E2EE: introduce EncryptedEvent

11 files changed, 218 insertions, 4 deletions

diff --git a/lib/connection.cpp b/lib/connection.cpp
index 1bd2e32e..b9ab5147 100644
--- a/lib/connection.cpp
+++ b/lib/connection.cpp
@@ -979,6 +979,11 @@ QByteArray Connection::accessToken() const
     return d->data->accessToken();
 }
 
+QtOlm::Account* Connection::olmAccount() const
+{
+    return d->encryptionManager->account();
+}
+
 SyncJob* Connection::syncJob() const
 {
     return d->syncJob;
diff --git a/lib/connection.h b/lib/connection.h
index 11499a6e..199803d7 100644
--- a/lib/connection.h
+++ b/lib/connection.h
@@ -30,6 +30,10 @@
 
 #include <functional>
 
+namespace QtOlm {
+    class Account;
+}
+
 namespace QMatrixClient
 {
     class Room;
@@ -264,6 +268,7 @@ namespace QMatrixClient
             QString userId() const;
             QString deviceId() const;
             QByteArray accessToken() const;
+            QtOlm::Account* olmAccount() const;
             Q_INVOKABLE SyncJob* syncJob() const;
             Q_INVOKABLE int millisToReconnect() const;
 
diff --git a/lib/e2ee.h b/lib/e2ee.h
index f663ddc3..4a42809d 100644
--- a/lib/e2ee.h
+++ b/lib/e2ee.h
@@ -4,6 +4,11 @@
 
 namespace QMatrixClient
 {
+    static const auto CiphertextKeyL = "ciphertext"_ls;
+    static const auto SenderKeyKeyL = "sender_key"_ls;
+    static const auto DeviceIdKeyL = "device_id"_ls;
+    static const auto SessionIdKeyL = "session_id"_ls;
+
     static const auto AlgorithmKeyL = "algorithm"_ls;
     static const auto RotationPeriodMsKeyL = "rotation_period_ms"_ls;
     static const auto RotationPeriodMsgsKeyL = "rotation_period_msgs"_ls;
diff --git a/lib/encryptionmanager.cpp b/lib/encryptionmanager.cpp
index 08b68911..3533d791 100644
--- a/lib/encryptionmanager.cpp
+++ b/lib/encryptionmanager.cpp
@@ -194,6 +194,11 @@ QByteArray EncryptionManager::olmAccountPickle()
     return d->olmAccount->pickle(); // TODO: passphrase even with qtkeychain?
 }
 
+QtOlm::Account* EncryptionManager::account() const
+{
+    return d->olmAccount.data();
+}
+
 void EncryptionManager::Private::updateKeysToUpload()
 {
     for (auto it = targetOneTimeKeyCounts.cbegin(); it != targetOneTimeKeyCounts.cend(); ++it)
diff --git a/lib/encryptionmanager.h b/lib/encryptionmanager.h
index 40fe7383..0225969d 100644
--- a/lib/encryptionmanager.h
+++ b/lib/encryptionmanager.h
@@ -4,6 +4,10 @@
 #include <memory>
 #include <QtCore/QObject>
 
+namespace QtOlm {
+    class Account;
+}
+
 namespace QMatrixClient
 {
     class Connection;
@@ -23,6 +27,8 @@ namespace QMatrixClient
             void uploadOneTimeKeys(Connection* connection, bool forceUpdate = false);
             QByteArray olmAccountPickle();
 
