Add id signature

kryptokrona · Oct 22, 2024 · a49c23d · a49c23d
1 parent ebb646e
commit a49c23d
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 38 deletions.
diff --git a/src/backend/crypto.cjs b/src/backend/crypto.cjs
@@ -138,9 +138,9 @@ function naclHash(val) {
     return nacl.hash(hexToUint(val))
 }
 
-function verify_admins(remotePub, signature, invite) {
+function verify_signature(message, signature, pub) {
     if (signature.length !== 64) return false
-    return Keychains.verify(remotePub, signature, invite)
+    return Keychains.verify(message, signature, pub)
 }
 
 const sign_admin_message = (dht_keys, invite, adminkeys) => {
@@ -149,5 +149,11 @@ const sign_admin_message = (dht_keys, invite, adminkeys) => {
     return keys.get().sign(dht_keys.get().publicKey)
 }
 
+const sign_joined_message = (dht_keys) => {
+    const key = keychain.getXKRKeypair().privateSpendKey
+    const keys = create_keys_from_seed(key)
+    //return [signature, publickey]
+    return [keys.get().sign(dht_keys.get().publicKey).toString('hex'), keys.publicKey.toString('hex')]
+}
 
-module.exports = {sign_admin_message, verify_admins, decryptSwarmMessage, verifySignature, signMessage, keychain, verify_admins, naclHash, get_new_peer_keys, create_keys_from_seed}
+module.exports = {sign_admin_message, sign_joined_message, verify_signature, decryptSwarmMessage, verifySignature, signMessage, keychain, verify_signature, naclHash, get_new_peer_keys, create_keys_from_seed}
diff --git a/src/backend/swarm.cjs b/src/backend/swarm.cjs
@@ -5,7 +5,7 @@ const {saveGroupMsg, getChannels, loadRoomKeys} = require("./database.cjs")
 const { app,
     ipcMain
 } = require('electron')
-const {keychain, get_new_peer_keys, naclHash, verify_admins, sign_admin_message, signMessage } = require("./crypto.cjs")
+const {keychain, get_new_peer_keys, naclHash, verify_signature, sign_admin_message, signMessage, sign_joined_message } = require("./crypto.cjs")
 
 let LOCAL_VOICE_STATUS_OFFLINE = [JSON.stringify({voice: false, video: false, topic: "",})]
 
@@ -291,22 +291,29 @@ const check_data_message = async (data, connection, topic) => {
             }
 
             //Check admin signature
-            const admin = verify_admins(connection.remotePublicKey, Buffer.from(data.signature, 'hex'), Buffer.from(active.key.slice(-64), 'hex'))
-            // if(!verified) return "Error"
+            const admin = verify_signature(connection.remotePublicKey, Buffer.from(data.signature, 'hex'), Buffer.from(active.key.slice(-64), 'hex'))
+
+            //If we swtich to picture avatars, we need to sign our connection with our id. So fakenicking etc becomes harder.
+            const verified = verify_signature(connection.remotePublicKey, Buffer.from(data.idSig, 'hex'), Buffer.from(data.idPub, 'hex'))
+
+            if (!verified) {
+                return "Error"
+            }
+
             con.joined = true
             con.address = joined.address
             con.name = joined.name
             con.voice = joined.voice
             con.admin = admin
-
+            con.video = joined.video
             const time = parseInt(joined.time)
+
             //If our new connection is also in voice, check who was connected first to decide who creates the offer
             const [in_voice, video] = get_local_voice_status(topic)
             if (con.voice && in_voice && (parseInt(active.time) > time)  ) {
                 join_voice_channel(active.key, topic, joined.address)
             }
 
-            con.video = joined.video
             console.log("Connection updated: Joined:", con.joined)
             Hugin.send("peer-connected", joined)
             return true
@@ -388,6 +395,7 @@ const send_joined_message = async (topic, dht_keys) => {
     if (!active) return
     const key = active.key
     const adminkeys = loadRoomKeys()
+    const [idSig, idPub] = sign_joined_message(dht_keys)
     if (is_room_admin(adminkeys, active.key)) {
         //We got an adminkey for this room
         //Sign our joined message with this
@@ -410,6 +418,8 @@ const send_joined_message = async (topic, dht_keys) => {
         channels: [],
         video: video,
         time: active.time,
+        idSig,
+        idPub
     })
 
     send_swarm_message(data, active.key)

diff --git a/src/backend/utils.cjs b/src/backend/utils.cjs
@@ -174,24 +174,29 @@ function parse_torrent(m) {
 const sanitize_join_swarm_data = (data) => {
 
