axolotl

package
v1.3.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 4, 2021 License: GPL-3.0 Imports: 15 Imported by: 1

Documentation

Overview

Package axolotl implements the Axolotl ratchet as used by TextSecure protocol version 3.

Index

Constants

This section is empty.

Variables

View Source
var ErrIncompletePreKeyWhisperMessage = errors.New("incomplete PreKeyWhisperMessage")

ErrIncompletePreKeyWhisperMessage is returned when an incomplete PreKeyWhisperMessage is received.

View Source
var ErrIncompleteWhisperMessage = errors.New("incomplete WhisperMessage")

ErrIncompleteWhisperMessage is returned when an incomplete WhisperMessage is received.

View Source
var ErrInvalidMACForWhisperMessage = errors.New("invalid MAC for WhisperMessage")

ErrInvalidMACForWhisperMessage signals a message with invalid MAC.

View Source
var ErrUninitializedSession = errors.New("uninitialized session")

ErrUninitializedSession occurs when there is no session matching the incoming message.

Functions

func CalculateAgreement added in v1.2.10

func CalculateAgreement(result, theirPub, ourPriv *[32]byte)

CalculateAgreement

func ComputeTruncatedMAC

func ComputeTruncatedMAC(msg, key []byte, size int) []byte

ComputeTruncatedMAC computes a HMAC-SHA256 MAC and returns its prefix of a given size.

func Decrypt

func Decrypt(key, ciphertext []byte) ([]byte, error)

Decrypt returns the AES-CBC decryption of a ciphertext under a given key.

func DeriveSecrets

func DeriveSecrets(inputKeyMaterial, salt, info []byte, size int) ([]byte, error)

DeriveSecrets derives the requested number of bytes using HKDF, given the inputKeyMaterial, salt and the info

func Encrypt

func Encrypt(key, iv, plaintext []byte) ([]byte, error)

Encrypt returns the AES-CBC encryption of a plaintext under a given key.

func ValidTruncMAC

func ValidTruncMAC(msg, expectedMAC, key []byte) bool

ValidTruncMAC checks whether a message is correctly authenticated using HMAC-SHA256.

Types

type DuplicateMessageError

type DuplicateMessageError struct {
	// contains filtered or unexported fields
}

DuplicateMessageError indicates that we have received the same message more than once.

func (DuplicateMessageError) Error

func (err DuplicateMessageError) Error() string

type ECKeyPair

type ECKeyPair struct {
	PrivateKey ECPrivateKey
	PublicKey  ECPublicKey
}

ECKeyPair represents a public and private key pair.

func MakeECKeyPair

func MakeECKeyPair(privateKey, publicKey []byte) *ECKeyPair

MakeECKeyPair creates a key pair.

func NewECKeyPair

func NewECKeyPair() *ECKeyPair

NewECKeyPair creates a key pair

func (*ECKeyPair) String

func (kp *ECKeyPair) String() string

type ECPrivateKey

type ECPrivateKey struct {
	// contains filtered or unexported fields
}

ECPrivateKey represents a 256 bit Curve25519 private key.

func NewECPrivateKey

func NewECPrivateKey(b []byte) *ECPrivateKey

NewECPrivateKey initializes a private key with the given value.

func (*ECPrivateKey) Key

func (k *ECPrivateKey) Key() *[32]byte

Key returns the value of the private key.

type ECPublicKey

type ECPublicKey struct {
	// contains filtered or unexported fields
}

ECPublicKey represents a 256 bit Curve25519 public key.

func NewECPublicKey

func NewECPublicKey(b []byte) *ECPublicKey

NewECPublicKey initializes a public key with the given value.

func (ECPublicKey) GetKey added in v1.2.10

func (pk ECPublicKey) GetKey() [32]byte

func (*ECPublicKey) Key

func (k *ECPublicKey) Key() *[32]byte

Key returns the value of the public key.

