RubyGems - selfsdk - Versions diffs - 0.0.136 → 0.0.141 - Mend

selfsdk 0.0.136 → 0.0.141

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/client.rb +37 -14
data/lib/crypto.rb +112 -0
data/lib/messages/authentication_req.rb +1 -1
data/lib/messages/base.rb +4 -0
data/lib/messages/fact_request.rb +8 -7
data/lib/messages/message.rb +2 -1
data/lib/messaging.rb +8 -2
data/lib/selfsdk.rb +1 -0
data/lib/services/auth.rb +5 -2
data/lib/services/facts.rb +5 -2
metadata +16 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80d405628b95421e76e1461dcff31f3351109cd009c7b0b677ce29d27ecf133d
-  data.tar.gz: 20235912eef39c3a084dd7afeab7cbb9d050d1649d02a45acdcf1a4403519e7f
+  metadata.gz: 1fc84c8ad47b159c7f07f33226c1273bf30202f3b999ceba02ef51f6b35763fb
+  data.tar.gz: 4c88fbad5ffa05cc69977554d454ca7fcc796663400f2e74b770879afe05c2a7
 SHA512:
-  metadata.gz: 734d43a91a7485370a5aa3a16fc56f2d097fc510aef007b25ad63645cf255629f286213371f787e7d2bd1e07d22ab7640a55b50b55518927a34c70dd72227d93
-  data.tar.gz: 9c7484084c68f95078154b2d21884c9a333a7388213fa0782ac6de7b236bedc5c5a6683fb9e62ed1e52c6c31bd63dc46cff159f977aac51886161dfbc5bec169
+  metadata.gz: c5f9b8cf446fb87a089d2094449691cd73806af84ce5d3f712a0357a0bdc5c4b2f7fef0dd6552591d56c4c5dd07fcaadcad02173b67b500f07ae80aec519fc2f
+  data.tar.gz: ee291b8ca0f22787067ae2edca5a59fee3fea4950a06cfd921c00c9d283d7c769cefeac7dd8bcee0bd2eeee7784fab307a52919d81f87942b8c8ccd4eff6d045

data/lib/client.rb CHANGED

@@ -65,6 +65,34 @@ module SelfSDK
       i[:public_keys]
     end
+    def post(endpoint, body)
+      res = nil
+      loop do
+        res = HTTParty.post("#{@self_url}#{endpoint}",
+                      headers: {
+                          'Content-Type' => 'application/json',
+                          'Authorization' => "Bearer #{@jwt.auth_token}"
+                      },
+                      body: body)
+        break if res.code != 503
+        sleep 2
+      end
+      return res
+    end
+    def get(endpoint)
+      res = nil
+      loop do
+        res = HTTParty.get("#{@self_url}#{endpoint}", headers: {
+          'Content-Type' => 'application/json',
+          'Authorization' => "Bearer #{@jwt.auth_token}"
+        })
+        break if res.code != 503
+        sleep 2
+      end
+      return res
+    end
     # Lists all public keys stored on self for the given ID
     #
     # @param id [string] identity id
@@ -74,6 +102,15 @@ module SelfSDK
       sg.key_by_id(kid)
     end
+    # Get the active public key for a device
+    #
+    # @param id [string] identity id
+    def device_public_key(id, did)
+      i = entity(id)
+      sg = SelfSDK::SignatureGraph.new(i[:history])
+      sg.key_by_device(did)
+    end
     private
     def get_identity(endpoint)
@@ -86,20 +123,6 @@ module SelfSDK
       body
     end
-    def get(endpoint)
-      HTTParty.get("#{@self_url}#{endpoint}", headers: {
-                     'Content-Type' => 'application/json',
-                     'Authorization' => "Bearer #{@jwt.auth_token}"
-                   })
-    end
-    def post(endpoint, body)
-      HTTParty.post("#{@self_url}#{endpoint}",
-                    headers: {
-                      'Content-Type' => 'application/json',
-                      'Authorization' => "Bearer #{@jwt.auth_token}"
-                    },
-                    body: body)
-    end
   end
 end

