signal-desktop/libtextsecure/account_manager.js

297 lines
15 KiB
JavaScript
Raw Normal View History

/*
* vim: ts=4:sw=4:expandtab
*/
;(function () {
'use strict';
window.textsecure = window.textsecure || {};
var ARCHIVE_AGE = 7 * 24 * 60 * 60 * 1000;
Certificate pinning via node XMLHttpRequest implementation (#1394) * Add certificate pinning on https service requests Make https requests to the server using node apis instead of browser apis, so we can specify our own CA list, which contains only our own CA. This protects us from MITM by a rogue CA. As a bonus, this let's us drop the use of non-standard ports and just use good ol' default 443 all the time, at least for http requests. // FREEBIE * Make certificateAuthorities an option on requests Modify node-based xhr implementation based on driverdan/node-XMLHttpRequest, adding support for setting certificate authorities on each request. This allows us to pin our master CA for requests to the server and cdn but not to the s3 attachment server, for instance. Also fix an exception when sending binary data in a request: it is submitted as an array buffer, and must be converted to a node Buffer since we are now using a node based request api. // FREEBIE * Import node-based xhr implementation Add a copy of https://github.com/driverdan/node-XMLHttpRequest@86ff70e, and expose it to the renderer in the preload script. In later commits this module will be extended to support custom certificate authorities. // FREEBIE * Support "arraybuffer" responseType on requests When fetching attachments, we want the result as binary data rather than a utf8 string. This lets our node-based XMLHttpRequest honor the responseType property if it is set on the xhr. Note that naively using the raw `.buffer` from a node Buffer won't work, since it is a reuseable backing buffer that is often much larger than the actual content defined by the Buffer's offset and length. Instead, we'll prepare a return buffer based on the response's content length header, and incrementally write chunks of data into it as they arrive. // FREEBIE * Switch to self-signed server endpoint * Log more error info on failed requests With the node-based xhr, relevant error info are stored in statusText and responseText when a request fails. // FREEBIE * Add node-based websocket w/ support for custom CA // FREEBIE * Support handling array buffers instead of blobs Our node-based websocket calls onmessage with an arraybuffer instead of a blob. For robustness (on the off chance we switch or update the socket implementation agian) I've kept the machinery for converting blobs to array buffers. // FREEBIE * Destroy all wacky server ports // FREEBIE
2017-09-01 15:58:58 +00:00
function AccountManager(url, username, password) {
this.server = new TextSecureServer(url, username, password);
this.pending = Promise.resolve();
}
AccountManager.prototype = new textsecure.EventTarget();
AccountManager.prototype.extend({
constructor: AccountManager,
requestVoiceVerification: function(number) {
return this.server.requestVerificationVoice(number);
},
requestSMSVerification: function(number) {
return this.server.requestVerificationSMS(number);
},
registerSingleDevice: function(number, verificationCode) {
var registerKeys = this.server.registerKeys.bind(this.server);
var createAccount = this.createAccount.bind(this);
var generateKeys = this.generateKeys.bind(this, 100);
var registrationDone = this.registrationDone.bind(this);
return this.queueTask(function() {
return libsignal.KeyHelper.generateIdentityKeyPair().then(function(identityKeyPair) {
Profiles (#1453) * Add AES-GCM encryption for profiles With tests. * Add profileKey to DataMessage protobuf // FREEBIE * Decrypt and save profile names // FREEBIE * Save incoming profile keys * Move pad/unpad to crypto module // FREEBIE * Support fetching avatars from the cdn // FREEBIE * Translate failed authentication errors When AES-GCM authentication fails, webcrypto returns a very generic error. The same error is thrown for invalid length inputs, but our earlier checks in decryptProfile should rule out those failure modes and leave us safe to assume that we either had bad ciphertext or the wrong key. // FREEBIE * Handle profile avatars (wip) and log decrypt errors // FREEBIE * Display profile avatars Synced contact avatars will still override profile avatars. * Display profile names in convo list Only if we don't have a synced contact name. // FREEBIE * Make cdn url an environment config Use different ones for staging and production // FREEBIE * Display profile name in conversation header * Display profile name in group messages * Update conversation header if profile avatar changes // FREEBIE * Style profile names small with ~ * Save profileKeys from contact sync messages // FREEBIE * Save profile keys from provisioning messages For standalone accounts, generate a random profile key. // FREEBIE * Special case for one-time sync of our profile key Android will use a contact sync message to sync a profile key from Android clients who have just upgraded and generated their profile key. Normally we should receive this data in a provisioning message. // FREEBIE * Infer profile sharing from synced data messages * Populate profile keys on outgoing messages Requires that `profileSharing` be set on the conversation. // FREEBIE * Support for the profile key update flag When receiving a message with this flag, don't init a message record, just process the profile key and move on. // FREEBIE * Display profile names in group member list * Refresh contact's profile on profile key changes // FREEBIE * Catch errors on profile save // FREEBIE * Save our own synced contact info Don't return early if we get a contact sync for our own number // FREEBIE
2017-09-11 16:50:35 +00:00
var profileKey = textsecure.crypto.getRandomBytes(32);
return createAccount(number, verificationCode, identityKeyPair, profileKey).
