diff --git a/Signal/src/AppDelegate.m b/Signal/src/AppDelegate.m index ed2e0891e..8ae4c2cf5 100644 --- a/Signal/src/AppDelegate.m +++ b/Signal/src/AppDelegate.m @@ -1215,6 +1215,15 @@ static NSTimeInterval launchStartedAt; [self.udManager setup]; [self preheatDatabaseViews]; + + // Try to update account attributes every time we upgrade. + if ([self.tsAccountManager isRegistered]) { + AppVersion *appVersion = AppVersion.sharedInstance; + if (appVersion.lastAppVersion.length > 0 + && ![appVersion.lastAppVersion isEqualToString:appVersion.currentAppVersion]) { + [[self.tsAccountManager updateAccountAttributes] retainUntilComplete]; + } + } } - (void)preheatDatabaseViews diff --git a/SignalServiceKit/src/Account/TSAccountManager.m b/SignalServiceKit/src/Account/TSAccountManager.m index 21798c5b3..9d9a671b0 100644 --- a/SignalServiceKit/src/Account/TSAccountManager.m +++ b/SignalServiceKit/src/Account/TSAccountManager.m @@ -379,17 +379,14 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa failure:(void (^)(NSError *error))failureBlock { NSString *authToken = [[self class] generateNewAccountAuthenticationToken]; - NSString *signalingKey = [[self class] generateNewSignalingKeyToken]; NSString *phoneNumber = self.phoneNumberAwaitingVerification; - OWSAssertDebug(signalingKey); OWSAssertDebug(authToken); OWSAssertDebug(phoneNumber); TSRequest *request = [OWSRequestFactory verifyCodeRequestWithVerificationCode:verificationCode forNumber:phoneNumber pin:pin - signalingKey:signalingKey authKey:authToken]; [self.networkManager makeRequest:request @@ -401,7 +398,6 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa case 200: case 204: { OWSLogInfo(@"Verification code accepted."); - [self storeServerAuthToken:authToken signalingKey:signalingKey]; [TSPreKeyManager createPreKeysWithSuccess:successBlock failure:failureBlock]; [self.profileManager fetchLocalUsersProfile]; break; @@ -465,15 +461,6 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa return authTokenPrint; } -+ (NSString *)generateNewSignalingKeyToken { - /*The signalingKey is 32 bytes of AES material (256bit AES) and 20 bytes of - * Hmac key material (HmacSHA1) concatenated into a 52 byte slug that is - * base64 encoded. */ - NSData *signalingKeyToken = [Randomness generateRandomBytes:52]; - NSString *signalingKeyTokenPrint = [[NSData dataWithData:signalingKeyToken] base64EncodedString]; - return signalingKeyTokenPrint; -} - + (nullable NSString *)signalingKey { return [[self sharedInstance] signalingKey]; @@ -496,16 +483,12 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa inCollection:TSAccountManager_UserAccountCollection]; } -- (void)storeServerAuthToken:(NSString *)authToken signalingKey:(NSString *)signalingKey +- (void)storeServerAuthToken:(NSString *)authToken { [self.dbConnection readWriteWithBlock:^(YapDatabaseReadWriteTransaction *transaction) { [transaction setObject:authToken forKey:TSAccountManager_ServerAuthToken inCollection:TSAccountManager_UserAccountCollection]; - [transaction setObject:signalingKey - forKey:TSAccountManager_ServerSignalingKey - inCollection:TSAccountManager_UserAccountCollection]; - }]; } diff --git a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h index 490403435..b7ef07a7c 100644 --- a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h +++ b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h @@ -66,7 +66,6 @@ typedef NS_ENUM(NSUInteger, TSVerificationTransport) { TSVerificationTransportVo + (TSRequest *)verifyCodeRequestWithVerificationCode:(NSString *)verificationCode forNumber:(NSString *)phoneNumber pin:(nullable NSString *)pin - signalingKey:(NSString *)signalingKey