Documentation ¶
Index ¶
- Constants
- Variables
- func ExtractIdentity(bundle *protobuf.Bundle) (*ecdsa.PublicKey, error)
- func NewBundleContainer(identity *ecdsa.PrivateKey, installationID string) (*protobuf.BundleContainer, error)
- func PerformActiveDH(publicKey *ecdsa.PublicKey) ([]byte, *ecdsa.PublicKey, error)
- func PerformActiveX3DH(identity []byte, signedPreKey []byte, prv *ecdsa.PrivateKey) ([]byte, *ecdsa.PublicKey, error)
- func PerformDH(privateKey *ecies.PrivateKey, publicKey *ecies.PublicKey) ([]byte, error)
- func PerformPassiveX3DH(theirIdentityKey *ecdsa.PublicKey, mySignedPreKey *ecdsa.PrivateKey, ...) ([]byte, error)
- func SignBundle(identity *ecdsa.PrivateKey, bundleContainer *protobuf.BundleContainer) error
- func VerifyBundle(bundle *protobuf.Bundle) error
- type ConfirmationData
- type EncryptionService
- func (s *EncryptionService) ConfirmMessagesProcessed(messageIDs [][]byte) error
- func (s *EncryptionService) CreateBundle(privateKey *ecdsa.PrivateKey, installations []*multidevice.Installation) (*protobuf.Bundle, error)
- func (s *EncryptionService) DecryptPayload(myIdentityKey *ecdsa.PrivateKey, theirIdentityKey *ecdsa.PublicKey, ...) ([]byte, error)
- func (s *EncryptionService) DecryptWithDH(myIdentityKey *ecdsa.PrivateKey, theirEphemeralKey *ecdsa.PublicKey, ...) ([]byte, error)
- func (s *EncryptionService) EncryptPayload(theirIdentityKey *ecdsa.PublicKey, myIdentityKey *ecdsa.PrivateKey, ...) (map[string]*protobuf.DirectMessageProtocol, []*multidevice.Installation, error)
- func (s *EncryptionService) EncryptPayloadWithDH(theirIdentityKey *ecdsa.PublicKey, payload []byte) (map[string]*protobuf.DirectMessageProtocol, error)
- func (s *EncryptionService) GetPublicBundle(theirIdentityKey *ecdsa.PublicKey, installations []*multidevice.Installation) (*protobuf.Bundle, error)
- func (s *EncryptionService) ProcessPublicBundle(myIdentityKey *ecdsa.PrivateKey, b *protobuf.Bundle) error
- type EncryptionServiceConfig
- type PersistenceService
- type ProtocolMessageSpec
- type ProtocolService
- func (p *ProtocolService) BuildDHMessage(myIdentityKey *ecdsa.PrivateKey, destination *ecdsa.PublicKey, payload []byte) (*ProtocolMessageSpec, error)
- func (p *ProtocolService) BuildDirectMessage(myIdentityKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey, payload []byte) (*ProtocolMessageSpec, error)
- func (p *ProtocolService) BuildPublicMessage(myIdentityKey *ecdsa.PrivateKey, payload []byte) (*protobuf.ProtocolMessage, error)
- func (p *ProtocolService) ConfirmMessagesProcessed(messageIDs [][]byte) error
- func (p *ProtocolService) DisableInstallation(myIdentityKey *ecdsa.PublicKey, installationID string) error
- func (p *ProtocolService) EnableInstallation(myIdentityKey *ecdsa.PublicKey, installationID string) error
- func (p *ProtocolService) GetBundle(myIdentityKey *ecdsa.PrivateKey) (*protobuf.Bundle, error)
- func (p *ProtocolService) GetPublicBundle(theirIdentityKey *ecdsa.PublicKey) (*protobuf.Bundle, error)
- func (p *ProtocolService) HandleMessage(myIdentityKey *ecdsa.PrivateKey, theirPublicKey *ecdsa.PublicKey, ...) ([]byte, error)
- func (p *ProtocolService) ProcessPublicBundle(myIdentityKey *ecdsa.PrivateKey, bundle *protobuf.Bundle) ([]multidevice.IdentityAndIDPair, error)
