-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathattachments.go
123 lines (103 loc) · 2.74 KB
/
attachments.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
// Copyright (c) 2014 Canonical Ltd.
// Licensed under the GPLv3, see the COPYING file for details.
package textsecure
import (
"bytes"
"errors"
"fmt"
"io"
"io/ioutil"
"net/http"
"strconv"
"github.com/janimo/textsecure/protobuf"
)
// getAttachment downloads an encrypted attachment blob from the given URL
func getAttachment(url string) (io.ReadCloser, error) {
req, err := http.NewRequest("GET", url, nil)
req.Header.Add("Content-type", "application/octet-stream")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return nil, err
}
return resp.Body, nil
}
// putAttachment uploads an encrypted attachment to the given URL
func putAttachment(url string, body []byte) error {
br := bytes.NewReader(body)
req, err := http.NewRequest("PUT", url, br)
if err != nil {
return err
}
req.Header.Add("Content-type", "application/octet-stream")
req.Header.Add("Content-length", strconv.Itoa(len(body)))
resp, err := http.DefaultClient.Do(req)
if resp != nil && (resp.StatusCode < 200 || resp.StatusCode >= 300) {
return fmt.Errorf("HTTP status %d\n", resp.StatusCode)
}
return err
}
// uploadAttachment encrypts, authenticates and uploads a given attachment to a location requested from the server
func uploadAttachment(r io.Reader, ct string) (*att, error) {
//combined AES-256 and HMAC-SHA256 key
keys := make([]byte, 64)
randBytes(keys)
b, err := ioutil.ReadAll(r)
if err != nil {
return nil, err
}
e, err := aesEncrypt(keys[:32], b)
if err != nil {
return nil, err
}
m := appendMAC(keys[32:], e)
id, location, err := allocateAttachment()
if err != nil {
return nil, err
}
err = putAttachment(location, m)
if err != nil {
return nil, err
}
return &att{id, ct, keys}, nil
}
// ErrInvalidMACForAttachment signals that the downloaded attachment has an invalid MAC.
var ErrInvalidMACForAttachment = errors.New("invalid MAC for attachment")
func handleSingleAttachment(a *textsecure.AttachmentPointer) (*Attachment, error) {
loc, err := getAttachmentLocation(*a.Id)
if err != nil {
return nil, err
}
r, err := getAttachment(loc)
if err != nil {
return nil, err
}
defer r.Close()
b, err := ioutil.ReadAll(r)
if err != nil {
return nil, err
}
l := len(b) - 32
if !verifyMAC(a.Key[32:], b[:l], b[l:]) {
return nil, ErrInvalidMACForAttachment
}
b, err = aesDecrypt(a.Key[:32], b[:l])
if err != nil {
return nil, err
}
return &Attachment{bytes.NewReader(b), a.GetContentType()}, nil
}
func handleAttachments(dm *textsecure.DataMessage) ([]*Attachment, error) {
atts := dm.GetAttachments()
if atts == nil {
return nil, nil
}
all := make([]*Attachment, len(atts))
var err error
for i, a := range atts {
all[i], err = handleSingleAttachment(a)
if err != nil {
return nil, err
}
}
return all, nil
}