-
Notifications
You must be signed in to change notification settings - Fork 6
/
handshake.go
128 lines (114 loc) · 4.23 KB
/
handshake.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
// 2023 © Whatsmeow
// Redeveloped by Amirul Dev
package waSocket
import (
"bytes"
"fmt"
"time"
"google.golang.org/protobuf/proto"
waProto "github.com/amiruldev20/waSocket/binary/proto"
"github.com/amiruldev20/waSocket/socket"
"github.com/amiruldev20/waSocket/util/keys"
)
const NoiseHandshakeResponseTimeout = 20 * time.Second
// doHandshake implements the Noise_XX_25519_AESGCM_SHA256 handshake for the WhatsApp web API.
func (cli *Client) doHandshake(fs *socket.FrameSocket, ephemeralKP keys.KeyPair) error {
nh := socket.NewNoiseHandshake()
nh.Start(socket.NoiseStartPattern, fs.Header)
nh.Authenticate(ephemeralKP.Pub[:])
data, err := proto.Marshal(&waProto.HandshakeMessage{
ClientHello: &waProto.HandshakeClientHello{
Ephemeral: ephemeralKP.Pub[:],
},
})
if err != nil {
return fmt.Errorf("failed to marshal handshake message: %w", err)
}
err = fs.SendFrame(data)
if err != nil {
return fmt.Errorf("failed to send handshake message: %w", err)
}
var resp []byte
select {
case resp = <-fs.Frames:
case <-time.After(NoiseHandshakeResponseTimeout):
return fmt.Errorf("timed out waiting for handshake response")
}
var handshakeResponse waProto.HandshakeMessage
err = proto.Unmarshal(resp, &handshakeResponse)
if err != nil {
return fmt.Errorf("failed to unmarshal handshake response: %w", err)
}
serverEphemeral := handshakeResponse.GetServerHello().GetEphemeral()
serverStaticCiphertext := handshakeResponse.GetServerHello().GetStatic()
certificateCiphertext := handshakeResponse.GetServerHello().GetPayload()
if len(serverEphemeral) != 32 || serverStaticCiphertext == nil || certificateCiphertext == nil {
return fmt.Errorf("missing parts of handshake response")
}
serverEphemeralArr := *(*[32]byte)(serverEphemeral)
nh.Authenticate(serverEphemeral)
err = nh.MixSharedSecretIntoKey(*ephemeralKP.Priv, serverEphemeralArr)
if err != nil {
return fmt.Errorf("failed to mix server ephemeral key in: %w", err)
}
staticDecrypted, err := nh.Decrypt(serverStaticCiphertext)
if err != nil {
return fmt.Errorf("failed to decrypt server static ciphertext: %w", err)
} else if len(staticDecrypted) != 32 {
return fmt.Errorf("unexpected length of server static plaintext %d (expected 32)", len(staticDecrypted))
}
err = nh.MixSharedSecretIntoKey(*ephemeralKP.Priv, *(*[32]byte)(staticDecrypted))
if err != nil {
return fmt.Errorf("failed to mix server static key in: %w", err)
}
certDecrypted, err := nh.Decrypt(certificateCiphertext)
if err != nil {
return fmt.Errorf("failed to decrypt noise certificate ciphertext: %w", err)
}
var cert waProto.NoiseCertificate
err = proto.Unmarshal(certDecrypted, &cert)
if err != nil {
return fmt.Errorf("failed to unmarshal noise certificate: %w", err)
}
certDetailsRaw := cert.GetDetails()
certSignature := cert.GetSignature()
if certDetailsRaw == nil || certSignature == nil {
return fmt.Errorf("missing parts of noise certificate")
}
var certDetails waProto.NoiseCertificate_Details
err = proto.Unmarshal(certDetailsRaw, &certDetails)
if err != nil {
return fmt.Errorf("failed to unmarshal noise certificate details: %w", err)
} else if !bytes.Equal(certDetails.GetKey(), staticDecrypted) {
return fmt.Errorf("cert key doesn't match decrypted static")
}
encryptedPubkey := nh.Encrypt(cli.Store.NoiseKey.Pub[:])
err = nh.MixSharedSecretIntoKey(*cli.Store.NoiseKey.Priv, serverEphemeralArr)
if err != nil {
return fmt.Errorf("failed to mix noise private key in: %w", err)
}
clientFinishPayloadBytes, err := proto.Marshal(cli.Store.GetClientPayload())
if err != nil {
return fmt.Errorf("failed to marshal client finish payload: %w", err)
}
encryptedClientFinishPayload := nh.Encrypt(clientFinishPayloadBytes)
data, err = proto.Marshal(&waProto.HandshakeMessage{
ClientFinish: &waProto.HandshakeClientFinish{
Static: encryptedPubkey,
Payload: encryptedClientFinishPayload,
},
})
if err != nil {
return fmt.Errorf("failed to marshal handshake finish message: %w", err)
}
err = fs.SendFrame(data)
if err != nil {
return fmt.Errorf("failed to send handshake finish message: %w", err)
}
ns, err := nh.Finish(fs, cli.handleFrame, cli.onDisconnect)
if err != nil {
return fmt.Errorf("failed to create noise socket: %w", err)
}
cli.socket = ns
return nil
}