yves/meowlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
Files
1906431061fd4238148b1f50458c7add2f5b3a2e
meowlib/client/identity.go
ycc 1906431061
Some checks failed
continuous-integration/drone/push Build is failing
Details
invitation process upgrade
2026-04-02 20:26:35 +02:00

472 lines
14 KiB
Go
Raw Blame History

package client
import (
"crypto/rand"
"encoding/base64"
"encoding/json"
"errors"
mrand "math/rand"
"os"
"path/filepath"
"strings"
"sync"
"time"
"forge.redroom.link/yves/meowlib"
"github.com/ProtonMail/gopenpgp/v2/helper"
"github.com/google/uuid"
doubleratchet "github.com/status-im/doubleratchet"
)
const maxHiddenCount = 30
// Package-level random number generator with mutex for thread-safe access
var (
rngMu sync.Mutex
rng = mrand.New(mrand.NewSource(time.Now().UnixNano()))
)
type Identity struct {
Nickname string `json:"nickname,omitempty"`
DefaultAvatar string `json:"default_avatar,omitempty"`
Avatars []Avatar `json:"avatars,omitempty"`
RootKp *meowlib.KeyPair `json:"id_kp,omitempty"`
Status string `json:"status,omitempty"`
Peers PeerStorage `json:"peers,omitempty"`
HiddenPeers [][]byte `json:"hidden_peers,omitempty"`
Personae PeerList `json:"faces,omitempty"`
Device *meowlib.KeyPair `json:"device,omitempty"`
KnownServers ServerList `json:"known_servers,omitempty"`
MessageServers ServerStorage `json:"message_servers,omitempty"`
DefaultDbPassword string `json:"default_db_password,omitempty"`
DbPasswordStore bool `json:"db_password_store,omitempty"`
OwnedDevices PeerList `json:"owned_devices,omitempty"`
StaticMtkServerPaths []ServerList `json:"static_mtk_server_paths,omitempty"`
DynamicMtkServeRules []string `json:"dynamic_mtk_serve_rules,omitempty"`
InvitationTimeout int `json:"invitation_timeout,omitempty"`
Uuid string `json:"uuid,omitempty"`
unlockedHiddenPeers PeerList
}
func CreateIdentity(nickname string) (*Identity, error) {
var id Identity
var err error
id.Nickname = nickname
id.Uuid = uuid.New().String()
id.RootKp, err = meowlib.NewKeyPair()
GetConfig().me = &id
id.MessageServers = ServerStorage{DbFile: uuid.NewString()}
id.generateRandomHiddenStuff()
err = id.CreateFolder()
if err != nil {
return nil, err
}
return &id, nil
}
func (id *Identity) CreateFolder() error {
err := os.MkdirAll(filepath.Join(GetConfig().StoragePath, id.Uuid), 0700)
if err != nil {
return err
}
return nil
}
func (id *Identity) WipeFolder() error {
err := os.RemoveAll(filepath.Join(GetConfig().StoragePath, id.Uuid))
if err != nil {
return err
}
return nil
}
// InvitationStep1 creates a minimal pending peer with only a temporary keypair and returns
// the InvitationInitPayload to be transmitted to the invitee (via file, QR code, or server).
// Full keypairs are only generated in InvitationStep3, after the invitee's answer is received.
func (id *Identity) InvitationStep1(MyName string, ContactName string, MessageServerUids []string, InvitationMessage string) (*meowlib.InvitationInitPayload, *Peer, error) {
var peer Peer
var err error
peer.Uid = uuid.New().String()
peer.Name = ContactName
peer.MyName = MyName
peer.InvitationId = uuid.New().String()
peer.InvitationMessage = InvitationMessage
peer.MyPullServers = MessageServerUids
// Temporary keypair: public key is sent to invitee for step-2 encryption and as
// the server-side lookup key where the invitee will post their answer.
peer.InvitationKp, err = meowlib.NewKeyPair()
if err != nil {
return nil, nil, err
}
id.Peers.StorePeer(&peer)
payload := &meowlib.InvitationInitPayload{
Uuid: peer.InvitationId,
Name: MyName,
PublicKey: peer.InvitationKp.Public,
InvitationMessage: InvitationMessage,
}
return payload, &peer, nil
}
// InvitationStep2 creates the invitee's peer entry from the received InvitationInitPayload
// and returns the peer. The invitee generates their full keypairs here.
