Key verification

7 files changed, 258 insertions, 39 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8f62af68..fb07fa22 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -163,6 +163,7 @@ list(APPEND lib_SRCS
     lib/crypto/qolminboundsession.cpp
     lib/crypto/qolmoutboundsession.cpp
     lib/crypto/qolmutils.cpp
+    lib/crypto/qolmutility.cpp
     lib/crypto/qolmerrors.cpp
     lib/crypto/qolmsession.cpp
     lib/crypto/qolmmessage.cpp
diff --git a/autotests/testolmaccount.cpp b/autotests/testolmaccount.cpp
index c764e023..ce51b9ec 100644
--- a/autotests/testolmaccount.cpp
+++ b/autotests/testolmaccount.cpp
@@ -244,19 +244,6 @@ void TestOlmAccount::uploadOneTimeKeys()
             QSignalSpy spy3(request, &BaseJob::result);
             QVERIFY(spy3.wait(10000));
         });
-        connect(conn, &Connection::networkError, [=](QString error, const QString &, int, int) {
-            QFAIL("Network error: make sure synapse is running");
-        });
-        connect(conn, &Connection::loginError, [=](QString error, const QString &) {
-            QFAIL("Login failed");
-        });
-    });
-
-    connect(conn, &Connection::resolveError, this, [=](QString error) {
-        QFAIL("Network error: make sure synapse is running");
-    });
-    connect(conn, &Connection::loginError, this, [=] {
-        QFAIL("Network error: make sure synapse is running");
     });
 
     QSignalSpy spy(conn, &Connection::loginFlowsChanged);
@@ -298,19 +285,6 @@ void TestOlmAccount::uploadSignedOneTimeKeys()
             QSignalSpy spy3(request, &BaseJob::result);
             QVERIFY(spy3.wait(10000));
         });
-        connect(conn, &Connection::networkError, [=](QString error, const QString &, int, int) {
-            QFAIL("Network error: make sure synapse is running");
-        });
-        connect(conn, &Connection::loginError, [=](QString error, const QString &) {
-            QFAIL("Login failed");
-        });
-    });
-
-    connect(conn, &Connection::resolveError, this, [=](QString error) {
-        QFAIL("Network error: make sure synapse is running");
-    });
-    connect(conn, &Connection::loginError, this, [=] {
-        QFAIL("Network error: make sure synapse is running");
     });
 
     QSignalSpy spy(conn, &Connection::loginFlowsChanged);
@@ -344,19 +318,6 @@ void TestOlmAccount::uploadKeys()
             QSignalSpy spy3(request, &BaseJob::result);
             QVERIFY(spy3.wait(10000));
         });
-        connect(conn, &Connection::networkError, [=](QString error, const QString &, int, int) {
-            QFAIL("Network error: make sure synapse is running");
-        });
-        connect(conn, &Connection::loginError, [=](QString error, const QString &) {
-            QFAIL("Login failed");
-        });
-    });
-
-    connect(conn, &Connection::resolveError, this, [=](QString error) {
-        QFAIL("Network error: make sure synapse is running");
-    });
-    connect(conn, &Connection::loginError, this, [=] {
-        QFAIL("Network error: make sure synapse is running");
     });
 
     QSignalSpy spy(conn, &Connection::loginFlowsChanged);
@@ -366,4 +327,103 @@ void TestOlmAccount::uploadKeys()
     delete conn;
 }
 
