Merge pull request #5 from Freedom-Club-Sec/refactor/strandlock-protocol-support

Refactor/strandlock protocol support

Author: chadsec1

app/logic/message.py

@@ -1,35 +1,17 @@
 from app.db.sqlite import get_db, check_user_exists
 from app.db.redis import get_redis, get_redis_list
-from app.utils.helper_utils import valid_b64
-from base64 import b64decode
 import json
 import logging
 
 redis_client = get_redis()
 
-def otp_batch_processor(user_id: str, recipient_id: str, otp_hashchain_ciphertext: str, otp_hashchain_signature: str) -> None:
+def message_processor(user_id: str, recipient_id: str, ciphertext_blob: str) -> None:
     if not check_user_exists(recipient_id):
         raise ValueError("Recipient_id does not exist")
 
     payload = {
         "sender": user_id,
-        "msg_type": "new_otp_batch",
-        "otp_hashchain_ciphertext": otp_hashchain_ciphertext,
-        "otp_hashchain_signature": otp_hashchain_signature,
-        "data_type": "message"
-    } 
-
-    redis_client.rpush(recipient_id, json.dumps(payload))
-
-
-def otp_message_processor(user_id: str, recipient_id: str, message_encrypted: str) -> None:
-    if not check_user_exists(recipient_id):
-        raise ValueError("Recipient_id does not exist")
-
-    payload = {
-        "sender": user_id,
-        "msg_type": "new_message",
-        "message_encrypted": message_encrypted,
+        "ciphertext_blob": ciphertext_blob,
         "data_type": "message"
     } 
 

app/logic/pfs.py

@@ -7,7 +7,7 @@
 redis_client = get_redis()
 
 
-def ephemeral_keys_processor(user_id: str, recipient_id: str, publickeys_hashchain: str, hashchain_signature: str, pfs_type: str) -> None:
+def ephemeral_keys_processor(user_id: str, recipient_id: str, ciphertext_blob: str) -> None:
     if not check_user_exists(recipient_id):
         raise ValueError("Recipient_id does not exist")
 
@@ -17,10 +17,8 @@ def ephemeral_keys_processor(user_id: str, recipient_id: str, publickeys_hashcha
 
     payload = {
         "sender": user_id,
-        "publickeys_hashchain": publickeys_hashchain,
-        "hashchain_signature": hashchain_signature,
+        "ciphertext_blob": ciphertext_blob,
         "data_type": "pfs",
-        "pfs_type": pfs_type
     } 
 
     redis_client.rpush(recipient_id, json.dumps(payload))

app/routes/message.py

@@ -1,9 +1,7 @@
 from fastapi import APIRouter, Request, HTTPException, Response, Depends
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from pydantic import BaseModel, validator
-from base64 import b64encode, b64decode
-from app.core.crypto import verify_signature
-from app.logic.message import otp_batch_processor, otp_message_processor
+from app.logic.message import message_processor
 from app.utils.helper_utils import valid_b64
 from app.utils.jwt import verify_jwt_token
 from app.core.constants import (
@@ -17,71 +15,30 @@
 
 router = APIRouter()
 
-class PadsPayload(BaseModel):
-    otp_hashchain_ciphertext: str
-    otp_hashchain_signature : str 
-    recipient               : str
+class SendPayload(BaseModel):
+    ciphertext_blob: str
+    recipient      : str
 
-class SendMessagePayload(BaseModel):
-    message_encrypted: str
-    recipient        : str
-
-@router.post("/messages/send_pads")
-async def message_send_pads(payload: PadsPayload, response: Response, user=Depends(verify_jwt_token)):
-    otp_hashchain_ciphertext = payload.otp_hashchain_ciphertext
-    otp_hashchain_signature  = payload.otp_hashchain_signature
-    recipient                = payload.recipient
+@router.post("/messages/send")
+async def message_send(payload: SendPayload, response: Response, user=Depends(verify_jwt_token)):
+    ciphertext_blob = payload.ciphertext_blob
+    recipient  = payload.recipient
 
     user_id = user["id"]
- 
-
-    # ML-KEM-1024 ciphertext is always 1568 bytes, and Classic McEliece8192128 is always 208 bytes,
-    # and since our default One-Time-Pad size is around 11 kilobytes (11264)
-    # We can be confident that the decoded ciphertext_blob size must match 551936 bytes
-    # 
-    # 11264 / 32 = 352
-    # 352 x 1568 = 551936
-    # 352 x 208 = 73216
-    # size to match is 551936 + 73216 = 625152
-
-    print(len(b64decode(otp_hashchain_ciphertext)))
-    if (not valid_b64(otp_hashchain_ciphertext)) or len(b64decode(otp_hashchain_ciphertext)) != (OTP_PAD_SIZE // 32) * (ML_KEM_1024_CT_LEN + CLASSIC_MCELIECE_8_F_CT_LEN):   
-        raise HTTPException(status_code=400, detail="Malformed otp_hashchain_ciphertext")
-
-    # Dilithium5 signature is always 4595
-    if (not valid_b64(otp_hashchain_signature)) or len(b64decode(otp_hashchain_signature)) != ML_DSA_87_SIGN_LEN:
-        raise HTTPException(status_code=400, detail="Malformed otp_hashchain_signature")
 
     if (not recipient.isdigit()) or len(recipient) != 16:
         raise HTTPException(status_code=400, detail="Invalid recipient")
 
-    try:
-        await asyncio.to_thread(otp_batch_processor, user_id, recipient, otp_hashchain_ciphertext, otp_hashchain_signature)
-    except ValueError as e:
-        raise HTTPException(status_code=400, detail=e)
-
-    return {"status": "success"}
-
-
-@router.post("/messages/send_message")
-async def message_send_message(payload: SendMessagePayload, response: Response, user=Depends(verify_jwt_token)):
-    message_encrypted = payload.message_encrypted
-    recipient         = payload.recipient
-
-    user_id = user["id"]
+    
+    if (not valid_b64(ciphertext_blob)):
+        raise HTTPException(status_code=400, detail="Malformed ciphertext_blob")
 
-    if (not recipient.isdigit()) or len(recipient) != 16:
-        raise HTTPException(status_code=400, detail="Invalid recipient")
 
-    # 64 is the hash chain output calculated using sha3_512, and 2 is for the padding length field and 1 character is bare minimum for a message
-    if len(message_encrypted) < (64 + 2 + 1):
-        raise HTTPException(status_code=400, detail="Your message is malformed")
 
     try:
-        await asyncio.to_thread(otp_message_processor, user_id, recipient, message_encrypted)
+        await asyncio.to_thread(message_processor, user_id, recipient, ciphertext_blob)
     except ValueError as e:
         raise HTTPException(status_code=400, detail=e)
 
     return {"status": "success"}
 
-

app/routes/pfs.py

@@ -19,52 +19,28 @@
 
 
 class SendKeysPFS(BaseModel):
-    publickeys_hashchain: str
-    hashchain_signature: str
-    pfs_type           : str
-    recipient          : str
+    ciphertext_blob: str
+    recipient      : str
 
 
 
 @router.post("/pfs/send_keys")
 async def pfs_send_keys(payload: SendKeysPFS, response: Response, user=Depends(verify_jwt_token)):
-    publickeys_hashchain = payload.publickeys_hashchain
-    hashchain_signature  = payload.hashchain_signature
-    pfs_type             = payload.pfs_type
-    recipient            = payload.recipient
+    ciphertext_blob = payload.ciphertext_blob
+    recipient  = payload.recipient
 
     user_id = user["id"]
 
+    if (not recipient.isdigit()) or len(recipient) != 16:
+        raise HTTPException(status_code=400, detail="Invalid recipient")
 
-    if not valid_b64(publickeys_hashchain):
-        raise HTTPException(status_code=400, detail="Malformed public_key base64 encoding")
-    
-
-    # ML-KEM-1024 public-key size is always exactly 1568 bytes according to spec
-    # And 64 bytes for our SHA3-512 hash-chain
-    if pfs_type == "partial":
-        if len(b64decode(publickeys_hashchain)) != ML_KEM_1024_PK_LEN + KEYS_HASH_CHAIN_LEN:
-            raise HTTPException(status_code=400, detail="Malformed public_keys")
 
-    # Classic McEliece8192128 public-key size is always exactly 1357824 bytes according to spec
-    # And 64 bytes for our SHA3-512 hash-chain
-    elif pfs_type == "full":
-        if len(b64decode(publickeys_hashchain)) != CLASSIC_MCELIECE_8_F_PK_LEN + ML_KEM_1024_PK_LEN + KEYS_HASH_CHAIN_LEN:
-            raise HTTPException(status_code=400, detail="Malformed public_keys")
-
-    else:
-        raise HTTPException(status_code=400, detail="Malformed pfs_type")
+    if (not valid_b64(ciphertext_blob)):
+        raise HTTPException(status_code=400, detail="Malformed ciphertext_blob")
 
 
-    if (not valid_b64(hashchain_signature)) or len(b64decode(hashchain_signature)) != ML_DSA_87_SIGN_LEN:
-        raise HTTPException(status_code=400, detail="Malformed signature")
-
-
-    if (not recipient.isdigit()) or len(recipient) != 16:
-        raise HTTPException(status_code=400, detail="Invalid recipient")
-
     try:
-        await asyncio.to_thread(ephemeral_keys_processor, user_id, recipient, publickeys_hashchain, hashchain_signature, pfs_type)
+        await asyncio.to_thread(ephemeral_keys_processor, user_id, recipient, ciphertext_blob)
     except ValueError as e:
         return {"status": "failure", "error": e}
 

app/routes/smp.py

@@ -68,8 +68,6 @@ async def smp_step(payload: SMP_Step, response: Response, user=Depends(verify_jw
     if (not recipient.isdigit()) or len(recipient) != 16:
         raise HTTPException(status_code=400, detail="Invalid recipient")
 
-
-
 
     if (not valid_b64(ciphertext_blob)):
         raise HTTPException(status_code=400, detail="Malformed ciphertext_blob")

app/utils/helper_utils.py

@@ -4,6 +4,9 @@
 
 
 def valid_b64(s: str) -> bool:
+    if not s.strip():
+        return False
+
     try:
         b64decode(s, validate=True)
         return True