- type RatchetInfo
- type SQLLiteKeysStorage
- func (s *SQLLiteKeysStorage) All() (map[dr.Key]map[uint]dr.Key, error)
- func (s *SQLLiteKeysStorage) Count(pubKey dr.Key) (uint, error)
- func (s *SQLLiteKeysStorage) CountAll() (uint, error)
- func (s *SQLLiteKeysStorage) DeleteMk(pubKey dr.Key, msgNum uint) error
- func (s *SQLLiteKeysStorage) DeleteOldMks(sessionID []byte, deleteUntil uint) error
- func (s *SQLLiteKeysStorage) Get(pubKey dr.Key, msgNum uint) (dr.Key, bool, error)
- func (s *SQLLiteKeysStorage) Put(sessionID []byte, pubKey dr.Key, msgNum uint, mk dr.Key, seqNum uint) error
- func (s *SQLLiteKeysStorage) TruncateMks(sessionID []byte, maxKeysPerSession int) error
- type SQLLitePersistence
- func (s *SQLLitePersistence) AddPrivateBundle(bc *protobuf.BundleContainer) error
- func (s *SQLLitePersistence) AddPublicBundle(b *protobuf.Bundle) error
- func (s *SQLLitePersistence) AddRatchetInfo(key []byte, identity []byte, bundleID []byte, ephemeralKey []byte, ...) error
- func (s *SQLLitePersistence) GetAnyPrivateBundle(myIdentityKey []byte, installations []*multidevice.Installation) (*protobuf.BundleContainer, error)
- func (s *SQLLitePersistence) GetAnyRatchetInfo(identity []byte, installationID string) (*RatchetInfo, error)
- func (s *SQLLitePersistence) GetKeysStorage() dr.KeysStorage
- func (s *SQLLitePersistence) GetMultideviceStorage() multidevice.Persistence
- func (s *SQLLitePersistence) GetPrivateKeyBundle(bundleID []byte) ([]byte, error)
- func (s *SQLLitePersistence) GetPublicBundle(publicKey *ecdsa.PublicKey, installations []*multidevice.Installation) (*protobuf.Bundle, error)
- func (s *SQLLitePersistence) GetRatchetInfo(bundleID []byte, theirIdentity []byte, installationID string) (*RatchetInfo, error)
- func (s *SQLLitePersistence) GetSessionStorage() dr.SessionStorage
- func (s *SQLLitePersistence) GetSharedSecretStorage() sharedsecret.PersistenceService
- func (s *SQLLitePersistence) MarkBundleExpired(identity []byte) error
- func (s *SQLLitePersistence) Open(path string, key string) error
- func (s *SQLLitePersistence) RatchetInfoConfirmed(bundleID []byte, theirIdentity []byte, installationID string) error
- type SQLLiteSessionStorage
- type SendDirectMessageRPC
- type SendPublicMessageRPC
Constants ¶
const ProtocolVersion = 1
Variables ¶
var ErrDeviceNotFound = errors.New("device not found")
var ErrNotProtocolMessage = errors.New("Not a protocol message")
var ErrSessionNotFound = errors.New("session not found")
Functions ¶
func ExtractIdentity ¶
ExtractIdentity extracts the identity key from a given bundle
func NewBundleContainer ¶
func NewBundleContainer(identity *ecdsa.PrivateKey, installationID string) (*protobuf.BundleContainer, error)
NewBundleContainer creates a new BundleContainer from an identity private key
func PerformActiveDH ¶
PerformActiveDH performs a Diffie-Hellman exchange using a public key and a generated ephemeral key. Returns the key resulting from the DH exchange as well as the ephemeral public key.
func PerformActiveX3DH ¶
func PerformActiveX3DH(identity []byte, signedPreKey []byte, prv *ecdsa.PrivateKey) ([]byte, *ecdsa.PublicKey, error)
PerformActiveX3DH takes someone else's bundle and calculates shared secret. Returns the shared secret and the ephemeral key used.
