keejef
/
session-ios
mirror of https://github.com/oxen-io/session-ios
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dev
voice-calls-2
voice-calls
authentication
2.5.0
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.2
2.3.1
2.3.0
2.2.14
2.2.13
2.2.12
2.2.11
2.2.10
2.2.9
2.2.6
2.2.4
2.2.2
2.2.1
2.2.0
2.1.1
2.0.3
2.0.2
2.0.1
2.0.0
1.0.0-alpha.1
audit-2
audit
2.8.0
2.7.4
2.7.3
2.7.2
2.7.1
2.7.0
2.6.3
2.6.2
2.6.1
2.6.0
2.2.8
2.2.7
2.2.5
2.2.3
2.1.0
1.9.7
1.9.6
1.9.5
1.9.4
1.9.3
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.0
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1-beta
1.5.0-beta
1.5.0
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.0-beta
1.4.0
1.3.0-alpha.1
1.3.0
1.2.6
1.2.5
1.2.4
1.2.3
1.2.1
1.2.0-alpha.2
1.2.0-alpha.1
1.2.0
1.13.0
1.12.9
1.12.8
1.12.7
1.12.6
1.12.5
1.12.4
1.12.2
1.12.1
1.11.9
1.11.8
1.11.7
1.11.6
1.11.5
1.11.4
1.11.3
1.11.24
1.11.23
1.11.22
1.11.21
1.11.20
1.11.2
1.11.19
1.11.18
1.11.17
1.11.16
1.11.15
1.11.14
1.11.13
1.11.12
1.11.11
1.11.10
1.11.1
1.11.0
1.10.2
1.10.1
1.10.0
1.1.0-alpha.4
1.1.0-alpha.3
1.1.0-alpha.2
1.1.0-alpha.1
1.1.0
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0-alpha.3
1.0.0-alpha.2
1.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b4be82a5a'
${ noResults }
session-ios/SessionMessagingKit/Utilities/OWSIdentityManager.m

407 lines
14 KiB
Objective-C
Raw Blame History

//
// Copyright (c) 2018 Open Whisper Systems. All rights reserved.
//
#import "OWSIdentityManager.h"
#import "AppContext.h"
#import "AppReadiness.h"
#import "NSNotificationCenter+OWS.h"
#import "NotificationsProtocol.h"
#import "OWSFileSystem.h"
#import "OWSPrimaryStorage.h"
#import "OWSRecipientIdentity.h"
#import "OWSIdentityManager.h"
#import "SSKEnvironment.h"
#import "TSAccountManager.h"
#import "TSContactThread.h"
#import "TSErrorMessage.h"
#import "TSGroupThread.h"
#import "TSMessage.h"
#import "YapDatabaseConnection+OWS.h"
#import "YapDatabaseTransaction+OWS.h"
#import <Curve25519Kit/Curve25519.h>
#import <SignalCoreKit/NSDate+OWS.h>
#import <SessionMessagingKit/SessionMessagingKit-Swift.h>
#import <SessionUtilitiesKit/SessionUtilitiesKit.h>
#import <YapDatabase/YapDatabase.h>
NS_ASSUME_NONNULL_BEGIN
// Storing our own identity key
NSString *const OWSPrimaryStorageIdentityKeyStoreIdentityKey = @"TSStorageManagerIdentityKeyStoreIdentityKey";
NSString *const LKSeedKey = @"LKLokiSeed";
NSString *const LKED25519SecretKey = @"LKED25519SecretKey";
NSString *const LKED25519PublicKey = @"LKED25519PublicKey";
NSString *const OWSPrimaryStorageIdentityKeyStoreCollection = @"TSStorageManagerIdentityKeyStoreCollection";
// Storing recipients identity keys
NSString *const OWSPrimaryStorageTrustedKeysCollection = @"TSStorageManagerTrustedKeysCollection";
NSString *const OWSIdentityManager_QueuedVerificationStateSyncMessages =
@"OWSIdentityManager_QueuedVerificationStateSyncMessages";
// Don't trust an identity for sending to unless they've been around for at least this long
const NSTimeInterval kIdentityKeyStoreNonBlockingSecondsThreshold = 5.0;
// The canonical key includes 32 bytes of identity material plus one byte specifying the key type
const NSUInteger kIdentityKeyLength = 33;
// Cryptographic operations do not use the "type" byte of the identity key, so, for legacy reasons we store just
// the identity material.
