Mirror
/
go-neb
mirror of https://github.com/matrix-org/go-neb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
607 Commits
120 Branches
3 Tags
12 MiB
Tree: 3ba3d4600f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3ba3d4600f'
${ noResults }
go-neb/services/cryptotest/cryptotest.go

353 lines
12 KiB
Raw Normal View History

SAS verification and cryptotest service (#333) * Handle SAS verification by exposing an endpoint where the SAS can be sent to be verified Signed-off-by: Nikos Filippakis <me@nfil.dev> * Init cryptotest service with basic commands * Add cryptotest service with challenge request / response / session invalidation commands Signed-off-by: Nikos Filippakis <me@nfil.dev> * Add cryptotest methods for testing key forwarding Signed-off-by: Nikos Filippakis <me@nfil.dev> * Add help messages for cryptotest cmds Signed-off-by: Nikos Filippakis <me@nfil.dev> * Add newer apt repository for updated libolm Signed-off-by: Nikos Filippakis <me@nfil.dev> * Move command functionalities for cryptotest to different functions Signed-off-by: Nikos Filippakis <me@nfil.dev> * Fixed cryptotest service and package name from echo Signed-off-by: Nikos Filippakis <me@nfil.dev> * Control which users can start a SAS verification with Neb through regexes in the config Signed-off-by: Nikos Filippakis <me@nfil.dev> * Have maximum number of ongoing verifications at any time Signed-off-by: Nikos Filippakis <me@nfil.dev> * Fix Trace to Tracef Signed-off-by: Nikos Filippakis <me@nfil.dev>
4 years ago
  1. // Package cryptotest implements a Service which provides several commands for testing the e2e functionalities of other devices.
  2. package cryptotest
  4. import (
  5. "fmt"
  6. "math/rand"
  7. "strconv"
  8. "time"
  10. "github.com/matrix-org/go-neb/clients"
  11. "github.com/matrix-org/go-neb/types"
  12. log "github.com/sirupsen/logrus"
  13. "maunium.net/go/mautrix"
  14. "maunium.net/go/mautrix/crypto"
  15. mevt "maunium.net/go/mautrix/event"
  16. "maunium.net/go/mautrix/id"
  17. )
  19. // ServiceType of the Cryptotest service
  20. const ServiceType = "cryptotest"
  22. var expectedString map[id.RoomID]string
  24. var helpMsgs = map[string]string{
  25. "crypto_help": ": Displays the help message",
  26. "crypto_challenge": "[prefix] : The bot sets a random challenge for the room and echoes it. " +
  27. "The client tested should respond with \"!crypto_response challenge\"." +
  28. "Alternatively the prefix that the challenge will be echoed with can be set.",
  29. "crypto_response": "<challenge> : Should repeat the crypto_challenge's challenge code.",
  30. "crypto_new_session": ": Asks the bot to invalidate its current outgoing group session and create a new one.",
  31. "sas_verify_me": "<device_id> : Asks the bot to start a decimal SAS verification transaction with the sender's specified device.",
  32. "sas_decimal_code": "<device_id> <sas1> <sas2> <sas3> : Sends the device's generated decimal SAS code for the bot to verify, " +
  33. "after a \"!sas_verify_me\" command.",
  34. "request_my_room_key": "<device_id> <sender_key> <session_id> : Asks the bot to request the room key for the current room " +
  35. "and given sender key and session ID from the sender's given device.",
  36. "forward_me_room_key": "<device_id> <sender_key> <session_id> : Asks the bot to send the room key for the current room " +
  37. "and given sender key and session ID to the sender's given device.",
  38. }
  40. // Service represents the Cryptotest service. It has no Config fields.
