Most of omemo is incorporated.
Had to take a slight detour to incorporate double ratchet.
srcrr-main-1 into main
Most of omemo is incorporated.
Had to take a slight detour to incorporate double ratchet.
I've tested double ratchet encryption.
I'm working on decryption. Obviously in order to test if encryption TRULY works the decryption needs to pass.
@ -0,0 +1 @@
1.20.7
What tool creates this file? Chances are we don't want to commit it; it might be worth adding to your global gitignore configuration.
I think that's added by goenv. I'll add it to gitignore.
I haven't heard of goenv before. It's not entirely clear to me what the benefit is since you can just install multiple versions of Go side-by-side and there's an officially supported method for doing so, but if it works for you it works I guess :)
I wouldn't add it to this projects gitignore, we don't want to pollute it with tons of random tools, but it might be a good idea to add it to your machines global gitignore or your account level gitignore.
General comments:
I left a few specific comments that need to be replicated over a lot of different types, then decided to move the last few here. I have not looked at any functionality or API stuff yet, I just wanted to go over general Go conventions and the like so that you wouldn't have to hit the "rename" button even more later :)
If any of it is hard to clean up in your IDE or if you're not familiar with the various Go tools for renaming and what not I can probably script it fairly quickly later and run it over the whole repo, so treat most all of this as "nit's" and just comments for later as much as anything.
lib/ tree, this is not how Go imports work. Right now this would be imported as, eg. "mellium.im/omemo/lib" and you'd use a method in this package by calling "lib.whatever" which isn't what we want. Just moving everything up to the root should be fine and is conventional for Go.This is really a lot of work you've done, wow!
@ -3,1 +3,4 @@
go 1.21
require (
github.com/go-goll/libsignal-protocol-go v0.0.0-20230314082019-7f076caffeb8
This dependency is somewhat problematic as it's GPLed, so we'll have to be very careful not to vendor it or redistribute it. I think it's okay to depend on it now for the purpose of development, but long term we'll have to evaluate it for security, maintenance, etc. (this is more a note to self than anything). It hasn't seen a commit in a while, and part of this project is having a fully open/maintained stack for OMEMO, so it may be that we have to replace this before we can call it complete. We can chat about it in the room more later though; it's fine for now, I just wanted to mention it as part of this quick initial first pass at a review.
@ -4,0 +4,4 @@
require (
github.com/go-goll/libsignal-protocol-go v0.0.0-20230314082019-7f076caffeb8
github.com/status-im/doubleratchet v3.0.0+incompatible
As previously discussed this appears abandoned. We'll need to decide what to do about it before calling this project done. No rush or anything, I just want this noted in the review.
Ah, whoops, thought I removed it!
Thanks, I'll take care of it.
@ -4,0 +9,4 @@
)
require (
aqwari.net/xml v0.0.0-20210331023308-d9421b293817 // indirect
Not strictly a review comment, I just wanted to say that I wasn't aware of this project and one of the tools in it may be very useful for reducing boilerplate later; nice!
@ -0,0 +7,4 @@
"math/rand"
)
typeOmemoSignedPkstruct{
Eventually this library will be named omemo (but see general comments). This means this (and other structs and methods) will be used by writing, eg. omemo.OmemoSignedPk which is redundant. We can remove the Omemo prefix since, unlike C et al, we already have a package name built in to the name of the type.
Also, Go convention is to keep acronyms in the same case so eg. this should actually be called SignedPK (or OMEMOSignedPK if we were keeping the current name).
@ -0,0 +78,4 @@
/*
Getarandomprekey
*/
This newline means the docs won't be rendered.
@ -0,0 +90,4 @@
returnbyteVal,nil
}
/*
Two quick comments on the docs:
// (this is a serious nit, we can fix it later, I just want to bring it up for future reference)@ -0,0 +13,4 @@
Payloadstring`xml:"payload"`
}
// Payload ...
I know this is a generated file, but if it provides a way to remove these comments or provide actual docs that would be ideal. If not, no worries, we can improve this later.
@ -0,0 +1 @@
packagebundle
This file appears to be empty and not doing anything; it can be removed :)
@ -0,0 +59,4 @@
/*
CalculatetheHkdf-Sha-256hash.
@paramkeyCryptokey
Java style docs won't be rendered and are unnecessary; if this was copied from somewhere else we need to review it for license compliance and make sure we mention that.
Not copied from somewhere else. I'll review proper golang doc style.
@ -0,0 +116,4 @@
/*
shamelesslyrippedfromhttps://gist.github.com/yingray/57fdc3264b1927ef0f984b533d63abab
*/
funcPKCS7Padding(ciphertext[]byte,blockSizeint,afterint)[]byte{
This sort of thing shouldn't be exported most likely, but we can do a full API review later. I'd also note that this looks pretty inefficient to me and I assume this is a fast-path function. That being said, this is also something we can improve later, so it may be that we just add a TODO comment that we should do this with simple slice manipulation and let the compiler handle it all for us. No worries either way, I'm just being nitpicky and leaving myself notes for later more than anything here.
