selfsdk 0.0.135 → 0.0.140

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6874c12ba149144c253e6ad15005ee7f9c4b009c26dcd0add8b36048e5201e51
-  data.tar.gz: 6c4021e2009ec63cfe6070f59d660f9d49bd86fcaafa9d3480cce743b9917dec
+  metadata.gz: 031a8f44592664c22d59c7c1105822ab9111dde46ffda50ba34b6116d70d4a3f
+  data.tar.gz: e2096831cb8f8d5bcba45fabf93a5173fac96f06ec933b6f6d446d1ed55f015a
 SHA512:
-  metadata.gz: 973e78bfd9b9c515cbd0ea71ee8a533c067bd9ac8b518fadf0c960abbee47031ccf75a2a83a935184ec2bf2d6351664a0e49450f22445cc4a0fce12b4b6cbe14
-  data.tar.gz: e83af77e1516bb4fa5e6c77b0ffa731ae042491611a1eb626173cdb3ac6b7a90df5f6b5e5d76008c91fa9f6a08a0e4c61b44dd35dca9a5ff857c392831eb8771
+  metadata.gz: 368a7cdacf1df7204473e6488e299e06e40b6caacc332c366ca039fea96930186e4888e007a333e99a6693d9b6ae18d13b4ae339f7d2cd988a1c412826bfce47
+  data.tar.gz: bc484da9425cc8e9f3b4d7e7af132f15395b1966109636e941ff3b5592ace7d914b65f338de4287de96e8d1d92dac03d5555667f1e146311a4965975b3154888

data/lib/client.rb

@@ -65,6 +65,34 @@ module SelfSDK
       i[:public_keys]
     end
 
+    def post(endpoint, body)
+      res = nil
+      loop do
+        res = HTTParty.post("#{@self_url}#{endpoint}",
+                      headers: {
+                          'Content-Type' => 'application/json',
+                          'Authorization' => "Bearer #{@jwt.auth_token}"
+                      },
+                      body: body)
+        break if res.code != 503
+        sleep 2
+      end
+      return res
+    end
+
+    def get(endpoint)
+      res = nil
+      loop do
+        res = HTTParty.get("#{@self_url}#{endpoint}", headers: {
+          'Content-Type' => 'application/json',
+          'Authorization' => "Bearer #{@jwt.auth_token}"
+        })
+        break if res.code != 503
+        sleep 2
+      end
+      return res
+    end
+
     # Lists all public keys stored on self for the given ID
     #
     # @param id [string] identity id
@@ -74,6 +102,15 @@ module SelfSDK
       sg.key_by_id(kid)
     end
 
+    # Get the active public key for a device
+    #
+    # @param id [string] identity id
+    def device_public_key(id, did)
+      i = entity(id)
+      sg = SelfSDK::SignatureGraph.new(i[:history])
+      sg.key_by_device(did)
+    end
+
     private
 
     def get_identity(endpoint)
@@ -86,20 +123,6 @@ module SelfSDK
       body
     end
 
-    def get(endpoint)
-      HTTParty.get("#{@self_url}#{endpoint}", headers: {
-                     'Content-Type' => 'application/json',
-                     'Authorization' => "Bearer #{@jwt.auth_token}"
-                   })
-    end
 
-    def post(endpoint, body)
-      HTTParty.post("#{@self_url}#{endpoint}",
-                    headers: {
-                      'Content-Type' => 'application/json',
-                      'Authorization' => "Bearer #{@jwt.auth_token}"
-                    },
-                    body: body)
-    end
   end
 end