func PerformPassiveX3DH ¶
func PerformPassiveX3DH(theirIdentityKey *ecdsa.PublicKey, mySignedPreKey *ecdsa.PrivateKey, theirEphemeralKey *ecdsa.PublicKey, myPrivateKey *ecdsa.PrivateKey) ([]byte, error)
PerformPassiveX3DH handles the part of the protocol where our interlocutor used our bundle, with ID of the signedPreKey, we loaded our identity key and the correct signedPreKey and we perform X3DH
func SignBundle ¶
func SignBundle(identity *ecdsa.PrivateKey, bundleContainer *protobuf.BundleContainer) error
func VerifyBundle ¶
VerifyBundle checks that a bundle is valid
Types ¶
type ConfirmationData ¶
type ConfirmationData struct {
// contains filtered or unexported fields
}
type EncryptionService ¶
type EncryptionService struct {
// contains filtered or unexported fields
}
EncryptionService defines a service that is responsible for the encryption aspect of the protocol.
func NewEncryptionService ¶
func NewEncryptionService(p PersistenceService, config EncryptionServiceConfig) *EncryptionService
NewEncryptionService creates a new EncryptionService instance.
func (*EncryptionService) ConfirmMessagesProcessed ¶
func (s *EncryptionService) ConfirmMessagesProcessed(messageIDs [][]byte) error
ConfirmMessagesProcessed confirms and deletes message keys for the given messages
func (*EncryptionService) CreateBundle ¶
func (s *EncryptionService) CreateBundle(privateKey *ecdsa.PrivateKey, installations []*multidevice.Installation) (*protobuf.Bundle, error)
CreateBundle retrieves or creates an X3DH bundle given a private key
func (*EncryptionService) DecryptPayload ¶
func (s *EncryptionService) DecryptPayload(myIdentityKey *ecdsa.PrivateKey, theirIdentityKey *ecdsa.PublicKey, theirInstallationID string, msgs map[string]*protobuf.DirectMessageProtocol, messageID []byte) ([]byte, error)
DecryptPayload decrypts the payload of a DirectMessageProtocol, given an identity private key and the sender's public key
func (*EncryptionService) DecryptWithDH ¶
func (s *EncryptionService) DecryptWithDH(myIdentityKey *ecdsa.PrivateKey, theirEphemeralKey *ecdsa.PublicKey, payload []byte) ([]byte, error)
DecryptWithDH decrypts message sent with a DH key exchange, and throws away the key after decryption
func (*EncryptionService) EncryptPayload ¶
func (s *EncryptionService) EncryptPayload(theirIdentityKey *ecdsa.PublicKey, myIdentityKey *ecdsa.PrivateKey, installations []*multidevice.Installation, payload []byte) (map[string]*protobuf.DirectMessageProtocol, []*multidevice.Installation, error)
EncryptPayload returns a new DirectMessageProtocol with a given payload encrypted, given a recipient's public key and the sender private identity key
func (*EncryptionService) EncryptPayloadWithDH ¶ added in v0.16.4
func (s *EncryptionService) EncryptPayloadWithDH(theirIdentityKey *ecdsa.PublicKey, payload []byte) (map[string]*protobuf.DirectMessageProtocol, error)
func (*EncryptionService) GetPublicBundle ¶
func (s *EncryptionService) GetPublicBundle(theirIdentityKey *ecdsa.PublicKey, installations []*multidevice.Installation) (*protobuf.Bundle, error)
GetPublicBundle returns the active installations bundles for a given user
func (*EncryptionService) ProcessPublicBundle ¶
func (s *EncryptionService) ProcessPublicBundle(myIdentityKey *ecdsa.PrivateKey, b *protobuf.Bundle) error
ProcessPublicBundle persists a bundle
type EncryptionServiceConfig ¶
type EncryptionServiceConfig struct { InstallationID string // Max number of installations we keep synchronized. MaxInstallations int // How many consecutive messages can be skipped in the receiving chain. MaxSkip int // Any message with seqNo <= currentSeq - maxKeep will be deleted. MaxKeep int // How many keys do we store in total per session. MaxMessageKeysPerSession int // How long before we refresh the interval in milliseconds BundleRefreshInterval int64 }
func DefaultEncryptionServiceConfig ¶
func DefaultEncryptionServiceConfig(installationID string) EncryptionServiceConfig
DefaultEncryptionServiceConfig returns the default values used by the encryption service