// TODO: migrate to storing the full 33 byte representation.
const NSUInteger kStoredIdentityKeyLength = 32;
NSString *const kNSNotificationName_IdentityStateDidChange = @"kNSNotificationName_IdentityStateDidChange";
@interface OWSIdentityManager ()
@property (nonatomic, readonly) OWSPrimaryStorage *primaryStorage;
@end
#pragma mark -
@implementation OWSIdentityManager
+ (instancetype)sharedManager
{
return SSKEnvironment.shared.identityManager;
}
- (instancetype)initWithPrimaryStorage:(OWSPrimaryStorage *)primaryStorage
{
self = [super init];
if (!self) {
return self;
}
_primaryStorage = primaryStorage;
_dbConnection = primaryStorage.newDatabaseConnection;
self.dbConnection.objectCacheEnabled = NO;
[self observeNotifications];
return self;
}
- (void)dealloc
{
[[NSNotificationCenter defaultCenter] removeObserver:self];
}
#pragma mark -
- (void)observeNotifications
{
[[NSNotificationCenter defaultCenter] addObserver:self
selector:@selector(applicationDidBecomeActive:)
name:UIApplicationDidBecomeActiveNotification
object:nil];
}
- (void)generateNewIdentityKeyPair
{
ECKeyPair *keyPair = [Curve25519 generateKeyPair];
[self.dbConnection setObject:keyPair forKey:OWSPrimaryStorageIdentityKeyStoreIdentityKey inCollection:OWSPrimaryStorageIdentityKeyStoreCollection];
}
- (void)clearIdentityKey
{
[self.dbConnection removeObjectForKey:OWSPrimaryStorageIdentityKeyStoreIdentityKey
inCollection:OWSPrimaryStorageIdentityKeyStoreCollection];
}
- (nullable NSData *)identityKeyForRecipientId:(NSString *)recipientId
{
__block NSData *_Nullable result = nil;
[self.dbConnection readWithBlock:^(YapDatabaseReadTransaction *transaction) {
result = [self identityKeyForRecipientId:recipientId transaction:transaction];
}];
return result;
}
- (nullable NSData *)identityKeyForRecipientId:(NSString *)recipientId protocolContext:(nullable id)protocolContext
{
YapDatabaseReadTransaction *transaction = protocolContext;
return [self identityKeyForRecipientId:recipientId transaction:transaction];
}
- (nullable NSData *)identityKeyForRecipientId:(NSString *)recipientId
transaction:(YapDatabaseReadTransaction *)transaction
{
return [OWSRecipientIdentity fetchObjectWithUniqueID:recipientId transaction:transaction].identityKey;
}
- (nullable ECKeyPair *)identityKeyPair
{
__block ECKeyPair *_Nullable identityKeyPair = nil;
[self.dbConnection readWithBlock:^(YapDatabaseReadTransaction *_Nonnull transaction) {
identityKeyPair = [self identityKeyPairWithTransaction:transaction];
}];
return identityKeyPair;
}
// This method should only be called from SignalProtocolKit, which doesn't know about YapDatabaseTransactions.
// Whenever possible, prefer to call the strongly typed variant: `identityKeyPairWithTransaction:`.