+            QtOlm::Account* account() const;
+
         private:
             class Private;
             std::unique_ptr<Private> d;
diff --git a/lib/events/encryptedevent.cpp b/lib/events/encryptedevent.cpp
new file mode 100644
index 00000000..6942738a
--- /dev/null
+++ b/lib/events/encryptedevent.cpp
@@ -0,0 +1,29 @@
+#include "encryptedevent.h"
+#include "room.h"
+
+using namespace QMatrixClient;
+using namespace QtOlm;
+
+EncryptedEvent::EncryptedEvent(const QJsonObject &ciphertext, const QString &senderKey)
+    : RoomEvent(typeId(), matrixTypeId(),
+                { { AlgorithmKeyL , OlmV1Curve25519AesSha2AlgoKey },
+                  { CiphertextKeyL , ciphertext },
+                  { SenderKeyKeyL, senderKey }
+                })
+{ }
+
+EncryptedEvent::EncryptedEvent(QByteArray ciphertext, const QString &senderKey, const QString& deviceId, const QString& sessionId)
+    : RoomEvent(typeId(), matrixTypeId(),
+                { { AlgorithmKeyL , MegolmV1AesSha2AlgoKey },
+                  { CiphertextKeyL , QString(ciphertext) },
+                  { DeviceIdKeyL, deviceId },
+                  { SenderKeyKeyL, senderKey },
+                  { SessionIdKeyL, sessionId },
+                })
+{ }
+
+EncryptedEvent::EncryptedEvent(const QJsonObject &obj)
+    : RoomEvent(typeId(), obj)
+{
+    qCDebug(EVENTS) << "Encrypted event" << id();
+}
diff --git a/lib/events/encryptedevent.h b/lib/events/encryptedevent.h
new file mode 100644
index 00000000..2f9e4422
--- /dev/null
+++ b/lib/events/encryptedevent.h
@@ -0,0 +1,66 @@
+#pragma once
+
+#include "roomevent.h"
+#include "e2ee.h"
+
+namespace QMatrixClient
+{
+    class Room;
+    /*
+     * While the specification states:
+     *
+     * "This event type is used when sending encrypted events.
+     * It can be used either within a room
+     * (in which case it will have all of the Room Event fields),
+     * or as a to-device event."
+     * "The encrypted payload can contain any message event."
+     * https://matrix.org/docs/spec/client_server/latest#id493
+     *
+     * -- for most of the cases the message event is the room message event.
+     * And even for the to-device events the context is for the room.
+     *
+     * So, to simplify integration to the timeline, EncryptedEvent is a RoomEvent inheritor.
+     * Strictly speaking though, it's not always a RoomEvent, but an Event in general.
+     * It's possible, because RoomEvent interface is similar to Event's one
+     * and doesn't add new restrictions, just provides additional features.
+     */
+    class EncryptedEvent : public RoomEvent
+    {
+        Q_GADGET
+    public:
+        DEFINE_EVENT_TYPEID("m.room.encrypted", EncryptedEvent)
+
+        /* In case with Olm, the encrypted content of the event is
+         * a map from the recipient Curve25519 identity key to ciphertext information */
+        explicit EncryptedEvent(const QJsonObject& ciphertext,
+                                const QString& senderKey);
+        /* In case with Megolm, device_id and session_id are required */
+        explicit EncryptedEvent(QByteArray ciphertext,
+                                const QString& senderKey,
+                                const QString& deviceId,
+                                const QString& sessionId);
+        explicit EncryptedEvent(const QJsonObject& obj);
+
+        QString algorithm() const
+        {
+            QString algo = content<QString>(AlgorithmKeyL);
+            if (!SupportedAlgorithms.contains(algo)) {
+                qWarning(MAIN) << "The EncryptedEvent's algorithm" << algo
+                               << "is not supported";
+            }
+            return  algo;
+        }
+        QByteArray ciphertext() const { return content<QString>(CiphertextKeyL).toLatin1(); }
+        QJsonObject ciphertext(const QString& identityKey) const
+        {
+            return content<QJsonObject>(CiphertextKeyL).value(identityKey).toObject();
+        }
+        QString senderKey() const { return content<QString>(SenderKeyKeyL); }
+
+        /* device_id and session_id are required with Megolm */
+        QString deviceId() const { return content<QString>(DeviceIdKeyL); }
+        QString sessionId() const { return content<QString>(SessionIdKeyL); }
+    };
+    REGISTER_EVENT_TYPE(EncryptedEvent)
+
+}  // namespace QMatrixClient
diff --git a/lib/events/event.h b/lib/events/event.h
index b3a58806..6f28c4fa 100644
--- a/lib/events/event.h
+++ b/lib/events/event.h
@@ -62,6 +62,7 @@ namespace QMatrixClient
     static const auto UnsignedKey = QStringLiteral("unsigned");
     static const auto StateKeyKey = QStringLiteral("state_key");
     static const auto TypeKeyL = "type"_ls;
+    static const auto BodyKeyL = "body"_ls;
     static const auto ContentKeyL = "content"_ls;
     static const auto EventIdKeyL = "event_id"_ls;
     static const auto UnsignedKeyL = "unsigned"_ls;
diff --git a/lib/events/roommessageevent.cpp b/lib/events/roommessageevent.cpp
index 8f4e0ebc..ec18e962 100644
--- a/lib/events/roommessageevent.cpp
+++ b/lib/events/roommessageevent.cpp
@@ -32,7 +32,6 @@ using MsgType = RoomMessageEvent::MsgType;
 