// The initiator's temporary public key (payload.PublicKey) is used both as the encryption
// target for the step-2 answer and as the server-side lookup address.
func (id *Identity) InvitationStep2(MyName string, ContactName string, MessageServerUids []string, payload *meowlib.InvitationInitPayload) (*Peer, error) {
var peer Peer
var err error
peer.Uid = uuid.New().String()
peer.MyIdentity, err = meowlib.NewKeyPair()
if err != nil {
return nil, err
}
peer.MyEncryptionKp, err = meowlib.NewKeyPair()
if err != nil {
return nil, err
}
peer.MyLookupKp, err = meowlib.NewKeyPair()
if err != nil {
return nil, err
}
if ContactName != "" {
peer.Name = ContactName
} else {
peer.Name = payload.Name
}
// The initiator's temp key is used for both encrypting the answer and as destination.
peer.ContactEncryption = payload.PublicKey
peer.ContactLookupKey = payload.PublicKey
peer.InvitationId = payload.Uuid
peer.InvitationMessage = payload.InvitationMessage
peer.MyPullServers = MessageServerUids
peer.MyName = MyName
id.Peers.StorePeer(&peer)
return &peer, nil
}
// InvitationStep3 is called by the initiator after receiving and decrypting the invitee's
// ContactCard (step-2 answer). It generates the initiator's full keypairs and DR material,
// updates the pending peer with the invitee's contact info, and returns the initiator's
// full ContactCard to be sent to the invitee (STEP_3_SEND).
func (id *Identity) InvitationStep3(inviteeContact *meowlib.ContactCard) (*meowlib.ContactCard, *Peer, error) {
var err error
peer := id.Peers.GetFromInvitationId(inviteeContact.InvitationId)
if peer == nil {
return nil, nil, errors.New("no pending peer found for invitation id " + inviteeContact.InvitationId)
}
// Generate full keypairs now that the invitee's identity is known.
peer.MyIdentity, err = meowlib.NewKeyPair()
if err != nil {
return nil, nil, err
}
peer.MyEncryptionKp, err = meowlib.NewKeyPair()
if err != nil {
return nil, nil, err
}
peer.MyLookupKp, err = meowlib.NewKeyPair()
if err != nil {
return nil, nil, err
}
symKeyBytes := make([]byte, 32)
if _, err = rand.Read(symKeyBytes); err != nil {
return nil, nil, err
}
peer.MySymKey = base64.StdEncoding.EncodeToString(symKeyBytes)
// Generate DR keypair and root key.
drKp, err := doubleratchet.DefaultCrypto{}.GenerateDH()
if err != nil {
return nil, nil, err
}
peer.DrKpPrivate = base64.StdEncoding.EncodeToString(drKp.PrivateKey())
peer.DrKpPublic = base64.StdEncoding.EncodeToString(drKp.PublicKey())
drRootKey := make([]byte, 32)
if _, err = rand.Read(drRootKey); err != nil {
return nil, nil, err
}
peer.DrRootKey = base64.StdEncoding.EncodeToString(drRootKey)
peer.DrInitiator = true
// Store invitee contact info.
peer.ContactPublicKey = inviteeContact.ContactPublicKey
peer.ContactEncryption = inviteeContact.EncryptionPublicKey
peer.ContactLookupKey = inviteeContact.LookupPublicKey
for _, srv := range inviteeContact.PullServers {
peer.ContactPullServers = append(peer.ContactPullServers, srv.GetUid())
newsrv, err := CreateServerFromUid(srv.GetUid())
if err == nil {
id.MessageServers.StoreServerIfNotExists(newsrv)
}
}
// Drop the temporary invitation keypair — no longer needed.
