func muteprotoFetch(
myID, contactID string,
msgDB *msgdb.MsgDB,
c *cli.Context,
privkey, server string,
lastMessageTime int64,
) (newMessageTime int64, err error) {
log.Debug("muteprotoFetch()")
args := []string{
"--homedir", c.GlobalString("homedir"),
"--loglevel", c.GlobalString("loglevel"),
"--logdir", c.GlobalString("logdir"),
"fetch",
"--server", server,
"--last-message-time", strconv.FormatInt(lastMessageTime, 10),
}
cmd := exec.Command("muteproto", args...)
stdout, err := cmd.StdoutPipe()
if err != nil {
return 0, err
}
stderr, err := cmd.StderrPipe()
if err != nil {
return 0, err
}
ppR, ppW, err := os.Pipe()
if err != nil {
return 0, err
}
defer ppR.Close()
ppW.Write([]byte(privkey))
ppW.Close()
cmd.ExtraFiles = append(cmd.ExtraFiles, ppR)
cmdR, cmdW, err := os.Pipe()
if err != nil {
return 0, err
}
defer cmdR.Close()
defer cmdW.Close()
cmd.ExtraFiles = append(cmd.ExtraFiles, cmdR)
if err := cmd.Start(); err != nil {
return 0, err
}
var outbuf bytes.Buffer
status := bufio.NewReader(stderr)
input := make(chan []byte)
go func() {
for {
buf := make([]byte, 4096)
n, err := stdout.Read(buf)
if n > 0 {
input <- buf[:n]
}
if err != nil {
if err == io.EOF {
return
}
log.Error(err)
return
}
}
}()
firstMessage := true
cache, err := msgDB.GetMessageIDCache(myID, contactID)
if err != nil {
return 0, err
}
for {
// read status output
line, err := status.ReadString('\n')
if err != nil {
return 0, log.Error(err)
}
line = strings.TrimSpace(line)
if line == "NONE" {
log.Debug("read: NONE")
break
}
if strings.HasSuffix(line, "accountdb: nothing found") {
log.Info("account has no messages")
return 0, nil
}
parts := strings.Split(line, "\t")
if len(parts) != 2 || parts[0] != "MESSAGEID:" {
return 0, log.Errorf("ctrlengine: MESSAGEID line expected from muteproto, got: %s", line)
}
messageID := parts[1]
log.Debugf("read: MESSAGEID:\t%s", messageID)
if cache[messageID] {
// message known -> abort fetching messages and remove old IDs from cache
log.Debug("write: QUIT")
fmt.Fprintln(cmdW, "QUIT")
err := msgDB.RemoveMessageIDCache(myID, contactID, messageID)
if err != nil {
return 0, log.Error(err)
}
break
} else {
// message unknown -> fetch it and add messageID to cache
log.Debug("write: NEXT")
fmt.Fprintln(cmdW, "NEXT")
err := msgDB.AddMessageIDCache(myID, contactID, messageID)
if err != nil {
return 0, log.Error(err)
}
}
// read message
stop := make(chan uint64)
done := make(chan bool)
go func() {
for {
select {
case buf := <-input:
outbuf.Write(buf)
case length := <-stop:
for uint64(outbuf.Len()) < length {
buf := <-input
outbuf.Write(buf)
}
done <- true
return
}
}
}()
// read LENGTH
line, err = status.ReadString('\n')
if err != nil {
return 0, log.Error(err)
}
parts = strings.Split(strings.TrimRight(line, "\n"), "\t")
if len(parts) != 2 || parts[0] != "LENGTH:" {
return 0, log.Errorf("ctrlengine: LENGTH line expected from muteproto, got: %s", line)
}
length, err := strconv.ParseUint(parts[1], 10, 64)
if err != nil {
return 0, log.Error(err)
}
log.Debugf("read: LENGTH:\t%d", length)
// read RECEIVETIME
line, err = status.ReadString('\n')
if err != nil {
return 0, log.Error(err)
}
parts = strings.Split(strings.TrimRight(line, "\n"), "\t")
if len(parts) != 2 || parts[0] != "RECEIVETIME:" {
return 0, log.Errorf("ctrlengine: RECEIVETIME line expected from muteproto, got: %s", line)
}
receiveTime, err := strconv.ParseInt(parts[1], 10, 64)
if err != nil {
return 0, log.Error(err)
}
log.Debugf("read: RECEIVETIME:\t%d", receiveTime)
stop <- length
<-done
err = msgDB.AddInQueue(myID, contactID, receiveTime, outbuf.String())
if err != nil {
return 0, err
}
if firstMessage {
newMessageTime = receiveTime
firstMessage = false
}
outbuf.Reset()
}
if err := cmd.Wait(); err != nil {
return 0, err
}
return
}
func (ce *CtrlEngine) procInQueue(c *cli.Context, host string) error {
log.Debug("procInQueue()")
for {
// get message from msgDB
iqIdx, myID, contactID, msg, envelope, err := ce.msgDB.GetInQueue()
if err != nil {
return err
}
if myID == "" {
log.Debug("no more messages in inqueue")
break // no more messages in inqueue
}
if envelope {
log.Debugf("decrypt envelope (iqIdx=%d)", iqIdx)
// decrypt envelope
message, err := base64.Decode(msg)
if err != nil {
return log.Error(err)
}
privkey, server, secret, _, _, _, err := ce.msgDB.GetAccount(myID, contactID)
if err != nil {
return err
}
receiveTemplate := nymaddr.AddressTemplate{
Secret: secret[:],
}
var pubkey [32]byte
copy(pubkey[:], privkey[32:])
dec, nym, err := mixcrypt.ReceiveFromMix(receiveTemplate,
util.MailboxAddress(&pubkey, server), message)
if err != nil {
return log.Error(err)
}
if !bytes.Equal(nym, cipher.SHA256([]byte(myID))) {
// discard message
