selfsdk 0.0.136 → 0.0.141

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80d405628b95421e76e1461dcff31f3351109cd009c7b0b677ce29d27ecf133d
-  data.tar.gz: 20235912eef39c3a084dd7afeab7cbb9d050d1649d02a45acdcf1a4403519e7f
+  metadata.gz: 1fc84c8ad47b159c7f07f33226c1273bf30202f3b999ceba02ef51f6b35763fb
+  data.tar.gz: 4c88fbad5ffa05cc69977554d454ca7fcc796663400f2e74b770879afe05c2a7
 SHA512:
-  metadata.gz: 734d43a91a7485370a5aa3a16fc56f2d097fc510aef007b25ad63645cf255629f286213371f787e7d2bd1e07d22ab7640a55b50b55518927a34c70dd72227d93
-  data.tar.gz: 9c7484084c68f95078154b2d21884c9a333a7388213fa0782ac6de7b236bedc5c5a6683fb9e62ed1e52c6c31bd63dc46cff159f977aac51886161dfbc5bec169
+  metadata.gz: c5f9b8cf446fb87a089d2094449691cd73806af84ce5d3f712a0357a0bdc5c4b2f7fef0dd6552591d56c4c5dd07fcaadcad02173b67b500f07ae80aec519fc2f
+  data.tar.gz: ee291b8ca0f22787067ae2edca5a59fee3fea4950a06cfd921c00c9d283d7c769cefeac7dd8bcee0bd2eeee7784fab307a52919d81f87942b8c8ccd4eff6d045

data/lib/client.rb

@@ -65,6 +65,34 @@ module SelfSDK
       i[:public_keys]
     end
 
+    def post(endpoint, body)
+      res = nil
+      loop do
+        res = HTTParty.post("#{@self_url}#{endpoint}",
+                      headers: {
+                          'Content-Type' => 'application/json',
+                          'Authorization' => "Bearer #{@jwt.auth_token}"
+                      },
+                      body: body)
+        break if res.code != 503
+        sleep 2
+      end
+      return res
+    end
+
+    def get(endpoint)
+      res = nil
+      loop do
+        res = HTTParty.get("#{@self_url}#{endpoint}", headers: {
+          'Content-Type' => 'application/json',
+          'Authorization' => "Bearer #{@jwt.auth_token}"
+        })
+        break if res.code != 503
+        sleep 2
+      end
+      return res
+    end
+
     # Lists all public keys stored on self for the given ID
     #
     # @param id [string] identity id
@@ -74,6 +102,15 @@ module SelfSDK
       sg.key_by_id(kid)
     end
 
+    # Get the active public key for a device
+    #
+    # @param id [string] identity id
+    def device_public_key(id, did)
+      i = entity(id)
+      sg = SelfSDK::SignatureGraph.new(i[:history])
+      sg.key_by_device(did)
+    end
+
     private
 
     def get_identity(endpoint)
@@ -86,20 +123,6 @@ module SelfSDK
       body
     end
 
-    def get(endpoint)
-      HTTParty.get("#{@self_url}#{endpoint}", headers: {
-                     'Content-Type' => 'application/json',
-                     'Authorization' => "Bearer #{@jwt.auth_token}"
-                   })
-    end
 
-    def post(endpoint, body)
-      HTTParty.post("#{@self_url}#{endpoint}",
-                    headers: {
-                      'Content-Type' => 'application/json',
-                      'Authorization' => "Bearer #{@jwt.auth_token}"
-                    },
-                    body: body)
-    end
   end
 end

