refactor: add strandlock & coldwire protocols support

Author: chadsec1

core/constants.py

@@ -2,10 +2,17 @@
 APP_NAME      = "Coldwire"
 APP_VERSION   = "0.1"
 
-# hard-coded filepaths
+# hard-coded filepaths 
 ACCOUNT_FILE_PATH = "account.coldwire"
 
-# network defaults (seconds)
+# Coldwire protocol misc (bytes)
+SMP_TYPE = b"\x00"
+PFS_TYPE = b"\x01"
+MSG_TYPE = b"\x02"
+
+COLDWIRE_LEN_OFFSET = 3
+
+# network defaults (seconds & bytes)
 LONGPOLL_MIN  = 5
 LONGPOLL_MAX  = 30  
 
@@ -14,10 +21,11 @@
 
 XCHACHA20POLY1305_NONCE_LEN = 24
 
-OTP_PAD_SIZE       = 11264
-OTP_MAX_BUCKET     = 64
-OTP_MAX_RANDOM_PAD = 16 
-OTP_SIZE_LENGTH    = 2
+OTP_PAD_SIZE        = 11264
+OTP_MAX_BUCKET      = 64
+OTP_MAX_RANDOM_PAD  = 16 
+OTP_SIZE_LENGTH     = 2
+OTP_MAX_MESSAGE_LEN = OTP_PAD_SIZE - OTP_SIZE_LENGTH
 
 SMP_NONCE_LENGTH      = 64
 SMP_PROOF_LENGTH      = 64
@@ -27,6 +35,7 @@
 KEYS_HASH_CHAIN_LEN    = 64
 MESSAGE_HASH_CHAIN_LEN = 64
 
+    
 
 # NIST-specified key sizes (bytes) and metadata
 ML_KEM_1024_NAME   = "ML-KEM-1024"

core/requests.py

@@ -1,10 +1,17 @@
 from urllib import request, error
+from core.trad_crypto import (
+    sha3_512
+)
 import urllib
+import uuid
 import json
 import logging
+import string
+import secrets
 
 logger = logging.getLogger(__name__)
 
+
 _ORIGINAL_SOCKET = None
 
 def socks_monkey_patch(proxy_info: dict = None):
@@ -56,6 +63,89 @@ def undo_monkey_patching():
         socket.socket = _ORIGINAL_SOCKET
 
