2020-05-09 01:03:59 +02:00
|
|
|
// mautrix-whatsapp - A Matrix-WhatsApp puppeting bridge.
|
|
|
|
// Copyright (C) 2020 Tulir Asokan
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
// +build cgo
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/hmac"
|
|
|
|
"crypto/sha512"
|
|
|
|
"encoding/hex"
|
2020-05-12 21:25:55 +02:00
|
|
|
"fmt"
|
2020-05-09 01:03:59 +02:00
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"maunium.net/go/maulogger/v2"
|
|
|
|
|
|
|
|
"maunium.net/go/mautrix"
|
2020-05-09 19:07:21 +02:00
|
|
|
"maunium.net/go/mautrix-whatsapp/database"
|
2020-05-09 01:03:59 +02:00
|
|
|
"maunium.net/go/mautrix/crypto"
|
|
|
|
"maunium.net/go/mautrix/event"
|
|
|
|
"maunium.net/go/mautrix/id"
|
|
|
|
)
|
|
|
|
|
|
|
|
var levelTrace = maulogger.Level{
|
|
|
|
Name: "Trace",
|
|
|
|
Severity: -10,
|
|
|
|
Color: -1,
|
|
|
|
}
|
|
|
|
|
|
|
|
type CryptoHelper struct {
|
2020-05-09 19:07:21 +02:00
|
|
|
bridge *Bridge
|
|
|
|
client *mautrix.Client
|
|
|
|
mach *crypto.OlmMachine
|
|
|
|
store *database.SQLCryptoStore
|
|
|
|
log maulogger.Logger
|
|
|
|
baseLog maulogger.Logger
|
2020-05-09 01:03:59 +02:00
|
|
|
}
|
|
|
|
|
2020-05-09 19:25:48 +02:00
|
|
|
func NewCryptoHelper(bridge *Bridge) Crypto {
|
2020-05-09 01:03:59 +02:00
|
|
|
if !bridge.Config.Bridge.Encryption.Allow {
|
|
|
|
bridge.Log.Debugln("Bridge built with end-to-bridge encryption, but disabled in config")
|
|
|
|
return nil
|
|
|
|
} else if bridge.Config.Bridge.LoginSharedSecret == "" {
|
|
|
|
bridge.Log.Warnln("End-to-bridge encryption enabled, but login_shared_secret not set")
|
|
|
|
return nil
|
|
|
|
}
|
2020-05-09 19:07:21 +02:00
|
|
|
baseLog := bridge.Log.Sub("Crypto")
|
|
|
|
return &CryptoHelper{
|
|
|
|
bridge: bridge,
|
|
|
|
log: baseLog.Sub("Helper"),
|
|
|
|
baseLog: baseLog,
|
2020-05-09 01:03:59 +02:00
|
|
|
}
|
2020-05-09 19:07:21 +02:00
|
|
|
}
|
2020-05-09 01:03:59 +02:00
|
|
|
|
2020-05-09 19:07:21 +02:00
|
|
|
func (helper *CryptoHelper) Init() error {
|
|
|
|
helper.log.Debugln("Initializing end-to-bridge encryption...")
