keejef
/
session-ios
mirror of https://github.com/oxen-io/session-ios
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'charlesmchen/udAccessVerifier'

Browse Source
pull/1/head
Matthew Chen 7 years ago
parent a81a89871e 624ffdf9b5
commit 396a17af37
5 changed files with 35 additions and 20 deletions
Show Stats Download Patch File Download Diff File

2
Podfile.lock
Unescape Escape View File

@ -260,7 +260,7 @@ CHECKOUT OPTIONS:
:commit: 8b8326cd50bc488663a3d3743f1a92b90f4d85b4
:git: https://github.com/signalapp/HKDFKit.git
SignalCoreKit:
:commit: e5b6aa3c078d7c2fbc154e5dd806b8e55211697d
:commit: ff0b95770520133b83a4bd7b26bc2c90b51abc4d
:git: https://github.com/signalapp/SignalCoreKit.git
SignalMetadataKit:
:commit: b0e664410dd3d709355bfdb9d464ae02644aeb74

2
Pods

@ -1 +1 @@
Subproject commit 706302e046a89e743f903e02f36b4f73c007a0de
Subproject commit 4f0b4bb0d12438b39a5616cb4190cf656a82a3e2

40
SignalMessaging/profiles/ProfileFetcherJob.swift
Unescape Escape View File

@ -173,18 +173,36 @@ public class ProfileFetcherJob: NSObject {
}
private func updateProfile(signalServiceProfile: SignalServiceProfile) {
verifyIdentityUpToDateAsync(recipientId: signalServiceProfile.recipientId, latestIdentityKey: signalServiceProfile.identityKey)
profileManager.updateProfile(forRecipientId: signalServiceProfile.recipientId,
profileNameEncrypted: signalServiceProfile.profileNameEncrypted,
avatarUrlPath: signalServiceProfile.avatarUrlPath)
let recipientId = signalServiceProfile.recipientId
verifyIdentityUpToDateAsync(recipientId: recipientId, latestIdentityKey: signalServiceProfile.identityKey)
profileManager.updateProfile(forRecipientId: recipientId,
profileNameEncrypted: signalServiceProfile.profileNameEncrypted,
avatarUrlPath: signalServiceProfile.avatarUrlPath)
// Recipients should be in "UD delivery mode" IFF:
//
// * Their profile includes a unidentifiedAccessVerifier.
// * The unidentifiedAccessVerifier matches the "expected" value derived
// from their profile key (if any).
//
// Recipients should be in "normal delivery mode" otherwise.
var supportsUnidentifiedDelivery = false
if let unidentifiedAccessVerifier = signalServiceProfile.unidentifiedAccessVerifier,
let udAccessKey = udManager.udAccessKeyForRecipient(recipientId) {
let dataToVerify = Data(count: 32)
if let expectedVerfier = Cryptography.computeSHA256HMAC(dataToVerify, withHMACKey: udAccessKey.keyData) {
supportsUnidentifiedDelivery = expectedVerfier == unidentifiedAccessVerifier
} else {
owsFailDebug("could not verify UD")
}
}
// TODO: We may want to only call setSupportsUnidentifiedDelivery if
// supportsUnidentifiedDelivery is true.
let supportsUnidentifiedDelivery = signalServiceProfile.unidentifiedAccessKey != nil
udManager.setSupportsUnidentifiedDelivery(supportsUnidentifiedDelivery, recipientId: signalServiceProfile.recipientId)
udManager.setSupportsUnidentifiedDelivery(supportsUnidentifiedDelivery, recipientId: recipientId)
udManager.setShouldAllowUnrestrictedAccess(recipientId: signalServiceProfile.recipientId, shouldAllowUnrestrictedAccess: signalServiceProfile.hasUnrestrictedUnidentifiedAccess)
udManager.setShouldAllowUnrestrictedAccess(recipientId: recipientId, shouldAllowUnrestrictedAccess: signalServiceProfile.hasUnrestrictedUnidentifiedAccess)
}
private func verifyIdentityUpToDateAsync(recipientId: String, latestIdentityKey: Data) {
@ -212,7 +230,7 @@ public class SignalServiceProfile: NSObject {
public let identityKey: Data
public let profileNameEncrypted: Data?
public let avatarUrlPath: String?
public let unidentifiedAccessKey: Data?
public let unidentifiedAccessVerifier: Data?
public let hasUnrestrictedUnidentifiedAccess: Bool
init(recipientId: String, responseObject: Any?) throws {
@ -235,9 +253,7 @@ public class SignalServiceProfile: NSObject {
let avatarUrlPath: String? = try params.optional(key: "avatar")
self.avatarUrlPath = avatarUrlPath
// TODO: Should this key be "unidentifiedAccessKey" or "unidentifiedAccess"?
// The docs don't agree with the response from staging.
self.unidentifiedAccessKey = try params.optionalBase64EncodedData(key: "unidentifiedAccess")
self.unidentifiedAccessVerifier = try params.optionalBase64EncodedData(key: "unidentifiedAccess")
self.hasUnrestrictedUnidentifiedAccess = try params.optional(key: "unrestrictedUnidentifiedAccess") ?? false
}

4
SignalServiceKit/src/Messages/OWSMessageSend.swift
Unescape Escape View File

@ -70,7 +70,9 @@ public class OWSMessageSend: NSObject {
var udAccessKey: SMKUDAccessKey?
var isLocalNumber: Bool = false
if let recipientId = recipient.uniqueId {
udAccessKey = udManager.udAccessKeyForRecipient(recipientId)
udAccessKey = (udManager.supportsUnidentifiedDelivery(recipientId: recipientId)
? udManager.udAccessKeyForRecipient(recipientId)
: nil)
isLocalNumber = localNumber == recipientId
} else {
owsFailDebug("SignalRecipient missing recipientId")

7
SignalServiceKit/src/Messages/UD/OWSUDManager.swift
Unescape Escape View File

@ -110,13 +110,10 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
}
}
// Returns the UD access key for a given recipient if they are
// a UD recipient and we have a valid profile key for them.
// Returns the UD access key for a given recipient
// if we have a valid profile key for them.
@objc
public func udAccessKeyForRecipient(_ recipientId: String) -> SMKUDAccessKey? {
guard supportsUnidentifiedDelivery(recipientId: recipientId) else {
return nil
}
guard let profileKey = profileManager.profileKeyData(forRecipientId: recipientId) else {
// Mark as "not a UD recipient".
return nil

Write Preview
Loading…
Cancel
Save