 
+
+
+
+
+# Helper function to encode a form field
+def encode_field(name: str, value: str, boundary: str, CRLF: str) -> bytes:
+    return (
+        f'--{boundary}{CRLF}'
+        f'Content-Disposition: form-data; name="{name}"{CRLF}{CRLF}'
+        f'{value}{CRLF}'
+    ).encode("utf-8")
+
+# Helper function to encode a file field
+def encode_file(name: str, filename: str, data: bytes, boundary: str, CRLF: str, content_type: str = "application/octet-stream") -> bytes:
+    return (
+        f'--{boundary}{CRLF}'
+        f'Content-Disposition: form-data; name="{name}"; filename="{filename}"{CRLF}'
+        f'Content-Type: {content_type}{CRLF}{CRLF}'
+    ).encode("utf-8") + data + CRLF.encode("utf-8")
+
+
+
+def http_request(url: str, method: str, auth_token: str = None, metadata: dict = None, blob: bytes = None, longpoll: int = None) -> dict:
+    if method.upper() not in ["POST", "GET", "PUT", "DELETE"]:
+        raise ValueError(f"Invalid request method `{method}`")
+
+   
+    if method.upper() in ["POST", "PUT"]:
+        if metadata and blob:
+        
+            # a-zA-Z0-9, same as what Chromium-based browser do.
+            ALPHABET_ASCII  = string.ascii_letters + string.digits  
+            ALPHABET_LENGTH = len(ALPHABET_ASCII)
+
+            boundary = "WebKitFormBoundary"
+            boundary += ''.join(ALPHABET_ASCII[b % ALPHABET_LENGTH] for b in sha3_512(secrets.token_bytes(16)[:16]))
+
+            CRLF = "\r\n"
+            body = b""
+            
+            if metadata is not None:
+                body += encode_field("metadata", json.dumps({"metadata": metadata}), boundary, CRLF)
+            
+            if blob is not None:
+                body += encode_file("blob", "blob.bin", blob, boundary, CRLF)
+
+            body += f'--{boundary}--{CRLF}'.encode("utf-8")
+
+
+            req = request.Request(
+                url,
+                data = body,
+                headers={"Content-Type": f"multipart/form-data; boundary={boundary}"}
+            )
+
+        elif metadata:
+            metadata = json.dumps(metadata).encode("utf-8")
+            req = request.Request(url, data=metadata, method=method.upper())
+            req.add_header("Content-Type", "application/json")
+        else:
+            raise ValueError("Request method is POST/PUT but no metadata nor blob were given.")
+
+    else:
+        req = request.Request(url, method=method.upper())
+
+    if auth_token is not None:
+        req.add_header("Authorization", "Bearer " + auth_token)
+
+ 
+    # NOTE: urllib raises a HTTPError for status code >= 400
+    try:
+        with request.urlopen(req, timeout = longpoll) as response:
+            return response.read()
+
+    except urllib.error.HTTPError as e:
+        body = e.read().decode()
+        logger.error("We received error from server: %s", body)
+        raise Exception(body)
+
+
+
+
+"""
 def http_request(url: str, method: str, auth_token: str = None, payload: dict = None, longpoll: int = -1) -> dict:
     if payload:
         payload = json.dumps(payload).encode()
@@ -82,3 +172,4 @@ def http_request(url: str, method: str, auth_token: str = None, payload: dict =
         body = e.read().decode()
         logger.error("We received error from server: %s", body)
         raise Exception(body)
+"""

logic/authentication.py

@@ -12,6 +12,7 @@
         ML_DSA_87_NAME,
         CHALLENGE_LEN
 )
+import json
 
 def authenticate_account(user_data: dict) -> dict:
     """
@@ -37,12 +38,14 @@ def authenticate_account(user_data: dict) -> dict:
     user_id = user_data.get("user_id") or ""
 
     try:
-        response = http_request(url + "/authenticate/init", "POST", payload = {"public_key": public_key_encoded, "user_id": user_id })
+        response = http_request(url + "/authenticate/init", "POST", metadata = {"public_key": public_key_encoded, "user_id": user_id })
     except Exception:
         if user_data["settings"]["proxy_info"] is not None:
             raise ValueError("Could not connect to server! Are you sure your proxy settings are valid ?")
         else:
             raise ValueError("Could not connect to server! Are you sure the URL is valid ?")
+    
+    response = json.loads(response.decode())
 
     if not 'challenge' in response:
         raise ValueError("Server did not give authenticatation challenge! Are you sure this is a Coldwire server ?")
@@ -56,10 +59,12 @@ def authenticate_account(user_data: dict) -> dict:
     signature = create_signature(ML_DSA_87_NAME, challenge[:CHALLENGE_LEN], private_key)
 
     try:
-        response = http_request(url + "/authenticate/verify", "POST", payload = {"signature": b64encode(signature).decode(), "challenge": response["challenge"]})
+        response = http_request(url + "/authenticate/verify", "POST", metadata = {"signature": b64encode(signature).decode(), "challenge": response["challenge"]})
     except Exception:
         raise ValueError("Server gave a malformed response, your account is probably missing from the server")
 
