nodefetch headers as on mobile + cleanup worker code

.eslintignore

@@ -9,7 +9,6 @@ js/components.js
 js/libtextsecure.js
 js/libloki.js
 js/util_worker.js
-js/libsignal-protocol-worker.js
 libtextsecure/components.js
 libloki/test/test.js
 libtextsecure/test/test.js
@@ -18,7 +17,6 @@ test/test.js
 # Third-party files
 js/Mp3LameEncoder.min.js
 js/WebAudioRecorderMp3.js
-js/libsignal-protocol-worker.js
 libtextsecure/libsignal-protocol.js
 libtextsecure/test/blanket_mocha.js
 test/blanket_mocha.js

.prettierignore

@@ -30,7 +30,6 @@ components/**
 js/curve/**
 js/Mp3LameEncoder.min.js
 js/WebAudioRecorderMp3.js
-js/libsignal-protocol-worker.js
 libtextsecure/libsignal-protocol.js
 libtextsecure/test/blanket_mocha.js
 test/blanket_mocha.js

Gruntfile.js

@@ -31,6 +31,13 @@ module.exports = grunt => {
     liblokicomponents.push(bower.concat.libloki[i]);
   }
 
+  const utilWorkerComponents = [
+    'node_modules/bytebuffer/dist/bytebuffer.js',
+    'node_modules/libsodium/dist/modules/libsodium.js',
+    'node_modules/libsodium-wrappers/dist/modules/libsodium-wrappers.js',
+    'js/util_worker_tasks.js',
+  ];
+
   grunt.loadNpmTasks('grunt-sass');
 
   grunt.initConfig({
@@ -41,12 +48,7 @@ module.exports = grunt => {
         dest: 'js/components.js',
       },
       util_worker: {
-        src: [
-          'node_modules/bytebuffer/dist/bytebuffer.js',
-          'components/JSBI/dist/jsbi.mjs',
-          'node_modules/long/dist/long.js',
-          'js/util_worker_tasks.js',
-        ],
+        src: utilWorkerComponents,
         dest: 'js/util_worker.js',
       },
       libtextsecurecomponents: {
@@ -61,7 +63,6 @@ module.exports = grunt => {
         src: ['node_modules/mocha/mocha.js', 'node_modules/chai/chai.js', 'test/_test.js'],
         dest: 'test/test.js',
       },
-      // TODO: Move errors back down?
       libtextsecure: {
         options: {
           banner: ';(function() {\n',
@@ -119,12 +120,7 @@ module.exports = grunt => {
         tasks: ['concat:libtextsecure'],
       },
       utilworker: {
-        files: [
-          'node_modules/bytebuffer/dist/bytebuffer.js',
-          'components/JSBI/dist/jsbi.mjs',
-          'node_modules/long/dist/long.js',
-          'js/util_worker_tasks.js',
-        ],
+        files: utilWorkerComponents,
         tasks: ['concat:util_worker'],
       },
       libloki: {

background.html

@@ -13,7 +13,7 @@
       http-equiv="Content-Security-Policy"
       content="default-src 'none';
             child-src 'self';
-            connect-src 'self' https: wss: blob:;
+            connect-src 'self' https: wss: blob: data:;
             font-src 'self';
             form-action 'self';
             frame-src 'none';

bower.json

@@ -37,8 +37,7 @@
       "components/protobuf/**/*.js"
     ],
     "libloki": [
-      "node_modules/long/dist/long.js",
-      "components/JSBI/dist/jsbi.mjs"
+      "node_modules/long/dist/long.js"
     ]
   }
 }

js/modules/crypto.js

@@ -19,7 +19,6 @@ module.exports = {
   encryptFile,
   encryptSymmetric,
   fromEncodedBinaryToArrayBuffer,
-  getAccessKeyVerifier,
   getRandomBytes,
   getViewOfArrayBuffer,
   getZeroes,
@@ -29,7 +28,6 @@ module.exports = {
   splitBytes,
   stringFromBytes,
   trimBytes,
-  verifyAccessKey,
 };
 
 function arrayBufferToBase64(arrayBuffer) {
@@ -101,23 +99,6 @@ async function deriveAccessKey(profileKey) {
   return _getFirstBytes(accessKey, 16);
 }
 
-async function getAccessKeyVerifier(accessKey) {
-  const plaintext = getZeroes(32);
-  const hmac = await hmacSha256(accessKey, plaintext);
-
-  return hmac;
-}
-
-async function verifyAccessKey(accessKey, theirVerifier) {
-  const ourVerifier = await getAccessKeyVerifier(accessKey);
-
-  if (constantTimeEqual(ourVerifier, theirVerifier)) {
-    return true;
-  }
-
-  return false;
-}
-
 const IV_LENGTH = 16;
 const MAC_LENGTH = 16;
 const NONCE_LENGTH = 16;

js/util_worker_tasks.js

@@ -1,9 +1,10 @@
-/* global dcodeIO */
+/* global dcodeIO, libsignal */
 /* eslint-disable strict */
 
 const functions = {
   arrayBufferToStringBase64,
   fromBase64ToArrayBuffer,
+  verifySignature,
 };
 
 onmessage = async e => {
@@ -41,3 +42,35 @@ function arrayBufferToStringBase64(arrayBuffer) {
 function fromBase64ToArrayBuffer(value) {
   return dcodeIO.ByteBuffer.wrap(value, 'base64').toArrayBuffer();
 }
+
+async function verifySignature(senderPubKey, messageData, signature) {
+  try {
+    console.warn('sodium', sodium);
+    console.warn('senderPubKey', senderPubKey);
+    console.warn('messageData', messageData);
+    console.warn('signature', signature);
+
+    let res = sodium.cr(key);
+    let [state_out, header] = [res.state, res.header];
+    let c1 = sodium.crypto_secretstream_xchacha20poly1305_push(
+      state_out,
+      sodium.from_string('message 1'),
+      null,
+      sodium.crypto_secretstream_xchacha20poly1305_TAG_MESSAGE
+    );
+    let c2 = sodium.crypto_secretstream_xchacha20poly1305_push(
+      state_out,
+      sodium.from_string('message 2'),
+      null,
+      sodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL
+    );
+
+    const result = sodium.crypto_sign_verify_detached(signature, messageData, senderPubKey);
+    console.warn('sodium result', result);
+
+    // libsignal.Curve.async.verifySignature(senderPubKey, messageData, signature);
+  } catch (e) {
+    console.warn('verifySignature:', e);
+    return false;
+  }
+}

test/crypto_test.js

@@ -3,19 +3,6 @@
 'use strict';
 
 describe('Crypto', () => {
-  describe('accessKey/profileKey', () => {
-    it('verification roundtrips', async () => {
-      const profileKey = await Signal.Crypto.getRandomBytes(32);
-      const accessKey = await Signal.Crypto.deriveAccessKey(profileKey);
-
-      const verifier = await Signal.Crypto.getAccessKeyVerifier(accessKey);
-
-      const correct = await Signal.Crypto.verifyAccessKey(accessKey, verifier);
-
-      assert.strictEqual(correct, true);
-    });
-  });
-
   describe('symmetric encryption', () => {
     it('roundtrips', async () => {
       const message = 'this is my message';

ts/session/onions/onionPath.ts

@@ -259,7 +259,11 @@ async function testGuardNode(snode: Snode) {
   const fetchOptions = {
     method: 'POST',
     body: JSON.stringify(body),
-    headers: { 'Content-Type': 'application/json' },
+    headers: {
+      'Content-Type': 'application/json',
+      'User-Agent': 'WhatsApp',
+      'Accept-Language': 'en-us',
+    },
     timeout: 10000, // 10s, we want a smaller timeout for testing
     agent: snodeHttpsAgent,
   };

ts/session/onions/onionSend.ts

@@ -178,7 +178,7 @@ export const sendViaOnion = async (
       },
       {
         retries: 4, // each path can fail 3 times before being dropped, we have 3 paths at most
-        factor: 2,
+        factor: 1,
         minTimeout: 100,
         maxTimeout: 4000,
         onFailedAttempt: e => {

ts/session/snode_api/SNodeAPI.ts

@@ -146,7 +146,10 @@ export async function getSnodesFromSeedUrl(urlObj: URL): Promise<Array<any>> {
     method: 'POST',
     timeout: 10000,
     body: JSON.stringify(body),
-
+    headers: {
+      'User-Agent': 'WhatsApp',
+      'Accept-Language': 'en-us',
+    },
     agent: sslAgent,
   };
   window?.log?.info('insecureNodeFetch => plaintext for getSnodesFromSeedUrl');

ts/session/snode_api/lokiRpc.ts

@@ -41,6 +41,12 @@ async function lokiFetch(
       // import that this does not get set in lokiFetch fetchOptions
       fetchOptions.agent = snodeHttpsAgent;
     }
+
+    (fetchOptions as any).headers = {
+      'User-Agent': 'WhatsApp',
+      'Accept-Language': 'en-us',
+    };
+
     window?.log?.warn(`insecureNodeFetch => lokiFetch of ${url}`);
 
     const response = await insecureNodeFetch(url, fetchOptions);

ts/session/snode_api/onions.ts

@@ -798,7 +798,10 @@ const sendOnionRequest = async ({
     body: payload,
     // we are talking to a snode...
     agent: snodeHttpsAgent,
-    headers: {},
+    headers: {
+      'User-Agent': 'WhatsApp',
+      'Accept-Language': 'en-us',
+    },
     timeout: 10000,
   };
 

ts/window.d.ts

@@ -85,7 +85,7 @@ declare global {
     globalOnlineStatus: boolean;
     confirmationDialog: any;
     callWorker: (
-      fnName: 'arrayBufferToStringBase64' | 'fromBase64ToArrayBuffer',
+      fnName: 'arrayBufferToStringBase64' | 'fromBase64ToArrayBuffer' | 'verifySignature',
       ...args
     ) => Promise<any>;
   }