model

package
v0.8.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 2, 2021 License: MIT Imports: 23 Imported by: 10

Documentation

Index

Constants

View Source
const (
	InvalidEd25519PublicKey    = Error("InvalidEd25519PublicKey")
	InconsistentKeyBundleError = Error("InconsistentKeyBundleError")
)

Error definitions

View Source
const (

	// BundleType - the attribute under which the signed server bundle is stored...
	BundleType = KeyType("server_key_bundle")

	// KeyTypeServerOnion - a cwtch address
	KeyTypeServerOnion = KeyType("bulletin_board_onion") // bulletin board

	// KeyTypeTokenOnion - a cwtch peer with a PoW based token protocol
	KeyTypeTokenOnion = KeyType("token_service_onion")

	//KeyTypePrivacyPass - a privacy pass based token server
	KeyTypePrivacyPass = KeyType("privacy_pass_public_key")
)
View Source
const CurrentGroupVersion = 3

CurrentGroupVersion is used to set the version of newly created groups and make sure group structs stored are correct and up to date

View Source
const GroupInvitePrefix = "torv3"

GroupInvitePrefix identifies a particular string as being a serialized group invite.

View Source
const MaxGroupMessageLength = 1800

MaxGroupMessageLength is the maximum length of a message posted to a server group. TODO: Should this be per server?

View Source
const MessageBaseSize = 104

MessageBaseSize is a rough estimate of the base number of bytes the struct uses before strings are populated

Variables

This section is empty.

Functions

func GenerateRandomID added in v0.3.7

func GenerateRandomID() string

GenerateRandomID generates a random 16 byte hex id code

func ValidateInvite added in v0.8.0

func ValidateInvite(invite string) (*groups.GroupInvite, error)

ValidateInvite takes in a serialized invite and returns the invite structure if it is cryptographically valid and an error if it is not

Types

type Authorization added in v0.3.14

type Authorization string

Authorization is a type determining client assigned authorization to a peer

const (
	// AuthUnknown is an initial state for a new unseen peer
	AuthUnknown Authorization = "unknown"
	// AuthApproved means the client has approved the peer, it can send messages to us, perform GetVals, etc
	AuthApproved Authorization = "approved"
	// AuthBlocked means the client has blocked the peer, it's messages and connections should be rejected
	AuthBlocked Authorization = "blocked"
)

type Error added in v0.4.1

type Error string

Error models some common errors that need to be handled by applications that use Cwtch

func (Error) Error added in v0.4.1

func (e Error) Error() string

Error is the error interface

type Group

type Group struct {
	// GroupID is now derived from the GroupKey and the GroupServer
	GroupID       string
	GroupKey      [32]byte
	GroupServer   string
	Timeline      Timeline `json:"-"`
	Accepted      bool
	IsCompromised bool
	Attributes    map[string]string

	LocalID                string
	State                  string `json:"-"`
	UnacknowledgedMessages []Message
	Version                int
	// contains filtered or unexported fields
}

Group defines and encapsulates Cwtch's conception of group chat. Which are sessions tied to a server under a given group key. Each group has a set of Messages.

func NewGroup

func NewGroup(server string) (*Group, error)

NewGroup initializes a new group associated with a given CwtchServer

func (*Group) AddMessage

func (g *Group) AddMessage(message *groups.DecryptedGroupMessage, sig []byte) (*Message, bool)

AddMessage takes a DecryptedGroupMessage and adds it to the Groups Timeline

func (*Group) AddSentMessage

func (g *Group) AddSentMessage(message *groups.DecryptedGroupMessage, sig []byte) Message

AddSentMessage takes a DecryptedGroupMessage and adds it to the Groups Timeline

func (*Group) CheckGroup added in v0.8.0

func (g *Group) CheckGroup() bool

CheckGroup returns true only if the ID of the group is cryptographically valid.

func (*Group) Compromised

func (g *Group) Compromised()

