2020-02-25 13:24:18 +00:00
|
|
|
// Copyright 2020 The Matrix.org Foundation C.I.C.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
use std::convert::TryInto;
|
|
|
|
|
|
2020-02-25 16:36:11 +00:00
|
|
|
use super::error::SignatureError;
|
2020-02-25 13:24:18 +00:00
|
|
|
use super::olm::Account;
|
|
|
|
|
use crate::api;
|
|
|
|
|
|
|
|
|
|
use api::r0::keys;
|
|
|
|
|
|
2020-02-25 16:36:11 +00:00
|
|
|
use cjson;
|
|
|
|
|
use olm_rs::utility::OlmUtility;
|
|
|
|
|
use serde_json::json;
|
2020-02-29 10:13:57 +00:00
|
|
|
use serde_json::Value;
|
2020-02-25 16:36:11 +00:00
|
|
|
|
2020-02-25 13:24:18 +00:00
|
|
|
struct OlmMachine {
|
|
|
|
|
/// The unique user id that owns this account.
|
|
|
|
|
user_id: String,
|
|
|
|
|
/// The unique device id of the device that holds this account.
|
|
|
|
|
device_id: String,
|
|
|
|
|
/// Our underlying Olm Account holding our identity keys.
|
|
|
|
|
account: Account,
|
2020-02-26 08:36:52 +00:00
|
|
|
/// The number of signed one-time keys we have uploaded to the server. If
|
|
|
|
|
/// this is None, no action will be taken. After a sync request the client
|
|
|
|
|
/// needs to set this for us, depending on the count we will suggest the
|
|
|
|
|
/// client to upload new keys.
|
|
|
|
|
uploaded_signed_key_count: Option<u64>,
|
2020-02-25 13:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl OlmMachine {
|
2020-02-25 16:36:11 +00:00
|
|
|
const OLM_V1_ALGORITHM: &'static str = "m.olm.v1.curve25519-aes-sha2";
|
|
|
|
|
const MEGOLM_V1_ALGORITHM: &'static str = "m.megolm.v1.aes-sha2";
|
|
|
|
|
|
|
|
|
|
const ALGORITHMS: &'static [&'static str] = &[
|
|
|
|
|
OlmMachine::OLM_V1_ALGORITHM,
|
|
|
|
|
OlmMachine::MEGOLM_V1_ALGORITHM,
|
|
|
|
|
];
|
|
|
|
|
|
2020-02-25 13:24:18 +00:00
|
|
|
/// Create a new account.
|
|
|
|
|
pub fn new(user_id: &str, device_id: &str) -> Self {
|
|
|
|
|
OlmMachine {
|
|
|
|
|
user_id: user_id.to_owned(),
|
|
|
|
|
device_id: device_id.to_owned(),
|
|
|
|
|
account: Account::new(),
|
2020-02-26 08:36:52 +00:00
|
|
|
uploaded_signed_key_count: None,
|
2020-02-25 13:24:18 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Should account or one-time keys be uploaded to the server.
|
|
|
|
|
pub fn should_upload_keys(&self) -> bool {
|
|
|
|
|
if !self.account.shared() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If we have a known key count, check that we have more than
|
|
|
|
|
// max_one_time_Keys() / 2, otherwise tell the client to upload more.
|
2020-02-26 08:36:52 +00:00
|
|
|
match self.uploaded_signed_key_count {
|
2020-02-25 13:24:18 +00:00
|
|
|
Some(count) => {
|
|
|
|
|
let max_keys = self.account.max_one_time_keys() as u64;
|
|
|
|
|
let key_count = (max_keys / 2) - count;
|
|
|
|
|
key_count > 0
|
|
|
|
|
}
|
|
|
|
|
None => false,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-25 16:36:11 +00:00
|
|
|
/// Receive a successful keys upload response.
|
2020-02-25 13:24:18 +00:00
|
|
|
///
|
2020-02-25 16:36:11 +00:00
|
|
|
/// # Arguments
|
2020-02-25 13:24:18 +00:00
|
|
|
///
|
2020-03-02 10:31:03 +00:00
|
|
|
/// * `response` - The keys upload response of the request that the client
|
2020-02-25 13:24:18 +00:00
|
|
|
/// performed.
