gitweb.ps.run Git - matrix_esp_thesis/blob - esp32/esp_project/main/Verify.c

   1 #include <matrix.h>
   2 #include <mjson.h>
   3 #include <olm/sas.h>
   4
   5 #include <stdio.h>
   6
   7 #define SERVER       "https://matrix.org"
   8 #define USER_ID      "@pscho:matrix.org"
   9
  10 #define DEVICE_ID    "ULZZOKJBYN"
  11 #define SENDER_KEY   "cjP41XzRlY+pd8DoiBuKQJj9o15mrx6gkrpqTkAPZ2c"
  12 #define ROOM_ID      "!XKFUjAsGrSSrpDFIxB:matrix.org"
  13 #define EVENT_ID     "$vOS09eUaI0CduqAcaIU5ZVk6ljLQfLspz7UThP8vaUM"
  14 #define SESSION_ID   "90UbGLue3ADVhvW7hFjoA2c6yg0JJKs/lPdMDZXnZAk"
  15
  16 // main stack size: 3584
  17
  18 bool verified = false;
  19 char transactionId[64];
  20 OlmSAS * olmSas = NULL;
  21
  22 #define STATIC static
  23
  24 STATIC char encrypted[2048];
  25 STATIC char decrypted[2048];
  26
  27 void
  28 HandleEvent(
  29     MatrixClient * client,
  30     const char * event, int eventLen
  31 ) {
  32     STATIC char eventType[128];
  33     memset(eventType, 0, sizeof(eventType));
  34     mjson_get_string(event, eventLen, "$.type", eventType, 128);
  35
  36     if (strcmp(eventType, "m.key.verification.request") == 0) {
  37         mjson_get_string(event, eventLen, "$.content.transaction_id", transactionId, 256);
  38
  39         char verificationReadyBuffer[2048];
  40         snprintf(verificationReadyBuffer, 2048,
  41             "{"
  42             "\"from_device\":\"%s\","
  43             "\"methods\":[\"m.sas.v1\"],"
  44             "\"transaction_id\":\"%s\""
  45             "}",
  46             client->deviceId,
  47             transactionId);
  48
  49         MatrixClientSendToDevice(client,
  50             USER_ID,
  51             DEVICE_ID,
  52             verificationReadyBuffer,
  53             "m.key.verification.ready");
  54     }
  55     else if (strcmp(eventType, "m.key.verification.start") == 0) {
  56         olmSas = olm_sas(malloc(olm_sas_size()));
  57         void * sasRandomBytes = malloc(olm_create_sas_random_length(olmSas));
  58         olm_create_sas(olmSas,
  59             sasRandomBytes,
  60             olm_create_sas_random_length(olmSas));
  61
  62         OlmUtility * olmUtil = olm_utility(malloc(olm_utility_size()));
  63
  64         STATIC char publicKey[64];
  65         STATIC char keyStartJsonCanonical[128];
  66         STATIC char concat[128+64];
  67         STATIC char commitment[256];
  68         olm_sas_get_pubkey(olmSas,
  69             publicKey,
  70             64);
  71         printf("public key: %.*s\n", olm_sas_pubkey_length(olmSas), publicKey);
  72
  73         const char * keyStartJson;
  74         int keyStartJsonLen;
  75         mjson_find(event, eventLen, "$.content", &keyStartJson, &keyStartJsonLen);
  76         JsonCanonicalize(keyStartJson, keyStartJsonLen, keyStartJsonCanonical, 128);
  77
  78         printf("json:\n%.*s\ncanonical json:\n%s\n", keyStartJsonLen, keyStartJson, keyStartJsonCanonical);
  79
  80         int concatLen =
  81             snprintf(concat, 128+64, "%.*s%s", olm_sas_pubkey_length(olmSas), publicKey, keyStartJsonCanonical);
  82
  83         int commitmentLen =
  84             olm_sha256(olmUtil, concat, concatLen, commitment, 256);
  85
  86         STATIC char verificationAcceptBuffer[512];
  87         snprintf(verificationAcceptBuffer, 512,
  88             "{"
  89             "\"commitment\":\"%.*s\","
  90             "\"hash\":\"sha256\","
  91             "\"key_agreement_protocol\":\"curve25519\","
  92             "\"message_authentication_code\":\"hkdf-hmac-sha256.v2\","
  93             "\"method\":\"m.sas.v1\","
  94             "\"short_authentication_string\":[\"decimal\"],"
  95             "\"transaction_id\":\"%s\""
  96             "}",
  97             commitmentLen, commitment,
  98             transactionId);
  99
 100         MatrixClientSendToDevice(client,
 101             USER_ID,
 102             DEVICE_ID,
 103             verificationAcceptBuffer,
 104             "m.key.verification.accept");
 105     }
 106     else if (strcmp(eventType, "m.key.verification.key") == 0) {
 107         STATIC char publicKey[128];
 108         olm_sas_get_pubkey(olmSas,
 109             publicKey,
 110             128);
 111
 112         STATIC char theirPublicKey[128];
 113         int theirPublicKeyLen =
 114             mjson_get_string(event, eventLen, "$.content.key", theirPublicKey, 128);
 115
 116         printf("event: %.*s\n", eventLen, event);
 117         printf("theirPublicKey: %.*s\n", theirPublicKeyLen, theirPublicKey);
 118         printf("publicKey: %.*s\n", olm_sas_pubkey_length(olmSas), publicKey);
 119
 120         olm_sas_set_their_key(olmSas, theirPublicKey, theirPublicKeyLen);
 121
 122         STATIC char verificationKeyBuffer[256];
 123         snprintf(verificationKeyBuffer, 256,
 124             "{"
 125             "\"key\":\"%.*s\","
 126             "\"transaction_id\":\"%s\""
 127             "}",
 128             olm_sas_pubkey_length(olmSas), publicKey,
 129             transactionId);
 130
 131         MatrixClientSendToDevice(client,
 132             USER_ID,
 133             DEVICE_ID,
 134             verificationKeyBuffer,
 135             "m.key.verification.key");
 136
 137         // sas
 138         STATIC char hkdfInfo[1024];
 139         int hkdfInfoLen =
 140             snprintf(hkdfInfo, 1024,
 141                 "MATRIX_KEY_VERIFICATION_SAS%s%s%s%s%s",
 142                 USER_ID,
 143                 DEVICE_ID,
 144                 USER_ID,
 145                 client->deviceId,
 146                 transactionId);
 147
 148         unsigned char sasBytes[5];
 149         olm_sas_generate_bytes(olmSas,
 150             hkdfInfo, hkdfInfoLen,
 151             sasBytes, 5);
 152         int b0 = sasBytes[0];
 153         int b1 = sasBytes[1];
 154         int b2 = sasBytes[2];
 155         int b3 = sasBytes[3];
 156         int b4 = sasBytes[4];
 157
 158         printf("%d %d %d %d %d\n", b0, b1, b2, b3, b4);
 159
 160         // https://spec.matrix.org/v1.7/client-server-api/#sas-method-decimal
 161         printf("%d | %d | %d\n",
 162             (b0 << 5 | b1 >> 3) + 1000,
 163             ((b1 & 0x7) << 10 | b2 << 2 | b3 >> 6) + 1000,
 164             ((b3 & 0x3F) << 7 | b4 >> 1) + 1000);
 165         printf("%d | %d | %d\n",
 166             ((b0 << 5) | (b1 >> 3)) + 1000,
 167             (((b1 & 0x7) << 10) | (b2 << 2) | (b3 >> 6)) + 1000,
 168             (((b3 & 0x3F) << 7) | (b4 >> 1)) + 1000);
 169     }
 170     else if (strcmp(eventType, "m.key.verification.mac") == 0) {
 171         // mac
 172         const char * masterKey = "vt8tJ5/SxqkvXS+XoGxr+4rJNe8fJfZT3/e/FTwlFsI";
 173
 174         STATIC char keyList[256];
 175         STATIC char keyListMac[256];
 176         STATIC char key1Id[128];
 177         STATIC char key1[128];
 178         STATIC char key1Mac[128];
 179         STATIC char key2Id[128];
 180         STATIC char key2[128];
 181         STATIC char key2Mac[128];
 182
 183         if (strcmp(masterKey, client->deviceId) < 0) {
 184             snprintf(key1Id, 1024, "ed25519:%s", masterKey);
 185             strcpy(key1, masterKey);
 186             snprintf(key2Id, 1024, "ed25519:%s", client->deviceId);
 187             MatrixOlmAccountGetSigningKey(&client->olmAccount, key2, 1024);
 188         }
 189         else {
 190             snprintf(key1Id, 1024, "ed25519:%s", client->deviceId);
 191             MatrixOlmAccountGetSigningKey(&client->olmAccount, key1, 1024);
 192             snprintf(key2Id, 1024, "ed25519:%s", masterKey);
 193             strcpy(key2, masterKey);
 194         }
 195
 196         snprintf(keyList, 1024,
 197             "%s,%s", key1Id, key2Id);
 198
 199         STATIC char macInfo[1024];
 200         int macInfoLen;
 201         {
 202             macInfoLen =
 203                 snprintf(macInfo, 1024,
 204                     "MATRIX_KEY_VERIFICATION_MAC%s%s%s%s%s%s",
 205                     USER_ID,
 206                     client->deviceId,
 207                     USER_ID,
 208                     DEVICE_ID,
 209                     transactionId,
 210                     "KEY_IDS");
 211             olm_sas_calculate_mac_fixed_base64(olmSas, keyList, strlen(keyList), macInfo, macInfoLen, keyListMac, 1024);
 212         }
 213         {
 214             macInfoLen =
 215                 snprintf(macInfo, 1024,
 216                     "MATRIX_KEY_VERIFICATION_MAC%s%s%s%s%s%s",
 217                     USER_ID,
 218                     client->deviceId,
 219                     USER_ID,
 220                     DEVICE_ID,
 221                     transactionId,
 222                     key1Id);
 223             olm_sas_calculate_mac_fixed_base64(olmSas, key1, strlen(key1), macInfo, macInfoLen, key1Mac, 1024);
 224         }
 225         {
 226             macInfoLen =
 227                 snprintf(macInfo, 1024,
 228                     "MATRIX_KEY_VERIFICATION_MAC%s%s%s%s%s%s",
 229                     USER_ID,
 230                     client->deviceId,
 231                     USER_ID,
 232                     DEVICE_ID,
 233                     transactionId,
 234                     key2Id);
 235             olm_sas_calculate_mac_fixed_base64(olmSas, key2, strlen(key2), macInfo, macInfoLen, key2Mac, 1024);
 236         }
 237
 238         STATIC char verificationMacBuffer[1024];
 239         snprintf(verificationMacBuffer, 1024,
 240             "{"
 241             "\"keys\":\"%s\","
 242             "\"mac\":{"
 243             "\"%s\":\"%s\","
 244             "\"%s\":\"%s\""
 245             "},"
 246             "\"transaction_id\":\"%s\""
 247             "}",
 248             keyListMac,
 249             key1Id,
 250             key1Mac,
 251             key2Id,
 252             key2Mac,
 253             transactionId);
 254
 255         MatrixClientSendToDevice(client,
 256             USER_ID,
 257             DEVICE_ID,
 258             verificationMacBuffer,
 259             "m.key.verification.mac");
 260
 261         STATIC char verificationDoneBuffer[128];
 262         snprintf(verificationDoneBuffer, 128,
 263             "{"
 264             "\"transaction_id\":\"%s\""
 265             "}",
 266             transactionId);
 267
 268         MatrixClientSendToDevice(client,
 269             USER_ID,
 270             DEVICE_ID,
 271             verificationDoneBuffer,
 272             "m.key.verification.done");
 273
 274         verified = true;
 275     }
 276     else if (strcmp(eventType, "m.room.encrypted") == 0) {
 277         STATIC char algorithm[128];
 278         mjson_get_string(event, eventLen, "$.content.algorithm", algorithm, 128);
 279
 280         if (strcmp(algorithm, "m.olm.v1.curve25519-aes-sha2") == 0) {
 281             STATIC char thisDeviceKey[DEVICE_KEY_SIZE];
 282             MatrixOlmAccountGetDeviceKey(&client->olmAccount, thisDeviceKey, DEVICE_KEY_SIZE);
 283
 284             STATIC char jp[128];
 285             snprintf(jp, 128, "$.content.ciphertext.%s.type", thisDeviceKey);
 286
 287             double messageType;
 288             mjson_get_number(event, eventLen, jp, &messageType);
 289             int messageTypeInt = (int)messageType;
 290
 291             snprintf(jp, 128, "$.content.ciphertext.%s.body", thisDeviceKey);
 292
 293             mjson_get_string(event, eventLen, jp, encrypted, 2048);
 294
 295             MatrixOlmSession * olmSession;
 296             if (messageTypeInt == 0) {
 297                 MatrixClientGetOlmSessionIn(client,
 298                     USER_ID,
 299                     DEVICE_ID,
 300                     &olmSession);
 301             } else {
 302                 MatrixClientGetOlmSessionOut(client,
 303                     USER_ID,
 304                     DEVICE_ID,
 305                     &olmSession);
 306             }
 307
 308             printf("event: %.*s\n", eventLen, event);
 309             printf("encrypted: %s\n", encrypted);
 310
 311             MatrixOlmSessionDecrypt(olmSession,
 312                 messageTypeInt, encrypted, decrypted, 2048);
 313
 314             printf("decrypted: %s\n", decrypted);
 315
 316             HandleEvent(client, decrypted, strlen(decrypted));
 317         }
 318     }
 319     else if (strcmp(eventType, "m.room_key") == 0 ||
 320              strcmp(eventType, "m.forwarded_room_key") == 0) {
 321         STATIC char roomId[128];
 322         STATIC char sessionId[128];
 323         STATIC char sessionKey[1024];
 324         mjson_get_string(event, eventLen, "$.content.room_id", roomId, 128);
 325         mjson_get_string(event, eventLen, "$.content.session_id", sessionId, 128);
 326         mjson_get_string(event, eventLen, "$.content.session_key", sessionKey, 1024);
 327
 328         printf("sessionId: %s\n", sessionId);
 329         printf("sessionKey: %s\n", sessionKey);
 330
 331         MatrixMegolmInSession * megolmInSession;
 332         MatrixClientNewMegolmInSession(client, roomId, sessionId, sessionKey, &megolmInSession);
 333     }
 334 }
 335
 336 void
 337 HandleRoomEvent(
 338     MatrixClient * client,
 339     const char * room, int roomLen,
 340     const char * event, int eventLen)
 341 {
 342     STATIC char eventType[128];
 343     memset(eventType, 0, sizeof(eventType));
 344     mjson_get_string(event, eventLen, "$.type", eventType, 128);
 345
 346     if (strcmp(eventType, "m.room.encrypted") == 0) {
 347         STATIC char algorithm[128];
 348         mjson_get_string(event, eventLen, "$.content.algorithm", algorithm, 128);
 349
 350         if (strcmp(algorithm, "m.megolm.v1.aes-sha2") == 0) {
 351             STATIC char sessionId[128];
 352             int sessionIdLen =
 353                 mjson_get_string(event, eventLen, "$.content.session_id", sessionId, 128);
 354
 355             bool res;
 356
 357             MatrixMegolmInSession * megolmInSession;
 358             res = MatrixClientGetMegolmInSession(client,
 359                 room, roomLen,
 360                 sessionId, sessionIdLen,
 361                 &megolmInSession);
 362
 363             if (res) {
 364                 mjson_get_string(event, eventLen, "$.content.ciphertext", encrypted, 2048);
 365
 366                 MatrixMegolmInSessionDecrypt(megolmInSession, encrypted, strlen(encrypted), decrypted, 2048);
 367
 368                 printf("decrypted: %s\n", decrypted);
 369
 370                 HandleEvent(client, decrypted, strlen(decrypted));
 371             }
 372             else {
 373                 printf("megolm session not known\n");
 374             }
 375         }
 376     }
 377     HandleEvent(client, event, eventLen);
 378 }
 379
 380 void
 381 Sync(
 382     MatrixClient * client,
 383     char * syncBuffer
 384 ) {
 385     STATIC char nextBatch[1024] = {0};
 386
 387     MatrixClientSync(client, syncBuffer, 1024, nextBatch);
 388
 389     int res;
 390
 391     const char * s = syncBuffer;
 392     int slen = strlen(syncBuffer);
 393
 394     // {
 395     // int koff, klen, voff, vlen, vtype, off = 0;
 396     // for (off = 0; (off = mjson_next(s, slen, off, &koff, &klen,
 397     //                                 &voff, &vlen, &vtype)) != 0; ) {
 398     //     const char * k = s + koff;
 399     //     const char * v = s + voff;
 400
 401     //     printf("%.*s: %.100s\n", klen, k, v);
 402     // }
 403     // }
 404
 405     mjson_get_string(s, slen, "$.next_batch", nextBatch, 1024);
 406
 407     // to_device
 408
 409     const char * events;
 410     int eventsLen;
 411     res =
 412         mjson_find(s, slen, "$.to_device.events", &events, &eventsLen);
 413
 414     if (res != MJSON_TOK_INVALID) {
 415         {
 416         int koff, klen, voff, vlen, vtype, off = 0;
 417         for (off = 0; (off = mjson_next(events, eventsLen, off, &koff, &klen,
 418                                         &voff, &vlen, &vtype)) != 0; ) {
 419             const char * v = events + voff;
 420
 421             HandleEvent(client, v, vlen);
 422         }
 423         }
 424     }
 425
 426     // rooms
 427
 428     const char * rooms;
 429     int roomsLen;
 430     res =
 431         mjson_find(s, slen, "$.rooms.join", &rooms, &roomsLen);
 432
 433     if (res != MJSON_TOK_INVALID) {
 434         {
 435         int koff, klen, voff, vlen, vtype, off = 0;
 436         for (off = 0; (off = mjson_next(rooms, roomsLen, off, &koff, &klen,
 437                                         &voff, &vlen, &vtype)) != 0; ) {
 438             const char * k = rooms + koff;
 439             const char * v = rooms + voff;
 440
 441             const char * events;
 442             int eventsLen;
 443             res =
 444                 mjson_find(v, vlen, "$.timeline.events", &events, &eventsLen);
 445
 446             if (res != MJSON_TOK_INVALID) {
 447                 {
 448                 int koff2, klen2, voff2, vlen2, vtype2, off2 = 0;
 449                 for (off2 = 0; (off2 = mjson_next(events, eventsLen, off2, &koff2, &klen2,
 450                                                 &voff2, &vlen2, &vtype2)) != 0; ) {
 451                     const char * v2 = events + voff2;
 452
 453                     HandleRoomEvent(client,
 454                         k+1, klen-2,
 455                         v2, vlen2);
 456                 }
 457                 }
 458             }
 459         }
 460         }
 461     }
 462 }
 463
 464
 465 int
 466 main(void)
 467 {
 468     STATIC MatrixClient _client;
 469     MatrixClient * client = &_client;
 470     // MatrixClient * client = (MatrixClient*)malloc(sizeof(MatrixClient));
 471     MatrixClientInit(client);
 472
 473     MatrixHttpInit(&client->hc, SERVER);
 474     MatrixClientSetUserId(client, USER_ID);
 475
 476     MatrixClientLoginPassword(client,
 477         "pscho",
 478         "Wc23EbmB9G3faMq",
 479         "Test1");
 480     printf("deviceId: %s\n", client->deviceId);
 481     MatrixClientGenerateOnetimeKeys(client, 10);
 482     MatrixClientUploadOnetimeKeys(client);
 483     MatrixClientUploadDeviceKey(client);
 484
 485     STATIC char eventBuffer[1024];
 486     MatrixClientGetRoomEvent(client,
 487         ROOM_ID,
 488         EVENT_ID,
 489         eventBuffer, 1024);
 490     printf("event: %s\n", eventBuffer);
 491
 492     char * syncBuffer = (char*)malloc(1024*40);
 493     // STATIC char syncBuffer[1024];
 494
 495     while (! verified)
 496         Sync(client, syncBuffer);
 497
 498     // while (getchar() != 'q')
 499     //     Sync(client, syncBuffer);
 500
 501     MatrixClientRequestMegolmInSession(client,
 502         ROOM_ID,
 503         SESSION_ID,
 504         SENDER_KEY,
 505         USER_ID,
 506         DEVICE_ID);
 507
 508     MatrixMegolmInSession * megolmInSession;
 509     while (! MatrixClientGetMegolmInSession(client,
 510         ROOM_ID, strlen(ROOM_ID),
 511         SESSION_ID, strlen(SESSION_ID),
 512         &megolmInSession))
 513         Sync(client, syncBuffer);
 514
 515     int encryptedLen =
 516         mjson_get_string(eventBuffer, strlen(eventBuffer), "$.content.ciphertext", encrypted, 1024);
 517
 518     printf("encrypted: [%.*s]\n", encryptedLen, encrypted);
 519
 520     MatrixMegolmInSessionDecrypt(megolmInSession,
 521         encrypted, encryptedLen,
 522         decrypted, 1024);
 523
 524     printf("decrypted: %s\n", decrypted);
 525
 526     MatrixClientDeleteDevice(client);
 527
 528     MatrixHttpDeinit(&client->hc);
 529
 530     return 0;
 531 }
 532
 533 #include "wifi.h"
 534
 535 void
 536 app_main(void)
 537 {
 538     wifi_init("Hundehuette", "Affensicherespw55");
 539
 540     main();
 541 }