axolotl

package
v1.1.24 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 26, 2024 License: GPL-3.0 Imports: 15 Imported by: 0

Documentation

Overview

Package axolotl implements the Axolotl ratchet as used by TextSecure protocol version 3.

Index

Constants

This section is empty.

Variables

View Source 
var ErrIncompletePreKeyWhisperMessage = errors.New("incomplete PreKeyWhisperMessage")

ErrIncompletePreKeyWhisperMessage is returned when an incomplete PreKeyWhisperMessage is received.

View Source 
var ErrIncompleteWhisperMessage = errors.New("incomplete WhisperMessage")

ErrIncompleteWhisperMessage is returned when an incomplete WhisperMessage is received.

View Source 
var ErrInvalidMACForWhisperMessage = errors.New("invalid MAC for WhisperMessage")

ErrInvalidMACForWhisperMessage signals a message with invalid MAC.

View Source 
var ErrUninitializedSession = errors.New("uninitialized session")

ErrUninitializedSession occurs when there is no session matching the incoming message.

Functions

func CalculateAgreement 

func CalculateAgreement(result, theirPub, ourPriv *[32]byte)

CalculateAgreement

func ComputeTruncatedMAC 

func ComputeTruncatedMAC(msg, key []byte, size int) []byte

ComputeTruncatedMAC computes a HMAC-SHA256 MAC and returns its prefix of a given size.

func Decrypt 

func Decrypt(key, ciphertext []byte) ([]byte, error)

Decrypt returns the AES-CBC decryption of a ciphertext under a given key.

func DeriveSecrets 

func DeriveSecrets(inputKeyMaterial, salt, info []byte, size int) ([]byte, error)

DeriveSecrets derives the requested number of bytes using HKDF, given the inputKeyMaterial, salt and the info

func Encrypt 

func Encrypt(key, iv, plaintext []byte) ([]byte, error)

Encrypt returns the AES-CBC encryption of a plaintext under a given key.

func ValidTruncMAC 

func ValidTruncMAC(msg, expectedMAC, key []byte) bool

ValidTruncMAC checks whether a message is correctly authenticated using HMAC-SHA256.

Types

type DuplicateMessageError 

type DuplicateMessageError struct {
	// contains filtered or unexported fields
}

DuplicateMessageError indicates that we have received the same message more than once.

func (DuplicateMessageError) Error 

func (err DuplicateMessageError) Error() string

type ECKeyPair 

type ECKeyPair struct {
	PrivateKey ECPrivateKey
	PublicKey  ECPublicKey
}

ECKeyPair represents a public and private key pair.

func MakeECKeyPair 

func MakeECKeyPair(privateKey, publicKey []byte) *ECKeyPair

MakeECKeyPair creates a key pair.

func NewECKeyPair 

func NewECKeyPair() *ECKeyPair

NewECKeyPair creates a key pair

func (*ECKeyPair) String 

func (kp *ECKeyPair) String() string

type ECPrivateKey 

type ECPrivateKey struct {
	// contains filtered or unexported fields
}

ECPrivateKey represents a 256 bit Curve25519 private key.

func NewECPrivateKey 

func NewECPrivateKey(b []byte) *ECPrivateKey

NewECPrivateKey initializes a private key with the given value.

func (*ECPrivateKey) Key 

func (k *ECPrivateKey) Key() *[32]byte

Key returns the value of the private key.

type ECPublicKey 

type ECPublicKey struct {
	// contains filtered or unexported fields
}

ECPublicKey represents a 256 bit Curve25519 public key.

func NewECPublicKey 

func NewECPublicKey(b []byte) *ECPublicKey

NewECPublicKey initializes a public key with the given value.

func (ECPublicKey) GetKey 

func (pk ECPublicKey) GetKey() [32]byte

func (*ECPublicKey) Key 

func (k *ECPublicKey) Key() *[32]byte

Key returns the value of the public key.

