From 37293469619a39584425a3d360114cd50db8e655 Mon Sep 17 00:00:00 2001
From: Cory McWilliams <cory@unprompted.com>
Date: Tue, 16 Aug 2022 02:38:25 +0000
Subject: [PATCH] I decrypted a private message.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3965 ed5197a5-7fde-0310-b194-c3ffbd925b24
---
 src/ssb.db.c | 45 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 36 insertions(+), 9 deletions(-)

diff --git a/src/ssb.db.c b/src/ssb.db.c
index 49b1c9a7..82847c01 100644
--- a/src/ssb.db.c
+++ b/src/ssb.db.c
@@ -802,13 +802,13 @@ bool tf_ssb_db_identity_get_private_key(tf_ssb_t* ssb, const char* user, const c
 static void _test_private(sqlite3* db, const uint8_t* private_key)
 {
 	sqlite3_stmt* statement = NULL;
-	if (sqlite3_prepare(db, "SELECT content FROM messages WHERE content LIKE '\"%.box\"'", -1, &statement, NULL) == SQLITE_OK)
+	if (sqlite3_prepare(db, "SELECT content FROM messages WHERE content LIKE '\"%%.box\"'", -1, &statement, NULL) == SQLITE_OK)
 	{
 		while (sqlite3_step(statement) == SQLITE_ROW)
 		{
 			uint8_t buffer[8192];
-			//printf("==> %s\n", sqlite3_column_text(statement, 0));
 			int r = base64c_decode(sqlite3_column_text(statement, 0) + 1, sqlite3_column_bytes(statement, 0) - strlen("\".box\""), buffer, sizeof(buffer));
+
 			if (r > 1)
 			{
 				uint8_t* nonce = buffer;
@@ -816,19 +816,38 @@ static void _test_private(sqlite3* db, const uint8_t* private_key)
 				if (public_key + 32 < buffer + r)
 				{
 					uint8_t shared_secret[crypto_scalarmult_curve25519_SCALARBYTES];
-					if (crypto_scalarmult_curve25519(shared_secret, private_key, public_key) == 0)
+					if (crypto_scalarmult(shared_secret, private_key, public_key) == 0)
 					{
-						for (uint8_t* p = public_key + 32; p < buffer + r + 49; p += 49)
+						for (uint8_t* p = buffer + 24 + 32; p <= buffer + r - 49; p += 49)
 						{
 							uint8_t out[49];
-							if (crypto_secretbox_open_easy(out, p, 49, nonce, shared_secret) == 0)
+							int o = crypto_secretbox_open_easy(out, p, 49, nonce, shared_secret);
+							if (o != -1)
 							{
-								printf("opened secret box!\n");
+								int recipients = (int)out[0];
+								uint8_t* body = buffer + 24 + 32 + 49 * recipients;
+								size_t body_size = buffer + r - body;
+
+								uint8_t result[8192];
+
+								uint8_t* key = out + 1;
+								if (crypto_secretbox_open_easy(result, body, body_size, nonce, key) != -1)
+								{
+									printf("%.*s\n", (int)body_size, result);
+								}
 							}
 						}
 					}
+					else
+					{
+						printf("scalarmult failed\n");
+					}
 				}
 			}
+			else
+			{
+				printf("base64 failed\n");
+			}
 		}
 		sqlite3_finalize(statement);
 	}
@@ -841,12 +860,20 @@ void tf_ssb_db_private(sqlite3* db)
 	{
 		while (sqlite3_step(statement) == SQLITE_ROW)
 		{
-			uint8_t private_key[crypto_sign_SECRETKEYBYTES];
+			uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 };
 			printf("-> %s\n", sqlite3_column_text(statement, 0));
 			int r = base64c_decode(sqlite3_column_text(statement, 1), sqlite3_column_bytes(statement, 1) - strlen(".ed25519"), private_key, sizeof(private_key));
-			if (r > 0)
+			if (r == sizeof(private_key))
 			{
-				_test_private(db, private_key);
+				uint8_t key[crypto_sign_SECRETKEYBYTES] = { 0 };
+				if (crypto_sign_ed25519_sk_to_curve25519(key, private_key) != 0)
+				{
+					printf("key convert failed\n");
+				}
+				else
+				{
+					_test_private(db, key);
+				}
 			}
 		}
 		sqlite3_finalize(statement);