Merge pull request #66 from sachaaaaa/session_reset

Handle session reset, Loki style

_locales/en/messages.json

@@ -891,8 +891,18 @@
     "description":
       "Confirmation dialog text that asks the user if they really wish to delete the conversation. Answer buttons use the strings 'ok' and 'cancel'. The deletion is permanent, i.e. it cannot be undone."
   },
+  "sessionResetFailed": {
+    "message": "Secure session reset failed",
+    "description":
+      "your secure session could not been transmitted to the other participant."
+  },
+  "sessionResetOngoing": {
+    "message": "Secure session reset in progress",
+    "description":
+      "your secure session is currently being reset, waiting for the reset acknowledgment."
+  },
   "sessionEnded": {
-    "message": "Secure session reset",
+    "message": "Secure session reset succeeded",
     "description":
       "This is a past tense, informational message. In other words, your secure session has been reset."
   },

js/background.js

@@ -347,6 +347,10 @@
           return;
         }
 
+        if (message.isEndSession()) {
+          return;
+        }
+
         if (message.hasErrors()) {
           return;
         }

js/models/conversations.js

@@ -53,6 +53,16 @@
     friends: 4,
   });
 
+  // Possible session reset states
+  const SessionResetEnum = Object.freeze({
+    // No ongoing reset
+    none: 0,
+    // we initiated the session reset
+    initiated: 1,
+    // we received the session reset
+    request_received: 2,
+  });
+
   const COLORS = [
     'red',
     'deep_orange',
@@ -75,6 +85,7 @@
         verified: textsecure.storage.protocol.VerifiedStatus.DEFAULT,
         friendRequestStatus: FriendRequestStatusEnum.none,
         unlockTimestamp: null, // Timestamp used for expiring friend requests.
+        sessionResetStatus: SessionResetEnum.none,
       };
     },
 
@@ -1420,31 +1431,82 @@
     isSearchable() {
       return !this.get('left');
     },
-
+    async setSessionResetStatus(newStatus) {
-    async endSession() {
+      // Ensure that the new status is a valid SessionResetEnum value
-      if (this.isPrivate()) {
+      if (!(newStatus in Object.values(SessionResetEnum)))
-        const now = Date.now();
+        return;
-        const message = this.messageCollection.add({
+      if (this.get('sessionResetStatus') !== newStatus) {
-          conversationId: this.id,
+        this.set({ sessionResetStatus: newStatus });
-          type: 'outgoing',
+        await window.Signal.Data.updateConversation(this.id, this.attributes, {
-          sent_at: now,
+          Conversation: Whisper.Conversation,
-          received_at: now,
-          destination: this.id,
-          recipients: this.getRecipients(),
-          flags: textsecure.protobuf.DataMessage.Flags.END_SESSION,
         });
+      }
+    },
+    async onSessionResetInitiated() {
+      await this.setSessionResetStatus(SessionResetEnum.initiated);
+    },
+    async onSessionResetReceived() {
+      await this.setSessionResetStatus(SessionResetEnum.request_received);
+      // send empty message, this will trigger the new session to propagate
+      // to the reset initiator.
+      await window.libloki.sendEmptyMessage(this.id);
+    },
 
-        const id = await window.Signal.Data.saveMessage(message.attributes, {
+    isSessionResetReceived() {
-          Message: Whisper.Message,
+      return this.get('sessionResetStatus') === SessionResetEnum.request_received;
-        });
+    },
-        message.set({ id });
 
-        const options = this.getSendOptions();
+    isSessionResetOngoing() {
-        message.send(
+      return this.get('sessionResetStatus') !== SessionResetEnum.none;
-          this.wrapSend(
+    },
-            textsecure.messaging.resetSession(this.id, now, options)
+
-          )
+    async createAndStoreEndSessionMessage(attributes) {
-        );
+      const now = Date.now();
+      const message = this.messageCollection.add({
+        conversationId: this.id,
+        type: 'outgoing',
+        sent_at: now,
+        received_at: now,
+        destination: this.id,
+        recipients: this.getRecipients(),
+        flags: textsecure.protobuf.DataMessage.Flags.END_SESSION,
+        ...attributes,
+      });
+
+      const id = await window.Signal.Data.saveMessage(message.attributes, {
+        Message: Whisper.Message,
+      });
+      message.set({ id });
+      return message;
+    },
+
+    async onNewSessionAdopted() {
+      if (this.get('sessionResetStatus') === SessionResetEnum.initiated) {
+        // send empty message to confirm that we have adopted the new session
+        await window.libloki.sendEmptyMessage(this.id);
+      }
+      await this.createAndStoreEndSessionMessage({ type: 'incoming', endSessionType: 'done' });
+      await this.setSessionResetStatus(SessionResetEnum.none);
+    },
+
+    async endSession() {
+      if (this.isPrivate()) {
+        // Only create a new message if *we* initiated the session reset.
+        // On the receiver side, the actual message containing the END_SESSION flag
+        // will ensure the "session reset" message will be added to their conversation.
+        if (this.get('sessionResetStatus') !== SessionResetEnum.request_received) {
+          await this.onSessionResetInitiated();
+          const message = await this.createAndStoreEndSessionMessage({ type: 'outgoing', endSessionType: 'ongoing' });
+          const options = this.getSendOptions();
+          await message.send(
+            this.wrapSend(
+              textsecure.messaging.resetSession(this.id, message.get('sent_at'), options)
+            )
+          );
+          if (message.hasErrors()) {
+            await this.setSessionResetStatus(SessionResetEnum.none);
+          }
+        }
       }
     },
 

js/models/messages.js

@@ -108,6 +108,15 @@
       // eslint-disable-next-line no-bitwise
       return !!(this.get('flags') & flag);
     },
+    getEndSessionTranslationKey() {
+      const sessionType = this.get('endSessionType');
+      if (sessionType === 'ongoing') {
+        return 'sessionResetOngoing';
+      } else if (sessionType === 'failed') {
+        return 'sessionResetFailed';
+      }
+      return 'sessionEnded';
+    },
     isExpirationTimerUpdate() {
       const flag =
         textsecure.protobuf.DataMessage.Flags.EXPIRATION_TIMER_UPDATE;
@@ -174,7 +183,7 @@
         return messages.join(', ');
       }
       if (this.isEndSession()) {
-        return i18n('sessionEnded');
+        return i18n(this.getEndSessionTranslationKey());
       }
       if (this.isIncoming() && this.hasErrors()) {
         return i18n('incomingError');
@@ -294,8 +303,9 @@
       };
     },
     getPropsForResetSessionNotification() {
-      // It doesn't need anything right now!
+      return {
-      return {};
+        sessionResetMessageKey: this.getEndSessionTranslationKey(),
+      };
     },
 
     async acceptFriendRequest() {
@@ -1126,6 +1136,10 @@
       });
       errors = errors.concat(this.get('errors') || []);
 
+      if (this.isEndSession) {
+        this.set({ endSessionType: 'failed'});
+      }
+
       this.set({ errors });
       await window.Signal.Data.saveMessage(this.attributes, {
         Message: Whisper.Message,
@@ -1303,6 +1317,11 @@
                 message.get('received_at')
               );
             }
+          } else {
+            const endSessionType = conversation.isSessionResetReceived()
+              ? 'ongoing'
+              : 'done';
+            this.set({ endSessionType });
           }
           if (type === 'incoming' || type === 'friend-request') {
             const readSync = Whisper.ReadSyncs.forMessage(message);

libloki/libloki-protocol.js

@@ -128,6 +128,10 @@
   }
 
   async function sendFriendRequestAccepted(pubKey) {
+    return sendEmptyMessage(pubKey);
+  }
+
+  async function sendEmptyMessage(pubKey) {
     // empty content message
     const content = new textsecure.protobuf.Content();
 
@@ -159,4 +163,5 @@
   window.libloki.saveContactPreKeyBundle = saveContactPreKeyBundle;
   window.libloki.removeContactPreKeyBundle = removeContactPreKeyBundle;
   window.libloki.sendFriendRequestAccepted = sendFriendRequestAccepted;
+  window.libloki.sendEmptyMessage = sendEmptyMessage;
 })();

libtextsecure/message_receiver.js

@@ -717,11 +717,72 @@ MessageReceiver.prototype.extend({
       deviceId: parseInt(textsecure.storage.user.getDeviceId(), 10),
     };
 
+    let conversation;
+    try {
+      conversation = await window.ConversationController.getOrCreateAndWait(envelope.source, 'private');
+    } catch (e) {
+      window.log.info('Error getting conversation: ', envelope.source);
+    }
+    const getCurrentSessionBaseKey = async () => {
+      const record = await sessionCipher.getRecord(address.toString());
+      if (!record)
+        return null;
+      const openSession = record.getOpenSession();
+      if (!openSession)
+        return null;
+      const { baseKey } = openSession.indexInfo;
+      return baseKey
+    };
+    const captureActiveSession = async () => {
+      this.activeSessionBaseKey = await getCurrentSessionBaseKey(sessionCipher);
+    };
+    const restoreActiveSession = async () => {
+      const record = await sessionCipher.getRecord(address.toString());
+      if (!record)
+        return
+      record.archiveCurrentState();
+      const sessionToRestore = record.sessions[this.activeSessionBaseKey];
+      record.promoteState(sessionToRestore);
+      record.updateSessionState(sessionToRestore);
+      await textsecure.storage.protocol.storeSession(address.toString(), record.serialize());
+    };
+    const deleteAllSessionExcept = async (sessionBaseKey) => {
+      const record = await sessionCipher.getRecord(address.toString());
+      if (!record)
+        return
+      const sessionToKeep = record.sessions[sessionBaseKey];
+      record.sessions = {}
+      record.updateSessionState(sessionToKeep);
+      await textsecure.storage.protocol.storeSession(address.toString(), record.serialize());
+    };
+    let handleSessionReset;
+    if (conversation.isSessionResetOngoing()) {
+      handleSessionReset = async (result) => {
+        const currentSessionBaseKey = await getCurrentSessionBaseKey(sessionCipher);
+        if (this.activeSessionBaseKey && currentSessionBaseKey !== this.activeSessionBaseKey) {
+          if (conversation.isSessionResetReceived()) {
+            await restoreActiveSession();
+          } else {
+            await deleteAllSessionExcept(currentSessionBaseKey);
+            await conversation.onNewSessionAdopted();
+          }
+        } else if (conversation.isSessionResetReceived()) {
+          await deleteAllSessionExcept(this.activeSessionBaseKey);
+          await conversation.onNewSessionAdopted();
+        }
+        return result;
+      };
+    } else {
+      handleSessionReset = async (result) => result;
+    }
+
     switch (envelope.type) {
       case textsecure.protobuf.Envelope.Type.CIPHERTEXT:
         window.log.info('message from', this.getEnvelopeId(envelope));
-        promise = sessionCipher.decryptWhisperMessage(ciphertext)
+        promise = captureActiveSession()
-          .then(this.unpad);
+          .then(() => sessionCipher.decryptWhisperMessage(ciphertext))
+          .then(this.unpad)
+          .then(handleSessionReset);
         break;
       case textsecure.protobuf.Envelope.Type.FRIEND_REQUEST: {
         window.log.info('friend-request message from ', envelope.source);
@@ -731,11 +792,13 @@ MessageReceiver.prototype.extend({
       }
       case textsecure.protobuf.Envelope.Type.PREKEY_BUNDLE:
         window.log.info('prekey message from', this.getEnvelopeId(envelope));
-        promise = this.decryptPreKeyWhisperMessage(
+        promise = captureActiveSession(sessionCipher)
-          ciphertext,
+          .then(() => this.decryptPreKeyWhisperMessage(
-          sessionCipher,
+            ciphertext,
-          address
+            sessionCipher,
-        );
+            address
+          ))
+          .then(handleSessionReset);
         break;
       case textsecure.protobuf.Envelope.Type.UNIDENTIFIED_SENDER:
         window.log.info('received unidentified sender message');
@@ -1282,19 +1345,42 @@ MessageReceiver.prototype.extend({
   async handleEndSession(number) {
     window.log.info('got end session');
     const deviceIds = await textsecure.storage.protocol.getDeviceIds(number);
+    const identityKey = StringView.hexToArrayBuffer(number);
+    let conversation;
+    try {
+      conversation = window.ConversationController.get(number);
+    } catch (e) {
+      window.log.error('Error getting conversation: ', number);
+    }
 
