Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Implement end-to-end encryption #225

Open
wants to merge 13 commits into
base: develop
Choose a base branch
from
Open

[WIP] Implement end-to-end encryption #225

wants to merge 13 commits into from

Conversation

fancycode
Copy link
Member

This is not ready for merging yet, but should work as base for further discussion.

Features:

  • All messages for a single peer are encrypted using the Axolotl ratchet. This applies to messages sent through the channeling server, as well as messages send through peerconnections. We will only be supporting protocol V3 (as that is what is supported by the libaxolotl-javascript library).
  • For anonymous users, no identity, keys, sessions, etc. are stored. Whenever a user reloads, he will have to generate a new identity.
  • For authenticated users, the identity and generated keys are stored (but not the sessions).
  • The own fingerprint is available through settings.
  • UI (in chat) to show the user that the session is encrypted.
  • UI (in chat) to allow the users to verify the identities of their peers.

Missing stuff:

  • Error handling 😟
  • Detection if the other peer supports encryption. For now, all messages are encrypted no matter what the other peer is using.
  • Fallback for older browsers (currently only tested in Chrome and Firefox).
  • Storing of sessions for authenticated users so they can be resumed later.
  • Encryption of stored data (for now everything is simply put in localStorage).
  • UI for calls to show encrypted sessions.
  • Documentation for the new message types.
  • Probably a ton of other things I forgot...

Feedback welcome!

longsleep
longsleep reviewed Aug 9, 2015
View reviewed changes
static/js/main.js
'axolotl-crypto': 'libs/axolotl/axolotl-crypto',
'axolotlCryptoCurve25519': 'libs/axolotl/axolotl-crypto-curve25519',
'ByteBuffer': 'libs/axolotl/ByteBufferAB.min',
'Long': 'libs/axolotl/Long.min',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these libraries depend on each other? If they do make sure to add those dependencies below, to avoid possible load order errors.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

libaxolotl-javascript has support for require.js, but defining the dependencies explicitly here won't hurt...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is better not to have the dependencies, if the libs handle that itself correctly and it gets picket up right by r.js.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@longsleep
Copy link
Contributor

Nice! In addition to the inline comments i suggest to name things End2EndEncryption rather than just Encryption.

Also can you check how to make it possible to also encrypt data sent to multiple receivers (when processed by the broadcast server function)?

@fancycode
Explicitly set dependencies for axolotl library.
81318f0
@fancycode
Renamed stuff to "EndToEndEncryption".
c33d2cb
@fancycode
Log an error if encrypted message is received but not supported.
7f492d3
@fancycode
Log initialization result in service and use result directly from API.
848289a
@fancycode
Initial UI integration.
72a5d60 
- Show own fingerprint in settings.
- Show notification in chat while peer identity is requested.
- Show lock icon on encrypted chat messages.
- Show button in chat menu to open dialog with fingerprint of remote peer.

Needs rebuilding of styles after merging.
houndci-bot
houndci-bot reviewed Aug 10, 2015
View reviewed changes
src/styles/components/_chat.scss
@@ -349,6 +362,15 @@
width: 12px;
}

&:after {
font-family: FontAwesome;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Properties should be ordered float, font-family, left, margin-left, text-align, width

longsleep
longsleep reviewed Aug 11, 2015
View reviewed changes
static/js/directives/chat.js
@@ -329,6 +356,14 @@ define(['jquery', 'underscore', 'text!partials/chat.html', 'text!partials/chatro
console.error("Failed to receive geolocation", err);
});
};
subscope.showFingerprint = function() {
if (subscope.fingerprint) {
// TODO(fancycode): Show a nicer notification.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What would be a nicer notification? I guess it should avoid a modal popup and rather show this somewhere inside the chat frame.

@fancycode
Don't specify dependencies explicitly.
77e33de
@fancycode
Trigger events through service instead of "appData".
6591cdf
@fancycode
Always use general "send" API and determine internally to encrypt.
dbd3db3 
With that also get rid of the "Api.send2" and "Api.apply" hacks. Now the
respective methods take an optional function to call for sending the data
as first argument. No more magic object binding, yay!
@longsleep longsleep changed the title Implement end-to-end encryption [WIP] Implement end-to-end encryption Feb 29, 2016
leonklingele
leonklingele reviewed May 28, 2016
View reviewed changes
static/js/services/endtoendencryption.js
_.defer(_.bind(function() {
var ready_state = READY_NONE;
var check_ready = _.bind(function() {
if (ready_state === READY_ALL) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Guess it would be better to use $q.all([this.getLocalIdentityKeyPair(), this.getLocalRegistrationId(), this.getLastResortPreKey()]).then(function() { here instead, so we can get rid of the bitflags – Much cleaner imo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fancycode @longsleep @leonklingele @houndci-bot