  41. type Service struct {
  42. types.DefaultService
  43. Rooms []id.RoomID `json:"rooms"`
  44. }
  46. func randomString() (res string) {
  47. for i := 0; i < 10; i++ {
  48. res += string(rune(rand.Intn('Z'-'A') + 'A'))
  49. }
  50. return
  51. }
  53. func (s *Service) inRoom(roomID id.RoomID) bool {
  54. for _, joinedRoomID := range s.Rooms {
  55. if joinedRoomID == roomID {
  56. return true
  57. }
  58. }
  59. return false
  60. }
  62. func (s *Service) handleEventMessage(source mautrix.EventSource, evt *mevt.Event) {
  63. log.Infof("got a %v", evt.Content.AsMessage().Body)
  64. }
  66. func (s *Service) cmdCryptoHelp(roomID id.RoomID) (interface{}, error) {
  67. if s.inRoom(roomID) {
  68. helpTxt := "Supported crypto test methods:\n\n"
  69. for cmd, helpMsg := range helpMsgs {
  70. helpTxt += fmt.Sprintf("!%v %v\n\n", cmd, helpMsg)
  71. }
  72. return mevt.MessageEventContent{MsgType: mevt.MsgText, Body: helpTxt}, nil
  73. }
  74. return nil, nil
  75. }
  77. func (s *Service) cmdCryptoChallenge(roomID id.RoomID, arguments []string) (interface{}, error) {
  78. if s.inRoom(roomID) {
  79. randStr := randomString()
  80. log.Infof("Setting challenge for room %v: %v", roomID, expectedString)
  81. expectedString[roomID] = randStr
  82. prefix := "!challenge"
  83. if len(arguments) > 0 {
  84. prefix = arguments[0]
  85. }
  86. return mevt.MessageEventContent{MsgType: mevt.MsgText, Body: fmt.Sprintf("%v %v", prefix, randStr)}, nil
  87. }
  88. return nil, nil
  89. }
  91. func (s *Service) cmdCryptoResponse(userID id.UserID, roomID id.RoomID, arguments []string) (interface{}, error) {
  92. if s.inRoom(roomID) {
  93. if len(arguments) != 1 {
  94. return mevt.MessageEventContent{
  95. MsgType: mevt.MsgText,
  96. Body: "!crypto_response " + helpMsgs["crypto_response"],
  97. }, nil
  98. }
  99. if arguments[0] == expectedString[roomID] {
  100. return mevt.MessageEventContent{
  101. MsgType: mevt.MsgText,
  102. Body: fmt.Sprintf("Correct response received from %v", userID.String()),
  103. }, nil
  104. }
  105. return mevt.MessageEventContent{
  106. MsgType: mevt.MsgText,
  107. Body: fmt.Sprintf("Incorrect response received from %v", userID.String()),
  108. }, nil
  109. }
  110. return nil, nil
  111. }
  113. func (s *Service) cmdCryptoNewSession(botClient *clients.BotClient, roomID id.RoomID) (interface{}, error) {
  114. if s.inRoom(roomID) {
  115. sessionID, err := botClient.InvalidateRoomSession(roomID)
  116. if err != nil {
  117. log.WithField("room_id", roomID).Errorf("Error invalidating session ID: %v", err)
  118. return mevt.MessageEventContent{MsgType: mevt.MsgText, Body: fmt.Sprintf("Error invalidating session ID: %v", sessionID)}, nil
  119. }
  120. return mevt.MessageEventContent{
  121. MsgType: mevt.MsgText,
  122. Body: fmt.Sprintf("Invalidated previous session ID (%v)", sessionID),
  123. }, nil
  124. }
  125. return nil, nil
  126. }
  128. func (s *Service) cmdSASVerifyMe(botClient *clients.BotClient, roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  129. if s.inRoom(roomID) {
  130. if len(arguments) != 1 {
  131. return mevt.MessageEventContent{
  132. MsgType: mevt.MsgText,
  133. Body: "sas_verify_me " + helpMsgs["sas_verify_me"],
  134. }, nil
  135. }
  136. deviceID := id.DeviceID(arguments[0])
  137. transaction, err := botClient.StartSASVerification(userID, deviceID)
  138. if err != nil {
  139. log.WithFields(log.Fields{"user_id": userID, "device_id": deviceID}).WithError(err).Error("Error starting SAS verification")
  140. return mevt.MessageEventContent{
  141. MsgType: mevt.MsgText,
  142. Body: fmt.Sprintf("Error starting SAS verification: %v", err),
  143. }, nil
  144. }
  145. return mevt.MessageEventContent{
  146. MsgType: mevt.MsgText,
  147. Body: fmt.Sprintf("Started SAS verification with user %v device %v: transaction %v", userID, deviceID, transaction),
  148. }, nil
  149. }