log.Warnf("ctrlengine: hashed nym does not match %s -> discard message", myID)
if err := ce.msgDB.DelInQueue(iqIdx); err != nil {
return err
}
} else {
log.Info("envelope successfully decrypted")
err := ce.msgDB.SetInQueue(iqIdx, base64.Encode(dec))
if err != nil {
return err
}
}
} else {
log.Debugf("decrypt message (iqIdx=%d)", iqIdx)
senderID, plainMsg, err := mutecryptDecrypt(c, ce.passphrase,
[]byte(msg), ce.fileTable.StatusFP)
if err != nil {
return err
}
if senderID == "" {
// message could not be decrypted, but we do not want to fail
if err := ce.msgDB.DelInQueue(iqIdx); err != nil {
return err
}
continue
}
// check if contact exists
contact, _, contactType, err := ce.msgDB.GetContact(myID, senderID)
if err != nil {
return log.Error(err)
}
// TODO: we do not have to do request UID message from server
// here, but we should use the one contained in the message and
// compare it with hash chain entry (doesn't compromise anonymity)
var drop bool
if contact == "" {
err := ce.contactAdd(myID, senderID, "", host, msgdb.GrayList, c)
if err != nil {
return log.Error(err)
}
} else if contactType == msgdb.BlackList {
// messages from black listed contacts are dropped directly
log.Debug("message from black listed contact dropped")
drop = true
}
err = ce.msgDB.RemoveInQueue(iqIdx, plainMsg, senderID, drop)
if err != nil {
return err
}
}
}
return nil
}
func (ce *CtrlEngine) msgSend(
c *cli.Context,
id string,
all bool,
failDelivery bool,
) error {
nyms, err := ce.getNyms(id, all)
if err != nil {
return err
}
for _, nym := range nyms {
// clear resend status for old messages in outqueue
if err := ce.msgDB.ClearResendOutQueue(nym); err != nil {
return err
}
// process old messages in outqueue
if err := ce.procOutQueue(c, nym, failDelivery); err != nil {
return err
}
/*
ids, err := ce.msgDB.GetMsgIDs(nym)
if err != nil {
return err
}
for _, id := range ids {
log.Debugf("id=%d, to=%s", id.MsgID, id.To)
}
*/
// add all undelivered messages to outqueue
var recvNymAddress string
for {
msgID, peer, msg, sign, minDelay, maxDelay, err :=
ce.msgDB.GetUndeliveredMessage(nym)
if err != nil {
return err
}
if peer == "" {
log.Debug("break")
break // no more undelivered messages
}
// determine recipient nymaddress for encryption, if necessary
if recvNymAddress == "" {
// TODO! (implement more accounts? delay settings?)
privkey, server, secret, minDelay, maxDelay, _, err :=
ce.msgDB.GetAccount(nym, "")
if err != nil {
return err
}
_, domain, err := identity.Split(nym)
if err != nil {
return err
}
expire := times.ThirtyDaysLater() // TODO: make this settable
singleUse := false // TODO correct?
var pubkey [ed25519.PublicKeySize]byte
copy(pubkey[:], privkey[32:])
_, recvNymAddress, err = util.NewNymAddress(domain, secret[:],
expire, singleUse, minDelay, maxDelay, nym, &pubkey, server,
def.CACert)
if err != nil {
return err
}
}
// encrypt
enc, nymaddress, err := mutecryptEncrypt(c, nym, peer,
ce.passphrase, msg, sign, recvNymAddress)
if err != nil {
return log.Error(err)
}
// add to outqueue
log.Debug("add")
err = ce.msgDB.AddOutQueue(nym, msgID, enc, nymaddress,
minDelay, maxDelay)
if err != nil {
return log.Error(err)
}
}
// process new messages in outqueue
if err := ce.procOutQueue(c, nym, failDelivery); err != nil {
return err
}
}
return nil
}
func (ce *CtrlEngine) procOutQueue(
c *cli.Context,
nym string,
failDelivery bool,
) error {
log.Debug("procOutQueue()")
for {
oqIdx, msg, nymaddress, minDelay, maxDelay, envelope, err :=
ce.msgDB.GetOutQueue(nym)
if err != nil {
return err
}
if msg == "" {
log.Debug("break")
break // no more messages in outqueue
}
if !envelope {
log.Debug("envelope")
// parse nymaddress
na, err := base64.Decode(nymaddress)
if err != nil {
return log.Error(na)
}
addr, err := nymaddr.ParseAddress(na)
if err != nil {
return err
}
// get token from wallet
var pubkey [32]byte
copy(pubkey[:], addr.TokenPubKey)
token, err := wallet.GetToken(ce.client, "Message", &pubkey)
if err != nil {
return err
}
// `muteproto create`
env, err := muteprotoCreate(c, msg, minDelay, maxDelay,
base64.Encode(token.Token), nymaddress)
if err != nil {
return log.Error(err)
}
// update outqueue
if err := ce.msgDB.SetOutQueue(oqIdx, env); err != nil {
ce.client.UnlockToken(token.Hash)
return err
}
ce.client.DelToken(token.Hash)
msg = env
}
// `muteproto deliver`
if failDelivery {
return log.Error(ErrDeliveryFailed)
}
sendTime := times.Now() + int64(minDelay) // earliest
resend, err := muteprotoDeliver(c, msg)
if err != nil {
// If the message delivery failed because the token expired in the
// meantime we retract the message from the outqueue (setting it
// back to 'ToSend') and start the delivery process for this
// message all over again.