data/lib/crypto.rb

@@ -0,0 +1,112 @@
+require 'self_crypto'
+
+module SelfSDK
+  class Crypto
+    def initialize(client, device, storage_folder, storage_key)
+      @client = client
+      @device = device
+      @storage_key = storage_key
+      @storage_folder = storage_folder
+
+      if File.exist?(account_path)
+        # 1a) if alice's account file exists load the pickle from the file
+        @account = SelfCrypto::Account.from_pickle(File.read(account_path), @storage_key)
+      else
+        # 1b-i) if create a new account for alice if one doesn't exist already
+        @account = SelfCrypto::Account.from_seed(@client.jwt.key)
+
+        # 1b-ii) generate some keys for alice and publish them
+        @account.gen_otk(100)
+
+        # 1b-iii) convert those keys to json
+        keys = @account.otk['curve25519'].map{|k,v| {id: k, key: v}}.to_json
+
+        # 1b-iv) post those keys to POST /v1/identities/<selfid>/devices/1/pre_keys/
+        @client.post("/v1/apps/#{@client.jwt.id}/devices/#{@device}/pre_keys", keys)
+
+        # 1b-v) store the account to a file
+        File.write(account_path, @account.to_pickle(storage_key))
+      end
+    end
+
+    def encrypt(message, recipient, recipient_device)
+      session_file_name = session_path(recipient, recipient_device)
+
+      if File.exist?(session_file_name)
+        # 2a) if bob's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 2b-i) if you have not previously sent or recevied a message to/from bob,
+        #       you must get his identity key from GET /v1/identities/bob/
+        ed25519_identity_key = @client.device_public_key(recipient, recipient_device)
+
+        # 2b-ii) get a one time key for bob
+        res = @client.get("/v1/identities/#{recipient}/devices/#{recipient_device}/pre_keys")
+
+        if res.code != 200
+          Selfid.logger.error "identity response : #{res.body[:message]}"
+          raise "could not get identity pre_keys"
+        end
+
+        one_time_key = JSON.parse(res.body)["key"]
+
+        # 2b-iii) convert bobs ed25519 identity key to a curve25519 key
+        curve25519_identity_key = SelfCrypto::Util.ed25519_pk_to_curve25519(ed25519_identity_key.raw_public_key)
+
+        # 2b-iv) create the session with bob
+        session_with_bob = @account.outbound_session(curve25519_identity_key, one_time_key)
+
+        # 2b-v) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+
+      # 3) create a group session and set the identity of the account youre using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+
+      # 4) add all recipients and their sessions
+      gs.add_participant("#{recipient}:#{recipient_device}", session_with_bob)
+
+      # 5) encrypt a message
+      gs.encrypt(message).to_s
+    end
+
+    def decrypt(message, sender, sender_device)
+      session_file_name = session_path(sender, sender_device)
+
+      if File.exist?(session_file_name)
+        # 7a) if carol's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 7b-i) if you have not previously sent or received a message to/from bob,
+        #       you should extract the initial message from the group message intended
+        #       for your account id.
+        m = SelfCrypto::GroupMessage.new(message.to_s).get_message("#{@client.jwt.id}:#{@device}")
+
+        # 7b-ii) use the initial message to create a session for bob or carol
+        session_with_bob = @account.inbound_session(m)
+
+        # 7b-iii) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+
+      # 8) create a group session and set the identity of the account you're using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+
+      # 9) add all recipients and their sessions
+      gs.add_participant("#{sender}:#{sender_device}", session_with_bob)
+
+      # 10) decrypt the message ciphertext
+      gs.decrypt("#{sender}:#{sender_device}", message).to_s
+    end
+
+    private
+
+    def account_path
+      "#{@storage_folder}/account.pickle"
+    end
+
+    def session_path(selfid, device)
+      "#{@storage_folder}/#{selfid}:#{device}-session.pickle"
+    end
+  end
+end

data/lib/messages/authentication_req.rb

@@ -44,7 +44,7 @@ module SelfSDK
                               sender: "#{@jwt.id}:#{@messaging.device_id}",
                               id: @id,
                               recipient: "#{@to}:#{@to_device}",
-                              ciphertext: @jwt.prepare(body))
+                              ciphertext: encrypt_message(@jwt.prepare(body), @to, @to_device))
       end
 
     end

data/lib/messages/base.rb

@@ -26,6 +26,10 @@ module SelfSDK
         res
       end
 
+      def encrypt_message(message, recipient, recipient_device)
+        @messaging.encryption_client.encrypt(message, recipient, recipient_device)
+      end
+
       def unauthorized?
         status == "unauthorized"
       end

data/lib/messages/fact_request.rb

@@ -93,19 +93,20 @@ module SelfSDK
                   end
         @to_device = devices.first
 
-        recipient = if @intermediary.nil?
-                      "#{@to}:#{@to_device}"
-                    else
-                      "#{@intermediary}:#{@to_device}"
-                    end
+        if @intermediary.nil?
+          recipient = "#{@to}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @to, @to_device)
+        else
+          recipient = "#{@intermediary}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @intermediary, @to_device)
+        end
 
