From 8ffb1a0a10997e8f108accc58d95940d428799ea Mon Sep 17 00:00:00 2001 From: Mikunj Varsani Date: Thu, 13 Feb 2020 12:29:37 +1100 Subject: [PATCH 1/6] Refactor session reset handling --- .eslintrc.js | 2 +- js/modules/metadata/SecretSessionCipher.js | 5 +- libloki/crypto.js | 141 ++++++++++++++++++++ libtextsecure/message_receiver.js | 143 +++------------------ 4 files changed, 161 insertions(+), 130 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 4ce192bbb..5b34cf3da 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -63,7 +63,7 @@ module.exports = { // high value as a buffer to let Prettier control the line length: code: 999, // We still want to limit comments as before: - comments: 90, + comments: 150, ignoreUrls: true, ignoreRegExpLiterals: true, }, diff --git a/js/modules/metadata/SecretSessionCipher.js b/js/modules/metadata/SecretSessionCipher.js index 61420a122..bf1fb54ed 100644 --- a/js/modules/metadata/SecretSessionCipher.js +++ b/js/modules/metadata/SecretSessionCipher.js @@ -475,7 +475,6 @@ SecretSessionCipher.prototype = { // private byte[] decrypt(UnidentifiedSenderMessageContent message) _decryptWithUnidentifiedSenderMessage(message) { - const { SessionCipher } = this; const signalProtocolStore = this.storage; const sender = new libsignal.SignalProtocolAddress( @@ -485,12 +484,12 @@ SecretSessionCipher.prototype = { switch (message.type) { case CiphertextMessage.WHISPER_TYPE: - return new SessionCipher( + return new libloki.crypto.LokiSessionCipher( signalProtocolStore, sender ).decryptWhisperMessage(message.content); case CiphertextMessage.PREKEY_TYPE: - return new SessionCipher( + return new libloki.crypto.LokiSessionCipher( signalProtocolStore, sender ).decryptPreKeyWhisperMessage(message.content); diff --git a/libloki/crypto.js b/libloki/crypto.js index dfaaf78e4..740d7d65a 100644 --- a/libloki/crypto.js +++ b/libloki/crypto.js @@ -324,6 +324,146 @@ GRANT: 2, }); + /** + * A wrapper around Signal's SessionCipher. + * This handles specific session reset logic that we need. + */ + class LokiSessionCipher { + constructor(storage, address) { + this.storage = storage; + this.address = address; + this.sessionCipher = new libsignal.SessionCipher(storage, address); + } + + async decryptWhisperMessage(buffer, encoding) { + // Capture active session + const activeSessionBaseKey = await this._getCurrentSessionBaseKey(); + + const promise = this.sessionCipher.decryptWhisperMessage( + buffer, + encoding + ); + + // Handle session reset + // eslint-disable-next-line more/no-then + promise.then(() => { + this._handleSessionResetIfNeeded(activeSessionBaseKey); + }); + + return promise; + } + + async decryptPreKeyWhisperMessage(buffer, encoding) { + // Capture active session + const activeSessionBaseKey = await this._getCurrentSessionBaseKey(); + + if (!activeSessionBaseKey) { + const wrapped = dcodeIO.ByteBuffer.wrap(buffer); + await window.libloki.storage.verifyFriendRequestAcceptPreKey( + this.address.getName(), + wrapped + ); + } + + const promise = this.sessionCipher.decryptPreKeyWhisperMessage( + buffer, + encoding + ); + + // Handle session reset + // eslint-disable-next-line more/no-then + promise.then(() => { + this._handleSessionResetIfNeeded(activeSessionBaseKey); + }); + + return promise; + } + + async _handleSessionResetIfNeeded(previousSessionBaseKey) { + if (!previousSessionBaseKey) { + return; + } + + let conversation; + try { + conversation = await window.ConversationController.getOrCreateAndWait( + this.address.getName(), + 'private' + ); + } catch (e) { + window.log.info('Error getting conversation: ', this.address.getName()); + return; + } + + if (conversation.isSessionResetOngoing()) { + const currentSessionBaseKey = await this._getCurrentSessionBaseKey(); + if (currentSessionBaseKey !== previousSessionBaseKey) { + if (conversation.isSessionResetReceived()) { + // The other user used an old session to contact us; wait for them to switch to a new one. + await this._restoreSession(previousSessionBaseKey); + } else { + // Our session reset was successful; we initiated one and got a new session back from the other user. + await this._deleteAllSessionExcept(currentSessionBaseKey); + await conversation.onNewSessionAdopted(); + } + } else if (conversation.isSessionResetReceived()) { + // Our session reset was successful; we received a message with the same session from the other user. + await this._deleteAllSessionExcept(previousSessionBaseKey); + await conversation.onNewSessionAdopted(); + } + } + } + + async _getCurrentSessionBaseKey() { + const record = await this.sessionCipher.getRecord( + this.address.toString() + ); + if (!record) { + return null; + } + const openSession = record.getOpenSession(); + if (!openSession) { + return null; + } + const { baseKey } = openSession.indexInfo; + return baseKey; + } + + async _restoreSession(sessionBaseKey) { + const record = await this.sessionCipher.getRecord( + this.address.toString() + ); + if (!record) { + return; + } + record.archiveCurrentState(); + + const sessionToRestore = record.sessions[sessionBaseKey]; + record.promoteState(sessionToRestore); + record.updateSessionState(sessionToRestore); + await this.storage.storeSession( + this.address.toString(), + record.serialize() + ); + } + + async _deleteAllSessionExcept(sessionBaseKey) { + const record = await this.sessionCipher.getRecord( + this.address.toString() + ); + if (!record) { + return; + } + const sessionToKeep = record.sessions[sessionBaseKey]; + record.sessions = {}; + record.updateSessionState(sessionToKeep); + await this.storage.storeSession( + this.address.toString(), + record.serialize() + ); + } + } + window.libloki.crypto = { DHEncrypt, DHDecrypt, @@ -336,6 +476,7 @@ verifyAuthorisation, validateAuthorisation, PairingType, + LokiSessionCipher, // for testing _LokiSnodeChannel: LokiSnodeChannel, _decodeSnodeAddressToPubKey: decodeSnodeAddressToPubKey, diff --git a/libtextsecure/message_receiver.js b/libtextsecure/message_receiver.js index 0af1a190b..c3aec94d0 100644 --- a/libtextsecure/message_receiver.js +++ b/libtextsecure/message_receiver.js @@ -667,58 +667,29 @@ MessageReceiver.prototype.extend({ async decrypt(envelope, ciphertext) { let promise; - // We don't have source at this point yet (with sealed sender) - // This needs a massive cleanup! - const address = new libsignal.SignalProtocolAddress( - envelope.source, - envelope.sourceDevice - ); - const ourNumber = textsecure.storage.user.getNumber(); - const number = address.toString().split('.')[0]; - const options = {}; - - // No limit on message keys if we're communicating with our other devices - if (ourNumber === number) { - options.messageKeysLimit = false; - } - - // Will become obsolete - const sessionCipher = new libsignal.SessionCipher( - textsecure.storage.protocol, - address, - options - ); - const me = { number: ourNumber, deviceId: parseInt(textsecure.storage.user.getDeviceId(), 10), }; - // Will become obsolete - const getCurrentSessionBaseKey = async () => { - const record = await sessionCipher.getRecord(address.toString()); - if (!record) { - return null; - } - const openSession = record.getOpenSession(); - if (!openSession) { - return null; - } - const { baseKey } = openSession.indexInfo; - return baseKey; - }; + // Envelope.source will be null on UNIDENTIFIED_SENDER + // Don't use it there! + const address = new libsignal.SignalProtocolAddress( + envelope.source, + envelope.sourceDevice + ); - // Will become obsolete - const captureActiveSession = async () => { - this.activeSessionBaseKey = await getCurrentSessionBaseKey(sessionCipher); - }; + const lokiSessionCipher = new libloki.crypto.LokiSessionCipher( + textsecure.storage.protocol, + address + ); switch (envelope.type) { case textsecure.protobuf.Envelope.Type.CIPHERTEXT: window.log.info('message from', this.getEnvelopeId(envelope)); - promise = captureActiveSession() - .then(() => sessionCipher.decryptWhisperMessage(ciphertext)) + promise = lokiSessionCipher + .decryptWhisperMessage(ciphertext) .then(this.unpad); break; case textsecure.protobuf.Envelope.Type.FRIEND_REQUEST: { @@ -735,25 +706,11 @@ MessageReceiver.prototype.extend({ } case textsecure.protobuf.Envelope.Type.PREKEY_BUNDLE: window.log.info('prekey message from', this.getEnvelopeId(envelope)); - promise = captureActiveSession(sessionCipher).then(async () => { - if (!this.activeSessionBaseKey) { - try { - const buffer = dcodeIO.ByteBuffer.wrap(ciphertext); - await window.libloki.storage.verifyFriendRequestAcceptPreKey( - envelope.source, - buffer - ); - } catch (e) { - await this.removeFromCache(envelope); - throw e; - } - } - return this.decryptPreKeyWhisperMessage( - ciphertext, - sessionCipher, - address - ); - }); + promise = this.decryptPreKeyWhisperMessage( + ciphertext, + lokiSessionCipher, + address + ); break; case textsecure.protobuf.Envelope.Type.UNIDENTIFIED_SENDER: { window.log.info('received unidentified sender message'); @@ -856,72 +813,6 @@ MessageReceiver.prototype.extend({ window.log.info('Error getting conversation: ', envelope.source); } - // lint hates anything after // (so /// is no good) - // *** BEGIN: session reset *** - - // we have address in scope from parent scope - // seems to be the same input parameters - // going to comment out due to lint complaints - /* - const address = new libsignal.SignalProtocolAddress( - envelope.source, - envelope.sourceDevice - ); - */ - - const restoreActiveSession = async () => { - const record = await sessionCipher.getRecord(address.toString()); - if (!record) { - return; - } - record.archiveCurrentState(); - - // NOTE: activeSessionBaseKey will be undefined here... - const sessionToRestore = record.sessions[this.activeSessionBaseKey]; - record.promoteState(sessionToRestore); - record.updateSessionState(sessionToRestore); - await textsecure.storage.protocol.storeSession( - address.toString(), - record.serialize() - ); - }; - const deleteAllSessionExcept = async sessionBaseKey => { - const record = await sessionCipher.getRecord(address.toString()); - if (!record) { - return; - } - const sessionToKeep = record.sessions[sessionBaseKey]; - record.sessions = {}; - record.updateSessionState(sessionToKeep); - await textsecure.storage.protocol.storeSession( - address.toString(), - record.serialize() - ); - }; - - if (conversation.isSessionResetOngoing()) { - const currentSessionBaseKey = await getCurrentSessionBaseKey( - sessionCipher - ); - if ( - this.activeSessionBaseKey && - currentSessionBaseKey !== this.activeSessionBaseKey - ) { - if (conversation.isSessionResetReceived()) { - await restoreActiveSession(); - } else { - await deleteAllSessionExcept(currentSessionBaseKey); - await conversation.onNewSessionAdopted(); - } - } else if (conversation.isSessionResetReceived()) { - await deleteAllSessionExcept(this.activeSessionBaseKey); - await conversation.onNewSessionAdopted(); - } - } - - // lint hates anything after // (so /// is no good) - // *** END *** - // Type here can actually be UNIDENTIFIED_SENDER even if // the underlying message is FRIEND_REQUEST if ( From ebfff824bd220ab04206ae10c7787b1df1407207 Mon Sep 17 00:00:00 2001 From: Mikunj Varsani Date: Thu, 13 Feb 2020 13:44:53 +1100 Subject: [PATCH 2/6] Fix friend request logic triggerring on session requests --- libtextsecure/outgoing_message.js | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/libtextsecure/outgoing_message.js b/libtextsecure/outgoing_message.js index 3749b2e1b..369f8ecee 100644 --- a/libtextsecure/outgoing_message.js +++ b/libtextsecure/outgoing_message.js @@ -391,6 +391,8 @@ OutgoingMessage.prototype = { : null; const isEndSession = flags === textsecure.protobuf.DataMessage.Flags.END_SESSION; + const isSessionRequest = + flags === textsecure.protobuf.DataMessage.Flags.SESSION_REQUEST; const signalCipher = new libsignal.SessionCipher( textsecure.storage.protocol, address @@ -485,6 +487,7 @@ OutgoingMessage.prototype = { content, pubKey: devicePubKey, isFriendRequest: enableFallBackEncryption, + isSessionRequest, }; }) ) @@ -494,7 +497,12 @@ OutgoingMessage.prototype = { if (!outgoingObject) { return; } - const destination = outgoingObject.pubKey; + const { + pubKey: destination, + ttl, + isFriendRequest, + isSessionRequest, + } = outgoingObject; try { const socketMessage = await this.wrapInWebsocketMessage( outgoingObject @@ -503,9 +511,9 @@ OutgoingMessage.prototype = { destination, socketMessage, this.timestamp, - outgoingObject.ttl + ttl ); - if (outgoingObject.isFriendRequest) { + if (!this.isGroup && isFriendRequest && !isSessionRequest) { const conversation = ConversationController.get(destination); if (conversation) { // Redundant for primary device but marks secondary devices as pending From 820ce5cdf045b077c186f3ea4f3b81e1e79c31b6 Mon Sep 17 00:00:00 2001 From: Mikunj Date: Fri, 14 Feb 2020 08:39:24 +1100 Subject: [PATCH 3/6] Made session reset synchronous. Clean up some code. --- libloki/crypto.js | 47 +++++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/libloki/crypto.js b/libloki/crypto.js index 740d7d65a..11108508c 100644 --- a/libloki/crypto.js +++ b/libloki/crypto.js @@ -333,31 +333,25 @@ this.storage = storage; this.address = address; this.sessionCipher = new libsignal.SessionCipher(storage, address); + this.TYPE = Object.freeze({ + MESSAGE: 1, + PREKEY: 2, + }); } - async decryptWhisperMessage(buffer, encoding) { - // Capture active session - const activeSessionBaseKey = await this._getCurrentSessionBaseKey(); - - const promise = this.sessionCipher.decryptWhisperMessage( - buffer, - encoding - ); - - // Handle session reset - // eslint-disable-next-line more/no-then - promise.then(() => { - this._handleSessionResetIfNeeded(activeSessionBaseKey); - }); + decryptWhisperMessage(buffer, encoding) { + return this._decryptMessage(this.TYPE.MESSAGE, buffer, encoding); + } - return promise; + decryptPreKeyWhisperMessage(buffer, encoding) { + return this._decryptMessage(this.TYPE.PREKEY, buffer, encoding); } - async decryptPreKeyWhisperMessage(buffer, encoding) { + async _decryptMessage(type, buffer, encoding) { // Capture active session const activeSessionBaseKey = await this._getCurrentSessionBaseKey(); - if (!activeSessionBaseKey) { + if (type === this.TYPE.PREKEY && !activeSessionBaseKey) { const wrapped = dcodeIO.ByteBuffer.wrap(buffer); await