* notifications: periodic notifications
* agent: allow repeat token registrations, delete old tokens from notification server (e.g., when database is moved to another device)
* decrypt token verification code in the agent
* check token status, send TCRN on registration if it was enabled
* fix http2/apns response handling for error responses (also, APNS seems not to send content-length header?)
* APN push client (WIP)
* APNS push client works
* TODO comments
* comment
* send notification and process the response
* config
* e2e encryption for notification parameter
* read apns key filename and ID from env
* connect APNS client to server, fix notification JSON encoding to use dash case
* do not connect to APNS on start to pass CI tests
* fix CI test
* remove redundant import
* notifications: protocol
* update protocol to include subscription ID and DH public key
* update protocol, started server
* add notification server subscription DH key
* use the same command type in notifications protocol, protocol parsing, server frame
* remove empty files
* separate skipped messages from ratchet
* return diff for skipped messages instead of the whole state (tests fail)
* fix ratchet tests
* JSON encoding/decoding for ratchet state
* schema for ratchets
* split MonadUnliftIO instance for ExceptT to a separate file
* update StrEncoding instance for Str
* ratchet store methods
* updateRatchet store method
* move E2E ratchet params to Ratchet module
* x3dh key agreement for double ratchet
* test/fix x3dh, use x3dh for ratchets initialization
* store/get x3dh keys, save ratchet of fixed X448 type
* double-ratchet encryption integration (tests fail)
* fix double ratchet
* fix padding and message length
* remove unused code for "activations"
* remove comment
* add version checks for forward/backward compatibility
* split loading ratchet and skipped message keys
* remove unused encoding instances for Algorithm types
* update ratchet initialization params
* types and encodings for double ratchet integration
* upgrade stack resolver
* type classes for version agreement, encode/decode connection request links and E2E params with versioning
* encode/decode client parameters (version and DH key) in SMP queue URI using query string parameters
* restore support of the current SMP queue URI format
* update AMessage to only send queues in REPLY message (not the full connection request)
* new agent message evnvelopes (tests fail)
* new message envelopes - tests pass
* store fully encrypted messages before sending
* unify message delivery via DB queue (excluding confirmation and invitation)
* remove activateSecuredQueue
* linter hints
* remove comment
* export order
* save rachet-encrypted message, not per-queue encrypted
* delete message after it is accepted by the server, reduce message delivery interval for the tests
Co-authored-by: Efim Poberezkin <8711996+efim-poberezkin@users.noreply.github.com>
* make KeyHash non-optional, StrEncoding class
* change server URI format in agent config, refactor with StrEncoding
* refactor Crypto using checkAlgorithm
* refactor parsing connection requests
* prepare to validate CA fingerprint sent in client handshake
* KeyHash check in handshake
* rename type to CliCommand
* server validates keyhash sent by the client
* validate -a option when parsing
* more of StrEncoding
* binary SMP protocol encoding (server tests fail)
* use 1 byte for bytestring length when encoding/decoding
* Encoding class, binary tags
* update server tests
* negotiate SMP version in client/server handshake
* add version columns to queues and connections
* split parsing SMP client commands and server responses to different functions
* check uniqueness of protocol tags
* split client commands and server responses/messages to separate types
* update types in SMP client
* remove pattern synonyms for SMP errors
* simplify getHandshake
* update SMP protocol encoding in protocol spec
* encode time as a number of seconds (64-bit integer) since epoch
* use base64url encoding for public key in connection requests; only allow accepting invitations that were not accepted
* subscribe ContactConnection, fix test to use base64url encoding in key example
* move SMP server from agent commands NEW/JOIN to agent config
* fix SMPServer parser
* update agent protocol - server management
* enable agent test
* agent test with 2 servers
* create reply queue on the configured server
* choose random server
* swap bind
* sign and verify agent messages with key sent in HELLO (TODO: hardcoded block size - should use size from handshake; verify signature of HELLO message itself; possibly, different MSG status if signature was not verified (currently ignored) or failed to verify (currently fails with AGENT A_ENCRYPTION - alternatively, change it to AGENT A_SIGNATURE))
* remove hardcoded block size, make it 4096 bytes
* verify signature of HELLO message before it is added to RcvQueue
* refactor
* update doc
* rename functions
* inventory of error handling problems and types
* Change SMP protocol errors syntax
* connection errors in agent protocol (ERR CONN), STORE error -> AGENT error
* include exception in SEInternal error
* add MESSAGE errors, remove CRYPTO and SIZE errors
* agent protocol SYNTAX and AGENT errors
* BROKER errors
* group all client command (and agent response) errors
* BROKER TRANSPORT error
* simplify Client
* clean up
* transport errors
* simplify client
* parse / serialize agent errors
* differentiate crypto errors
* update errors.md
* make agent and SMP protocol errors consistent, simplify
* update doc
* test: parse / serialize protocol errors with QuickCheck
* add String to internal error
* exponential back-off when retrying to send HELLO
* refactor Client.hs
* replace fold with recursion in startTCPClient
* fail test if server did not start, refactor
* test: wait till TCP server stops
* test: refactor waiting for server to stop
* test: fail with error if server did not start/stop
* key encoding primitives (WIP)
* use X509/PKCS8 to read/write server key files
* make PrivateKey type class
* clean up
* remove separate public key file
* specific import
* move server keys to config
* add server keys from files
* create server keys if key files do not exist
* validate loaded server key pair
* refactor fromString functions
* key files in /etc/opt/simplex
* transport encryption (WIP - using fixed key, parsing/serialization works, SMP tests fail)
* transport encryption
* transport encryption: separate keys to receive and to send, counter-based IVs
* docs: update transport encryption and handshake
* transport encryption handshake (TODO: validate key hash, welcome block, move keys to system environment)
* change KeyHash type to newtype of Digest SHA256
* transport encryption: validate public key hash
* send and receive welcome block with SMP version
* refactor: parsing SMPServer
* remove unused function
* verify that client version is compatible with server version (major version is not smaller)
* update (fix) SMP server tests
* clrify encryption schemes
* increase SMP ping delay
* include authTag and msg size in encrypted message header, pad messages to fixed size
* use newtype for Key and IV bytestrings
* rename CryptoError constructors
* refactor Word to Int conversion
* refactor padding, replace padding character
* rfc corrections, comment
* rename aesTagSize -> authTagSize
* failing test
* generate key pair
* crypto: sign/verify functions
* remove extension
* parse/serialize keys
* use RSA recipient/sender keys (TODO sign/verify)
* make PublicKey newtype, assign 0s to private_p & private_q
* replace SMP command parsing with Attoparsec
* rename types: Signed->Transmission, Transmission->SignedTransmission
* sign and verify commands (server tests skipped, agent tests pass)
* SMP client: avoid seralizing transmission twice when sending commands
* update SMP server tests to use command signatures
* remove support for "SEND :msg" syntax from SMP server protocol
* rename RSA module name to R to avoid confusion with C used for S.M.Crypto
* update key sizes to use bits `div` 8
* tidy up
Evgeny Poberezkin