data/lib/crypto.rb ADDED

@@ -0,0 +1,112 @@
+require 'self_crypto'
+module SelfSDK
+  class Crypto
+    def initialize(client, device, storage_folder, storage_key)
+      @client = client
+      @device = device
+      @storage_key = storage_key
+      @storage_folder = storage_folder
+      if File.exist?(account_path)
+        # 1a) if alice's account file exists load the pickle from the file
+        @account = SelfCrypto::Account.from_pickle(File.read(account_path), @storage_key)
+      else
+        # 1b-i) if create a new account for alice if one doesn't exist already
+        @account = SelfCrypto::Account.from_seed(@client.jwt.key)
+        # 1b-ii) generate some keys for alice and publish them
+        @account.gen_otk(100)
+        # 1b-iii) convert those keys to json
+        keys = @account.otk['curve25519'].map{|k,v| {id: k, key: v}}.to_json
+        # 1b-iv) post those keys to POST /v1/identities/<selfid>/devices/1/pre_keys/
+        @client.post("/v1/apps/#{@client.jwt.id}/devices/#{@device}/pre_keys", keys)
+        # 1b-v) store the account to a file
+        File.write(account_path, @account.to_pickle(storage_key))
+      end
+    end
+    def encrypt(message, recipient, recipient_device)
+      session_file_name = session_path(recipient, recipient_device)
+      if File.exist?(session_file_name)
+        # 2a) if bob's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 2b-i) if you have not previously sent or recevied a message to/from bob,
+        #       you must get his identity key from GET /v1/identities/bob/
+        ed25519_identity_key = @client.device_public_key(recipient, recipient_device)
+        # 2b-ii) get a one time key for bob
+        res = @client.get("/v1/identities/#{recipient}/devices/#{recipient_device}/pre_keys")
+        if res.code != 200
+          Selfid.logger.error "identity response : #{res.body[:message]}"
+          raise "could not get identity pre_keys"
+        end
+        one_time_key = JSON.parse(res.body)["key"]
+        # 2b-iii) convert bobs ed25519 identity key to a curve25519 key
+        curve25519_identity_key = SelfCrypto::Util.ed25519_pk_to_curve25519(ed25519_identity_key.raw_public_key)
+        # 2b-iv) create the session with bob
+        session_with_bob = @account.outbound_session(curve25519_identity_key, one_time_key)
+        # 2b-v) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+      # 3) create a group session and set the identity of the account youre using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+      # 4) add all recipients and their sessions
+      gs.add_participant("#{recipient}:#{recipient_device}", session_with_bob)
+      # 5) encrypt a message
+      gs.encrypt(message).to_s
+    end
+    def decrypt(message, sender, sender_device)
+      session_file_name = session_path(sender, sender_device)
+      if File.exist?(session_file_name)
+        # 7a) if carol's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 7b-i) if you have not previously sent or received a message to/from bob,
+        #       you should extract the initial message from the group message intended
+        #       for your account id.
+        m = SelfCrypto::GroupMessage.new(message.to_s).get_message("#{@client.jwt.id}:#{@device}")
+        # 7b-ii) use the initial message to create a session for bob or carol
+        session_with_bob = @account.inbound_session(m)
+        # 7b-iii) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+      # 8) create a group session and set the identity of the account you're using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+      # 9) add all recipients and their sessions
+      gs.add_participant("#{sender}:#{sender_device}", session_with_bob)
+      # 10) decrypt the message ciphertext
+      gs.decrypt("#{sender}:#{sender_device}", message).to_s
+    end
+    private
+    def account_path
+      "#{@storage_folder}/account.pickle"
+    end
+    def session_path(selfid, device)
+      "#{@storage_folder}/#{selfid}:#{device}-session.pickle"
+    end
+  end
+end

data/lib/messages/authentication_req.rb CHANGED

@@ -44,7 +44,7 @@ module SelfSDK
                               sender: "#{@jwt.id}:#{@messaging.device_id}",
                               id: @id,
                               recipient: "#{@to}:#{@to_device}",
-                              ciphertext: @jwt.prepare(body))
+                              ciphertext: encrypt_message(@jwt.prepare(body), @to, @to_device))
       end
     end

data/lib/messages/base.rb CHANGED

@@ -26,6 +26,10 @@ module SelfSDK
         res
       end
+      def encrypt_message(message, recipient, recipient_device)
+        @messaging.encryption_client.encrypt(message, recipient, recipient_device)
+      end
       def unauthorized?
         status == "unauthorized"
       end

data/lib/messages/fact_request.rb CHANGED

@@ -93,19 +93,20 @@ module SelfSDK
                   end
         @to_device = devices.first
-        recipient = if @intermediary.nil?
-                      "#{@to}:#{@to_device}"
-                    else
-                      "#{@intermediary}:#{@to_device}"
-                    end
+        if @intermediary.nil?
+          recipient = "#{@to}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @to, @to_device)
+        else
+          recipient = "#{@intermediary}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @intermediary, @to_device)
+        end
         Msgproto::Message.new(
           type: Msgproto::MsgType::MSG,
           id: @id,
           sender: "#{@jwt.id}:#{@messaging.device_id}",
           recipient: recipient,
-          ciphertext: @jwt.prepare(body),
-        )
+          ciphertext: ciphertext )
       end
     end
   end