Compromised should be called if we detect a groupkey leak

func (*Group) DecryptMessage

func (g *Group) DecryptMessage(ciphertext []byte) (bool, *groups.DecryptedGroupMessage)

DecryptMessage takes a ciphertext and returns true and the decrypted message if the cipher text can be successfully decrypted,else false.

func (*Group) EncryptMessage

func (g *Group) EncryptMessage(message *groups.DecryptedGroupMessage) ([]byte, error)

EncryptMessage takes a message and encrypts the message under the group key.

func (*Group) ErrorSentMessage added in v0.3.2

func (g *Group) ErrorSentMessage(sig []byte, error string) bool

ErrorSentMessage removes a sent message from the unacknowledged list and sets its error flag if found, otherwise returns false

func (*Group) GetAttribute

func (g *Group) GetAttribute(name string) (value string, exists bool)

GetAttribute returns the value of a value set with SetAttribute. If no such value has been set exists is set to false.

func (*Group) GetTimeline

func (g *Group) GetTimeline() (timeline []Message)

GetTimeline provides a safe copy of the timeline

func (*Group) Invite

func (g *Group) Invite() (string, error)

Invite generates a invitation that can be sent to a cwtch peer

func (*Group) SetAttribute

func (g *Group) SetAttribute(name string, value string)

SetAttribute allows applications to store arbitrary configuration info at the group level.

type Key added in v0.4.0

type Key string

Key provides a wrapper for a generic public key identifier (could be an onion address, a zcash address etc.)

type KeyBundle added in v0.4.0

type KeyBundle struct {
	Keys      map[KeyType]Key
	Signature []byte
}

KeyBundle manages a collection of related keys for various different services.

func DeserializeAndVerify added in v0.4.1

func DeserializeAndVerify(bundle []byte) (*KeyBundle, error)

DeserializeAndVerify takes in a json formatted bundle and only returns a valid key bundle if it has been signed by the server.

func NewKeyBundle added in v0.4.1

func NewKeyBundle() *KeyBundle

NewKeyBundle creates a new KeyBundle initialized with no keys.

func (*KeyBundle) AttributeBundle added in v0.4.0

func (kb *KeyBundle) AttributeBundle() map[string]string

AttributeBundle returns a map that can be used as part of a peer attribute bundle

func (*KeyBundle) GetKey added in v0.4.0

func (kb *KeyBundle) GetKey(keytype KeyType) (Key, error)

GetKey retrieves a key with a given type from the bundle

func (*KeyBundle) HasKeyType added in v0.4.0

func (kb *KeyBundle) HasKeyType(keytype KeyType) bool

HasKeyType returns true if the bundle has a public key of a given type.

func (KeyBundle) Serialize added in v0.4.1

func (kb KeyBundle) Serialize() []byte

Serialize produces a json encoded byte array.

func (*KeyBundle) Sign added in v0.4.1

func (kb *KeyBundle) Sign(identity primitives.Identity)

Sign allows a server to authenticate a key bundle by signing it (this uses the tapir identity interface)

type KeyType added in v0.4.0

type KeyType string

KeyType provides a wrapper for a generic public key type identifier (could be an onion address, a zcash address etc.)

type Message

type Message struct {
	Timestamp          time.Time
	Received           time.Time
	PeerID             string
	Message            string
	Signature          []byte
	PreviousMessageSig []byte
	ReceivedByServer   bool   // messages sent to a server
	Acknowledged       bool   // peer to peer
	Error              string `json:",omitempty"`
}

Message is a local representation of a given message sent over a group chat channel.

type Profile

type Profile struct {
	PublicProfile
	Contacts          map[string]*PublicProfile
	Ed25519PrivateKey ed25519.PrivateKey
	Groups            map[string]*Group
}

Profile encapsulates all the attributes necessary to be a Cwtch Peer.

func GenerateNewProfile

func GenerateNewProfile(name string) *Profile

GenerateNewProfile creates a new profile, with new encryption and signing keys, and a profile name.