@ -0,0 +1,67 @@
packaget
This package needs a more descriptive name, I have no idea what "t" is :) Just glancing at it it may suffer from "tiny package syndrome" and not require its own package too, but I haven't looked at functionality yet so I'm unsure.
It's typing or type. I was finding the different subpackages were running into circular imports so I created a separate type package to resolve this.
And since I'm using these types all over the place I'm lazy and didn't want to continue to type type, so figured t would be easier. But, yeah, it is ambiguous. I'll refactor it to type.
If this is the case chances are we need to do a refactor, not create a new package. This is normally an indicator that there's a structural problem that we need to resolve. Glancing at this package, I'm not sure most of these "generic" types are super useful, so we should probably just remove it, but let's talk about each individual type and why it's needed and see, then maybe we can find a better place for them to live that doesn't involve generic "utility" packages (util, misc, types, etc. generally speaking turn into dumping grounds later that are hard to navigate and work on).
@ -0,0 +1,72 @@
packagetestutils
This package should likely be in internal/testutils so that it can't be imported outside of this module
@ -0,0 +1,159 @@
packagemain
This package should be in internal/conster to start. Probably no need for the tooling directory, it will be clear that it's a command from the docs and from the package name (main).
General comments:
I left a few specific comments that need to be replicated over a lot of different types, then decided to move the last few here. I have not looked at any functionality or API stuff yet, I just wanted to go over general Go conventions and the like so that you wouldn't have to hit the "rename" button even more later :)
If any of it is hard to clean up in your IDE or if you're not familiar with the various Go tools for renaming and what not I can probably script it fairly quickly later and run it over the whole repo, so treat most all of this as "nit's" and just comments for later as much as anything.
- Everything needs to be moved out of the
lib/tree, this is not how Go imports work. Right now this would be imported as, eg. "mellium.im/omemo/lib" and you'd use a method in this package by calling "lib.whatever" which isn't what we want. Just moving everything up to the root should be fine and is conventional for Go.
-We should put the standard copyright/license text at the top of all files, making sure that the date is 2023 (codegen files excluded, of course)This is really a lot of work you've done, wow!
Thanks!
For projects I typically like to start with a "lib/" directory that houses most of the workhorse. So then the root project directory is more of a "front-end" that pulls from lib. I was eventually going to refactor it once I figured out what went where. Mind if I continue working this way? In other words, I knew full well that the current package import would be ".../lib", but I would refactor it so the final output definitely won't be imported as ".../lib"
@ -0,0 +6,4 @@
)
// Similar to Key, but cues us for a different type.
typeBytes[]byte
We should remove this type; most of the functionality is implemented in the bytes package. I can't provide a good rationale, but having a special type just to add methods instead of using Go's built in functions and slice manipulation feels wrong to me and I suspect it's going to cause problems later.
@ -0,0 +51,4 @@
typeInitVector[16]byte
funcbStr(b[]byte)string{
returnhex.EncodeToString(b)
This function is being re-defined under a different name and should be inlined.
Mind if I continue working this way? In other words, I knew full well that the current package import would be ".../lib", but I would refactor it so the final output definitely won't be imported as ".../lib"
I suppose this is fine, but it seems unnecessary and confusing. If someone else needs to merge something or make a PR, things will just be difficult to refactor and it will pollute the history when we eventually move it. I don't see why we wouldn't just work following Go conventions out of the door. That being said, since chances are you're the only one working on this particular repo for now and this can all be squashed into a single commit before being merged to main, I guess it's not my place to tell you how to work.
That being said, I worry about having one giant commit at the end and how this isn't being split into smaller chunks of work. Going against the grain and ignoring Go convention makes it hard to merge in individual parts.
@ -0,0 +46,4 @@
returnappend(b,bytes...)
}
typeKdfEncryptionKey[32]byte
nit: these should be KDFEncryptionKey and KDFAuthKey per Go's naming conventions.
@ -0,0 +1,18 @@
# Binaries for programs and plugins
nit: none of this is project specific, it should all be in your system or user level gitignore file. Let's not include it here; I mean, these types of files definitely shouldn't be committed, but we don't want to maintain a giant list of every possible filetype in every repo.
.out and .test make sense since they're more specific to this project (or to Go projects specifically).
Gotcha.
When I start a project I basically like to copy the gitignore language-specific files from https://github.com/github/gitignore/ (saves on brain power), but I'll remove them.
Yah, I don't really like their habit of polluting random repos with files that obviously shouldn't be there globally; not the end of the world though. Thanks!
Hello,
I do not mean to pressure or anything, but I was interested in having support for OMEMO and would like to know if there is still momentum on this.
Thanks for everyone's work here!
Sorry, no one is working on this at the moment as far as I know.
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?