func (*ECPublicKey) Serialize

func (k *ECPublicKey) Serialize() []byte

Serialize returns the public key prepended by the byte value 5, as used in the TextSecure network protocol.

type IdentityKey

type IdentityKey struct {
	ECPublicKey
}

IdentityKey represents a Curve25519 public key used as a public identity.

func NewIdentityKey

func NewIdentityKey(b []byte) *IdentityKey

NewIdentityKey initializes an identity key to a given value.

type IdentityKeyPair

type IdentityKeyPair struct {
	PrivateKey ECPrivateKey
	PublicKey  IdentityKey
}

IdentityKeyPair is a pair of private and public identity keys.

func GenerateIdentityKeyPair

func GenerateIdentityKeyPair() *IdentityKeyPair

GenerateIdentityKeyPair is called once at install time to generate the local identity keypair, which will be valid until a reinstallation.

func NewIdentityKeyPairFromKeys

func NewIdentityKeyPairFromKeys(priv, pub []byte) *IdentityKeyPair

NewIdentityKeyPairFromKeys initializes an identity key pair.

type IdentityStore

type IdentityStore interface {
	GetIdentityKeyPair() (*IdentityKeyPair, error)
	GetLocalRegistrationID() (uint32, error)
	SaveIdentity(string, *IdentityKey) error
	IsTrustedIdentity(string, *IdentityKey) bool
}

IdentityStore provides an interface to identity information.

type InvalidMessageError

type InvalidMessageError struct {
	// contains filtered or unexported fields
}

InvalidMessageError represents various error states

func (InvalidMessageError) Error

func (err InvalidMessageError) Error() string

type InvalidSignatureError

type InvalidSignatureError struct {
	// contains filtered or unexported fields
}

InvalidSignatureError represents the error situation where the verification of the sender identity fails.

func (InvalidSignatureError) Error

func (err InvalidSignatureError) Error() string

type MismatchedVersionError

type MismatchedVersionError struct {
	// contains filtered or unexported fields
}

MismatchedVersionError represents the error situation where the peer is using a different protocol version.

func (MismatchedVersionError) Error

func (err MismatchedVersionError) Error() string

type NotTrustedError

type NotTrustedError struct {
	ID string
}

NotTrustedError represents the error situation where the peer is using a different identity key than expected.

func (NotTrustedError) Error

func (err NotTrustedError) Error() string

type PreKeyBundle

type PreKeyBundle struct {
	RegistrationID uint32
	DeviceID       uint32

	PreKeyID     uint32
	PreKeyPublic *ECPublicKey

	SignedPreKeyID        int32
	SignedPreKeyPublic    *ECPublicKey
	SignedPreKeySignature [64]byte

	IdentityKey *IdentityKey
}

PreKeyBundle contains the data required to initialize a sender session. It is constructed from PreKeys registered by the peer.

func NewPreKeyBundle

func NewPreKeyBundle(registrationID, deviceID, preKeyID uint32, preKey *ECPublicKey,
	signedPreKeyID int32, signedPreKey *ECPublicKey, signature []byte,
	identityKey *IdentityKey) (*PreKeyBundle, error)

NewPreKeyBundle creates a PreKeyBundle structure with the given fields.

type PreKeyNotFoundError

type PreKeyNotFoundError struct {
	// contains filtered or unexported fields
}

PreKeyNotFoundError represents the error situation when a local prekey cannot be loaded.

func (PreKeyNotFoundError) Error

func (err PreKeyNotFoundError) Error() string

type PreKeyRecord

type PreKeyRecord struct {
	Pkrs *protobuf.PreKeyRecordStructure
}

PreKeyRecord represents a prekey, and is simply wrapper around the corresponding protobuf struct

func GenerateLastResortPreKey

func GenerateLastResortPreKey() *PreKeyRecord

GenerateLastResortPreKey creates the last resort PreKey. Clients should do this only once, at install time, and durably store it for the length of the install.

