func (d *Daemon) decryptFirstMessage(envelope []byte, pkList []*[32]byte, skList []*[32]byte) (*proto.Message, *ratchet.Ratchet, int, error) {
skAuth := (*[32]byte)(&d.MessageAuthSecretKey)
ratch, msg, index, err := util.DecryptAuthFirst(envelope, pkList, skList, skAuth, d.ProfileRatchet)
if err != nil {
return nil, nil, -1, err
}
message := new(proto.Message)
if err := message.Unmarshal(msg); err != nil {
return nil, nil, -1, err
}
return message, ratch, index, nil
}
func decryptMessage(envelope []byte, ratchets []*ratchet.Ratchet) (*proto.Message, *ratchet.Ratchet, error) {
var ratch *ratchet.Ratchet
var msg []byte
var err error
for _, msgRatch := range ratchets {
ratch, msg, err = util.DecryptAuth(envelope, msgRatch)
if err == nil {
break // found the right ratchet
}
}
if msg == nil {
return nil, nil, fmt.Errorf("could not find suitable ratchet: %v", err)
}
message := new(proto.Message)
if err := message.Unmarshal(msg); err != nil {
return nil, nil, err
}
return message, ratch, nil
}
func CheckAuthWith(prt ProfileRatchet) func([]byte, []byte, []byte, *[32]byte) error {
return func(tag, data, msg []byte, ourAuthPrivate *[32]byte) error {
var sharedAuthKey [32]byte
message := new(proto.Message)
unpadMsg := proto.Unpad(msg)
err := message.Unmarshal(unpadMsg)
if err != nil {
return err
}
profile, err := prt(message.Dename, message.DenameLookup)
if err != nil {
return err
}
chatProfileBytes, err := client.GetProfileField(profile, PROFILE_FIELD_ID)
if err != nil {
return err
}
chatProfile := new(proto.Profile)
if err := chatProfile.Unmarshal(chatProfileBytes); err != nil {
return err
}
theirAuthPublic := (*[32]byte)(&chatProfile.MessageAuthKey)
curve25519.ScalarMult(&sharedAuthKey, ourAuthPrivate, theirAuthPublic)
h := hmac.New(sha256.New, sharedAuthKey[:])
h.Write(data)
if subtle.ConstantTimeCompare(tag, h.Sum(nil)[:len(tag)]) == 0 {
return errors.New("Authentication failed: failed to reproduce envelope auth tag using the current auth pubkey from dename")
}
return nil
}
}