keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
unstable
feature/update-crowdin-translations
master
audit2
show
audit
v1.9.1
v1.9.0
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.9
v1.7.8
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.11
v1.6.10
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.11
v1.4.10
v1.4.1
v1.4.0
v1.3.1
v1.3.0
v1.2.1
v1.2.0
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.2
v1.13.1
v1.13.0
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.12.0
v1.11.5
v1.11.4
v1.11.3
v1.11.2
v1.11.1
v1.11.0
v1.10.8
v1.10.7
v1.10.6
v1.10.5
v1.10.4
v1.10.3
v1.10.2
v1.10.1
v1.10.0
v1.1.2
v1.1.1
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e69586200a'
${ noResults }
session-desktop/libtextsecure/account_manager.js

432 lines
20 KiB
JavaScript
Raw Blame History

/*
* vim: ts=4:sw=4:expandtab
*/
;(function () {
'use strict';
window.textsecure = window.textsecure || {};
var ARCHIVE_AGE = 7 * 24 * 60 * 60 * 1000;
function AccountManager(url, username, password) {
this.server = new TextSecureServer(url, username, password);
this.pending = Promise.resolve();
}
function getNumber(numberId) {
if (!numberId || !numberId.length) {
return numberId;
}
var parts = numberId.split('.');
if (!parts.length) {
return numberId;
}
return parts[0];
}
AccountManager.prototype = new textsecure.EventTarget();
AccountManager.prototype.extend({
constructor: AccountManager,
requestVoiceVerification: function(number) {
return this.server.requestVerificationVoice(number);
},
requestSMSVerification: function(number) {
return this.server.requestVerificationSMS(number);
},
registerSingleDevice: function(number, verificationCode) {
var registerKeys = this.server.registerKeys.bind(this.server);
var createAccount = this.createAccount.bind(this);
var clearSessionsAndPreKeys = this.clearSessionsAndPreKeys.bind(this);
var generateKeys = this.generateKeys.bind(this, 100);
var confirmKeys = this.confirmKeys.bind(this);
var registrationDone = this.registrationDone.bind(this);
return this.queueTask(function() {
return libsignal.KeyHelper.generateIdentityKeyPair().then(function(identityKeyPair) {
var profileKey = textsecure.crypto.getRandomBytes(32);
return createAccount(number, verificationCode, identityKeyPair, profileKey)
.then(clearSessionsAndPreKeys)
.then(generateKeys)
.then(function(keys) {
return registerKeys(keys).then(function() {
return confirmKeys(keys);
});
})
.then(registrationDone);
});
});
},
registerSecondDevice: function(setProvisioningUrl, confirmNumber, progressCallback) {
var createAccount = this.createAccount.bind(this);
var clearSessionsAndPreKeys = this.clearSessionsAndPreKeys.bind(this);
var generateKeys = this.generateKeys.bind(this, 100, progressCallback);
var confirmKeys = this.confirmKeys.bind(this);
var registrationDone = this.registrationDone.bind(this);
var registerKeys = this.server.registerKeys.bind(this.server);
var getSocket = this.server.getProvisioningSocket.bind(this.server);
var queueTask = this.queueTask.bind(this);
var provisioningCipher = new libsignal.ProvisioningCipher();
var gotProvisionEnvelope = false;
return provisioningCipher.getPublicKey().then(function(pubKey) {
return new Promise(function(resolve, reject) {
var socket = getSocket();
socket.onclose = function(e) {
console.log('provisioning socket closed', e.code);
if (!gotProvisionEnvelope) {
reject(new Error('websocket closed'));
}
};
socket.onopen = function(e) {
console.log('provisioning socket open');
};
var wsr = new WebSocketResource(socket, {
keepalive: { path: '/v1/keepalive/provisioning' },
handleRequest: function(request) {
if (request.path === "/v1/address" && request.verb === "PUT") {
var proto = textsecure.protobuf.ProvisioningUuid.decode(request.body);
setProvisioningUrl([
'tsdevice:/?uuid=', proto.uuid, '&pub_key=',
encodeURIComponent(btoa(getString(pubKey)))
].join(''));
request.respond(200, 'OK');
} else if (request.path === "/v1/message" && request.verb === "PUT") {
var envelope = textsecure.protobuf.ProvisionEnvelope.decode(request.body, 'binary');
request.respond(200, 'OK');
gotProvisionEnvelope = true;
wsr.close();
resolve(provisioningCipher.decrypt(envelope).then(function(provisionMessage) {
return queueTask(function() {
return confirmNumber(provisionMessage.number).then(function(deviceName) {
if (typeof deviceName !== 'string' || deviceName.length === 0) {
throw new Error('Invalid device name');
}
return createAccount(
provisionMessage.number,
provisionMessage.provisioningCode,
provisionMessage.identityKeyPair,
provisionMessage.profileKey,
deviceName,
provisionMessage.userAgent,
provisionMessage.readReceipts
)
.then(clearSessionsAndPreKeys)
.then(generateKeys)
.then(function(keys) {
return registerKeys(keys).then(function() {
return confirmKeys(keys);
});
})
.then(registrationDone);
});
});
}));
} else {
console.log('Unknown websocket message', request.path);
}
}
});
});
});
},
refreshPreKeys: function() {
var generateKeys = this.generateKeys.bind(this, 100);
var registerKeys = this.server.registerKeys.bind(this.server);
return this.queueTask(function() {
return this.server.getMyKeys().then(function(preKeyCount) {
console.log('prekey count ' + preKeyCount);
if (preKeyCount < 10) {
return generateKeys().then(registerKeys);
}
});
}.bind(this));
},
rotateSignedPreKey: function() {
return this.queueTask(function() {
var signedKeyId = textsecure.storage.get('signedKeyId', 1);
if (typeof signedKeyId != 'number') {
throw new Error('Invalid signedKeyId');
}
var store = textsecure.storage.protocol;
var server = this.server;
var cleanSignedPreKeys = this.cleanSignedPreKeys;
// TODO: harden this against missing identity key? Otherwise, we get
// retries every five seconds.
return store.getIdentityKeyPair().then(function(identityKey) {
return libsignal.KeyHelper.generateSignedPreKey(identityKey, signedKeyId);
}, function(error) {
console.log('Failed to get identity key. Canceling key rotation.');
}).then(function(res) {
if (!res) {
return;
}
console.log('Saving new signed prekey', res.keyId);
return Promise.all([
textsecure.storage.put('signedKeyId', signedKeyId + 1),
store.storeSignedPreKey(res.keyId, res.keyPair),
server.setSignedPreKey({
keyId : res.keyId,
publicKey : res.keyPair.pubKey,
signature : res.signature
}),
]).then(function() {
var confirmed = true;
console.log('Confirming new signed prekey', res.keyId);
return Promise.all([
textsecure.storage.remove('signedKeyRotationRejected'),
store.storeSignedPreKey(res.keyId, res.keyPair, confirmed),
]);
}).then(function() {
return cleanSignedPreKeys();
});
}).catch(function(e) {
console.log(
'rotateSignedPrekey error:',
e && e.stack ? e.stack : e
);
if (e instanceof Error && e.name == 'HTTPError' && e.code >= 400 && e.code <= 599) {
var rejections = 1 + textsecure.storage.get('signedKeyRotationRejected', 0);
textsecure.storage.put('signedKeyRotationRejected', rejections);
console.log('Signed key rotation rejected count:', rejections);
} else {
throw e;
}
});
}.bind(this));
},
queueTask: function(task) {
var taskWithTimeout = textsecure.createTaskWithTimeout(task);
return this.pending = this.pending.then(taskWithTimeout, taskWithTimeout);
},
cleanSignedPreKeys: function() {
var MINIMUM_KEYS = 3;
var store = textsecure.storage.protocol;
return store.loadSignedPreKeys().then(function(allKeys) {
allKeys.sort(function(a, b) {
return (a.created_at || 0) - (b.created_at || 0);
});
allKeys.reverse(); // we want the most recent first
var confirmed = allKeys.filter(function(key) {
return key.confirmed;
});
var unconfirmed = allKeys.filter(function(key) {
return !key.confirmed;
});
var recent = allKeys[0] ? allKeys[0].keyId : 'none';
var recentConfirmed = confirmed[0] ? confirmed[0].keyId : 'none';
console.log('Most recent signed key: ' + recent);
console.log('Most recent confirmed signed key: ' + recentConfirmed);
console.log(
'Total signed key count:',
allKeys.length,
'-',
confirmed.length,
'confirmed'
);
var confirmedCount = confirmed.length;
// Keep MINIMUM_KEYS confirmed keys, then drop if older than a week
confirmed = confirmed.forEach(function(key, index) {
if (index < MINIMUM_KEYS) {
return;
}
var created_at = key.created_at || 0;
var age = Date.now() - created_at;
if (age > ARCHIVE_AGE) {
console.log(
'Removing confirmed signed prekey:',
key.keyId,
'with timestamp:',
created_at
);
store.removeSignedPreKey(key.keyId);
confirmedCount--;
}
});
var stillNeeded = MINIMUM_KEYS - confirmedCount;
// If we still don't have enough total keys, we keep as many unconfirmed
// keys as necessary. If not necessary, and over a week old, we drop.