|
|
|
|
|
pub async fn receive_keys_upload_response(&mut self, response: &keys::upload_keys::Response) {
|
|
|
|
|
self.account.shared = true;
|
|
|
|
|
let one_time_key_count = response
|
|
|
|
|
.one_time_key_counts
|
|
|
|
|
.get(&keys::KeyAlgorithm::SignedCurve25519);
|
|
|
|
|
|
|
|
|
|
if let Some(c) = one_time_key_count {
|
|
|
|
|
let count: u64 = (*c).into();
|
2020-02-26 08:36:52 +00:00
|
|
|
self.uploaded_signed_key_count = Some(count);
|
2020-02-25 13:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
self.account.mark_keys_as_published();
|
|
|
|
|
// TODO save the account here.
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Generate new one-time keys.
|
|
|
|
|
///
|
|
|
|
|
/// Returns the number of newly generated one-time keys. If no keys can be
|
|
|
|
|
/// generated returns an empty error.
|
|
|
|
|
fn generate_one_time_keys(&self) -> Result<u64, ()> {
|
2020-02-26 08:36:52 +00:00
|
|
|
match self.uploaded_signed_key_count {
|
2020-02-25 13:24:18 +00:00
|
|
|
Some(count) => {
|
|
|
|
|
let max_keys = self.account.max_one_time_keys() as u64;
|
2020-02-26 08:18:10 +00:00
|
|
|
let max_on_server = max_keys / 2;
|
2020-02-25 13:24:18 +00:00
|
|
|
|
2020-02-26 08:18:10 +00:00
|
|
|
if count >= (max_on_server) {
|
2020-02-25 13:36:09 +00:00
|
|
|
return Err(());
|
2020-02-25 13:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
2020-02-26 08:18:10 +00:00
|
|
|
let key_count = (max_on_server) - count;
|
|
|
|
|
|
2020-02-25 13:36:09 +00:00
|
|
|
let key_count: usize = key_count
|
|
|
|
|
.try_into()
|
|
|
|
|
.unwrap_or_else(|_| self.account.max_one_time_keys());
|
2020-02-25 13:24:18 +00:00
|
|
|
|
|
|
|
|
self.account.generate_one_time_keys(key_count);
|
|
|
|
|
Ok(key_count as u64)
|
2020-02-25 13:36:09 +00:00
|
|
|
}
|
|
|
|
|
None => Err(()),
|
2020-02-25 13:24:18 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-02-25 13:36:09 +00:00
|
|
|
|
2020-02-25 16:36:11 +00:00
|
|
|
/// Sign the device keys and return a JSON Value to upload them.
|
|
|
|
|
fn device_keys(&self) -> Value {
|
|
|
|
|
let identity_keys = self.account.identity_keys();
|
|
|
|
|
|
|
|
|
|
let mut device_keys = json!({
|
|
|
|
|
"user_id": self.user_id,
|
|
|
|
|
"device_id": self.device_id,
|
|
|
|
|
"algorithms": OlmMachine::ALGORITHMS,
|
|
|
|
|
"keys": {
|
|
|
|
|
format!("curve25519:{}", self.device_id): identity_keys.curve25519(),
|
|
|
|
|
format!("ed25519:{}", self.device_id): identity_keys.ed25519(),
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let signature = json!({
|
|
|
|
|
self.user_id.clone(): {
|
|
|
|
|
format!("ed25519:{}", self.device_id): self.sign_json(&device_keys),
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let device_keys_object = device_keys
|
|
|
|
|
.as_object_mut()
|
|
|
|
|
.expect("Device keys json value isn't an object");
|
|
|
|
|
|
|
|
|
|
device_keys_object.insert("signatures".to_string(), signature);
|
|
|
|
|
|
|
|
|
|
device_keys
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-29 10:13:57 +00:00
|
|
|
/// Generate, sign and prepare one-time keys to be uploaded.
|
|
|
|
|
///
|
|
|
|
|
/// If no one-time keys need to be uploaded returns an empty error.