 static const auto RelatesToKey = "m.relates_to"_ls;
 static const auto MsgTypeKey = "msgtype"_ls;
-static const auto BodyKey = "body"_ls;
 static const auto FormattedBodyKey = "formatted_body"_ls;
 
 static const auto TextTypeKey = "m.text";
@@ -159,7 +158,7 @@ RoomMessageEvent::RoomMessageEvent(const QJsonObject& obj)
     if (isRedacted())
         return;
     const QJsonObject content = contentJson();
-    if ( content.contains(MsgTypeKey) && content.contains(BodyKey) )
+    if ( content.contains(MsgTypeKey) && content.contains(BodyKeyL) )
     {
         auto msgtype = content[MsgTypeKey].toString();
         bool msgTypeFound = false;
@@ -196,7 +195,7 @@ QString RoomMessageEvent::rawMsgtype() const
 
 QString RoomMessageEvent::plainBody() const
 {
-    return contentJson()[BodyKey].toString();
+    return contentJson()[BodyKeyL].toString();
 }
 
 QMimeType RoomMessageEvent::mimeType() const
@@ -267,7 +266,7 @@ TextContent::TextContent(const QJsonObject& json)
         // Falling back to plain text, as there's no standard way to describe
         // rich text in messages.
         mimeType = PlainTextMimeType;
-        body = json[BodyKey].toString();
+        body = json[BodyKeyL].toString();
     }
     const auto replyJson = json[RelatesToKey].toObject()
                            .value(RelatesTo::ReplyTypeId()).toObject();
diff --git a/lib/room.cpp b/lib/room.cpp
index cb368d9e..0402ce67 100644
--- a/lib/room.cpp
+++ b/lib/room.cpp
@@ -52,6 +52,12 @@
 #include "converters.h"
 #include "syncdata.h"
 
+#include "e2ee.h"
+
+#include <session.h> // QtOlm
+#include <groupsession.h> // QtOlm
+#include <message.h> // QtOlm
+
 #include <QtCore/QHash>
 #include <QtCore/QStringBuilder> // for efficient string concats (operator%)
 #include <QtCore/QPointer>
@@ -1187,6 +1193,87 @@ bool Room::usesEncryption() const
     return !d->getCurrentState<EncryptionEvent>()->algorithm().isEmpty();
 }
 
