From 960b4f537d42b8db84eaf01c71ecbd36603c0d5c Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Thu, 11 Oct 2018 10:23:03 -0400 Subject: [PATCH 1/3] Suppress UD against production service to avoid de-registration. --- SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m | 7 +++++++ SignalServiceKit/src/TSConstants.h | 8 +++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m index bf03b8f00..968748a0d 100644 --- a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m +++ b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m @@ -1024,6 +1024,13 @@ NSString *const kNSNotification_OWSWebSocketStateDidChange = @"kNSNotification_O } #endif +#ifndef UD_ENABLED + if (self.webSocketType == OWSWebSocketTypeUD) { + OWSLogWarn(@"Suppressing UD socket in prod."); + return; + } +#endif + if (!AppReadiness.isAppReady) { static dispatch_once_t onceToken; dispatch_once(&onceToken, ^{ diff --git a/SignalServiceKit/src/TSConstants.h b/SignalServiceKit/src/TSConstants.h index 76272dbfe..9fb966355 100644 --- a/SignalServiceKit/src/TSConstants.h +++ b/SignalServiceKit/src/TSConstants.h @@ -37,10 +37,11 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) { //#define contactDiscoveryURL @"https://api.directory.signal.org" //// TODO: The production value is not yet known. //#define kUDTrustRoot @"BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx" +////#define UD_ENABLED //#else -// -//// Staging + +// Staging #define textSecureWebSocketAPI @"wss://textsecure-service-staging.whispersystems.org/v1/websocket/" #define textSecureServerURL @"https://textsecure-service-staging.whispersystems.org/" #define textSecureCDNServerURL @"https://cdn-staging.signal.org" @@ -48,7 +49,8 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) { #define textSecureCDNReflectorHost @"meek-signal-cdn-staging.appspot.com"; #define contactDiscoveryURL @"https://api-staging.directory.signal.org" #define kUDTrustRoot @"BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx" -// +#define UD_ENABLED + //#endif #define textSecureAccountsAPI @"v1/accounts" From f2a1df4e99c0d8d3194cb13fa1c8f16c8ed6f4f9 Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Thu, 11 Oct 2018 10:23:19 -0400 Subject: [PATCH 2/3] Update device message auditing to reflect UD behavior. --- .../src/Messages/OWSMessageSender.m | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/SignalServiceKit/src/Messages/OWSMessageSender.m b/SignalServiceKit/src/Messages/OWSMessageSender.m index d89afff36..a7be17bbe 100644 --- a/SignalServiceKit/src/Messages/OWSMessageSender.m +++ b/SignalServiceKit/src/Messages/OWSMessageSender.m @@ -945,12 +945,32 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException"; // // If _both_ of these pieces of state agree that there are no linked // devices, then can safely skip sending sync message. + // + // NOTE: Sync messages sent via UD include the local device. - // 1. Check OWSDevice's state. BOOL mayHaveLinkedDevices = [OWSDeviceManager.sharedManager mayHaveLinkedDevices:self.dbConnection]; - // 2. Check SignalRecipient's state. - BOOL hasDeviceMessages = deviceMessages.count > 0; + BOOL hasDeviceMessages = NO; + for (NSDictionary *deviceMessage in deviceMessages) { + NSString *_Nullable destination = deviceMessage[@"destination"]; + if (!destination) { + OWSFailDebug(@"Sync device message missing destination: %@", deviceMessage); + continue; + } + if (![destination isEqualToString:messageSend.localNumber]) { + OWSFailDebug(@"Sync device message has invalid destination: %@", deviceMessage); + continue; + } + NSNumber *_Nullable destinationDeviceId = deviceMessage[@"destinationDeviceId"]; + if (!destinationDeviceId) { + OWSFailDebug(@"Sync device message missing destination device id: %@", deviceMessage); + continue; + } + if (destinationDeviceId.intValue != OWSDevicePrimaryDeviceId) { + hasDeviceMessages = YES; + break; + } + } OWSLogInfo(@"mayHaveLinkedDevices: %d, hasDeviceMessages: %d", mayHaveLinkedDevices, hasDeviceMessages); From 1f37980a0dd3980595bc1231d64772f18c0265ca Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Thu, 11 Oct 2018 10:44:28 -0400 Subject: [PATCH 3/3] Suppress UD against production service to avoid de-registration. --- .../src/Messages/UD/OWSUDManager.swift | 10 ++++++++++ .../src/Network/WebSockets/OWSWebSocket.m | 8 +++++--- SignalServiceKit/src/TSConstants.h | 5 +++-- SignalServiceKit/src/TSConstants.m | 14 ++++++++++++++ SignalServiceKit/src/TSPrefix.h | 3 ++- 5 files changed, 34 insertions(+), 6 deletions(-) create mode 100644 SignalServiceKit/src/TSConstants.m diff --git a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift index d2374ea2f..825a1c7f3 100644 --- a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift +++ b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift @@ -26,6 +26,8 @@ public enum UnidentifiedAccessMode: Int { @objc func trustRoot() -> ECPublicKey + @objc func isUDEnabled() -> Bool + // MARK: - Recipient State @objc @@ -173,6 +175,9 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { // if we have a valid profile key for them. @objc public func udAccessKeyForRecipient(_ recipientId: RecipientIdentifier) -> SMKUDAccessKey? { + guard isUDEnabled() else { + return nil + } let theirAccessMode = unidentifiedAccessMode(recipientId: recipientId) if theirAccessMode == .unrestricted { return SMKUDAccessKey(randomKeyData: ()) @@ -281,6 +286,11 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { } } + @objc + public func isUDEnabled() -> Bool { + return !IsUsingProductionService() + } + @objc public func trustRoot() -> ECPublicKey { guard let trustRootData = NSData(fromBase64String: kUDTrustRoot) else { diff --git a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m index 968748a0d..1d09c291b 100644 --- a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m +++ b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m @@ -264,6 +264,10 @@ NSString *const kNSNotification_OWSWebSocketStateDidChange = @"kNSNotification_O return OWSWebsocketSecurityPolicy.sharedPolicy; } +- (id)udManager { + return SSKEnvironment.shared.udManager; +} + #pragma mark - // We want to observe these notifications lazily to avoid accessing @@ -1024,12 +1028,10 @@ NSString *const kNSNotification_OWSWebSocketStateDidChange = @"kNSNotification_O } #endif -#ifndef UD_ENABLED - if (self.webSocketType == OWSWebSocketTypeUD) { + if (!self.udManager.isUDEnabled && self.webSocketType == OWSWebSocketTypeUD) { OWSLogWarn(@"Suppressing UD socket in prod."); return; } -#endif if (!AppReadiness.isAppReady) { static dispatch_once_t onceToken; diff --git a/SignalServiceKit/src/TSConstants.h b/SignalServiceKit/src/TSConstants.h index 9fb966355..ed72036f7 100644 --- a/SignalServiceKit/src/TSConstants.h +++ b/SignalServiceKit/src/TSConstants.h @@ -37,7 +37,7 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) { //#define contactDiscoveryURL @"https://api.directory.signal.org" //// TODO: The production value is not yet known. //#define kUDTrustRoot @"BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx" -////#define UD_ENABLED +//#define USING_PRODUCTION_SERVICE //#else @@ -49,10 +49,11 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) { #define textSecureCDNReflectorHost @"meek-signal-cdn-staging.appspot.com"; #define contactDiscoveryURL @"https://api-staging.directory.signal.org" #define kUDTrustRoot @"BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx" -#define UD_ENABLED //#endif +BOOL IsUsingProductionService(void); + #define textSecureAccountsAPI @"v1/accounts" #define textSecureAttributesAPI @"/attributes/" diff --git a/SignalServiceKit/src/TSConstants.m b/SignalServiceKit/src/TSConstants.m new file mode 100644 index 000000000..b5b92adef --- /dev/null +++ b/SignalServiceKit/src/TSConstants.m @@ -0,0 +1,14 @@ +// +// Copyright (c) 2018 Open Whisper Systems. All rights reserved. +// + +#import "TSConstants.h" + +BOOL IsUsingProductionService() +{ +#ifdef USING_PRODUCTION_SERVICE + return YES; +#else + return NO; +#endif +} diff --git a/SignalServiceKit/src/TSPrefix.h b/SignalServiceKit/src/TSPrefix.h index c9c36c4e5..d482637cb 100644 --- a/SignalServiceKit/src/TSPrefix.h +++ b/SignalServiceKit/src/TSPrefix.h @@ -12,6 +12,7 @@ static const NSUInteger ddLogLevel = DDLogLevelAll; static const NSUInteger ddLogLevel = DDLogLevelInfo; #endif #import "OWSAnalytics.h" +#import "SSKAsserts.h" +#import "TSConstants.h" #import #import -#import "SSKAsserts.h"