|
|
|
|
var err error
|
|
|
|
helper.client, err = helper.loginBot()
|
2020-05-09 01:03:59 +02:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-05-09 19:07:21 +02:00
|
|
|
helper.log.Debugln("Logged in as bridge bot with device ID", helper.client.DeviceID)
|
|
|
|
logger := &cryptoLogger{helper.baseLog}
|
|
|
|
stateStore := &cryptoStateStore{helper.bridge}
|
2020-06-23 22:22:30 +02:00
|
|
|
helper.store = database.NewSQLCryptoStore(helper.bridge.DB, helper.client.DeviceID, helper.client.UserID,
|
|
|
|
fmt.Sprintf("@%s:%s", helper.bridge.Config.Bridge.FormatUsername("%"), helper.bridge.AS.HomeserverDomain))
|
2020-05-09 19:07:21 +02:00
|
|
|
helper.mach = crypto.NewOlmMachine(helper.client, logger, helper.store, stateStore)
|
2020-05-09 01:03:59 +02:00
|
|
|
|
2020-05-09 19:07:21 +02:00
|
|
|
helper.client.Logger = logger.int.Sub("Bot")
|
|
|
|
helper.client.Syncer = &cryptoSyncer{helper.mach}
|
|
|
|
helper.client.Store = &cryptoClientStore{helper.store}
|
2020-05-09 01:03:59 +02:00
|
|
|
|
2020-05-09 19:07:21 +02:00
|
|
|
return helper.mach.Load()
|
2020-05-09 01:03:59 +02:00
|
|
|
}
|
|
|
|
|
2020-05-09 19:07:21 +02:00
|
|
|
func (helper *CryptoHelper) loginBot() (*mautrix.Client, error) {
|
|
|
|
deviceID := helper.bridge.DB.FindDeviceID()
|
|
|
|
if len(deviceID) > 0 {
|
|
|
|
helper.log.Debugln("Found existing device ID for bot in database:", deviceID)
|
|
|
|
}
|
|
|
|
mac := hmac.New(sha512.New, []byte(helper.bridge.Config.Bridge.LoginSharedSecret))
|
|
|
|
mac.Write([]byte(helper.bridge.AS.BotMXID()))
|
|
|
|
resp, err := helper.bridge.AS.BotClient().Login(&mautrix.ReqLogin{
|
2020-05-09 01:03:59 +02:00
|
|
|
Type: "m.login.password",
|
2020-05-09 19:07:21 +02:00
|
|
|
Identifier: mautrix.UserIdentifier{Type: "m.id.user", User: string(helper.bridge.AS.BotMXID())},
|
2020-05-09 01:03:59 +02:00
|
|
|
Password: hex.EncodeToString(mac.Sum(nil)),
|
2020-05-09 19:07:21 +02:00
|
|
|
DeviceID: deviceID,
|
2020-05-09 01:03:59 +02:00
|
|
|
InitialDeviceDisplayName: "WhatsApp Bridge",
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2020-05-09 19:07:21 +02:00
|
|
|
client, err := mautrix.NewClient(helper.bridge.AS.HomeserverURL, helper.bridge.AS.BotMXID(), resp.AccessToken)
|
2020-05-09 01:03:59 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2020-05-09 19:07:21 +02:00
|
|
|
client.DeviceID = resp.DeviceID
|
2020-05-09 01:03:59 +02:00
|
|
|
return client, nil
|
|
|
|
}
|
|
|
|
|
2020-05-09 19:07:21 +02:00
|
|
|
func (helper *CryptoHelper) Start() {
|
|
|
|
helper.log.Debugln("Starting syncer for receiving to-device messages")
|
|
|
|
err := helper.client.Sync()
|
|
|
|
if err != nil {
|
|
|
|
helper.log.Errorln("Fatal error syncing:", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (helper *CryptoHelper) Stop() {
|
|
|
|
helper.client.StopSync()
|
|
|
|
}
|
|
|
|
|
2020-05-09 01:03:59 +02:00
|
|
|
func (helper *CryptoHelper) Decrypt(evt *event.Event) (*event.Event, error) {
|
|
|
|
return helper.mach.DecryptMegolmEvent(evt)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (helper *CryptoHelper) Encrypt(roomID id.RoomID, evtType event.Type, content event.Content) (*event.EncryptedEventContent, error) {
|
2020-06-18 11:57:55 +02:00
|
|
|
encrypted, err := helper.mach.EncryptMegolmEvent(roomID, evtType, &content)
|
2020-05-09 01:03:59 +02:00
|
|
|
if err != nil {
|
|
|
|
if err != crypto.SessionExpired && err != crypto.SessionNotShared && err != crypto.NoGroupSession {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
helper.log.Debugfln("Got %v while encrypting event for %s, sharing group session and trying again...", err, roomID)
|
2020-05-09 19:07:21 +02:00
|
|
|
users, err := helper.store.GetRoomMembers(roomID)
|
2020-05-09 01:03:59 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, errors.Wrap(err, "failed to get room member list")