  150. return nil, nil
  151. }
  153. func (s *Service) cmdSASVerifyDecimalCode(botClient *clients.BotClient, roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  154. if s.inRoom(roomID) {
  155. if len(arguments) != 4 {
  156. return mevt.MessageEventContent{
  157. MsgType: mevt.MsgText,
  158. Body: "sas_decimal_code " + helpMsgs["sas_decimal_code"],
  159. }, nil
  160. }
  161. deviceID := id.DeviceID(arguments[0])
  162. var decimalSAS crypto.DecimalSASData
  163. for i := 0; i < 3; i++ {
  164. sasCode, err := strconv.Atoi(arguments[i+1])
  165. if err != nil {
  166. log.WithFields(log.Fields{"user_id": userID, "device_id": deviceID}).WithError(err).Error("Error reading SAS code")
  167. return mevt.MessageEventContent{
  168. MsgType: mevt.MsgText,
  169. Body: fmt.Sprintf("Error reading SAS code: %v", err),
  170. }, nil
  171. }
  172. decimalSAS[i] = uint(sasCode)
  173. }
  174. botClient.SubmitDecimalSAS(userID, deviceID, decimalSAS)
  175. return mevt.MessageEventContent{
  176. MsgType: mevt.MsgText,
  177. Body: fmt.Sprintf("Read SAS code from user %v device %v: %v", userID, deviceID, decimalSAS),
  178. }, nil
  179. }
  180. return nil, nil
  181. }
  183. func (s *Service) cmdRequestRoomKey(botClient *clients.BotClient, roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  184. if s.inRoom(roomID) {
  185. if len(arguments) != 3 {
  186. return mevt.MessageEventContent{
  187. MsgType: mevt.MsgText,
  188. Body: "request_my_room_key " + helpMsgs["request_my_room_key"],
  189. }, nil
  190. }
  191. deviceID := id.DeviceID(arguments[0])
  192. senderKey := id.SenderKey(arguments[1])
  193. sessionID := id.SessionID(arguments[2])
  194. receivedChan, err := botClient.SendRoomKeyRequest(userID, deviceID, roomID, senderKey, sessionID, time.Minute)
  195. if err != nil {
  196. log.WithFields(log.Fields{
  197. "user_id": userID,
  198. "device_id": deviceID,
  199. "sender_key": senderKey,
  200. "session_id": sessionID,
  201. }).WithError(err).Error("Error requesting room key")
  202. return mevt.MessageEventContent{
  203. MsgType: mevt.MsgText,
  204. Body: fmt.Sprintf("Error requesting room key for session %v: %v", sessionID, err),
  205. }, nil
  206. }
  207. go func() {
  208. var result string
  209. received := <-receivedChan
  210. if received {
  211. result = "Key received successfully!"
  212. } else {
  213. result = "Key was not received in the time limit"
  214. }
  215. content := mevt.MessageEventContent{
  216. MsgType: mevt.MsgText,
  217. Body: fmt.Sprintf("Room key request for session %v result: %v", sessionID, result),
  218. }
  219. if _, err := botClient.SendMessageEvent(roomID, mevt.EventMessage, content); err != nil {
  220. log.WithFields(log.Fields{
  221. "room_id": roomID,
  222. "content": content,
  223. }).WithError(err).Error("Failed to send room key request result to room")
  224. }
  225. }()
  226. return mevt.MessageEventContent{
  227. MsgType: mevt.MsgText,
  228. Body: fmt.Sprintf("Sent room key request for session %v to device %v", sessionID, deviceID),
  229. }, nil
  230. }
  231. return nil, nil
  232. }
  234. func (s *Service) cmdForwardRoomKey(botClient *clients.BotClient, roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  235. if s.inRoom(roomID) {
  236. if len(arguments) != 3 {
  237. return mevt.MessageEventContent{
  238. MsgType: mevt.MsgText,
  239. Body: "forward_me_room_key " + helpMsgs["forward_me_room_key"],
  240. }, nil
  241. }
  242. deviceID := id.DeviceID(arguments[0])
  243. senderKey := id.SenderKey(arguments[1])
  244. sessionID := id.SessionID(arguments[2])
  245. err := botClient.ForwardRoomKeyToDevice(userID, deviceID, roomID, senderKey, sessionID)
  246. if err != nil {
  247. log.WithFields(log.Fields{
  248. "user_id": userID,
  249. "device_id": deviceID,
  250. "sender_key": senderKey,
  251. "session_id": sessionID,
  252. }).WithError(err).Error("Error forwarding room key")
