elsehow / signal-protocol Goto Github PK

I like to add Signal protocol into my react native project. Is this library can use for this. If it can't, Is there any alternative available?

If I npm install signal-protcol for my app, and require it in my browser bundle, I get

Users/ffff/empty-browser-module/node_modules/node-webcrypto-ossl/build/Release/nodessl.node:1
����
   ����__TEXT __text__TEXT�
                           �g�
                              �__stubs__TEXT�s>��__stub_helper__TEXT�w��w�__const__TEXT�~/�~__gcc_except_tab__TEXT��I�__cstring__TEXT����__unwind_info__TEXT���	��__eh_frame__TEXTH��EH�(__DATA    __got__DATA  �__nl_symbol_ptr__DATA!!�__la_symbol_ptr__DATA !� !�__mod_init_func__DATA��&	__const__DATA�&�&__data__DATA@/`@/H__LINKEDIT@�@��"�0@xx@ �B��EH��&��
^
ParseError: Unexpected character '�'

As it says in the README, I would now need to configure my bundler to exclude/ignore ./node_modules/signal-protocol/src/node_polyfills.js.

This is really not the friendliest solution. How can we work around this? How have other modules worked around this issue?

I haven't check the rest but at first try I already received issue on mishandled preKeys because of this discrepancy...hope to be fixed sooner...thanks
@SessionBuilder.js
original

current code

Hi there, I'm running into the following error when initiating a session using the signal-protocol:

TypeError: Cannot read property 'privKey' of undefined
    at SessionBuilder.<anonymous> (/Users/admin/projects/realtimelaw/node_modules/signal-protocol/src/SessionBuilder.js:147:66)
    at process._tickCallback (internal/process/next_tick.js:103:7)

Here's the relevant section of my code:

// START Building a Session
    var address = new signal.SignalProtocolAddress('test', 0);

    // Instantiate a SessionBuilder for a remote recipientId + deviceId tuple.
    var sessionBuilder = new signal.SessionBuilder(store, address);

    // Process a prekey fetched from the server. Returns a promise that resolves
    // once a session is created and saved in the store, or rejects if the
    // identityKey differs from a previously seen identity for this address.
    store.loadIdentityKey(defaultEndpoint.registrationId).then(function(identityKey) {
      store.loadSignedPreKey(defaultEndpoint.registrationId).then(function(signedPreKey) {
        store.loadPreKey(defaultEndpoint.registrationId).then(function(preKey) {
          var signature = str2ab(defaultEndpoint.signature);
          console.log(signature)
          var promise = sessionBuilder.processPreKey({
              registrationId: defaultEndpoint.registrationId,
              identityKey: identityKey.pubKey,
              signedPreKey: {
                  keyId     : defaultEndpoint.registrationId,
                  publicKey : signedPreKey.pubKey,
                  signature : signature
              },
              preKey: {
                  keyId     : defaultEndpoint.registrationId,
                  publicKey : preKey.pubKey
              }
          });
          promise.then(function onsuccess() {
            console.log('success');
            // encrypt messages
            var plaintext = "Hello world";
            var sessionCipher = new signal.SessionCipher(store, address);
            sessionCipher.encrypt(plaintext).then(function(ciphertext) {
                // ciphertext -> { type: <Number>, body: <string> }
                handle(ciphertext.type, ciphertext.body);
            });
          });

          promise.catch(function onerror(error) {
            console.log(error);
            // handle identity key conflict
          });
        });
      });
    })

Any tips?

{"pubKey":{},"privKey":{}}

Using window.crypto is not safe unless we have assurances about the browser environment. The following exploit could be exploited by a plugin, or script, that has access to the browser window in which libsignal is running.

Steps to reproduce.

1. Come up with a bogus myFakeGetRandomBytes(typedArray) method that generates non-random stuff.

2. window.crypto.getRandomBytes = myFakeGetRandomBytes

3. Import signal as normal.

Conclusion

I believe this exploit speaks to the absolute necessity of keeping the browser environment isolated from normal userland browser, which is probably a madhouse of unsafe code running, reading the page, etc. If you must run the signal protocol in-browser, run it in Electron, or as a Chrome app (Signal Desktop currently does the latter).

In the future, we may think about moving toward emscripten-compiled dependencies for cryptographic primitives. At the end of the day, window.crypto can be absolutely anything. If we can bundle all primitives with the rest of the application code, we can verify the integrity of that one JS bundle, e.g. with subresource integrity.