func (*Profile) AcceptInvite

func (p *Profile) AcceptInvite(groupID string) (err error)

AcceptInvite accepts a group invite

func (*Profile) AckSentMessageToPeer added in v0.3.2

func (p *Profile) AckSentMessageToPeer(onion string, eventID string) int

AckSentMessageToPeer sets mesage to a peer as acknowledged

func (*Profile) AddContact

func (p *Profile) AddContact(onion string, profile *PublicProfile)

AddContact allows direct manipulation of cwtch contacts

func (*Profile) AddGroup

func (p *Profile) AddGroup(group *Group)

AddGroup is a convenience method for adding a group to a profile.

func (*Profile) AddGroupSentMessageError added in v0.3.2

func (p *Profile) AddGroupSentMessageError(groupID string, signature []byte, error string)

AddGroupSentMessageError searches matching groups for the message by sig and marks it as an error

func (*Profile) AddMessageToContactTimeline added in v0.3.2

func (p *Profile) AddMessageToContactTimeline(onion string, messageTxt string, sent time.Time) (message *Message)

AddMessageToContactTimeline allows the saving of a message sent via a direct connection chat to the profile.

func (*Profile) AddSentMessageToContactTimeline added in v0.3.2

func (p *Profile) AddSentMessageToContactTimeline(onion string, messageTxt string, sent time.Time, eventID string) *Message

AddSentMessageToContactTimeline allows the saving of a message sent via a direct connection chat to the profile.

func (*Profile) AttemptDecryption

func (p *Profile) AttemptDecryption(ciphertext []byte, signature []byte) (bool, string, *Message, bool)

AttemptDecryption takes a ciphertext and signature and attempts to decrypt it under known groups. If successful, adds the message to the group's timeline

func (*Profile) ContactsAuthorizations added in v0.3.14

func (p *Profile) ContactsAuthorizations(authorizationFilter ...Authorization) map[string]Authorization

ContactsAuthorizations calculates a list of Peers who are at the supplied auth levels

func (*Profile) DeleteContact

func (p *Profile) DeleteContact(onion string)

DeleteContact deletes a peer contact

func (*Profile) DeleteGroup

func (p *Profile) DeleteGroup(groupID string)

DeleteGroup deletes a group

func (*Profile) EncryptMessageToGroup

func (p *Profile) EncryptMessageToGroup(message string, groupID string) ([]byte, []byte, error)

EncryptMessageToGroup when given a message and a group, encrypts and signs the message under the group and profile

func (*Profile) ErrorSentMessageToPeer added in v0.3.2

func (p *Profile) ErrorSentMessageToPeer(onion string, eventID string, error string) int

ErrorSentMessageToPeer sets a sent message's error message and removes it from the unacknowledged list

func (*Profile) GetContact

func (p *Profile) GetContact(onion string) (*PublicProfile, bool)

GetContact returns a contact if the profile has it

func (*Profile) GetContactAuthorization added in v0.3.14

func (p *Profile) GetContactAuthorization(onion string) Authorization

GetContactAuthorization returns the contact's authorization level

func (*Profile) GetContacts

func (p *Profile) GetContacts() []string

GetContacts returns an unordered list of contact onions associated with this profile.

func (*Profile) GetCopy

func (p *Profile) GetCopy(timeline bool) *Profile

GetCopy returns a full deep copy of the Profile struct and its members (timeline inclusion control by arg)

func (*Profile) GetGroup added in v0.3.3

func (p *Profile) GetGroup(groupID string) (g *Group)

GetGroup a pointer to a Group by the group Id, returns nil if no group found.

func (*Profile) GetGroups

func (p *Profile) GetGroups() []string

GetGroups returns an unordered list of group IDs associated with this profile.

func (*Profile) ProcessInvite

func (p *Profile) ProcessInvite(invite string) (string, error)

ProcessInvite validates a group invite and adds a new group invite to the profile if it is valid. returns the new group ID on success, error on fail.

func (*Profile) RejectInvite

func (p *Profile) RejectInvite(groupID string)