- (nullable ECKeyPair *)identityKeyPair:(nullable id)protocolContext
{
YapDatabaseReadTransaction *transaction = protocolContext;
return [self identityKeyPairWithTransaction:transaction];
}
- (nullable ECKeyPair *)identityKeyPairWithTransaction:(YapDatabaseReadTransaction *)transaction
{
ECKeyPair *_Nullable identityKeyPair = [transaction keyPairForKey:OWSPrimaryStorageIdentityKeyStoreIdentityKey
inCollection:OWSPrimaryStorageIdentityKeyStoreCollection];
return identityKeyPair;
}
- (int)localRegistrationId:(nullable id)protocolContext
{
YapDatabaseReadWriteTransaction *transaction = protocolContext;
return (int)[TSAccountManager getOrGenerateRegistrationId:transaction];
}
- (BOOL)saveRemoteIdentity:(NSData *)identityKey recipientId:(NSString *)recipientId
{
__block BOOL result;
[LKStorage writeSyncWithBlock:^(YapDatabaseReadWriteTransaction *transaction) {
result = [self saveRemoteIdentity:identityKey recipientId:recipientId protocolContext:transaction];
}];
return result;
}
- (BOOL)saveRemoteIdentity:(NSData *)identityKey
recipientId:(NSString *)recipientId
protocolContext:(nullable id)protocolContext
{
YapDatabaseReadWriteTransaction *transaction = protocolContext;
// Deprecated. We actually no longer use the OWSPrimaryStorageTrustedKeysCollection for trust
// decisions, but it's desirable to try to keep it up to date with our trusted identitys
// while we're switching between versions, e.g. so we don't get into a state where we have a
// session for an identity not in our key store.
[transaction setObject:identityKey forKey:recipientId inCollection:OWSPrimaryStorageTrustedKeysCollection];
OWSRecipientIdentity *existingIdentity =
[OWSRecipientIdentity fetchObjectWithUniqueID:recipientId transaction:transaction];
if (existingIdentity == nil) {
[[[OWSRecipientIdentity alloc] initWithRecipientId:recipientId
identityKey:identityKey
isFirstKnownKey:YES
createdAt:[NSDate new]
verificationState:OWSVerificationStateDefault]
saveWithTransaction:transaction];
[self fireIdentityStateChangeNotification];
return NO;
}
if (![existingIdentity.identityKey isEqual:identityKey]) {
OWSVerificationState verificationState;
switch (existingIdentity.verificationState) {
case OWSVerificationStateDefault:
verificationState = OWSVerificationStateDefault;
break;
case OWSVerificationStateVerified:
case OWSVerificationStateNoLongerVerified:
verificationState = OWSVerificationStateNoLongerVerified;
break;
}
[[[OWSRecipientIdentity alloc] initWithRecipientId:recipientId
identityKey:identityKey
isFirstKnownKey:NO
createdAt:[NSDate new]
verificationState:verificationState] saveWithTransaction:transaction];
[self fireIdentityStateChangeNotification];
return YES;
}
return NO;
}
- (nullable OWSRecipientIdentity *)recipientIdentityForRecipientId:(NSString *)recipientId
{
__block OWSRecipientIdentity *_Nullable result;
[self.dbConnection readWithBlock:^(YapDatabaseReadTransaction *_Nonnull transaction) {
result = [OWSRecipientIdentity fetchObjectWithUniqueID:recipientId transaction:transaction];
}];
return result;
}
- (nullable OWSRecipientIdentity *)untrustedIdentityForSendingToRecipientId:(NSString *)recipientId
{
__block OWSRecipientIdentity *_Nullable result;
[self.dbConnection readWithBlock:^(YapDatabaseReadTransaction *_Nonnull transaction) {
OWSRecipientIdentity *_Nullable recipientIdentity =
[OWSRecipientIdentity fetchObjectWithUniqueID:recipientId transaction:transaction];
if (recipientIdentity == nil) {
// trust on first use
return;
}
BOOL isTrusted = [self isTrustedIdentityKey:recipientIdentity.identityKey
recipientId:recipientId
direction:TSMessageDirectionOutgoing
transaction:transaction];
if (isTrusted) {
return;
} else {
result = recipientIdentity;
}
}];
return result;
}
- (void)fireIdentityStateChangeNotification
{
[[NSNotificationCenter defaultCenter] postNotificationNameAsync:kNSNotificationName_IdentityStateDidChange
object:nil
userInfo:nil];
