crypto

package
v0.7.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 1, 2020 License: MPL-2.0 Imports: 31 Imported by: 32

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	IncorrectEncryptedContentType = errors.New("event content is not instance of *event.EncryptedEventContent")
	NoSessionFound                = errors.New("failed to decrypt megolm event: no session with given ID found")
	DuplicateMessageIndex         = errors.New("duplicate message index")
	WrongRoom                     = errors.New("encrypted megolm event is not intended for this room")
	DeviceKeyMismatch             = errors.New("device keys in event and verified device info do not match")
)
View Source 
var (
	UnsupportedAlgorithm                = errors.New("unsupported event encryption algorithm")
	NotEncryptedForMe                   = errors.New("olm event doesn't contain ciphertext for this device")
	UnsupportedOlmMessageType           = errors.New("unsupported olm message type")
	DecryptionFailedWithMatchingSession = errors.New("decryption failed with matching session")
	DecryptionFailedForNormalMessage    = errors.New("decryption failed for normal message")
	SenderMismatch                      = errors.New("mismatched sender in olm payload")
	RecipientMismatch                   = errors.New("mismatched recipient in olm payload")
	RecipientKeyMismatch                = errors.New("mismatched recipient key in olm payload")
)
View Source 
var (
	MismatchingDeviceID   = errors.New("mismatching device ID in parameter and keys object")
	MismatchingUserID     = errors.New("mismatching user ID in parameter and keys object")
	MismatchingSigningKey = errors.New("received update for device with different signing key")
	NoSigningKeyFound     = errors.New("didn't find ed25519 signing key")
	NoIdentityKeyFound    = errors.New("didn't find curve25519 identity key")
	InvalidKeySignature   = errors.New("invalid signature on device keys")
)
View Source 
var (
	AlreadyShared  = errors.New("group session already shared")
	NoGroupSession = errors.New("no group session created")
)
View Source 
var (
	ErrMissingExportPrefix          = errors.New("invalid Matrix key export: missing prefix")
	ErrMissingExportSuffix          = errors.New("invalid Matrix key export: missing suffix")
	ErrUnsupportedExportVersion     = errors.New("unsupported Matrix key export format version")
	ErrMismatchingExportHash        = errors.New("mismatching hash; incorrect passphrase?")
	ErrInvalidExportedAlgorithm     = errors.New("session has unknown algorithm")
	ErrMismatchingExportedSessionID = errors.New("imported session has different ID than expected")
)
View Source 
var (
	// Reject a key request without responding
	KeyShareRejectNoResponse = KeyShareRejection{}

	KeyShareRejectBlacklisted   = KeyShareRejection{event.RoomKeyWithheldBlacklisted, "You have been blacklisted by this device"}
	KeyShareRejectUnverified    = KeyShareRejection{event.RoomKeyWithheldUnverified, "You have not been verified by this device"}
	KeyShareRejectOtherUser     = KeyShareRejection{event.RoomKeyWithheldUnauthorized, "This device does not share keys to other users"}
	KeyShareRejectUnavailable   = KeyShareRejection{event.RoomKeyWithheldUnavailable, "Requested session ID not found on this device"}
	KeyShareRejectInternalError = KeyShareRejection{event.RoomKeyWithheldUnavailable, "An internal error occurred while trying to share the requested session"}
)
View Source 
var (
	SessionNotShared = errors.New("session has not been shared")
	SessionExpired   = errors.New("session has expired")
)
View Source 
var (
	ErrUnknownUserForTransaction = errors.New("unknown user for transaction")
	ErrTransactionAlreadyExists  = errors.New("transaction already exists")
	// ErrUnknownTransaction is returned when a key verification message is received with an unknown transaction ID.
	ErrUnknownTransaction = errors.New("unknown transaction")
	// ErrUnknownVerificationMethod is returned when the verification method in a received m.key.verification.start is unknown.
	ErrUnknownVerificationMethod = errors.New("unknown verification method")
)
View Source 
var ErrGroupSessionWithheld = errors.New("group session has been withheld")

Functions

func ExportKeys added in v0.7.3 

func ExportKeys(passphrase string, sessions []*InboundGroupSession) ([]byte, error)

ExportKeys exports the given Megolm sessions with the format specified in the Matrix spec. See https://matrix.org/docs/spec/client_server/r0.6.1#key-exports

func Fingerprint added in v0.7.0 

func Fingerprint(signingKey id.SigningKey) string

func IsShareError added in v0.5.3 

func IsShareError(err error) bool

IsShareError returns true if the error is caused by the lack of an outgoing megolm session and can be solved with OlmMachine.ShareGroupSession

Types

type DecimalSASData added in v0.7.0 

type DecimalSASData [3]uint

DecimalSASData contains the verification numbers for the decimal SAS method.

func (DecimalSASData) Type added in v0.7.0 

func (DecimalSASData) Type() event.SASMethod

Type returns the decimal SAS method type.

type DecryptedOlmEvent added in v0.5.3 

type DecryptedOlmEvent struct {
	Source *event.Event `json:"-"`

	SenderKey id.SenderKey `json:"-"`

	Sender        id.UserID    `json:"sender"`
	SenderDevice  id.DeviceID  `json:"sender_device"`
	Keys          OlmEventKeys `json:"keys"`
	Recipient     id.UserID    `json:"recipient"`
	RecipientKeys OlmEventKeys `json:"recipient_keys"`