+inline void sleep()
+{
+    std::this_thread::sleep_for(std::chrono::milliseconds(100));
+}
+
+
+void TestOlmAccount::claimKeys()
+{
+    auto alice = new Connection();
+    alice->resolveServer("@alice:localhost:" + QString::number(443));
+    connect(alice, &Connection::loginFlowsChanged, this, [this, alice]() {
+        alice->loginWithPassword("alice", "secret", "AlicePhone", "");
+        connect(alice, &Connection::connected, this, [this, alice] {
+            qDebug() << "alice->accessToken()" << alice->accessToken();
+            QVERIFY(!alice->accessToken().isEmpty());
+        });
+    });
+
+    QSignalSpy spy(alice, &Connection::loginFlowsChanged);
+    QSignalSpy spy2(alice, &Connection::connected);
+    QVERIFY(spy.wait(10000));
+    QVERIFY(spy2.wait(10000));
+
+    auto bob = new Connection();
+    bob->resolveServer("@bob:localhost:" + QString::number(443));
+    connect(bob, &Connection::loginFlowsChanged, this, [this, bob]() {
+        bob->loginWithPassword("bob", "secret", "BobPhone", "");
+        connect(bob, &Connection::connected, this, [this, bob] {
+            qDebug() << "bob->accessToken()" << bob->accessToken();
+            QVERIFY(!bob->accessToken().isEmpty());
+        });
+    });
+
+    QSignalSpy spy3(bob, &Connection::loginFlowsChanged);
+    QSignalSpy spy4(bob, &Connection::connected);
+    QVERIFY(spy3.wait(10000));
+    QVERIFY(spy4.wait(10000));
+
+    // Bob uploads his keys.
+    auto *bobOlm = bob->olmAccount();
+    bobOlm->generateOneTimeKeys(1);
+    auto request = bobOlm->createUploadKeyRequest(bobOlm->oneTimeKeys());
+
+    connect(request, &BaseJob::result, this, [request, bob](BaseJob *job) {
+        auto job2 = static_cast<UploadKeysJob *>(job);
+        QCOMPARE(job2->oneTimeKeyCounts().size(), 1);
+        QCOMPARE(job2->oneTimeKeyCounts()["signed_curve25519"], 1);
+    });
+    bob->run(request);
+
+    QSignalSpy requestSpy(request, &BaseJob::result);
+    QVERIFY(requestSpy.wait(10000));
+
+    // Alice retrieves bob's keys & claims one signed one-time key.
+    auto *aliceOlm = alice->olmAccount();
+    QHash<QString, QStringList> deviceKeys;
+    deviceKeys[bob->userId()] = QStringList();
+    auto job = alice->callApi<QueryKeysJob>(deviceKeys);
+    connect(job, &BaseJob::result, this, [bob, alice, aliceOlm, job, this] {
+        auto bobDevices = job->deviceKeys()[bob->userId()];
+        QVERIFY(bobDevices.size() > 0);
+
+        auto devices = {bob->deviceId()};
+
+        // Retrieve the identity key for the current device.
+        auto bobEd25519 =
+          bobDevices[bob->deviceId()].keys["ed25519:" + bob->deviceId()];
+
+        const auto currentDevice = bobDevices[bob->deviceId()];
+
+        // Verify signature.
+        QVERIFY(verifyIdentitySignature(currentDevice, bob->deviceId(), bob->userId()));
+
+        QHash<QString, QHash<QString, QString>> oneTimeKeys;
+        for (const auto &d : devices) {
+            oneTimeKeys[bob->userId()] = QHash<QString, QString>();
+            oneTimeKeys[bob->userId()][d] = SignedCurve25519Key;
+        }
+        auto job = alice->callApi<ClaimKeysJob>(oneTimeKeys);
+        connect(job, &BaseJob::result, this, [aliceOlm, bob, bobEd25519, job] {
+            const auto userId = bob->userId();
+            const auto deviceId = bob->deviceId();
+
+            // The device exists.
+            QCOMPARE(job->oneTimeKeys().size(), 1);
+            QCOMPARE(job->oneTimeKeys()[userId].size(), 1);
+
+            // The key is the one bob sent.
+            auto oneTimeKey = job->oneTimeKeys()[userId][deviceId];
+            QVERIFY(oneTimeKey.canConvert<SignedOneTimeKey>());
+
+            //auto algo = oneTimeKey.begin().key();
+            //auto contents = oneTimeKey.begin().value();
+        });
+    });
+    delete bob;
+    delete alice;
+}
+
 QTEST_MAIN(TestOlmAccount)
diff --git a/autotests/testolmaccount.h b/autotests/testolmaccount.h
index 41298957..8b2d2e09 100644
--- a/autotests/testolmaccount.h
+++ b/autotests/testolmaccount.h
@@ -20,4 +20,5 @@ private Q_SLOTS:
     void uploadOneTimeKeys();
     void uploadSignedOneTimeKeys();
     void uploadKeys();
+    void claimKeys();
 };
diff --git a/lib/crypto/qolmaccount.cpp b/lib/crypto/qolmaccount.cpp
index fb91c906..24fd87f2 100644
--- a/lib/crypto/qolmaccount.cpp
+++ b/lib/crypto/qolmaccount.cpp
@@ -7,6 +7,7 @@
 #include "connection.h"
 #include "csapi/keys.h"
 #include "crypto/qolmutils.h"
+#include "crypto/qolmutility.h"
 #include <QJsonObject>
 #include <QJsonDocument>
 #include <QDebug>
@@ -263,4 +264,45 @@ std::variant<std::unique_ptr<QOlmSession>, QOlmError> QOlmAccount::createOutboun
     return QOlmSession::createOutboundSession(this, theirIdentityKey, theirOneTimeKey);
 }
 
+bool Quotient::verifyIdentitySignature(const DeviceKeys &deviceKeys,
+                             const QString &deviceId,
+                             const QString &userId)
+{
+    const auto signKeyId = "ed25519:" + deviceId;
+    const auto signingKey = deviceKeys.keys[signKeyId];
+    const auto signature = deviceKeys.signatures[userId][signKeyId];
+
+    if (signature.isEmpty()) {
+        return false;
+    }
+
+    return ed25519VerifySignature(signingKey, toJson(deviceKeys), signature);
+}
+
+bool Quotient::ed25519VerifySignature(QString signingKey,
+                              QJsonObject obj,
+                              QString signature)
+{
+    if (signature.isEmpty()) {
+        return false;
+    }
+
+    obj.remove("unsigned");
+    obj.remove("signatures");
+
+    QJsonDocument doc;
+    doc.setObject(obj);
+    auto canonicalJson = doc.toJson();
+
+    QByteArray signingKeyBuf = signingKey.toUtf8();
+    QOlmUtility utility;
+    auto signatureBuf = signature.toUtf8();
+    auto result = utility.ed25519Verify(signingKeyBuf, canonicalJson, signatureBuf);
+    if (std::holds_alternative<QOlmError>(result)) {
+        return false;
+    }
+
+    return std::get<bool>(result);
+}
+
 #endif
diff --git a/lib/crypto/qolmaccount.h b/lib/crypto/qolmaccount.h
index d61c8748..09ef623a 100644
--- a/lib/crypto/qolmaccount.h
+++ b/lib/crypto/qolmaccount.h
@@ -99,6 +99,15 @@ private:
     QString m_deviceId;
 };
 
