Pro backend request/response glue code

.gitmodules

@@ -22,3 +22,6 @@
 [submodule "external/oxen-logging"]
 	path = external/oxen-logging
 	url = https://github.com/oxen-io/oxen-logging.git
+[submodule "external/simdutf"]
+	path = external/simdutf
+	url = https://github.com/simdutf/simdutf.git

README.md

@@ -1,5 +1,34 @@
 # Session utility library
 
+## Build
+
+```
+# Configure the build
+#
+# Options
+#   Enable APIs for creating onion-requests with:
+#
+#     -D ENABLE_ONIONERQ
+#
+#   Enable testing of a Session Pro Backend by defining on the configure line:
+#
+#     -D TEST_PRO_BACKEND_WITH_DEV_SERVER=1
+#
+#   These tests require the Session Pro Backend running in development mode (SESH_PRO_BACKEND_DEV=1)
+#   to be running and tests the request and response flow of registering, updating and revoking
+#   Session Pro from the development backend. You must also have a libcurl available such that
+#   `find_package(CURL)` succeeds (e.g. a system installed libcurl) for this to compile
+#   successfully.
+#
+#   By default, it contacts http://127.0.0.1:5000 but this URL can be changed using the CLI arg
+#   --pro-backend-dev-server-url="<url>" when invoking the test suite.
+#
+cmake -G Ninja -S . -B Build
+
+# Build
+cmake --build Build --parallel --verbose
+```
+
 ## Docs
 
 C Library: https://api.oxen.io/libsession-util-c/#/

external/CMakeLists.txt

@@ -193,3 +193,14 @@ libsession_static_bundle(libzstd_static)
 set(JSON_BuildTests OFF CACHE INTERNAL "")
 set(JSON_Install ON CACHE INTERNAL "") # Required to export targets that we use
 libsession_system_or_submodule(NLOHMANN nlohmann_json nlohmann_json>=3.7.0 nlohmann-json)
+
+set(JSON_BuildTests OFF CACHE INTERNAL "")
+set(JSON_Install ON CACHE INTERNAL "") # Required to export targets that we use
+
+function(simdutf_subdir)
+    set(SIMDUTF_TESTS OFF CACHE BOOL "")
+    set(SIMDUTF_TOOLS OFF CACHE BOOL "")
+    set(BUILD_SHARED_LIBS OFF)
+    add_subdirectory(simdutf)
+endfunction()
+simdutf_subdir()

include/session/blinding.h

@@ -5,6 +5,7 @@ extern "C" {
 #endif
 
 #include <stddef.h>
+#include <stdint.h>
 
 #include "export.h"
 #include "platform.h"
@@ -15,7 +16,7 @@ extern "C" {
 ///
 /// Inputs:
 /// - `ed25519_seckey` -- [in] the Ed25519 private key of the sender (64 bytes).
-/// - `server_pk` -- [in] the public key of the open group server to generate the
+/// - `server_pk` -- [in] the public key of the community server to generate the
 ///   blinded id for (32 bytes).
 /// - `blinded_pk_out` -- [out] pointer to a buffer of at least 32 bytes where the blinded_pk will
 ///   be written if generation was successful.
@@ -36,7 +37,7 @@ LIBSESSION_EXPORT bool session_blind15_key_pair(
 ///
 /// Inputs:
 /// - `ed25519_seckey` -- [in] the Ed25519 private key of the sender (64 bytes).
-/// - `server_pk` -- [in] the public key of the open group server to generate the
+/// - `server_pk` -- [in] the public key of the community server to generate the
 ///   blinded id for (32 bytes).
 /// - `blinded_pk_out` -- [out] pointer to a buffer of at least 32 bytes where the blinded_pk will
 ///   be written if generation was successful.
@@ -75,7 +76,7 @@ LIBSESSION_EXPORT bool session_blind_version_key_pair(
 ///
 /// Inputs:
 /// - `ed25519_seckey` -- [in] the Ed25519 private key of the sender (64 bytes).
-/// - `server_pk` -- [in] the public key of the open group server to generate the
+/// - `server_pk` -- [in] the public key of the community server to generate the
 ///   blinded id for (32 bytes).
 /// - `msg` -- [in] Pointer to a data buffer containing the message to generate a signature for.
 /// - `msg_len` -- [in] Length of `msg`
@@ -97,7 +98,7 @@ LIBSESSION_EXPORT bool session_blind15_sign(
 ///
 /// Inputs:
 /// - `ed25519_seckey` -- [in] the Ed25519 private key of the sender (64 bytes).
-/// - `server_pk` -- [in] the public key of the open group server to generate the
+/// - `server_pk` -- [in] the public key of the community server to generate the
 ///   blinded id for (32 bytes).
 /// - `msg` -- [in] Pointer to a data buffer containing the message to generate a signature for.
 /// - `msg_len` -- [in] Length of `msg`
@@ -145,7 +146,7 @@ LIBSESSION_EXPORT bool session_blind_version_sign(
 /// Inputs:
 /// - `session_id` -- [in] the session_id to compare (66 bytes with a 05 prefix).
 /// - `blinded_id` -- [in] the blinded_id to compare, can be either 15 or 25 blinded (66 bytes).
-/// - `server_pk` -- [in] the public key of the open group server to the blinded id came from (64
+/// - `server_pk` -- [in] the public key of the community server to the blinded id came from (64
 /// bytes).
 ///
 /// Outputs:

include/session/config/base.hpp

@@ -7,6 +7,7 @@
 #include <list>
 #include <memory>
 #include <session/config.hpp>
+#include <session/types.hpp>
 #include <session/util.hpp>
 #include <span>
 #include <type_traits>
@@ -29,9 +30,6 @@ class bt_dict_consumer;
 
 namespace session::config {
 
-template <typename T, typename... U>
-static constexpr bool is_one_of = (std::is_same_v<T, U> || ...);
-
 /// True for a dict_value direct subtype, but not scalar sub-subtypes.
 template <typename T>
 static constexpr bool is_dict_subtype = is_one_of<T, config::scalar, config::set, config::dict>;
@@ -944,7 +942,7 @@ class ConfigBase : public ConfigSig {
     /// API: base/ConfigBase::load_key
     ///
     /// Called to load an ed25519 key for encryption; this is meant for use by single-ownership
-    /// config types, like UserProfile, but not shared config types (closed groups).
+    /// config types, like UserProfile, but not shared config types (groups).
     ///
     /// Takes a binary string which is either the 32-byte seed, or 64-byte libsodium secret (which
     /// is just the seed and pubkey concatenated together), and then calls `key(...)` with the seed.

include/session/config/convo_info_volatile.hpp

@@ -44,13 +44,13 @@ class val_loader;
 ///           included, but will be 0 if no messages are read.
 ///       u - will be present and set to 1 if this conversation is specifically marked unread.
 ///
-/// g - group conversations (aka new, non-legacy closed groups).  The key is the group identifier
+/// g - group conversations (aka new, non-legacy groups).  The key is the group identifier
 ///     (beginning with 03).  Values are dicts with keys:
 ///     r - the unix timestamp (in integer milliseconds) of the last-read message.  Always
 ///         included, but will be 0 if no messages are read.
 ///     u - will be present and set to 1 if this conversation is specifically marked unread.
 ///
-/// C - legacy group conversations (aka closed groups).  The key is the group identifier (which
+/// C - legacy group conversations (aka groups).  The key is the group identifier (which
 ///     looks indistinguishable from a Session ID, but isn't really a proper Session ID).  Values
 ///     are dicts with keys:
 ///     r - the unix timestamp (integer milliseconds) of the last-read message.  Always included,

include/session/config/groups/info.hpp

@@ -236,7 +236,7 @@ class Info : public ConfigBase {
     /// API: groups/Info::set_delete_before
     ///
     /// Sets a "delete before" unix timestamp: this instructs clients to delete all messages from
-    /// the closed group history with a timestamp earlier than this value.  Returns nullopt if no
+    /// the group history with a timestamp earlier than this value.  Returns nullopt if no
     /// delete-before timestamp is set.
     ///
     /// The given value is checked for sanity (e.g. if you pass milliseconds it will be
@@ -250,7 +250,7 @@ class Info : public ConfigBase {
     /// API: groups/Info::get_delete_before
     ///
     /// Returns the delete-before unix timestamp (seconds) for the group; clients should delete all
-    /// messages from the closed group with timestamps earlier than this value, if set.
+    /// messages from the group with timestamps earlier than this value, if set.
     ///
     /// Returns std::nullopt if no delete-before timestamp is set.
     ///
@@ -279,7 +279,7 @@ class Info : public ConfigBase {
     /// API: groups/Info::get_delete_attach_before
     ///
     /// Returns the delete-attachments-before unix timestamp (seconds) for the group; clients should
-    /// delete all messages from the closed group with timestamps earlier than this value, if set.
+    /// delete all messages from the group with timestamps earlier than this value, if set.
     ///
     /// Returns std::nullopt if no delete-attachments-before timestamp is set.
     ///

include/session/config/groups/keys.h

@@ -4,6 +4,7 @@
 extern "C" {
 #endif
 
+#include "../../types.h"
 #include "../base.h"
 #include "../util.h"
 