	Type    event.Type    `json:"type"`
	Content event.Content `json:"content"`
}

DecryptedOlmEvent represents an event that was decrypted from an event encrypted with the m.olm.v1.curve25519-aes-sha2 algorithm.

type DeviceIdentity 

type DeviceIdentity struct {
	UserID      id.UserID
	DeviceID    id.DeviceID
	IdentityKey id.Curve25519
	SigningKey  id.Ed25519

	Trust   TrustState
	Deleted bool
	Name    string
}

DeviceIdentity contains the identity details of a device and some additional info.

func (*DeviceIdentity) Fingerprint added in v0.7.0 

func (device *DeviceIdentity) Fingerprint() string

type EmojiSASData added in v0.7.0 

type EmojiSASData [7]VerificationEmoji

EmojiSASData contains the verification emojis for the emoji SAS method.

func (EmojiSASData) Type added in v0.7.0 

func (EmojiSASData) Type() event.SASMethod

Type returns the emoji SAS method type.

type ExpirationMixin 

type ExpirationMixin struct {
	TimeMixin
	MaxAge time.Duration
}

func (*ExpirationMixin) Expired 

func (exp *ExpirationMixin) Expired() bool

type ExportedSession added in v0.7.3 

type ExportedSession struct {
	Algorithm         id.Algorithm      `json:"algorithm"`
	ForwardingChains  []string          `json:"forwarding_curve25519_key_chain"`
	RoomID            id.RoomID         `json:"room_id"`
	SenderKey         id.SenderKey      `json:"sender_key"`
	SenderClaimedKeys SenderClaimedKeys `json:"sender_claimed_keys"`
	SessionID         id.SessionID      `json:"session_id"`
	SessionKey        string            `json:"session_key"`
}

type GobStore 

type GobStore struct {
	Account               *OlmAccount
	Sessions              map[id.SenderKey]OlmSessionList
	GroupSessions         map[id.RoomID]map[id.SenderKey]map[id.SessionID]*InboundGroupSession
	WithheldGroupSessions map[id.RoomID]map[id.SenderKey]map[id.SessionID]*event.RoomKeyWithheldEventContent
	OutGroupSessions      map[id.RoomID]*OutboundGroupSession
	MessageIndices        map[messageIndexKey]messageIndexValue
	Devices               map[id.UserID]map[id.DeviceID]*DeviceIdentity
	// contains filtered or unexported fields
}

GobStore is a simple Store implementation that dumps everything into a .gob file.

func NewGobStore 

func NewGobStore(path string) (*GobStore, error)

NewGobStore creates a new GobStore that saves everything to the given file.

func (*GobStore) AddOutboundGroupSession added in v0.4.4 

func (gs *GobStore) AddOutboundGroupSession(session *OutboundGroupSession) error

func (*GobStore) AddSession 

func (gs *GobStore) AddSession(senderKey id.SenderKey, session *OlmSession) error

func (*GobStore) FilterTrackedUsers added in v0.3.1 

func (gs *GobStore) FilterTrackedUsers(users []id.UserID) []id.UserID

func (*GobStore) Flush 

func (gs *GobStore) Flush() error

func (*GobStore) GetAccount 

func (gs *GobStore) GetAccount() (*OlmAccount, error)

func (*GobStore) GetAllGroupSessions added in v0.7.3 

func (gs *GobStore) GetAllGroupSessions() ([]*InboundGroupSession, error)

func (*GobStore) GetDevice added in v0.4.7 

func (gs *GobStore) GetDevice(userID id.UserID, deviceID id.DeviceID) (*DeviceIdentity, error)

func (*GobStore) GetDevices 

func (gs *GobStore) GetDevices(userID id.UserID) (map[id.DeviceID]*DeviceIdentity, error)

func (*GobStore) GetGroupSession 

func (gs *GobStore) GetGroupSession(roomID id.RoomID, senderKey id.SenderKey, sessionID id.SessionID) (*InboundGroupSession, error)

func (*GobStore) GetGroupSessionsForRoom added in v0.7.3 

func (gs *GobStore) GetGroupSessionsForRoom(roomID id.RoomID) ([]*InboundGroupSession, error)

func (*GobStore) GetLatestSession 

func (gs *GobStore) GetLatestSession(senderKey id.SenderKey) (*OlmSession, error)

func (*GobStore) GetOutboundGroupSession 

func (gs *GobStore) GetOutboundGroupSession(roomID id.RoomID) (*OutboundGroupSession, error)

func (*GobStore) GetSessions 

func (gs *GobStore) GetSessions(senderKey id.SenderKey) (OlmSessionList, error)

func (*GobStore) GetWithheldGroupSession added in v0.7.0 

func (gs *GobStore) GetWithheldGroupSession(roomID id.RoomID, senderKey id.SenderKey, sessionID id.SessionID) (*event.RoomKeyWithheldEventContent, error)

func (*GobStore) HasSession 

func (gs *GobStore) HasSession(senderKey id.SenderKey) bool

func (*GobStore) PutAccount 

func (gs *GobStore) PutAccount(account *OlmAccount) error

func (*GobStore) PutDevice added in v0.7.0 

func (gs *GobStore) PutDevice(userID id.UserID, device *DeviceIdentity) error

func (*GobStore) PutDevices 

func (gs *GobStore) PutDevices(userID id.UserID, devices map[id.DeviceID]*DeviceIdentity) error

