8
2
Fork
You've already forked omemo
1

srcrr-main-1 #1

Closed
srcrr wants to merge 26 commits from srcrr-main-1 into main
pull from: srcrr-main-1
merge into: mellium:main
mellium:main
mellium:sam_omemo_cleanup
mellium:omemo-slickerius
Member
Copy link

Most of omemo is incorporated.

Had to take a slight detour to incorporate double ratchet.

Most of omemo is incorporated. Had to take a slight detour to incorporate double ratchet.
initial commit. close to getting OmemoBundle struct figured out.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
908cf0485f
signed prekey can be set/get.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
e5b6b40cd4
test import and fix prekeysnode unmarshal.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
eeb8173036
decryption results in empty string.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
112f31f175
work on finding which key to use.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
113e0f45f8
add protobuf structs. can bundle & extract omemo message.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
3544af77af
set up alice and bob for encryption test.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
bf679a8995
integrating signal more into encryption/decryption.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
602bd03e3a
start to incorporate double ratchet.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
0d2d0142b0
work more on ratchet.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
ci/woodpecker/pr/dco Pipeline failed
5f5cc93d37
build more of double ratchet.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
ci/woodpecker/pr/dco Pipeline failed
2caf92b864
working on doubleratchet decryption.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
ci/woodpecker/pr/dco Pipeline failed
41a796befa
Author
Member
Copy link

I've tested double ratchet encryption.

I'm working on decryption. Obviously in order to test if encryption TRULY works the decryption needs to pass.

I've tested double ratchet encryption. I'm working on decryption. Obviously in order to test if encryption TRULY works the decryption needs to pass.
@ -0,0 +1 @@
1.20.7

What tool creates this file? Chances are we don't want to commit it; it might be worth adding to your global gitignore configuration.

What tool creates this file? Chances are we don't want to commit it; it might be worth adding to your global gitignore configuration.
Author
Member
Copy link

I think that's added by goenv. I'll add it to gitignore.

I think that's added by goenv. I'll add it to gitignore.

I haven't heard of goenv before. It's not entirely clear to me what the benefit is since you can just install multiple versions of Go side-by-side and there's an officially supported method for doing so, but if it works for you it works I guess :)

I wouldn't add it to this projects gitignore, we don't want to pollute it with tons of random tools, but it might be a good idea to add it to your machines global gitignore or your account level gitignore.

I haven't heard of `goenv` before. It's not entirely clear to me what the benefit is since you can just install multiple versions of Go side-by-side and there's an officially supported method for doing so, but if it works for you it works I guess :) I wouldn't add it to this projects gitignore, we don't want to pollute it with tons of random tools, but it might be a good idea to add it to your machines global gitignore or your account level gitignore.
SamWhited marked this conversation as resolved
SamWhited left a comment
Copy link

General comments:

I left a few specific comments that need to be replicated over a lot of different types, then decided to move the last few here. I have not looked at any functionality or API stuff yet, I just wanted to go over general Go conventions and the like so that you wouldn't have to hit the "rename" button even more later :)
If any of it is hard to clean up in your IDE or if you're not familiar with the various Go tools for renaming and what not I can probably script it fairly quickly later and run it over the whole repo, so treat most all of this as "nit's" and just comments for later as much as anything.

  • Everything needs to be moved out of the lib/ tree, this is not how Go imports work. Right now this would be imported as, eg. "mellium.im/omemo/lib" and you'd use a method in this package by calling "lib.whatever" which isn't what we want. Just moving everything up to the root should be fine and is conventional for Go.
    -We should put the standard copyright/license text at the top of all files, making sure that the date is 2023 (codegen files excluded, of course)

This is really a lot of work you've done, wow!

General comments: I left a few specific comments that need to be replicated over a lot of different types, then decided to move the last few here. I have not looked at any functionality or API stuff yet, I just wanted to go over general Go conventions and the like so that you wouldn't have to hit the "rename" button even more later :) If any of it is hard to clean up in your IDE or if you're not familiar with the various Go tools for renaming and what not I can probably script it fairly quickly later and run it over the whole repo, so treat most all of this as "nit's" and just comments for later as much as anything. - Everything needs to be moved out of the `lib/` tree, this is not how Go imports work. Right now this would be imported as, eg. "mellium.im/omemo/lib" and you'd use a method in this package by calling "lib.whatever" which isn't what we want. Just moving everything up to the root should be fine and is conventional for Go. -We should put the standard copyright/license text at the top of all files, making sure that the date is 2023 (codegen files excluded, of course) This is really a lot of work you've done, wow!
@ -3,1 +3,4 @@
go 1.21
require (
github.com/go-goll/libsignal-protocol-go v0.0.0-20230314082019-7f076caffeb8

