selfsdk 0.0.136 → 0.0.137

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80d405628b95421e76e1461dcff31f3351109cd009c7b0b677ce29d27ecf133d
-  data.tar.gz: 20235912eef39c3a084dd7afeab7cbb9d050d1649d02a45acdcf1a4403519e7f
+  metadata.gz: b4b5f44ffce4a1ad4c61c20b752e97173f2cc0c96091138683ddb56c2dca2f73
+  data.tar.gz: 841ad78f32bcb7434126eac7bdea3e3eb9d7abf4cc35fd41d0d243fa7f05fffa
 SHA512:
-  metadata.gz: 734d43a91a7485370a5aa3a16fc56f2d097fc510aef007b25ad63645cf255629f286213371f787e7d2bd1e07d22ab7640a55b50b55518927a34c70dd72227d93
-  data.tar.gz: 9c7484084c68f95078154b2d21884c9a333a7388213fa0782ac6de7b236bedc5c5a6683fb9e62ed1e52c6c31bd63dc46cff159f977aac51886161dfbc5bec169
+  metadata.gz: 04f00c82b5f64dc8f23597e28fc11eee64db02deacfbeedb328d3f766048e40d3a625c3ae25b7a5a888969272883650e63ce9425d5056f2ed98f5beae1712987
+  data.tar.gz: 2dfa4e9f4e3796393adfda66d994ef39fa2de8f37b08b2274b4fcdaa1ccd752e7aafdec5f7eb80b1b4f336ecaeb74350a42464c785c5026eb82e8ffd3458761f

data/lib/client.rb

@@ -65,6 +65,22 @@ module SelfSDK
       i[:public_keys]
     end
 
+    def post(endpoint, body)
+      p HTTParty.post("#{@self_url}#{endpoint}",
+                    headers: {
+                        'Content-Type' => 'application/json',
+                        'Authorization' => "Bearer #{@jwt.auth_token}"
+                    },
+                    body: body)
+    end
+
+    def get(endpoint)
+      HTTParty.get("#{@self_url}#{endpoint}", headers: {
+          'Content-Type' => 'application/json',
+          'Authorization' => "Bearer #{@jwt.auth_token}"
+      })
+    end
+
     # Lists all public keys stored on self for the given ID
     #
     # @param id [string] identity id
@@ -86,20 +102,6 @@ module SelfSDK
       body
     end
 
-    def get(endpoint)
-      HTTParty.get("#{@self_url}#{endpoint}", headers: {
-                     'Content-Type' => 'application/json',
-                     'Authorization' => "Bearer #{@jwt.auth_token}"
-                   })
-    end
 
-    def post(endpoint, body)
-      HTTParty.post("#{@self_url}#{endpoint}",
-                    headers: {
-                      'Content-Type' => 'application/json',
-                      'Authorization' => "Bearer #{@jwt.auth_token}"
-                    },
-                    body: body)
-    end
   end
 end

data/lib/crypto.rb

@@ -0,0 +1,102 @@
+require 'self_crypto'
+
+module SelfSDK
+  class Crypto
+    def initialize(client, device, storage_folder, storage_key)
+      @client = client
+      @device = device
+      @storage_key = storage_key
+      @storage_folder = storage_folder
+
+      if File.exist?('account.pickle')
+        # 1a) if alice's account file exists load the pickle from the file
+        @account = SelfCrypto::Account.from_pickle(File.read('account.pickle'), @storage_key)
+      else
+        # 1b-i) if create a new account for alice if one doesn't exist already
+        @account = SelfCrypto::Account.from_seed(@client.jwt.key)
+
+        # 1b-ii) generate some keys for alice and publish them
+        @account.gen_otk(100)
+
+        # 1b-iii) convert those keys to json
+        keys = @account.otk['curve25519'].map{|k,v| {id: k, key: v}}.to_json
+
+        # 1b-iv) post those keys to POST /v1/identities/<selfid>/devices/1/pre_keys/
+        @client.post("/v1/apps/#{@client.jwt.id}/devices/#{@device}/pre_keys", keys)
+
+        # 1b-v) store the account to a file
+        File.write('account.pickle', @account.to_pickle(storage_key))
+      end
+    end
+
+    def encrypt(message, recipient, recipient_device)
+      session_file_name = "#{recipient}:#{recipient_device}-session.pickle"
+
+      if File.exist?(session_file_name)
+        # 2a) if bob's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 2b-i) if you have not previously sent or recevied a message to/from bob,
+        #       you must get his identity key from GET /v1/identities/bob/
+        ed25519_identity_key = @client.public_keys(recipient).first[:key]
+
+        # 2b-ii) get a one time key for bob
+        res = @client.get("/v1/identities/#{recipient}/devices/#{recipient_device}/pre_keys")
+
+        if res.code != 200
+          Selfid.logger.error "identity response : #{res.body[:message]}"
+          raise "could not get identity pre_keys"
+        end
+
+        one_time_key = JSON.parse(res.body)["key"]
+
+        # 2b-iii) convert bobs ed25519 identity key to a curve25519 key
+        curve25519_identity_key = SelfCrypto::Util.ed25519_pk_to_curve25519(ed25519_identity_key)
+
+        # 2b-iv) create the session with bob
+        session_with_bob = @account.outbound_session(curve25519_identity_key, one_time_key)
+
+        # 2b-v) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+
+      # 3) create a group session and set the identity of the account youre using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+
+      # 4) add all recipients and their sessions
+      gs.add_participant("#{recipient}:#{recipient_device}", session_with_bob)
+
+      # 5) encrypt a message
+      gs.encrypt(message).to_s
+    end
+
+    def decrypt(message, sender, sender_device)
+      session_file_name = "#{sender}:#{sender_device}-session.pickle"
+
+      if File.exist?(session_file_name)
+        # 7a) if carol's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 7b-i) if you have not previously sent or received a message to/from bob,
+        #       you should extract the initial message from the group message intended
+        #       for your account id.
+        m = SelfCrypto::GroupMessage.new(message.to_s).get_message("#{@client.jwt.id}:#{@device}")
+
+        # 7b-ii) use the initial message to create a session for bob or carol
+        session_with_bob = @account.inbound_session(m)
+
+        # 7b-iii) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+
+      # 8) create a group session and set the identity of the account you're using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+
+      # 9) add all recipients and their sessions
+      gs.add_participant("#{sender}:#{sender_device}", session_with_bob)
+
+      # 10) decrypt the message ciphertext
+      gs.decrypt("#{sender}:#{sender_device}", message).to_s
+    end
+  end
+end