then(generateKeys).
then(registerKeys).
then(registrationDone);
});
});
},
registerSecondDevice: function(setProvisioningUrl, confirmNumber, progressCallback) {
var createAccount = this.createAccount.bind(this);
var generateKeys = this.generateKeys.bind(this, 100, progressCallback);
var registrationDone = this.registrationDone.bind(this);
var registerKeys = this.server.registerKeys.bind(this.server);
var getSocket = this.server.getProvisioningSocket.bind(this.server);
var queueTask = this.queueTask.bind(this);
var provisioningCipher = new libsignal.ProvisioningCipher();
var gotProvisionEnvelope = false;
return provisioningCipher.getPublicKey().then(function(pubKey) {
return new Promise(function(resolve, reject) {
var socket = getSocket();
socket.onclose = function(e) {
2017-04-11 21:43:25 +00:00
console.log('provisioning socket closed', e.code);
if (!gotProvisionEnvelope) {
reject(new Error('websocket closed'));
}
};
2017-04-11 21:43:25 +00:00
socket.onopen = function(e) {
console.log('provisioning socket open');
};
var wsr = new WebSocketResource(socket, {
keepalive: { path: '/v1/keepalive/provisioning' },
handleRequest: function(request) {
if (request.path === "/v1/address" && request.verb === "PUT") {
var proto = textsecure.protobuf.ProvisioningUuid.decode(request.body);
setProvisioningUrl([
'tsdevice:/?uuid=', proto.uuid, '&pub_key=',
encodeURIComponent(btoa(getString(pubKey)))
].join(''));
request.respond(200, 'OK');
} else if (request.path === "/v1/message" && request.verb === "PUT") {
var envelope = textsecure.protobuf.ProvisionEnvelope.decode(request.body, 'binary');
request.respond(200, 'OK');
gotProvisionEnvelope = true;
wsr.close();
resolve(provisioningCipher.decrypt(envelope).then(function(provisionMessage) {
return queueTask(function() {
return confirmNumber(provisionMessage.number).then(function(deviceName) {
if (typeof deviceName !== 'string' || deviceName.length === 0) {
throw new Error('Invalid device name');
}
return createAccount(
provisionMessage.number,
provisionMessage.provisioningCode,
provisionMessage.identityKeyPair,
Profiles (#1453) * Add AES-GCM encryption for profiles With tests. * Add profileKey to DataMessage protobuf // FREEBIE * Decrypt and save profile names // FREEBIE * Save incoming profile keys * Move pad/unpad to crypto module // FREEBIE * Support fetching avatars from the cdn // FREEBIE * Translate failed authentication errors When AES-GCM authentication fails, webcrypto returns a very generic error. The same error is thrown for invalid length inputs, but our earlier checks in decryptProfile should rule out those failure modes and leave us safe to assume that we either had bad ciphertext or the wrong key. // FREEBIE * Handle profile avatars (wip) and log decrypt errors // FREEBIE * Display profile avatars Synced contact avatars will still override profile avatars. * Display profile names in convo list Only if we don't have a synced contact name. // FREEBIE * Make cdn url an environment config Use different ones for staging and production // FREEBIE * Display profile name in conversation header * Display profile name in group messages * Update conversation header if profile avatar changes // FREEBIE * Style profile names small with ~ * Save profileKeys from contact sync messages // FREEBIE * Save profile keys from provisioning messages For standalone accounts, generate a random profile key. // FREEBIE * Special case for one-time sync of our profile key Android will use a contact sync message to sync a profile key from Android clients who have just upgraded and generated their profile key. Normally we should receive this data in a provisioning message. // FREEBIE * Infer profile sharing from synced data messages * Populate profile keys on outgoing messages Requires that `profileSharing` be set on the conversation. // FREEBIE * Support for the profile key update flag When receiving a message with this flag, don't init a message record, just process the profile key and move on. // FREEBIE * Display profile names in group member list * Refresh contact's profile on profile key changes // FREEBIE * Catch errors on profile save // FREEBIE * Save our own synced contact info Don't return early if we get a contact sync for our own number // FREEBIE