+    response = json.loads(response.decode())
+
     required_keys = ["status", "user_id", "token"]
     missing = [k for k in required_keys if k not in response]
 

logic/background_worker.py

@@ -4,15 +4,61 @@
 from logic.message import messages_data_handler
 from core.constants import (
     LONGPOLL_MIN,
-    LONGPOLL_MAX
+    LONGPOLL_MAX,
+    COLDWIRE_LEN_OFFSET,
+    SMP_TYPE,
+    PFS_TYPE,
+    MSG_TYPE,
+    XCHACHA20POLY1305_NONCE_LEN
 )
 from core.crypto import random_number_range
+from core.trad_crypto import (
+        encrypt_xchacha20poly1305,
+        decrypt_xchacha20poly1305
+)
+from base64 import b64decode
 import copy
 import logging
 import json
 
 logger = logging.getLogger(__name__)
 
+
+def decode_blob_stream(data: bytes) -> list:
+    messages = []
+
+    offset = 0
+    while offset < len(data):
+        if offset + COLDWIRE_LEN_OFFSET > len(data):
+            raise ValueError("Incomplete length prefix, malformed or corrupted data.")
+
+        msg_len = int.from_bytes(data[offset : offset + COLDWIRE_LEN_OFFSET], "big")
+        offset += COLDWIRE_LEN_OFFSET
+        if offset + msg_len > len(data):
+            raise ValueError("Incomplete message data")
+
+        messages.append(data[offset:offset + msg_len])
+        offset += msg_len
+    return messages
+
+
+def parse_blobs(blobs: list[bytes]) -> dict:
+    parsed_messages = []
+
+    for raw in blobs:
+        try:
+            sender, blob = raw.split(b"\0", 1)
+            sender = sender.decode("utf-8")
+            parsed_messages.append({
+                "sender": sender,
+                "blob": blob
+                })
+        except ValueError as e:
+            logger.error("Invalid message format! Error: %s", str(e))
+            continue
+
+    return parsed_messages
+
 def background_worker(user_data, user_data_lock, ui_queue, stop_flag):
     # Incase we received a SMP question request last time right before the background worker was about to exit
     smp_unanswered_questions(user_data, user_data_lock, ui_queue)
@@ -24,15 +70,22 @@ def background_worker(user_data, user_data_lock, ui_queue, stop_flag):
 
         try:
             # Random longpoll number to help obfsucate traffic against analysis
-            response = http_request(f"{server_url}/data/longpoll", "GET", auth_token=auth_token, longpoll=random_number_range(LONGPOLL_MIN, LONGPOLL_MAX))
+            response = http_request(
+                    f"{server_url}/data/longpoll", 
+                    "GET", 
+                    auth_token = auth_token, 
+                    longpoll = random_number_range(LONGPOLL_MIN, LONGPOLL_MAX)
+                )
         except TimeoutError:
             logger.debug("Data longpoll request has timed out, retrying...")
             continue
 
-        # logger.debug("Data received: %s", json.dumps(response, indent = 2)[:2000])
+        data = decode_blob_stream(response)
+        data = parse_blobs(data)
 
-        for message in response["messages"]:
-            logger.debug("Received data message: %s", json.dumps(message, indent = 2)[:5000])
+
+        for message in data:
+            logger.debug("Received data: %s", str(message)[:3000])
 
             # Sanity check universal message fields
             if (not "sender" in message) or (not message["sender"].isdigit()) or (len(message["sender"]) != 16):
@@ -43,25 +96,78 @@ def background_worker(user_data, user_data_lock, ui_queue, stop_flag):
 
                 continue
 
+            sender = message["sender"]
+            blob   = message["blob"]
+
             with user_data_lock:
                 user_data_copied = copy.deepcopy(user_data)
 
