Commit graph

120 commits

Author SHA1 Message Date
Scott Nonnenberg
a0ed993b42 Now we've got everything prettified! 2018-05-02 13:40:57 -07:00
Daniel Gasienica
95321e5d3e Remove Vim mode lines 2018-04-30 16:53:34 -04:00
Scott Nonnenberg
c02860af5c
Responding to pull request review feedback
- messages.getQuoteObjectUrl: early return
- backup.js: explaining variables for long if statement
- types/messages.js: Log if thumbnail has neither data nor path
- sendmessage.js:
  - remove extraneous logging
  - fix indentation
  - upload attachments and thumbnails in parallel
- preload: don't load fs for tests, just fse
- _conversation.scss: split two selectors into two lines, 0px -> 0
- backup_test.js: use fse.existsSync and comment twoSlashes regex
- network_tests_view_test.js: Comment duplicate assignment to window.getSocketStatus
2018-04-23 15:36:47 -07:00
Scott Nonnenberg
73edabfb17
Full pipeline to send quotes, including thumbnail upload 2018-04-20 15:23:57 -07:00
Daniel Gasienica
32911002d4 Verify makeAttachmentPointer and encryptAttachment arguments
The underlying `crypto.subtle.encrypt` API requires it.
2018-03-26 16:38:34 -04:00
Daniel Gasienica
b6ef67c402 Sync Protocol Buffers with libsignal-service-java (#2046)
Synchronizes our protocol buffers with `libsignal-service-java` project.

**Changes**
- [x] **BREAKING:** Rename `package` from `textsecure` to `signalservice`.
      ⚠️~~Workaround: Rename back to `textsecure`.~~
      Changed all protobuf `package` names across our project.
- [x] Rename `java_` metadata.
- [x] Move `NullMessage`, `ReceiptMessage`, and `Verified`.
- [x] Rename `Contacts.isComplete` to `Contacts.complete`. Confirmed to be
      unreferenced in our project.
- [x] Rename `Settings` to `Configuration` (`textsecure.protobuf.Settings` seems
      to be unused)
  - [x] Rename `libtextsecure` `MessageReceiver` `settings` event to
        `configuration`.
- [x] Rename `ReceiptMessage.timestamps` to `ReceiptMessage.timestamp`.
- [x] Add `AttachmentPointer` `width` and `height`.
- [x] Renamed `IncomingPushMessageSignal.proto` to `SignalService.proto` to
      match server.

---

commit 2b6aa19bf9ea5d8f2f4fd9e4102699a9d06a2b45
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Wed Feb 14 19:41:24 2018 -0500

    Rename protobuf `package`: `textsecure` --> `signalservice`

    Brings us closer to `libsignal-service-java`.

commit 91612880a5bf2c9ae8a9334877ac24e91102b905
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Wed Feb 14 19:19:35 2018 -0500

    Rename `SyncMessage.Settings` to `SyncMessage.Configuration`

commit 848eb9559928c54dffd3426bba8e7cd7b1687cdc
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Tue Feb 13 20:16:43 2018 -0500

    Rename `ReadReceipt` `timestamps` --> `timestamp`

commit 39859e64b41ddf41127b52d963fe7cc2b9fcad68
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Wed Feb 14 18:43:42 2018 -0500

    Rename `IncomingPushMessageSignal.proto` to `SignalService.proto`

    This matches the `libsignal-service-java` filename.

commit fd4bfd76af57ffa44178caf21d350cca211dc048
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Tue Feb 13 16:24:36 2018 -0500

    Revert protobuf `package` to `textsecure`

    This was a breaking change and would need to be introduced with additional
    changes.

commit 9f618fa91717a0349f1ea28bf6d365ef0a5c9ca5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Tue Feb 13 16:09:55 2018 -0500

    Sync service protocol buffers with Java project

    Snapshot: 4684a49b2e/protobuf/SignalService.proto
2018-02-15 15:06:14 -05:00
Scott Nonnenberg
bbab4bba10
Fix device ID check, clean up prekey fetch logging (#1961)
* DeviceId is a string, so we use the less-strict comparison