2017-09-11 16:50:35 +00:00
provisionMessage.profileKey,
deviceName,
provisionMessage.userAgent
).then(generateKeys).
then(registerKeys).
then(registrationDone);
});
});
}));
} else {
console.log('Unknown websocket message', request.path);
2015-07-28 21:58:55 +00:00
}
}
});
});
});
},
refreshPreKeys: function() {
var generateKeys = this.generateKeys.bind(this, 100);
var registerKeys = this.server.registerKeys.bind(this.server);
return this.queueTask(function() {
return this.server.getMyKeys().then(function(preKeyCount) {
console.log('prekey count ' + preKeyCount);
if (preKeyCount < 10) {
return generateKeys().then(registerKeys);
}
});
}.bind(this));
},
rotateSignedPreKey: function() {
return this.queueTask(function() {
var signedKeyId = textsecure.storage.get('signedKeyId', 1);
if (typeof signedKeyId != 'number') {
throw new Error('Invalid signedKeyId');
}
var store = textsecure.storage.protocol;
var server = this.server;
var cleanSignedPreKeys = this.cleanSignedPreKeys;
return store.getIdentityKeyPair().then(function(identityKey) {
return libsignal.KeyHelper.generateSignedPreKey(identityKey, signedKeyId);
}).then(function(res) {
return server.setSignedPreKey({
keyId : res.keyId,
publicKey : res.keyPair.pubKey,
signature : res.signature
}).then(function() {
textsecure.storage.put('signedKeyId', signedKeyId + 1);
textsecure.storage.remove('signedKeyRotationRejected');
return store.storeSignedPreKey(res.keyId, res.keyPair).then(function() {
return cleanSignedPreKeys();
});
}).catch(function(e) {
if (e instanceof Error && e.name == 'HTTPError' && e.code >= 400 && e.code <= 599) {
var rejections = 1 + textsecure.storage.get('signedKeyRotationRejected', 0);
textsecure.storage.put('signedKeyRotationRejected', rejections);
console.log('Signed key rotation rejected count:', rejections);
}
});
});
}.bind(this));
},
queueTask: function(task) {
var taskWithTimeout = textsecure.createTaskWithTimeout(task);
return this.pending = this.pending.then(taskWithTimeout, taskWithTimeout);
},
cleanSignedPreKeys: function() {
var nextSignedKeyId = textsecure.storage.get('signedKeyId');
if (typeof nextSignedKeyId != 'number') {
return Promise.resolve();
}
var activeSignedPreKeyId = nextSignedKeyId - 1;
var store = textsecure.storage.protocol;
return store.loadSignedPreKeys().then(function(allRecords) {
var oldRecords = allRecords.filter(function(record) {
return record.keyId !== activeSignedPreKeyId;
});
oldRecords.sort(function(a, b) {
return (a.created_at || 0) - (b.created_at || 0);
});
console.log("Active signed prekey: " + activeSignedPreKeyId);
console.log("Old signed prekey record count: " + oldRecords.length);
oldRecords.forEach(function(oldRecord) {
if ( oldRecord.keyId > activeSignedPreKeyId - 3 ) {
// keep at least the last 3 signed keys
return;
}
var created_at = oldRecord.created_at || 0;
var archiveDuration = Date.now() - created_at;
if (archiveDuration > ARCHIVE_AGE) {
console.log("Removing signed prekey record:",
oldRecord.keyId, "with timestamp:", created_at);
store.removeSignedPreKey(oldRecord.keyId);
}
});
});
},