func (*GobStore) PutGroupSession 

func (gs *GobStore) PutGroupSession(roomID id.RoomID, senderKey id.SenderKey, sessionID id.SessionID, igs *InboundGroupSession) error

func (*GobStore) PutWithheldGroupSession added in v0.7.0 

func (gs *GobStore) PutWithheldGroupSession(content event.RoomKeyWithheldEventContent) error

func (*GobStore) RemoveOutboundGroupSession added in v0.4.4 

func (gs *GobStore) RemoveOutboundGroupSession(roomID id.RoomID) error

func (*GobStore) UpdateOutboundGroupSession added in v0.4.4 

func (gs *GobStore) UpdateOutboundGroupSession(_ *OutboundGroupSession) error

func (*GobStore) UpdateSession added in v0.4.3 

func (gs *GobStore) UpdateSession(_ id.SenderKey, _ *OlmSession) error

func (*GobStore) ValidateMessageIndex 

func (gs *GobStore) ValidateMessageIndex(senderKey id.SenderKey, sessionID id.SessionID, eventID id.EventID, index uint, timestamp int64) bool

type InboundGroupSession 

type InboundGroupSession struct {
	Internal olm.InboundGroupSession

	SigningKey id.Ed25519
	SenderKey  id.Curve25519
	RoomID     id.RoomID

	ForwardingChains []string
	// contains filtered or unexported fields
}

func NewInboundGroupSession 

func NewInboundGroupSession(senderKey id.SenderKey, signingKey id.Ed25519, roomID id.RoomID, sessionKey string) (*InboundGroupSession, error)

func (*InboundGroupSession) ID 

func (igs *InboundGroupSession) ID() id.SessionID

type KeyShareRejection added in v0.7.0 

type KeyShareRejection struct {
	Code   event.RoomKeyWithheldCode
	Reason string
}

type Logger 

type Logger interface {
	Error(message string, args ...interface{})
	Warn(message string, args ...interface{})
	Debug(message string, args ...interface{})
	Trace(message string, args ...interface{})
}

Logger is a simple logging struct for OlmMachine. Implementations are recommended to use fmt.Sprintf and manually add a newline after the message.

type OGSState 

type OGSState int
const (
	OGSNotShared OGSState = iota
	OGSAlreadyShared
	OGSIgnored
)

type OlmAccount 

type OlmAccount struct {
	Internal olm.Account

	Shared bool
	// contains filtered or unexported fields
}

func NewOlmAccount added in v0.4.1 

func NewOlmAccount() *OlmAccount

func (*OlmAccount) IdentityKey added in v0.5.3 

func (account *OlmAccount) IdentityKey() id.IdentityKey

func (*OlmAccount) Keys added in v0.5.3 

func (account *OlmAccount) Keys() (id.SigningKey, id.IdentityKey)

func (*OlmAccount) NewInboundSessionFrom 

func (account *OlmAccount) NewInboundSessionFrom(senderKey id.Curve25519, ciphertext string) (*OlmSession, error)

func (*OlmAccount) SigningKey added in v0.5.3 

func (account *OlmAccount) SigningKey() id.SigningKey

type OlmEventKeys 

type OlmEventKeys struct {
	Ed25519 id.Ed25519 `json:"ed25519"`
}

type OlmMachine 

type OlmMachine struct {
	Client *mautrix.Client
	Log    Logger

	CryptoStore Store
	StateStore  StateStore

	AllowUnverifiedDevices       bool
	ShareKeysToUnverifiedDevices bool

	AllowKeyShare func(*DeviceIdentity, event.RequestedKeyInfo) *KeyShareRejection

	DefaultSASTimeout time.Duration
	// AcceptVerificationFrom determines whether the machine will accept verification requests from this device.
	AcceptVerificationFrom func(string, *DeviceIdentity) (VerificationRequestResponse, VerificationHooks)
	// contains filtered or unexported fields
}

OlmMachine is the main struct for handling Matrix end-to-end encryption.

func NewOlmMachine 

func NewOlmMachine(client *mautrix.Client, log Logger, cryptoStore Store, stateStore StateStore) *OlmMachine

NewOlmMachine creates an OlmMachine with the given client, logger and stores.

func (*OlmMachine) CancelSASVerification added in v0.7.0 

func (mach *OlmMachine) CancelSASVerification(userID id.UserID, transactionID, reason string) error

CancelSASVerification is used by the user to cancel a SAS verification process with the given reason.

func (*OlmMachine) DecryptMegolmEvent 

func (mach *OlmMachine) DecryptMegolmEvent(evt *event.Event) (*event.Event, error)

DecryptMegolmEvent decrypts an m.room.encrypted event where the algorithm is m.megolm.v1.aes-sha2

func (*OlmMachine) EncryptMegolmEvent 

func (mach *OlmMachine) EncryptMegolmEvent(roomID id.RoomID, evtType event.Type, content interface{}) (*event.EncryptedEventContent, error)

EncryptMegolmEvent encrypts data with the m.megolm.v1.aes-sha2 algorithm.