// Matching the error message string is not optimal, but the best
// available solution since the error results from calling another
// binary (muteproto).
if strings.HasSuffix(err.Error(), client.ErrFinal.Error()) {
log.Debug("retract")
if err := ce.msgDB.RetractOutQueue(oqIdx); err != nil {
return err
}
continue
}
return log.Error(err)
}
if resend {
// set resend status
log.Debug("resend")
if err := ce.msgDB.SetResendOutQueue(oqIdx); err != nil {
return err
}
} else {
// remove from outqueue
log.Debug("remove")
if err := ce.msgDB.RemoveOutQueue(oqIdx, sendTime); err != nil {
return err
}
}
}
return nil
}
// Decrypt decrypts a message with the argument given in args.
// The senderID is returned.
// If the message was signed and the signature could be verified successfully
// the base64 encoded signature is returned. If the message was signed and the
// signature could not be verfied an error is returned.
func Decrypt(args *DecryptArgs) (senderID, sig string, err error) {
log.Debug("msg.Decrypt()")
// set default
if args.NumOfKeys == 0 {
args.NumOfKeys = NumOfFutureKeys
}
// read pre-header
ph, err := readPreHeader(bytes.NewBuffer(args.PreHeader))
if err != nil {
return "", "", err
}
if ph.LengthSenderHeaderPub != 32 {
return "", "", log.Errorf("msg: ph.LengthSenderHeaderPub != 32")
}
var senderHeaderPub [32]byte
copy(senderHeaderPub[:], ph.SenderHeaderPub)
// read header packet
oh, err := readOuterHeader(args.Reader)
if err != nil {
return "", "", err
}
if oh.Type != encryptedHeader {
return "", "", log.Error(ErrNotEncryptedHeader)
}
count := uint32(1)
if oh.PacketCount != count {
return "", "", log.Error(ErrWrongCount)
}
count++
identity, h, err := readHeader(&senderHeaderPub, args.Identities,
bytes.NewBuffer(oh.inner))
if err != nil {
return "", "", err
}
senderID = h.SenderIdentity
recipientID := identity.PubKey()
log.Debugf("senderID: %s", h.SenderIdentityPub.HASH)
log.Debugf("recipientID: %s", recipientID.HASH)
log.Debugf("h.SenderSessionCount: %d", h.SenderSessionCount)
log.Debugf("h.SenderMessageCount: %d", h.SenderMessageCount)
log.Debugf("h.SenderSessionPub: %s", h.SenderSessionPub.HASH)
if h.NextSenderSessionPub != nil {
log.Debugf("h.NextSenderSessionPub: %s", h.NextSenderSessionPub.HASH)
}
if h.NextRecipientSessionPubSeen != nil {
log.Debugf("h.NextRecipientSessionPubSeen: %s",
h.NextRecipientSessionPubSeen.HASH)
}
// proc sender UID in parallel
res := make(chan *procUIDResult, 1)
go procUID(h.SenderUID, res)
// get session state
sender := h.SenderIdentity
recipient := identity.Identity()
log.Debugf("%s -> %s", sender, recipient)
sessionStateKey := session.CalcStateKey(recipientID.PublicKey32(),
h.SenderIdentityPub.PublicKey32())
ss, err := args.KeyStore.GetSessionState(sessionStateKey)
if err != nil {
return "", "", err
}
sessionKey := session.CalcKey(recipientID.HASH, h.SenderIdentityPub.HASH,
h.RecipientTempHash, h.SenderSessionPub.HASH)
if !args.KeyStore.HasSession(sessionKey) { // session unknown
// try to start session from KeyInit message
recipientKI, err := args.KeyStore.GetPrivateKeyEntry(h.RecipientTempHash)
if err != nil && err != session.ErrNoKeyEntry {
return "", "", err
}
if err != session.ErrNoKeyEntry { // KeyInit message found
// root key agreement
err = rootKeyAgreementRecipient(&senderHeaderPub, sender, recipient,
&h.SenderSessionPub, &h.SenderIdentityPub, recipientKI, recipientID,
nil, args.NumOfKeys, args.KeyStore)
if err != nil {
return "", "", err
}
// TODO: delete single-use KeyInit message
// use the 'smaller' session as the definite one
// TODO: h.SenderSessionPub.HASH < ss.SenderSessionPub.HASH
if ss == nil || (ss.KeyInitSession && sender < recipient) {
// create next session key
var nextSenderSession uid.KeyEntry
if err := nextSenderSession.InitDHKey(args.Rand); err != nil {
return "", "", err
}
// store next session key
err := addSessionKey(args.KeyStore, &nextSenderSession)
if err != nil {
return "", "", err
}
// if we already got h.NextSenderSessionPub prepare next session