This dependency is somewhat problematic as it's GPLed, so we'll have to be very careful not to vendor it or redistribute it. I think it's okay to depend on it now for the purpose of development, but long term we'll have to evaluate it for security, maintenance, etc. (this is more a note to self than anything). It hasn't seen a commit in a while, and part of this project is having a fully open/maintained stack for OMEMO, so it may be that we have to replace this before we can call it complete. We can chat about it in the room more later though; it's fine for now, I just wanted to mention it as part of this quick initial first pass at a review.

This dependency is somewhat problematic as it's GPLed, so we'll have to be very careful not to vendor it or redistribute it. I think it's okay to depend on it now for the purpose of development, but long term we'll have to evaluate it for security, maintenance, etc. (this is more a note to self than anything). It hasn't seen a commit in a while, and part of this project is having a fully open/maintained stack for OMEMO, so it may be that we have to replace this before we can call it complete. We can chat about it in the room more later though; it's fine for now, I just wanted to mention it as part of this quick initial first pass at a review.
go.mod Outdated
@ -4,0 +4,4 @@
require (
github.com/go-goll/libsignal-protocol-go v0.0.0-20230314082019-7f076caffeb8
github.com/status-im/doubleratchet v3.0.0+incompatible

As previously discussed this appears abandoned. We'll need to decide what to do about it before calling this project done. No rush or anything, I just want this noted in the review.

As previously discussed this appears abandoned. We'll need to decide what to do about it before calling this project done. No rush or anything, I just want this noted in the review.
Author
Member
Copy link

Ah, whoops, thought I removed it!

Thanks, I'll take care of it.

Ah, whoops, thought I removed it! Thanks, I'll take care of it.
go.mod Outdated
@ -4,0 +9,4 @@
)
require (
aqwari.net/xml v0.0.0-20210331023308-d9421b293817 // indirect

Not strictly a review comment, I just wanted to say that I wasn't aware of this project and one of the tools in it may be very useful for reducing boilerplate later; nice!

Not strictly a review comment, I just wanted to say that I wasn't aware of this project and one of the tools in it may be very useful for reducing boilerplate later; nice!
lib/bundle.go Outdated
@ -0,0 +7,4 @@
"math/rand"
)
typeOmemoSignedPkstruct{

Eventually this library will be named omemo (but see general comments). This means this (and other structs and methods) will be used by writing, eg. omemo.OmemoSignedPk which is redundant. We can remove the Omemo prefix since, unlike C et al, we already have a package name built in to the name of the type.

Also, Go convention is to keep acronyms in the same case so eg. this should actually be called SignedPK (or OMEMOSignedPK if we were keeping the current name).

Eventually this library will be named `omemo` (but see general comments). This means this (and other structs and methods) will be used by writing, eg. `omemo.OmemoSignedPk` which is redundant. We can remove the `Omemo` prefix since, unlike C et al, we already have a package name built in to the name of the type. Also, Go convention is to keep acronyms in the same case so eg. this should actually be called `SignedPK` (or `OMEMOSignedPK` if we were keeping the current name).
lib/bundle.go Outdated
@ -0,0 +78,4 @@
/*
Getarandomprekey
*/

This newline means the docs won't be rendered.

This newline means the docs won't be rendered.
lib/bundle.go Outdated
@ -0,0 +90,4 @@
returnbyteVal,nil
}
/*

Two quick comments on the docs:

  • Convention is for us to use line beginning comments, eg. // (this is a serious nit, we can fix it later, I just want to bring it up for future reference)
  • More importantly, comments should always start with the name of the thing being commented on. Eg. "ImportBundle marshals XML into a bundle" or something along those lines. This means that when you grep for the identifier in the command line style docs you find the beginning of the doc string first which makes things much nicer to look up.
Two quick comments on the docs: - Convention is for us to use line beginning comments, eg. `//` (this is a serious nit, we can fix it later, I just want to bring it up for future reference) - More importantly, comments should always start with the name of the thing being commented on. Eg. "ImportBundle marshals XML into a bundle" or something along those lines. This means that when you grep for the identifier in the command line style docs you find the beginning of the doc string first which makes things much nicer to look up.
@ -0,0 +13,4 @@
Payloadstring`xml:"payload"`
}
// Payload ...