type PersistenceService ¶
type PersistenceService interface { // GetKeysStorage returns the associated double ratchet KeysStorage object. GetKeysStorage() dr.KeysStorage // GetSessionStorage returns the associated double ratchet SessionStorage object. GetSessionStorage() dr.SessionStorage // GetPublicBundle retrieves an existing Bundle for the specified public key & installations GetPublicBundle(*ecdsa.PublicKey, []*multidevice.Installation) (*protobuf.Bundle, error) // AddPublicBundle persists a specified Bundle AddPublicBundle(*protobuf.Bundle) error // GetAnyPrivateBundle retrieves any bundle for our identity & installations GetAnyPrivateBundle([]byte, []*multidevice.Installation) (*protobuf.BundleContainer, error) // GetPrivateKeyBundle retrieves a BundleContainer with the specified signed prekey. GetPrivateKeyBundle([]byte) ([]byte, error) // AddPrivateBundle persists a BundleContainer. AddPrivateBundle(*protobuf.BundleContainer) error // MarkBundleExpired marks a private bundle as expired, not to be used for encryption anymore. MarkBundleExpired([]byte) error // AddRatchetInfo persists the specified ratchet info AddRatchetInfo([]byte, []byte, []byte, []byte, string) error // GetRatchetInfo retrieves the existing RatchetInfo for a specified bundle ID and interlocutor public key. GetRatchetInfo([]byte, []byte, string) (*RatchetInfo, error) // GetAnyRatchetInfo retrieves any existing RatchetInfo for a specified interlocutor public key. GetAnyRatchetInfo([]byte, string) (*RatchetInfo, error) // RatchetInfoConfirmed clears the ephemeral key in the RatchetInfo // associated with the specified bundle ID and interlocutor identity public key. RatchetInfoConfirmed([]byte, []byte, string) error }
PersistenceService defines the interface for a storage service
type ProtocolMessageSpec ¶
type ProtocolMessageSpec struct { Message *protobuf.ProtocolMessage // Installations is the targeted devices Installations []*multidevice.Installation SharedSecret []byte }
func (*ProtocolMessageSpec) MinVersion ¶
func (p *ProtocolMessageSpec) MinVersion() uint32
func (*ProtocolMessageSpec) PartitionedTopic ¶
func (p *ProtocolMessageSpec) PartitionedTopic() bool
type ProtocolService ¶
type ProtocolService struct { Enabled bool // contains filtered or unexported fields }
func NewProtocolService ¶
func NewProtocolService(encryption *EncryptionService, secret *sharedsecret.Service, multidevice *multidevice.Service, addedBundlesHandler func([]multidevice.IdentityAndIDPair), onNewSharedSecretHandler func([]*sharedsecret.Secret)) *ProtocolService
NewProtocolService creates a new ProtocolService instance
func (*ProtocolService) BuildDHMessage ¶
func (p *ProtocolService) BuildDHMessage(myIdentityKey *ecdsa.PrivateKey, destination *ecdsa.PublicKey, payload []byte) (*ProtocolMessageSpec, error)
BuildDHMessage builds a message with DH encryption so that it can be decrypted by any other device.
func (*ProtocolService) BuildDirectMessage ¶
func (p *ProtocolService) BuildDirectMessage(myIdentityKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey, payload []byte) (*ProtocolMessageSpec, error)
BuildDirectMessage returns a 1:1 chat message and optionally a negotiated topic given the user identity private key, the recipient's public key, and a payload
func (*ProtocolService) BuildPublicMessage ¶
func (p *ProtocolService) BuildPublicMessage(myIdentityKey *ecdsa.PrivateKey, payload []byte) (*protobuf.ProtocolMessage, error)
BuildPublicMessage marshals a public chat message given the user identity private key and a payload
func (*ProtocolService) ConfirmMessagesProcessed ¶
func (p *ProtocolService) ConfirmMessagesProcessed(messageIDs [][]byte) error
ConfirmMessagesProcessed confirms and deletes message keys for the given messages
func (*ProtocolService) DisableInstallation ¶
func (p *ProtocolService) DisableInstallation(myIdentityKey *ecdsa.PublicKey, installationID string) error
DisableInstallation disables an installation for multi-device sync.