     const address = sanitizeHtml(data.address)
-    // if (address.length !== 99) return false
+    if (address?.length > 99) return false
     const message = sanitizeHtml(data.message)
-    if (message.length > 200) return false 
+    if (message?.length > 200) return false 
     const signature = sanitizeHtml(data.signature)
-    if (signature.length > 128) return false
+    if (signature?.length > 128) return false
     const topic = sanitizeHtml(data.topic)
-    if (topic.length !== 64) return false
+    if (topic?.length !== 64) return false
     const name = sanitizeHtml(data.name) 
-    if (name.length > 50) return false
-    let voice = data.voice
+    if (name?.length > 50) return false
+    let voice = data?.voice
     if (typeof voice !== 'boolean') return false
-    const joined = data.joined
+    const joined = data?.joined
     if (typeof joined !== 'boolean') return false
-    const video = data.video
+    const video = data?.video
     if (typeof video !== 'boolean') return false
-    const time = sanitizeHtml(data.time) 
+    const time = sanitizeHtml(data?.time) 
     if (typeof time !== 'string') return false
-    if (time.length > 50) return false
+    if (time?.length > 50) return false
+
+    const idPub = data.idPub
+    if (typeof idPub !== 'string' || idPub?.length > 64) return false
+    const idSig = data.idSig
+    if (typeof idSig !== 'string' || idPub?.length > 128) return false
 
     const channels = []
 
@@ -217,7 +222,9 @@ const sanitize_join_swarm_data = (data) => {
         joined: joined,
         channels: channels,
         video: video,
-        time: time
+        time: time,
+        idSig,
+        idPub
     }
 
     return clean_object
@@ -228,16 +235,16 @@ const sanitize_voice_status_data = (data) => {
     const address = sanitizeHtml(data.address)
     // if (address.length !== 99) return false
     const message = sanitizeHtml(data.message)
-    if (message.length > 64) return false 
+    if (message?.length > 64) return false 
     const signature = sanitizeHtml(data.signature)
     // if (signature.length !== 128) return false
     const topic = sanitizeHtml(data.topic)
-    if (topic.length !== 64) return false
+    if (topic?.length !== 64) return false
     const name = sanitizeHtml(data.name) 
-    if (name.length > 50) return false
-    const voice = data.voice
+    if (name?.length > 50) return false
+    const voice = data?.voice
     if (typeof voice !== 'boolean') return false
-    const video = data.video
+    const video = data?.video
     if (typeof video !== 'boolean') return false
 
     const clean_object = {
@@ -259,12 +266,12 @@ const sanitize_pm_message = (msg) => {
     let timestamp = sanitizeHtml(msg.t)
     let key = sanitizeHtml(msg.k)
     let message = sanitizeHtml(msg.msg)
-    if (message.length > 777) return [false]
-    if (addr.length > 99) return [false]
+    if (message?.length > 777) return [false]
+    if (addr?.length > 99) return [false]
     if (typeof sent !== 'boolean') return [false]
-    if (timestamp.length > 25) return f[false]
-    if (key.length > 64) return [false]
-    if (message.length > 777) return [false]
+    if (timestamp?.length > 25) return f[false]
+    if (key?.length > 64) return [false]
+    if (message?.length > 777) return [false]
 
     return [message, addr, key, timestamp, sent]
 }
@@ -292,6 +299,11 @@ const sanitize_file_message = (data) => {
 
     const time = sanitizeHtml(data?.time)
     if (time.length > 25) return false
+
+    const sig = sanitizeHtml(data?.sig);
+    if (size.length > 128) return false;
+
+    //Verify sig here?
 
     //Check optional
     const key = sanitizeHtml(data?.key)
@@ -316,30 +328,31 @@ const sanitize_file_message = (data) => {
         size,
         time,
         hash,
-        key: key
+        key: key,
+        sig
     }
 
     return object
 }
 
 const sanitize_group_message = (msg) => {
     let timestamp = sanitizeHtml(msg.t);
-    if (timestamp.length > 20) return false;
+    if (timestamp?.length > 20) return false;
     let group = sanitizeHtml(msg.g);
-    if (group.length > 128) return false;
+    if (group?.length > 128) return false;
     let text = sanitizeHtml(msg.m);
-    if (text.length === 0) return false
-    if (text.length > 777) return false;
+    if (text?.length === 0) return false
+    if (text?.length > 777) return false;
     let addr = sanitizeHtml(msg.k);
     // if (addr.length > 99) return false;
     let reply = sanitizeHtml(msg.r);
-    if (reply.length > 64) return false;
+    if (reply?.length > 64) return false;
     let sig = sanitizeHtml(msg.s);
-    if (sig.length > 200) return false;
+    if (sig?.length > 200) return false;
     let nick = sanitizeHtml(msg.n);
-    if (nick.length > 50) return false;
+    if (nick?.length > 50) return false;
     let txHash = sanitizeHtml(msg.hash);
-    if (txHash.length > 64) return false;
+    if (txHash?.length > 64) return false;
 
     const clean_object = {
       message: text,