If you use the event.Content struct, make sure you pass a pointer to the struct, as JSON serialization will not work correctly otherwise.

func (*OlmMachine) Fingerprint added in v0.3.3 

func (mach *OlmMachine) Fingerprint() string

Fingerprint returns the fingerprint of the Olm account that can be used for non-interactive verification.

func (*OlmMachine) FlushStore 

func (mach *OlmMachine) FlushStore() error

FlushStore calls the Flush method of the CryptoStore.

func (*OlmMachine) GetOrFetchDevice added in v0.7.0 

func (mach *OlmMachine) GetOrFetchDevice(userID id.UserID, deviceID id.DeviceID) (*DeviceIdentity, error)

GetOrFetchDevice attempts to retrieve the device identity for the given device from the store and if it's not found it asks the server for it.

func (*OlmMachine) HandleMemberEvent 

func (mach *OlmMachine) HandleMemberEvent(evt *event.Event)

HandleMemberEvent handles a single membership event.

Currently this is not automatically called, so you must add a listener yourself: 

client.Syncer.(*mautrix.DefaultSyncer).OnSync(c.crypto.ProcessSyncResponse)

func (*OlmMachine) HandleToDeviceEvent 

func (mach *OlmMachine) HandleToDeviceEvent(evt *event.Event)

HandleToDeviceEvent handles a single to-device event. This is automatically called by ProcessSyncResponse, so you don't need to add any custom handlers if you use that method.

func (*OlmMachine) ImportKeys added in v0.7.3 

func (mach *OlmMachine) ImportKeys(passphrase string, data []byte) (int, int, error)

ImportKeys imports data that was exported with the format specified in the Matrix spec. See See https://matrix.org/docs/spec/client_server/r0.6.1#key-exports

func (*OlmMachine) Load 

func (mach *OlmMachine) Load() (err error)

Load loads the Olm account information from the crypto store. If there's no olm account, a new one is created. This must be called before using the machine.

func (*OlmMachine) LoadDevices added in v0.7.0 

func (mach *OlmMachine) LoadDevices(user id.UserID) map[id.DeviceID]*DeviceIdentity

func (*OlmMachine) NewSASVerificationWith added in v0.7.0 

func (mach *OlmMachine) NewSASVerificationWith(device *DeviceIdentity, hooks VerificationHooks, transactionID string, timeout time.Duration) (string, error)

NewSASVerificationWith starts the SAS verification process with another device. If the other device accepts the verification transaction, the methods in `hooks` will be used to verify the SAS match and to complete the transaction.. If the transaction ID is empty, a new one is generated.

func (*OlmMachine) NewSimpleSASVerificationWith added in v0.7.0 

func (mach *OlmMachine) NewSimpleSASVerificationWith(device *DeviceIdentity, hooks VerificationHooks) (string, error)

NewSimpleSASVerificationWith starts the SAS verification process with another device with a default timeout, a generated transaction ID and support for both emoji and decimal SAS methods.

func (*OlmMachine) OnDevicesChanged 

func (mach *OlmMachine) OnDevicesChanged(userID id.UserID)

OnDevicesChanged finds all shared rooms with the given user and invalidates outbound sessions in those rooms.

This is called automatically whenever a device list change is noticed in ProcessSyncResponse and usually does not need to be called manually.

func (*OlmMachine) ProcessSyncResponse 

func (mach *OlmMachine) ProcessSyncResponse(resp *mautrix.RespSync, since string)

ProcessSyncResponse processes a single /sync response.

This can be easily registered into a mautrix client using .OnSync(): 

client.Syncer.(*mautrix.DefaultSyncer).OnSync(c.crypto.ProcessSyncResponse)

func (*OlmMachine) RequestRoomKey added in v0.7.0 

func (mach *OlmMachine) RequestRoomKey(ctx context.Context, toUser id.UserID, toDevice id.DeviceID,
	roomID id.RoomID, senderKey id.SenderKey, sessionID id.SessionID) (chan bool, error)

RequestRoomKey sends a key request for a room to the current user's devices. If the context is cancelled, then so is the key request. Returns a bool channel that will get notified either when the key is received or the request is cancelled.

func (*OlmMachine) SendEncryptedToDevice added in v0.7.0 

func (mach *OlmMachine) SendEncryptedToDevice(device *DeviceIdentity, content event.Content) error

SendEncryptedToDevice sends an Olm-encrypted event to the given user device.

func (*OlmMachine) SendSASVerificationAccept added in v0.7.0 

func (mach *OlmMachine) SendSASVerificationAccept(fromUser id.UserID, startEvent *event.VerificationStartEventContent, publicKey []byte, methods []VerificationMethod) error

SendSASVerificationAccept is used to manually send an accept for a SAS verification process from a received m.key.verification.start event.

func (*OlmMachine) SendSASVerificationCancel added in v0.7.0 

func (mach *OlmMachine) SendSASVerificationCancel(userID id.UserID, deviceID id.DeviceID, transactionID string, reason string, code event.VerificationCancelCode) error

SendSASVerificationCancel is used to manually send a SAS cancel message process with the given reason and cancellation code.

func (*OlmMachine) SendSASVerificationKey added in v0.7.0 

func (mach *OlmMachine) SendSASVerificationKey(userID id.UserID, deviceID id.DeviceID, transactionID string, key string) error

SendSASVerificationKey sends the ephemeral public key for a device to the partner device.

func (*OlmMachine) SendSASVerificationMAC added in v0.7.0 

func (mach *OlmMachine) SendSASVerificationMAC(userID id.UserID, deviceID id.DeviceID, transactionID string, sas *olm.SAS) error

SendSASVerificationMAC is use the MAC of a device's key to the partner device.

func (*OlmMachine) SendSASVerificationStart added in v0.7.0 

func (mach *OlmMachine) SendSASVerificationStart(toUserID id.UserID, toDeviceID id.DeviceID, transactionID string, methods []VerificationMethod) (*event.VerificationStartEventContent, error)

SendSASVerificationStart is used to manually send the SAS verification start message to another device.

func (*OlmMachine) ShareGroupSession 

func (mach *OlmMachine) ShareGroupSession(roomID id.RoomID, users []id.UserID) error

ShareGroupSession shares a group session for a specific room with all the devices of the given user list.