func GeneratePreKeys

func GeneratePreKeys(start, count int) []*PreKeyRecord

GeneratePreKeys creates a list of PreKeys. Clients should do this at install time, and subsequently any time the list of PreKeys stored on the server runs low.

func LoadPreKeyRecord

func LoadPreKeyRecord(serialized []byte) (*PreKeyRecord, error)

LoadPreKeyRecord creates a PreKeyRecord instance from a serialized bytestream

func NewPreKeyRecord

func NewPreKeyRecord(id uint32, kp *ECKeyPair) *PreKeyRecord

NewPreKeyRecord creates a new PreKeyRecord instance

func (*PreKeyRecord) Serialize

func (record *PreKeyRecord) Serialize() ([]byte, error)

Serialize marshals the prekey into a protobuf.

type PreKeyStore

type PreKeyStore interface {
	LoadPreKey(uint32) (*PreKeyRecord, error)
	StorePreKey(uint32, *PreKeyRecord) error
	ContainsPreKey(uint32) bool
	RemovePreKey(uint32)
}

PreKeyStore provides an interface to accessing the local prekeys.

type PreKeyWhisperMessage

type PreKeyWhisperMessage struct {
	Version        byte
	RegistrationID uint32
	PreKeyID       uint32
	SignedPreKeyID uint32
	BaseKey        *ECPublicKey
	IdentityKey    *IdentityKey
	Message        *WhisperMessage
	// contains filtered or unexported fields
}

PreKeyWhisperMessage represents a WhisperMessage and additional prekey metadata used for the initial handshake in a conversation.

func LoadPreKeyWhisperMessage

func LoadPreKeyWhisperMessage(serialized []byte) (*PreKeyWhisperMessage, error)

LoadPreKeyWhisperMessage creates a PreKeyWhisperMessage from serialized bytes.

type SessionBuilder

type SessionBuilder struct {
	// contains filtered or unexported fields
}

SessionBuilder takes care of creating the sessions.

func NewSessionBuilder

func NewSessionBuilder(identityStore IdentityStore, preKeyStore PreKeyStore, signedPreKeyStore SignedPreKeyStore, sessionStore SessionStore, recipientID string, deviceID uint32) *SessionBuilder

NewSessionBuilder creates a new session builder object.

func (*SessionBuilder) BuildReceiverSession

func (sb *SessionBuilder) BuildReceiverSession(sr *SessionRecord, pkwm *PreKeyWhisperMessage) (uint32, error)

BuildReceiverSession creates a new session from a received PreKeyWhisperMessage.

func (*SessionBuilder) BuildSenderSession

func (sb *SessionBuilder) BuildSenderSession(pkb *PreKeyBundle) error

BuildSenderSession creates a new session from a PreKeyBundle

type SessionCipher

type SessionCipher struct {
	RecipientID  string
	DeviceID     uint32
	SessionStore SessionStore
	PreKeyStore  PreKeyStore
	Builder      *SessionBuilder
}

SessionCipher represents a peer and its persistent stored session.

func NewSessionCipher

func NewSessionCipher(identityStore IdentityStore, preKeyStore PreKeyStore, signedPreKeyStore SignedPreKeyStore, sessionStore SessionStore, recipientID string, deviceID uint32) *SessionCipher

NewSessionCipher creates a new session cipher.

func (*SessionCipher) GetRemoteRegistrationID

func (sc *SessionCipher) GetRemoteRegistrationID() (uint32, error)

GetRemoteRegistrationID returns the registration ID of the peer.

func (*SessionCipher) SessionDecryptPreKeyWhisperMessage

func (sc *SessionCipher) SessionDecryptPreKeyWhisperMessage(ciphertext *PreKeyWhisperMessage) ([]byte, error)

SessionDecryptPreKeyWhisperMessage decrypts an incoming message.