func (*ECPublicKey) Serialize 

func (k *ECPublicKey) Serialize() []byte

Serialize returns the public key prepended by the byte value 5, as used in the TextSecure network protocol.

type IdentityKey 

type IdentityKey struct {
	ECPublicKey
}

IdentityKey represents a Curve25519 public key used as a public identity.

func NewIdentityKey 

func NewIdentityKey(b []byte) *IdentityKey

NewIdentityKey initializes an identity key to a given value.

type IdentityKeyPair 

type IdentityKeyPair struct {
	PrivateKey ECPrivateKey
	PublicKey  IdentityKey
}

IdentityKeyPair is a pair of private and public identity keys.

func GenerateIdentityKeyPair 

func GenerateIdentityKeyPair() *IdentityKeyPair

GenerateIdentityKeyPair is called once at install time to generate the local identity keypair, which will be valid until a reinstallation.

func NewIdentityKeyPairFromKeys 

func NewIdentityKeyPairFromKeys(priv, pub []byte) *IdentityKeyPair

NewIdentityKeyPairFromKeys initializes an identity key pair.

type IdentityStore 

type IdentityStore interface {
	GetIdentityKeyPair() (*IdentityKeyPair, error)
	GetLocalRegistrationID() (uint32, error)
	SaveIdentity(string, *IdentityKey) error
	IsTrustedIdentity(string, *IdentityKey) bool
}

IdentityStore provides an interface to identity information.

type InvalidMessageError 

type InvalidMessageError struct {
	// contains filtered or unexported fields
}

InvalidMessageError represents various error states

func (InvalidMessageError) Error 

func (err InvalidMessageError) Error() string

type InvalidSignatureError 

type InvalidSignatureError struct {
	// contains filtered or unexported fields
}

InvalidSignatureError represents the error situation where the verification of the sender identity fails.

func (InvalidSignatureError) Error 

func (err InvalidSignatureError) Error() string

type MismatchedVersionError 

type MismatchedVersionError struct {
	// contains filtered or unexported fields
}

MismatchedVersionError represents the error situation where the peer is using a different protocol version.

func (MismatchedVersionError) Error 

func (err MismatchedVersionError) Error() string

type NotTrustedError 

type NotTrustedError struct {
	ID string
}

NotTrustedError represents the error situation where the peer is using a different identity key than expected.

func (NotTrustedError) Error 

func (err NotTrustedError) Error() string

type PreKeyBundle 

type PreKeyBundle struct {
	RegistrationID uint32
	DeviceID       uint32

	PreKeyID     uint32
	PreKeyPublic *ECPublicKey

	SignedPreKeyID        int32
	SignedPreKeyPublic    *ECPublicKey
	SignedPreKeySignature [64]byte

	IdentityKey *IdentityKey
}

PreKeyBundle contains the data required to initialize a sender session. It is constructed from PreKeys registered by the peer.

func NewPreKeyBundle 

func NewPreKeyBundle(registrationID, deviceID, preKeyID uint32, preKey *ECPublicKey,
	signedPreKeyID int32, signedPreKey *ECPublicKey, signature []byte,
	identityKey *IdentityKey) (*PreKeyBundle, error)

NewPreKeyBundle creates a PreKeyBundle structure with the given fields.

type PreKeyNotFoundError 

type PreKeyNotFoundError struct {
	// contains filtered or unexported fields
}

PreKeyNotFoundError represents the error situation when a local prekey cannot be loaded.

func (PreKeyNotFoundError) Error 

func (err PreKeyNotFoundError) Error() string

type PreKeyRecord 

type PreKeyRecord struct {
	Pkrs *protobuf.PreKeyRecordStructure
}

PreKeyRecord represents a prekey, and is simply wrapper around the corresponding protobuf struct

func GenerateLastResortPreKey 

func GenerateLastResortPreKey() *PreKeyRecord

GenerateLastResortPreKey creates the last resort PreKey. Clients should do this only once, at install time, and durably store it for the length of the install.