data/lib/messages/authentication_req.rb

@@ -44,7 +44,7 @@ module SelfSDK
                               sender: "#{@jwt.id}:#{@messaging.device_id}",
                               id: @id,
                               recipient: "#{@to}:#{@to_device}",
-                              ciphertext: @jwt.prepare(body))
+                              ciphertext: encrypt_message(@jwt.prepare(body), @to, @to_device))
       end
 
     end

data/lib/messages/base.rb

@@ -26,6 +26,10 @@ module SelfSDK
         res
       end
 
+      def encrypt_message(message, recipient, recipient_device)
+        @messaging.encryption_client.encrypt(message, recipient, recipient_device)
+      end
+
       def unauthorized?
         status == "unauthorized"
       end

data/lib/messages/fact_request.rb

@@ -93,19 +93,20 @@ module SelfSDK
                   end
         @to_device = devices.first
 
-        recipient = if @intermediary.nil?
-                      "#{@to}:#{@to_device}"
-                    else
-                      "#{@intermediary}:#{@to_device}"
-                    end
+        if @intermediary.nil?
+          recipient = "#{@to}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @to, @to_device)
+        else
+          recipient = "#{@intermediary}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @intermediary, @to_device)
+        end
 
         Msgproto::Message.new(
           type: Msgproto::MsgType::MSG,
           id: @id,
           sender: "#{@jwt.id}:#{@messaging.device_id}",
           recipient: recipient,
-          ciphertext: @jwt.prepare(body),
-        )
+          ciphertext: ciphertext )
       end
     end
   end

data/lib/messages/message.rb

@@ -11,7 +11,8 @@ module SelfSDK
       body = if input.is_a? String
                input
              else
-               input.ciphertext
+               issuer = input.recipient.split(":")
+               messaging.encryption_client.decrypt(input.ciphertext, issuer.first, issuer.last)
              end
 
       jwt = JSON.parse(body, symbolize_names: true)

data/lib/messaging.rb

@@ -4,6 +4,7 @@ require 'json'
 require 'monitor'
 require 'faye/websocket'
 require 'fileutils'
+require_relative 'crypto'
 require_relative 'messages/message'
 require_relative 'proto/auth_pb'
 require_relative 'proto/message_pb'
@@ -18,16 +19,18 @@ module SelfSDK
     DEFAULT_STORAGE_DIR="./.self_storage"
     ON_DEMAND_CLOSE_CODE=3999
 
-    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer
+    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer, :encryption_client
 
     # RestClient initializer
     #
     # @param url [string] self-messaging url
     # @params client [Object] SelfSDK::Client object
     # @option opts [string] :storage_dir  the folder where encryption sessions and settings will be stored
+    # @params storage_key [String] seed to encrypt messaging
+    # @params storage_folder [String] folder to perist messaging encryption
     # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
     # @option opts [String] :device_id The device id to be used by the app defaults to "1".
-    def initialize(url, client, options = {})
+    def initialize(url, client, storage_key, storage_folder, options = {})
       @mon = Monitor.new
       @url = url
       @messages = {}
@@ -45,6 +48,9 @@ module SelfSDK
       @offset = read_offset
 
       FileUtils.mkdir_p @storage_dir unless File.exist? @storage_dir
+      unless options.include? :no_crypto
+        @encryption_client = Crypto.new(@client, @device_id, storage_folder, storage_key)
+      end
 
       if options.include? :ws
         @ws = options[:ws]

data/lib/selfsdk.rb

@@ -53,6 +53,7 @@ module SelfSDK
       unless messaging_url.nil?
         @messaging_client = MessagingClient.new(messaging_url,
                                                 @client,
+                                                storage_key,
                                                 storage_dir: opts.fetch(:storage_dir, MessagingClient::DEFAULT_STORAGE_DIR),
                                                 auto_reconnect: opts.fetch(:auto_reconnect, MessagingClient::DEFAULT_AUTO_RECONNECT),
                                                 device_id: opts.fetch(:device_id, MessagingClient::DEFAULT_DEVICE))

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: selfsdk
 version: !ruby/object:Gem::Version
-  version: 0.0.136
+  version: 0.0.137
 platform: ruby
 authors:
 - Aldgate Ventures
@@ -10,6 +10,20 @@ bindir: bin
 cert_chain: []
 date: 2011-09-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: self_crypto
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: async
   requirement: !ruby/object:Gem::Requirement
@@ -299,6 +313,7 @@ files:
 - lib/acl.rb
 - lib/authenticated.rb
 - lib/client.rb
+- lib/crypto.rb
 - lib/jwt_service.rb
 - lib/log.rb
 - lib/messages/attestation.rb