remove Todo.md

[matrix_esp_thesis] / examples / Verify.c

#include <matrix.h>\r
#include <mjson.h>\r
#include <olm/sas.h>\r
\r
#include <stdio.h>\r
\r
#define SERVER       "https://matrix.org"\r
#define USER_ID      "@pscho:matrix.org"\r
\r
#define DEVICE_ID    "ULZZOKJBYN"\r
#define SENDER_KEY   "cjP41XzRlY+pd8DoiBuKQJj9o15mrx6gkrpqTkAPZ2c"\r
#define ROOM_ID      "!XKFUjAsGrSSrpDFIxB:matrix.org"\r
#define EVENT_ID     "$vOS09eUaI0CduqAcaIU5ZVk6ljLQfLspz7UThP8vaUM"\r
#define SESSION_ID   "90UbGLue3ADVhvW7hFjoA2c6yg0JJKs/lPdMDZXnZAk"\r
\r
\r
bool verified = false;\r
char transactionId[256];\r
OlmSAS * olmSas = NULL;\r
\r
void\r
HandleEvent(\r
    MatrixClient * client,\r
    const char * event, int eventLen\r
) {\r
    static char eventType[128];\r
    memset(eventType, 0, sizeof(eventType));\r
    mjson_get_string(event, eventLen, "$.type", eventType, 128);\r
\r
    if (strcmp(eventType, "m.key.verification.request") == 0) {\r
        mjson_get_string(event, eventLen, "$.content.transaction_id", transactionId, 256);\r
        \r
        char verificationReadyBuffer[2048];\r
        snprintf(verificationReadyBuffer, 2048,\r
            "{"\r
            "\"from_device\":\"%s\","\r
            "\"methods\":[\"m.sas.v1\"],"\r
            "\"transaction_id\":\"%s\""\r
            "}",\r
            client->deviceId,\r
            transactionId);\r
        \r
        MatrixClientSendToDevice(client,\r
            USER_ID,\r
            DEVICE_ID,\r
            verificationReadyBuffer,\r
            "m.key.verification.ready");\r
    }\r
    else if (strcmp(eventType, "m.key.verification.start") == 0) {\r
        olmSas = olm_sas(malloc(olm_sas_size()));\r
        void * sasRandomBytes = malloc(olm_create_sas_random_length(olmSas));\r
        olm_create_sas(olmSas,\r
            sasRandomBytes,\r
            olm_create_sas_random_length(olmSas));\r
        \r
        OlmUtility * olmUtil = olm_utility(malloc(olm_utility_size()));\r
        \r
        char publicKey[128];\r
        char keyStartJsonCanonical[1024];\r
        char concat[1024];\r
        char commitment[256];\r
        olm_sas_get_pubkey(olmSas,\r
            publicKey,\r
            128);\r
        printf("public key: %.*s\n", olm_sas_pubkey_length(olmSas), publicKey);\r
\r
        const char * keyStartJson;\r
        int keyStartJsonLen;\r
        mjson_find(event, eventLen, "$.content", &keyStartJson, &keyStartJsonLen);\r
        JsonCanonicalize(keyStartJson, keyStartJsonLen, keyStartJsonCanonical, 1024);\r
\r
        printf("json:\n%.*s\ncanonical json:\n%s\n", keyStartJsonLen, keyStartJson, keyStartJsonCanonical);\r
\r
        int concatLen =\r
            snprintf(concat, 1024, "%.*s%s", olm_sas_pubkey_length(olmSas), publicKey, keyStartJsonCanonical);\r
\r
        int commitmentLen =\r
            olm_sha256(olmUtil, concat, concatLen, commitment, 256);\r
        \r
        char verificationAcceptBuffer[2048];\r
        snprintf(verificationAcceptBuffer, 2048,\r
            "{"\r
            "\"commitment\":\"%.*s\","\r
            "\"hash\":\"sha256\","\r
            "\"key_agreement_protocol\":\"curve25519\","\r
            "\"message_authentication_code\":\"hkdf-hmac-sha256.v2\","\r
            "\"method\":\"m.sas.v1\","\r
            "\"short_authentication_string\":[\"decimal\"],"\r
            "\"transaction_id\":\"%s\""\r
            "}",\r
            commitmentLen, commitment,\r
            transactionId);\r
        \r
        MatrixClientSendToDevice(client,\r
            USER_ID,\r
            DEVICE_ID,\r
            verificationAcceptBuffer,\r
            "m.key.verification.accept");\r
    }\r
    else if (strcmp(eventType, "m.key.verification.key") == 0) {\r
        char publicKey[128];\r
        olm_sas_get_pubkey(olmSas,\r