* Clean up prekey fetch logging
2018-01-10 18:12:24 -08:00
Scott Nonnenberg
2fdb048721
NullMessage sent before verification sync should not be silent (#1857) 2017-12-04 15:28:38 -08:00
Scott Nonnenberg
21325bc922
Move sync messages to silent = true (#1843)
* Set silent = true for all sync messages

* sendmessage.js: Remove brace-less if
2017-12-01 13:31:48 -08:00
Scott Nonnenberg
158b575885
Proper session reset: Delete sessions before and after (#1796)
* web requests: Don't fail if JSON not well-formed in error cases

Turns out that before our move to node-fetch, we ignored JSON.parse()
failures: https://github.com/WhisperSystems/Signal-Desktop/pull/1552/files#diff-1103a6aff0f28b6066715c6994278767L37518

* Update to libsignal v1.2.0, delete sessions on reset session

Previously we only archived sessions when sending or receiving a
'reset secure session, which didn't match up with the mobile apps.
2017-11-21 15:20:07 -08:00
Lilia
52cc8355a6 Feature: Blue check marks for read messages if opted in (#1489)
* Refactor delivery receipt event handler

* Rename the delivery receipt event

For less ambiguity with read receipts.

* Rename synced read event

For less ambiguity with read receipts from other Signal users.

* Add support for incoming receipt messages

Handle ReceiptMessages, which may include encrypted delivery receipts or read
receipts from recipients of our sent messages.

// FREEBIE

* Rename ReadReceipts to ReadSyncs

* Render read messages with blue double checks

* Send read receipts to senders of incoming messages

// FREEBIE

* Move ReadSyncs to their own file

// FREEBIE

* Fixup old comments on read receipts (now read syncs)

And some variable renaming for extra clarity.

// FREEBIE

* Add global setting for read receipts

Don't send read receipt messages unless the setting is enabled.
Don't process read receipts if the setting is disabled.

// FREEBIE

* Sync read receipt setting from mobile

Toggling this setting on your mobile device should sync it to Desktop. When
linking, use the setting in the provisioning message.

// FREEBIE

* Send receipt messages silently

Avoid generating phantom messages on ios

// FREEBIE

* Save recipients on the outgoing message models

For accurate tracking and display of sent/delivered/read state, even if group
membership changes later.

// FREEBIE

* Fix conversation type in profile key update handling

// FREEBIE

* Set recipients on synced sent messages

* Render saved recipients in message detail if available

For older messages, where we did not save the intended set of recipients at the
time of sending, fall back to the current group membership.

// FREEBIE

* Record who has been successfully sent to

// FREEBIE

* Record who a message has been delivered to

* Invert the not-clickable class

* Fix readReceipt setting sync when linking

* Render per recipient sent/delivered/read status

In the message detail view for outgoing messages, render each recipient's
individual sent/delivered/read status with respect to this message, as long as
there are no errors associated with the recipient (ie, safety number changes,
user not registered, etc...) since the error icon is displayed in that case.

*Messages sent before this change may not have per-recipient status lists
and will simply show no status icon.

// FREEBIE

* Add configuration sync request

Send these requests in a one-off fashion when:
  1. We have just setup from a chrome app import
  2. We have just upgraded to read-receipt support

// FREEBIE

* Expose sendRequestConfigurationSyncMessage

// FREEBIE

* Fix handling of incoming delivery receipts - union with array

FREEBIE
2017-10-04 15:28:43 -07:00
Lilia
ae190fed44
Profiles (#1453)
* Add AES-GCM encryption for profiles

With tests.

* Add profileKey to DataMessage protobuf

// FREEBIE

* Decrypt and save profile names

// FREEBIE

* Save incoming profile keys

* Move pad/unpad to crypto module

// FREEBIE

* Support fetching avatars from the cdn

// FREEBIE

* Translate failed authentication errors

When AES-GCM authentication fails, webcrypto returns a very generic error. The
same error is thrown for invalid length inputs, but our earlier checks in
decryptProfile should rule out those failure modes and leave us safe to assume
that we either had bad ciphertext or the wrong key.

// FREEBIE

* Handle profile avatars (wip) and log decrypt errors

// FREEBIE

* Display profile avatars

Synced contact avatars will still override profile avatars.

* Display profile names in convo list

Only if we don't have a synced contact name.

