From 2737dc00334ad3a56c1b311435dbe84453ee389e Mon Sep 17 00:00:00 2001 From: Alexey Andreyev Date: Sun, 14 Jul 2019 03:54:19 +0300 Subject: E2EE: introduce EncryptedEvent --- CMakeLists.txt | 1 + lib/connection.cpp | 5 +++ lib/connection.h | 5 +++ lib/e2ee.h | 5 +++ lib/encryptionmanager.cpp | 5 +++ lib/encryptionmanager.h | 6 +++ lib/events/encryptedevent.cpp | 29 ++++++++++++++ lib/events/encryptedevent.h | 66 +++++++++++++++++++++++++++++++ lib/events/event.h | 1 + lib/events/roommessageevent.cpp | 7 ++-- lib/room.cpp | 87 +++++++++++++++++++++++++++++++++++++++++ lib/room.h | 6 +++ 12 files changed, 219 insertions(+), 4 deletions(-) create mode 100644 lib/events/encryptedevent.cpp create mode 100644 lib/events/encryptedevent.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 19fbdcbe..75314a91 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -138,6 +138,7 @@ set(libqmatrixclient_SRCS lib/events/callinviteevent.cpp lib/events/directchatevent.cpp lib/events/encryptionevent.cpp + lib/events/encryptedevent.cpp lib/jobs/requestdata.cpp lib/jobs/basejob.cpp lib/jobs/syncjob.cpp diff --git a/lib/connection.cpp b/lib/connection.cpp index 1bd2e32e..b9ab5147 100644 --- a/lib/connection.cpp +++ b/lib/connection.cpp @@ -979,6 +979,11 @@ QByteArray Connection::accessToken() const return d->data->accessToken(); } +QtOlm::Account* Connection::olmAccount() const +{ + return d->encryptionManager->account(); +} + SyncJob* Connection::syncJob() const { return d->syncJob; diff --git a/lib/connection.h b/lib/connection.h index 11499a6e..199803d7 100644 --- a/lib/connection.h +++ b/lib/connection.h @@ -30,6 +30,10 @@ #include +namespace QtOlm { + class Account; +} + namespace QMatrixClient { class Room; @@ -264,6 +268,7 @@ namespace QMatrixClient QString userId() const; QString deviceId() const; QByteArray accessToken() const; + QtOlm::Account* olmAccount() const; Q_INVOKABLE SyncJob* syncJob() const; Q_INVOKABLE int millisToReconnect() const; diff --git a/lib/e2ee.h b/lib/e2ee.h index f663ddc3..4a42809d 100644 --- a/lib/e2ee.h +++ b/lib/e2ee.h @@ -4,6 +4,11 @@ namespace QMatrixClient { + static const auto CiphertextKeyL = "ciphertext"_ls; + static const auto SenderKeyKeyL = "sender_key"_ls; + static const auto DeviceIdKeyL = "device_id"_ls; + static const auto SessionIdKeyL = "session_id"_ls; + static const auto AlgorithmKeyL = "algorithm"_ls; static const auto RotationPeriodMsKeyL = "rotation_period_ms"_ls; static const auto RotationPeriodMsgsKeyL = "rotation_period_msgs"_ls; diff --git a/lib/encryptionmanager.cpp b/lib/encryptionmanager.cpp index 08b68911..3533d791 100644 --- a/lib/encryptionmanager.cpp +++ b/lib/encryptionmanager.cpp @@ -194,6 +194,11 @@ QByteArray EncryptionManager::olmAccountPickle() return d->olmAccount->pickle(); // TODO: passphrase even with qtkeychain? } +QtOlm::Account* EncryptionManager::account() const +{ + return d->olmAccount.data(); +} + void EncryptionManager::Private::updateKeysToUpload() { for (auto it = targetOneTimeKeyCounts.cbegin(); it != targetOneTimeKeyCounts.cend(); ++it) diff --git a/lib/encryptionmanager.h b/lib/encryptionmanager.h index 40fe7383..0225969d 100644 --- a/lib/encryptionmanager.h +++ b/lib/encryptionmanager.h @@ -4,6 +4,10 @@ #include #include +namespace QtOlm { + class Account; +} + namespace QMatrixClient { class Connection; @@ -23,6 +27,8 @@ namespace QMatrixClient void uploadOneTimeKeys(Connection* connection, bool forceUpdate = false); QByteArray olmAccountPickle(); + QtOlm::Account* account() const; + private: class Private; std::unique_ptr d; diff --git a/lib/events/encryptedevent.cpp b/lib/events/encryptedevent.cpp new file mode 100644 index 00000000..6942738a --- /dev/null +++ b/lib/events/encryptedevent.cpp @@ -0,0 +1,29 @@ +#include "encryptedevent.h" +#include "room.h" + +using namespace QMatrixClient; +using namespace QtOlm; + +EncryptedEvent::EncryptedEvent(const QJsonObject &ciphertext, const QString &senderKey) + : RoomEvent(typeId(), matrixTypeId(), + { { AlgorithmKeyL , OlmV1Curve25519AesSha2AlgoKey }, + { CiphertextKeyL , ciphertext }, + { SenderKeyKeyL, senderKey } + }) +{ } + +EncryptedEvent::EncryptedEvent(QByteArray ciphertext, const QString &senderKey, const QString& deviceId, const QString& sessionId) + : RoomEvent(typeId(), matrixTypeId(), + { { AlgorithmKeyL , MegolmV1AesSha2AlgoKey }, + { CiphertextKeyL , QString(ciphertext) }, + { DeviceIdKeyL, deviceId }, + { SenderKeyKeyL, senderKey }, + { SessionIdKeyL, sessionId }, + }) +{ } + +EncryptedEvent::EncryptedEvent(const QJsonObject &obj) + : RoomEvent(typeId(), obj) +{ + qCDebug(EVENTS) << "Encrypted event" << id(); +} diff --git a/lib/events/encryptedevent.h b/lib/events/encryptedevent.h new file mode 100644 index 00000000..2f9e4422 --- /dev/null +++ b/lib/events/encryptedevent.h @@ -0,0 +1,66 @@ +#pragma once + +#include "roomevent.h" +#include "e2ee.h" + +namespace QMatrixClient +{ + class Room; + /* + * While the specification states: + * + * "This event type is used when sending encrypted events. + * It can be used either within a room + * (in which case it will have all of the Room Event fields), + * or as a to-device event." + * "The encrypted payload can contain any message event." + * https://matrix.org/docs/spec/client_server/latest#id493 + * + * -- for most of the cases the message event is the room message event. + * And even for the to-device events the context is for the room. + * + * So, to simplify integration to the timeline, EncryptedEvent is a RoomEvent inheritor. + * Strictly speaking though, it's not always a RoomEvent, but an Event in general. + * It's possible, because RoomEvent interface is similar to Event's one + * and doesn't add new restrictions, just provides additional features. + */ + class EncryptedEvent : public RoomEvent + { + Q_GADGET + public: + DEFINE_EVENT_TYPEID("m.room.encrypted", EncryptedEvent) + + /* In case with Olm, the encrypted content of the event is + * a map from the recipient Curve25519 identity key to ciphertext information */ + explicit EncryptedEvent(const QJsonObject& ciphertext, + const QString& senderKey); + /* In case with Megolm, device_id and session_id are required */ + explicit EncryptedEvent(QByteArray ciphertext, + const QString& senderKey, + const QString& deviceId, + const QString& sessionId); + explicit EncryptedEvent(const QJsonObject& obj); + + QString algorithm() const + { + QString algo = content(AlgorithmKeyL); + if (!SupportedAlgorithms.contains(algo)) { + qWarning(MAIN) << "The EncryptedEvent's algorithm" << algo + << "is not supported"; + } + return algo; + } + QByteArray ciphertext() const { return content(CiphertextKeyL).toLatin1(); } + QJsonObject ciphertext(const QString& identityKey) const + { + return content(CiphertextKeyL).value(identityKey).toObject(); + } + QString senderKey() const { return content(SenderKeyKeyL); } + + /* device_id and session_id are required with Megolm */ + QString deviceId() const { return content(DeviceIdKeyL); } + QString sessionId() const { return content(SessionIdKeyL); } + }; + REGISTER_EVENT_TYPE(EncryptedEvent) + +} // namespace QMatrixClient diff --git a/lib/events/event.h b/lib/events/event.h index b3a58806..6f28c4fa 100644 --- a/lib/events/event.h +++ b/lib/events/event.h @@ -62,6 +62,7 @@ namespace QMatrixClient static const auto UnsignedKey = QStringLiteral("unsigned"); static const auto StateKeyKey = QStringLiteral("state_key"); static const auto TypeKeyL = "type"_ls; + static const auto BodyKeyL = "body"_ls; static const auto ContentKeyL = "content"_ls; static const auto EventIdKeyL = "event_id"_ls; static const auto UnsignedKeyL = "unsigned"_ls; diff --git a/lib/events/roommessageevent.cpp b/lib/events/roommessageevent.cpp index 8f4e0ebc..ec18e962 100644 --- a/lib/events/roommessageevent.cpp +++ b/lib/events/roommessageevent.cpp @@ -32,7 +32,6 @@ using MsgType = RoomMessageEvent::MsgType; static const auto RelatesToKey = "m.relates_to"_ls; static const auto MsgTypeKey = "msgtype"_ls; -static const auto BodyKey = "body"_ls; static const auto FormattedBodyKey = "formatted_body"_ls; static const auto TextTypeKey = "m.text"; @@ -159,7 +158,7 @@ RoomMessageEvent::RoomMessageEvent(const QJsonObject& obj) if (isRedacted()) return; const QJsonObject content = contentJson(); - if ( content.contains(MsgTypeKey) && content.contains(BodyKey) ) + if ( content.contains(MsgTypeKey) && content.contains(BodyKeyL) ) { auto msgtype = content[MsgTypeKey].toString(); bool msgTypeFound = false; @@ -196,7 +195,7 @@ QString RoomMessageEvent::rawMsgtype() const QString RoomMessageEvent::plainBody() const { - return contentJson()[BodyKey].toString(); + return contentJson()[BodyKeyL].toString(); } QMimeType