func GeneratePreKeys 

func GeneratePreKeys(start, count int) []*PreKeyRecord

GeneratePreKeys creates a list of PreKeys. Clients should do this at install time, and subsequently any time the list of PreKeys stored on the server runs low.

func LoadPreKeyRecord 

func LoadPreKeyRecord(serialized []byte) (*PreKeyRecord, error)

LoadPreKeyRecord creates a PreKeyRecord instance from a serialized bytestream

func NewPreKeyRecord 

func NewPreKeyRecord(id uint32, kp *ECKeyPair) *PreKeyRecord

NewPreKeyRecord creates a new PreKeyRecord instance

func (*PreKeyRecord) Serialize 

func (record *PreKeyRecord) Serialize() ([]byte, error)

Serialize marshals the prekey into a protobuf.

type PreKeyStore 

type PreKeyStore interface {
	LoadPreKey(uint32) (*PreKeyRecord, error)
	StorePreKey(uint32, *PreKeyRecord) error
	ContainsPreKey(uint32) bool
	RemovePreKey(uint32)
}

PreKeyStore provides an interface to accessing the local prekeys.

type PreKeyWhisperMessage 

type PreKeyWhisperMessage struct {
	Version        byte
	RegistrationID uint32
	PreKeyID       uint32
	SignedPreKeyID uint32
	BaseKey        *ECPublicKey
	IdentityKey    *IdentityKey
	Message        *WhisperMessage
	// contains filtered or unexported fields
}

PreKeyWhisperMessage represents a WhisperMessage and additional prekey metadata used for the initial handshake in a conversation.

func LoadPreKeyWhisperMessage 

func LoadPreKeyWhisperMessage(serialized []byte) (*PreKeyWhisperMessage, error)

LoadPreKeyWhisperMessage creates a PreKeyWhisperMessage from serialized bytes.

type SessionBuilder 

type SessionBuilder struct {
	// contains filtered or unexported fields
}

SessionBuilder takes care of creating the sessions.

func NewSessionBuilder 

func NewSessionBuilder(identityStore IdentityStore, preKeyStore PreKeyStore, signedPreKeyStore SignedPreKeyStore, sessionStore SessionStore, recipientID string, deviceID uint32) *SessionBuilder

NewSessionBuilder creates a new session builder object.

func (*SessionBuilder) BuildReceiverSession 

func (sb *SessionBuilder) BuildReceiverSession(sr *SessionRecord, pkwm *PreKeyWhisperMessage) (uint32, error)

BuildReceiverSession creates a new session from a received PreKeyWhisperMessage.

func (*SessionBuilder) BuildSenderSession 

func (sb *SessionBuilder) BuildSenderSession(pkb *PreKeyBundle) error

BuildSenderSession creates a new session from a PreKeyBundle

type SessionCipher 

type SessionCipher struct {
	RecipientID  string
	DeviceID     uint32
	SessionStore SessionStore
	PreKeyStore  PreKeyStore
	Builder      *SessionBuilder
}

SessionCipher represents a peer and its persistent stored session.

func NewSessionCipher 

func NewSessionCipher(identityStore IdentityStore, preKeyStore PreKeyStore, signedPreKeyStore SignedPreKeyStore, sessionStore SessionStore, recipientID string, deviceID uint32) *SessionCipher

NewSessionCipher creates a new session cipher.

func (*SessionCipher) GetRemoteRegistrationID 

func (sc *SessionCipher) GetRemoteRegistrationID() (uint32, error)

GetRemoteRegistrationID returns the registration ID of the peer.

func (*SessionCipher) SessionDecryptPreKeyWhisperMessage 

func (sc *SessionCipher) SessionDecryptPreKeyWhisperMessage(ciphertext *PreKeyWhisperMessage) ([]byte, error)

SessionDecryptPreKeyWhisperMessage decrypts an incoming message.

