1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
// SPDX-FileCopyrightText: 2021 Carl Schwan <carlschwan@kde.org>
//
// SPDX-License-Identifier: LGPL-2.1-or-later
#pragma once
#include "csapi/keys.h"
#include "e2ee/e2ee.h"
#include "e2ee/qolmerrors.h"
#include "e2ee/qolmmessage.h"
#include "e2ee/qolmsession.h"
#include <QObject>
struct OlmAccount;
namespace Quotient {
class QOlmSession;
class Connection;
using QOlmSessionPtr = std::unique_ptr<QOlmSession>;
//! An olm account manages all cryptographic keys used on a device.
//! \code{.cpp}
//! const auto olmAccount = new QOlmAccount(this);
//! \endcode
class QOlmAccount : public QObject
{
Q_OBJECT
public:
QOlmAccount(const QString &userId, const QString &deviceId, QObject *parent = nullptr);
~QOlmAccount();
//! Creates a new instance of OlmAccount. During the instantiation
//! the Ed25519 fingerprint key pair and the Curve25519 identity key
//! pair are generated. For more information see <a
//! href="https://matrix.org/docs/guides/e2e_implementation.html#keys-used-in-end-to-end-encryption">here</a>.
//! This needs to be called before any other action or use unpickle() instead.
void createNewAccount();
//! Deserialises from encrypted Base64 that was previously obtained by pickling a `QOlmAccount`.
//! This needs to be called before any other action or use createNewAccount() instead.
void unpickle(QByteArray &pickled, const PicklingMode &mode);
//! Serialises an OlmAccount to encrypted Base64.
std::variant<QByteArray, QOlmError> pickle(const PicklingMode &mode);
//! Returns the account's public identity keys already formatted as JSON
IdentityKeys identityKeys() const;
//! Returns the signature of the supplied message.
QByteArray sign(const QByteArray &message) const;
QByteArray sign(const QJsonObject& message) const;
//! Sign identity keys.
QByteArray signIdentityKeys() const;
//! Maximum number of one time keys that this OlmAccount can
//! currently hold.
size_t maxNumberOfOneTimeKeys() const;
//! Generates the supplied number of one time keys.
size_t generateOneTimeKeys(size_t numberOfKeys) const;
//! Gets the OlmAccount's one time keys formatted as JSON.
OneTimeKeys oneTimeKeys() const;
//! Sign all one time keys.
QMap<QString, SignedOneTimeKey> signOneTimeKeys(const OneTimeKeys &keys) const;
//! Sign one time key.
QByteArray signOneTimeKey(const QString &key) const;
SignedOneTimeKey signedOneTimeKey(const QByteArray &key, const QString &signature) const;
UploadKeysJob *createUploadKeyRequest(const OneTimeKeys &oneTimeKeys);
DeviceKeys deviceKeys() const;
//! Remove the one time key used to create the supplied session.
[[nodiscard]] std::optional<QOlmError> removeOneTimeKeys(const QOlmSessionPtr &session) const;
//! Creates an inbound session for sending/receiving messages from a received 'prekey' message.
//!
//! \param message An Olm pre-key message that was encrypted for this account.
std::variant<QOlmSessionPtr, QOlmError> createInboundSession(const QOlmMessage &preKeyMessage);
//! Creates an inbound session for sending/receiving messages from a received 'prekey' message.
//!
//! \param theirIdentityKey - The identity key of the Olm account that
//! encrypted this Olm message.
std::variant<QOlmSessionPtr, QOlmError> createInboundSessionFrom(const QByteArray &theirIdentityKey, const QOlmMessage &preKeyMessage);
//! Creates an outbound session for sending messages to a specific
/// identity and one time key.
std::variant<QOlmSessionPtr, QOlmError> createOutboundSession(const QByteArray &theirIdentityKey, const QByteArray &theirOneTimeKey);
void markKeysAsPublished();
// HACK do not use directly
QOlmAccount(OlmAccount *account);
OlmAccount *data();
Q_SIGNALS:
void needsSave() const;
private:
OlmAccount *m_account = nullptr; // owning
QString m_userId;
QString m_deviceId;
};
bool verifyIdentitySignature(const DeviceKeys &deviceKeys,
const QString &deviceId,
const QString &userId);
//! checks if the signature is signed by the signing_key
bool ed25519VerifySignature(const QString &signingKey,
const QJsonObject &obj,
const QString &signature);
} // namespace Quotient
|