// FREEBIE

* Make cdn url an environment config

Use different ones for staging and production

// FREEBIE

* Display profile name in conversation header

* Display profile name in group messages

* Update conversation header if profile avatar changes

// FREEBIE

* Style profile names small with ~

* Save profileKeys from contact sync messages

// FREEBIE

* Save profile keys from provisioning messages

For standalone accounts, generate a random profile key.

// FREEBIE

* Special case for one-time sync of our profile key

Android will use a contact sync message to sync a profile key from Android
clients who have just upgraded and generated their profile key. Normally we
should receive this data in a provisioning message.

// FREEBIE

* Infer profile sharing from synced data messages

* Populate profile keys on outgoing messages

Requires that `profileSharing` be set on the conversation.

// FREEBIE

* Support for the profile key update flag

When receiving a message with this flag, don't init a message record, just
process the profile key and move on.

// FREEBIE

* Display profile names in group member list

* Refresh contact's profile on profile key changes

// FREEBIE

* Catch errors on profile save

// FREEBIE

* Save our own synced contact info

Don't return early if we get a contact sync for our own number

// FREEBIE
2017-09-14 17:04:00 -07:00
Lilia
50c470e53d
Certificate pinning via node XMLHttpRequest implementation (#1394)
* Add certificate pinning on https service requests

Make https requests to the server using node apis instead of browser apis, so we
can specify our own CA list, which contains only our own CA.

This protects us from MITM by a rogue CA.

As a bonus, this let's us drop the use of non-standard ports and just use good
ol' default 443 all the time, at least for http requests.

// FREEBIE

* Make certificateAuthorities an option on requests

Modify node-based xhr implementation based on driverdan/node-XMLHttpRequest,
adding support for setting certificate authorities on each request.

This allows us to pin our master CA for requests to the server and cdn but not
to the s3 attachment server, for instance. Also fix an exception when sending
binary data in a request: it is submitted as an array buffer, and must be
converted to a node Buffer since we are now using a node based request api.

// FREEBIE

* Import node-based xhr implementation

Add a copy of https://github.com/driverdan/node-XMLHttpRequest@86ff70e, and
expose it to the renderer in the preload script.

In later commits this module will be extended to support custom certificate
authorities.

// FREEBIE

* Support "arraybuffer" responseType on requests

When fetching attachments, we want the result as binary data rather than a utf8
string. This lets our node-based XMLHttpRequest honor the responseType property
if it is set on the xhr.

Note that naively using the raw `.buffer` from a node Buffer won't work, since
it is a reuseable backing buffer that is often much larger than the actual
content defined by the Buffer's offset and length.

Instead, we'll prepare a return buffer based on the response's content length
header, and incrementally write chunks of data into it as they arrive.

// FREEBIE

* Switch to self-signed server endpoint

* Log more error info on failed requests

With the node-based xhr, relevant error info are stored in statusText and
responseText when a request fails.

// FREEBIE

* Add node-based websocket w/ support for custom CA

// FREEBIE

* Support handling array buffers instead of blobs

Our node-based websocket calls onmessage with an arraybuffer instead of a blob.
For robustness (on the off chance we switch or update the socket implementation
agian) I've kept the machinery for converting blobs to array buffers.

// FREEBIE

* Destroy all wacky server ports

// FREEBIE
2017-09-14 17:03:17 -07:00
Scott Nonnenberg
4ef36cc95c Add logging to help track down problems with Sync
Seems like we're running into errors sending the message to kick off the
sync, so positive logging as well as error logging is included.

FREEBIE
2017-08-17 17:33:22 -07:00
Scott Nonnenberg
8700112f6d Decrypt any IncomingIdentityKeyError still sticking around
FREEBIE
2017-08-12 13:17:53 -07:00
Scott Nonnenberg
2130795708 Fix 'retry message' scenario: they are now content messages
FREEBIE
2017-08-07 16:14:49 -07:00
Scott Nonnenberg
9db0a58260 Whenever adding something to a queue, include a timeout
No more wedged queues!

FREEBIE
2017-08-04 12:03:25 -07:00
lilia
9f4fcc5afa Send null messages to mask verified syncs
First construct a null message of random size and contents and send it to the
destination. Then include that same padding in the verification sync.

Note that the sync message is additionally randomly padded like all other sync
messages.