peer.InvitationKp = nil
id.Peers.StorePeer(peer)
return peer.GetMyContact(), peer, nil
}
// InvitationStep4 is called by the invitee upon receiving the initiator's full ContactCard
// (carried as a regular UserMessage with invitation.step=3). It finalizes the peer entry.
func (id *Identity) InvitationStep4(initiatorContact *meowlib.ContactCard) error {
var err error
var newsrv *Server
for _, srv := range initiatorContact.PullServers {
newsrv, err = CreateServerFromUid(srv.GetUid())
if err != nil {
return err
}
id.MessageServers.StoreServerIfNotExists(newsrv)
}
peer := id.Peers.GetFromInvitationId(initiatorContact.InvitationId)
if peer == nil {
return errors.New("no pending peer found for invitation id " + initiatorContact.InvitationId)
}
peer.ContactPublicKey = initiatorContact.ContactPublicKey
peer.ContactEncryption = initiatorContact.EncryptionPublicKey
peer.ContactLookupKey = initiatorContact.LookupPublicKey
peer.MySymKey = initiatorContact.SymetricKey
peer.DrRootKey = initiatorContact.DrRootKey
peer.ContactDrPublicKey = initiatorContact.DrPublicKey
peer.DrInitiator = false
for _, srv := range initiatorContact.PullServers {
peer.ContactPullServers = append(peer.ContactPullServers, srv.GetUid())
}
id.Peers.StorePeer(peer)
return nil
}
// CheckInvitation checks if the received ContactCard is an answer to one of our pending
// invitations. Returns true when it is, with the proposed and received nicknames.
func (id *Identity) CheckInvitation(ReceivedContact *meowlib.ContactCard) (isAnswer bool, proposedNick string, receivedNick string, invitationMessage string) {
return id.Peers.CheckInvitation(ReceivedContact)
}
// LoadIdentity loads an identity from an encrypted file
func LoadIdentity(filename string, password string) (*Identity, error) {
var id Identity
err := GetConfig().SetMemPass(password)
if err != nil {
return nil, err
}
GetConfig().IdentityFile = filename
indata, err := os.ReadFile(filename)
if err != nil {
return nil, err
}
pass, err := helper.DecryptMessageWithPassword([]byte(password), string(indata))
if err != nil {
return nil, err
}
err = json.Unmarshal([]byte(pass), &id)
if err != nil {
return nil, err
}
GetConfig().me = &id
if id.Peers.DbFile != "" {
id.Peers.LoadPeers(password)
}
return &id, err
}
func (id *Identity) Save() error {
if GetConfig().IdentityFile == "" {
return errors.New("identity filename empty")
}
b, _ := json.Marshal(id)
password, err := GetConfig().GetMemPass()
if err != nil {
return err
}
armor, err := helper.EncryptMessageWithPassword([]byte(password), string(b))
if err != nil {
return err
}
err = os.WriteFile(GetConfig().IdentityFile, []byte(armor), 0600)
return err
}
func (id *Identity) TryUnlockHidden(password string) error {
found := false
for _, encPeer := range id.HiddenPeers {
p := Peer{}
jsonPeer, err := meowlib.SymDecrypt(password, encPeer)
if err == nil {
err = json.Unmarshal(jsonPeer, &p)
if err != nil {
return err
}
p.dbPassword = password
id.unlockedHiddenPeers = append(id.unlockedHiddenPeers, &p)
found = true
}
}
if found {
return nil
}
return errors.New("no peer found")
}
/*
func (id *Identity) HidePeer(peerIdx int, password string) error {
serializedPeer, err := json.Marshal(id.Peers[peerIdx])
if err != nil {
return err
}
encrypted, err := meowlib.SymEncrypt(password, serializedPeer)
if err != nil {
return err
}
// add encrypted peer data
id.HiddenPeers = append(id.HiddenPeers, encrypted)
// remove clear text peer
id.Peers = append(id.Peers[:peerIdx], id.Peers[peerIdx+1:]...)