RejectInvite rejects and removes a group invite

func (*Profile) SetContactAuthorization added in v0.3.14

func (p *Profile) SetContactAuthorization(onion string, auth Authorization) (err error)

SetContactAuthorization sets the authoirization level of a peer

func (*Profile) SignMessage

func (p *Profile) SignMessage(message string) []byte

SignMessage takes a given message and returns an Ed21159 signature

func (*Profile) StartGroup

func (p *Profile) StartGroup(server string) (groupID string, invite string, err error)

StartGroup when given a server, creates a new Group under this profile and returns the group id an a precomputed invite which can be sent on the wire.

func (*Profile) VerifyGroupMessage

func (p *Profile) VerifyGroupMessage(onion string, groupID string, ciphertext []byte, signature []byte) bool

VerifyGroupMessage confirms the authenticity of a message given an sender onion, ciphertext and signature. The goal of this function is 2-fold:

  1. We confirm that the sender referenced in the group text is the actual sender of the message (or at least knows the senders private key)
  2. Secondly, we confirm that the sender sent the message to a particular group id on a specific server (it doesn't matter if we actually received this message from the server or from a hybrid protocol, all that matters is that the sender and receivers agree that this message was intended for the group

The 2nd point is important as it prevents an attack documented in the original Cwtch paper (and later at https://docs.openprivacy.ca/cwtch-security-handbook/groups.html) in which a malicious profile sets up 2 groups on two different servers with the same key and then forwards messages between them to convince the parties in each group that they are actually in one big group (with the intent to later censor and/or selectively send messages to each group).

type PublicProfile

type PublicProfile struct {
	Name              string
	Ed25519PublicKey  ed25519.PublicKey
	Authorization     Authorization
	DeprecatedBlocked bool `json:"Blocked"`
	Onion             string
	Attributes        map[string]string
	Timeline          Timeline `json:"-"`
	LocalID           string   // used by storage engine
	State             string   `json:"-"`

	UnacknowledgedMessages map[string]int
	// contains filtered or unexported fields
}

PublicProfile is a local copy of a CwtchIdentity

func (*PublicProfile) GetAttribute

func (p *PublicProfile) GetAttribute(name string) (value string, exists bool)

GetAttribute returns the value of a value set with SetCustomAttribute. If no such value has been set exists is set to false.

func (*PublicProfile) IsServer added in v0.4.0

func (p *PublicProfile) IsServer() (isServer bool)

IsServer returns true if the profile is associated with a server.

func (*PublicProfile) SetAttribute

func (p *PublicProfile) SetAttribute(name string, value string)

SetAttribute allows applications to store arbitrary configuration info at the profile level.

type Timeline

type Timeline struct {
	Messages      []Message
	SignedGroupID []byte
	// contains filtered or unexported fields
}

Timeline encapsulates a collection of ordered Messages, and a mechanism to access them in a threadsafe manner.

func (*Timeline) GetCopy

func (t *Timeline) GetCopy() *Timeline

GetCopy returns a duplicate of the Timeline

func (*Timeline) GetMessages

func (t *Timeline) GetMessages() []Message

GetMessages returns a copy of the entire timeline

func (*Timeline) Insert

func (t *Timeline) Insert(mi *Message) bool

Insert inserts a message into the timeline in a thread safe way.

func (*Timeline) Len

func (t *Timeline) Len() int

Len gets the length of the timeline

func (*Timeline) Less

func (t *Timeline) Less(i, j int) bool

Less checks 2 Messages (i and j) in the timeline and returns true if i occurred before j, else false

func (*Timeline) SetMessages

func (t *Timeline) SetMessages(messages []Message)

SetMessages sets the Messages of this timeline. Only to be used in loading/initialization

func (*Timeline) Sort

func (t *Timeline) Sort()

Sort sorts the timeline in a canonical order.

func (*Timeline) Swap

func (t *Timeline) Swap(i, j int)

Swap swaps 2 Messages on the timeline.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL