Create Cross-signing keys when required

This should be almost entirely in libquotient, but that's not prepared to actually use user-interactive authentication...
2024-05-27 20:09:53 +02:00
parent 9a4a70178e
commit 94e650f7ad
5 changed files with 137 additions and 0 deletions
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -282,6 +282,7 @@ qt_add_qml_module(neochat URI org.kde.neochat NO_PLUGIN
        qml/ConsentDialog.qml
        qml/AskDirectChatConfirmation.qml
        qml/HoverLinkIndicator.qml
        qml/CrossSigningSetupDialog.qml
    DEPENDENCIES
        QtCore
        QtQuick
--- a/src/neochatconnection.cpp
+++ b/src/neochatconnection.cpp
@@ -16,10 +16,14 @@
 #include "spacehierarchycache.h"
 #include <Quotient/connection.h>
 #include <Quotient/csapi/cross_signing.h>
 #include <Quotient/e2ee/cryptoutils.h>
 #include <Quotient/jobs/basejob.h>
 #include <Quotient/quotient_common.h>
 #include <qt6keychain/keychain.h>
 #include <olm/pk.h>
 #include <KLocalizedString>
 #include <Quotient/csapi/content-repo.h>
@@ -538,4 +542,95 @@ LinkPreviewer *NeoChatConnection::previewerForLink(const QUrl &link)
    return previewer;
 }
 void NeoChatConnection::setupCrossSigningKeys(const QString &password)
 {
    auto masterKeyPrivate = getRandom<32>();
    auto masterKeyContext = makeCStruct(olm_pk_signing, olm_pk_signing_size, olm_clear_pk_signing);
    QByteArray masterKeyPublic(olm_pk_signing_public_key_length(), 0);
    olm_pk_signing_key_from_seed(masterKeyContext.get(),
                                 masterKeyPublic.data(),
                                 masterKeyPublic.length(),
                                 masterKeyPrivate.data(),
                                 masterKeyPrivate.viewAsByteArray().length());
    auto selfSigningKeyPrivate = getRandom<32>();
    auto selfSigningKeyContext = makeCStruct(olm_pk_signing, olm_pk_signing_size, olm_clear_pk_signing);
    QByteArray selfSigningKeyPublic(olm_pk_signing_public_key_length(), 0);
    olm_pk_signing_key_from_seed(selfSigningKeyContext.get(),
                                 selfSigningKeyPublic.data(),
                                 selfSigningKeyPublic.length(),
                                 selfSigningKeyPrivate.data(),
                                 selfSigningKeyPrivate.viewAsByteArray().length());
    auto userSigningKeyPrivate = getRandom<32>();
    auto userSigningKeyContext = makeCStruct(olm_pk_signing, olm_pk_signing_size, olm_clear_pk_signing);
    QByteArray userSigningKeyPublic(olm_pk_signing_public_key_length(), 0);
    olm_pk_signing_key_from_seed(userSigningKeyContext.get(),
                                 userSigningKeyPublic.data(),
                                 userSigningKeyPublic.length(),
                                 userSigningKeyPrivate.data(),
                                 userSigningKeyPrivate.viewAsByteArray().length());
    database()->storeEncrypted("m.cross_signing.master"_ls, masterKeyPrivate.viewAsByteArray());
    database()->storeEncrypted("m.cross_signing.self_signing"_ls, selfSigningKeyPrivate.viewAsByteArray());
    database()->storeEncrypted("m.cross_signing.user_signing"_ls, userSigningKeyPrivate.viewAsByteArray());
    auto masterKey = CrossSigningKey{
        .userId = userId(),
        .usage = {"master"_ls},
        .keys = {{"ed25519:"_ls + QString::fromLatin1(masterKeyPublic), QString::fromLatin1(masterKeyPublic)}},
        .signatures = {},
    };
    auto selfSigningKey = CrossSigningKey{
        .userId = userId(),
        .usage = {"self_signing"_ls},
        .keys = {{"ed25519:"_ls + QString::fromLatin1(selfSigningKeyPublic), QString::fromLatin1(selfSigningKeyPublic)}},
    };
    auto userSigningKey = CrossSigningKey{
        .userId = userId(),
        .usage = {"user_signing"_ls},
        .keys = {{"ed25519:"_ls + QString::fromLatin1(userSigningKeyPublic), QString::fromLatin1(userSigningKeyPublic)}},
    };
    auto selfSigningKeyJson = toJson(selfSigningKey);
    selfSigningKeyJson.remove("signatures"_ls);
    selfSigningKey.signatures = QJsonObject{
        {userId(),
         QJsonObject{{"ed25519:"_ls + QString::fromLatin1(masterKeyPublic),
                      QString::fromLatin1(sign(masterKeyPrivate.viewAsByteArray(), QJsonDocument(selfSigningKeyJson).toJson(QJsonDocument::Compact)))}}}};
    auto userSigningKeyJson = toJson(userSigningKey);
    userSigningKeyJson.remove("signatures"_ls);
    userSigningKey.signatures = QJsonObject{
        {userId(),
         QJsonObject{{"ed25519:"_ls + QString::fromLatin1(masterKeyPublic),
                      QString::fromLatin1(sign(masterKeyPrivate.viewAsByteArray(), QJsonDocument(userSigningKeyJson).toJson(QJsonDocument::Compact)))}}}};
    auto job = callApi<UploadCrossSigningKeysJob>(masterKey, selfSigningKey, userSigningKey, std::nullopt);
    connect(job, &BaseJob::failure, this, [this, masterKey, selfSigningKey, userSigningKey, password](const auto &job) {
        callApi<UploadCrossSigningKeysJob>(masterKey,
                                           selfSigningKey,
                                           userSigningKey,
                                           AuthenticationData{
                                               .type = "m.login.password"_ls,
                                               .session = job->jsonData()["session"_ls].toString(),
                                               .authInfo =
                                                   QVariantHash{
                                                       {"password"_ls, password},
                                                       {"identifier"_ls,
                                                        QJsonObject{
                                                            {"type"_ls, "m.id.user"_ls},
                                                            {"user"_ls, userId()},
                                                        }},
                                                   },
                                           })
            .then([](const auto &job) {
                // TODO mark key as verified
                // TODO store keys in accountdata
                qWarning() << "finished uploading cs keys" << job->jsonData() << job->errorString();
            });
    });
 }
 #include "moc_neochatconnection.cpp"
--- a/src/neochatconnection.h
+++ b/src/neochatconnection.h
@@ -184,6 +184,8 @@ public:
    LinkPreviewer *previewerForLink(const QUrl &link);
    Q_INVOKABLE void setupCrossSigningKeys(const QString &password);
 Q_SIGNALS:
    void labelChanged();
    void identityServerChanged();
--- a/src/qml/CrossSigningSetupDialog.qml
+++ b/src/qml/CrossSigningSetupDialog.qml
@@ -0,0 +1,33 @@
 // SPDX-FileCopyrightText: 2024 Tobias Fella <tobias.fella@kde.org>
 // SPDX-License-Identifier: GPL-2.0-or-later
 import QtQuick
 import QtQuick.Controls as QQC2
 import org.kde.kirigami as Kirigami
 import org.kde.neochat
 Kirigami.PromptDialog {
    id: root
    required property NeoChatConnection connection
    title: i18nc("@title:dialog", "Setup Encryption Keys")
    dialogType: Kirigami.PromptDialog.Information
    onRejected: {
        root.close();
    }
    footer: QQC2.DialogButtonBox {
        standardButtons: QQC2.Dialog.Cancel
        QQC2.Button {
            text: i18nc("@action:button", "Setup Keys")
            QQC2.DialogButtonBox.buttonRole: QQC2.DialogButtonBox.AcceptRole
            onClicked: {
                root.connection.setupCrossSigningKeys("password123");
            }
        }
    }
 }
--- a/src/qml/Main.qml
+++ b/src/qml/Main.qml
@@ -309,6 +309,12 @@ Kirigami.ApplicationWindow {
                url: url
            }).open();
        }
        function onCrossSigningSetupRequired() {
            Qt.createComponent("org.kde.neochat", "CrossSigningSetupDialog").createObject(this, {
                connection: root.connection
            }).open();
        }
    }
    HoverLinkIndicator {