now joins MLS group in both flows

Author: braindigitalis

include/dpp/discordvoiceclient.h

@@ -175,7 +175,30 @@ struct dave_binary_header_t {
 	 */
 	uint8_t package[];
 
-	std::vector<uint8_t> get_data(size_t length) const;
+	/**
+	 * Get the data package from the packed binary frame, as a vector of uint8_t
+	 * for use in the libdave functions
+	 *
+	 * @param length Length of the data, use the websocket frame size here
+	 * @return data blob
+	 */
+	[[nodiscard]] std::vector<uint8_t> get_data(size_t length) const;
+
+	/**
+	 * Get the data package from the packed binary frame for ProcessWelcome,
+	 * as a vector of uint8_t for use in the libdave functions.
+	 *
+	 * @param length Length of the data, use the websocket frame size here
+	 * @return data blob
+	 */
+	[[nodiscard]] std::vector<uint8_t> get_welcome_data(size_t length) const;
+
+	/**
+	 * Get transition ID for ProcessWelcome
+	 *
+	 * @return Transition ID
+	 */
+	[[nodiscard]] uint16_t get_welcome_transition_id() const;
 };
 #pragma pack(pop)
 

src/dpp/dave/persisted_key_pair.cpp

@@ -38,7 +38,6 @@ static std::shared_ptr<::mlspp::SignaturePrivateKey> GetPersistedKeyPair(
     std::string id = MakeKeyID(sessionID, suite);
 
     if (auto it = map.find(id); it != map.end()) {
-	    std::cout << "5\n";
         return it->second;
     }
 

src/dpp/dave/persisted_key_pair_generic.cpp

@@ -68,8 +68,6 @@ std::shared_ptr<::mlspp::SignaturePrivateKey> GetGenericPersistedKeyPair(KeyPair
     std::string curstr;
     std::filesystem::path dir = GetKeyStorageDirectory();
 
-    std::cout << "KSD: " << dir << "\n";
-
     if (dir.empty()) {
         DISCORD_LOG(LS_ERROR) << "Failed to determine key storage directory in GetPersistedKeyPair";
         return nullptr;
@@ -85,8 +83,6 @@ std::shared_ptr<::mlspp::SignaturePrivateKey> GetGenericPersistedKeyPair(KeyPair
 
     std::filesystem::path file = dir / (id + ".key");
 
-    std::cout << "FILE: " << file << "\n";
-
     if (std::filesystem::exists(file)) {
         std::ifstream ifs(file, std::ios_base::in | std::ios_base::binary);
         if (!ifs) {
@@ -102,8 +98,6 @@ std::shared_ptr<::mlspp::SignaturePrivateKey> GetGenericPersistedKeyPair(KeyPair
             return nullptr;
         }
 
-	std::cout << "CURSTR: " << curstr << "\n";
-
         try {
             ret = ::mlspp::SignaturePrivateKey::from_jwk(suite, curstr);
         }
@@ -113,16 +107,13 @@ std::shared_ptr<::mlspp::SignaturePrivateKey> GetGenericPersistedKeyPair(KeyPair
         }
     }
     else {
-	    std::cout << "GEN NEW\n";
         ret = ::mlspp::SignaturePrivateKey::generate(suite);
 
         std::string newstr = ret.to_jwk(suite);
 
         std::filesystem::path tmpfile = file;
         tmpfile += ".tmp";
 
-	std::cout << "TMPFILE " << tmpfile << "\n";
-
 #ifdef _WIN32
         int fd = _wopen(tmpfile.c_str(), _O_WRONLY | _O_CREAT | _O_TRUNC, _S_IREAD | _S_IWRITE);
 #else

src/dpp/dave/session.cpp

@@ -332,57 +332,37 @@ try {
     DISCORD_LOG(LS_INFO) << "Processing commit";
     DISCORD_LOG(LS_INFO) << "Commit: " << ::mlspp::bytes_ns::bytes(commit);
 
-    std::cout << "1\n";
-
     auto commitMessage = ::mlspp::tls::get<::mlspp::MLSMessage>(commit);
 
-	std::cout << "2\n";
-
     if (!CanProcessCommit(commitMessage)) {
         DISCORD_LOG(LS_ERROR) << "ProcessCommit called with unprocessable MLS commit";
         return ignored_t{};
     }
 
-	std::cout << "3\n";
-
     // in case we're the sender of this commit
     // we need to pull the cached state from our outbound cache
     std::optional<::mlspp::State> optionalCachedState = std::nullopt;
     if (outboundCachedGroupState_) {
         optionalCachedState = *(outboundCachedGroupState_.get());
     }
 
-	std::cout << "4\n";
-
     auto newState = stateWithProposals_->handle(commitMessage, optionalCachedState);
 
-	std::cout << "5\n";
-
     if (!newState) {
         DISCORD_LOG(LS_ERROR) << "MLS commit handling did not produce a new state";
         return failed_t{};
     }
 