For devices with TrustStateBlacklisted, a m.room_key.withheld event with code=m.blacklisted is sent. If AllowUnverifiedDevices is false, a similar event with code=m.unverified is sent to devices with TrustStateUnset

func (*OlmMachine) ShareKeys 

func (mach *OlmMachine) ShareKeys(currentOTKCount int) error

ShareKeys uploads necessary keys to the server.

If the Olm account hasn't been shared, the account keys will be uploaded. If currentOTKCount is less than half of the limit (100 / 2 = 50), enough one-time keys will be uploaded so exactly half of the limit is filled.

func (*OlmMachine) WaitForSession added in v0.7.7 

func (mach *OlmMachine) WaitForSession(roomID id.RoomID, senderKey id.SenderKey, sessionID id.SessionID, timeout time.Duration) bool

WaitForSession waits for the given Megolm session to arrive.

type OlmSession 

type OlmSession struct {
	Internal olm.Session
	ExpirationMixin
	// contains filtered or unexported fields
}

func (*OlmSession) Decrypt 

func (session *OlmSession) Decrypt(ciphertext string, msgType id.OlmMsgType) ([]byte, error)

func (*OlmSession) Encrypt 

func (session *OlmSession) Encrypt(plaintext []byte) (id.OlmMsgType, []byte)

func (*OlmSession) ID 

func (session *OlmSession) ID() id.SessionID

func (*OlmSession) Lock added in v0.7.9 

func (session *OlmSession) Lock()

func (*OlmSession) SetLock added in v0.7.9 

func (session *OlmSession) SetLock(lock sync.Locker)

func (*OlmSession) Unlock added in v0.7.9 

func (session *OlmSession) Unlock()

type OlmSessionList 

type OlmSessionList []*OlmSession

OlmSessionList is a list of OlmSessions. It implements sort.Interface in a way that sorts items in reverse alphabetic order, which means the newest session is first.

func (OlmSessionList) Len 

func (o OlmSessionList) Len() int

func (OlmSessionList) Less 

func (o OlmSessionList) Less(i, j int) bool

func (OlmSessionList) Swap 

func (o OlmSessionList) Swap(i, j int)

type OutboundGroupSession 

type OutboundGroupSession struct {
	Internal olm.OutboundGroupSession

	ExpirationMixin
	MaxMessages  int
	MessageCount int

	Users  map[UserDevice]OGSState
	RoomID id.RoomID
	Shared bool
	// contains filtered or unexported fields
}

func NewOutboundGroupSession 

func NewOutboundGroupSession(roomID id.RoomID, encryptionContent *event.EncryptionEventContent) *OutboundGroupSession

func (*OutboundGroupSession) Encrypt 

func (ogs *OutboundGroupSession) Encrypt(plaintext []byte) ([]byte, error)

func (*OutboundGroupSession) Expired 

func (ogs *OutboundGroupSession) Expired() bool

func (*OutboundGroupSession) ID 

func (ogs *OutboundGroupSession) ID() id.SessionID

func (*OutboundGroupSession) ShareContent 

func (ogs *OutboundGroupSession) ShareContent() event.Content

type SASData added in v0.7.0 

type SASData interface {
	Type() event.SASMethod
}

SASData contains the data that users need to verify.

type SQLCryptoStore added in v0.5.4 

type SQLCryptoStore struct {
	DB      *sql.DB
	Log     Logger
	Dialect string

	AccountID string
	DeviceID  id.DeviceID
	SyncToken string
	PickleKey []byte
	Account   *OlmAccount
	// contains filtered or unexported fields
}

SQLCryptoStore is an implementation of a crypto Store for a database backend.

func NewSQLCryptoStore added in v0.5.4 

func NewSQLCryptoStore(db *sql.DB, dialect string, accountID string, deviceID id.DeviceID, pickleKey []byte, log Logger) *SQLCryptoStore

NewSQLCryptoStore initializes a new crypto Store using the given database, for a device's crypto material. The stored material will be encrypted with the given key.

func (*SQLCryptoStore) AddOutboundGroupSession added in v0.5.4 

func (store *SQLCryptoStore) AddOutboundGroupSession(session *OutboundGroupSession) (err error)

AddOutboundGroupSession stores an outbound Megolm session, along with the information about the room and involved devices.

func (*SQLCryptoStore) AddSession added in v0.5.4 

func (store *SQLCryptoStore) AddSession(key id.SenderKey, session *OlmSession) error

AddSession persists an Olm session for a sender in the database.

func (*SQLCryptoStore) CreateTables added in v0.5.4 

func (store *SQLCryptoStore) CreateTables() error

CreateTables applies all the pending database migrations.