func (*ProtocolService) EnableInstallation ¶
func (p *ProtocolService) EnableInstallation(myIdentityKey *ecdsa.PublicKey, installationID string) error
EnableInstallation enables an installation for multi-device sync.
func (*ProtocolService) GetBundle ¶
func (p *ProtocolService) GetBundle(myIdentityKey *ecdsa.PrivateKey) (*protobuf.Bundle, error)
GetBundle retrieves or creates a X3DH bundle, given a private identity key.
func (*ProtocolService) GetPublicBundle ¶
func (p *ProtocolService) GetPublicBundle(theirIdentityKey *ecdsa.PublicKey) (*protobuf.Bundle, error)
GetPublicBundle retrieves a public bundle given an identity
func (*ProtocolService) HandleMessage ¶
func (p *ProtocolService) HandleMessage(myIdentityKey *ecdsa.PrivateKey, theirPublicKey *ecdsa.PublicKey, protocolMessage *protobuf.ProtocolMessage, messageID []byte) ([]byte, error)
HandleMessage unmarshals a message and processes it, decrypting it if it is a 1:1 message.
func (*ProtocolService) ProcessPublicBundle ¶
func (p *ProtocolService) ProcessPublicBundle(myIdentityKey *ecdsa.PrivateKey, bundle *protobuf.Bundle) ([]multidevice.IdentityAndIDPair, error)
ProcessPublicBundle processes a received X3DH bundle.
type RatchetInfo ¶
type RatchetInfo struct { ID []byte Sk []byte PrivateKey []byte PublicKey []byte Identity []byte BundleID []byte EphemeralKey []byte InstallationID string }
RatchetInfo holds the current ratchet state
type SQLLiteKeysStorage ¶
type SQLLiteKeysStorage struct {
// contains filtered or unexported fields
}
SQLLiteKeysStorage represents a keys persistence service tied to an SQLite database
func NewSQLLiteKeysStorage ¶
func NewSQLLiteKeysStorage(db *sql.DB) *SQLLiteKeysStorage
NewSQLLiteKeysStorage creates a new SQLLiteKeysStorage instance associated with the specified database
func (*SQLLiteKeysStorage) Count ¶
func (s *SQLLiteKeysStorage) Count(pubKey dr.Key) (uint, error)
Count returns the count of keys with the specified public key
func (*SQLLiteKeysStorage) CountAll ¶
func (s *SQLLiteKeysStorage) CountAll() (uint, error)
CountAll returns the count of keys with the specified public key
func (*SQLLiteKeysStorage) DeleteMk ¶
func (s *SQLLiteKeysStorage) DeleteMk(pubKey dr.Key, msgNum uint) error
DeleteMk deletes the key with the specified public key and message key
func (*SQLLiteKeysStorage) DeleteOldMks ¶
func (s *SQLLiteKeysStorage) DeleteOldMks(sessionID []byte, deleteUntil uint) error
DeleteOldMks caps remove any key < seq_num, included
func (*SQLLiteKeysStorage) Get ¶
Get retrieves the message key for a specified public key and message number
func (*SQLLiteKeysStorage) Put ¶
func (s *SQLLiteKeysStorage) Put(sessionID []byte, pubKey dr.Key, msgNum uint, mk dr.Key, seqNum uint) error
Put stores a key with the specified public key, message number and message key
func (*SQLLiteKeysStorage) TruncateMks ¶
func (s *SQLLiteKeysStorage) TruncateMks(sessionID []byte, maxKeysPerSession int) error
TruncateMks caps the number of keys to maxKeysPerSession deleting them in FIFO fashion
type SQLLitePersistence ¶
SQLLitePersistence represents a persistence service tied to an SQLite database
func NewSQLLitePersistence ¶
func NewSQLLitePersistence(path string, key string) (*SQLLitePersistence, error)
NewSQLLitePersistence creates a new SQLLitePersistence instance, given a path and a key
func (*SQLLitePersistence) AddPrivateBundle ¶
func (s *SQLLitePersistence) AddPrivateBundle(bc *protobuf.BundleContainer) error
AddPrivateBundle adds the specified BundleContainer to the database
func (*SQLLitePersistence) AddPublicBundle ¶
