session session); + public signal void session_removed(Session session); + public abstract uint8[]? load_session(Address address) throws Error ; + + public abstract IntList get_sub_device_sessions(string name) throws Error ; + + public abstract void store_session(Address address, uint8[] record) throws Error ; + + public abstract bool contains_session(Address address) throws Error ; + + public abstract void delete_session(Address address) throws Error ; + + public abstract void delete_all_sessions(string name) throws Error ; + + public class Session { + public string name; + public int device_id; + public uint8[] record; + } +} + +public abstract class PreKeyStore : Object { + + public signal void pre_key_stored(Key key); + public signal void pre_key_deleted(Key key); + + public abstract uint8[]? load_pre_key(uint32 pre_key_id) throws Error ; + + public abstract void store_pre_key(uint32 pre_key_id, uint8[] record) throws Error ; + + public abstract bool contains_pre_key(uint32 pre_key_id) throws Error ; + + public abstract void delete_pre_key(uint32 pre_key_id) throws Error ; + + public class Key { + public uint32 key_id { get; private set; } + public uint8[] record { get; private set; } + + public Key(uint32 key_id, uint8[] record) { + this.key_id = key_id; + this.record = record; + } + } +} + +public abstract class SignedPreKeyStore : Object { + + public signal void signed_pre_key_stored(Key key); + public signal void signed_pre_key_deleted(Key key); + + public abstract uint8[]? load_signed_pre_key(uint32 pre_key_id) throws Error ; + + public abstract void store_signed_pre_key(uint32 pre_key_id, uint8[] record) throws Error ; + + public abstract bool contains_signed_pre_key(uint32 pre_key_id) throws Error ; + + public abstract void delete_signed_pre_key(uint32 pre_key_id) throws Error ; + + public class Key { + public uint32 key_id { get; private set; } + public uint8[] record { get; private set; } + + public Key(uint32 key_id, uint8[] record) { + this.key_id = key_id; + this.record = record; + } + } +} + +public class Store : Object { + public Context context { get; private set; } + public IdentityKeyStore identity_key_store { get; set; default = new SimpleIdentityKeyStore(); } + public SessionStore session_store { get; set; default = new SimpleSessionStore(); } + public PreKeyStore pre_key_store { get; set; default = new SimplePreKeyStore(); } + public SignedPreKeyStore signed_pre_key_store { get; set; default = new SimpleSignedPreKeyStore(); } + public uint32 local_registration_id { get { return identity_key_store.local_registration_id; } } + internal NativeStoreContext native_context {get { return native_store_context_; }} + private NativeStoreContext native_store_context_; + + static int iks_get_identity_key_pair(out Buffer public_data, out Buffer private_data, void* user_data) { + Store store = (Store) user_data; + public_data = new Buffer.from(store.identity_key_store.identity_key_public.get_data()); + private_data = new Buffer.from(store.identity_key_store.identity_key_private.get_data()); + return 0; + } + + static int iks_get_local_registration_id(void* user_data, out uint32 registration_id) { + Store store = (Store) user_data; + registration_id = store.identity_key_store.local_registration_id; + return 0; + } + + static int iks_save_identity(Address address, uint8[] key, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + store.identity_key_store.save_identity(address, key); + return 0; + }); + } + + static int iks_is_trusted_identity(Address address, uint8[] key, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + return store.identity_key_store.is_trusted_identity(address, key) ? 1 : 0; + }); + } + + static void iks_destroy_func(void* user_data) { + } + + static int ss_load_session_func(out Buffer? record, out Buffer? user_record, Address address, void* user_data) { + Store store = (Store) user_data; + user_record = null; // No support for user_record + uint8[]? res = null; + try { + res = store.session_store.load_session(address); + } catch (Error e) { + record = null; + return e.code; + } + if (res == null) { + record = null; + return 0; + } + record = new Buffer.from((!)res); + if (record == null) return ErrorCode.NOMEM; + return 1; + } + + static int ss_get_sub_device_sessions_func(out IntList? sessions, char[] name, void* user_data) { + Store store = (Store) user_data; + try { + sessions = store.session_store.get_sub_device_sessions(carr_to_string(name)); + } catch (Error e) { + sessions = null; + return e.code; + } + return 0; + } + + static int ss_store_session_func(Address address, uint8[] record, uint8[] user_record, void* user_data) { + // Ignoring user_record + Store store = (Store) user_data; + return catch_to_code(() => { + store.session_store.store_session(address, record); + return 0; + }); + } + + static int ss_contains_session_func(Address address, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + return store.session_store.contains_session(address) ? 