func (*SQLCryptoStore) FilterTrackedUsers added in v0.5.4 

func (store *SQLCryptoStore) FilterTrackedUsers(users []id.UserID) []id.UserID

FilterTrackedUsers finds all of the user IDs out of the given ones for which the database contains identity information.

func (*SQLCryptoStore) Flush added in v0.5.4 

func (store *SQLCryptoStore) Flush() error

Flush does nothing for this implementation as data is already persisted in the database.

func (*SQLCryptoStore) GetAccount added in v0.5.4 

func (store *SQLCryptoStore) GetAccount() (*OlmAccount, error)

GetAccount retrieves an OlmAccount from the database.

func (*SQLCryptoStore) GetAllGroupSessions added in v0.7.3 

func (store *SQLCryptoStore) GetAllGroupSessions() ([]*InboundGroupSession, error)

func (*SQLCryptoStore) GetDevice added in v0.5.4 

func (store *SQLCryptoStore) GetDevice(userID id.UserID, deviceID id.DeviceID) (*DeviceIdentity, error)

GetDevice returns the device dentity for a given user and device ID.

func (*SQLCryptoStore) GetDevices added in v0.5.4 

func (store *SQLCryptoStore) GetDevices(userID id.UserID) (map[id.DeviceID]*DeviceIdentity, error)

GetDevices returns a map of device IDs to device identities, including the identity and signing keys, for a given user ID.

func (*SQLCryptoStore) GetGroupSession added in v0.5.4 

func (store *SQLCryptoStore) GetGroupSession(roomID id.RoomID, senderKey id.SenderKey, sessionID id.SessionID) (*InboundGroupSession, error)

GetGroupSession retrieves an inbound Megolm group session for a room, sender and session.

func (*SQLCryptoStore) GetGroupSessionsForRoom added in v0.7.3 

func (store *SQLCryptoStore) GetGroupSessionsForRoom(roomID id.RoomID) ([]*InboundGroupSession, error)

func (*SQLCryptoStore) GetLatestSession added in v0.5.4 

func (store *SQLCryptoStore) GetLatestSession(key id.SenderKey) (*OlmSession, error)

GetLatestSession retrieves the Olm session for a given sender key from the database that has the largest ID.

func (*SQLCryptoStore) GetNextBatch added in v0.5.4 

func (store *SQLCryptoStore) GetNextBatch() string

GetNextBatch retrieves the next sync batch token for the current account.

func (*SQLCryptoStore) GetOutboundGroupSession added in v0.5.4 

func (store *SQLCryptoStore) GetOutboundGroupSession(roomID id.RoomID) (*OutboundGroupSession, error)

GetOutboundGroupSession retrieves the outbound Megolm session for the given room ID.

func (*SQLCryptoStore) GetSessions added in v0.5.4 

func (store *SQLCryptoStore) GetSessions(key id.SenderKey) (OlmSessionList, error)

GetSessions returns all the known Olm sessions for a sender key.

func (*SQLCryptoStore) GetWithheldGroupSession added in v0.7.0 

func (store *SQLCryptoStore) GetWithheldGroupSession(roomID id.RoomID, senderKey id.SenderKey, sessionID id.SessionID) (*event.RoomKeyWithheldEventContent, error)

func (*SQLCryptoStore) HasSession added in v0.5.4 

func (store *SQLCryptoStore) HasSession(key id.SenderKey) bool

HasSession returns whether there is an Olm session for the given sender key.

func (*SQLCryptoStore) PutAccount added in v0.5.4 

func (store *SQLCryptoStore) PutAccount(account *OlmAccount) error

PutAccount stores an OlmAccount in the database.

func (*SQLCryptoStore) PutDevice added in v0.7.0 

func (store *SQLCryptoStore) PutDevice(userID id.UserID, device *DeviceIdentity) error

PutDevice stores a single device for a user, replacing it if it exists already.

func (*SQLCryptoStore) PutDevices added in v0.5.4 

func (store *SQLCryptoStore) PutDevices(userID id.UserID, devices map[id.DeviceID]*DeviceIdentity) error

PutDevices stores the device identity information for the given user ID.

func (*SQLCryptoStore) PutGroupSession added in v0.5.4 

func (store *SQLCryptoStore) PutGroupSession(roomID id.RoomID, senderKey id.SenderKey, sessionID id.SessionID, session *InboundGroupSession) error

PutGroupSession stores an inbound Megolm group session for a room, sender and session.

func (*SQLCryptoStore) PutNextBatch added in v0.5.4 

func (store *SQLCryptoStore) PutNextBatch(nextBatch string)

PutNextBatch stores the next sync batch token for the current account.

func (*SQLCryptoStore) PutWithheldGroupSession added in v0.7.0 

func (store *SQLCryptoStore) PutWithheldGroupSession(content event.RoomKeyWithheldEventContent) error

func (*SQLCryptoStore) RemoveOutboundGroupSession added in v0.5.4 

func (store *SQLCryptoStore) RemoveOutboundGroupSession(roomID id.RoomID) error

RemoveOutboundGroupSession removes the outbound Megolm session for the given room ID.

func (*SQLCryptoStore) UpdateOutboundGroupSession added in v0.5.4 

func (store *SQLCryptoStore) UpdateOutboundGroupSession(session *OutboundGroupSession) error

UpdateOutboundGroupSession replaces an outbound Megolm session with for same room and session ID.