|
|
|
|
|
fn signed_one_time_keys(&self) -> Result<Value, ()> {
|
|
|
|
|
let _ = self.generate_one_time_keys()?;
|
|
|
|
|
|
|
|
|
|
let one_time_keys = self.account.one_time_keys();
|
|
|
|
|
|
|
|
|
|
let mut one_time_key_map = json!({});
|
|
|
|
|
let one_time_key_object = one_time_key_map.as_object_mut().unwrap();
|
|
|
|
|
|
|
|
|
|
for (key_id, key) in one_time_keys.curve25519().iter() {
|
|
|
|
|
let key_json = json!({
|
|
|
|
|
"key": key,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let signature = self.sign_json(&key_json);
|
|
|
|
|
|
|
|
|
|
let one_time_key = json!({
|
|
|
|
|
"key": key,
|
|
|
|
|
"signatures": {
|
|
|
|
|
self.user_id.clone(): {
|
|
|
|
|
format!("ed25519:{}", self.device_id): signature
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
one_time_key_object.insert(format!("signed_curve25519:{}", key_id), one_time_key);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Ok(one_time_key_map)
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-02 10:31:03 +00:00
|
|
|
/// Convert a JSON value to the canonical representation and sign the JSON
|
|
|
|
|
/// string.
|
|
|
|
|
///
|
|
|
|
|
/// # Arguments
|
|
|
|
|
///
|
|
|
|
|
/// * `json` - The value that should be converted into a canonical JSON
|
|
|
|
|
/// string.
|
2020-02-25 16:36:11 +00:00
|
|
|
fn sign_json(&self, json: &Value) -> String {
|
2020-02-26 08:18:10 +00:00
|
|
|
let canonical_json = cjson::to_string(json)
|
|
|
|
|
.unwrap_or_else(|_| panic!(format!("Can't serialize {} to canonical JSON", json)));
|
2020-02-25 16:36:11 +00:00
|
|
|
self.account.sign(&canonical_json)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Verify a signed JSON object.
|
|
|
|
|
///
|
|
|
|
|
/// The object must have a signatures key associated with an object of the
|
|
|
|
|
/// form `user_id: {key_id: signature}`.
|
|
|
|
|
///
|
2020-03-02 10:31:03 +00:00
|
|
|
/// Returns Ok if the signature was successfully verified, otherwise an
|
|
|
|
|
/// SignatureError.
|
|
|
|
|
///
|
2020-02-25 16:36:11 +00:00
|
|
|
/// # Arguments
|
|
|
|
|
///
|
|
|
|
|
/// * `user_id` - The user who signed the JSON object.
|
2020-03-02 10:31:03 +00:00
|
|
|
///
|
2020-02-25 16:36:11 +00:00
|
|
|
/// * `device_id` - The device that signed the JSON object.
|
2020-03-02 10:31:03 +00:00
|
|
|
///
|
2020-02-25 16:36:11 +00:00
|
|
|
/// * `user_key` - The public ed25519 key which was used to sign the JSON
|
|
|
|
|
/// object.
|
|
|
|
|
///
|
2020-03-02 10:31:03 +00:00
|
|
|
/// * `json` - The JSON object that should be verified.
|
2020-02-25 16:36:11 +00:00
|
|
|
fn verify_json(
|
|
|
|
|
&self,
|
|
|
|
|
user_id: &str,
|
|
|
|
|
device_id: &str,
|
|
|
|
|
user_key: &str,
|
|
|
|
|
json: &mut Value,
|
|
|
|
|
) -> Result<(), SignatureError> {
|
|
|
|
|
let json_object = json.as_object_mut().ok_or(SignatureError::NotAnObject)?;
|
|
|
|
|
let unsigned = json_object.remove("unsigned");
|
|
|
|
|
let signatures = json_object.remove("signatures");
|
|
|
|
|
|
|
|
|
|
let canonical_json = cjson::to_string(json_object)?;
|
|
|
|
|
|
|
|
|
|
if let Some(u) = unsigned {
|
|
|
|
|
json_object.insert("unsigned".to_string(), u);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let key_id = format!("ed25519:{}", device_id);
|
|
|
|
|
|
|
|
|
|
let signatures = signatures.ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
let signature_object = signatures
|
|
|
|
|
.as_object()
|
|
|
|
|
.ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
let signature = signature_object
|
|
|
|
|
.get(user_id)
|
|
|
|
|
.ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
let signature = signature
|
|
|
|
|
.get(key_id)
|
|
|
|
|
.ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
let signature = signature.as_str().ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
|
|
|
|
|
let utility = OlmUtility::new();
|
|
|
|
|
|
|
|
|
|
let ret = if utility
|
|
|
|
|
.ed25519_verify(&user_key, &canonical_json, signature)
|
|
|
|
|
.is_ok()
|
|
|
|
|
{
|
|
|
|
|
Ok(())
|
|
|
|
|
} else {
|
|
|
|
|
Err(SignatureError::VerificationError)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
json_object.insert("signatures".to_string(), signatures);
|
|
|
|
|
|
|
|
|
|
ret
|
|
|
|
|
}
|
2020-02-25 13:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
mod test {
|
|
|
|
|
const USER_ID: &str = "@test:example.org";
|
|
|
|
|
const DEVICE_ID: &str = "DEVICEID";
|
|
|
|
|
|
2020-02-25 13:36:09 +00:00
|
|
|
use js_int::UInt;
|
2020-02-25 13:24:18 +00:00
|
|
|
use std::convert::TryFrom;
|
|
|
|
|
use std::fs::File;
|
|
|
|
|
use std::io::prelude::*;
|
|
|
|
|
|
|
|
|
|
use crate::api::r0::keys;
|
|
|
|
|
use crate::crypto::machine::OlmMachine;
|
|
|
|
|
use http::Response;
|
|
|
|
|
|
|
|
|
|
fn response_from_file(path: &str) -> Response<Vec<u8>> {
|
2020-02-26 08:36:52 +00:00
|
|
|
let mut file = File::open(path)
|
|
|
|
|
.unwrap_or_else(|_| panic!(format!("No such data file found {}", path)));
|
2020-02-25 13:24:18 +00:00
|
|
|
let mut contents = Vec::new();
|
|
|
|
|
file.read_to_end(&mut contents)
|
2020-02-26 08:36:52 +00:00
|
|
|
.unwrap_or_else(|_| panic!(format!("Can't read data file {}", path)));
|
2020-02-25 13:24:18 +00:00
|
|
|
|
|
|
|
|
Response::builder().status(200).body(contents).unwrap()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn keys_upload_response() -> keys::upload_keys::Response {
|
|
|
|
|
let data = response_from_file("tests/data/keys_upload.json");
|
|
|
|
|
keys::upload_keys::Response::try_from(data).expect("Can't parse the keys upload response")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn create_olm_machine() {
|
|
|
|
|
let machine = OlmMachine::new(USER_ID, DEVICE_ID);
|
|
|
|
|
assert!(machine.should_upload_keys());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[async_std::test]
|
|
|
|
|
async fn receive_keys_upload_response() {
|
|
|
|
|
let mut machine = OlmMachine::new(USER_ID, DEVICE_ID);
|
|
|
|
|
let mut response = keys_upload_response();
|
|
|
|
|
|
2020-02-25 13:36:09 +00:00
|
|
|
response
|
|
|
|
|
.one_time_key_counts
|
|
|
|
|
.remove(&keys::KeyAlgorithm::SignedCurve25519)
|
|
|
|
|
.unwrap();
|
2020-02-25 13:24:18 +00:00
|
|
|
|
|
|
|
|
assert!(machine.should_upload_keys());
|
|
|
|
|
machine.receive_keys_upload_response(&response).await;
|
|
|
|
|
assert!(!machine.should_upload_keys());
|
|
|
|
|
|
2020-02-25 13:36:09 +00:00
|
|
|
response.one_time_key_counts.insert(
|
|
|
|
|
keys::KeyAlgorithm::SignedCurve25519,
|
|
|
|
|
UInt::try_from(10).unwrap(),
|
|
|
|
|
);
|
2020-02-25 13:24:18 +00:00
|
|
|
machine.receive_keys_upload_response(&response).await;
|
|
|
|
|
assert!(machine.should_upload_keys());
|
|
|
|
|
|
2020-02-25 13:36:09 +00:00
|
|
|
response.one_time_key_counts.insert(
|
|
|
|
|
keys::KeyAlgorithm::SignedCurve25519,
|
|
|
|
|
UInt::try_from(50).unwrap(),
|
|
|
|
|
);
|
2020-02-25 13:24:18 +00:00
|
|
|
machine.receive_keys_upload_response(&response).await;
|
|
|
|
|
assert!(!machine.should_upload_keys());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[async_std::test]
|
|
|
|
|
async fn generate_one_time_keys() {
|
|
|
|
|
let mut machine = OlmMachine::new(USER_ID, DEVICE_ID);
|
|
|
|
|
|
|
|
|
|
let mut response = keys_upload_response();
|
|
|
|
|
|
|
|
|
|
assert!(machine.should_upload_keys());
|
|
|
|
|
assert!(machine.generate_one_time_keys().is_err());
|
|
|
|
|
|
|
|
|
|
machine.receive_keys_upload_response(&response).await;
|
|
|
|
|
assert!(machine.should_upload_keys());
|
|
|
|
|
assert!(machine.generate_one_time_keys().is_ok());
|
|
|
|
|
|
2020-02-25 13:36:09 +00:00
|
|
|
response.one_time_key_counts.insert(
|
|
|
|
|
keys::KeyAlgorithm::SignedCurve25519,
|
|
|
|
|
UInt::try_from(50).unwrap(),
|
|
|
|
|
);
|
2020-02-25 13:24:18 +00:00
|
|
|
machine.receive_keys_upload_response(&response).await;
|
|
|
|
|
assert!(machine.generate_one_time_keys().is_err());
|
|
|
|
|
}
|
2020-02-25 16:36:11 +00:00
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_device_key_signing() {
|
|
|
|
|
let machine = OlmMachine::new(USER_ID, DEVICE_ID);
|
|
|
|
|
|
|
|
|
|
let mut device_keys = machine.device_keys();
|
|
|
|
|
let identity_keys = machine.account.identity_keys();
|
|
|
|
|
let ed25519_key = identity_keys.ed25519();
|
|
|
|
|
|
|
|
|
|
let ret = machine.verify_json(
|
|
|
|
|
&machine.user_id,
|
|
|
|
|
&machine.device_id,
|
|
|
|
|
ed25519_key,
|
|
|
|
|
&mut device_keys,
|
|
|
|
|
);
|
|
|
|
|
assert!(ret.is_ok());
|
|
|
|
|
}
|
2020-02-25 16:49:43 +00:00
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_invalid_signature() {
|
|
|
|
|
let machine = OlmMachine::new(USER_ID, DEVICE_ID);
|
|
|
|
|
|
|
|
|
|
let mut device_keys = machine.device_keys();
|
|
|
|
|
|
|
|
|
|
let ret = machine.verify_json(
|
|
|
|
|
&machine.user_id,
|
|
|
|
|
&machine.device_id,
|
|
|
|
|
"fake_key",
|
|
|
|
|
&mut device_keys,
|
|
|
|
|
);
|
|
|
|
|
assert!(ret.is_err());
|
|
|
|
|
}
|
2020-02-29 10:13:57 +00:00
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_one_time_key_signing() {
|
|
|
|
|
let mut machine = OlmMachine::new(USER_ID, DEVICE_ID);
|
|
|
|
|
machine.uploaded_signed_key_count = Some(49);
|
|
|
|
|
|
|
|
|
|
let mut one_time_keys = machine.signed_one_time_keys().unwrap();
|
|
|
|
|
let identity_keys = machine.account.identity_keys();
|
|
|
|
|
let ed25519_key = identity_keys.ed25519();
|
|
|
|
|
|
|
|
|
|
let mut one_time_key = one_time_keys
|
|
|
|
|
.as_object_mut()
|
|
|
|
|
.unwrap()
|
|
|
|
|
.values_mut()
|
|
|
|
|
.nth(0)
|
|
|
|
|
.unwrap();
|
|
|
|
|
|
|
|
|
|
let ret = machine.verify_json(
|
|
|
|
|
&machine.user_id,
|
|
|
|
|
&machine.device_id,
|
|
|
|
|
ed25519_key,
|
|
|
|
|
&mut one_time_key,
|
|
|
|
|
);
|
|
|
|
|
assert!(ret.is_ok());
|
|
|
|
|
}
|
2020-02-25 13:24:18 +00:00
|
|
|
}
|