if h.NextSenderSessionPub != nil {
previousRootKeyHash, err := args.KeyStore.GetRootKeyHash(sessionKey)
if err != nil {
return "", "", err
}
// root key agreement
err = rootKeyAgreementSender(&senderHeaderPub, recipient,
sender, &nextSenderSession, recipientID,
h.NextSenderSessionPub, &h.SenderIdentityPub,
previousRootKeyHash, args.NumOfKeys, args.KeyStore)
if err != nil {
return "", "", err
}
}
// set session state
ss = &session.State{
SenderSessionCount: 0,
SenderMessageCount: 0,
MaxRecipientCount: 0,
RecipientTemp: h.SenderSessionPub,
SenderSessionPub: *recipientKI,
NextSenderSessionPub: &nextSenderSession,
NextRecipientSessionPubSeen: h.NextSenderSessionPub,
NymAddress: h.NymAddress,
KeyInitSession: false,
}
err = args.KeyStore.SetSessionState(sessionStateKey, ss)
if err != nil {
return "", "", err
}
}
} else { // no KeyInit message found
// TODO: ???
}
} else { // session known
log.Debug("session known")
// check if session state reflects that session
if h.RecipientTempHash == ss.SenderSessionPub.HASH &&
h.SenderSessionPub.HASH == ss.RecipientTemp.HASH {
log.Debug("session state reflects that session")
if h.NextSenderSessionPub != nil {
log.Debug("h.NextSenderSessionPub is defined")
}
if h.NextRecipientSessionPubSeen != nil {
log.Debug("h.NextRecipientSessionPubSeen is defined")
}
if h.NextSenderSessionPub != nil {
// if other side has set its NextSenderSessionPubKey we set
// ours immediately
if ss.NextSenderSessionPub == nil {
// prepare upcoming session, but do not switch to it yet
nextSenderSession, err := setNextSenderSessionPub(args.KeyStore, ss,
sessionStateKey, args.Rand)
if err != nil {
return "", "", err
}
previousRootKeyHash, err := args.KeyStore.GetRootKeyHash(sessionKey)
if err != nil {
return "", "", err
}
// root key agreement
err = rootKeyAgreementSender(&senderHeaderPub, recipient,
sender, nextSenderSession, recipientID,
h.NextSenderSessionPub, &h.SenderIdentityPub,
previousRootKeyHash, args.NumOfKeys, args.KeyStore)
if err != nil {
return "", "", err
}
if ss.NextRecipientSessionPubSeen == nil {
// save h.NextSenderSessionPub, if necessary
ss.NextRecipientSessionPubSeen = h.NextSenderSessionPub
err := args.KeyStore.SetSessionState(sessionStateKey, ss)
if err != nil {
return "", "", err
}
}
} else if h.NextRecipientSessionPubSeen != nil &&
h.NextRecipientSessionPubSeen.HASH == ss.NextSenderSessionPub.HASH {
// switch to next session
nextSenderSession, err := getSessionKey(args.KeyStore,
ss.NextSenderSessionPub.HASH)
if err != nil {
return "", "", err
}
previousRootKeyHash, err := args.KeyStore.GetRootKeyHash(sessionKey)
if err != nil {
return "", "", err
}
// root key agreement
err = rootKeyAgreementRecipient(&senderHeaderPub, sender,
recipient, h.NextSenderSessionPub, &h.SenderIdentityPub,
nextSenderSession, recipientID, previousRootKeyHash,
args.NumOfKeys, args.KeyStore)
if err != nil {
return "", "", err
}
// store new session state
ss = &session.State{
SenderSessionCount: ss.SenderSessionCount + ss.SenderMessageCount,
SenderMessageCount: 0,
MaxRecipientCount: 0,
RecipientTemp: *h.NextSenderSessionPub,
SenderSessionPub: *nextSenderSession,
NextSenderSessionPub: nil,
NextRecipientSessionPubSeen: nil,
NymAddress: h.NymAddress,
KeyInitSession: false,
}
err = args.KeyStore.SetSessionState(sessionStateKey, ss)
if err != nil {
return "", "", err
}
}
}
} else {
// check if session matches next session
if ss.NextSenderSessionPub != nil &&
ss.NextRecipientSessionPubSeen != nil &&
ss.NextSenderSessionPub.HASH == h.RecipientTempHash &&
ss.NextRecipientSessionPubSeen.HASH == h.SenderSessionPub.HASH {
// switch session
ss = &session.State{
SenderSessionCount: ss.SenderSessionCount + ss.SenderMessageCount,
SenderMessageCount: 0,
MaxRecipientCount: 0,
RecipientTemp: h.SenderSessionPub,
SenderSessionPub: *ss.NextSenderSessionPub,
NextSenderSessionPub: nil,
NextRecipientSessionPubSeen: nil,
NymAddress: h.NymAddress,
KeyInitSession: false,
}
err = args.KeyStore.SetSessionState(sessionStateKey, ss)
if err != nil {
return "", "", err
