Crypt push4 #70
Merged
Crypt push4 #70
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hmm this needs some rebasing for the last few image commits with the file/video url stuff I just merged. Working on it. |
Windows build not tested. Note that libolm doesn't currently have the pkgconf magic. Compile with make -DMATRIX_NO_E2E to disable olm linking and e2e in general. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Make matrix-json use spaces rather than tabs. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Matrix signing relies on signing Json formatted to be 'canonical' as per https://matrix.org/speculator/spec/drafts%2Fe2e/appendices.html#canonical-json Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Add api call for uploading device and one time keys. It expects the json blobs to be presigned. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Somewhere for the e2e magic to happen. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Given a JsonObject, produce a canonical json blob, sign it and add the signature back into the JsonObject. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Signed-off-by: Dr. David Alan Gilbert <[email protected]>
We can't rely on having memset_s, so add our own equivalent that declares itself volatile. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
The OLM account state can be 'pickled'; we store this in Purple's account data store as a JSON string. Note; OLM lets us encrypt the pickle, but we've got no key to encrypt it with; I don't think Purple has anything for wiring into the system key store. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Allocate a blob of memory and fill it with random data. (There must be some existing portable function for this?!) Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Parse the output of olm_account_identity_keys to get a list of algorithms and the keys for them. There really should be a better way; the algorithm names in here match what we need in the keys section, but we have to append the device id later, so it's a pain that it returns (undocumented) JSON. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
If we've got a previously stored olm account state then use it, else create us a new one. Either way, upload the device keys to the server. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
The server returns the count of one-time-keys that it has, we parse that and detect if we need to send more. It's a little tricky in that a server that doesn't have any keys will send an empty response, so force sending in that case. If we get to the point of multiple types of keys this will need reworking to make sure we only send the key types needed. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Parse the key upload return to see if we need to send any one time keys. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
We're going to need a: database of olm sessions a device trust database a database of megaolm sessions Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Parse the device-2-device messages in a sync. We have to get the order right since we need the rooms created before parsing the d2d messages, but we may need to have processed the d2d messages to decrypt events in the room. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Route the count of remaining one time keys out of the sync result. We need the newer (v2?) API for this. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Parse the top level of m.room.encrypted messages. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Create an olm inbound session and use it to decrypt the message. Later patches will handle storing/retrieving the OLM sessions. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Check the decrypted messages have matching keys/devices etc before parsing them any further. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Attach to the room storage for inbound megolm sessions. TODO: Store to db TODO: Clean up this list in matrix_room_create_conversation Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Decrypted olm messages of type m.room_key create inbound megolm sessions. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Decrypt m.room.encrypted messages sent to a room; these come out with normal events. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Parse the decrypted JSON and route it back up to the room code. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Keep a hash/list of olm sessions in memory and load them from the db if we find we haven't got one. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Update sessions stored in the db after starting sessions. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Cleanup on closing the plugin or leaving a conversation. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Add a purple action (i.e. thing on the accounts->matrix-> menu) to display the device ID and public key. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
JSON web signatures almost use base64 but with a slightly odd encoding; decoding a JWS to base64. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
For encrypted images the decrypted message contains key information to decrypt the actual media once received. Add a structure and a parser to extract the information from the JSON. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
m.image messages in the e2e world have a different format and include keys. Decode the extra structures. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Pass the received image data through gcrypt to do the decryption using the previously received keys. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Use the previously stashed crypto data to decrypt the image. Signed-off-by: Dr. David Alan Gilbert <[email protected]>
penguin42
force-pushed
the
crypt-push4
branch
from
fa4ee0c to
7507de1
Compare
|
right that works on top of current head; please review/merge |
krombel
reviewed
Apr 4, 2018
matrix-api.c
Outdated
| gchar *json; | ||
|
|
||
| url = g_string_new(conn->homeserver); | ||
| g_string_append(url, "_matrix/client/unstable/keys/upload?access_token="); |
There was a problem hiding this comment.
the unstable endpoint should not be used
matrix-api.c
Outdated
| @@ -652,7 +652,7 @@ MatrixApiRequestData *matrix_api_sync(MatrixConnectionData *conn, | |||
|
|
|||
| url = g_string_new(conn->homeserver); | |||
| g_string_append_printf(url, | |||
| "_matrix/client/r0/sync?access_token=%s&timeout=%i", | |||
| "_matrix/client/unstable/sync?access_token=%s&timeout=%i", | |||
There was a problem hiding this comment.
what is the reason to switch to unstable? It should not be used (anymore)
There was a problem hiding this comment.
Thanks, krombel - it stabilised since I wrote this (the spec is still a bit odd - it says it's being worked on but has now started using the r0/ path). I'll update it.
|
Hi is there possibility to import OLM keys saved in riot before? |
|
I'm going to merge this. It's not much use in a branch, and it looks sensible in as much detail as I've been able to look at it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This has a minor cleanup relative to push3, but also has 5 more commits on the end that do image decryption.
You might want to pull upto those or leave those last few separately, or take the lot.