func (*SessionCipher) SessionDecryptWhisperMessage 

func (sc *SessionCipher) SessionDecryptWhisperMessage(ciphertext *WhisperMessage) ([]byte, error)

SessionDecryptWhisperMessage decrypts an incoming message.

func (*SessionCipher) SessionEncryptMessage 

func (sc *SessionCipher) SessionEncryptMessage(plaintext []byte) ([]byte, int32, error)

SessionEncryptMessage encrypts a given plaintext in a WhisperMessage or a PreKeyWhisperMessage, depending on whether there a session with the peer exists or needs to be established.

type SessionRecord 

type SessionRecord struct {
	PreviousStates []*sessionState
	Fresh          bool
	// contains filtered or unexported fields
}

SessionRecord represents a session in persistent store.

func LoadSessionRecord 

func LoadSessionRecord(serialized []byte) (*SessionRecord, error)

LoadSessionRecord creates a SessionRecord object from serialized byte, error) {

func NewSessionRecord 

func NewSessionRecord() *SessionRecord

NewSessionRecord creates a new SessionRecord object.

func (*SessionRecord) Serialize 

func (record *SessionRecord) Serialize() ([]byte, error)

Serialize saves the state of a SessionRecord object to a byte stream.

type SessionStore 

type SessionStore interface {
	Lock()
	Unlock()
	LoadSession(string, uint32) (*SessionRecord, error)
	GetSubDeviceSessions(string) []uint32
	StoreSession(string, uint32, *SessionRecord) error
	ContainsSession(string, uint32) bool
	DeleteSession(string, uint32)
	DeleteAllSessions(string)
}

SessionStore provides an interface to accessing the local session records.

type SignedPreKeyRecord 

type SignedPreKeyRecord struct {
	Spkrs *protobuf.SignedPreKeyRecordStructure
}

SignedPreKeyRecord represents a prekey, and is simply wrapper around the corresponding protobuf struct

func LoadSignedPreKeyRecord 

func LoadSignedPreKeyRecord(serialized []byte) (*SignedPreKeyRecord, error)

LoadSignedPreKeyRecord creates a SignedPreKeyRecord instance from a serialized bytestream

func NewSignedPreKeyRecord 

func NewSignedPreKeyRecord(id uint32, timestamp uint64, kp *ECKeyPair, signature []byte) *SignedPreKeyRecord

NewSignedPreKeyRecord creates a new SignedPreKeyRecord instance

func (*SignedPreKeyRecord) Serialize 

func (record *SignedPreKeyRecord) Serialize() ([]byte, error)

Serialize marshals the signed prekey into a protobuf.

type SignedPreKeyStore 

type SignedPreKeyStore interface {
	LoadSignedPreKey(uint32) (*SignedPreKeyRecord, error)
	LoadSignedPreKeys() []SignedPreKeyRecord
	StoreSignedPreKey(uint32, *SignedPreKeyRecord) error
	ContainsSignedPreKey(uint32) bool
	RemoveSignedPreKey(uint32)
}

SignedPreKeyStore provides an interface to accessing the local signed prekeys.

type UnsupportedVersionError 

type UnsupportedVersionError struct {
	// contains filtered or unexported fields
}

UnsupportedVersionError represents the error situation where the peer is using an unsupported protocol version.

func (UnsupportedVersionError) Error 

func (err UnsupportedVersionError) Error() string

type WhisperMessage 

type WhisperMessage struct {
	Version         byte
	RatchetKey      *ECPublicKey
	Counter         uint32
	PreviousCounter uint32
	Ciphertext      []byte
	// contains filtered or unexported fields
}

WhisperMessage represents the encrypted message format used in TextSecure.

func LoadWhisperMessage 

func LoadWhisperMessage(serialized []byte) (*WhisperMessage, error)

LoadWhisperMessage creates a WhisperMessage from serialized bytes.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.