ESCA111/neochat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Work

Browse Source
This commit is contained in:
Tobias Fella
2024-06-21 21:57:26 +02:00
parent 7ae553b2c3
commit eda2881d6e
1 changed files with 118 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

183
src/neochatconnection.cpp
View File

@@ -608,81 +608,134 @@ void NeoChatConnection::setupCrossSigningKeys(const QString &password)
QString::fromLatin1(sign(masterKeyPrivate.viewAsByteArray(), QJsonDocument(userSigningKeyJson).toJson(QJsonDocument::Compact)))}}}}; QString::fromLatin1(sign(masterKeyPrivate.viewAsByteArray(), QJsonDocument(userSigningKeyJson).toJson(QJsonDocument::Compact)))}}}};
auto job = callApi<UploadCrossSigningKeysJob>(masterKey, selfSigningKey, userSigningKey, std::nullopt); auto job = callApi<UploadCrossSigningKeysJob>(masterKey, selfSigningKey, userSigningKey, std::nullopt);
connect(job, &BaseJob::failure, this, [this, masterKey, selfSigningKey, userSigningKey, password](const auto &job) {
callApi<UploadCrossSigningKeysJob>(masterKey,
selfSigningKey,
userSigningKey,
AuthenticationData{
.type = "m.login.password"_ls,
.session = job->jsonData()["session"_ls].toString(),
.authInfo =
QVariantHash{
{"password"_ls, password},
{"identifier"_ls,
QJsonObject{
{"type"_ls, "m.id.user"_ls},
{"user"_ls, userId()},
}},
},
}) auto encodedMasterKeyPrivate = viewAsByteArray(masterKeyPrivate).toBase64();
.then([this](const auto &job) { auto encodedSelfSigningKeyPrivate = viewAsByteArray(selfSigningKeyPrivate).toBase64();
auto key = getRandom(32); auto encodedUserSigningKeyPrivate = viewAsByteArray(userSigningKeyPrivate).toBase64();
QByteArray data = QByteArrayLiteral("\x8B\x01") + viewAsByteArray(key);
data.append(std::accumulate(data.cbegin(), data.cend(), uint8_t{0}, std::bit_xor<>()));
data = base58Encode(data);
QList<QString> groups;
for (auto i = 0; i < data.size() / 4; i++) {
groups += QString::fromLatin1(data.mid(i * 4, i * 4 + 4));
}
auto formatted = groups.join(QStringLiteral(" "));
auto iv = getRandom(16); connect(job,
data[8] &= ~(1 << 7); // Byte 63 needs to be set to 0 &BaseJob::failure,
this,
[this, masterKey, selfSigningKey, userSigningKey, password, encodedMasterKeyPrivate, encodedSelfSigningKeyPrivate, encodedUserSigningKeyPrivate](
const auto &job) {
callApi<UploadCrossSigningKeysJob>(masterKey,
selfSigningKey,
userSigningKey,
AuthenticationData{
.type = "m.login.password"_ls,
.session = job->jsonData()["session"_ls].toString(),
.authInfo =
QVariantHash{
{"password"_ls, password},
{"identifier"_ls,
QJsonObject{
{"type"_ls, "m.id.user"_ls},
{"user"_ls, userId()},
}},
},
const auto &testKeys = hkdfSha256(byte_view_t<>(key).subspan<0, DefaultPbkdf2KeyLength>(), zeroes<32>(), {}); })
if (!testKeys.has_value()) { .then([this, encodedMasterKeyPrivate, encodedSelfSigningKeyPrivate, encodedUserSigningKeyPrivate](const auto &job) {
qWarning() << "SSSS: Failed to calculate HKDF"; // TODO: check job result?
// Q_EMIT error(DecryptionError); Q_UNUSED(job);
return; auto key = getRandom(32);
} QByteArray data = QByteArrayLiteral("\x8B\x01") + viewAsByteArray(key);
const auto &encrypted = aesCtr256Encrypt(zeroedByteArray(), testKeys.value().aes(), asCBytes<AesBlockSize>(iv)); data[8] &= ~(1 << 7); // Byte 63 needs to be set to 0
if (!encrypted.has_value()) { data.append(std::accumulate(data.cbegin(), data.cend(), uint8_t{0}, std::bit_xor<>()));
qWarning() << "SSSS: Failed to encrypt test keys"; data = base58Encode(data);
// emit error(DecryptionError); QList<QString> groups;
return; for (auto i = 0; i < data.size() / 4; i++) {
} groups += QString::fromLatin1(data.mid(i * 4, i * 4 + 4));
const auto &result = hmacSha256(testKeys.value().mac(), encrypted.value()); }
if (!result.has_value()) {
qWarning() << "SSSS: Failed to calculate HMAC";