window.libloki.storage.verifyFriendRequestAcceptPreKey( this.address.getName(), @@ -365,18 +359,19 @@ ); } - const promise = this.sessionCipher.decryptPreKeyWhisperMessage( - buffer, - encoding - ); + const decryptFunction = type === this.TYPE.PREKEY ? this.sessionCipher.decryptPreKeyWhisperMessage : this.sessionCipher.decryptWhisperMessage; + const result = await decryptFunction(buffer, encoding); // Handle session reset - // eslint-disable-next-line more/no-then - promise.then(() => { - this._handleSessionResetIfNeeded(activeSessionBaseKey); - }); + // This needs to be done synchronously so that the next time we decrypt a message, + // we have the correct session + try { + await this._handleSessionResetIfNeeded(activeSessionBaseKey); + } catch (e) { + window.log.info('Failed to handle session reset: ', e); + } - return promise; + return result; } async _handleSessionResetIfNeeded(previousSessionBaseKey) { From 942c76ce6b8745c8732f902050a4a0329a231ee6 Mon Sep 17 00:00:00 2001 From: Mikunj Date: Fri, 14 Feb 2020 09:01:46 +1100 Subject: [PATCH 4/6] Linting --- libloki/crypto.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libloki/crypto.js b/libloki/crypto.js index 11108508c..50c82b631 100644 --- a/libloki/crypto.js +++ b/libloki/crypto.js @@ -359,7 +359,10 @@ ); } - const decryptFunction = type === this.TYPE.PREKEY ? this.sessionCipher.decryptPreKeyWhisperMessage : this.sessionCipher.decryptWhisperMessage; + const decryptFunction = + type === this.TYPE.PREKEY + ? this.sessionCipher.decryptPreKeyWhisperMessage + : this.sessionCipher.decryptWhisperMessage; const result = await decryptFunction(buffer, encoding); // Handle session reset From 662009295930b8459bc9cca43f63fcaf7a1dbb8c Mon Sep 17 00:00:00 2001 From: Mikunj Date: Fri, 14 Feb 2020 13:46:45 +1100 Subject: [PATCH 5/6] Wait for prekeys to be processed before sending a message on session reset. Remove old code. --- libtextsecure/message_receiver.js | 3 +- libtextsecure/sendmessage.js | 58 ------------------------------- 2 files changed, 2 insertions(+), 59 deletions(-) diff --git a/libtextsecure/message_receiver.js b/libtextsecure/message_receiver.js index c3aec94d0..757cfbcfa 100644 --- a/libtextsecure/message_receiver.js +++ b/libtextsecure/message_receiver.js @@ -1361,6 +1361,7 @@ MessageReceiver.prototype.extend({ content.preKeyBundleMessage ); } + if (content.lokiAddressMessage) { return this.handleLokiAddressMessage( envelope, @@ -1724,7 +1725,7 @@ MessageReceiver.prototype.extend({ textsecure.storage.protocol, address ); - builder.processPreKey(device); + await builder.processPreKey(device); }) ); await conversation.onSessionResetReceived(); diff --git a/libtextsecure/sendmessage.js b/libtextsecure/sendmessage.js index 2f0dbc001..191379418 100644 --- a/libtextsecure/sendmessage.js +++ b/libtextsecure/sendmessage.js @@ -1041,64 +1041,6 @@ MessageSender.prototype = { silent, options ).catch(logError('resetSession/sendToContact error:')); - /* - const deleteAllSessions = targetNumber => - textsecure.storage.protocol.getDeviceIds(targetNumber).then(deviceIds => - Promise.all( - deviceIds.map(deviceId => { - const address = new libsignal.SignalProtocolAddress( - targetNumber, - deviceId - ); - window.log.info('deleting sessions for', address.toString()); - const sessionCipher = new libsignal.SessionCipher( - textsecure.storage.protocol, - address - ); - return sessionCipher.deleteAllSessionsForDevice(); - }) - ) - ); - - const sendToContactPromise = deleteAllSessions(number) - .catch(logError('resetSession/deleteAllSessions1 error:')) - .then(() => { - window.log.info( - 'finished closing local sessions, now sending to contact' - ); - return this.sendIndividualProto( - number, - proto, - timestamp, - silent, - options - ).catch(logError('resetSession/sendToContact error:')); - }) - .then(() => - deleteAllSessions(number).catch( - logError('resetSession/deleteAllSessions2 error:') - ) - ); - - const myNumber = textsecure.storage.user.getNumber(); - // We already sent the reset session to our other devices in the code above! - if (number === myNumber) { - return sendToContactPromise; - } - - const buffer = proto.toArrayBuffer(); - const sendSyncPromise = this.sendSyncMessage( - buffer, - timestamp, - number, - null, - [], - [], - options - ).catch(logError('resetSession/sendSync error:')); - - return Promise.all([sendToContact, sendSyncPromise]); - */ }, async sendMessageToGroup( From 1be4123133809820ad0bc00be90aa24149471cca Mon Sep 17 00:00:00 2001 From: Mikunj Date: Fri, 14 Feb 2020 13:56:22 +1100 Subject: [PATCH 6/6] Rename variable to be less confusing --- libloki/crypto.js | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/libloki/crypto.js b/libloki/crypto.js index 50c82b631..99f2e1a4d 100644 --- a/libloki/crypto.js +++ b/libloki/crypto.js @@ -329,10 +329,13 @@ * This handles specific session reset logic that we need. */ class LokiSessionCipher { - constructor(storage, address) { + constructor(storage, protocolAddress) { this.storage = storage; - this.address = address; - this.sessionCipher = new libsignal.SessionCipher(storage, address); + this.protocolAddress = protocolAddress; + this.sessionCipher = new libsignal.SessionCipher( + storage, + protocolAddress + ); this.TYPE = Object.freeze({ MESSAGE: 1, PREKEY: 2, @@ -354,7 +357,7 @@ if (type === this.TYPE.PREKEY && !activeSessionBaseKey) { const wrapped = dcodeIO.ByteBuffer.wrap(buffer); await window.libloki.storage.verifyFriendRequestAcceptPreKey( - this.address.getName(), + this.protocolAddress.getName(), wrapped ); } @@ -385,11 +388,14 @@ let conversation; try { conversation = await window.ConversationController.getOrCreateAndWait( - this.address.getName(), + this.protocolAddress.getName(), 'private' ); } catch (e) { - window.log.info('Error getting conversation: ', this.address.getName()); + window.log.info( + 'Error getting conversation: ', + this.protocolAddress.getName() + ); return; } @@ -414,7 +420,7 @@ async _getCurrentSessionBaseKey() { const record = await this.sessionCipher.getRecord( - this.address.toString() + this.protocolAddress.toString() ); if (!record) { return null; @@ -429,7 +435,7 @@ async _restoreSession(sessionBaseKey) { const record = await this.sessionCipher.getRecord( - this.address.toString() + this.protocolAddress.toString() ); if (!record) { return; @@ -437,17 +443,21 @@ record.archiveCurrentState(); const sessionToRestore = record.sessions[sessionBaseKey]; + if (!sessionToRestore) { + throw new Error(`Cannot find session with base key ${sessionBaseKey}`); + } + record.promoteState(sessionToRestore); record.updateSessionState(sessionToRestore); await this.storage.storeSession( - this.address.toString(), + this.protocolAddress.toString(), record.serialize() ); } async _deleteAllSessionExcept(sessionBaseKey) { const record = await this.sessionCipher.getRecord( - this.address.toString() + this.protocolAddress.toString() ); if (!record) { return; @@ -456,7 +466,7 @@ record.sessions = {}; record.updateSessionState(sessionToKeep); await this.storage.storeSession( - this.address.toString(), + this.protocolAddress.toString(), record.serialize() ); }