            publicKey,\r
            128);\r
\r
        char theirPublicKey[128];\r
        int theirPublicKeyLen =\r
            mjson_get_string(event, eventLen, "$.content.key", theirPublicKey, 128);\r
        \r
        printf("event: %.*s\n", eventLen, event);\r
        printf("theirPublicKey: %.*s\n", theirPublicKeyLen, theirPublicKey);\r
        printf("publicKey: %.*s\n", olm_sas_pubkey_length(olmSas), publicKey);\r
\r
        olm_sas_set_their_key(olmSas, theirPublicKey, theirPublicKeyLen);\r
        \r
        char verificationKeyBuffer[2048];\r
        snprintf(verificationKeyBuffer, 2048,\r
            "{"\r
            "\"key\":\"%.*s\","\r
            "\"transaction_id\":\"%s\""\r
            "}",\r
            olm_sas_pubkey_length(olmSas), publicKey,\r
            transactionId);\r
        \r
        MatrixClientSendToDevice(client,\r
            USER_ID,\r
            DEVICE_ID,\r
            verificationKeyBuffer,\r
            "m.key.verification.key");\r
        \r
        // sas\r
        char hkdfInfo[1024];\r
        int hkdfInfoLen =\r
            snprintf(hkdfInfo, 1024,\r
                "MATRIX_KEY_VERIFICATION_SAS%s%s%s%s%s",\r
                USER_ID,\r
                DEVICE_ID,\r
                USER_ID,\r
                client->deviceId,\r
                transactionId);\r
\r
        unsigned char sasBytes[5];\r
        olm_sas_generate_bytes(olmSas,\r
            hkdfInfo, hkdfInfoLen,\r
            sasBytes, 5);\r
        int b0 = sasBytes[0];\r
        int b1 = sasBytes[1];\r
        int b2 = sasBytes[2];\r
        int b3 = sasBytes[3];\r
        int b4 = sasBytes[4];\r
        \r
        printf("%d %d %d %d %d\n", b0, b1, b2, b3, b4);\r
\r
        // https://spec.matrix.org/v1.7/client-server-api/#sas-method-decimal\r
        printf("%d | %d | %d\n",\r
            (b0 << 5 | b1 >> 3) + 1000,\r
            ((b1 & 0x7) << 10 | b2 << 2 | b3 >> 6) + 1000,\r
            ((b3 & 0x3F) << 7 | b4 >> 1) + 1000);\r
        printf("%d | %d | %d\n",\r
            ((b0 << 5) | (b1 >> 3)) + 1000,\r
            (((b1 & 0x7) << 10) | (b2 << 2) | (b3 >> 6)) + 1000,\r
            (((b3 & 0x3F) << 7) | (b4 >> 1)) + 1000);\r
    }\r
    else if (strcmp(eventType, "m.key.verification.mac") == 0) {        \r
        // mac\r
        const char * masterKey = "vt8tJ5/SxqkvXS+XoGxr+4rJNe8fJfZT3/e/FTwlFsI";\r
\r
        char keyList[1024];\r
        char keyListMac[1024];\r
        char key1Id[1024];\r
        char key1[1024];\r
        char key1Mac[1024];\r
        char key2Id[1024];\r
        char key2[1024];\r
        char key2Mac[1024];\r
\r
        if (strcmp(masterKey, client->deviceId) < 0) {\r
            snprintf(key1Id, 1024, "ed25519:%s", masterKey);\r
            strcpy(key1, masterKey);\r
            snprintf(key2Id, 1024, "ed25519:%s", client->deviceId);\r
            MatrixOlmAccountGetSigningKey(&client->olmAccount, key2, 1024);\r
        }\r
        else {\r
            snprintf(key1Id, 1024, "ed25519:%s", client->deviceId);\r
            MatrixOlmAccountGetSigningKey(&client->olmAccount, key1, 1024);\r
            snprintf(key2Id, 1024, "ed25519:%s", masterKey);\r
            strcpy(key2, masterKey);\r
        }\r
\r
        snprintf(keyList, 1024,\r
            "%s,%s", key1Id, key2Id);\r
        \r
        char macInfo[1024];\r
        int macInfoLen;\r
        {\r
            macInfoLen =\r
                snprintf(macInfo, 1024,\r
                    "MATRIX_KEY_VERIFICATION_MAC%s%s%s%s%s%s",\r
                    USER_ID,\r
                    client->deviceId,\r
                    USER_ID,\r
                    DEVICE_ID,\r
                    transactionId,\r
                    "KEY_IDS");\r