// emit error(DecryptionError);
return;
}
auto mac = result.value(); // The key to be shown to the user
auto formatted = groups.join(QStringLiteral(" "));
auto identifier = QString::fromLatin1(QCryptographicHash::hash(QUuid::createUuid().toString().toLatin1(), QCryptographicHash::Sha256));
auto identifier = QString::fromLatin1(QCryptographicHash::hash(QUuid::createUuid().toString().toLatin1(), QCryptographicHash::Sha256)); setAccountData("m.secret_storage.default_key"_ls,
{
{"key"_ls, identifier},
});
setAccountData(QStringLiteral("m.secret_storage.key.%1").arg(identifier), struct EncryptionData {
{ QString ciphertext;
{"algorithm"_ls, "m.secret_storage.v1.aes-hmac-sha2"_ls}, QString iv;
{"iv"_ls, QString::fromLatin1(iv.toBase64())}, QString mac;
{"mac"_ls, QString::fromLatin1(mac.toBase64())}, };
});
setAccountData(QStringLiteral("m.secret_storage.default_key"),
{
{"key"_ls, identifier},
});
// TODO make sure masterKeyForUser already works at this point; auto encryptAccountData = [this, &key, identifier](QLatin1String info, const QByteArray &data) {
database()->setMasterKeyVerified(masterKeyForUser(userId())); auto iv = getRandom(16);
const auto &kdfKeys = hkdfSha256(byte_view_t<>(key).subspan<0, DefaultPbkdf2KeyLength>(), zeroes<32>(), asCBytes<>(info));
if (!kdfKeys.has_value()) {
qWarning() << "Key Setup: Failed to calculate HKDF" << info;
// Q_EMIT error(DecryptionError);
return EncryptionData{};
}
const auto &encrypted = aesCtr256Encrypt(data, kdfKeys.value().aes(), asCBytes<AesBlockSize>(iv));
if (!encrypted.has_value()) {
qWarning() << "Key Setup: Failed to encrypt test keys" << info;
// emit error(DecryptionError);
return EncryptionData{};
}
const auto &hmacResult = hmacSha256(kdfKeys.value().mac(), encrypted.value());
if (!hmacResult.has_value()) {
qWarning() << "Key Setup: Failed to calculate HMAC" << info;
// emit error(DecryptionError);
return EncryptionData{};
}
return EncryptionData{
.ciphertext = QString::fromLatin1(encrypted.value().toBase64()),
.iv = QString::fromLatin1(iv.viewAsByteArray()),
.mac = QString::fromLatin1(hmacResult.value().toBase64()),
};
};
// TODO store keys in accountdata auto testData = encryptAccountData({}, zeroedByteArray());
// TODO start a key backup and store in account data setAccountData("m.secret_storage.key.%1"_ls.arg(identifier),
{
{"algorithm"_ls, "m.secret_storage.v1.aes-hmac-sha2"_ls},
{"iv"_ls, testData.iv},
{"mac"_ls, testData.mac},
});
qWarning() << "finished uploading cs keys" << job->jsonData() << job->errorString(); auto masterData = encryptAccountData("m.cross_signing.master"_ls, encodedMasterKeyPrivate);
setAccountData("m.cross_signing.master"_ls,
{{"encrypted"_ls,
QJsonObject{{identifier,
QJsonObject{
{"iv"_ls, masterData.iv},
{"ciphertext"_ls, masterData.ciphertext},
{"mac"_ls, masterData.mac},
}}}}});
auto selfSigningData = encryptAccountData("m.cross_signing.self_signing"_ls, encodedSelfSigningKeyPrivate);
setAccountData("m.cross_signing.self_signing"_ls,
{{"encrypted"_ls,
QJsonObject{{identifier,
QJsonObject{
{"iv"_ls, selfSigningData.iv},
{"ciphertext"_ls, selfSigningData.ciphertext},
{"mac"_ls, selfSigningData.mac},
}}}}});
auto userSigningData = encryptAccountData("m.cross_signing.user_signing"_ls, encodedUserSigningKeyPrivate);
setAccountData("m.cross_signing.user_signing"_ls,
{{"encrypted"_ls,
QJsonObject{{identifier,
QJsonObject{
{"iv"_ls, userSigningData.iv},
{"ciphertext"_ls, userSigningData.ciphertext},
{"mac"_ls, userSigningData.mac},
}}}}});
// TODO make sure masterKeyForUser already works at this point;
database()->setMasterKeyVerified(masterKeyForUser(userId()));
// TODO start a key backup and store in account data
qWarning() << "Finished creating keys";
});
}); });
});
} }
#include "moc_neochatconnection.cpp" #include "moc_neochatconnection.cpp"