data/lib/crypto.rb

@@ -0,0 +1,102 @@
+require 'self_crypto'
+
+module SelfSDK
+  class Crypto
+    def initialize(client, device, storage_folder, storage_key)
+      @client = client
+      @device = device
+      @storage_key = storage_key
+      @storage_folder = storage_folder
+
+      if File.exist?('account.pickle')
+        # 1a) if alice's account file exists load the pickle from the file
+        @account = SelfCrypto::Account.from_pickle(File.read('account.pickle'), @storage_key)
+      else
+        # 1b-i) if create a new account for alice if one doesn't exist already
+        @account = SelfCrypto::Account.from_seed(@client.jwt.key)
+
+        # 1b-ii) generate some keys for alice and publish them
+        @account.gen_otk(100)
+
+        # 1b-iii) convert those keys to json
+        keys = @account.otk['curve25519'].map{|k,v| {id: k, key: v}}.to_json
+
+        # 1b-iv) post those keys to POST /v1/identities/<selfid>/devices/1/pre_keys/
+        @client.post("/v1/apps/#{@client.jwt.id}/devices/#{@device}/pre_keys", keys)
+
+        # 1b-v) store the account to a file
+        File.write('account.pickle', @account.to_pickle(storage_key))
+      end
+    end
+
+    def encrypt(message, recipient, recipient_device)
+      session_file_name = "#{recipient}:#{recipient_device}-session.pickle"
+
+      if File.exist?(session_file_name)
+        # 2a) if bob's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 2b-i) if you have not previously sent or recevied a message to/from bob,
+        #       you must get his identity key from GET /v1/identities/bob/
+        ed25519_identity_key = @client.device_public_key(recipient, recipient_device)
+
+        # 2b-ii) get a one time key for bob
+        res = @client.get("/v1/identities/#{recipient}/devices/#{recipient_device}/pre_keys")
+
+        if res.code != 200
+          Selfid.logger.error "identity response : #{res.body[:message]}"
+          raise "could not get identity pre_keys"
+        end
+
+        one_time_key = JSON.parse(res.body)["key"]
+
+        # 2b-iii) convert bobs ed25519 identity key to a curve25519 key
+        curve25519_identity_key = SelfCrypto::Util.ed25519_pk_to_curve25519(ed25519_identity_key.raw_public_key)
+
+        # 2b-iv) create the session with bob
+        session_with_bob = @account.outbound_session(curve25519_identity_key, one_time_key)
+
+        # 2b-v) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+
+      # 3) create a group session and set the identity of the account youre using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+
+      # 4) add all recipients and their sessions
+      gs.add_participant("#{recipient}:#{recipient_device}", session_with_bob)
+
+      # 5) encrypt a message
+      gs.encrypt(message).to_s
+    end
+
+    def decrypt(message, sender, sender_device)
+      session_file_name = "#{sender}:#{sender_device}-session.pickle"
+
+      if File.exist?(session_file_name)
+        # 7a) if carol's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 7b-i) if you have not previously sent or received a message to/from bob,
+        #       you should extract the initial message from the group message intended
+        #       for your account id.
+        m = SelfCrypto::GroupMessage.new(message.to_s).get_message("#{@client.jwt.id}:#{@device}")
+
+        # 7b-ii) use the initial message to create a session for bob or carol
+        session_with_bob = @account.inbound_session(m)
+
+        # 7b-iii) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+
+      # 8) create a group session and set the identity of the account you're using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+
+      # 9) add all recipients and their sessions
+      gs.add_participant("#{sender}:#{sender_device}", session_with_bob)
+
+      # 10) decrypt the message ciphertext
+      gs.decrypt("#{sender}:#{sender_device}", message).to_s
+    end
+  end
+end

data/lib/messages/authentication_req.rb

@@ -44,7 +44,7 @@ module SelfSDK
                               sender: "#{@jwt.id}:#{@messaging.device_id}",
                               id: @id,
                               recipient: "#{@to}:#{@to_device}",
-                              ciphertext: @jwt.prepare(body))
+                              ciphertext: encrypt_message(@jwt.prepare(body), @to, @to_device))
       end
 
     end

data/lib/messages/base.rb

@@ -26,6 +26,10 @@ module SelfSDK
         res
       end
 
+      def encrypt_message(message, recipient, recipient_device)
+        @messaging.encryption_client.encrypt(message, recipient, recipient_device)
+      end
+
       def unauthorized?
         status == "unauthorized"
       end

data/lib/messages/fact_request.rb

@@ -93,19 +93,20 @@ module SelfSDK
                   end
         @to_device = devices.first
 
-        recipient = if @intermediary.nil?
-                      "#{@to}:#{@to_device}"
-                    else
-                      "#{@intermediary}:#{@to_device}"
-                    end
+        if @intermediary.nil?
+          recipient = "#{@to}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @to, @to_device)
+        else
+          recipient = "#{@intermediary}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @intermediary, @to_device)
+        end
 
         Msgproto::Message.new(
           type: Msgproto::MsgType::MSG,
           id: @id,
           sender: "#{@jwt.id}:#{@messaging.device_id}",
           recipient: recipient,
-          ciphertext: @jwt.prepare(body),
-        )
+          ciphertext: ciphertext )
       end
     end
   end

data/lib/messages/message.rb

@@ -11,7 +11,8 @@ module SelfSDK
       body = if input.is_a? String
                input
              else
-               input.ciphertext
+               issuer = input.recipient.split(":")
+               messaging.encryption_client.decrypt(input.ciphertext, issuer.first, issuer.last)
              end
 
       jwt = JSON.parse(body, symbolize_names: true)

data/lib/messaging.rb

@@ -4,6 +4,7 @@ require 'json'
 require 'monitor'
 require 'faye/websocket'
 require 'fileutils'
+require_relative 'crypto'
 require_relative 'messages/message'
 require_relative 'proto/auth_pb'
 require_relative 'proto/message_pb'
@@ -18,16 +19,18 @@ module SelfSDK
     DEFAULT_STORAGE_DIR="./.self_storage"
     ON_DEMAND_CLOSE_CODE=3999
 
-    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer
+    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer, :encryption_client
 