I know this is a generated file, but if it provides a way to remove these comments or provide actual docs that would be ideal. If not, no worries, we can improve this later.

I know this is a generated file, but if it provides a way to remove these comments or provide actual docs that would be ideal. If not, no worries, we can improve this later.
lib/bundle/pk.go Outdated
@ -0,0 +1 @@
packagebundle

This file appears to be empty and not doing anything; it can be removed :)

This file appears to be empty and not doing anything; it can be removed :)
lib/crypto.go Outdated
@ -0,0 +59,4 @@
/*
CalculatetheHkdf-Sha-256hash.
@paramkeyCryptokey

Java style docs won't be rendered and are unnecessary; if this was copied from somewhere else we need to review it for license compliance and make sure we mention that.

Java style docs won't be rendered and are unnecessary; if this was copied from somewhere else we need to review it for license compliance and make sure we mention that.
Author
Member
Copy link

Not copied from somewhere else. I'll review proper golang doc style.

Not copied from somewhere else. I'll review proper golang doc style.
lib/crypto.go Outdated
@ -0,0 +116,4 @@
/*
shamelesslyrippedfromhttps://gist.github.com/yingray/57fdc3264b1927ef0f984b533d63abab
*/
funcPKCS7Padding(ciphertext[]byte,blockSizeint,afterint)[]byte{

This sort of thing shouldn't be exported most likely, but we can do a full API review later. I'd also note that this looks pretty inefficient to me and I assume this is a fast-path function. That being said, this is also something we can improve later, so it may be that we just add a TODO comment that we should do this with simple slice manipulation and let the compiler handle it all for us. No worries either way, I'm just being nitpicky and leaving myself notes for later more than anything here.

This sort of thing shouldn't be exported most likely, but we can do a full API review later. I'd also note that this looks pretty inefficient to me and I assume this is a fast-path function. That being said, this is also something we can improve later, so it may be that we just add a TODO comment that we should do this with simple slice manipulation and let the compiler handle it all for us. No worries either way, I'm just being nitpicky and leaving myself notes for later more than anything here.
lib/t/bytes.go Outdated
@ -0,0 +1,67 @@
packaget

This package needs a more descriptive name, I have no idea what "t" is :) Just glancing at it it may suffer from "tiny package syndrome" and not require its own package too, but I haven't looked at functionality yet so I'm unsure.

This package needs a more descriptive name, I have no idea what "t" is :) Just glancing at it it may suffer from "tiny package syndrome" and not require its own package too, but I haven't looked at functionality yet so I'm unsure.
Author
Member
Copy link

It's typing or type. I was finding the different subpackages were running into circular imports so I created a separate type package to resolve this.

And since I'm using these types all over the place I'm lazy and didn't want to continue to type type, so figured t would be easier. But, yeah, it is ambiguous. I'll refactor it to type.

It's `typing` or `type`. I was finding the different subpackages were running into circular imports so I created a separate `type` package to resolve this. And since I'm using these types all over the place I'm lazy and didn't want to continue to type `type`, so figured `t` would be easier. But, yeah, it is ambiguous. I'll refactor it to `type`.

If this is the case chances are we need to do a refactor, not create a new package. This is normally an indicator that there's a structural problem that we need to resolve. Glancing at this package, I'm not sure most of these "generic" types are super useful, so we should probably just remove it, but let's talk about each individual type and why it's needed and see, then maybe we can find a better place for them to live that doesn't involve generic "utility" packages (util, misc, types, etc. generally speaking turn into dumping grounds later that are hard to navigate and work on).

If this is the case chances are we need to do a refactor, not create a new package. This is normally an indicator that there's a structural problem that we need to resolve. Glancing at this package, I'm not sure most of these "generic" types are super useful, so we should probably just remove it, but let's talk about each individual type and why it's needed and see, then maybe we can find a better place for them to live that doesn't involve generic "utility" packages (util, misc, types, etc. generally speaking turn into dumping grounds later that are hard to navigate and work on).
@ -0,0 +1,72 @@
packagetestutils

This package should likely be in internal/testutils so that it can't be imported outside of this module

This package should likely be in `internal/testutils` so that it can't be imported outside of this module
@ -0,0 +1,159 @@
packagemain

This package should be in internal/conster to start. Probably no need for the tooling directory, it will be clear that it's a command from the docs and from the package name (main).