return nil
}*/
func (id *Identity) generateRandomHiddenStuff() error {
var err error
rngMu.Lock()
count := rng.Intn(maxHiddenCount) + 1
rngMu.Unlock()
for i := 1; i < count; i++ {
var p Peer
p.Uid = uuid.New().String()
p.Name = randomLenString(4, 20)
p.MyEncryptionKp, err = meowlib.NewKeyPair()
if err != nil {
return err
}
p.MyIdentity, err = meowlib.NewKeyPair()
if err != nil {
return err
}
p.MyLookupKp, err = meowlib.NewKeyPair()
if err != nil {
return err
}
p.Name = randomLenString(4, 20)
p.ContactPublicKey = p.MyLookupKp.Public
p.ContactEncryption = p.MyIdentity.Public
p.ContactLookupKey = p.MyEncryptionKp.Public
p.dbPassword = randomLenString(8, 14)
// p.Contact.AddUrls([]string{randomLenString(14, 60), randomLenString(14, 60)}) // todo add servers
id.Peers.StorePeer(&p)
//id.HidePeer(0, randomLenString(8, 14))
// TODO Add random conversations
}
return nil
}
type BackgroundJob struct {
RootPublic string `json:"root_public,omitempty"`
Device *meowlib.KeyPair `json:"device,omitempty"`
Jobs []RequestsJob `json:"jobs,omitempty"`
}
type RequestsJob struct {
Server *Server `json:"server,omitempty"`
LookupKeys []*meowlib.KeyPair `json:"lookup_keys,omitempty"`
}
func (id *Identity) GetRequestJobs() []RequestsJob {
var list []RequestsJob
srvs := map[string]*RequestsJob{}
// get all servers
servers, err := id.MessageServers.LoadAllServers()
if err == nil {
// build a server map
for _, server := range servers {
var rj RequestsJob
rj.Server = server
srvs[server.GetServerCard().GetUid()] = &rj
}
// add ids to the map
peers, err := id.Peers.GetPeers()
if err != nil {
return nil
}
for _, peer := range peers {
for _, server := range peer.MyPullServers {
if srvs[server] == nil {
continue
}
if peer.MyLookupKp != nil {
// Active peer — use the permanent lookup key.
srvs[server].LookupKeys = append(srvs[server].LookupKeys, peer.MyLookupKp)
} else if peer.InvitationKp != nil {
// Step-1 pending peer — poll using the temp invitation keypair so the
// server-stored step-2 answer can be retrieved.
srvs[server].LookupKeys = append(srvs[server].LookupKeys, peer.InvitationKp)
}
}
}
// add hidden peers
for _, peer := range id.unlockedHiddenPeers {
for _, server := range peer.MyPullServers {
srvs[server].LookupKeys = append(srvs[server].LookupKeys, peer.MyLookupKp)
}
}
// todo add garbage
// todo random reorder
// build list
for _, srv := range srvs {
if len(srv.LookupKeys) > 0 {
list = append(list, *srv)
}
}
}
return list
}
func (id *Identity) SaveBackgroundJob() error {
var bj BackgroundJob
bj.Jobs = id.GetRequestJobs()
bj.RootPublic = id.RootKp.Public
bj.Device = id.Device
jsonjobs, err := json.Marshal(bj)
if err != nil {
return err
}
id.CreateFolder()
err = os.WriteFile(filepath.Join(GetConfig().StoragePath, id.Uuid, ".jobs"), jsonjobs, 0600)
if err != nil {
return err
}
return nil
}
func randomLenString(min int, max int) string {
rngMu.Lock()
defer rngMu.Unlock()
length := rng.Intn(max-min+1) + min
return randomStringLocked(length)
}
func randomString(n int) string {
rngMu.Lock()
defer rngMu.Unlock()
return randomStringLocked(n)
}
// randomStringLocked generates a random string of length n.
// Must be called with rngMu already locked.
func randomStringLocked(n int) string {
const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
var b strings.Builder
b.Grow(n)
for i := 0; i < n; i++ {
b.WriteByte(letterBytes[rng.Intn(len(letterBytes))])
}
return b.String()
}
Reference in New Issue View Git Blame Copy Permalink