-    return Promise.all(
+    // Bail early if a session reset is already ongoing
-      deviceIds.map(deviceId => {
+    if (conversation.isSessionResetOngoing()) {
+      return;
+    }
+
+    await Promise.all(
+      deviceIds.map(async deviceId => {
         const address = new libsignal.SignalProtocolAddress(number, deviceId);
-        const sessionCipher = new libsignal.SessionCipher(
+        // Instead of deleting the sessions now,
+        // we process the new prekeys and initiate a new session.
+        // The old sessions will get deleted once the correspondant
+        // has switch the the new session.
+        const [preKey, signedPreKey] = await Promise.all([
+          textsecure.storage.protocol.loadContactPreKey(number),
+          textsecure.storage.protocol.loadContactSignedPreKey(number),
+        ]);
+        if (preKey === undefined || signedPreKey === undefined) {
+          return;
+        }
+        const device = { identityKey, deviceId, preKey, signedPreKey, registrationId: 0 }
+        const builder = new libsignal.SessionBuilder(
           textsecure.storage.protocol,
           address
         );
-
+        builder.processPreKey(device);
-        window.log.info('deleting sessions for', address.toString());
-        return sessionCipher.deleteAllSessionsForDevice();
       })
     );
+    await conversation.onSessionResetReceived();
   },
   processDecrypted(envelope, decrypted, source) {
     /* eslint-disable no-bitwise, no-param-reassign */

libtextsecure/outgoing_message.js

@@ -119,7 +119,12 @@ OutgoingMessage.prototype = {
             if (device.registrationId === 0) {
               window.log.info('device registrationId 0!');
             }
-            return builder.processPreKey(device).then(() => true).catch(error => {
+            return builder.processPreKey(device).then(async () => {
+              // TODO: only remove the keys that were used above!
+              await window.libloki.removePreKeyBundleForNumber(number);
+              return true;
+            }
+            ).catch(error => {
               if (error.message === 'Identity key changed') {
                 // eslint-disable-next-line no-param-reassign
                 error.timestamp = this.timestamp;
@@ -285,12 +290,17 @@ OutgoingMessage.prototype = {
 
         // Check if we need to attach the preKeys
         let sessionCipher;
-        if (this.messageType === 'friend-request') {
+        const isFriendRequest = this.messageType === 'friend-request';
+        const flags = this.message.dataMessage ? this.message.dataMessage.get_flags() : null;
+        const isEndSession = flags === textsecure.protobuf.DataMessage.Flags.END_SESSION;
+        if (isFriendRequest || isEndSession) {
           // Encrypt them with the fallback
           const pkb = await libloki.getPreKeyBundleForContact(number);
           const preKeyBundleMessage = new textsecure.protobuf.PreKeyBundleMessage(pkb);
           this.message.preKeyBundleMessage = preKeyBundleMessage;
           window.log.info('attaching prekeys to outgoing message');
+        }
+        if (isFriendRequest) {
           sessionCipher = fallBackCipher;
         } else {
           sessionCipher = new libsignal.SessionCipher(

libtextsecure/sendmessage.js

@@ -691,6 +691,17 @@ MessageSender.prototype = {
       window.log.error(prefix, error && error.stack ? error.stack : error);
       throw error;
     };
+    // The actual deletion of the session now happens later
+    // as we need to ensure the other contact has successfully
+    // switch to a new session first.
+    return this.sendIndividualProto(
+      number,
+      proto,
+      timestamp,
+      silent,
+      options
+    ).catch(logError('resetSession/sendToContact error:'));
+    /*
     const deleteAllSessions = targetNumber =>
       textsecure.storage.protocol.getDeviceIds(targetNumber).then(deviceIds =>
         Promise.all(
@@ -741,6 +752,7 @@ MessageSender.prototype = {
     ).catch(logError('resetSession/sendSync error:'));
 
     return Promise.all([sendToContact, sendSync]);
+    */
   },
 
   sendMessageToGroup(

ts/components/conversation/ResetSessionNotification.tsx

@@ -4,15 +4,16 @@ import { Localizer } from '../../types/Util';
 
 interface Props {
   i18n: Localizer;
+  sessionResetMessageKey: string;
 }
 
 export class ResetSessionNotification extends React.Component<Props> {
   public render() {
-    const { i18n } = this.props;
+    const { i18n, sessionResetMessageKey } = this.props;
 
     return (
       <div className="module-reset-session-notification">
-        {i18n('sessionEnded')}
+        { i18n(sessionResetMessageKey) }
       </div>
     );
   }