This package should be in `internal/conster` to start. Probably no need for the `tooling` directory, it will be clear that it's a command from the docs and from the package name (`main`).
Author
Member
Copy link

General comments:

I left a few specific comments that need to be replicated over a lot of different types, then decided to move the last few here. I have not looked at any functionality or API stuff yet, I just wanted to go over general Go conventions and the like so that you wouldn't have to hit the "rename" button even more later :)
If any of it is hard to clean up in your IDE or if you're not familiar with the various Go tools for renaming and what not I can probably script it fairly quickly later and run it over the whole repo, so treat most all of this as "nit's" and just comments for later as much as anything.

  • Everything needs to be moved out of the lib/ tree, this is not how Go imports work. Right now this would be imported as, eg. "mellium.im/omemo/lib" and you'd use a method in this package by calling "lib.whatever" which isn't what we want. Just moving everything up to the root should be fine and is conventional for Go.
    -We should put the standard copyright/license text at the top of all files, making sure that the date is 2023 (codegen files excluded, of course)

This is really a lot of work you've done, wow!

Thanks!

For projects I typically like to start with a "lib/" directory that houses most of the workhorse. So then the root project directory is more of a "front-end" that pulls from lib. I was eventually going to refactor it once I figured out what went where. Mind if I continue working this way? In other words, I knew full well that the current package import would be ".../lib", but I would refactor it so the final output definitely won't be imported as ".../lib"

> General comments: > > I left a few specific comments that need to be replicated over a lot of different types, then decided to move the last few here. I have not looked at any functionality or API stuff yet, I just wanted to go over general Go conventions and the like so that you wouldn't have to hit the "rename" button even more later :) > If any of it is hard to clean up in your IDE or if you're not familiar with the various Go tools for renaming and what not I can probably script it fairly quickly later and run it over the whole repo, so treat most all of this as "nit's" and just comments for later as much as anything. > > - Everything needs to be moved out of the `lib/` tree, this is not how Go imports work. Right now this would be imported as, eg. "mellium.im/omemo/lib" and you'd use a method in this package by calling "lib.whatever" which isn't what we want. Just moving everything up to the root should be fine and is conventional for Go. > -We should put the standard copyright/license text at the top of all files, making sure that the date is 2023 (codegen files excluded, of course) > > This is really a lot of work you've done, wow! Thanks! For projects I typically like to start with a "lib/" directory that houses most of the workhorse. So then the root project directory is more of a "front-end" that pulls from lib. I was eventually going to refactor it once I figured out what went where. Mind if I continue working this way? In other words, I knew full well that the current package import would be ".../lib", but I would refactor it so the final output definitely won't be imported as ".../lib"
lib/t/bytes.go Outdated
@ -0,0 +6,4 @@
)
// Similar to Key, but cues us for a different type.
typeBytes[]byte

We should remove this type; most of the functionality is implemented in the bytes package. I can't provide a good rationale, but having a special type just to add methods instead of using Go's built in functions and slice manipulation feels wrong to me and I suspect it's going to cause problems later.

We should remove this type; most of the functionality is implemented in the `bytes` package. I can't provide a good rationale, but having a special type just to add methods instead of using Go's built in functions and slice manipulation feels wrong to me and I suspect it's going to cause problems later.
lib/t/bytes.go Outdated
@ -0,0 +51,4 @@
typeInitVector[16]byte
funcbStr(b[]byte)string{
returnhex.EncodeToString(b)

This function is being re-defined under a different name and should be inlined.

This function is being re-defined under a different name and should be inlined.

Mind if I continue working this way? In other words, I knew full well that the current package import would be ".../lib", but I would refactor it so the final output definitely won't be imported as ".../lib"

I suppose this is fine, but it seems unnecessary and confusing. If someone else needs to merge something or make a PR, things will just be difficult to refactor and it will pollute the history when we eventually move it. I don't see why we wouldn't just work following Go conventions out of the door. That being said, since chances are you're the only one working on this particular repo for now and this can all be squashed into a single commit before being merged to main, I guess it's not my place to tell you how to work.

That being said, I worry about having one giant commit at the end and how this isn't being split into smaller chunks of work. Going against the grain and ignoring Go convention makes it hard to merge in individual parts.

