* Add X509 cert and TLS credentials generator
* Expand Crypto toolkit and rewrite tls credentials with it
* Exclude X keys from SignatureAlgorithmX509 and TLS.PrivKey
* Add helpers for DB marshalling and fingerprints
* Derive public key from private
* remove module name from selectors
* Remove StrEncoding (PrivateKey Ed25519)
* remove comment
---------
Co-authored-by: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com>
* make timeouts for batched functions dependent on the number of batches
* fix
* refactor
* refactor
* change import
* refactor
* rename function
* rename
* refactor
* remove space
* xftp: cli client draft
* more stubs
* compiles
* hash, app
* options parsers, random
* tmp
* xftp CLI client agent, simplify CLI command syntax
* only allow argument as a second parameter
* pivot signature draft
* receive file
* pivot sent chunks to recipients
* encryptFile - temp, chunks, specs
* send (upload) file and save file descriptions
* refactor, remove encrypted file
* save file size in description as string
* include filename inside padded encrypted file
* call chunk uploads concurrently, using queueing in HTTP2 as library client does not support concurrent streaming uploads
* download file (does not work yet)
* add digests to sent chunks
* fix recv - save file using AppendMode
* encrypt/decrypt sent file with secretbox
* remove print
* fix file description parsing in tests
* fix test
---------
Co-authored-by: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com>
* SMP v3: encrypt message timestamp and flags together with the body between server and recipient
* v3 tests
* update protocol doc
* add test for max size message
* delay in notifications test
* simplify v3
* encrypt server message to the recipient when sent
* refactor
* exit on error restoring the messages
* refactor, increase test timeout
* style
* add prints to the test
* remove error from unsafeMaxLenBS
* update protocol
* lint, improve test, change func param
* ntf-server store log
* ntf serevr: restore log when server is started, save compacted store log
* log ntf server store changes
* test, store log works
* update ntf-server exe
* notifications: periodic notifications
* agent: allow repeat token registrations, delete old tokens from notification server (e.g., when database is moved to another device)
* decrypt token verification code in the agent
* check token status, send TCRN on registration if it was enabled
* fix http2/apns response handling for error responses (also, APNS seems not to send content-length header?)
* APN push client (WIP)
* APNS push client works
* TODO comments
* comment
* send notification and process the response
* config
* e2e encryption for notification parameter
* read apns key filename and ID from env
* connect APNS client to server, fix notification JSON encoding to use dash case
* do not connect to APNS on start to pass CI tests
* fix CI test
* remove redundant import
* notifications: protocol
* update protocol to include subscription ID and DH public key
* update protocol, started server
* add notification server subscription DH key
* use the same command type in notifications protocol, protocol parsing, server frame
* remove empty files
* separate skipped messages from ratchet
* return diff for skipped messages instead of the whole state (tests fail)
* fix ratchet tests
* JSON encoding/decoding for ratchet state
* schema for ratchets
* split MonadUnliftIO instance for ExceptT to a separate file
* update StrEncoding instance for Str
* ratchet store methods
* updateRatchet store method
* move E2E ratchet params to Ratchet module
* x3dh key agreement for double ratchet
* test/fix x3dh, use x3dh for ratchets initialization
* store/get x3dh keys, save ratchet of fixed X448 type
* double-ratchet encryption integration (tests fail)
* fix double ratchet
* fix padding and message length
* remove unused code for "activations"
* remove comment
* add version checks for forward/backward compatibility
* split loading ratchet and skipped message keys
* remove unused encoding instances for Algorithm types
* update ratchet initialization params
* types and encodings for double ratchet integration
* upgrade stack resolver
* type classes for version agreement, encode/decode connection request links and E2E params with versioning
* encode/decode client parameters (version and DH key) in SMP queue URI using query string parameters
* restore support of the current SMP queue URI format
* update AMessage to only send queues in REPLY message (not the full connection request)
* new agent message evnvelopes (tests fail)
* new message envelopes - tests pass
* store fully encrypted messages before sending
* unify message delivery via DB queue (excluding confirmation and invitation)
* remove activateSecuredQueue
* linter hints
* remove comment
* export order
* save rachet-encrypted message, not per-queue encrypted
* delete message after it is accepted by the server, reduce message delivery interval for the tests
Co-authored-by: Efim Poberezkin <8711996+efim-poberezkin@users.noreply.github.com>
* make KeyHash non-optional, StrEncoding class
* change server URI format in agent config, refactor with StrEncoding
* refactor Crypto using checkAlgorithm
* refactor parsing connection requests
* prepare to validate CA fingerprint sent in client handshake
* KeyHash check in handshake
* rename type to CliCommand
* server validates keyhash sent by the client
* validate -a option when parsing
* more of StrEncoding
* binary SMP protocol encoding (server tests fail)
* use 1 byte for bytestring length when encoding/decoding
* Encoding class, binary tags
* update server tests
* negotiate SMP version in client/server handshake
* add version columns to queues and connections
* split parsing SMP client commands and server responses to different functions
* check uniqueness of protocol tags
* split client commands and server responses/messages to separate types
* update types in SMP client
* remove pattern synonyms for SMP errors
* simplify getHandshake
* update SMP protocol encoding in protocol spec
* encode time as a number of seconds (64-bit integer) since epoch
* use base64url encoding for public key in connection requests; only allow accepting invitations that were not accepted
* subscribe ContactConnection, fix test to use base64url encoding in key example
Evgeny Poberezkin