func (*SQLCryptoStore) UpdateSession added in v0.5.4 

func (store *SQLCryptoStore) UpdateSession(_ id.SenderKey, session *OlmSession) error

UpdateSession replaces the Olm session for a sender in the database.

func (*SQLCryptoStore) ValidateMessageIndex added in v0.5.4 

func (store *SQLCryptoStore) ValidateMessageIndex(senderKey id.SenderKey, sessionID id.SessionID, eventID id.EventID, index uint, timestamp int64) bool

ValidateMessageIndex returns whether the given event information match the ones stored in the database for the given sender key, session ID and index. If the event information was not yet stored, it's stored now.

type SenderClaimedKeys added in v0.7.3 

type SenderClaimedKeys struct {
	Ed25519 id.Ed25519 `json:"ed25519"`
}

type StateStore 

type StateStore interface {
	// IsEncrypted returns whether a room is encrypted.
	IsEncrypted(id.RoomID) bool
	// GetEncryptionEvent returns the encryption event's content for an encrypted room.
	GetEncryptionEvent(id.RoomID) *event.EncryptionEventContent
	// FindSharedRooms returns the encrypted rooms that another user is also in for a user ID.
	FindSharedRooms(id.UserID) []id.RoomID
}

StateStore is used by OlmMachine to get room state information that's needed for encryption.

type Store 

type Store interface {
	// Flush ensures that everything in the store is persisted to disk.
	// This doesn't have to do anything, e.g. for database-backed implementations that persist everything immediately.
	Flush() error

	// PutAccount updates the OlmAccount in the store.
	PutAccount(*OlmAccount) error
	// GetAccount returns the OlmAccount in the store that was previously inserted with PutAccount.
	GetAccount() (*OlmAccount, error)

	// AddSession inserts an Olm session into the store.
	AddSession(id.SenderKey, *OlmSession) error
	// HasSession returns whether or not the store has an Olm session with the given sender key.
	HasSession(id.SenderKey) bool
	// GetSessions returns all Olm sessions in the store with the given sender key.
	GetSessions(id.SenderKey) (OlmSessionList, error)
	// GetLatestSession returns the session with the highest session ID (lexiographically sorting).
	// It's usually safe to return the most recently added session if sorting by session ID is too difficult.
	GetLatestSession(id.SenderKey) (*OlmSession, error)
	// UpdateSession updates a session that has previously been inserted with AddSession.
	UpdateSession(id.SenderKey, *OlmSession) error

	// PutGroupSession inserts an inbound Megolm session into the store. If an earlier withhold event has been inserted
	// with PutWithheldGroupSession, this call should replace that. However, PutWithheldGroupSession must not replace
	// sessions inserted with this call.
	PutGroupSession(id.RoomID, id.SenderKey, id.SessionID, *InboundGroupSession) error
	// GetGroupSession gets an inbound Megolm session from the store. If the group session has been withheld
	// (i.e. a room key withheld event has been saved with PutWithheldGroupSession), this should return the
	// ErrGroupSessionWithheld error. The caller may use GetWithheldGroupSession to find more details.
	GetGroupSession(id.RoomID, id.SenderKey, id.SessionID) (*InboundGroupSession, error)
	// PutWithheldGroupSession tells the store that a specific Megolm session was withheld.
	PutWithheldGroupSession(event.RoomKeyWithheldEventContent) error
	// GetWithheldGroupSession gets the event content that was previously inserted with PutWithheldGroupSession.
	GetWithheldGroupSession(id.RoomID, id.SenderKey, id.SessionID) (*event.RoomKeyWithheldEventContent, error)

	// GetGroupSessionsForRoom gets all the inbound Megolm sessions for a specific room. This is used for creating key
	// export files. Unlike GetGroupSession, this should not return any errors about withheld keys.
	GetGroupSessionsForRoom(id.RoomID) ([]*InboundGroupSession, error)
	// GetGroupSessionsForRoom gets all the inbound Megolm sessions in the store. This is used for creating key export
	// files. Unlike GetGroupSession, this should not return any errors about withheld keys.
	GetAllGroupSessions() ([]*InboundGroupSession, error)

	// AddOutboundGroupSession inserts the given outbound Megolm session into the store.
	//
	// The store should index inserted sessions by the RoomID field to support getting and removing sessions.
	// There will only be one outbound session per room ID at a time.
	AddOutboundGroupSession(*OutboundGroupSession) error
	// UpdateOutboundGroupSession updates the given outbound Megolm session in the store.
	UpdateOutboundGroupSession(*OutboundGroupSession) error
	// GetOutboundGroupSession gets the stored outbound Megolm session for the given room ID from the store.
	GetOutboundGroupSession(id.RoomID) (*OutboundGroupSession, error)
	// RemoveOutboundGroupSession removes the stored outbound Megolm session for the given room ID.
	RemoveOutboundGroupSession(id.RoomID) error

	// ValidateMessageIndex validates that the given message details aren't from a replay attack.
	//
	// Implementations should store a map from (senderKey, sessionID, index) to (eventID, timestamp), then use that map
	// to check whether or not the message index is valid:
	//
	// * If the map key doesn't exist, the given values should be stored and this should return true.
	// * If the map key exists and the stored values match the given values, this should return true.
	// * If the map key exists, but the stored values do not match the given values, this should return false.
	ValidateMessageIndex(senderKey id.SenderKey, sessionID id.SessionID, eventID id.EventID, index uint, timestamp int64) bool