|
|
|
|
}
|
|
|
|
err = helper.mach.ShareGroupSession(roomID, users)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errors.Wrap(err, "failed to share group session")
|
|
|
|
}
|
2020-06-18 11:57:55 +02:00
|
|
|
encrypted, err = helper.mach.EncryptMegolmEvent(roomID, evtType, &content)
|
2020-05-09 01:03:59 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, errors.Wrap(err, "failed to encrypt event after re-sharing group session")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return encrypted, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (helper *CryptoHelper) HandleMemberEvent(evt *event.Event) {
|
|
|
|
helper.mach.HandleMemberEvent(evt)
|
|
|
|
}
|
|
|
|
|
|
|
|
type cryptoSyncer struct {
|
|
|
|
*crypto.OlmMachine
|
|
|
|
}
|
|
|
|
|
|
|
|
func (syncer *cryptoSyncer) ProcessResponse(resp *mautrix.RespSync, since string) error {
|
|
|
|
syncer.ProcessSyncResponse(resp, since)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (syncer *cryptoSyncer) OnFailedSync(_ *mautrix.RespSync, err error) (time.Duration, error) {
|
|
|
|
syncer.Log.Error("Error /syncing, waiting 10 seconds: %v", err)
|
|
|
|
return 10 * time.Second, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (syncer *cryptoSyncer) GetFilterJSON(_ id.UserID) *mautrix.Filter {
|
|
|
|
everything := []event.Type{{Type: "*"}}
|
|
|
|
return &mautrix.Filter{
|
|
|
|
Presence: mautrix.FilterPart{NotTypes: everything},
|
|
|
|
AccountData: mautrix.FilterPart{NotTypes: everything},
|
|
|
|
Room: mautrix.RoomFilter{
|
|
|
|
IncludeLeave: false,
|
|
|
|
Ephemeral: mautrix.FilterPart{NotTypes: everything},
|
|
|
|
AccountData: mautrix.FilterPart{NotTypes: everything},
|
|
|
|
State: mautrix.FilterPart{NotTypes: everything},
|
|
|
|
Timeline: mautrix.FilterPart{NotTypes: everything},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type cryptoLogger struct {
|
|
|
|
int maulogger.Logger
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *cryptoLogger) Error(message string, args ...interface{}) {
|
|
|
|
c.int.Errorfln(message, args...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *cryptoLogger) Warn(message string, args ...interface{}) {
|
|
|
|
c.int.Warnfln(message, args...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *cryptoLogger) Debug(message string, args ...interface{}) {
|
|
|
|
c.int.Debugfln(message, args...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *cryptoLogger) Trace(message string, args ...interface{}) {
|
|
|
|
c.int.Logfln(levelTrace, message, args...)
|
|
|
|
}
|
|
|
|
|
2020-05-09 19:07:21 +02:00
|
|
|
type cryptoClientStore struct {
|
|
|
|
int *database.SQLCryptoStore
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c cryptoClientStore) SaveFilterID(_ id.UserID, _ string) {}
|
|
|
|
func (c cryptoClientStore) LoadFilterID(_ id.UserID) string { return "" }
|
|
|
|
func (c cryptoClientStore) SaveRoom(_ *mautrix.Room) {}
|
|
|
|
func (c cryptoClientStore) LoadRoom(_ id.RoomID) *mautrix.Room { return nil }
|
|
|
|
|
|
|
|
func (c cryptoClientStore) SaveNextBatch(_ id.UserID, nextBatchToken string) {
|
|
|
|
c.int.PutNextBatch(nextBatchToken)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c cryptoClientStore) LoadNextBatch(_ id.UserID) string {
|
|
|
|
return c.int.GetNextBatch()
|
|
|
|
}
|
|
|
|
|
|
|
|
var _ mautrix.Storer = (*cryptoClientStore)(nil)
|
|
|
|
|
2020-05-09 01:03:59 +02:00
|
|
|
type cryptoStateStore struct {
|
|
|
|
bridge *Bridge
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *cryptoStateStore) IsEncrypted(id id.RoomID) bool {
|
|
|
|
portal := c.bridge.GetPortalByMXID(id)
|
|
|
|
if portal != nil {
|
|
|
|
return portal.Encrypted
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *cryptoStateStore) FindSharedRooms(id id.UserID) []id.RoomID {
|
|
|
|
return c.bridge.StateStore.FindSharedRooms(id)
|
|
|
|
}
|