From 589b3f3233f7ca23d4632124ac385d7176817a65 Mon Sep 17 00:00:00 2001 From: Mikunj Date: Tue, 29 Oct 2019 15:49:18 +1100 Subject: [PATCH] Infer pairing message type from the content. This should fix device pairing cross platform. --- libloki/crypto.js | 22 ++++++++++------------ libtextsecure/account_manager.js | 10 ++-------- libtextsecure/message_receiver.js | 15 ++++++++------- protos/SignalService.proto | 6 ------ 4 files changed, 20 insertions(+), 33 deletions(-) diff --git a/libloki/crypto.js b/libloki/crypto.js index 6c85bad8f..d742d943b 100644 --- a/libloki/crypto.js +++ b/libloki/crypto.js @@ -220,10 +220,7 @@ ); }; try { - await verify( - requestSignature, - textsecure.protobuf.PairingAuthorisationMessage.Type.REQUEST - ); + await verify(requestSignature, PairingType.REQUEST); } catch (e) { window.log.warn( 'Could not verify pairing request authorisation signature. Ignoring message.' @@ -233,10 +230,7 @@ } if (isGrant) { try { - await verify( - grantSignature, - textsecure.protobuf.PairingAuthorisationMessage.Type.GRANT - ); + await verify(grantSignature, PairingType.GRANT); } catch (e) { window.log.warn( 'Could not verify pairing grant authorisation signature. Ignoring message.' @@ -265,12 +259,10 @@ // For REQUEST type message, the secondary device signs the primary device pubkey // For GRANT type message, the primary device signs the secondary device pubkey let issuer; - if (type === textsecure.protobuf.PairingAuthorisationMessage.Type.GRANT) { + if (type === PairingType.GRANT) { data.set(new Uint8Array(secondaryPubKeyArrayBuffer)); issuer = primaryDevicePubKeyArrayBuffer; - } else if ( - type === textsecure.protobuf.PairingAuthorisationMessage.Type.REQUEST - ) { + } else if (type === PairingType.REQUEST) { data.set(new Uint8Array(primaryDevicePubKeyArrayBuffer)); issuer = secondaryPubKeyArrayBuffer; } @@ -301,6 +293,11 @@ const sha512 = data => crypto.subtle.digest('SHA-512', data); + const PairingType = Object.freeze({ + REQUEST: 0, + GRANT: 1, + }); + window.libloki.crypto = { DHEncrypt, DHDecrypt, @@ -311,6 +308,7 @@ generateSignatureForPairing, verifyPairingSignature, validateAuthorisation, + PairingType, // for testing _LokiSnodeChannel: LokiSnodeChannel, _decodeSnodeAddressToPubKey: decodeSnodeAddressToPubKey, diff --git a/libtextsecure/account_manager.js b/libtextsecure/account_manager.js index 73b458f02..862aadb93 100644 --- a/libtextsecure/account_manager.js +++ b/libtextsecure/account_manager.js @@ -567,17 +567,14 @@ if (primaryDevicePubKey === ourPubKey) { throw new Error('Cannot request to pair with ourselves'); } - const requestType = - textsecure.protobuf.PairingAuthorisationMessage.Type.REQUEST; const requestSignature = await libloki.crypto.generateSignatureForPairing( primaryDevicePubKey, - requestType + libloki.crypto.PairingType.REQUEST ); const authorisation = { primaryDevicePubKey, secondaryDevicePubKey: ourPubKey, requestSignature, - type: requestType, }; await libloki.api.sendPairingAuthorisation( authorisation, @@ -599,11 +596,9 @@ secondaryDevicePubKey, 'private' ); - const grantType = - textsecure.protobuf.PairingAuthorisationMessage.Type.GRANT; const grantSignature = await libloki.crypto.generateSignatureForPairing( secondaryDevicePubKey, - grantType + libloki.crypto.PairingType.GRANT ); const existingAuthorisation = await libloki.storage.getAuthorisationForSecondaryPubKey( secondaryDevicePubKey @@ -619,7 +614,6 @@ secondaryDevicePubKey, requestSignature, grantSignature, - type: grantType, }; // Update authorisation in database with the new grant signature await libloki.storage.savePairingAuthorisation(authorisation); diff --git a/libtextsecure/message_receiver.js b/libtextsecure/message_receiver.js index 003c366f6..04edcdcc8 100644 --- a/libtextsecure/message_receiver.js +++ b/libtextsecure/message_receiver.js @@ -1095,8 +1095,8 @@ MessageReceiver.prototype.extend({ 'Received invalid pairing authorisation for self. Could not verify signature. Ignoring.' ); } else { - const { type, primaryDevicePubKey } = pairingAuthorisation; - if (type === textsecure.protobuf.PairingAuthorisationMessage.Type.GRANT) { + const { primaryDevicePubKey, grantSignature } = pairingAuthorisation; + if (grantSignature) { // Authorisation received to become a secondary device window.log.info( `Received pairing authorisation from ${primaryDevicePubKey}` @@ -1168,17 +1168,18 @@ MessageReceiver.prototype.extend({ }, async handlePairingAuthorisationMessage(envelope, content) { const { pairingAuthorisation } = content; - const { type, secondaryDevicePubKey } = pairingAuthorisation; - if (type === textsecure.protobuf.PairingAuthorisationMessage.Type.REQUEST) { - return this.handlePairingRequest(envelope, pairingAuthorisation); - } else if (secondaryDevicePubKey === textsecure.storage.user.getNumber()) { + const { secondaryDevicePubKey, grantSignature } = pairingAuthorisation; + const isGrant = + grantSignature && + secondaryDevicePubKey === textsecure.storage.user.getNumber(); + if (isGrant) { return this.handleAuthorisationForSelf( envelope, pairingAuthorisation, content ); } - return this.handleAuthorisationForContact(envelope); + return this.handlePairingRequest(envelope, pairingAuthorisation); }, async handleSecondaryDeviceFriendRequest(pubKey, deviceMapping) { diff --git a/protos/SignalService.proto b/protos/SignalService.proto index 35d650830..6eeca9a3b 100644 --- a/protos/SignalService.proto +++ b/protos/SignalService.proto @@ -50,16 +50,10 @@ message LokiAddressMessage { } message PairingAuthorisationMessage { - enum Type { - REQUEST = 1; - GRANT = 2; - REVOKE = 3; - } optional string primaryDevicePubKey = 1; optional string secondaryDevicePubKey = 2; optional bytes requestSignature = 3; optional bytes grantSignature = 4; - optional Type type = 5; } message PreKeyBundleMessage {