}
- (BOOL)isTrustedIdentityKey:(NSData *)identityKey
recipientId:(NSString *)recipientId
direction:(TSMessageDirection)direction
protocolContext:(nullable id)protocolContext
{
YapDatabaseReadWriteTransaction *transaction = protocolContext;
return [self isTrustedIdentityKey:identityKey recipientId:recipientId direction:direction transaction:transaction];
}
- (BOOL)isTrustedIdentityKey:(NSData *)identityKey
recipientId:(NSString *)recipientId
direction:(TSMessageDirection)direction
transaction:(YapDatabaseReadTransaction *)transaction
{
if ([[TSAccountManager localNumber] isEqualToString:recipientId]) {
ECKeyPair *_Nullable localIdentityKeyPair = [self identityKeyPairWithTransaction:transaction];
if ([localIdentityKeyPair.publicKey isEqualToData:identityKey]) {
return YES;
} else {
return NO;
}
}
switch (direction) {
case TSMessageDirectionIncoming: {
return YES;
}
case TSMessageDirectionOutgoing: {
OWSRecipientIdentity *existingIdentity =
[OWSRecipientIdentity fetchObjectWithUniqueID:recipientId transaction:transaction];
return [self isTrustedKey:identityKey forSendingToIdentity:existingIdentity];
}
default: {
return NO;
}
}
}
- (BOOL)isTrustedKey:(NSData *)identityKey forSendingToIdentity:(nullable OWSRecipientIdentity *)recipientIdentity
{
if (recipientIdentity == nil) {
return YES;
}
if (![recipientIdentity.identityKey isEqualToData:identityKey]) {
return NO;
}
if ([recipientIdentity isFirstKnownKey]) {
return YES;
}
switch (recipientIdentity.verificationState) {
case OWSVerificationStateDefault: {
BOOL isNew = (fabs([recipientIdentity.createdAt timeIntervalSinceNow])
< kIdentityKeyStoreNonBlockingSecondsThreshold);
if (isNew) {
return NO;
} else {
return YES;
}
}
case OWSVerificationStateVerified:
return YES;
case OWSVerificationStateNoLongerVerified:
return NO;
}
}
#pragma mark - Debug
#if DEBUG
- (void)clearIdentityState:(YapDatabaseReadWriteTransaction *)transaction
{
NSMutableArray<NSString *> *identityKeysToRemove = [NSMutableArray new];
[transaction enumerateKeysInCollection:OWSPrimaryStorageIdentityKeyStoreCollection
usingBlock:^(NSString *_Nonnull key, BOOL *_Nonnull stop) {
if ([key isEqualToString:OWSPrimaryStorageIdentityKeyStoreIdentityKey]) {
// Don't delete our own key.
return;
}
[identityKeysToRemove addObject:key];
}];
for (NSString *key in identityKeysToRemove) {
[transaction removeObjectForKey:key inCollection:OWSPrimaryStorageIdentityKeyStoreCollection];
}
[transaction removeAllObjectsInCollection:OWSPrimaryStorageTrustedKeysCollection];
}
- (NSString *)identityKeySnapshotFilePath
{
// Prefix name with period "." so that backups will ignore these snapshots.
NSString *dirPath = [OWSFileSystem appDocumentDirectoryPath];
return [dirPath stringByAppendingPathComponent:@".identity-key-snapshot"];
}
- (NSString *)trustedKeySnapshotFilePath
{
// Prefix name with period "." so that backups will ignore these snapshots.
NSString *dirPath = [OWSFileSystem appDocumentDirectoryPath];
return [dirPath stringByAppendingPathComponent:@".trusted-key-snapshot"];
}
- (void)snapshotIdentityState:(YapDatabaseReadWriteTransaction *)transaction
{
[transaction snapshotCollection:OWSPrimaryStorageIdentityKeyStoreCollection
snapshotFilePath:self.identityKeySnapshotFilePath];
[transaction snapshotCollection:OWSPrimaryStorageTrustedKeysCollection
snapshotFilePath:self.trustedKeySnapshotFilePath];
}
- (void)restoreIdentityState:(YapDatabaseReadWriteTransaction *)transaction
{
[transaction restoreSnapshotOfCollection:OWSPrimaryStorageIdentityKeyStoreCollection
snapshotFilePath:self.identityKeySnapshotFilePath];
[transaction restoreSnapshotOfCollection:OWSPrimaryStorageTrustedKeysCollection
snapshotFilePath:self.trustedKeySnapshotFilePath];
}
#endif
#pragma mark - Notifications
- (void)applicationDidBecomeActive:(NSNotification *)notification
{
}
@end
NS_ASSUME_NONNULL_END
Reference in New Issue View Git Blame Copy Permalink