unconfirmed.forEach(function(key, index) {
if (index < stillNeeded) {
return;
}
var created_at = key.created_at || 0;
var age = Date.now() - created_at;
if (age > ARCHIVE_AGE) {
console.log(
'Removing unconfirmed signed prekey:',
key.keyId,
'with timestamp:',
created_at
);
store.removeSignedPreKey(key.keyId);
}
});
});
},
createAccount: function(number, verificationCode, identityKeyPair,
profileKey, deviceName, userAgent, readReceipts) {
var signalingKey = libsignal.crypto.getRandomBytes(32 + 20);
var password = btoa(getString(libsignal.crypto.getRandomBytes(16)));
password = password.substring(0, password.length - 2);
var registrationId = libsignal.KeyHelper.generateRegistrationId();
var previousNumber = getNumber(textsecure.storage.get('number_id'));
return this.server.confirmCode(
number, verificationCode, password, signalingKey, registrationId, deviceName
).then(function(response) {
if (previousNumber && previousNumber !== number) {
console.log('New number is different from old number; deleting all previous data');
return textsecure.storage.protocol.removeAllData().then(function() {
console.log('Successfully deleted previous data');
return response;
}, function(error) {
console.log(
'Something went wrong deleting data from previous number',
error && error.stack ? error.stack : error
);
return response;
});
}
return response;
}).then(function(response) {
textsecure.storage.remove('identityKey');
textsecure.storage.remove('signaling_key');
textsecure.storage.remove('password');
textsecure.storage.remove('registrationId');
textsecure.storage.remove('number_id');
textsecure.storage.remove('device_name');
textsecure.storage.remove('regionCode');
textsecure.storage.remove('userAgent');
textsecure.storage.remove('profileKey');
textsecure.storage.remove('read-receipts-setting');
// update our own identity key, which may have changed
// if we're relinking after a reinstall on the master device
textsecure.storage.protocol.saveIdentityWithAttributes(number, {
id : number,
publicKey : identityKeyPair.pubKey,
firstUse : true,
timestamp : Date.now(),
verified : textsecure.storage.protocol.VerifiedStatus.VERIFIED,
nonblockingApproval : true
});
textsecure.storage.put('identityKey', identityKeyPair);
textsecure.storage.put('signaling_key', signalingKey);
textsecure.storage.put('password', password);
textsecure.storage.put('registrationId', registrationId);
if (profileKey) {
textsecure.storage.put('profileKey', profileKey);
}
if (userAgent) {
textsecure.storage.put('userAgent', userAgent);
}
if (readReceipts) {
textsecure.storage.put('read-receipt-setting', true);
} else {
textsecure.storage.put('read-receipt-setting', false);
}
textsecure.storage.user.setNumberAndDeviceId(number, response.deviceId || 1, deviceName);
textsecure.storage.put('regionCode', libphonenumber.util.getRegionCodeForNumber(number));
this.server.username = textsecure.storage.get('number_id');
}.bind(this));
},
clearSessionsAndPreKeys: function() {
var store = textsecure.storage.protocol;
console.log('clearing all sessions, prekeys, and signed prekeys');
return Promise.all([
store.clearPreKeyStore(),
store.clearSignedPreKeysStore(),
store.clearSessionStore(),
]);
},
// Takes the same object returned by generateKeys
confirmKeys: function(keys) {
var store = textsecure.storage.protocol;
var key = keys.signedPreKey;
var confirmed = true;
console.log('confirmKeys: confirming key', key.keyId);
return store.storeSignedPreKey(key.keyId, key.keyPair, confirmed);
},
generateKeys: function (count, progressCallback) {
if (typeof progressCallback !== 'function') {
progressCallback = undefined;
}
var startId = textsecure.storage.get('maxPreKeyId', 1);
var signedKeyId = textsecure.storage.get('signedKeyId', 1);
if (typeof startId != 'number') {
throw new Error('Invalid maxPreKeyId');
}
if (typeof signedKeyId != 'number') {
throw new Error('Invalid signedKeyId');
}
var store = textsecure.storage.protocol;
return store.getIdentityKeyPair().then(function(identityKey) {
var result = { preKeys: [], identityKey: identityKey.pubKey };
var promises = [];
for (var keyId = startId; keyId < startId+count; ++keyId) {
promises.push(
libsignal.KeyHelper.generatePreKey(keyId).then(function(res) {
store.storePreKey(res.keyId, res.keyPair);
result.preKeys.push({
keyId : res.keyId,
publicKey : res.keyPair.pubKey
});
if (progressCallback) { progressCallback(); }
})
);
}
promises.push(
libsignal.KeyHelper.generateSignedPreKey(identityKey, signedKeyId).then(function(res) {
store.storeSignedPreKey(res.keyId, res.keyPair);
result.signedPreKey = {
keyId : res.keyId,
publicKey : res.keyPair.pubKey,
signature : res.signature,
// server.registerKeys doesn't use keyPair, confirmKeys does
keyPair : res.keyPair,
};
})
);
textsecure.storage.put('maxPreKeyId', startId + count);
textsecure.storage.put('signedKeyId', signedKeyId + 1);
return Promise.all(promises).then(function() {
// This is primarily for the signed prekey summary it logs out
return this.cleanSignedPreKeys().then(function() {
return result;
});
}.bind(this));
}.bind(this));
},
registrationDone: function() {
console.log('registration done');
this.dispatchEvent(new Event('registration'));
}
});
textsecure.AccountManager = AccountManager;
}());
Reference in New Issue View Git Blame Copy Permalink