Merge branch 'charlesmchen/signalingKey'

7 years ago · befe37a8d8
parent b29f55b99c 951f0dab22
commit befe37a8d8
5 changed files with 25 additions and 32 deletions
--- a/Signal/src/AppDelegate.m
+++ b/Signal/src/AppDelegate.m
@ -1215,6 +1215,15 @@ static NSTimeInterval launchStartedAt;
    [self.udManager setup];

    [self preheatDatabaseViews];
+
+    // Try to update account attributes every time we upgrade.
+    if ([self.tsAccountManager isRegistered]) {
+        AppVersion *appVersion = AppVersion.sharedInstance;
+        if (appVersion.lastAppVersion.length > 0
+            && ![appVersion.lastAppVersion isEqualToString:appVersion.currentAppVersion]) {
+            [[self.tsAccountManager updateAccountAttributes] retainUntilComplete];
+        }
+    }
 }

 - (void)preheatDatabaseViews
--- a/SignalServiceKit/src/Account/TSAccountManager.m
+++ b/SignalServiceKit/src/Account/TSAccountManager.m
@ -379,17 +379,14 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa
                      failure:(void (^)(NSError *error))failureBlock
 {
    NSString *authToken = [[self class] generateNewAccountAuthenticationToken];
-    NSString *signalingKey = [[self class] generateNewSignalingKeyToken];
    NSString *phoneNumber = self.phoneNumberAwaitingVerification;

-    OWSAssertDebug(signalingKey);
    OWSAssertDebug(authToken);
    OWSAssertDebug(phoneNumber);

    TSRequest *request = [OWSRequestFactory verifyCodeRequestWithVerificationCode:verificationCode
                                                                        forNumber:phoneNumber
                                                                              pin:pin
-                                                                     signalingKey:signalingKey
                                                                          authKey:authToken];

    [self.networkManager makeRequest:request
@ -401,7 +398,6 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa
                case 200:
                case 204: {
                    OWSLogInfo(@"Verification code accepted.");
-                    [self storeServerAuthToken:authToken signalingKey:signalingKey];
                    [TSPreKeyManager createPreKeysWithSuccess:successBlock failure:failureBlock];
                    [self.profileManager fetchLocalUsersProfile];
                    break;
@ -465,15 +461,6 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa
    return authTokenPrint;
 }

-+ (NSString *)generateNewSignalingKeyToken {
-    /*The signalingKey is 32 bytes of AES material (256bit AES) and 20 bytes of
-     * Hmac key material (HmacSHA1) concatenated into a 52 byte slug that is
-     * base64 encoded. */
-    NSData *signalingKeyToken = [Randomness generateRandomBytes:52];
-    NSString *signalingKeyTokenPrint = [[NSData dataWithData:signalingKeyToken] base64EncodedString];
-    return signalingKeyTokenPrint;
-}
-
 + (nullable NSString *)signalingKey
 {
    return [[self sharedInstance] signalingKey];
@ -496,16 +483,12 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa
                              inCollection:TSAccountManager_UserAccountCollection];
 }

- (void)storeServerAuthToken:(NSString *)authToken signalingKey:(NSString *)signalingKey
+- (void)storeServerAuthToken:(NSString *)authToken
 {
    [self.dbConnection readWriteWithBlock:^(YapDatabaseReadWriteTransaction *transaction) {
        [transaction setObject:authToken
                        forKey:TSAccountManager_ServerAuthToken
                  inCollection:TSAccountManager_UserAccountCollection];
-        [transaction setObject:signalingKey
-                        forKey:TSAccountManager_ServerSignalingKey
-                  inCollection:TSAccountManager_UserAccountCollection];
-
    }];
 }

--- a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h
+++ b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h
@ -66,7 +66,6 @@ typedef NS_ENUM(NSUInteger, TSVerificationTransport) { TSVerificationTransportVo
 + (TSRequest *)verifyCodeRequestWithVerificationCode:(NSString *)verificationCode
                                           forNumber:(NSString *)phoneNumber
                                                 pin:(nullable NSString *)pin
-                                        signalingKey:(NSString *)signalingKey
                                             authKey:(NSString *)authKey;