When I execute the installation command
npm install signal-protocol
it gives me the following result:

[email protected] install C:\xampp\htdocs\chat\node_modules\node-webc
rypto-ossl
node-gyp rebuild

C:\xampp\htdocs\chat\node_modules\node-webcrypto-ossl>if not defined npm_config_
node_gyp (node "C:\Program Files\nodejs\node_modules\npm\bin\node-gyp-bin\....
\node_modules\node-gyp\bin\node-gyp.js" rebuild ) else (node "" rebuild )
Building the projects in this solution one at a time. To enable parallel build,
please add the "/m" switch.
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.Cpp.InvalidPlatform
.Targets(23,7): error MSB8007: La plataforma del proyecto 'nodessl.vcxproj' no
es válida. Plataforma='x64'. Este mensaje puede aparecer porque está intentando
compilar un proyecto sin un archivo de solución y ha especificado una platafor
ma distinta de la predeterminada que no existe para dicho proyecto. [C:\xampp\h
tdocs\chat\node_modules\node-webcrypto-ossl\build\nodessl.vcxproj]
gyp ERR! build error
gyp ERR! stack Error: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe failed with exit code: 1
gyp ERR! stack at ChildProcess.onExit (C:\Program Files\nodejs\node_modules
npm\node_modules\node-gyp\lib\build.js:276:23)
gyp ERR! stack at emitTwo (events.js:106:13)
gyp ERR! stack at ChildProcess.emit (events.js:191:7)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_proces
s.js:215:12)
gyp ERR! System Windows_NT 6.1.7601
gyp ERR! command "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodej
s\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd C:\xampp\htdocs\chat\node_modules\node-webcrypto-ossl
gyp ERR! node -v v6.10.3
gyp ERR! node-gyp -v v3.4.0
gyp ERR! not ok
npm ERR! Windows_NT 6.1.7601
npm ERR! argv "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\
node_modules\npm\bin\npm-cli.js" "install" "signal-protocol"
npm ERR! node v6.10.3
npm ERR! npm v3.10.10
npm ERR! code ELIFECYCLE

npm ERR! [email protected] install: node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script 'node-gyp rebui
ld'.
npm ERR! Make sure you have the latest version of node.js and npm installed.
npm ERR! If you do, this is most likely a problem with the node-webcrypto-ossl p
ackage,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR! node-gyp rebuild
npm ERR! You can get information on how to open an issue for this project with:
npm ERR! npm bugs node-webcrypto-ossl
npm ERR! Or if that isn't available, you can get their info via:
npm ERR! npm owner ls node-webcrypto-ossl
npm ERR! There is likely additional logging output above.

npm ERR! Please include the following file with any support request:
npm ERR! C:\xampp\htdocs\chat\npm-debug.log

C:\xampp\htdocs\chat>npm install node-gyp rebuild
npm WARN prefer global [email protected] should be installed with -g
[email protected] C:\xampp\htdocs\chat
+-- [email protected]
-- [email protected] -- [email protected]
`-- [email protected]

I would like to know if you can help me with the problem
Thank you very much

There are a few places where we console.log informative messages, resulting in a console with messages like:

New remote ephemeral key
Duplicate PreKeyMessage for session
Duplicate PreKeyMessage for session

I think each of these messages should get emitted over some emitter returned by the highest-level entity that makes sense (sessionCiphers come to mind).

pre i'm working on dva2.x.
as follow the guide , npm install signal-protocol

i got a error:
./node_modules/signal-protocol/build/dcodeIO.js
Module not found: /Users/eatwood/Desktop/workspace/web_version/node_modules/Long/dist/long.js does not match the corresponding path on disk long.

and I found the module Long exist

See PeculiarVentures/node-webcrypto-ossl#79

Apparently, a PreKeyBundle does not need to contain a one-time PreKey. (See the X3DH spec, 3.3 and 4.2 especially).

Including a PreKey in the bundle is certainly recommended. However, if the key server runs out of PreKeys for Bob, with PreKeys being optional, Bob can still be reachable by others trying to start sessions with him.

Hello,

I am using signal-protocol in my express project. The issue that I am facing is that the generateIdentityKeyPair() method returns identity key pair (pubKey, privKey) in form of an array buffer which is fine.
But i need to store them somewhere on client end and I want to convert them to string format (base64)
but when i try to do so, i get non-readable ascii characters like this : ♣X�WQ�]�J�dF�♦�l-w>̪���g>���U�!
I have tried ab2str and a few similar methods to convert them into proper keys but still no luck.
Any guidance would be highly appreciated. Thanks

Hey, I feel a little stupid but I can't understand where store comes from?