}
}
}
// a message with this session key has been decrypted -> delete key
if err := args.KeyStore.DelPrivSessionKey(h.RecipientTempHash); err != nil {
return "", "", err
}
}
// make sure we got enough message keys
n, err := args.KeyStore.NumMessageKeys(sessionKey)
if err != nil {
return "", "", err
}
if h.SenderMessageCount >= n {
// generate more message keys
log.Debugf("generate more message keys (h.SenderMessageCount=%d, n=%d)",
h.SenderMessageCount, n)
chainKey, err := args.KeyStore.GetChainKey(sessionKey)
if err != nil {
return "", "", err
}
// prevent denial of service attack by very large h.SenderMessageCount
numOfKeys := h.SenderMessageCount / args.NumOfKeys
if h.SenderMessageCount%args.NumOfKeys > 0 {
numOfKeys++
}
numOfKeys *= args.NumOfKeys
if numOfKeys > mime.MaxMsgSize/MaxContentLength+NumOfFutureKeys {
return "", "",
log.Errorf("msg: requested number of message keys too large")
}
log.Debugf("numOfKeys=%d", numOfKeys)
var recipientPub *[32]byte
if h.RecipientTempHash == ss.SenderSessionPub.HASH {
recipientPub = ss.SenderSessionPub.PublicKey32()
} else {
log.Debug("different session")
recipientKI, err := args.KeyStore.GetPrivateKeyEntry(h.RecipientTempHash)
if err != nil && err != session.ErrNoKeyEntry {
return "", "", err
}
if err != session.ErrNoKeyEntry {
recipientPub = recipientKI.PublicKey32()
} else {
recipientKE, err := getSessionKey(args.KeyStore,
h.RecipientTempHash)
if err != nil {
return "", "", err
}
recipientPub = recipientKE.PublicKey32()
}
}
err = generateMessageKeys(sender, recipient, h.SenderIdentityPub.HASH,
recipientID.HASH, chainKey, true,
h.SenderSessionPub.PublicKey32(), recipientPub, numOfKeys,
args.KeyStore)
if err != nil {
return "", "", err
}
}
// get message key
messageKey, err := args.KeyStore.GetMessageKey(sessionKey, false,
h.SenderMessageCount)
if err != nil {
return "", "", err
}
// derive symmetric keys
cryptoKey, hmacKey, err := deriveSymmetricKeys(messageKey)
if err != nil {
return "", "", err
}
// read crypto setup packet
oh, err = readOuterHeader(args.Reader)
if err != nil {
return "", "", err
}
if oh.Type != cryptoSetup {
return "", "", log.Error(ErrNotCryptoSetup)
}
if oh.PacketCount != count {
return "", "", log.Error(ErrWrongCount)
}
count++
if oh.PLen != aes.BlockSize {
return "", "", log.Error(ErrWrongCryptoSetup)
}
iv := oh.inner
// start HMAC calculation
mac := hmac.New(sha512.New, hmacKey)
if err := oh.write(mac, true); err != nil {
return "", "", err
}
// actual decryption
oh, err = readOuterHeader(args.Reader)
if err != nil {
return "", "", err
}
if oh.Type != encryptedPacket {
return "", "", log.Error(ErrNotEncryptedPacket)
}
if oh.PacketCount != count {
return "", "", log.Error(ErrWrongCount)
}
count++
ciphertext := oh.inner
plaintext := make([]byte, len(ciphertext))
stream := cipher.AES256CTRStream(cryptoKey, iv)
stream.XORKeyStream(plaintext, ciphertext)
ih, err := readInnerHeader(bytes.NewBuffer(plaintext))
if err != nil {
return "", "", err
}
if ih.Type&dataType == 0 {
return "", "", log.Error(ErrNotData)
}
var contentHash []byte
if ih.Type&signType != 0 {
// create signature hash
contentHash = cipher.SHA512(ih.content)
}
if _, err := args.Writer.Write(ih.content); err != nil {
return "", "", log.Error(err)
}
// continue HMAC calculation
if err := oh.write(mac, true); err != nil {
return "", "", err
}
// verify signature
var sigBuf [ed25519.SignatureSize]byte
if contentHash != nil {
oh, err = readOuterHeader(args.Reader)
if err != nil {
return "", "", err
}
if oh.Type != encryptedPacket {
return "", "", log.Error(ErrNotEncryptedPacket)
}
if oh.PacketCount != count {
return "", "", log.Error(ErrWrongCount)
}
count++
// continue HMAC calculation
if err := oh.write(mac, true); err != nil {
return "", "", err
}
ciphertext = oh.inner
plaintext = make([]byte, len(ciphertext))
stream.XORKeyStream(plaintext, ciphertext)
ih, err = readInnerHeader(bytes.NewBuffer(plaintext))
if err != nil {
return "", "", err
}
if ih.Type&signatureType == 0 {