@@ -132,6 +133,18 @@ LIBSESSION_EXPORT size_t groups_keys_size(const config_group_keys* conf);
 /// - `const unsigned char*` -- pointer to the 32-byte key, or nullptr if there
 LIBSESSION_EXPORT const unsigned char* groups_keys_get_key(const config_group_keys* conf, size_t N);
 
+/// API: groups/groups_keys_group_enc_key
+///
+/// Accesses the current encryption key: that is, the most current group decryption key. Returns the
+/// 32 byte private key, or, an empty span if there are no encryption keys at all.
+///
+/// Inputs:
+/// - `conf` -- the groups config object
+///
+/// Outputs:
+/// - `true` if we have admin keys, `false` otherwise.
+LIBSESSION_EXPORT const span_u8 groups_keys_group_enc_key(const config_group_keys* conf);
+
 /// API: groups/groups_keys_is_admin
 ///
 /// Returns true if this object has the group private keys, i.e. the user is an all-powerful

include/session/config/groups/keys.hpp

@@ -664,46 +664,12 @@ class Keys : public ConfigSig {
 
     /// API: groups/Keys::encrypt_message
     ///
-    /// Compresses, signs, and encrypts group message content.
-    ///
-    /// This method is passed a binary value containing a group message (typically a serialized
-    /// protobuf, but this method doesn't care about the specific data).  That data will be, in
-    /// order:
-    /// - compressed (but only if this actually reduces the data size)
-    /// - signed by the user's underlying session Ed25519 pubkey
-    /// - tagged with the user's underlying session Ed25519 pubkey (from which the session id can be
-    ///   computed).
-    /// - all of the above encoded into a bt-encoded dict
-    /// - suffix-padded with null bytes so that the final output value will be a multiple of 256
-    ///   bytes
-    /// - encrypted with the most-current group encryption key
-    ///
-    /// Since compression and padding is applied as part of this method, it is not required that the
-    /// given message include its own padding (and in fact, such padding will typically be
-    /// compressed down to nothing (if non-random)).
-    ///
-    /// This final encrypted value is then returned to be pushed to the swarm as-is (i.e. not
-    /// further wrapped).  For users downloading the message, all of the above is processed in
-    /// reverse by passing the returned message into `decrypt_message()`.
-    ///
-    /// The current implementation uses XChaCha20-Poly1305 for encryption and zstd for compression;
-    /// the bt-encoded value is a dict consisting of keys:
-    /// - "": the version of this encoding, currently set to 1.  This *MUST* be bumped if this is
-    ///   changed in such a way that older clients will not be able to properly decrypt such a
-    ///   message.
-    /// - "a": the *Ed25519* pubkey (32 bytes) of the author of the message.  (This will be
-    ///   converted to a x25519 pubkey to extract the sender's session id when decrypting).
-    /// - "s": signature by "a" of whichever of "d" or "z" are included in the data.
-    /// Exacly one of:
-    /// - "d": the uncompressed data (which must be non-empty if present)
-    /// - "z": the zstd-compressed data (which must be non-empty if present)
-    ///
-    /// When compression is enabled (by omitting the `compress` argument or specifying it as true)
-    /// then ZSTD compression will be *attempted* on the plaintext message and will be used if the
-    /// compressed data is smaller than the uncompressed data.  If disabled, or if compression does
-    /// not reduce the size, then the message will not be compressed.
-    ///
-    /// This method will throw on failure, which can happen in two cases:
+    /// Compresses, signs, and encrypts group message content with the user's underlying session
+    /// Ed25519 pubkey and the most-current group encryption key.
+    ///
+    /// See: crypto/encrypt_for_group
+    ///
+    /// This method will throw on failure:
     /// - if there no encryption keys are available at all (which should not occur in normal use).
     /// - if given a plaintext buffer larger than 1MB (even if the compressed version would be much
     ///   smaller).  It is recommended that clients impose their own limits much smaller than this
@@ -728,12 +694,13 @@ class Keys : public ConfigSig {
 
