blackteay/open-im-server
1
0
Fork 0
mirror of https://github.com/openimsdk/open-im-server.git synced 2025-10-25 12:42:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
open-im-server/internal/rpc/encryption/config.go
wujunhui b4c925e910 feat: add end-to-end encryption support
2025-07-24 15:46:32 +08:00

112 lines
3.7 KiB
Go
Raw Blame History

// Copyright © 2024 OpenIM. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package encryption
import (
"time"
"github.com/openimsdk/open-im-server/v3/pkg/common/config"
)
// PrometheusConfig contains Prometheus configuration
type PrometheusConfig struct {
Enable bool `yaml:"enable"`
Ports []int `yaml:"ports"`
}
// Config represents the configuration for encryption service
type Config struct {
RpcConfig config.RPC `yaml:"rpc"`
MongodbConfig config.Mongo `yaml:"mongo"`
Discovery config.Discovery `yaml:"discovery"`
PrometheusConfig PrometheusConfig `yaml:"prometheus"`
EncryptionConfig EncryptionConfig `yaml:"encryption"`
}
// EncryptionConfig contains encryption-specific configuration
type EncryptionConfig struct {
Mode string `yaml:"mode"` // "aes", "signal", "hybrid"
AES AESConfig `yaml:"aes"`
Signal SignalConfig `yaml:"signal"`
}
// AESConfig contains AES encryption configuration
type AESConfig struct {
Enabled bool `yaml:"enabled"`
}
// SignalConfig contains Signal Protocol configuration
type SignalConfig struct {
Enabled bool `yaml:"enabled"`
PreKeyBatch int `yaml:"preKeyBatch"`
KeyRotationInterval time.Duration `yaml:"keyRotationInterval"`
SessionCleanupInterval time.Duration `yaml:"sessionCleanupInterval"`
PrekeyCleanupInterval time.Duration `yaml:"prekeyCleanupInterval"`
// Security settings
MaxOneTimePreKeys int `yaml:"maxOneTimePreKeys"`
MaxSessionsPerDevice int `yaml:"maxSessionsPerDevice"`
// Validation settings
ValidateSignatures bool `yaml:"validateSignatures"`
RequireIdentityKeys bool `yaml:"requireIdentityKeys"`
}
// GetEncryptionMode returns the current encryption mode
func (c *Config) GetEncryptionMode() string {
if c.EncryptionConfig.Mode == "" {
return "aes" // default to AES for compatibility
}
return c.EncryptionConfig.Mode
}
// IsSignalEnabled returns true if Signal Protocol is enabled
func (c *Config) IsSignalEnabled() bool {
return c.EncryptionConfig.Signal.Enabled &&
(c.EncryptionConfig.Mode == "signal" || c.EncryptionConfig.Mode == "hybrid")
}
// IsAESEnabled returns true if AES encryption is enabled
func (c *Config) IsAESEnabled() bool {
return c.EncryptionConfig.AES.Enabled ||
c.EncryptionConfig.Mode == "aes" ||
c.EncryptionConfig.Mode == "hybrid"
}
// GetSignalConfig returns Signal Protocol configuration
func (c *Config) GetSignalConfig() *SignalConfig {
// Set defaults if not specified
if c.EncryptionConfig.Signal.PreKeyBatch == 0 {
c.EncryptionConfig.Signal.PreKeyBatch = 100
}
if c.EncryptionConfig.Signal.KeyRotationInterval == 0 {
c.EncryptionConfig.Signal.KeyRotationInterval = 7 * 24 * time.Hour // 7 days
}
if c.EncryptionConfig.Signal.SessionCleanupInterval == 0 {
c.EncryptionConfig.Signal.SessionCleanupInterval = 30 * 24 * time.Hour // 30 days
}
if c.EncryptionConfig.Signal.PrekeyCleanupInterval == 0 {
c.EncryptionConfig.Signal.PrekeyCleanupInterval = 7 * 24 * time.Hour // 7 days
}
if c.EncryptionConfig.Signal.MaxOneTimePreKeys == 0 {
c.EncryptionConfig.Signal.MaxOneTimePreKeys = 100
}
if c.EncryptionConfig.Signal.MaxSessionsPerDevice == 0 {
c.EncryptionConfig.Signal.MaxSessionsPerDevice = 1000
}
return &c.EncryptionConfig.Signal
}
Reference in New Issue View Git Blame Copy Permalink