return "", "", log.Error(ErrNotSignaturePacket)
}
if len(ih.content) != ed25519.SignatureSize {
return "", "", log.Error(ErrWrongSignatureLength)
}
copy(sigBuf[:], ih.content)
} else {
oh, err = readOuterHeader(args.Reader)
if err != nil {
return "", "", err
}
if oh.Type != encryptedPacket {
return "", "", log.Error(ErrNotEncryptedPacket)
}
if oh.PacketCount != count {
return "", "", log.Error(ErrWrongCount)
}
count++
// continue HMAC calculation
if err := oh.write(mac, true); err != nil {
return "", "", err
}
ciphertext = oh.inner
plaintext = make([]byte, len(ciphertext))
stream.XORKeyStream(plaintext, ciphertext)
ih, err = readInnerHeader(bytes.NewBuffer(plaintext))
if err != nil {
return "", "", err
}
if ih.Type&paddingType == 0 {
return "", "", log.Error(ErrNotPaddingPacket)
}
}
// get processed sender UID
uidRes := <-res
if uidRes.err != nil {
return "", "", uidRes.err
}
// verify signature, if necessary
if contentHash != nil {
if !ed25519.Verify(uidRes.msg.PublicSigKey32(), contentHash, &sigBuf) {
return "", "", log.Error(ErrInvalidSignature)
}
// encode signature to base64 as return value
sig = base64.Encode(sigBuf[:])
}
// read HMAC packet
oh, err = readOuterHeader(args.Reader)
if err != nil {
return "", "", err
}
if oh.Type != hmacPacket {
return "", "", log.Error(ErrNotHMACPacket)
}
if oh.PacketCount != count {
return "", "", log.Error(ErrWrongCount)
}
count++
if err := oh.write(mac, false); err != nil {
return "", "", err
}
sum := mac.Sum(nil)
log.Debugf("HMAC: %s", base64.Encode(sum))
if !hmac.Equal(sum, oh.inner) {
return "", "", log.Error(ErrHMACsDiffer)
}
// delete message key
err = args.KeyStore.DelMessageKey(sessionKey, false, h.SenderMessageCount)
if err != nil {
return "", "", err
}
return
}
func (pe *ProtoEngine) fetch(
output io.Writer,
status io.Writer,
server string,
lastMessageTime int64,
command io.Reader,
) error {
// read passphrase
log.Infof("read private key from fd %d", pe.fileTable.PassphraseFD)
pks, err := util.Readline(pe.fileTable.PassphraseFP)
if err != nil {
return err
}
log.Info("done")
pk, err := base64.Decode(string(pks))
if err != nil {
return log.Error(err)
}
var privkey [ed25519.PrivateKeySize]byte
copy(privkey[:], pk)
log.Debugf("lastMessageTime=%d", lastMessageTime)
messages, err := client.ListMessages(&privkey, lastMessageTime, server,
def.CACert)
if err != nil {
// TODO: handle this better
if err.Error() == "accountdb: Nothing found" {
// no messages found
log.Info("write: NONE")
fmt.Fprintln(status, "NONE")
return nil
}
return log.Error(err)
}
/*
for _, message := range messages {
messageID := base64.Encode(message.MessageID)
log.Debugf("messageID=%s, ReceiveTime=%d, ReadTime=%d", messageID,
message.ReceiveTime, message.ReadTime)
}
*/
scanner := bufio.NewScanner(command)
for _, message := range messages {
msg, err := client.FetchMessage(&privkey, message.MessageID, server,
def.CACert)
if err != nil {
return log.Error(err)
}
messageID := base64.Encode(message.MessageID)
log.Debugf("write: MESSAGEID:\t%s", messageID)
fmt.Fprintf(status, "MESSAGEID:\t%s\n", messageID)
var command string
if scanner.Scan() {
command = scanner.Text()
} else {
return log.Error("protoengine: expecting command input")
}
if err := scanner.Err(); err != nil {
fmt.Fprintln(os.Stderr, "reading standard input:", err)
}
if command == "NEXT" {
log.Debug("read: NEXT")
enc := base64.Encode(msg)
if _, err := io.WriteString(output, enc); err != nil {
return log.Error(err)
}
log.Debugf("write: LENGTH:\t%d", len(enc))
fmt.Fprintf(status, "LENGTH:\t%d\n", len(enc))
log.Debugf("write: RECEIVETIME:\t%d", message.ReceiveTime)
fmt.Fprintf(status, "RECEIVETIME:\t%d\n", message.ReceiveTime)
} else if command == "QUIT" {
log.Debug("read: QUIT")
return nil
} else {
return log.Errorf("protoengine: unknown command '%s'", command)
}
}
// no more messages
log.Info("write: NONE")
fmt.Fprintln(status, "NONE")
return nil
}
// Encrypt encrypts a message with the argument given in args and returns the
// nymAddress the message should be delivered to.