+bool verifyIdentitySignature(const DeviceKeys &deviceKeys,
+                             const QString &deviceId,
+                             const QString &userId);
+
+//! checks if the signature is signed by the signing_key
+bool ed25519VerifySignature(QString signingKey,
+                              QJsonObject obj,
+                              QString signature);
+
 } // namespace Quotient
 
 #endif
diff --git a/lib/crypto/qolmutility.cpp b/lib/crypto/qolmutility.cpp
new file mode 100644
index 00000000..3c6a14c7
--- /dev/null
+++ b/lib/crypto/qolmutility.cpp
@@ -0,0 +1,58 @@
+// SPDX-FileCopyrightText: 2021 Carl Schwan <carlschwan@kde.org>
+//
+// SPDX-License-Identifier: LGPL-2.1-or-later
+
+#ifdef Quotient_E2EE_ENABLED
+#include "crypto/qolmutility.h"
+#include "olm/olm.h"
+
+using namespace Quotient;
+
+// Convert olm error to enum
+QOlmError lastError(OlmUtility *utility) {
+    const std::string error_raw = olm_utility_last_error(utility);
+
+    return fromString(error_raw);
+}
+
+QOlmUtility::QOlmUtility()
+{
+    auto utility = new uint8_t[olm_utility_size()];
+    m_utility = olm_utility(utility);
+}
+
+QOlmUtility::~QOlmUtility()
+{
+    olm_clear_utility(m_utility);
+    delete[](reinterpret_cast<uint8_t *>(m_utility));
+}
+
+QString QOlmUtility::sha256Bytes(const QByteArray &inputBuf) const
+{
+    const auto outputLen = olm_sha256_length(m_utility);
+    QByteArray outputBuf(outputLen, '0');
+    olm_sha256(m_utility, inputBuf.data(), inputBuf.length(),
+            outputBuf.data(), outputBuf.length());
+
+    return QString::fromUtf8(outputBuf);
+}
+
+QString QOlmUtility::sha256Utf8Msg(const QString &message) const
+{
+    return sha256Bytes(message.toUtf8());
+}
+
+std::variant<bool, QOlmError> QOlmUtility::ed25519Verify(const QByteArray &key,
+        const QByteArray &message, QByteArray &signature)
+{
+    const auto error = olm_ed25519_verify(m_utility, key.data(), key.length(),
+            message.data(), message.length(), signature.data(), signature.length());
+
+    if (error == olm_error()) {
+        return lastError(m_utility);
+    }
+    return error == 0;
+}
+
+
+#endif
diff --git a/lib/crypto/qolmutility.h b/lib/crypto/qolmutility.h
new file mode 100644
index 00000000..16c330eb
--- /dev/null
+++ b/lib/crypto/qolmutility.h
@@ -0,0 +1,48 @@
+// SPDX-FileCopyrightText: 2021 Carl Schwan <carlschwan@kde.org>
+//
+// SPDX-License-Identifier: LGPL-2.1-or-later
+
+#pragma once
+
+#ifdef Quotient_E2EE_ENABLED
+#include <QObject>
+#include <variant>
+#include "crypto/qolmerrors.h"
+
+struct OlmUtility;
+
+namespace Quotient {
+
+class QOlmSession;
+class Connection;
+
+//! Allows you to make use of crytographic hashing via SHA-2 and
+//! verifying ed25519 signatures.
+class QOlmUtility
+{
+public:
+    QOlmUtility();
+    ~QOlmUtility();
+
+    //! Returns a sha256 of the supplied byte slice.
+    QString sha256Bytes(const QByteArray &inputBuf) const;
+
+    //! Convenience function that converts the UTF-8 message
+    //! to bytes and then calls `sha256_bytes()`, returning its output.
+    QString sha256Utf8Msg(const QString &message) const;
+
+    //! Verify a ed25519 signature.
+    //! \param any QByteArray The public part of the ed25519 key that signed the message.
+    //! \param message QByteArray The message that was signed.
+    //! \param signature QByteArray The signature of the message.
+    std::variant<bool, QOlmError> ed25519Verify(const QByteArray &key,
+            const QByteArray &message, QByteArray &signature);
+
+
+private:
+    OlmUtility *m_utility;
+
+};
+}
+
+#endif