Merge pull request #183 from sachaaaaa/match_preKeyId_friend_request_accept

Ensure a session is always initiated using the prekey assigned to the…
6 years ago · a81bf9f50e
parent 0417f0ffad fdc51e88dd
commit a81bf9f50e
4 changed files with 77 additions and 3 deletions
--- a/libloki/storage.js
+++ b/libloki/storage.js
@ -85,10 +85,39 @@
    ]);
  }

+  async function verifyFriendRequestAcceptPreKey(pubKey, buffer) {
+    const storedPreKey = await textsecure.storage.protocol.loadPreKeyForContact(
+      pubKey
+    );
+    if (!storedPreKey) {
+      throw new Error(
+        'Received a friend request from a pubkey for which no prekey bundle was created'
+      );
+    }
+    // need to pop the version
+    // eslint-disable-next-line no-unused-vars
+    const version = buffer.readUint8();
+    const preKeyProto = window.textsecure.protobuf.PreKeyWhisperMessage.decode(
+      buffer
+    );
+    if (!preKeyProto) {
+      throw new Error(
+        'Could not decode PreKeyWhisperMessage while attempting to match the preKeyId'
+      );
+    }
+    const { preKeyId } = preKeyProto;
+    if (storedPreKey.keyId !== preKeyId) {
+      throw new Error(
+        'Received a preKeyWhisperMessage (friend request accept) from an unknown source'
+      );
+    }
+  }
+
  window.libloki.storage = {
    getPreKeyBundleForContact,
    saveContactPreKeyBundle,
    removeContactPreKeyBundle,
+    verifyFriendRequestAcceptPreKey,
  };

  // Libloki protocol store
--- a/libtextsecure/message_receiver.js
+++ b/libtextsecure/message_receiver.js
@ -730,9 +730,25 @@ MessageReceiver.prototype.extend({
      case textsecure.protobuf.Envelope.Type.PREKEY_BUNDLE:
        window.log.info('prekey message from', this.getEnvelopeId(envelope));
        promise = captureActiveSession(sessionCipher)
-          .then(() =>
-            this.decryptPreKeyWhisperMessage(ciphertext, sessionCipher, address)
-          )
+          .then(async () => {
+            if (!this.activeSessionBaseKey) {
+              try {
+                const buffer = dcodeIO.ByteBuffer.wrap(ciphertext);
+                await window.libloki.storage.verifyFriendRequestAcceptPreKey(
+                  envelope.source,
+                  buffer
+                );
+              } catch (e) {
+                await this.removeFromCache(envelope);
+                throw e;
+              }
+            }
+            return this.decryptPreKeyWhisperMessage(
+              ciphertext,
+              sessionCipher,
+              address
+            );
+          })
          .then(handleSessionReset);
        break;
      case textsecure.protobuf.Envelope.Type.UNIDENTIFIED_SENDER:
--- a/libtextsecure/protobufs.js
+++ b/libtextsecure/protobufs.js
@ -35,6 +35,7 @@
  loadProtoBufs('SignalService.proto');
  loadProtoBufs('SubProtocol.proto');
  loadProtoBufs('DeviceMessages.proto');
+  loadProtoBufs('WhisperTextProtocol.proto');

  // Just for encrypting device names
  loadProtoBufs('DeviceName.proto');
--- a/protos/WhisperTextProtocol.proto
+++ b/protos/WhisperTextProtocol.proto
@ -0,0 +1,28 @@
+package signalservice;
+
+option java_package = "org.whispersystems.libsignal.protocol";
+option java_outer_classname = "WhisperProtos";
+
+message WhisperMessage {
+  optional bytes  ephemeralKey    = 1;
+  optional uint32 counter         = 2;
+  optional uint32 previousCounter = 3;
+  optional bytes  ciphertext      = 4; // PushMessageContent
+}
+
+message PreKeyWhisperMessage {
+  optional uint32 registrationId = 5;
+  optional uint32 preKeyId       = 1;
+  optional uint32 signedPreKeyId = 6;
+  optional bytes  baseKey        = 2;
+  optional bytes  identityKey    = 3;
+  optional bytes  message        = 4; // WhisperMessage
+}
+
+message KeyExchangeMessage {
+  optional uint32 id               = 1;
+  optional bytes  baseKey          = 2;
+  optional bytes  ephemeralKey     = 3;
+  optional bytes  identityKey      = 4;
+  optional bytes  baseKeySignature = 5;
+}