+const RoomEvent* Room::decryptMessage(EncryptedEvent *encryptedEvent) const
+{
+    if (encryptedEvent->algorithm() == OlmV1Curve25519AesSha2AlgoKey) {
+        QString identityKey = connection()->olmAccount()->curve25519IdentityKey();
+        QJsonObject personalCipherObject = encryptedEvent->ciphertext(identityKey);
+        if (personalCipherObject.isEmpty()) {
+            qCDebug(EVENTS) << "Encrypted event is not for the current device";
+            return nullptr;
+        }
+        return makeEvent<RoomMessageEvent>(decryptMessage(personalCipherObject, encryptedEvent->senderKey().toLatin1())).get();
+    }
+    if (encryptedEvent->algorithm() == MegolmV1AesSha2AlgoKey) {
+        return makeEvent<RoomMessageEvent>(decryptMessage(encryptedEvent->ciphertext(), encryptedEvent->senderKey(), encryptedEvent->deviceId(), encryptedEvent->sessionId())).get();
+    }
+    return nullptr;
+}
+
+const QString Room::decryptMessage(QJsonObject personalCipherObject, QByteArray senderKey) const
+{
+    QString decrypted;
+
+    using namespace QtOlm;
+    // TODO: new objects to private fields:
+    InboundSession* session;
+
+    int type = personalCipherObject.value(TypeKeyL).toInt(-1);
+    QByteArray body = personalCipherObject.value(BodyKeyL).toString().toLatin1();
+
+    PreKeyMessage* preKeyMessage = new PreKeyMessage(body);
+    session = new InboundSession(connection()->olmAccount(), preKeyMessage, senderKey);
+    if (type == 0) {
+        if (!session->matches(preKeyMessage, senderKey))
+        {
+            connection()->olmAccount()->removeOneTimeKeys(session);
+        }
+        try
+        {
+            decrypted = session->decrypt(preKeyMessage);
+        }
+        catch(std::runtime_error& e)
+        {
+            qWarning(EVENTS) << "Decrypt failed:" << e.what();
+        }
+    }
+    else if (type == 1)
+    {
+        Message* message = new Message(body);
+        if (!session->matches(preKeyMessage, senderKey))
+        {
+            qWarning(EVENTS) << "Invalid encrypted message";
+        }
+        try
+        {
+            decrypted = session->decrypt(message);
+        }
+        catch(std::runtime_error& e)
+        {
+            qWarning(EVENTS) << "Decrypt failed:" << e.what();
+        }
+    }
+
+    return decrypted;
+}
+
+const QString Room::sessionKey(const QString& senderKey, const QString& deviceId, const QString& sessionId) const
+{
+    // TODO: handling an m.room_key event
+    return "";
+}
+
+const QString Room::decryptMessage(QByteArray cipher, const QString& senderKey, const QString& deviceId, const QString& sessionId) const
+{
+    QString decrypted;
+    using namespace QtOlm;
+    InboundGroupSession* groupSession;
+    groupSession = new InboundGroupSession(sessionKey(senderKey, deviceId, sessionId).toLatin1());
+    groupSession->decrypt(cipher);
+    // TODO:  avoid replay attacks
+    return decrypted;
+}
+
 int Room::joinedCount() const
 {
     return d->summary.joinedMemberCount.omitted()
diff --git a/lib/room.h b/lib/room.h
index c79ca1e0..e09556b6 100644
--- a/lib/room.h
+++ b/lib/room.h
@@ -24,8 +24,10 @@
 #include "events/accountdataevents.h"
 #include "eventitem.h"
 #include "joinstate.h"
+#include "events/encryptedevent.h"
 
 #include <QtGui/QImage>
+#include <QtCore/QJsonObject>
 
 #include <memory>
 #include <deque>
@@ -179,6 +181,10 @@ namespace QMatrixClient
             int memberCount() const;
             int timelineSize() const;
             bool usesEncryption() const;
+            const RoomEvent *decryptMessage(EncryptedEvent* encryptedEvent) const;
+            const QString decryptMessage(QJsonObject personalCipherObject, QByteArray senderKey) const;
+            const QString sessionKey(const QString &senderKey, const QString &deviceId, const QString &sessionId) const;
+            const QString decryptMessage(QByteArray cipher, const QString& senderKey, const QString& deviceId, const QString& sessionId) const;
             int joinedCount() const;
             int invitedCount() const;
             int totalMemberCount() const;