func Encrypt(args *EncryptArgs) (nymAddress string, err error) {
log.Debugf("msg.Encrypt(): %s -> %s", args.From.Identity(), args.To.Identity())
// set defaults
if args.NumOfKeys == 0 {
args.NumOfKeys = NumOfFutureKeys
}
if args.AvgSessionSize == 0 {
args.AvgSessionSize = AverageSessionSize
}
// create sender key
senderHeaderKey, err := cipher.Curve25519Generate(cipher.RandReader)
if err != nil {
return "", log.Error(err)
}
// create pre-header
ph := newPreHeader(senderHeaderKey.PublicKey()[:])
// create base64 encoder
var out bytes.Buffer
wc := base64.NewEncoder(&out)
// write pre-header
var buf bytes.Buffer
var count uint32
if err := ph.write(&buf); err != nil {
return "", err
}
oh := newOuterHeader(preHeaderPacket, count, buf.Bytes())
if err := oh.write(wc, true); err != nil {
return "", err
}
count++
// get session state
sender := args.From.Identity()
recipient := args.To.Identity()
sessionStateKey := session.CalcStateKey(args.From.PubKey().PublicKey32(),
args.To.PubKey().PublicKey32())
var ss *session.State
if args.StatusCode != StatusReset {
ss, err = args.KeyStore.GetSessionState(sessionStateKey)
if err != nil {
return "", err
}
}
if ss == nil {
// no session found -> start first session
log.Debug("no session found -> start first session")
var recipientTemp *uid.KeyEntry
recipientTemp, nymAddress, err = args.KeyStore.GetPublicKeyEntry(args.To)
if err != nil {
return "", err
}
// create session key
var senderSession uid.KeyEntry
if err := senderSession.InitDHKey(args.Rand); err != nil {
return "", err
}
// store session key
if err := addSessionKey(args.KeyStore, &senderSession); err != nil {
return "", err
}
// root key agreement
err = rootKeyAgreementSender(senderHeaderKey.PublicKey(),
args.From.Identity(), args.To.Identity(), &senderSession,
args.From.PubKey(), recipientTemp, args.To.PubKey(), nil,
args.NumOfKeys, args.KeyStore)
if err != nil {
return "", err
}
// set session state
ss = &session.State{
SenderSessionCount: 0,
SenderMessageCount: 0,
MaxRecipientCount: 0,
RecipientTemp: *recipientTemp,
SenderSessionPub: senderSession,
NextSenderSessionPub: nil,
NextRecipientSessionPubSeen: nil,
NymAddress: nymAddress,
KeyInitSession: true,
}
log.Debugf("set session: %s", ss.SenderSessionPub.HASH)
err = args.KeyStore.SetSessionState(sessionStateKey, ss)
if err != nil {
return "", err
}
} else if args.StatusCode != StatusError { // do not update sessions for StatusError messages
log.Debug("session found")
log.Debugf("got session: %s", ss.SenderSessionPub.HASH)
nymAddress = ss.NymAddress
if ss.NextSenderSessionPub == nil {
// start new session in randomized fashion
n, err := rand.Int(cipher.RandReader, big.NewInt(int64(args.AvgSessionSize)))
if err != nil {
return "", err
}
if n.Int64() == 0 {
_, err := setNextSenderSessionPub(args.KeyStore, ss,
sessionStateKey, args.Rand)
if err != nil {
return "", err
}
}
}
}
// create header
log.Debugf("senderID: %s", args.From.UIDContent.PUBKEYS[0].HASH)
log.Debugf("recipientID: %s", args.To.UIDContent.PUBKEYS[0].HASH)
log.Debugf("ss.SenderSessionCount: %d", ss.SenderSessionCount)
log.Debugf("ss.SenderMessageCount: %d", ss.SenderMessageCount)
log.Debugf("ss.RecipientTempHash: %s", ss.RecipientTemp.HASH)
h, err := newHeader(args.From, args.To, ss.RecipientTemp.HASH,
&ss.SenderSessionPub, ss.NextSenderSessionPub,
ss.NextRecipientSessionPubSeen, args.NymAddress, ss.SenderSessionCount,
ss.SenderMessageCount, args.SenderLastKeychainHash, args.Rand,
args.StatusCode)
if err != nil {
return "", err
}
log.Debugf("h.SenderSessionPub: %s", h.SenderSessionPub.HASH)
if h.NextSenderSessionPub != nil {
log.Debugf("h.NextSenderSessionPub: %s", h.NextSenderSessionPub.HASH)
}
if h.NextRecipientSessionPubSeen != nil {
log.Debugf("h.NextRecipientSessionPubSeen: %s",
h.NextRecipientSessionPubSeen.HASH)
}
// create (encrypted) header packet
recipientIdentityPub, err := args.To.PublicKey()
if err != nil {
return "", err
}
hp, err := newHeaderPacket(h, recipientIdentityPub,
senderHeaderKey.PrivateKey(), args.Rand)
if err != nil {
return "", err
}
// write (encrypted) header packet
buf.Reset()
if err := hp.write(&buf); err != nil {
return "", err
}
oh = newOuterHeader(encryptedHeader, count, buf.Bytes())
if err := oh.write(wc, true); err != nil {
return "", err
}
count++
