fedichat/fedicommander
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add message signing

Browse Source 
All messages are now signed by default with a randomly generated key.
TODO still is keyserver stuff, locking down the config file potentially
(or telling users to do it in the readme?), and doing any sort of
verification
This commit is contained in:
Waylon Cude
2026-05-31 11:09:15 -07:00
parent 1e67b80d10
commit 0f36ee454e
5 changed files with 277 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Cargo.lock
Generated
+219 -3
View File
@@ -93,6 +93,12 @@ version = "0.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
[[package]]
name = "base64ct"
version = "1.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06"
[[package]] [[package]]
name = "bitflags" name = "bitflags"
version = "1.3.2" version = "1.3.2"
@@ -116,6 +122,15 @@ dependencies = [
"constant_time_eq", "constant_time_eq",
] ]
[[package]]
name = "block-buffer"
version = "0.10.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
dependencies = [
"generic-array",
]
[[package]] [[package]]
name = "bumpalo" name = "bumpalo"
version = "3.20.3" version = "3.20.3"
@@ -163,7 +178,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601" checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"cpufeatures", "cpufeatures 0.3.0",
"rand_core 0.10.1", "rand_core 0.10.1",
] ]
@@ -223,6 +238,12 @@ dependencies = [
"memchr", "memchr",
] ]
[[package]]
name = "const-oid"
version = "0.9.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
[[package]] [[package]]
name = "constant_time_eq" name = "constant_time_eq"
version = "0.1.5" version = "0.1.5"
@@ -255,6 +276,15 @@ version = "0.8.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
[[package]]
name = "cpufeatures"
version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
dependencies = [
"libc",
]
[[package]] [[package]]
name = "cpufeatures" name = "cpufeatures"
version = "0.3.0" version = "0.3.0"
@@ -294,6 +324,16 @@ version = "0.8.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
[[package]]
name = "crypto-common"
version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
dependencies = [
"generic-array",
"typenum",
]
[[package]] [[package]]
name = "ctrlc-async" name = "ctrlc-async"
version = "3.2.2" version = "3.2.2"
@@ -305,12 +345,49 @@ dependencies = [
"winapi", "winapi",
] ]
[[package]]
name = "curve25519-dalek"
version = "4.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
dependencies = [
"cfg-if",
"cpufeatures 0.2.17",
"curve25519-dalek-derive",
"digest",
"fiat-crypto",
"rustc_version",
"subtle",
"zeroize",
]
[[package]]
name = "curve25519-dalek-derive"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "data-encoding" name = "data-encoding"
version = "2.11.0" version = "2.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a4ae5f15dda3c708c0ade84bfee31ccab44a3da4f88015ed22f63732abe300c8" checksum = "a4ae5f15dda3c708c0ade84bfee31ccab44a3da4f88015ed22f63732abe300c8"
[[package]]
name = "der"
version = "0.7.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
dependencies = [
"const-oid",
"zeroize",
]
[[package]] [[package]]
name = "deranged" name = "deranged"
version = "0.5.8" version = "0.5.8"
@@ -321,6 +398,16 @@ dependencies = [
"serde_core", "serde_core",
] ]
[[package]]
name = "digest"
version = "0.10.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
dependencies = [
"block-buffer",
"crypto-common",
]
[[package]] [[package]]
name = "dirs" name = "dirs"
version = "1.0.5" version = "1.0.5"
@@ -349,6 +436,32 @@ version = "0.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f" checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f"
[[package]]
name = "ed25519"
version = "2.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
dependencies = [
"pkcs8",
"serde",
"signature",
]
[[package]]
name = "ed25519-dalek"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9"
dependencies = [
"curve25519-dalek",
"ed25519",
"rand_core 0.6.4",
"serde",
"sha2",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "either" name = "either"
version = "1.16.0" version = "1.16.0"
@@ -397,10 +510,13 @@ dependencies = [
[[package]] [[package]]
name = "fedichat" name = "fedichat"
version = "0.1.0" version = "0.1.0"
source = "git+https://git.firechicken.net/fedichat/fedichat-lib#49cbd905ceecb7bf7be463f81836742e3a7ddc24" source = "git+https://git.firechicken.net/fedichat/fedichat-lib#3edf74d890232d09737ac9c343ebb24331fe7c68"
dependencies = [ dependencies = [
"ed25519",
"rmp-serde",
"serde", "serde",
"serde_bytes", "serde_bytes",
"thiserror 2.0.18",
"time", "time",
"uuid", "uuid",
] ]
@@ -412,10 +528,12 @@ dependencies = [
"clap", "clap",
"ctrlc-async", "ctrlc-async",
"dotenv", "dotenv",
"ed25519-dalek",
"expanduser", "expanduser",
"fedichat", "fedichat",
"hickory-resolver", "hickory-resolver",
"quinn", "quinn",
"rand 0.8.6",
"rmp-serde", "rmp-serde",
"serde", "serde",
"thiserror 2.0.18", "thiserror 2.0.18",
@@ -427,6 +545,12 @@ dependencies = [
"uuid", "uuid",
] ]
[[package]]
name = "fiat-crypto"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
[[package]] [[package]]
name = "find-msvc-tools" name = "find-msvc-tools"
version = "0.1.9" version = "0.1.9"
@@ -499,6 +623,16 @@ dependencies = [
"slab", "slab",
] ]
[[package]]
name = "generic-array"
version = "0.14.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
dependencies = [
"typenum",
"version_check",
]
[[package]] [[package]]
name = "getrandom" name = "getrandom"
version = "0.1.16" version = "0.1.16"
@@ -1077,6 +1211,16 @@ version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd"
[[package]]
name = "pkcs8"
version = "0.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
dependencies = [
"der",
"spki",
]
[[package]] [[package]]
name = "portable-atomic" name = "portable-atomic"
version = "1.13.1" version = "1.13.1"
@@ -1225,13 +1369,24 @@ version = "6.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf"
[[package]]
name = "rand"
version = "0.8.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a"
dependencies = [
"libc",
"rand_chacha 0.3.1",
"rand_core 0.6.4",
]
[[package]] [[package]]
name = "rand" name = "rand"
version = "0.9.4" version = "0.9.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea" checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea"
dependencies = [ dependencies = [
"rand_chacha", "rand_chacha 0.9.0",
"rand_core 0.9.5", "rand_core 0.9.5",
] ]
@@ -1246,6 +1401,16 @@ dependencies = [
"rand_core 0.10.1", "rand_core 0.10.1",
] ]
[[package]]
name = "rand_chacha"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
dependencies = [
"ppv-lite86",
"rand_core 0.6.4",
]
[[package]] [[package]]
name = "rand_chacha" name = "rand_chacha"
version = "0.9.0" version = "0.9.0"
@@ -1256,6 +1421,15 @@ dependencies = [
"rand_core 0.9.5", "rand_core 0.9.5",
] ]
[[package]]
name = "rand_core"
version = "0.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
dependencies = [
"getrandom 0.2.17",
]
[[package]] [[package]]
name = "rand_core" name = "rand_core"
version = "0.9.5" version = "0.9.5"
@@ -1558,6 +1732,17 @@ dependencies = [
"serde_core", "serde_core",
] ]
[[package]]
name = "sha2"
version = "0.10.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
dependencies = [
"cfg-if",
"cpufeatures 0.2.17",
"digest",
]
[[package]] [[package]]
name = "sharded-slab" name = "sharded-slab"
version = "0.1.7" version = "0.1.7"
@@ -1583,6 +1768,15 @@ dependencies = [
"libc", "libc",
] ]
[[package]]
name = "signature"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
dependencies = [
"rand_core 0.6.4",
]
[[package]] [[package]]
name = "simd_cesu8" name = "simd_cesu8"
version = "1.1.1" version = "1.1.1"
@@ -1627,6 +1821,16 @@ dependencies = [
"windows-sys 0.61.2", "windows-sys 0.61.2",
] ]
[[package]]
name = "spki"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
dependencies = [
"base64ct",
"der",
]
[[package]] [[package]]
name = "stable_deref_trait" name = "stable_deref_trait"
version = "1.2.1" version = "1.2.1"
@@ -1923,6 +2127,12 @@ dependencies = [
"tracing-log", "tracing-log",
] ]
[[package]]
name = "typenum"
version = "1.20.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6f5e870be6c3b371b77fe0ee0bafb859fa4964b4404c27de1d380043c4dda20"
[[package]] [[package]]
name = "unicode-ident" name = "unicode-ident"
version = "1.0.24" version = "1.0.24"
@@ -1983,6 +2193,12 @@ version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
[[package]]
name = "version_check"
version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
[[package]] [[package]]
name = "walkdir" name = "walkdir"
version = "2.5.0" version = "2.5.0"
Cargo.toml
+2
View File
@@ -21,3 +21,5 @@ time = { version = "0.3.47", features = ["serde"] }
hickory-resolver = "0.26.1" hickory-resolver = "0.26.1"
expanduser = "1.2.2" expanduser = "1.2.2"
uuid = { version = "1.23.2", features = ["v4"] } uuid = { version = "1.23.2", features = ["v4"] }
ed25519-dalek = { version = "2.2.0", features = ["rand_core", "serde"] }
rand = "0.8"
src/cli.rs
+9 -1
View File
@@ -1,4 +1,5 @@
use clap::{Parser,Subcommand,ArgAction}; use clap::{Parser,Subcommand,ArgAction};
use ed25519_dalek::SigningKey;
use fedichat::client::{ClientMessage,SignedClientMessage,AuthMethod}; use fedichat::client::{ClientMessage,SignedClientMessage,AuthMethod};
use fedichat::ServerAddr; use fedichat::ServerAddr;
use fedichat::state::StatePath; use fedichat::state::StatePath;
@@ -181,7 +182,7 @@ impl Command {
} }
// If a command needs multiple messages, like an auth message first // If a command needs multiple messages, like an auth message first
// then call this // then call this
pub fn generate_messages(self,username: String,token: Option<String>) pub fn generate_messages(self,username: String,token: Option<String>, key: SigningKey)
-> Result<Vec<SignedClientMessage>,MessageError> -> Result<Vec<SignedClientMessage>,MessageError>
{ {
let mut messages = Vec::with_capacity(2); let mut messages = Vec::with_capacity(2);
@@ -211,6 +212,11 @@ impl Command {
signature: Box::new([0])}); signature: Box::new([0])});
} }
// sign all the messages
for message in messages.iter_mut() {
message.sign(key.clone())?;
}
Ok(messages) Ok(messages)
} }
} }
@@ -223,6 +229,8 @@ pub enum MessageError {
UuidError(#[from] uuid::Error), UuidError(#[from] uuid::Error),
#[error("Error during file IO: {0}")] #[error("Error during file IO: {0}")]
IoError(#[from] std::io::Error), IoError(#[from] std::io::Error),
#[error("Error while processing signature: {0}")]
Signature(#[from] fedichat::client::SignatureError)
} }
src/config.rs
+41 -5
View File
@@ -1,4 +1,6 @@
use expanduser::expanduser; use expanduser::expanduser;
use rand::rngs::OsRng;
use ed25519_dalek::SigningKey;
use serde::{Serialize,Deserialize}; use serde::{Serialize,Deserialize};
use std::collections::HashMap; use std::collections::HashMap;
use std::fs::File; use std::fs::File;
@@ -62,14 +64,41 @@ impl Config {
pub fn insert_token(&mut self,server: &String,username: String, token: String) -> Result<(),ConfigError> { pub fn insert_token(&mut self,server: &String,username: String, token: String) -> Result<(),ConfigError> {
let _ = self.servers.get_mut(server).ok_or(ConfigError::ServerNotFound(server.clone()))? let _ = self.servers.get_mut(server).ok_or(ConfigError::ServerNotFound(server.clone()))?
.users.insert(username,token); .users.get_mut(&username).ok_or(ConfigError::UserNotFound(username.clone()))?.token = Some(token);
Ok(()) Ok(())
} }
pub fn get_token(&self,server: &String, username: &String) -> Result<Option<String>,ConfigError> { pub fn get_token(&self,server: &String, username: &String) -> Result<Option<String>,ConfigError> {
// TODO: Dont really have to clone the return value probably. Should refactor at some point
Ok(self.servers.get(server).ok_or(ConfigError::ServerNotFound(server.clone()))? Ok(self.servers.get(server).ok_or(ConfigError::ServerNotFound(server.clone()))?
.users.get(username).cloned()) .users.get(username).ok_or(ConfigError::UserNotFound(username.clone()))?.token.clone())
}
// Set up key if user does not exist
//
// If user does exist they are guaranteed to already have a key
//
// Maybe at some point there should be a command to load/save/regenerate keys
pub fn maybe_gen_key(&mut self, server: &String, username: &String) -> Result<(),ConfigError>{
if !self.servers.contains_key(server) {
self.servers.insert(server.to_string(),Server{users: HashMap::new()});
}
let server = self.servers.get_mut(server).ok_or(ConfigError::ServerNotFound(server.clone()))?;
if !server.users.contains_key(username) {
let mut rng = OsRng;
let key = SigningKey::generate(&mut rng);
server.users.insert(username.to_string(),User{token: None, key});
}
Ok(())
}
pub fn get_key(&self,server: &String, username: &String) -> Result<SigningKey,ConfigError>{
Ok(self.servers.get(server).ok_or(ConfigError::ServerNotFound(server.clone()))?
.users.get(username).ok_or(ConfigError::UserNotFound(username.clone()))?.key.clone())
} }
} }
@@ -78,7 +107,14 @@ impl Config {
#[derive(Serialize,Deserialize)] #[derive(Serialize,Deserialize)]
pub struct Server { pub struct Server {
// user to token mapping // user to token mapping
users: HashMap<String,String> users: HashMap<String,User>
}
// NOTE: Storing keys in the config file means we need to lock down read access
#[derive(Serialize,Deserialize,Clone)]
pub struct User {
pub token: Option<String>,
pub key: ed25519_dalek::SigningKey
} }
#[derive(Error,Debug)] #[derive(Error,Debug)]
@@ -91,8 +127,8 @@ pub enum ConfigError {
#[error("Error while serializing config file: {0}")] #[error("Error while serializing config file: {0}")]
SerError(#[from] toml::ser::Error), SerError(#[from] toml::ser::Error),
//#[error("User `{0}` not found in config")] #[error("User `{0}` not found in config")]
//UserNotFound(String), UserNotFound(String),
#[error("Server `{0}` not found in config")] #[error("Server `{0}` not found in config")]
ServerNotFound(String), ServerNotFound(String),
src/main.rs
+6 -1
View File
@@ -57,10 +57,13 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
Err(e) => return Err(Box::new(e).into()) Err(e) => return Err(Box::new(e).into())
}; };
// set homeserver
let target_server = match cli.server { let target_server = match cli.server {
Some(s) => s, Some(s) => s,
None => config.default_server.clone() None => config.default_server.clone()
}; };
// Generate a key for the specified user if they do not already exist
config.maybe_gen_key(&target_server,&cli.username)?;
let token = config.get_token(&target_server,&cli.username)?; let token = config.get_token(&target_server,&cli.username)?;
debug!("Target server is {target_server}"); debug!("Target server is {target_server}");
@@ -83,9 +86,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
if let Command::Fetch{file, ..} = &cli.command { if let Command::Fetch{file, ..} = &cli.command {
file_to_write = Some(file.clone()); file_to_write = Some(file.clone());
} }
let key = config.get_key(&target_server,&cli.username)?;
// send messages, each time waiting for a response // send messages, each time waiting for a response
let messages = cli.command.generate_messages(cli.username.clone(),token)?; let messages = cli.command.generate_messages(cli.username.clone(),token,key)?;
debug!("Sending commands"); debug!("Sending commands");