authKey:(NSString *)authKey; #pragma mark - Prekeys diff --git a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m index bcca8bdeb..bc2e4b6ae 100644 --- a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m +++ b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m @@ -219,14 +219,11 @@ NS_ASSUME_NONNULL_BEGIN { NSString *path = [textSecureAccountsAPI stringByAppendingString:textSecureAttributesAPI]; - NSString *signalingKey = self.tsAccountManager.signalingKey; - OWSAssertDebug(signalingKey.length > 0); NSString *authKey = self.tsAccountManager.serverAuthToken; OWSAssertDebug(authKey.length > 0); NSString *_Nullable pin = [self.ows2FAManager pinCode]; - NSDictionary *accountAttributes = - [self accountAttributesWithPin:pin signalingKey:signalingKey authKey:authKey]; + NSDictionary *accountAttributes = [self accountAttributesWithPin:pin authKey:authKey]; return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"PUT" parameters:accountAttributes]; } @@ -293,18 +290,16 @@ NS_ASSUME_NONNULL_BEGIN + (TSRequest *)verifyCodeRequestWithVerificationCode:(NSString *)verificationCode forNumber:(NSString *)phoneNumber pin:(nullable NSString *)pin - signalingKey:(NSString *)signalingKey authKey:(NSString *)authKey { OWSAssertDebug(verificationCode.length > 0); OWSAssertDebug(phoneNumber.length > 0); - OWSAssertDebug(signalingKey.length > 0); OWSAssertDebug(authKey.length > 0); NSString *path = [NSString stringWithFormat:@"%@/code/%@", textSecureAccountsAPI, verificationCode]; NSMutableDictionary *accountAttributes = - [[self accountAttributesWithPin:pin signalingKey:signalingKey authKey:authKey] mutableCopy]; + [[self accountAttributesWithPin:pin authKey:authKey] mutableCopy]; [accountAttributes removeObjectForKey:@"AuthKey"]; TSRequest *request = @@ -316,10 +311,8 @@ NS_ASSUME_NONNULL_BEGIN } + (NSDictionary *)accountAttributesWithPin:(nullable NSString *)pin - signalingKey:(NSString *)signalingKey authKey:(NSString *)authKey { - OWSAssertDebug(signalingKey.length > 0); OWSAssertDebug(authKey.length > 0); uint32_t registrationId = [self.tsAccountManager getOrGenerateRegistrationId]; @@ -334,8 +327,8 @@ NS_ASSUME_NONNULL_BEGIN } BOOL allowUnrestrictedUD = [self.udManager shouldAllowUnrestrictedAccessLocal] && udAccessKey != nil; + // We no longer include the signalingKey. NSMutableDictionary *accountAttributes = [@{ - @"signalingKey" : signalingKey, @"AuthKey" : authKey, @"voice" : @(YES), // all Signal-iOS clients support voice @"video" : @(YES), // all Signal-iOS clients support WebRTC-based voice and video calls. diff --git a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m index 873e89066..c3e55a469 100644 --- a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m +++ b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m @@ -770,9 +770,18 @@ NSString *const kNSNotification_OWSWebSocketStateDidChange = @"kNSNotification_O dispatch_async(self.serialQueue, ^{ BOOL success = NO; @try { - NSData *_Nullable decryptedPayload = - [Cryptography decryptAppleMessagePayload:message.body - withSignalingKey:TSAccountManager.signalingKey]; + BOOL useSignalingKey = [message.headers containsObject:@"X-Signal-Key: true"]; + NSData *_Nullable decryptedPayload; + if (useSignalingKey) { + NSString *_Nullable signalingKey = TSAccountManager.signalingKey; + OWSAssertDebug(signalingKey); + decryptedPayload = + [Cryptography decryptAppleMessagePayload:message.body withSignalingKey:signalingKey]; + } else { + OWSAssertDebug([message.headers containsObject:@"X-Signal-Key: false"]); + + decryptedPayload = message.body; + } if (!decryptedPayload) { OWSLogWarn(@"Failed to decrypt incoming payload or bad HMAC");