	// GetDevices returns a map from device ID to DeviceIdentity containing all devices of a given user.
	GetDevices(id.UserID) (map[id.DeviceID]*DeviceIdentity, error)
	// GetDevice returns a specific device of a given user.
	GetDevice(id.UserID, id.DeviceID) (*DeviceIdentity, error)
	// PutDevice stores a single device for a user, replacing it if it exists already.
	PutDevice(id.UserID, *DeviceIdentity) error
	// PutDevices overrides the stored device list for the given user with the given list.
	PutDevices(id.UserID, map[id.DeviceID]*DeviceIdentity) error
	// FilterTrackedUsers returns a filtered version of the given list that only includes user IDs whose device lists
	// have been stored with PutDevices. A user is considered tracked even if the PutDevices list was empty.
	FilterTrackedUsers([]id.UserID) []id.UserID
}

Store is used by OlmMachine to store Olm and Megolm sessions, user device lists and message indices.

General implementation details: * Get methods should not return errors if the requested data does not exist in the store, they should simply return nil. * Update methods may assume that the pointer is the same as what has earlier been added to or fetched from the store. * OlmSessions should be cached so that the mutex works. Alternatively, implementations can use OlmSession.SetLock to provide a custom mutex implementation.

type TimeMixin 

type TimeMixin struct {
	CreationTime time.Time
	UseTime      time.Time
}

type TrustState 

type TrustState int

TrustState determines how trusted a device is. 

const (
	TrustStateUnset TrustState = iota
	TrustStateVerified
	TrustStateBlacklisted
	TrustStateIgnored
)

func (TrustState) String added in v0.7.0 

func (ts TrustState) String() string

type UserDevice 

type UserDevice struct {
	UserID   id.UserID
	DeviceID id.DeviceID
}

type VerificationEmoji added in v0.7.0 

type VerificationEmoji struct {
	Emoji       rune
	Description string
}

VerificationEmoji describes an emoji that might be sent for verifying devices.

func (VerificationEmoji) GetDescription added in v0.7.0 

func (vm VerificationEmoji) GetDescription() string

func (VerificationEmoji) GetEmoji added in v0.7.0 

func (vm VerificationEmoji) GetEmoji() rune

type VerificationHooks added in v0.7.0 

type VerificationHooks interface {
	// VerifySASMatch receives the generated SAS and its method, as well as the device that is being verified.
	// It returns whether the given SAS match with the SAS displayed on other device.
	VerifySASMatch(otherDevice *DeviceIdentity, sas SASData) bool
	// VerificationMethods returns the list of supported verification methods in order of preference.
	// It must contain at least the decimal method.
	VerificationMethods() []VerificationMethod
	OnCancel(cancelledByUs bool, reason string, reasonCode event.VerificationCancelCode)
	OnSuccess()
}

type VerificationMethod added in v0.7.0 

type VerificationMethod interface {
	// GetVerificationSAS uses the user, device ID and key of the user who initiated the verification transaction,
	// the user, device ID and key of the user who accepted, the transaction ID and the SAS object to generate a SAS.
	// The SAS can be any type, such as an array of numbers or emojis.
	GetVerificationSAS(initUserID id.UserID, initDeviceID id.DeviceID, initKey string,
		acceptUserID id.UserID, acceptDeviceID id.DeviceID, acceptKey string,
		transactionID string, sas *olm.SAS) (SASData, error)
	// Type returns the type of this SAS method
	Type() event.SASMethod
}

VerificationMethod describes a method for generating a SAS.

type VerificationMethodDecimal added in v0.7.0 

type VerificationMethodDecimal struct{}

VerificationMethodDecimal describes the decimal SAS method.

func (VerificationMethodDecimal) GetVerificationSAS added in v0.7.0 

func (VerificationMethodDecimal) GetVerificationSAS(initUserID id.UserID, initDeviceID id.DeviceID, initKey string,
	acceptUserID id.UserID, acceptDeviceID id.DeviceID, acceptKey string,
	transactionID string, sas *olm.SAS) (SASData, error)

GetVerificationSAS generates the three numbers that need to match with the other device for a verification to be valid.

func (VerificationMethodDecimal) Type added in v0.7.0 

func (VerificationMethodDecimal) Type() event.SASMethod

Type returns the decimal SAS method type.

type VerificationMethodEmoji added in v0.7.0 

type VerificationMethodEmoji struct{}

VerificationMethodEmoji describes the emoji SAS method.

func (VerificationMethodEmoji) GetVerificationSAS added in v0.7.0 

func (VerificationMethodEmoji) GetVerificationSAS(initUserID id.UserID, initDeviceID id.DeviceID, initKey string,
	acceptUserID id.UserID, acceptDeviceID id.DeviceID, acceptKey string,
	transactionID string, sas *olm.SAS) (SASData, error)

GetVerificationSAS generates the three numbers that need to match with the other device for a verification to be valid.

func (VerificationMethodEmoji) Type added in v0.7.0 

func (VerificationMethodEmoji) Type() event.SASMethod

Type returns the emoji SAS method type.

type VerificationRequestResponse added in v0.7.0 

type VerificationRequestResponse int
const (
	AcceptRequest VerificationRequestResponse = iota
	RejectRequest
	IgnoreRequest
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.