diff --git a/demo.py b/demo.py index 577bb80..19a2e6d 100644 --- a/demo.py +++ b/demo.py @@ -92,6 +92,7 @@ async def main(): "key": user.push_connection.credentials.private_key, "cert": user.push_connection.credentials.cert, } + CONFIG["extra"] = user.extra with open("config.json", "w") as f: json.dump(CONFIG, f, indent=4) diff --git a/ids/__init__.py b/ids/__init__.py index 381e3ce..d6afd76 100644 --- a/ids/__init__.py +++ b/ids/__init__.py @@ -4,7 +4,7 @@ import logging import apns -from . import _helpers, identity, profile, query +from . import _helpers, identity, profile, query, encryption from typing import Callable, Any class IDSUser: @@ -66,6 +66,12 @@ class IDSUser: self.ec_key, self.rsa_key will be set to a randomly gnenerated EC and RSA keypair if they are not already set """ + + + self.ngm = encryption.NGMIdentity(self.extra.get("device_key"), self.extra.get("prekey")) + self.extra["device_key"] = self.ngm.device_key + self.extra["prekey"] = self.ngm.pre_key + cert = identity.register( b64encode(self.push_connection.credentials.token), self.handles, @@ -74,13 +80,18 @@ class IDSUser: self._push_keypair, self.encryption_identity, validation_data, + self.ngm ) self._id_keypair = _helpers.KeyPair(self._auth_keypair.key, cert) + #self.extra = extra + def restore_identity(self, id_keypair: _helpers.KeyPair): self._id_keypair = id_keypair def auth_and_set_encryption_from_config(self, config: dict[str, dict[str, Any]]): + if "extra" in config: + self.extra = config["extra"] auth = config.get("auth", {}) if ( diff --git a/ids/_helpers.py b/ids/_helpers.py index d737136..58f3c52 100644 --- a/ids/_helpers.py +++ b/ids/_helpers.py @@ -78,6 +78,28 @@ def create_compact_key(): return pub, serialize_key(key) +def compact_key(key: ec.EllipticCurvePrivateKey): + from cryptography.hazmat.primitives.asymmetric import ec + from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat + return key.public_key().public_bytes(Encoding.X962, PublicFormat.CompressedPoint)[1:] + + +def create_compactable_key(): + # Generate a P256 keypair + from cryptography.hazmat.primitives.asymmetric import ec + from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat + + # Generate keys until we get one that is even + key = None + + while True: + key = ec.generate_private_key(ec.SECP256R1()) + pub = key.public_key().public_bytes(Encoding.X962, PublicFormat.CompressedPoint) + if pub[0] == 0x02: + break + + return serialize_key(key) + def create_encoded_compact_key() -> tuple[str, str]: pub, key = create_compact_key() # URL-safe base64 encode diff --git a/ids/encryption.py b/ids/encryption.py index 8c2b4ba..db79d9c 100644 --- a/ids/encryption.py +++ b/ids/encryption.py @@ -1,8 +1,56 @@ from . import ids_pb2, _helpers +import struct,time + +from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives import hashes import logging logger = logging.getLogger("ids") +class NGMIdentity: + def __init__(self, device_key: str | None, pre_key: str | None): + if device_key is None: + device_key = _helpers.create_compactable_key() + if pre_key is None: + pre_key = _helpers.create_compactable_key() + self.device_key = device_key + self.pre_key = pre_key + + @staticmethod + def serialize_timestamp(timestamp: float): + import struct + return struct.pack("\x9f\xae\xd9\xf9\xd1\x9c*\x8dU\xe0\xd2\xdeo\xb2\xcb\xd8\xf8i\xd4\xd0a^\t!\x0fa\xb2\xddI\xfc_*\x19\xb2\xf0#\x12\xe0@\xd9A", + "supports-original-timestamp-v1": True, + "supports-sa-v1": True, + "supports-photos-extension-v2": True, + "supports-photos-extension-v1": True, + "prefers-sdr": False, + "supports-fsm-v1": True, + "supports-fsm-v3": True, + "supports-fsm-v2": True, + "supports-shared-exp": True, + "supports-location-sharing": True, + #"device-key-signature": b'0c\x04\x14\x1d\xb02~\xefk&\xf8\r;R\xa4\x95c~\x8a\x90H\x85\xb0\x02\x01\x01\x04H0F\x02!\x00\xa7\x08\xf5"z.3/\xbe\xea\x8c\xce\x8dD\xb6\xf0v\xd0\x030\xac\xd1\xde\x88\x89q\x9ej\x1bJR\xce\x02!\x00\xb8^\xd9\x97`\x19|\xa8\x1d\\\xf9E\x1a`<0\x00\xab\x94\x0bs\xed\x8b\xc4h\xcb\r\x91\xdb\xb0W\xdc', + "supports-st-v1": True, + "supports-ca-v1": True, + "supports-protobuf-payload-data-v2": True, + "supports-hdr": True, + "supports-media-v2": True, + "supports-be-v1": True, + "public-message-identity-version": 2.0, + "supports-heif": True, + "supports-certified-delivery-v1": True, + "supports-autoloopvideo-v1": True, + "supports-dq-nr": True, + "public-message-identity-ngm-version": 12.0, + "supports-audio-messaging-v2": True, }, + "kt-loggable-data": ngm.generate_loggable_data(), + "kt-mismatch-account-flag": True, "uris": uris, "user-id": user_id, } ], - }, - { - "client-data": { - "supports-ack-v1": True, - "public-message-identity-key": identity.encode(), - "supports-update-attachments-v1": True, - "supports-keep-receipts": True, - "supports-people-request-messages-v2": True, - "supports-people-request-messages-v3": True, - "supports-impact-v1": True, - "supports-rem": True, - "nicknames-version": 1.0, - "ec-version": 1.0, - "supports-animoji-v2": True, - "supports-ii-v1": True, - "optionally-receive-typing-indicators": True, - "supports-inline-attachments": True, - "supports-people-request-messages": True, - "supports-cross-platform-sharing": True, - "public-message-ngm-device-prekey-data-key": b"\n \xb4\\\x15\x8e\xa4\xc8\xe5\x07\x98\tp\xd0\xa4^\x84k\x05#Ep\xa9*\xcd\xadt\xf5\xb0\xfb\xa6_ho\x12@\xe3\xf5\xcaOwh\xfd\xb9\xecD\t\x0e\x9e\xb8\xb0\xa1\x1c=\x92\x9dD/lmL\xde.\\o\xeb\x15>\x9f\xae\xd9\xf9\xd1\x9c*\x8dU\xe0\xd2\xdeo\xb2\xcb\xd8\xf8i\xd4\xd0a^\t!\x0fa\xb2\xddI\xfc_*\x19\xb2\xf0#\x12\xe0@\xd9A", - "supports-original-timestamp-v1": True, - "supports-sa-v1": True, - "supports-photos-extension-v2": True, - "supports-photos-extension-v1": True, - "prefers-sdr": False, - "supports-fsm-v1": True, - "supports-fsm-v3": True, - "supports-fsm-v2": True, - "supports-shared-exp": True, - "supports-location-sharing": True, - "device-key-signature": b'0c\x04\x14\x1d\xb02~\xefk&\xf8\r;R\xa4\x95c~\x8a\x90H\x85\xb0\x02\x01\x01\x04H0F\x02!\x00\xa7\x08\xf5"z.3/\xbe\xea\x8c\xce\x8dD\xb6\xf0v\xd0\x030\xac\xd1\xde\x88\x89q\x9ej\x1bJR\xce\x02!\x00\xb8^\xd9\x97`\x19|\xa8\x1d\\\xf9E\x1a`<0\x00\xab\x94\x0bs\xed\x8b\xc4h\xcb\r\x91\xdb\xb0W\xdc', - "supports-st-v1": True, - "supports-ca-v1": True, - "supports-protobuf-payload-data-v2": True, - "supports-hdr": True, - "supports-media-v2": True, - "supports-be-v1": True, - "public-message-identity-version": 2.0, - "supports-heif": True, - "supports-certified-delivery-v1": True, - "supports-autoloopvideo-v1": True, - "supports-dq-nr": True, - "public-message-identity-ngm-version": 12.0, - "supports-audio-messaging-v2": True, - }, - "kt-loggable-data": b'\n"\n \rl\xbe\xca\xf7\xe8\xb2\x89k\x18\x1e\xb9,d\xf8\xe2\n\xbf\x8d\xe1E\xd6\xf3T\xcb\xd9\x99d\xd1mk\xeb\x10\x0c\x18\x05"E\x08\x01\x12A\x04\xe3\xe7Y.zW\x0f\x9d\x95\xc2\xc5\xd9\x9eC\x05\xa0\x95.\xa9DW\xa9\xfb\xa9\xaa\x1a\x868\x0e\xee\xe6\x8f%\x12\xa3\r\x01\xe1\xbb\x97M\x9a\x19\x16\x94D\xcdv\xeb\xefem?\xb3\xefzM#~a\x92\x0fO\xab', - "kt-mismatch-account-flag": True, - }, + } ], "validation-data": b64decode(validation_data), } diff --git a/ids/ids.proto b/ids/ids.proto index e4100a7..85ca672 100644 --- a/ids/ids.proto +++ b/ids/ids.proto @@ -1,4 +1,4 @@ -syntax = "proto3"; +syntax = "proto2"; // message InnerMessage { // required bytes message = 1; @@ -8,11 +8,17 @@ syntax = "proto3"; // } message KeyTransparencyLoggableData { - bytes ngmPublicIdentity = 1; - uint32 ngmVersion = 2; - uint32 ktVersion = 3; + optional bytes ngmPublicIdentity = 1; + optional uint32 ngmVersion = 2; + optional uint32 ktVersion = 3; } message NgmPublicIdentity { - bytes publicKey = 1; + optional bytes publicKey = 1; +} + +message PublicDevicePrekey { + required bytes prekey = 1; + required bytes prekeySignature = 2; + required double timestamp = 3; } \ No newline at end of file diff --git a/ids/ids_pb2.py b/ids/ids_pb2.py index 9477dfd..86eb038 100644 --- a/ids/ids_pb2.py +++ b/ids/ids_pb2.py @@ -13,7 +13,7 @@ _sym_db = _symbol_database.Default() -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\rids/ids.proto\"_\n\x1bKeyTransparencyLoggableData\x12\x19\n\x11ngmPublicIdentity\x18\x01 \x01(\x0c\x12\x12\n\nngmVersion\x18\x02 \x01(\r\x12\x11\n\tktVersion\x18\x03 \x01(\r\"&\n\x11NgmPublicIdentity\x12\x11\n\tpublicKey\x18\x01 \x01(\x0c\x62\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\rids/ids.proto\"_\n\x1bKeyTransparencyLoggableData\x12\x19\n\x11ngmPublicIdentity\x18\x01 \x01(\x0c\x12\x12\n\nngmVersion\x18\x02 \x01(\r\x12\x11\n\tktVersion\x18\x03 \x01(\r\"&\n\x11NgmPublicIdentity\x12\x11\n\tpublicKey\x18\x01 \x01(\x0c\"P\n\x12PublicDevicePrekey\x12\x0e\n\x06prekey\x18\x01 \x02(\x0c\x12\x17\n\x0fprekeySignature\x18\x02 \x02(\x0c\x12\x11\n\ttimestamp\x18\x03 \x02(\x01') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -25,4 +25,6 @@ if _descriptor._USE_C_DESCRIPTORS == False: _globals['_KEYTRANSPARENCYLOGGABLEDATA']._serialized_end=112 _globals['_NGMPUBLICIDENTITY']._serialized_start=114 _globals['_NGMPUBLICIDENTITY']._serialized_end=152 + _globals['_PUBLICDEVICEPREKEY']._serialized_start=154 + _globals['_PUBLICDEVICEPREKEY']._serialized_end=234 # @@protoc_insertion_point(module_scope) diff --git a/test.py b/test.py index 4bdc3c8..b5073a9 100644 --- a/test.py +++ b/test.py @@ -1,8 +1,33 @@ import ids from ids import encryption -test = "0a220a200d6cbecaf7e8b2896b181eb92c64f8e20abf8de145d6f354cbd99964d16d6beb100c180522450801124104e3e7592e7a570f9d95c2c5d99e4305a0952ea94457a9fba9aa1a86380eeee68f2512a30d01e1bb974d9a19169444cd76ebef656d3fb3ef7a4d237e61920f4fab" -test = bytes.fromhex(test) -encryption.parse_loggable_data(test) +from rich.logging import RichHandler +import logging +logging.basicConfig( + level=logging.NOTSET, format="%(message)s", datefmt="[%X]", handlers=[RichHandler()] +) -print(encryption.create_loggable_data()) \ No newline at end of file +# Set sane log levels +logging.getLogger("urllib3").setLevel(logging.WARNING) +logging.getLogger("py.warnings").setLevel(logging.ERROR) # Ignore warnings from urllib3 +logging.getLogger("asyncio").setLevel(logging.WARNING) +logging.getLogger("jelly").setLevel(logging.INFO) +logging.getLogger("nac").setLevel(logging.INFO) +logging.getLogger("apns").setLevel(logging.INFO) +logging.getLogger("albert").setLevel(logging.INFO) +logging.getLogger("ids").setLevel(logging.DEBUG) +logging.getLogger("bags").setLevel(logging.INFO) +logging.getLogger("imessage").setLevel(logging.INFO) + +logging.captureWarnings(True) + +test = "0a220a200d6cbecaf7e8b2896b181eb92c64f8e20abf8de145d6f354cbd99964d16d6beb100c180522450801124104e3e7592e7a570f9d95c2c5d99e4305a0952ea94457a9fba9aa1a86380eeee68f2512a30d01e1bb974d9a19169444cd76ebef656d3fb3ef7a4d237e61920f4fab" +test2 = b'\n"\n \rl\xbe\xca\xf7\xe8\xb2\x89k\x18\x1e\xb9,d\xf8\xe2\n\xbf\x8d\xe1E\xd6\xf3T\xcb\xd9\x99d\xd1mk\xeb\x10\x0c\x18\x05"E\x08\x01\x12A\x04\xe3\xe7Y.zW\x0f\x9d\x95\xc2\xc5\xd9\x9eC\x05\xa0\x95.\xa9DW\xa9\xfb\xa9\xaa\x1a\x868\x0e\xee\xe6\x8f%\x12\xa3\r\x01\xe1\xbb\x97M\x9a\x19\x16\x94D\xcdv\xeb\xefem?\xb3\xefzM#~a\x92\x0fO\xab' +print(test2.hex()) +test3 = b'\n"\n \xa0F\x01\xf7x]\xbb\x11<\x98y\xba\xd3<\xec\xa2s\x95\x02\xc4\x17\x95\xfc\x83!\x88\x96P\xa9\x01\xc2\x9c\x10\x0c\x18\x05' +test = bytes.fromhex(test) +#encryption.parse_loggable_data(test) +print(encryption.parse_loggable_data(test2)) +print(encryption.parse_loggable_data(test3)) + +print(encryption.create_loggable_data()[0]) \ No newline at end of file