     /// API: groups/Keys::decrypt_message
     ///
-    /// Decrypts group message content that was presumably encrypted with `encrypt_message`,
+    /// Decrypts group message content that encrypted with `encrypt_message`.
+    ///
+    /// See: crypto/decrypt_group_message
     /// verifies the sender signature, decompresses the message (if necessary) and then returns the
     /// author pubkey and the plaintext data.
     ///
-    /// To prevent against memory exhaustion attacks, this method will fail if the value is
-    /// a compressed value that would decompress to a value larger than 1MB.
+    /// See: crypto/decrypt_group_message
     ///
     /// Inputs:
     /// - `ciphertext` -- an encrypted, encoded, signed, (possibly) compressed message as produced

include/session/config/namespaces.h

@@ -0,0 +1,34 @@
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum NAMESPACE {
+    // Messages sent to an updated group which should be able to be retrieved by revoked
+    // members are stored in this namespace
+    NAMESPACE_REVOKED_RETRIEVABLE_GROUP_MESSAGES = -11,
+
+    // Messages sent to one-to-one conversations are stored in this namespace
+    NAMESPACE_DEFAULT = 0,
+    NAMESPACE_USER_PROFILE = 2,
+    NAMESPACE_CONTACTS = 3,
+    NAMESPACE_CONVO_INFO_VOLATILE = 4,
+    NAMESPACE_USER_GROUPS = 5,
+
+    // Messages sent to a group:
+    NAMESPACE_GROUP_MESSAGES = 11,
+    // Groups config namespaces (i.e. for shared config of the group itself, not one user's group
+    // settings)
+    NAMESPACE_GROUP_KEYS = 12,
+    NAMESPACE_GROUP_INFO = 13,
+    NAMESPACE_GROUP_MEMBERS = 14,
+
+    // The local config should never be pushed but this gives us a nice identifier for each config
+    // type
+    NAMESPACE_LOCAL = 9999,
+} NAMESPACE;
+
+#ifdef __cplusplus
+}  // extern "C"
+#endif

include/session/config/namespaces.hpp

@@ -2,25 +2,31 @@
 
 #include <cstdint>
 
+#include "namespaces.h"
+
 namespace session::config {
 
 enum class Namespace : std::int16_t {
-    UserProfile = 2,
-    Contacts = 3,
-    ConvoInfoVolatile = 4,
-    UserGroups = 5,
+    RevokedRetrievableGroupMessages = NAMESPACE_REVOKED_RETRIEVABLE_GROUP_MESSAGES,
+
+    // Messages sent to one-to-one conversations are stored in this namespace
+    Default = NAMESPACE_DEFAULT,
+    UserProfile = NAMESPACE_USER_PROFILE,
+    Contacts = NAMESPACE_CONTACTS,
+    ConvoInfoVolatile = NAMESPACE_CONVO_INFO_VOLATILE,
+    UserGroups = NAMESPACE_USER_GROUPS,
 
-    // Messages sent to a closed group:
-    GroupMessages = 11,
+    // Messages sent to a group:
+    GroupMessages = NAMESPACE_GROUP_MESSAGES,
     // Groups config namespaces (i.e. for shared config of the group itself, not one user's group
     // settings)
-    GroupKeys = 12,
-    GroupInfo = 13,
-    GroupMembers = 14,
+    GroupKeys = NAMESPACE_GROUP_KEYS,
+    GroupInfo = NAMESPACE_GROUP_INFO,
+    GroupMembers = NAMESPACE_GROUP_MEMBERS,
 
     // The local config should never be pushed but this gives us a nice identifier for each config
     // type
-    Local = 9999,
+    Local = NAMESPACE_LOCAL,
 };
 
 }  // namespace session::config

include/session/config/pro.h

@@ -0,0 +1,37 @@
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "../export.h"
+#include "session/session_protocol.h"
+
+typedef struct pro_config {
+    bytes64 rotating_privkey;
+    session_protocol_pro_proof proof;
+} pro_pro_config;
+
+/// Verify the proof was signed by the `verify_pubkey` and that the `rotating_privkey` in the `pro`
+/// config rederives to the `rotating_pubkey` embedded in the proof.
+///
+/// Inputs:
+/// - `proof` -- Proof to verify
+/// - `verify_pubkey` -- Array of bytes containing the public key to (typically the Session Pro
+///   Backend public key) verify the proof against.
+/// - `verify_pubkey_len` -- Length of the `verify_pubkey` this must be 32 bytes, but is
+///   parameterised to detect errors about incorrectly sized arrays by the caller.
+///
+/// Outputs:
+/// - `bytes32` -- The 32 byte hash calculated from the proof
+LIBSESSION_EXPORT bool pro_config_verify_signature(
+        pro_pro_config const* pro, uint8_t const* verify_pubkey, size_t verify_pubkey_len)
+        NON_NULL_ARG(1, 2);
+
+#ifdef __cplusplus
+}  // extern "C"
+#endif