Profiles (#1453) * Add AES-GCM encryption for profiles With tests. * Add profileKey to DataMessage protobuf // FREEBIE * Decrypt and save profile names // FREEBIE * Save incoming profile keys * Move pad/unpad to crypto module // FREEBIE * Support fetching avatars from the cdn // FREEBIE * Translate failed authentication errors When AES-GCM authentication fails, webcrypto returns a very generic error. The same error is thrown for invalid length inputs, but our earlier checks in decryptProfile should rule out those failure modes and leave us safe to assume that we either had bad ciphertext or the wrong key. // FREEBIE * Handle profile avatars (wip) and log decrypt errors // FREEBIE * Display profile avatars Synced contact avatars will still override profile avatars. * Display profile names in convo list Only if we don't have a synced contact name. // FREEBIE * Make cdn url an environment config Use different ones for staging and production // FREEBIE * Display profile name in conversation header * Display profile name in group messages * Update conversation header if profile avatar changes // FREEBIE * Style profile names small with ~ * Save profileKeys from contact sync messages // FREEBIE * Save profile keys from provisioning messages For standalone accounts, generate a random profile key. // FREEBIE * Special case for one-time sync of our profile key Android will use a contact sync message to sync a profile key from Android clients who have just upgraded and generated their profile key. Normally we should receive this data in a provisioning message. // FREEBIE * Infer profile sharing from synced data messages * Populate profile keys on outgoing messages Requires that `profileSharing` be set on the conversation. // FREEBIE * Support for the profile key update flag When receiving a message with this flag, don't init a message record, just process the profile key and move on. // FREEBIE * Display profile names in group member list * Refresh contact's profile on profile key changes // FREEBIE * Catch errors on profile save // FREEBIE * Save our own synced contact info Don't return early if we get a contact sync for our own number // FREEBIE
2017-09-11 16:50:35 +00:00
createAccount: function(number, verificationCode, identityKeyPair, profileKey, deviceName, userAgent) {
var signalingKey = libsignal.crypto.getRandomBytes(32 + 20);
var password = btoa(getString(libsignal.crypto.getRandomBytes(16)));
password = password.substring(0, password.length - 2);
var registrationId = libsignal.KeyHelper.generateRegistrationId();
return this.server.confirmCode(
number, verificationCode, password, signalingKey, registrationId, deviceName
).then(function(response) {
2016-04-22 20:39:05 +00:00
return textsecure.storage.protocol.clearSessionStore().then(function() {
textsecure.storage.remove('identityKey');
textsecure.storage.remove('signaling_key');
textsecure.storage.remove('password');
textsecure.storage.remove('registrationId');
textsecure.storage.remove('number_id');
textsecure.storage.remove('device_name');
textsecure.storage.remove('regionCode');
textsecure.storage.remove('userAgent');
Profiles (#1453) * Add AES-GCM encryption for profiles With tests. * Add profileKey to DataMessage protobuf // FREEBIE * Decrypt and save profile names // FREEBIE * Save incoming profile keys * Move pad/unpad to crypto module // FREEBIE * Support fetching avatars from the cdn // FREEBIE * Translate failed authentication errors When AES-GCM authentication fails, webcrypto returns a very generic error. The same error is thrown for invalid length inputs, but our earlier checks in decryptProfile should rule out those failure modes and leave us safe to assume that we either had bad ciphertext or the wrong key. // FREEBIE * Handle profile avatars (wip) and log decrypt errors // FREEBIE * Display profile avatars Synced contact avatars will still override profile avatars. * Display profile names in convo list Only if we don't have a synced contact name. // FREEBIE * Make cdn url an environment config Use different ones for staging and production // FREEBIE * Display profile name in conversation header * Display profile name in group messages * Update conversation header if profile avatar changes // FREEBIE * Style profile names small with ~ * Save profileKeys from contact sync messages // FREEBIE * Save profile keys from provisioning messages For standalone accounts, generate a random profile key. // FREEBIE * Special case for one-time sync of our profile key Android will use a contact sync message to sync a profile key from Android clients who have just upgraded and generated their profile key. Normally we should receive this data in a provisioning message. // FREEBIE * Infer profile sharing from synced data messages * Populate profile keys on outgoing messages Requires that `profileSharing` be set on the conversation. // FREEBIE * Support for the profile key update flag When receiving a message with this flag, don't init a message record, just process the profile key and move on. // FREEBIE * Display profile names in group member list * Refresh contact's profile on profile key changes // FREEBIE * Catch errors on profile save // FREEBIE * Save our own synced contact info Don't return early if we get a contact sync for our own number // FREEBIE
2017-09-11 16:50:35 +00:00
textsecure.storage.remove('profileKey');
// update our own identity key, which may have changed
// if we're relinking after a reinstall on the master device
textsecure.storage.protocol.saveIdentityWithAttributes(number, {
id : number,
publicKey : identityKeyPair.pubKey,
firstUse : true,
timestamp : Date.now(),
verified : textsecure.storage.protocol.VerifiedStatus.VERIFIED,
nonblockingApproval : true
});
textsecure.storage.put('identityKey', identityKeyPair);
textsecure.storage.put('signaling_key', signalingKey);
textsecure.storage.put('password', password);
textsecure.storage.put('registrationId', registrationId);
if (profileKey) {
textsecure.storage.put('profileKey', profileKey);
}
if (userAgent) {
textsecure.storage.put('userAgent', userAgent);
}
textsecure.storage.user.setNumberAndDeviceId(number, response.deviceId || 1, deviceName);
textsecure.storage.put('regionCode', libphonenumber.util.getRegionCodeForNumber(number));
this.server.username = textsecure.storage.get('number_id');
}.bind(this));
}.bind(this));
},
generateKeys: function (count, progressCallback) {
if (typeof progressCallback !== 'function') {
progressCallback = undefined;
}
var startId = textsecure.storage.get('maxPreKeyId', 1);
var signedKeyId = textsecure.storage.get('signedKeyId', 1);
if (typeof startId != 'number') {
throw new Error('Invalid maxPreKeyId');
}
if (typeof signedKeyId != 'number') {
throw new Error('Invalid signedKeyId');
}
2016-04-22 20:39:05 +00:00
var store = textsecure.storage.protocol;
return store.getIdentityKeyPair().then(function(identityKey) {
var result = { preKeys: [], identityKey: identityKey.pubKey };
var promises = [];
for (var keyId = startId; keyId < startId+count; ++keyId) {
promises.push(
libsignal.KeyHelper.generatePreKey(keyId).then(function(res) {
store.storePreKey(res.keyId, res.keyPair);
result.preKeys.push({
keyId : res.keyId,
publicKey : res.keyPair.pubKey
});
if (progressCallback) { progressCallback(); }
})
);
}
promises.push(
libsignal.KeyHelper.generateSignedPreKey(identityKey, signedKeyId).then(function(res) {
store.storeSignedPreKey(res.keyId, res.keyPair);
result.signedPreKey = {
keyId : res.keyId,
publicKey : res.keyPair.pubKey,
signature : res.signature
};
})
);
textsecure.storage.put('maxPreKeyId', startId + count);
textsecure.storage.put('signedKeyId', signedKeyId + 1);
return Promise.all(promises).then(function() {
return this.cleanSignedPreKeys().then(function() {
return result;
});
}.bind(this));
}.bind(this));
},
registrationDone: function() {
2017-02-04 05:21:18 +00:00
console.log('registration done');
this.dispatchEvent(new Event('registration'));
}
});
textsecure.AccountManager = AccountManager;
}());