-            if message["data_type"] == "smp":
-                smp_data_handler(user_data, user_data_lock, user_data_copied, ui_queue, message)
+            # Everything from here is not validated by server
+
+            blob_plaintext = None
+            
+            if sender in user_data_copied["contacts"]: 
+                chacha_key = user_data["contacts"][sender]["lt_sign_key_smp"]["tmp_key"]
+                contact_next_strand_nonce = user_data["contacts"][sender]["contact_next_strand_nonce"]
+
+                if chacha_key is not None:
+                    chacha_key  = b64decode(user_data["contacts"][sender]["lt_sign_key_smp"]["tmp_key"])
+
+                    try:
+                        try:
+                            blob_plaintext = decrypt_xchacha20poly1305(chacha_key, blob[:XCHACHA20POLY1305_NONCE_LEN], blob[XCHACHA20POLY1305_NONCE_LEN:])
+                        except Exception as e:
+                            logger.debug("Failed to decrypt blob from contact (%s) probably due to invalid nonce: %s", sender, str(e))
+                            if contact_next_strand_nonce is None:
+                                raise Exception("Unable to decrypt apparent SMP request due to missing contact strand nonce.")
+
+                            blob_plaintext = decrypt_xchacha20poly1305(chacha_key, contact_next_strand_nonce, blob)
+
+                    except Exception as e:
+                        logger.error("Failed to decrypt blob from contact (%s) with error: %s", sender, str(e))
+                else:
+                    chacha_key = user_data["contacts"][sender]["contact_strand_key"]
+
+                    if (chacha_key is None) and (contact_next_strand_nonce is None):
+                        # just assume at this point that it's not encrypted.
+                        blob_plaintext = blob
+                    else:
+                        # Under known laws of physics, this should never fail. Unless the contact is acting funny on purpose / invalid implementation of Coldwire + strandlock protocol.
+                        try:
+                            blob_plaintext = decrypt_xchacha20poly1305(chacha_key, contact_next_strand_nonce, blob)
+                        except Exception as e:
+                            logger.error(
+                                    "Impossible error: Failed to decrypt blob from contact (%s)"
+                                    "We dont know what caused this, maybe the contact is trying to denial-of-service you"
+                                    ". Skipping data because of error: %s", sender, str(e)
+                                )
+                            continue
+            else:
+                logger.debug("Contact (%s) not saved.. we just gonna assume blob_plaintext = blob", sender)
+                blob_plaintext = blob
+
+
+            # SMP
+            if bytes([blob_plaintext[0]]) == SMP_TYPE:
+                smp_data_handler(user_data, user_data_lock, user_data_copied, ui_queue, sender, blob_plaintext[1:])
 
-            elif message["data_type"] == "pfs":
-                pfs_data_handler(user_data, user_data_lock, user_data_copied, ui_queue, message)
+            # PFS
+            elif bytes([blob_plaintext[0]]) == PFS_TYPE:
+                pfs_data_handler(user_data, user_data_lock, user_data_copied, ui_queue, sender, blob_plaintext[1:])
+            
+            # MSG
+            elif bytes([blob_plaintext[0]]) == MSG_TYPE:
+                messages_data_handler(user_data, user_data_lock, user_data_copied, ui_queue, sender, blob_plaintext[1:])
 
-            elif message["data_type"] == "message":
-                messages_data_handler(user_data, user_data_lock, user_data_copied, ui_queue, message)
             else:
                 logger.error(
-                        "Impossible condition, either you have discovered a bug in Coldwire, or the server is attempting to denial-of-service you. Skipping data message with unknown data type (%s)...", 
-                        message["data_type"]
+                        "Skipping data with unknown data type (%d) from contact (%s)...", 
+                        bytes([blob_plaintext[0]]),
+                        sender
                     )
 
         # *Sigh* I had to put this here because if we rotate before finishing reading all of the messages
-        # we would literally overwrite our own key.
+        # we would overwrite our own key.
         # TODO: We need to keep the last used key and use it when decapsulation with new key gives invalid output
         # because it might actually take some time for our keys to be uploaded to server + other servers, and to the contact.
         #

logic/contacts.py

@@ -87,9 +87,9 @@ def save_contact(user_data: dict, user_data_lock, contact_id: str) -> None:
                     }
                 },
                 "our_strand_key": None,
+                "contact_strand_key": None,
                 "our_next_strand_nonce": None,
-                "contact_next_strand_key": None,
-                "contact_strand_nonce": None,
+                "contact_next_strand_nonce": None,
                 "our_pads": {
                     "hash_chain": None,
                     "pads": None