> Mind if I continue working this way? In other words, I knew full well that the current package import would be ".../lib", but I would refactor it so the final output definitely won't be imported as ".../lib" I suppose this is fine, but it seems unnecessary and confusing. If someone else needs to merge something or make a PR, things will just be difficult to refactor and it will pollute the history when we eventually move it. I don't see why we wouldn't just work following Go conventions out of the door. That being said, since chances are you're the only one working on this particular repo for now and this can all be squashed into a single commit before being merged to main, I guess it's not my place to tell you how to work. That being said, I worry about having one giant commit at the end and how this isn't being split into smaller chunks of work. Going against the grain and ignoring Go convention makes it hard to merge in individual parts.
lib/t/bytes.go Outdated
@ -0,0 +46,4 @@
returnappend(b,bytes...)
}
typeKdfEncryptionKey[32]byte

nit: these should be KDFEncryptionKey and KDFAuthKey per Go's naming conventions.

nit: these should be `KDFEncryptionKey` and `KDFAuthKey` per Go's naming conventions.
@ -0,0 +1,18 @@
# Binaries for programs and plugins

nit: none of this is project specific, it should all be in your system or user level gitignore file. Let's not include it here; I mean, these types of files definitely shouldn't be committed, but we don't want to maintain a giant list of every possible filetype in every repo.

.out and .test make sense since they're more specific to this project (or to Go projects specifically).

nit: none of this is project specific, it should all be in your system or user level gitignore file. Let's not include it here; I mean, these types of files definitely shouldn't be committed, but we don't want to maintain a giant list of every possible filetype in every repo. `.out` and `.test` make sense since they're more specific to this project (or to Go projects specifically).
Author
Member
Copy link

Gotcha.

When I start a project I basically like to copy the gitignore language-specific files from https://github.com/github/gitignore/ (saves on brain power), but I'll remove them.

Gotcha. When I start a project I basically like to copy the gitignore language-specific files from https://github.com/github/gitignore/ (saves on brain power), but I'll remove them.

Yah, I don't really like their habit of polluting random repos with files that obviously shouldn't be there globally; not the end of the world though. Thanks!

Yah, I don't really like their habit of polluting random repos with files that obviously shouldn't be there globally; not the end of the world though. Thanks!
SamWhited marked this conversation as resolved
add kex proto. clean up byte functionality for decryption. TODO: fix ratchet decrypt.
Some checks failed
ci/woodpecker/pr/dco Pipeline failed
ci/woodpecker/push/dco Pipeline failed
66f1dc02eb
fix ad/header catting/uncatting.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
ci/woodpecker/pr/dco Pipeline failed
ceb72818d5
added specific cipher hmac test.
Some checks failed
ci/woodpecker/push/dco Pipeline failed
ci/woodpecker/pr/dco Pipeline failed
d943b3b2f0
First-time contributor
Copy link

Hello,

I do not mean to pressure or anything, but I was interested in having support for OMEMO and would like to know if there is still momentum on this.

Thanks for everyone's work here!

Hello, I do not mean to pressure or anything, but I was interested in having support for OMEMO and would like to know if there is still momentum on this. Thanks for everyone's work here!

Sorry, no one is working on this at the moment as far as I know.

Sorry, no one is working on this at the moment as far as I know.
SamWhited closed this pull request 2025年02月10日 00:07:32 +01:00
Some checks failed
ci/woodpecker/push/dco Pipeline failed
Required
Details
ci/woodpecker/pr/dco Pipeline failed

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
No reviewers
Labels
Clear labels
bug
Something is not working
contribution welcome
Contributions are very welcome, get started here
duplicate
This issue or pull request already exists
enhancement
New feature
good first issue
Interested in contributing? Get started here.
help wanted
Need some help
invalid
Something is wrong
question
More information is needed
upstream
Related to an upstream repository, already reported there
Good First Issue
This issue is a good starting place for a developer wanting to make an initial contribution to the project.
Kind: Breaking
Kind: Bug
Kind: Documentation
Kind: Enhancement
Kind: Feature
Kind: Maintenance
Kind: Question
Kind: Security
Kind: Testing
Priority: Critical
The priority is critical
Priority: High
The priority is high
Priority: Low
The priority is low
Priority: Medium
The priority is medium
Reviewed: Confirmed
Something has been confirmed
Reviewed: Duplicate
Something exists already
Reviewed: Invalid
Something was marked as invalid
Status: Blocked
Status: Completed
Work is complete
Status: Help wanted
Status: In progress
Work is in progress
Status: Needs feedback
Feedback is needed
Status: Stale
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
mellium/omemo!1
Reference in a new issue
mellium/omemo
No description provided.
Delete branch "srcrr-main-1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?