1 : 0; + }); + } + + static int ss_delete_session_func(Address address, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + store.session_store.delete_session(address); + return 0; + }); + } + + static int ss_delete_all_sessions_func(char[] name, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + store.session_store.delete_all_sessions(carr_to_string(name)); + return 0; + }); + } + + static void ss_destroy_func(void* user_data) { + } + + static int pks_load_pre_key(out Buffer? record, uint32 pre_key_id, void* user_data) { + Store store = (Store) user_data; + uint8[]? res = null; + try { + res = store.pre_key_store.load_pre_key(pre_key_id); + } catch (Error e) { + record = null; + return e.code; + } + if (res == null) { + record = new Buffer(0); + return 0; + } + record = new Buffer.from((!)res); + if (record == null) return ErrorCode.NOMEM; + return 1; + } + + static int pks_store_pre_key(uint32 pre_key_id, uint8[] record, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + store.pre_key_store.store_pre_key(pre_key_id, record); + return 0; + }); + } + + static int pks_contains_pre_key(uint32 pre_key_id, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + return store.pre_key_store.contains_pre_key(pre_key_id) ? 1 : 0; + }); + } + + static int pks_remove_pre_key(uint32 pre_key_id, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + store.pre_key_store.delete_pre_key(pre_key_id); + return 0; + }); + } + + static void pks_destroy_func(void* user_data) { + } + + static int spks_load_signed_pre_key(out Buffer? record, uint32 pre_key_id, void* user_data) { + Store store = (Store) user_data; + uint8[]? res = null; + try { + res = store.signed_pre_key_store.load_signed_pre_key(pre_key_id); + } catch (Error e) { + record = null; + return e.code; + } + if (res == null) { + record = new Buffer(0); + return 0; + } + record = new Buffer.from((!)res); + if (record == null) return ErrorCode.NOMEM; + return 1; + } + + static int spks_store_signed_pre_key(uint32 pre_key_id, uint8[] record, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + store.signed_pre_key_store.store_signed_pre_key(pre_key_id, record); + return 0; + }); + } + + static int spks_contains_signed_pre_key(uint32 pre_key_id, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + return store.signed_pre_key_store.contains_signed_pre_key(pre_key_id) ? 1 : 0; + }); + } + + static int spks_remove_signed_pre_key(uint32 pre_key_id, void* user_data) { + Store store = (Store) user_data; + return catch_to_code(() => { + store.signed_pre_key_store.delete_signed_pre_key(pre_key_id); + return 0; + }); + } + + static void spks_destroy_func(void* user_data) { + } + + internal Store(Context context) { + this.context = context; + NativeStoreContext.create(out native_store_context_, context.native_context); + + NativeIdentityKeyStore iks = NativeIdentityKeyStore() { + get_identity_key_pair = iks_get_identity_key_pair, + get_local_registration_id = iks_get_local_registration_id, + save_identity = iks_save_identity, + is_trusted_identity = iks_is_trusted_identity, + destroy_func = iks_destroy_func, + user_data = this + }; + native_context.set_identity_key_store(iks); + + NativeSessionStore ss = NativeSessionStore() { + load_session_func = ss_load_session_func, + get_sub_device_sessions_func = ss_get_sub_device_sessions_func, + store_session_func = ss_store_session_func, + contains_session_func = ss_contains_session_func, + delete_session_func = ss_delete_session_func, + delete_all_sessions_func = ss_delete_all_sessions_func, + destroy_func = ss_destroy_func, + user_data = this + }; + native_context.set_session_store(ss); + + NativePreKeyStore pks = NativePreKeyStore() { + load_pre_key = pks_load_pre_key, + store_pre_key = pks_store_pre_key, + contains_pre_key = pks_contains_pre_key, + remove_pre_key = pks_remove_pre_key, + destroy_func = pks_destroy_func, + user_data = this + }; + native_context.set_pre_key_store(pks); + + NativeSignedPreKeyStore spks = NativeSignedPreKeyStore() { + load_signed_pre_key = spks_load_signed_pre_key, + store_signed_pre_key = spks_store_signed_pre_key, + contains_signed_pre_key = spks_contains_signed_pre_key, + remove_signed_pre_key = spks_remove_signed_pre_key, + destroy_func = spks_destroy_func, + user_data = this + }; + native_context.set_signed_pre_key_store(spks); + } + + public SessionBuilder create_session_builder(Address other) throws Error { + SessionBuilder builder; + throw_by_code(session_builder_create(out builder, native_context, other, context.native_context), "Error creating session builder"); + return builder; + } + + public SessionCipher create_session_cipher(Address other) throws Error { + SessionCipher cipher; + throw_by_code(session_cipher_create(out cipher, native_context, other, context.native_context)); + return cipher; + } + + public IdentityKeyPair identity_key_pair { + owned get { + IdentityKeyPair pair; + Protocol.Identity.get_key_pair(native_context, out pair); + return pair; + } + } + + public bool is_trusted_identity(Address address, ECPublicKey key) throws Error { + return throw_by_code(Protocol.Identity.is_trusted_identity(native_context, address, key)) == 1; + } + + public void save_identity(Address address, ECPublicKey key) throws Error { + throw_by_code(Protocol.Identity.save_identity(native_context, address, key)); + } + + public bool contains_session(Address other) throws Error { + return throw_by_code(Protocol.Session.contains_session(native_context, other)) == 1; + } + + public void delete_session(Address address) throws Error { + throw_by_code(Protocol.Session.delete_session(native_context, address)); + } + + public SessionRecord load_session(Address other) throws Error { + SessionRecord record; + throw_by_code(Protocol.Session.load_session(native_context, out record, other)); + return record; + } + + public bool contains_pre_key(uint32 pre_key_id) throws Error { + return throw_by_code(Protocol.PreKey.contains_key(native_context, pre_key_id)) == 1; + } + + public void store_pre_key(PreKeyRecord record) throws Error { + throw_by_code(Protocol.PreKey.store_key(native_context, record)); + } + + public PreKeyRecord load_pre_key(uint32 pre_key_id) throws Error { + PreKeyRecord res; + throw_by_code(Protocol.PreKey.load_key(native_context, out res, pre_key_id)); + return res; + } + + public bool contains_signed_pre_key(uint32 pre_key_id) throws Error { + return throw_by_code(Protocol.SignedPreKey.contains_key(native_context, pre_key_id)) == 1; + } + + public void store_signed_pre_key(SignedPreKeyRecord record) throws Error { + throw_by_code(Protocol.SignedPreKey.store_key(native_context, record)); + } + + public SignedPreKeyRecord load_signed_pre_key(uint32 pre_key_id) throws Error { + SignedPreKeyRecord res; + throw_by_code(Protocol.SignedPreKey.load_key(native_context, out res, pre_key_id)); + return res; + } +} + +} diff --git a/plugins/omemo/src/signal/util.vala b/plugins/omemo/src/signal/util.vala new file mode 100644 index 00000000..4c0ae72d --- /dev/null +++ b/plugins/omemo/src/signal/util.vala @@ -0,0 +1,45 @@ +namespace Signal { + +public ECPublicKey generate_public_key(ECPrivateKey private_key) throws Error { + ECPublicKey public_key; + throw_by_code(ECPublicKey.generate(out public_key, private_key), "Error generating public key"); + + return public_key; +} + +public uint8[] calculate_agreement(ECPublicKey public_key, ECPrivateKey private_key) throws Error { + uint8[] res; + int len = Curve.calculate_agreement(out res, public_key, private_key); + throw_by_code(len, "Error calculating agreement"); + res.length = len; + return res; +} + +public bool verify_signature(ECPublicKey signing_key, uint8[] message, uint8[] signature) throws Error { + return throw_by_code(Curve.verify_signature(signing_key, message, signature)) == 1; +} + +public PreKeyBundle create_pre_key_bundle(uint32 registration_id, int device_id, uint32 pre_key_id, ECPublicKey? pre_key_public, + uint32 signed_pre_key_id, ECPublicKey? signed_pre_key_public, uint8[]? signed_pre_key_signature, ECPublicKey? identity_key) throws Error { + PreKeyBundle res; + throw_by_code(PreKeyBundle.create(out res, registration_id, device_id, pre_key_id, pre_key_public, signed_pre_key_id, signed_pre_key_public, signed_pre_key_signature, identity_key), "Error creating PreKeyBundle"); + return res; +} + +internal string carr_to_string(char[] carr) { + char[] nu = new char[carr.length + 1]; + Memory.copy(nu, carr, carr.length); + return (string) nu; +} + +internal delegate int CodeErroringFunc() throws Error; + +internal int catch_to_code(CodeErroringFunc func) { + try { + return func(); + } catch (Error e) { + return e.code; + } +} + +} \ No newline at end of file -- cgit v1.2.3-70-g09d2