RoomMessageEvent::mimeType() const @@ -267,7 +266,7 @@ TextContent::TextContent(const QJsonObject& json) // Falling back to plain text, as there's no standard way to describe // rich text in messages. mimeType = PlainTextMimeType; - body = json[BodyKey].toString(); + body = json[BodyKeyL].toString(); } const auto replyJson = json[RelatesToKey].toObject() .value(RelatesTo::ReplyTypeId()).toObject(); diff --git a/lib/room.cpp b/lib/room.cpp index cb368d9e..0402ce67 100644 --- a/lib/room.cpp +++ b/lib/room.cpp @@ -52,6 +52,12 @@ #include "converters.h" #include "syncdata.h" +#include "e2ee.h" + +#include // QtOlm +#include // QtOlm +#include // QtOlm + #include #include // for efficient string concats (operator%) #include @@ -1187,6 +1193,87 @@ bool Room::usesEncryption() const return !d->getCurrentState()->algorithm().isEmpty(); } +const RoomEvent* Room::decryptMessage(EncryptedEvent *encryptedEvent) const +{ + if (encryptedEvent->algorithm() == OlmV1Curve25519AesSha2AlgoKey) { + QString identityKey = connection()->olmAccount()->curve25519IdentityKey(); + QJsonObject personalCipherObject = encryptedEvent->ciphertext(identityKey); + if (personalCipherObject.isEmpty()) { + qCDebug(EVENTS) << "Encrypted event is not for the current device"; + return nullptr; + } + return makeEvent(decryptMessage(personalCipherObject, encryptedEvent->senderKey().toLatin1())).get(); + } + if (encryptedEvent->algorithm() == MegolmV1AesSha2AlgoKey) { + return makeEvent(decryptMessage(encryptedEvent->ciphertext(), encryptedEvent->senderKey(), encryptedEvent->deviceId(), encryptedEvent->sessionId())).get(); + } + return nullptr; +} + +const QString Room::decryptMessage(QJsonObject personalCipherObject, QByteArray senderKey) const +{ + QString decrypted; + + using namespace QtOlm; + // TODO: new objects to private fields: + InboundSession* session; + + int type = personalCipherObject.value(TypeKeyL).toInt(-1); + QByteArray body = personalCipherObject.value(BodyKeyL).toString().toLatin1(); + + PreKeyMessage* preKeyMessage = new PreKeyMessage(body); + session = new InboundSession(connection()->olmAccount(), preKeyMessage, senderKey); + if (type == 0) { + if (!session->matches(preKeyMessage, senderKey)) + { + connection()->olmAccount()->removeOneTimeKeys(session); + } + try + { + decrypted = session->decrypt(preKeyMessage); + } + catch(std::runtime_error& e) + { + qWarning(EVENTS) << "Decrypt failed:" << e.what(); + } + } + else if (type == 1) + { + Message* message = new Message(body); + if (!session->matches(preKeyMessage, senderKey)) + { + qWarning(EVENTS) << "Invalid encrypted message"; + } + try + { + decrypted = session->decrypt(message); + } + catch(std::runtime_error& e) + { + qWarning(EVENTS) << "Decrypt failed:" << e.what(); + } + } + + return decrypted; +} + +const QString Room::sessionKey(const QString& senderKey, const QString& deviceId, const QString& sessionId) const +{ + // TODO: handling an m.room_key event + return ""; +} + +const QString Room::decryptMessage(QByteArray cipher, const QString& senderKey, const QString& deviceId, const QString& sessionId) const +{ + QString decrypted; + using namespace QtOlm; + InboundGroupSession* groupSession; + groupSession = new InboundGroupSession(sessionKey(senderKey, deviceId, sessionId).toLatin1()); + groupSession->decrypt(cipher); + // TODO: avoid replay attacks + return decrypted; +} + int Room::joinedCount() const { return d->summary.joinedMemberCount.omitted() diff --git a/lib/room.h b/lib/room.h index c79ca1e0..e09556b6 100644 --- a/lib/room.h +++ b/lib/room.h @@ -24,8 +24,10 @@ #include "events/accountdataevents.h" #include "eventitem.h" #include "joinstate.h" +#include "events/encryptedevent.h" #include +#include #include #include @@ -179,6 +181,10 @@ namespace QMatrixClient int memberCount() const; int timelineSize() const; bool usesEncryption() const; + const RoomEvent *decryptMessage(EncryptedEvent* encryptedEvent) const; + const QString decryptMessage(QJsonObject personalCipherObject, QByteArray senderKey) const; + const QString sessionKey(const QString &senderKey, const QString &deviceId, const QString &sessionId) const; + const QString decryptMessage(QByteArray cipher, const QString& senderKey, const QString& deviceId, const QString& sessionId) const; int joinedCount() const; int invitedCount() const; int totalMemberCount() const; -- cgit v1.2.3