func (*SessionCipher) SessionDecryptWhisperMessage

func (sc *SessionCipher) SessionDecryptWhisperMessage(ciphertext *WhisperMessage) ([]byte, error)

SessionDecryptWhisperMessage decrypts an incoming message.

func (*SessionCipher) SessionEncryptMessage

func (sc *SessionCipher) SessionEncryptMessage(plaintext []byte) ([]byte, int32, error)

SessionEncryptMessage encrypts a given plaintext in a WhisperMessage or a PreKeyWhisperMessage, depending on whether there a session with the peer exists or needs to be established.

type SessionRecord

type SessionRecord struct {
	PreviousStates []*sessionState
	Fresh          bool
	// contains filtered or unexported fields
}

SessionRecord represents a session in persistent store.

func LoadSessionRecord

func LoadSessionRecord(serialized []byte) (*SessionRecord, error)

LoadSessionRecord creates a SessionRecord object from serialized byte, error) {

func NewSessionRecord

func NewSessionRecord() *SessionRecord

NewSessionRecord creates a new SessionRecord object.

func (*SessionRecord) Serialize

func (record *SessionRecord) Serialize() ([]byte, error)

Serialize saves the state of a SessionRecord object to a byte stream.

type SessionStore

type SessionStore interface {
	Lock()
	Unlock()
	LoadSession(string, uint32) (*SessionRecord, error)
	GetSubDeviceSessions(string) []uint32
	StoreSession(string, uint32, *SessionRecord) error
	ContainsSession(string, uint32) bool
	DeleteSession(string, uint32)
	DeleteAllSessions(string)
}

SessionStore provides an interface to accessing the local session records.

type SignedPreKeyRecord

type SignedPreKeyRecord struct {
	Spkrs *protobuf.SignedPreKeyRecordStructure
}

SignedPreKeyRecord represents a prekey, and is simply wrapper around the corresponding protobuf struct

func LoadSignedPreKeyRecord

func LoadSignedPreKeyRecord(serialized []byte) (*SignedPreKeyRecord, error)

LoadSignedPreKeyRecord creates a SignedPreKeyRecord instance from a serialized bytestream

func NewSignedPreKeyRecord

func NewSignedPreKeyRecord(id uint32, timestamp uint64, kp *ECKeyPair, signature []byte) *SignedPreKeyRecord

NewSignedPreKeyRecord creates a new SignedPreKeyRecord instance

func (*SignedPreKeyRecord) Serialize

func (record *SignedPreKeyRecord) Serialize() ([]byte, error)

Serialize marshals the signed prekey into a protobuf.

type SignedPreKeyStore

type SignedPreKeyStore interface {
	LoadSignedPreKey(uint32) (*SignedPreKeyRecord, error)
	LoadSignedPreKeys() []SignedPreKeyRecord
	StoreSignedPreKey(uint32, *SignedPreKeyRecord) error
	ContainsSignedPreKey(uint32) bool
	RemoveSignedPreKey(uint32)
}

SignedPreKeyStore provides an interface to accessing the local signed prekeys.

type UnsupportedVersionError

type UnsupportedVersionError struct {
	// contains filtered or unexported fields
}

UnsupportedVersionError represents the error situation where the peer is using an unsupported protocol version.

func (UnsupportedVersionError) Error

func (err UnsupportedVersionError) Error() string

type WhisperMessage

type WhisperMessage struct {
	Version         byte
	RatchetKey      *ECPublicKey
	Counter         uint32
	PreviousCounter uint32
	Ciphertext      []byte
	// contains filtered or unexported fields
}

WhisperMessage represents the encrypted message format used in TextSecure.

func LoadWhisperMessage

func LoadWhisperMessage(serialized []byte) (*WhisperMessage, error)

LoadWhisperMessage creates a WhisperMessage from serialized bytes.

Directories

Path Synopsis
Package textsecure is a generated protocol buffer package.
Package textsecure is a generated protocol buffer package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL