keejef
/
session-ios
mirror of https://github.com/oxen-io/session-ios
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Apply UD access verifier.

Browse Source
pull/1/head
Matthew Chen 7 years ago
parent a81a89871e
commit 7cb0158331
3 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File

33
SignalMessaging/profiles/ProfileFetcherJob.swift
Unescape Escape View File

@ -173,18 +173,29 @@ public class ProfileFetcherJob: NSObject {
}
private func updateProfile(signalServiceProfile: SignalServiceProfile) {
verifyIdentityUpToDateAsync(recipientId: signalServiceProfile.recipientId, latestIdentityKey: signalServiceProfile.identityKey)
profileManager.updateProfile(forRecipientId: signalServiceProfile.recipientId,
profileNameEncrypted: signalServiceProfile.profileNameEncrypted,
avatarUrlPath: signalServiceProfile.avatarUrlPath)
let recipientId = signalServiceProfile.recipientId
verifyIdentityUpToDateAsync(recipientId: recipientId, latestIdentityKey: signalServiceProfile.identityKey)
profileManager.updateProfile(forRecipientId: recipientId,
profileNameEncrypted: signalServiceProfile.profileNameEncrypted,
avatarUrlPath: signalServiceProfile.avatarUrlPath)
var supportsUnidentifiedDelivery = false
if let unidentifiedAccessVerifier = signalServiceProfile.unidentifiedAccessVerifier,
let udAccessKey = udManager.udAccessKeyForRecipient(recipientId) {
let dataToVerify = Data(count: 32)
if let expectedVerfier = Cryptography.computeSHA256HMAC(dataToVerify, withHMACKey: udAccessKey.keyData) {
supportsUnidentifiedDelivery = expectedVerfier == unidentifiedAccessVerifier
} else {
owsFailDebug("could not verify UD")
}
}
// TODO: We may want to only call setSupportsUnidentifiedDelivery if
// supportsUnidentifiedDelivery is true.
let supportsUnidentifiedDelivery = signalServiceProfile.unidentifiedAccessKey != nil
udManager.setSupportsUnidentifiedDelivery(supportsUnidentifiedDelivery, recipientId: signalServiceProfile.recipientId)
udManager.setSupportsUnidentifiedDelivery(supportsUnidentifiedDelivery, recipientId: recipientId)
udManager.setShouldAllowUnrestrictedAccess(recipientId: signalServiceProfile.recipientId, shouldAllowUnrestrictedAccess: signalServiceProfile.hasUnrestrictedUnidentifiedAccess)
udManager.setShouldAllowUnrestrictedAccess(recipientId: recipientId, shouldAllowUnrestrictedAccess: signalServiceProfile.hasUnrestrictedUnidentifiedAccess)
}
private func verifyIdentityUpToDateAsync(recipientId: String, latestIdentityKey: Data) {
@ -212,7 +223,7 @@ public class SignalServiceProfile: NSObject {
public let identityKey: Data
public let profileNameEncrypted: Data?
public let avatarUrlPath: String?
public let unidentifiedAccessKey: Data?
public let unidentifiedAccessVerifier: Data?
public let hasUnrestrictedUnidentifiedAccess: Bool
init(recipientId: String, responseObject: Any?) throws {
@ -235,9 +246,7 @@ public class SignalServiceProfile: NSObject {
let avatarUrlPath: String? = try params.optional(key: "avatar")
self.avatarUrlPath = avatarUrlPath
// TODO: Should this key be "unidentifiedAccessKey" or "unidentifiedAccess"?
// The docs don't agree with the response from staging.
self.unidentifiedAccessKey = try params.optionalBase64EncodedData(key: "unidentifiedAccess")
self.unidentifiedAccessVerifier = try params.optionalBase64EncodedData(key: "unidentifiedAccess")
self.hasUnrestrictedUnidentifiedAccess = try params.optional(key: "unrestrictedUnidentifiedAccess") ?? false
}

4
SignalServiceKit/src/Messages/OWSMessageSend.swift
Unescape Escape View File

@ -70,7 +70,9 @@ public class OWSMessageSend: NSObject {
var udAccessKey: SMKUDAccessKey?
var isLocalNumber: Bool = false
if let recipientId = recipient.uniqueId {
udAccessKey = udManager.udAccessKeyForRecipient(recipientId)
udAccessKey = (udManager.supportsUnidentifiedDelivery(recipientId: recipientId)
? udManager.udAccessKeyForRecipient(recipientId)
: nil)
isLocalNumber = localNumber == recipientId
} else {
owsFailDebug("SignalRecipient missing recipientId")

7
SignalServiceKit/src/Messages/UD/OWSUDManager.swift
Unescape Escape View File

@ -110,13 +110,10 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
}
}
// Returns the UD access key for a given recipient if they are
// a UD recipient and we have a valid profile key for them.
// Returns the UD access key for a given recipient
// if we have a valid profile key for them.
@objc
public func udAccessKeyForRecipient(_ recipientId: String) -> SMKUDAccessKey? {
guard supportsUnidentifiedDelivery(recipientId: recipientId) else {
return nil
}
guard let profileKey = profileManager.profileKeyData(forRecipientId: recipientId) else {
// Mark as "not a UD recipient".
return nil

Write Preview
Loading…
Cancel
Save