            olm_sas_calculate_mac_fixed_base64(olmSas, keyList, strlen(keyList), macInfo, macInfoLen, keyListMac, 1024);\r
        }\r
        {\r
            macInfoLen =\r
                snprintf(macInfo, 1024,\r
                    "MATRIX_KEY_VERIFICATION_MAC%s%s%s%s%s%s",\r
                    USER_ID,\r
                    client->deviceId,\r
                    USER_ID,\r
                    DEVICE_ID,\r
                    transactionId,\r
                    key1Id);\r
            olm_sas_calculate_mac_fixed_base64(olmSas, key1, strlen(key1), macInfo, macInfoLen, key1Mac, 1024);\r
        }\r
        {\r
            macInfoLen =\r
                snprintf(macInfo, 1024,\r
                    "MATRIX_KEY_VERIFICATION_MAC%s%s%s%s%s%s",\r
                    USER_ID,\r
                    client->deviceId,\r
                    USER_ID,\r
                    DEVICE_ID,\r
                    transactionId,\r
                    key2Id);\r
            olm_sas_calculate_mac_fixed_base64(olmSas, key2, strlen(key2), macInfo, macInfoLen, key2Mac, 1024);\r
        }\r
\r
        char verificationMacBuffer[2048];\r
        snprintf(verificationMacBuffer, 2048,\r
            "{"\r
            "\"keys\":\"%s\","\r
            "\"mac\":{"\r
            "\"%s\":\"%s\","\r
            "\"%s\":\"%s\""\r
            "},"\r
            "\"transaction_id\":\"%s\""\r
            "}",\r
            keyListMac,\r
            key1Id,\r
            key1Mac,\r
            key2Id,\r
            key2Mac,\r
            transactionId);\r
        \r
        MatrixClientSendToDevice(client,\r
            USER_ID,\r
            DEVICE_ID,\r
            verificationMacBuffer,\r
            "m.key.verification.mac");\r
\r
        char verificationDoneBuffer[2048];\r
        snprintf(verificationDoneBuffer, 2048,\r
            "{"\r
            "\"transaction_id\":\"%s\""\r
            "}",\r
            transactionId);\r
        \r
        MatrixClientSendToDevice(client,\r
            USER_ID,\r
            DEVICE_ID,\r
            verificationDoneBuffer,\r
            "m.key.verification.done");\r
        \r
        verified = true;\r
    }\r
    else if (strcmp(eventType, "m.room.encrypted") == 0) {\r
        static char algorithm[128];\r
        mjson_get_string(event, eventLen, "$.content.algorithm", algorithm, 128);\r
\r
        if (strcmp(algorithm, "m.olm.v1.curve25519-aes-sha2") == 0) {\r
            static char thisDeviceKey[DEVICE_KEY_SIZE];\r
            MatrixOlmAccountGetDeviceKey(&client->olmAccount, thisDeviceKey, DEVICE_KEY_SIZE);\r
\r
            static char jp[128];\r
            snprintf(jp, 128, "$.content.ciphertext.%s.type", thisDeviceKey);\r
\r
            double messageType;\r
            mjson_get_number(event, eventLen, jp, &messageType);\r
            int messageTypeInt = (int)messageType;\r
            \r
            static char encrypted[2048];\r
            static char decrypted[2048];\r
\r
            snprintf(jp, 128, "$.content.ciphertext.%s.body", thisDeviceKey);\r
\r
            mjson_get_string(event, eventLen, jp, encrypted, 2048);\r
\r
            MatrixOlmSession * olmSession;\r
            if (messageTypeInt == 0) {\r
                MatrixClientGetOlmSessionIn(client,\r
                    USER_ID,\r
                    DEVICE_ID,\r
                    encrypted,\r
                    &olmSession);\r
            } else {\r
                MatrixClientGetOlmSessionOut(client,\r
                    USER_ID,\r
                    DEVICE_ID,\r
                    &olmSession);\r
            }\r
\r
            printf("event: %.*s\n", eventLen, event);\r
            printf("encrypted: %s\n", encrypted);\r
            \r
            MatrixOlmSessionDecrypt(olmSession,\r
                messageTypeInt, encrypted, decrypted, 2048);\r
            \r
            printf("decrypted: %s\n", decrypted);\r
            \r
            HandleEvent(client, decrypted, strlen(decrypted));\r
        }\r
    }\r
    else if (strcmp(eventType, "m.room_key") == 0) {\r
        static char roomId[128];\r
        static char sessionId[128];\r
        static char sessionKey[1024];\r
        mjson_get_string(event, eventLen, "$.content.room_id", roomId, 128);\r
        mjson_get_string(event, eventLen, "$.content.session_id", sessionId, 128);\r
        mjson_get_string(event, eventLen, "$.content.session_key", sessionKey, 1024);\r
        \r
        printf("sessionId: %s\n", sessionId);\r
        printf("sessionKey: %s\n", sessionKey);\r
\r
        MatrixMegolmInSession * megolmInSession;\r
        MatrixClientNewMegolmInSession(client, roomId, sessionId, sessionKey, &megolmInSession);\r
    }\r
    else if (strcmp(eventType, "m.forwarded_room_key") == 0) {\r
        static char roomId[128];\r
        static char sessionId[128];\r
        static char sessionKey[1024];\r
        mjson_get_string(event, eventLen, "$.content.room_id", roomId, 128);\r
        mjson_get_string(event, eventLen, "$.content.session_id", sessionId, 128);\r
        mjson_get_string(event, eventLen, "$.content.session_key", sessionKey, 1024);\r
        \r
        printf("sessionId: %s\n", sessionId);\r
        printf("sessionKey: %s\n", sessionKey);\r
\r
        MatrixMegolmInSession * megolmInSession;\r
        MatrixClientNewMegolmInSession(client, roomId, sessionId, sessionKey, &megolmInSession);\r
    }\r
}\r
\r
void\r
HandleRoomEvent(\r
    MatrixClient * client,\r
    const char * room, int roomLen,\r
    const char * event, int eventLen)\r
{\r
    static char eventType[128];\r
    memset(eventType, 0, sizeof(eventType));\r
    mjson_get_string(event, eventLen, "$.type", eventType, 128);\r
\r
    if (strcmp(eventType, "m.room.encrypted") == 0) {\r
        static char algorithm[128];\r
        mjson_get_string(event, eventLen, "$.content.algorithm", algorithm, 128);\r
\r
        if (strcmp(algorithm, "m.megolm.v1.aes-sha2") == 0) {\r
            static char sessionId[128];\r
            int sessionIdLen =\r
                mjson_get_string(event, eventLen, "$.content.session_id", sessionId, 128);\r
\r
            bool res;\r
\r
            MatrixMegolmInSession * megolmInSession;\r
            res = MatrixClientGetMegolmInSession(client,\r
                room, roomLen,\r
                sessionId, sessionIdLen,\r
                &megolmInSession);\r
\r
            if (res) {\r
                static char encrypted[2048];\r
                static char decrypted[2048];\r
                mjson_get_string(event, eventLen, "$.content.ciphertext", encrypted, 2048);\r
\r
                MatrixMegolmInSessionDecrypt(megolmInSession, encrypted, strlen(encrypted), decrypted, 2048);\r
\r
                printf("decrypted: %s\n", decrypted);\r
\r
                HandleEvent(client, decrypted, strlen(decrypted));\r
            }\r
            else {\r
                printf("megolm session not known\n");\r
            }\r
        }\r
    }\r
    HandleEvent(client, event, eventLen);\r
}\r
\r
void\r
Sync(\r
    MatrixClient * client\r
) {\r
    static char nextBatch[1024];\r
\r
    static char syncBuffer[1024*50];\r
    MatrixClientSync(client, syncBuffer, 1024*50, nextBatch);\r
    \r
    int res;\r
\r
    const char * s = syncBuffer;\r
    int slen = strlen(syncBuffer);\r
    \r
    // {\r
    // int koff, klen, voff, vlen, vtype, off = 0;\r
    // for (off = 0; (off = mjson_next(s, slen, off, &koff, &klen,\r
    //                                 &voff, &vlen, &vtype)) != 0; ) {\r
    //     const char * k = s + koff;\r
    //     const char * v = s + voff;\r
\r
    //     printf("%.*s: %.100s\n", klen, k, v);\r
    // }\r
    // }\r
\r
    mjson_get_string(s, slen, "$.next_batch", nextBatch, 1024);\r
\r
    // to_device\r
\r
    const char * events;\r
    int eventsLen;\r
    res =\r
        mjson_find(s, slen, "$.to_device.events", &events, &eventsLen);\r
    \r
    if (res != MJSON_TOK_INVALID) {\r
        {\r
        int koff, klen, voff, vlen, vtype, off = 0;\r
        for (off = 0; (off = mjson_next(events, eventsLen, off, &koff, &klen,\r
                                        &voff, &vlen, &vtype)) != 0; ) {\r
            const char * v = events + voff;\r
\r
            HandleEvent(client, v, vlen);\r
        }\r
        }\r
    }\r
\r
    // rooms\r
    \r
    const char * rooms;\r
    int roomsLen;\r
    res =\r
        mjson_find(s, slen, "$.rooms.join", &rooms, &roomsLen);\r
    \r
    if (res != MJSON_TOK_INVALID) {\r
        {\r
        int koff, klen, voff, vlen, vtype, off = 0;\r
        for (off = 0; (off = mjson_next(rooms, roomsLen, off, &koff, &klen,\r
                                        &voff, &vlen, &vtype)) != 0; ) {\r
            const char * k = rooms + koff;\r
            const char * v = rooms + voff;\r
\r
            const char * events;\r
            int eventsLen;\r
            res =\r
                mjson_find(v, vlen, "$.timeline.events", &events, &eventsLen);\r
            \r
            if (res != MJSON_TOK_INVALID) {\r
                {\r
                int koff2, klen2, voff2, vlen2, vtype2, off2 = 0;\r
                for (off2 = 0; (off2 = mjson_next(events, eventsLen, off2, &koff2, &klen2,\r
                                                &voff2, &vlen2, &vtype2)) != 0; ) {\r
                    const char * v2 = events + voff2;\r
\r
                    HandleRoomEvent(client,\r
                        k+1, klen-2,\r
                        v2, vlen2);\r
                }\r
                }\r
            }\r
        }\r
        }\r
    }\r
}\r
\r
\r
int\r
main(void)\r
{\r
    MatrixClient client;\r
    MatrixClientInit(&client,\r
        SERVER);\r
    MatrixHttpInit(&client);\r
    MatrixClientSetUserId(&client, USER_ID);\r
\r
    MatrixClientLoginPassword(&client,\r
        "pscho",\r
        "Wc23EbmB9G3faMq",\r
        "Test1");\r
    printf("deviceId: %s\n", client.deviceId);\r
    MatrixClientGenerateOnetimeKeys(&client, 10);\r
    MatrixClientUploadOnetimeKeys(&client);\r
    MatrixClientUploadDeviceKey(&client);\r
\r
    static char eventBuffer[1024];\r
    MatrixClientGetRoomEvent(&client,\r
        ROOM_ID,\r
        EVENT_ID,\r
        eventBuffer, 1024);\r
    printf("event: %s\n", eventBuffer);\r
    \r
    while (! verified)\r
        Sync(&client);\r
    \r
    // while (getchar() != 'q')\r
    //     Sync(&client);\r
    \r
    MatrixClientRequestMegolmInSession(&client,\r
        ROOM_ID,\r
        SESSION_ID,\r
        SENDER_KEY,\r
        USER_ID,\r
        DEVICE_ID);\r
\r
    MatrixMegolmInSession * megolmInSession;\r
    while (! MatrixClientGetMegolmInSession(&client,\r
        ROOM_ID, strlen(ROOM_ID),\r
        SESSION_ID, strlen(SESSION_ID),\r
        &megolmInSession))\r
        Sync(&client);\r
\r
    static char encryptedBuffer[1024];\r
    int encryptedBufferLen =\r
        mjson_get_string(eventBuffer, strlen(eventBuffer), "$.content.ciphertext", encryptedBuffer, 1024);\r
    \r
    printf("encryptedBuffer: [%.*s]\n", encryptedBufferLen, encryptedBuffer);\r
\r
    static char decryptedBuffer[1024];\r
    MatrixMegolmInSessionDecrypt(megolmInSession,\r
        encryptedBuffer, encryptedBufferLen,\r
        decryptedBuffer, 1024);\r
\r
    printf("decrypted: %s\n", decryptedBuffer);\r
\r
    MatrixClientDeleteDevice(&client);\r
        \r
    MatrixHttpDeinit(&client);\r
\r
    return 0;\r
}\r