Merge branch 'charlesmchen/censorship-circumvention-2'

9 years ago · a9340b06fd
parent 52762a1be9 5b87af9bc6
commit a9340b06fd
5 changed files with 83 additions and 13 deletions
--- a/src/Network/OWSCensorshipConfiguration.h
+++ b/src/Network/OWSCensorshipConfiguration.h
@ -7,7 +7,7 @@ NS_ASSUME_NONNULL_BEGIN

@interface OWSCensorshipConfiguration : NSObject

- (NSString *)frontingHost;
+- (NSString *)frontingHost:(NSString *)e164PhonNumber;
 - (NSString *)reflectorHost;
 - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber;

--- a/src/Network/OWSCensorshipConfiguration.m
+++ b/src/Network/OWSCensorshipConfiguration.m
@ -3,17 +3,33 @@

 #import "OWSCensorshipConfiguration.h"
 #import "TSStorageManager.h"
+#import "Asserts.h"

 NS_ASSUME_NONNULL_BEGIN

-NSString *const OWSCensorshipConfigurationFrontingHost = @"https://google.com";
 NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-meek.appspot.com";

@implementation OWSCensorshipConfiguration

- (NSString *)frontingHost
+- (NSString *)frontingHost:(NSString *)e164PhonNumber
 {
-    return OWSCensorshipConfigurationFrontingHost;
+    OWSAssert(e164PhonNumber.length > 0);
+    
+    NSString *domain = nil;
+    for (NSString *countryCode in self.censoredCountryCodes) {
+        if ([e164PhonNumber hasPrefix:countryCode]) {
+            domain = self.censoredCountryCodes[countryCode];
+        }
+    }
+    
+    // Fronting should only be used for countries specified in censoredCountryCodes,
+    // all of which have a domain specified.
+    OWSAssert(domain);
+    if (!domain) {
+        domain = @"google.com";
+    }
+    
+    return [@"https://" stringByAppendingString:domain];
 }

 - (NSString *)reflectorHost
@ -21,13 +37,33 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee
    return OWSCensorshipConfigurationReflectorHost;
 }

- (NSArray<NSString *> *)censoredCountryCodes
+- (NSDictionary<NSString *, NSString *> *)censoredCountryCodes
 {
-    // Reports of censorship in:
-    // Egypt
-    // UAE
-    return @[@"+20",
-             @"+971"];
+    // The set of countries for which domain fronting should be used.
+    //
+    // For each country, we should add the appropriate google domain,
+    // per:  https://en.wikipedia.org/wiki/List_of_Google_domains
+    //
+    // If we ever use any non-google domains for domain fronting,
+    // remember to:
+    //
+    // a) Add the appropriate pinning certificate(s) in
+    //    SignalServiceKit.podspec.
+    // b) Update reflectorHost accordingly.
+    return @{
+             // Egypt
+             @"+20": @"google.com.eg",
+             // Cuba
+             @"+53": @"google.com.cu",
+             // Oman
+             @"+968": @"google.com.om",
+             // UAE
+             @"+971": @"google.ae",
+             // Iran
+             //
+             // There does not appear to be a specific Google domain for Iran.
+             @"+98": @"google.com",
+             };
 }

 - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber
--- a/src/Network/OWSSignalService.m
+++ b/src/Network/OWSSignalService.m
@ -1,12 +1,14 @@
 // Created by Michael Kirk on 12/20/16.
 // Copyright © 2016 Open Whisper Systems. All rights reserved.

+#import <AFNetworking/AFHTTPSessionManager.h>
+
 #import "OWSSignalService.h"
 #import "OWSCensorshipConfiguration.h"
 #import "OWSHTTPSecurityPolicy.h"
 #import "TSConstants.h"
 #import "TSAccountManager.h"
-#import <AFNetworking/AFHTTPSessionManager.h>
+#import "Asserts.h"

 NS_ASSUME_NONNULL_BEGIN

@ -69,8 +71,11 @@ NS_ASSUME_NONNULL_BEGIN

 - (AFHTTPSessionManager *)reflectorHTTPSessionManager
 {
+    NSString *localNumber = [TSAccountManager localNumber];
+    OWSAssert(localNumber.length > 0);
+
    // Target fronting domain
-    NSURL *baseURL = [[NSURL alloc] initWithString:self.censorshipConfiguration.frontingHost];
+    NSURL *baseURL = [[NSURL alloc] initWithString:[self.censorshipConfiguration frontingHost:localNumber]];
    NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration;
    AFHTTPSessionManager *sessionManager =
        [[AFHTTPSessionManager alloc] initWithBaseURL:baseURL sessionConfiguration:sessionConf];
--- a/src/Util/Asserts.h
+++ b/src/Util/Asserts.h
@ -0,0 +1,30 @@
+//
+//  Asserts.h
+//
+//  Copyright (c) 2016 Open Whisper Systems. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+#ifndef OWSAssert
+
+#ifdef DEBUG
+
+#define USE_ASSERTS
+
+#define CONVERT_TO_STRING(X) #X
+#define CONVERT_EXPR_TO_STRING(X) CONVERT_TO_STRING(X)
+
+#define OWSAssert(X) \
+if (!(X)) { \
+NSLog(@"Assertion failed: %s", CONVERT_EXPR_TO_STRING(X)); \
+NSAssert(0, @"Assertion failed: %s", CONVERT_EXPR_TO_STRING(X)); \
+}
+
+#else
+
+#define OWSAssert(X)
+
+#endif
+
+#endif
--- a/src/Util/Cryptography.m
+++ b/src/Util/Cryptography.m
@ -10,7 +10,6 @@
 #import <CommonCrypto/CommonHMAC.h>

 #import "Cryptography.h"
-
 #import "NSData+Base64.h"

 #define HMAC256_KEY_LENGTH 32