From 4929f8d8db4487ae1b1520579d2ba8bf75faa92f Mon Sep 17 00:00:00 2001
From: sachaaaaa <sacha@loki.network>
Date: Thu, 26 Sep 2019 16:53:06 +1000
Subject: [PATCH] Move high-level authorisation from message_receivier to
 libloki.crypto

---
 libloki/crypto.js                 | 76 ++++++++++++++++++++++++++++++-
 libtextsecure/message_receiver.js | 74 +-----------------------------
 2 files changed, 76 insertions(+), 74 deletions(-)

diff --git a/libloki/crypto.js b/libloki/crypto.js
index bf0f9b77f..7ee0282cc 100644
--- a/libloki/crypto.js
+++ b/libloki/crypto.js
@@ -174,7 +174,78 @@
     return signature;
   }
 
-  async function verifyPairingAuthorisation(
+  async function validateAuthorisation(authorisation) {
+    const {
+      type,
+      primaryDevicePubKey,
+      secondaryDevicePubKey,
+      requestSignature,
+      grantSignature,
+    } = authorisation;
+    const alreadySecondaryDevice = !!window.storage.get('isSecondaryDevice');
+    const ourPubKey = textsecure.storage.user.getNumber();
+    const isRequest =
+      type === textsecure.protobuf.PairingAuthorisationMessage.Type.REQUEST;
+    const isGrant =
+      type === textsecure.protobuf.PairingAuthorisationMessage.Type.GRANT;
+    if (!primaryDevicePubKey || !secondaryDevicePubKey) {
+      window.log.warn(
+        'Received a pairing request with missing pubkeys. Ignored.'
+      );
+      return false;
+    } else if (!requestSignature) {
+      window.log.warn(
+        'Received a pairing request with missing request signature. Ignored.'
+      );
+      return false;
+    } else if (isRequest && alreadySecondaryDevice) {
+      window.log.warn(
+        'Received a pairing request while being a secondary device. Ignored.'
+      );
+      return false;
+    } else if (isRequest && authorisation.primaryDevicePubKey !== ourPubKey) {
+      window.log.warn(
+        'Received a pairing request addressed to another pubkey. Ignored.'
+      );
+      return false;
+    } else if (isRequest && authorisation.secondaryDevicePubKey === ourPubKey) {
+      window.log.warn('Received a pairing request from ourselves. Ignored.');
+      return false;
+    }
+    try {
+      await this.verifyPairingSignature(
+        primaryDevicePubKey,
+        secondaryDevicePubKey,
+        dcodeIO.ByteBuffer.wrap(requestSignature).toArrayBuffer(),
+        textsecure.protobuf.PairingAuthorisationMessage.Type.REQUEST
+      );
+    } catch (e) {
+      window.log.warn(
+        'Could not verify pairing request authorisation signature. Ignoring message.'
+      );
+      window.log.error(e);
+      return false;
+    }
+    if (isGrant) {
+      try {
+        await this.verifyPairingSignature(
+          primaryDevicePubKey,
+          secondaryDevicePubKey,
+          dcodeIO.ByteBuffer.wrap(grantSignature).toArrayBuffer(),
+          textsecure.protobuf.PairingAuthorisationMessage.Type.GRANT
+        );
+      } catch (e) {
+        window.log.warn(
+          'Could not verify pairing grant authorisation signature. Ignoring message.'
+        );
+        window.log.error(e);
+        return false;
+      }
+    }
+    return true;
+  }
+
+  async function verifyPairingSignature(
     primaryDevicePubKey,
     secondaryPubKey,
     signature,
@@ -233,7 +304,8 @@
     snodeCipher,
     decryptToken,
     generateSignatureForPairing,
-    verifyPairingAuthorisation,
+    verifyPairingSignature,
+    validateAuthorisation,
     // for testing
     _LokiSnodeChannel: LokiSnodeChannel,
     _decodeSnodeAddressToPubKey: decodeSnodeAddressToPubKey,
diff --git a/libtextsecure/message_receiver.js b/libtextsecure/message_receiver.js
index e08b120a6..c5fc2215f 100644
--- a/libtextsecure/message_receiver.js
+++ b/libtextsecure/message_receiver.js
@@ -1047,78 +1047,8 @@ MessageReceiver.prototype.extend({
     }
     return this.removeFromCache(envelope);
   },
-  async validateAuthorisation(authorisation) {
-    const {
-      type,
-      primaryDevicePubKey,
-      secondaryDevicePubKey,
-      requestSignature,
-      grantSignature,
-    } = authorisation;
-    const alreadySecondaryDevice = !!window.storage.get('isSecondaryDevice');
-    const ourPubKey = textsecure.storage.user.getNumber();
-    const isRequest =
-      type === textsecure.protobuf.PairingAuthorisationMessage.Type.REQUEST;
-    const isGrant =
-      type === textsecure.protobuf.PairingAuthorisationMessage.Type.GRANT;
-    if (!primaryDevicePubKey || !secondaryDevicePubKey) {
-      window.log.warn(
-        'Received a pairing request with missing pubkeys. Ignored.'
-      );
-      return false;
-    } else if (!requestSignature) {
-      window.log.warn(
-        'Received a pairing request with missing request signature. Ignored.'
-      );
-      return false;
-    } else if (isRequest && alreadySecondaryDevice) {
-      window.log.warn(
-        'Received a pairing request while being a secondary device. Ignored.'
-      );
-      return false;
-    } else if (isRequest && authorisation.primaryDevicePubKey !== ourPubKey) {
-      window.log.warn(
-        'Received a pairing request addressed to another pubkey. Ignored.'
-      );
-      return false;
-    } else if (isRequest && authorisation.secondaryDevicePubKey === ourPubKey) {
-      window.log.warn('Received a pairing request from ourselves. Ignored.');
-      return false;
-    }
-    try {
-      await libloki.crypto.verifyPairingAuthorisation(
-        primaryDevicePubKey,
-        secondaryDevicePubKey,
-        dcodeIO.ByteBuffer.wrap(requestSignature).toArrayBuffer(),
-        textsecure.protobuf.PairingAuthorisationMessage.Type.REQUEST
-      );
-    } catch (e) {
-      window.log.warn(
-        'Could not verify pairing request authorisation signature. Ignoring message.'
-      );
-      window.log.error(e);
-      return false;
-    }
-    if (isGrant) {
-      try {
-        await libloki.crypto.verifyPairingAuthorisation(
-          primaryDevicePubKey,
-          secondaryDevicePubKey,
-          dcodeIO.ByteBuffer.wrap(grantSignature).toArrayBuffer(),
-          textsecure.protobuf.PairingAuthorisationMessage.Type.GRANT
-        );
-      } catch (e) {
-        window.log.warn(
-          'Could not verify pairing grant authorisation signature. Ignoring message.'
-        );
-        window.log.error(e);
-        return false;
-      }
-    }
-    return true;
-  },
   async handlePairingRequest(envelope, pairingRequest) {
-    const valid = await this.validateAuthorisation(pairingRequest);
+    const valid = await libloki.crypto.validateAuthorisation(pairingRequest);
     if (valid) {
       // Pairing dialog is open and is listening
       if (Whisper.events.isListenedTo('devicePairingRequestReceived')) {
@@ -1137,7 +1067,7 @@ MessageReceiver.prototype.extend({
     pairingAuthorisation,
     { dataMessage, syncMessage }
   ) {
-    const valid = await this.validateAuthorisation(pairingAuthorisation);
+    const valid = await libloki.crypto.validateAuthorisation(pairingAuthorisation);
     const alreadySecondaryDevice = !!window.storage.get('isSecondaryDevice');
     let removedFromCache = false;
     if (alreadySecondaryDevice) {