-	std::cout << "6\n";
-
     DISCORD_LOG(LS_INFO) << "Successfully processed MLS commit, updating state; our leaf index is "
                          << newState->index().val << "; current epoch is " << newState->epoch();
 
-	std::cout << "7\n";
-
     RosterMap ret = ReplaceState(std::make_unique<::mlspp::State>(std::move(*newState)));
 
-	std::cout << "8\n";
-
     // reset the outbound cached group since we handled the commit for this epoch
     outboundCachedGroupState_.reset();
 
-	std::cout << "9\n";
-
     ClearPendingState();
 
-	std::cout << "10\n";
-
     return ret;
 }
 catch (const std::exception& e) {
@@ -396,7 +376,7 @@ std::optional<RosterMap> Session::ProcessWelcome(
   std::set<std::string> const& recognizedUserIDs) noexcept
 try {
     if (!HasCryptographicStateForWelcome()) {
-        DISCORD_LOG(LS_ERROR) << "Missing local cyrpto state necessary to process MLS welcome";
+        DISCORD_LOG(LS_ERROR) << "Missing local crypto state necessary to process MLS welcome";
         return std::nullopt;
     }
 

src/dpp/discordvoiceclient.cpp

@@ -77,6 +77,7 @@ static std::string external_ip;
 struct dave_transient_key {
 	std::shared_ptr<::mlspp::SignaturePrivateKey> mls_key;
 	std::vector<uint8_t> cached_commit;
+	uint64_t transition_id{0};
 };
 
 struct dave_encryptors {
@@ -497,10 +498,20 @@ int discord_voice_client::udp_recv(char* data, size_t max_length)
 	return (int) recv(this->fd, data, (int)max_length, 0);
 }
 
+uint16_t dave_binary_header_t::get_welcome_transition_id() const {
+	uint16_t transition{0};
+	std::memcpy(&transition, package, sizeof(uint16_t));
+	return ntohs(transition);
+}
+
 std::vector<uint8_t> dave_binary_header_t::get_data(size_t length) const {
 	return std::vector<uint8_t>(package, package + length - sizeof(dave_binary_header_t));
 }
 
+std::vector<uint8_t> dave_binary_header_t::get_welcome_data(size_t length) const {
+	return std::vector<uint8_t>(package + sizeof(uint16_t), package + length - sizeof(dave_binary_header_t));
+}
+
 bool discord_voice_client::handle_frame(const std::string &data, ws_opcode opcode)
 {
 	json j;
@@ -516,31 +527,14 @@ bool discord_voice_client::handle_frame(const std::string &data, ws_opcode opcod
 			case voice_client_dave_mls_external_sender: {
 				log(ll_debug, "voice_client_dave_mls_external_sender");
 
-
-				dave_session = std::make_unique<dave::mls::Session>(
-					nullptr, sessionid, [this](std::string const& s1, std::string const& s2) {
-						log(ll_debug, "Dave session constructor callback: " + s1 + ", " + s2);
-					});
-
 				dave_session->SetExternalSender(dave_header->get_data(data.length()));
 