data/lib/messages/message.rb CHANGED

@@ -11,7 +11,8 @@ module SelfSDK
       body = if input.is_a? String
                input
              else
-               input.ciphertext
+               issuer = input.recipient.split(":")
+               messaging.encryption_client.decrypt(input.ciphertext, issuer.first, issuer.last)
              end
       jwt = JSON.parse(body, symbolize_names: true)

data/lib/messaging.rb CHANGED

@@ -4,6 +4,7 @@ require 'json'
 require 'monitor'
 require 'faye/websocket'
 require 'fileutils'
+require_relative 'crypto'
 require_relative 'messages/message'
 require_relative 'proto/auth_pb'
 require_relative 'proto/message_pb'
@@ -18,16 +19,18 @@ module SelfSDK
     DEFAULT_STORAGE_DIR="./.self_storage"
     ON_DEMAND_CLOSE_CODE=3999
-    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer
+    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer, :encryption_client
     # RestClient initializer
     #
     # @param url [string] self-messaging url
     # @params client [Object] SelfSDK::Client object
     # @option opts [string] :storage_dir  the folder where encryption sessions and settings will be stored
+    # @params storage_key [String] seed to encrypt messaging
+    # @params storage_folder [String] folder to perist messaging encryption
     # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
     # @option opts [String] :device_id The device id to be used by the app defaults to "1".
-    def initialize(url, client, options = {})
+    def initialize(url, client, storage_key, options = {})
       @mon = Monitor.new
       @url = url
       @messages = {}
@@ -45,6 +48,9 @@ module SelfSDK
       @offset = read_offset
       FileUtils.mkdir_p @storage_dir unless File.exist? @storage_dir
+      unless options.include? :no_crypto
+        @encryption_client = Crypto.new(@client, @device_id, @storage_dir, storage_key)
+      end
       if options.include? :ws
         @ws = options[:ws]

data/lib/selfsdk.rb CHANGED

@@ -53,6 +53,7 @@ module SelfSDK
       unless messaging_url.nil?
         @messaging_client = MessagingClient.new(messaging_url,
                                                 @client,
+                                                storage_key,
                                                 storage_dir: opts.fetch(:storage_dir, MessagingClient::DEFAULT_STORAGE_DIR),
                                                 auto_reconnect: opts.fetch(:auto_reconnect, MessagingClient::DEFAULT_AUTO_RECONNECT),
                                                 device_id: opts.fetch(:device_id, MessagingClient::DEFAULT_DEVICE))

data/lib/services/auth.rb CHANGED

@@ -39,13 +39,16 @@ module SelfSDK
       #  @return [String, String] conversation id or encoded body.
       def request(selfid, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
-        raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        rq = opts.fetch(:request, true)
+        if rq
+          raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        end
         req = SelfSDK::Messages::AuthenticationReq.new(@messaging)
         req.populate(selfid, opts)
         body = @client.jwt.prepare(req.body)
-        return body unless opts.fetch(:request, true)
+        return body unless rq
         return req.send_message if opts.fetch(:async, false)
         # when a block is given the request will always be asynchronous.

data/lib/services/facts.rb CHANGED

@@ -41,13 +41,16 @@ module SelfSDK
       #  @return [Object] SelfSDK:::Messages::FactRequest
       def request(selfid, facts, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
-        raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        rq = opts.fetch(:request, true)
+        if rq
+          raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        end
         req = SelfSDK::Messages::FactRequest.new(@messaging)
         req.populate(selfid, prepare_facts(facts), opts)
         body = @client.jwt.prepare(req.body)
-        return body unless opts.fetch(:request, true)
+        return body unless rq
         # when a block is given the request will always be asynchronous.
         if block_given?

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: selfsdk
 version: !ruby/object:Gem::Version
-  version: 0.0.136
+  version: 0.0.141
 platform: ruby
 authors:
 - Aldgate Ventures
@@ -10,6 +10,20 @@ bindir: bin
 cert_chain: []
 date: 2011-09-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: self_crypto
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: async
   requirement: !ruby/object:Gem::Requirement
@@ -299,6 +313,7 @@ files:
 - lib/acl.rb
 - lib/authenticated.rb
 - lib/client.rb
+- lib/crypto.rb
 - lib/jwt_service.rb
 - lib/log.rb
 - lib/messages/attestation.rb