mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Optimize publicKey deserialization for server trust root

Browse source
This commit is contained in:
trevor-signal 2025-05-02 14:09:25 -04:00 committed by GitHub
commit ae6ffd26e7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ts/test-electron/MessageReceiver_test.ts
View file

@ -13,6 +13,7 @@ import { generateAci } from '../types/ServiceId';
import type { AciString } from '../types/ServiceId'; import type { AciString } from '../types/ServiceId';
import { SignalService as Proto } from '../protobuf'; import { SignalService as Proto } from '../protobuf';
import * as Crypto from '../Crypto'; import * as Crypto from '../Crypto';
import { toBase64 } from '../Bytes';
describe('MessageReceiver', () => { describe('MessageReceiver', () => {
const someAci = generateAci(); const someAci = generateAci();
@ -37,9 +38,12 @@ describe('MessageReceiver', () => {
describe('connecting', () => { describe('connecting', () => {
it('generates decryption-error event when it cannot decrypt', async () => { it('generates decryption-error event when it cannot decrypt', async () => {
const fakeTrustRootPublicKey = Crypto.getRandomBytes(33);
fakeTrustRootPublicKey.set([5], 0); // first byte is the key type (5)
const messageReceiver = new MessageReceiver({ const messageReceiver = new MessageReceiver({
storage: window.storage, storage: window.storage,
serverTrustRoot: 'AAAAAAAA', serverTrustRoot: toBase64(fakeTrustRootPublicKey),
}); });
const body = Proto.Envelope.encode({ const body = Proto.Envelope.encode({

15
ts/textsecure/MessageReceiver.ts
View file

@ -300,7 +300,7 @@ export default class MessageReceiver
#encryptedQueue: PQueue; #encryptedQueue: PQueue;
#decryptedQueue: PQueue; #decryptedQueue: PQueue;
#retryCachedTimeout: NodeJS.Timeout | undefined; #retryCachedTimeout: NodeJS.Timeout | undefined;
#serverTrustRoot: Uint8Array; #serverTrustRoot: PublicKey;
#stoppingProcessing?: boolean; #stoppingProcessing?: boolean;
#pniIdentityKeyCheckRequired?: boolean; #pniIdentityKeyCheckRequired?: boolean;
@ -315,7 +315,9 @@ export default class MessageReceiver
if (!serverTrustRoot) { if (!serverTrustRoot) {
throw new Error('Server trust root is required!'); throw new Error('Server trust root is required!');
} }
this.#serverTrustRoot = Bytes.fromBase64(serverTrustRoot); this.#serverTrustRoot = PublicKey.deserialize(
Buffer.from(Bytes.fromBase64(serverTrustRoot))
);
this.#incomingQueue = new PQueue({ this.#incomingQueue = new PQueue({
concurrency: 1, concurrency: 1,
@ -1637,12 +1639,7 @@ export default class MessageReceiver
`${logId}: Sealed sender message was missing serverTimestamp` `${logId}: Sealed sender message was missing serverTimestamp`
); );
if ( if (!certificate.validate(this.#serverTrustRoot, serverTimestamp)) {
!certificate.validate(
PublicKey.deserialize(Buffer.from(this.#serverTrustRoot)),
serverTimestamp
)
) {
throw new Error(`${logId}: Sealed sender certificate validation failed`); throw new Error(`${logId}: Sealed sender certificate validation failed`);
} }
@ -1794,7 +1791,7 @@ export default class MessageReceiver
() => () =>
sealedSenderDecryptMessage( sealedSenderDecryptMessage(
Buffer.from(ciphertext), Buffer.from(ciphertext),
PublicKey.deserialize(Buffer.from(this.#serverTrustRoot)), this.#serverTrustRoot,
envelope.serverTimestamp, envelope.serverTimestamp,
localE164 || null, localE164 || null,
destinationServiceId, destinationServiceId,