sessionKey := session.CalcKey(args.From.PubKey().HASH,
args.To.PubKey().HASH, ss.SenderSessionPub.HASH, ss.RecipientTemp.HASH)
// make sure we got enough message keys
n, err := args.KeyStore.NumMessageKeys(sessionKey)
if err != nil {
return "", err
}
if ss.SenderMessageCount >= n {
// generate more message keys
log.Debugf("generate more message keys (ss.SenderMessageCount=%d)",
ss.SenderMessageCount)
chainKey, err := args.KeyStore.GetChainKey(sessionKey)
if err != nil {
return "", err
}
err = generateMessageKeys(sender, recipient, args.From.PubKey().HASH,
args.To.PubKey().HASH, chainKey, false,
ss.SenderSessionPub.PublicKey32(), ss.RecipientTemp.PublicKey32(),
args.NumOfKeys, args.KeyStore)
if err != nil {
return "", err
}
}
// get message key
messageKey, err := args.KeyStore.GetMessageKey(sessionKey, true,
ss.SenderMessageCount)
if err != nil {
return "", err
}
// derive symmetric keys
cryptoKey, hmacKey, err := deriveSymmetricKeys(messageKey)
if err != nil {
return "", err
}
// write crypto setup packet
iv := make([]byte, aes.BlockSize)
if _, err := io.ReadFull(args.Rand, iv); err != nil {
return "", log.Error(err)
}
oh = newOuterHeader(cryptoSetup, count, iv)
if err := oh.write(wc, true); err != nil {
return "", err
}
count++
// start HMAC calculation
mac := hmac.New(sha512.New, hmacKey)
if err := oh.write(mac, true); err != nil {
return "", err
}
// actual encryption
var content []byte
if args.StatusCode == StatusOK { // StatusReset and StatusError messages are empty
content, err = ioutil.ReadAll(args.Reader)
if err != nil {
return "", log.Error(err)
}
}
// enforce maximum content length
if len(content) > MaxContentLength {
return "", log.Errorf("len(content) = %d > %d = MaxContentLength)",
len(content), MaxContentLength)
}
// encrypted packet
var contentHash []byte
var innerType uint8
if args.PrivateSigKey != nil {
contentHash = cipher.SHA512(content)
innerType = dataType | signType
} else {
innerType = dataType
}
ih := newInnerHeader(innerType, false, content)
buf.Reset()
if err := ih.write(&buf); err != nil {
return "", err
}
stream := cipher.AES256CTRStream(cryptoKey, iv)
stream.XORKeyStream(buf.Bytes(), buf.Bytes())
oh = newOuterHeader(encryptedPacket, count, buf.Bytes())
if err := oh.write(wc, true); err != nil {
return "", err
}
count++
// continue HMAC calculation
if err := oh.write(mac, true); err != nil {
return "", err
}
// signature header & padding
buf.Reset()
if args.PrivateSigKey != nil {
sig := ed25519.Sign(args.PrivateSigKey, contentHash)
// signature
ih = newInnerHeader(signatureType, true, sig[:])
if err := ih.write(&buf); err != nil {
return "", err
}
// padding
padLen := MaxContentLength - len(content)
pad, err := padding.Generate(padLen, cipher.RandReader)
if err != nil {
return "", err
}
ih = newInnerHeader(paddingType, false, pad)
if err := ih.write(&buf); err != nil {
return "", err
}
} else {
// just padding
padLen := MaxContentLength + signatureSize - encryptedPacketSize +
innerHeaderSize - len(content)
pad, err := padding.Generate(padLen, cipher.RandReader)
if err != nil {
return "", err
}
ih = newInnerHeader(paddingType, false, pad)
if err := ih.write(&buf); err != nil {
return "", err
}
}
// encrypt inner header
stream.XORKeyStream(buf.Bytes(), buf.Bytes())
oh = newOuterHeader(encryptedPacket, count, buf.Bytes())
if err := oh.write(wc, true); err != nil {
return "", err
}
count++
// continue HMAC calculation
if err := oh.write(mac, true); err != nil {
return "", err
}
// create HMAC header
oh = newOuterHeader(hmacPacket, count, nil)
oh.PLen = sha512.Size
if err := oh.write(mac, false); err != nil {
return "", err
}
oh.inner = mac.Sum(oh.inner)
log.Debugf("HMAC: %s", base64.Encode(oh.inner))
if err := oh.write(wc, true); err != nil {
return "", err
}
count++
// write output
wc.Close()
if out.Len() != EncodedMsgSize {
return "", log.Errorf("out.Len() = %d != %d = EncodedMsgSize)",
out.Len(), EncodedMsgSize)
}
if _, err := io.Copy(args.Writer, &out); err != nil {
return "", log.Error(err)
}
// delete message key
err = args.KeyStore.DelMessageKey(sessionKey, true, ss.SenderMessageCount)
if err != nil {
return "", err
}
// increase SenderMessageCount
ss.SenderMessageCount++
err = args.KeyStore.SetSessionState(sessionStateKey, ss)
if err != nil {
return "", err
}
return
}