         Msgproto::Message.new(
           type: Msgproto::MsgType::MSG,
           id: @id,
           sender: "#{@jwt.id}:#{@messaging.device_id}",
           recipient: recipient,
-          ciphertext: @jwt.prepare(body),
-        )
+          ciphertext: ciphertext )
       end
     end
   end

data/lib/messages/message.rb

@@ -11,7 +11,8 @@ module SelfSDK
       body = if input.is_a? String
                input
              else
-               input.ciphertext
+               issuer = input.recipient.split(":")
+               messaging.encryption_client.decrypt(input.ciphertext, issuer.first, issuer.last)
              end
 
       jwt = JSON.parse(body, symbolize_names: true)

data/lib/messaging.rb

@@ -4,6 +4,7 @@ require 'json'
 require 'monitor'
 require 'faye/websocket'
 require 'fileutils'
+require_relative 'crypto'
 require_relative 'messages/message'
 require_relative 'proto/auth_pb'
 require_relative 'proto/message_pb'
@@ -18,16 +19,18 @@ module SelfSDK
     DEFAULT_STORAGE_DIR="./.self_storage"
     ON_DEMAND_CLOSE_CODE=3999
 
-    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer
+    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer, :encryption_client
 
     # RestClient initializer
     #
     # @param url [string] self-messaging url
     # @params client [Object] SelfSDK::Client object
     # @option opts [string] :storage_dir  the folder where encryption sessions and settings will be stored
+    # @params storage_key [String] seed to encrypt messaging
+    # @params storage_folder [String] folder to perist messaging encryption
     # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
     # @option opts [String] :device_id The device id to be used by the app defaults to "1".
-    def initialize(url, client, options = {})
+    def initialize(url, client, storage_key, options = {})
       @mon = Monitor.new
       @url = url
       @messages = {}
@@ -45,6 +48,9 @@ module SelfSDK
       @offset = read_offset
 
       FileUtils.mkdir_p @storage_dir unless File.exist? @storage_dir
+      unless options.include? :no_crypto
+        @encryption_client = Crypto.new(@client, @device_id, @storage_dir, storage_key)
+      end
 
       if options.include? :ws
         @ws = options[:ws]

data/lib/selfsdk.rb

@@ -53,6 +53,7 @@ module SelfSDK
       unless messaging_url.nil?
         @messaging_client = MessagingClient.new(messaging_url,
                                                 @client,
+                                                storage_key,
                                                 storage_dir: opts.fetch(:storage_dir, MessagingClient::DEFAULT_STORAGE_DIR),
                                                 auto_reconnect: opts.fetch(:auto_reconnect, MessagingClient::DEFAULT_AUTO_RECONNECT),
                                                 device_id: opts.fetch(:device_id, MessagingClient::DEFAULT_DEVICE))

data/lib/services/auth.rb

@@ -39,13 +39,16 @@ module SelfSDK
       #  @return [String, String] conversation id or encoded body.
       def request(selfid, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
-        raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        rq = opts.fetch(:request, true)
+        if rq
+          raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        end
 
         req = SelfSDK::Messages::AuthenticationReq.new(@messaging)
         req.populate(selfid, opts)
 
         body = @client.jwt.prepare(req.body)
-        return body unless opts.fetch(:request, true)
+        return body unless rq
         return req.send_message if opts.fetch(:async, false)
 
         # when a block is given the request will always be asynchronous.

data/lib/services/facts.rb

@@ -41,13 +41,16 @@ module SelfSDK
       #  @return [Object] SelfSDK:::Messages::FactRequest
       def request(selfid, facts, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
-        raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        rq = opts.fetch(:request, true)
+        if rq
+          raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
+        end
 
         req = SelfSDK::Messages::FactRequest.new(@messaging)
         req.populate(selfid, prepare_facts(facts), opts)
 
         body = @client.jwt.prepare(req.body)
-        return body unless opts.fetch(:request, true)
+        return body unless rq
 
         # when a block is given the request will always be asynchronous.
         if block_given?

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: selfsdk
 version: !ruby/object:Gem::Version
-  version: 0.0.136
+  version: 0.0.141
 platform: ruby
 authors:
 - Aldgate Ventures
@@ -10,6 +10,20 @@ bindir: bin
 cert_chain: []
 date: 2011-09-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: self_crypto
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: async
   requirement: !ruby/object:Gem::Requirement
@@ -299,6 +313,7 @@ files:
 - lib/acl.rb
 - lib/authenticated.rb
 - lib/client.rb
+- lib/crypto.rb
 - lib/jwt_service.rb
 - lib/log.rb
 - lib/messages/attestation.rb