     # RestClient initializer
     #
     # @param url [string] self-messaging url
     # @params client [Object] SelfSDK::Client object
     # @option opts [string] :storage_dir  the folder where encryption sessions and settings will be stored
+    # @params storage_key [String] seed to encrypt messaging
+    # @params storage_folder [String] folder to perist messaging encryption
     # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
     # @option opts [String] :device_id The device id to be used by the app defaults to "1".
-    def initialize(url, client, options = {})
+    def initialize(url, client, storage_key, storage_folder, options = {})
       @mon = Monitor.new
       @url = url
       @messages = {}
@@ -45,6 +48,9 @@ module SelfSDK
       @offset = read_offset
 
       FileUtils.mkdir_p @storage_dir unless File.exist? @storage_dir
+      unless options.include? :no_crypto
+        @encryption_client = Crypto.new(@client, @device_id, storage_folder, storage_key)
+      end
 
       if options.include? :ws
         @ws = options[:ws]

data/lib/selfsdk.rb

@@ -53,6 +53,7 @@ module SelfSDK
       unless messaging_url.nil?
         @messaging_client = MessagingClient.new(messaging_url,
                                                 @client,
+                                                storage_key,
                                                 storage_dir: opts.fetch(:storage_dir, MessagingClient::DEFAULT_STORAGE_DIR),
                                                 auto_reconnect: opts.fetch(:auto_reconnect, MessagingClient::DEFAULT_AUTO_RECONNECT),
                                                 device_id: opts.fetch(:device_id, MessagingClient::DEFAULT_DEVICE))
@@ -61,12 +62,12 @@ module SelfSDK
 
     # Provides access to SelfSDK::Services::Facts service
     def facts
-      @facts ||= SelfSDK::Services::Facts.new(@messaging_client, @client)
+      @facts ||= SelfSDK::Services::Facts.new(messaging, @client)
     end
 
     # Provides access to SelfSDK::Services::Authentication service
     def authentication
-      @authentication ||= SelfSDK::Services::Authentication.new(@messaging_client, @client)
+      @authentication ||= SelfSDK::Services::Authentication.new(messaging, @client)
     end
 
     # Provides access to SelfSDK::Services::Identity service

data/lib/services/auth.rb

@@ -15,7 +15,8 @@ module SelfSDK
       #
       # @return [SelfSDK::Services::Authentication] authentication service.
       def initialize(messaging, client)
-        @messaging = messaging
+        @messaging = messaging.client
+        @messaging_service = messaging
         @client = client
       end
 
@@ -38,12 +39,16 @@ module SelfSDK
       #  @return [String, String] conversation id or encoded body.
       def request(selfid, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
+        rq = opts.fetch(:request, true)
+        if rq
+          raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        end
 
         req = SelfSDK::Messages::AuthenticationReq.new(@messaging)
         req.populate(selfid, opts)
 
         body = @client.jwt.prepare(req.body)
-        return body unless opts.fetch(:request, true)
+        return body unless rq
         return req.send_message if opts.fetch(:async, false)
 
         # when a block is given the request will always be asynchronous.

data/lib/services/facts.rb

@@ -17,7 +17,8 @@ module SelfSDK
       #
       # @return [SelfSDK::Services::Facts] facts service.
       def initialize(messaging, client)
-        @messaging = messaging
+        @messaging = messaging.client
+        @messaging_service = messaging
         @client = client
       end
 
@@ -40,12 +41,16 @@ module SelfSDK
       #  @return [Object] SelfSDK:::Messages::FactRequest
       def request(selfid, facts, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
+        rq = opts.fetch(:request, true)
+        if rq
+          raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        end
 
         req = SelfSDK::Messages::FactRequest.new(@messaging)
         req.populate(selfid, prepare_facts(facts), opts)
 
         body = @client.jwt.prepare(req.body)
-        return body unless opts.fetch(:request, true)
+        return body unless rq
 
         # when a block is given the request will always be asynchronous.
         if block_given?

data/lib/services/messaging.rb

@@ -44,6 +44,15 @@ module SelfSDK
         acl.list
       end
 
+      # Checks if you're permitting messages from a specific self identifier
+      # @return [Boolean] yes|no
+      def is_permitted?(id)
+        conns = allowed_connections
+        return true if conns.include? "*"
+        return true if conns.include? id
+        return false
+      end
+
       # Revokes incoming messages from the given identity.
       #
       # @param [String] selfid to be denied

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: selfsdk
 version: !ruby/object:Gem::Version
-  version: 0.0.135
+  version: 0.0.140
 platform: ruby
 authors:
 - Aldgate Ventures
@@ -10,6 +10,20 @@ bindir: bin
 cert_chain: []
 date: 2011-09-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: self_crypto
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: async
   requirement: !ruby/object:Gem::Requirement
@@ -299,6 +313,7 @@ files:
 - lib/acl.rb
 - lib/authenticated.rb
 - lib/client.rb
+- lib/crypto.rb
 - lib/jwt_service.rb
 - lib/log.rb
 - lib/messages/attestation.rb