  253. return mevt.MessageEventContent{
  254. MsgType: mevt.MsgText,
  255. Body: fmt.Sprintf("Error forwarding room key for session %v: %v", sessionID, err),
  256. }, nil
  257. }
  258. return mevt.MessageEventContent{
  259. MsgType: mevt.MsgText,
  260. Body: fmt.Sprintf("Forwarded room key for session %v to device %v", sessionID, deviceID),
  261. }, nil
  262. }
  263. return nil, nil
  264. }
  266. // Commands supported:
  267. // !crypto_help Displays a help string
  268. // !crypto_challenge Sets a challenge for a room which clients should reply to with !crypto_response
  269. // !crypto_response Used by the client to repeat the room challenge
  270. // !crypto_new_session Invalidates the bot's current outgoing session
  271. // !sas_verify_me Asks the bot to verify the sender
  272. // !sas_decimal_code Sends the sender's SAS code to the bot for verification
  273. // !request_my_room_key Asks the bot to request a room key from the sender
  274. // !forward_me_room_key Asks the bot to forward a room key to the sender
  275. // This service can be used for testing other clients by writing the commands above in a room where this service is enabled.
  276. func (s *Service) Commands(cli types.MatrixClient) []types.Command {
  277. botClient := cli.(*clients.BotClient)
  278. return []types.Command{
  279. {
  280. Path: []string{"crypto_help"},
  281. Command: func(roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  282. return s.cmdCryptoHelp(roomID)
  283. },
  284. },
  285. {
  286. Path: []string{"crypto_challenge"},
  287. Command: func(roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  288. return s.cmdCryptoChallenge(roomID, arguments)
  289. },
  290. },
  291. {
  292. Path: []string{"crypto_response"},
  293. Command: func(roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  294. return s.cmdCryptoResponse(userID, roomID, arguments)
  295. },
  296. },
  297. {
  298. Path: []string{"crypto_new_session"},
  299. Command: func(roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  300. return s.cmdCryptoNewSession(botClient, roomID)
  301. },
  302. },
  303. {
  304. Path: []string{"sas_verify_me"},
  305. Command: func(roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  306. return s.cmdSASVerifyMe(botClient, roomID, userID, arguments)
  307. },
  308. },
  309. {
  310. Path: []string{"sas_decimal_code"},
  311. Command: func(roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  312. return s.cmdSASVerifyDecimalCode(botClient, roomID, userID, arguments)
  313. },
  314. },
  315. {
  316. Path: []string{"request_my_room_key"},
  317. Command: func(roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  318. return s.cmdRequestRoomKey(botClient, roomID, userID, arguments)
  319. },
  320. },
  321. {
  322. Path: []string{"forward_me_room_key"},
  323. Command: func(roomID id.RoomID, userID id.UserID, arguments []string) (interface{}, error) {
  324. return s.cmdForwardRoomKey(botClient, roomID, userID, arguments)
  325. },
  326. },
  327. }
  328. }
  330. // Register registers
  331. func (s *Service) Register(oldService types.Service, client types.MatrixClient) error {
  332. botClient := client.(*clients.BotClient)
  333. botClient.Syncer.(mautrix.ExtensibleSyncer).OnEventType(mevt.EventMessage, s.handleEventMessage)
  334. for _, roomID := range s.Rooms {
  335. if _, err := client.JoinRoom(roomID.String(), "", nil); err != nil {
  336. log.WithFields(log.Fields{
  337. log.ErrorKey: err,
  338. "room_id": roomID,
  339. }).Error("Failed to join room")
  340. }
  341. }
  342. return nil
  343. }
  345. func init() {
  346. expectedString = make(map[id.RoomID]string)
  347. types.RegisterService(func(serviceID string, serviceUserID id.UserID, webhookEndpointURL string) types.Service {
  348. s := &Service{
  349. DefaultService: types.NewDefaultService(serviceID, serviceUserID, ServiceType),
  350. }
  351. return s
  352. })
  353. }