 #pragma mark - Prekeys
--- a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m
+++ b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m
@ -219,14 +219,11 @@ NS_ASSUME_NONNULL_BEGIN
 {
    NSString *path = [textSecureAccountsAPI stringByAppendingString:textSecureAttributesAPI];

-    NSString *signalingKey = self.tsAccountManager.signalingKey;
-    OWSAssertDebug(signalingKey.length > 0);
    NSString *authKey = self.tsAccountManager.serverAuthToken;
    OWSAssertDebug(authKey.length > 0);
    NSString *_Nullable pin = [self.ows2FAManager pinCode];

-    NSDictionary<NSString *, id> *accountAttributes =
-        [self accountAttributesWithPin:pin signalingKey:signalingKey authKey:authKey];
+    NSDictionary<NSString *, id> *accountAttributes = [self accountAttributesWithPin:pin authKey:authKey];

    return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"PUT" parameters:accountAttributes];
 }
@ -293,18 +290,16 @@ NS_ASSUME_NONNULL_BEGIN
 + (TSRequest *)verifyCodeRequestWithVerificationCode:(NSString *)verificationCode
                                           forNumber:(NSString *)phoneNumber
                                                 pin:(nullable NSString *)pin
-                                        signalingKey:(NSString *)signalingKey
                                             authKey:(NSString *)authKey
 {
    OWSAssertDebug(verificationCode.length > 0);
    OWSAssertDebug(phoneNumber.length > 0);
-    OWSAssertDebug(signalingKey.length > 0);
    OWSAssertDebug(authKey.length > 0);

    NSString *path = [NSString stringWithFormat:@"%@/code/%@", textSecureAccountsAPI, verificationCode];

    NSMutableDictionary<NSString *, id> *accountAttributes =
-        [[self accountAttributesWithPin:pin signalingKey:signalingKey authKey:authKey] mutableCopy];
+        [[self accountAttributesWithPin:pin authKey:authKey] mutableCopy];
    [accountAttributes removeObjectForKey:@"AuthKey"];

    TSRequest *request =
@ -316,10 +311,8 @@ NS_ASSUME_NONNULL_BEGIN
 }

 + (NSDictionary<NSString *, id> *)accountAttributesWithPin:(nullable NSString *)pin
-                                              signalingKey:(NSString *)signalingKey
                                                   authKey:(NSString *)authKey
 {
-    OWSAssertDebug(signalingKey.length > 0);
    OWSAssertDebug(authKey.length > 0);
    uint32_t registrationId = [self.tsAccountManager getOrGenerateRegistrationId];

@ -334,8 +327,8 @@ NS_ASSUME_NONNULL_BEGIN
    }
    BOOL allowUnrestrictedUD = [self.udManager shouldAllowUnrestrictedAccessLocal] && udAccessKey != nil;

+    // We no longer include the signalingKey.
    NSMutableDictionary *accountAttributes = [@{
-        @"signalingKey" : signalingKey,
        @"AuthKey" : authKey,
        @"voice" : @(YES), // all Signal-iOS clients support voice
        @"video" : @(YES), // all Signal-iOS clients support WebRTC-based voice and video calls.
--- a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m
+++ b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m
@ -770,9 +770,18 @@ NSString *const kNSNotification_OWSWebSocketStateDidChange = @"kNSNotification_O
        dispatch_async(self.serialQueue, ^{
            BOOL success = NO;
            @try {
-                NSData *_Nullable decryptedPayload =
-                    [Cryptography decryptAppleMessagePayload:message.body
-                                            withSignalingKey:TSAccountManager.signalingKey];
+                BOOL useSignalingKey = [message.headers containsObject:@"X-Signal-Key: true"];
+                NSData *_Nullable decryptedPayload;
+                if (useSignalingKey) {
+                    NSString *_Nullable signalingKey = TSAccountManager.signalingKey;
+                    OWSAssertDebug(signalingKey);
+                    decryptedPayload =
+                        [Cryptography decryptAppleMessagePayload:message.body withSignalingKey:signalingKey];
+                } else {
+                    OWSAssertDebug([message.headers containsObject:@"X-Signal-Key: false"]);
+
+                    decryptedPayload = message.body;
+                }

                if (!decryptedPayload) {
                    OWSLogWarn(@"Failed to decrypt incoming payload or bad HMAC");