func (s *SQLLitePersistence) AddPublicBundle(b *protobuf.Bundle) error
AddPublicBundle adds the specified Bundle to the database
func (*SQLLitePersistence) AddRatchetInfo ¶
func (s *SQLLitePersistence) AddRatchetInfo(key []byte, identity []byte, bundleID []byte, ephemeralKey []byte, installationID string) error
AddRatchetInfo persists the specified ratchet info into the database
func (*SQLLitePersistence) GetAnyPrivateBundle ¶
func (s *SQLLitePersistence) GetAnyPrivateBundle(myIdentityKey []byte, installations []*multidevice.Installation) (*protobuf.BundleContainer, error)
GetAnyPrivateBundle retrieves any bundle from the database containing a private key
func (*SQLLitePersistence) GetAnyRatchetInfo ¶
func (s *SQLLitePersistence) GetAnyRatchetInfo(identity []byte, installationID string) (*RatchetInfo, error)
GetAnyRatchetInfo retrieves any existing RatchetInfo for a specified interlocutor public key from the database
func (*SQLLitePersistence) GetKeysStorage ¶
func (s *SQLLitePersistence) GetKeysStorage() dr.KeysStorage
GetKeysStorage returns the associated double ratchet KeysStorage object
func (*SQLLitePersistence) GetMultideviceStorage ¶
func (s *SQLLitePersistence) GetMultideviceStorage() multidevice.Persistence
GetMultideviceStorage returns the associated multideviceStorage
func (*SQLLitePersistence) GetPrivateKeyBundle ¶
func (s *SQLLitePersistence) GetPrivateKeyBundle(bundleID []byte) ([]byte, error)
GetPrivateKeyBundle retrieves a private key for a bundle from the database
func (*SQLLitePersistence) GetPublicBundle ¶
func (s *SQLLitePersistence) GetPublicBundle(publicKey *ecdsa.PublicKey, installations []*multidevice.Installation) (*protobuf.Bundle, error)
GetPublicBundle retrieves an existing Bundle for the specified public key from the database
func (*SQLLitePersistence) GetRatchetInfo ¶
func (s *SQLLitePersistence) GetRatchetInfo(bundleID []byte, theirIdentity []byte, installationID string) (*RatchetInfo, error)
GetRatchetInfo retrieves the existing RatchetInfo for a specified bundle ID and interlocutor public key from the database
func (*SQLLitePersistence) GetSessionStorage ¶
func (s *SQLLitePersistence) GetSessionStorage() dr.SessionStorage
GetSessionStorage returns the associated double ratchet SessionStorage object
func (*SQLLitePersistence) GetSharedSecretStorage ¶
func (s *SQLLitePersistence) GetSharedSecretStorage() sharedsecret.PersistenceService
GetSharedSecretStorage returns the associated secretStorageObject
func (*SQLLitePersistence) MarkBundleExpired ¶
func (s *SQLLitePersistence) MarkBundleExpired(identity []byte) error
MarkBundleExpired expires any private bundle for a given identity
func (*SQLLitePersistence) Open ¶
func (s *SQLLitePersistence) Open(path string, key string) error
Open opens a file at the specified path
func (*SQLLitePersistence) RatchetInfoConfirmed ¶
func (s *SQLLitePersistence) RatchetInfoConfirmed(bundleID []byte, theirIdentity []byte, installationID string) error
RatchetInfoConfirmed clears the ephemeral key in the RatchetInfo associated with the specified bundle ID and interlocutor identity public key
type SQLLiteSessionStorage ¶
type SQLLiteSessionStorage struct {
// contains filtered or unexported fields
}
SQLLiteSessionStorage represents a session persistence service tied to an SQLite database
func NewSQLLiteSessionStorage ¶
func NewSQLLiteSessionStorage(db *sql.DB) *SQLLiteSessionStorage
NewSQLLiteSessionStorage creates a new SQLLiteSessionStorage instance associated with the specified database