-				transient_key = std::make_unique<dave_transient_key>();
-				dave_session->Init(dave::MaxSupportedProtocolVersion(), channel_id, creator->me.id.str(), transient_key->mls_key);
-
 				encryptors = std::make_unique<dave_encryptors>();
 				encryptors->encryptor = std::make_unique<dave::Encryptor>();
 				/**
 				 * TODO: There should be one of these per user but only one of the encryptor, above
 				 */
 				encryptors->decryptor = std::make_unique<dave::Decryptor>();
-
-				auto epoch = dave_session->GetLastEpochAuthenticator();
-
-				auto key_response = dave_session->GetMarshalledKeyPackage();
-				key_response.insert(key_response.begin(), voice_client_dave_mls_key_package);
-				this->write(std::string_view(reinterpret_cast<const char*>(key_response.data()), key_response.size()), OP_BINARY);
-
-				encryptors->encryptor->SetKeyRatchet(dave_session->GetKeyRatchet(creator->me.id.str()));
 			}
 			break;
 			case voice_client_dave_mls_proposals: {
@@ -562,20 +556,30 @@ bool discord_voice_client::handle_frame(const std::string &data, ws_opcode opcod
 					log(ll_debug, "Setting decryptor key ratchet for user: " + user + ", protocol version: " + std::to_string(dave_session->GetProtocolVersion()));
 					encryptors->decryptor->TransitionToKeyRatchet(dave_session->GetKeyRatchet(user));
 				}
+				encryptors->encryptor->SetKeyRatchet(dave_session->GetKeyRatchet(creator->me.id.str()));
+
+				/**
+				 * https://www.ietf.org/archive/id/draft-ietf-mls-protocol-14.html#name-epoch-authenticators
+				 * 9.7. Epoch Authenticators
+				 * The main MLS key schedule provides a per-epoch epoch_authenticator. If one member of the group is being impersonated by an active attacker,
+				 * the epoch_authenticator computed by their client will differ from those computed by the other group members.
+				 */
+				auto epoch = dave_session->GetLastEpochAuthenticator();
+				log(ll_debug, "DAVE epoch authenticator: " + dpp::base64_encode((unsigned char const*)epoch.data(), epoch.size()));
 			}
 			break;
 			case voice_client_dave_mls_welcome: {
-				log(ll_debug, "voice_client_dave_mls_welcome");
-				auto user_list_with_me = dave_mls_user_list;
-				user_list_with_me.emplace(creator->me.id.str());
-				for (const auto& user : user_list_with_me) {
-					std::cout << "USER: " << user << "\n";
+				this->transient_key->transition_id = dave_header->get_welcome_transition_id();
+				log(ll_debug, "voice_client_dave_mls_welcome with transition id " + std::to_string(this->transient_key->transition_id));
+				auto r = dave_session->ProcessWelcome(dave_header->get_welcome_data(data.length()), dave_mls_user_list);
+				if (r.has_value()) {
+					for (const auto& user_key_pair : r.value()) {
+						std::cout << "WEL: " << user_key_pair.first << "\n";
+					}
+					encryptors->encryptor->SetKeyRatchet(dave_session->GetKeyRatchet(creator->me.id.str()));
+				} else {
+					std::cout << "Welcome has no value\n";
 				}
-				auto r = dave_session->ProcessWelcome(dave_header->get_data(data.length()), user_list_with_me);
-			}
-			break;
-			case voice_client_dave_mls_invalid_commit_welcome: {
-				log(ll_debug, "voice_client_dave_mls_invalid_commit_welcome");
 			}
 			break;
 			default:
@@ -632,6 +636,43 @@ bool discord_voice_client::handle_frame(const std::string &data, ws_opcode opcod
 				log(ll_debug, "Number of clients in voice channel: " + std::to_string(dave_mls_user_list.size()));
 			}
 			break;
+			case voice_client_dave_mls_invalid_commit_welcome: {
+				this->transient_key->transition_id = j["d"]["transition_id"];
+				log(ll_debug, "voice_client_dave_mls_invalid_commit_welcome transition id " + std::to_string(this->transient_key->transition_id));
+			}
+			break;
+			case voice_client_dave_execute_transition: {
+				log(ll_debug, "voice_client_dave_execute_transition");
+				this->transient_key->transition_id = j["d"]["transition_id"];
+				json obj = {
+					{ "op", voice_client_dave_transition_ready },
+					{
+					  "d",
+						{
+							{ "transition_id", this->transient_key->transition_id },
+						}
+					}
+				};
+				this->write(obj.dump(-1, ' ', false, json::error_handler_t::replace), OP_TEXT);
+			}
+			break;
+			/* "The protocol only uses this opcode to indicate when a downgrade to protocol version 0 is upcoming." */
+			case voice_client_dave_prepare_transition: {
+				uint64_t transition_id = j["d"]["transition_id"];
+				uint64_t protocol_version = j["d"]["protocol_version"];
+				log(ll_debug, "voice_client_dave_prepare_transition version=" + std::to_string(protocol_version) + " for transition " + std::to_string(transition_id));
+			}
+			break;
+			case voice_client_dave_prepare_epoch: {
+				uint64_t protocol_version = j["d"]["protocol_version"];
+				uint64_t epoch = j["d"]["epoch"];
+				log(ll_debug, "voice_client_dave_prepare_epoch version=" + std::to_string(protocol_version) + " for epoch " + std::to_string(epoch));
+				if (epoch == 1) {
+					dave_session->Reset();
+					dave_session->Init(dave::MaxSupportedProtocolVersion(), channel_id, creator->me.id.str(), transient_key->mls_key);
+				}
+			}
+			break;
 			/* Client Disconnect */
 			case voice_opcode_client_disconnect: {
 				if (j.find("d") != j.end() && j["d"].find("user_id") != j["d"].end() && !j["d"]["user_id"].is_null()) {
@@ -739,6 +780,17 @@ bool discord_voice_client::handle_frame(const std::string &data, ws_opcode opcod
 						dave_version = dave_version_none;
 						send_silence(20);
 					}
+
+					dave_session = std::make_unique<dave::mls::Session>(
+						nullptr, "" /* sessionid */, [this](std::string const& s1, std::string const& s2) {
+							log(ll_debug, "Dave session constructor callback: " + s1 + ", " + s2);
+						});
+					transient_key = std::make_unique<dave_transient_key>();
+					dave_session->Init(dave::MaxSupportedProtocolVersion(), channel_id, creator->me.id.str(), transient_key->mls_key);
+					auto key_response = dave_session->GetMarshalledKeyPackage();
+					key_response.insert(key_response.begin(), voice_client_dave_mls_key_package);
+					this->write(std::string_view(reinterpret_cast<const char*>(key_response.data()), key_response.size()), OP_BINARY);
+
 				} else {
 					/* This is needed to start voice receiving and make sure that the start of sending isn't cut off */
 					send_silence(20);