This lets Verified sync messages appear the same as normal sync message traffic.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1e93b12b90 Update protos with support for null messages
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
6e758fc1ea Randomly pad all sync messages
WhisperSystems/libsignal-service-java@c46cdc0aa5

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
20f4d48991 Protos: Move to latest iteration of verification protos
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4a1dc46ab3 Fixes to get local verification and sync messages working
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
52481d1d13 Support for sending and receiving verification sync messages
This adds a new method to message sender for sending verification sync messages
and a new event to message receiver representing incoming verification sync
messages. Currently the event handler just logs the message.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
f095a1583e Fetch profiles whenever conversations are opened
For a group, fetch everyone's profile.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
22e907a8d4 Add getProfile to MessageSender
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4842ef6153 Sync end session messages
// FREEBIE
2017-05-16 12:14:07 -07:00
lilia
6c53605dfd Flag voice note attachment protos as such
// FREEBIE
2017-05-12 09:55:15 -07:00
lilia
27a1c9f18a Populate attachment file size
// FREEBIE
2017-04-18 12:08:37 -07:00
lilia
fc514aa96f Add support for attachment file names
Send, receive, and save attachment filenames. Use them as suggested
names when saving files.

// FREEBIE
2017-04-18 11:48:56 -07:00
lilia
611bbaef35 Don't hardcode the attachment server url
There may come a day when we may need to change this url from the server
side. On that day, clients should continue to operate normally. The
service should be able to change attachment server locations without
requiring a client update.

// FREEBIE
2017-03-10 15:24:19 -08:00
lilia
43de0cc2ec Add attachment digests
// FREEBIE
2017-03-10 14:40:45 -08:00
lilia
cd0fe7037b Add replayable error for signed key failure
Disable message sending if signed key updates fail too many times, but
allow the user to retry sending.

// FREEBIE
2017-02-16 18:06:19 -08:00
lilia
86dbbc9f29 Allow null expireTimer in sendmessage 2016-10-05 19:09:20 +09:00
lilia
ad2174e279 Sync expirationStartTimestamp on outgoing messages
Linked devices need to know when to start the clock.
2016-09-29 16:17:01 -07:00
lilia
6074a29046 Send timer update messages when changing the timer 2016-09-29 16:17:01 -07:00
lilia
824b7417e9 Apply expireTimer to outgoing messages 2016-09-29 16:17:01 -07:00
lilia
0487fa3cd1 Add server fallback port 8443
// FREEBIE
2016-09-08 14:31:19 -07:00
lilia
f8e176fd40 Dedupe methods
Define textsecure.crypto in terms of libsignal.crypto.

// FREEBIE
2016-05-18 13:15:57 -07:00
lilia
d32a352d8a Use deviceIds/addresses instead of encodedNumbers
The getDeviceObjectsForNumber method returns device objects that contain
nothing but the encodedNumber property. Instead, just deal in deviceIds
until a SignalProtocolAddress is constructed to manage both the number
and deviceId.

// FREEBIE
2016-05-18 13:15:55 -07:00
lilia
0483fa2f97 Remove closeOpenSessionForDevice from protocol_wrapper
// FREEBIE
2016-05-14 23:26:33 -07:00
lilia
3e0bce2b21 Move, rename, and simplify toArrayBuffer helper
This function is only ever used to convert groupIds from strings to
array buffers in sendmessage.

// FREEBIE
2016-03-13 04:56:28 -07:00
lilia
2b7cbef8b1 Rename a function
Avoid confusing this operation with actual receipts, which are something
else.

// FREEBIE
2016-02-26 12:41:29 -08:00
lilia
c3bbdb393f Refactor media uploading step
Move this to its own function which encapsulates the error handling for
it.

// FREEBIE
2016-02-24 23:10:17 -08:00
lilia
44b1a6451d Add validation to Message class
// FREEBIE
2016-02-24 23:10:16 -08:00
lilia
781ada64ca Add libtextsecure support for syncing read messages
Plumbing for sending and receiving a new sync protobuf for marking
messages read on/from my other devices.

// FREEBIE
2016-02-22 17:11:17 -08:00
lilia
7e82d1295c Handle attachment upload errors
Adds a new kind of replayable error that handles retry of pre-encryption
failures, e.g., attachment upload.

Fixes #485

// FREEBIE
2016-02-09 13:21:32 -08:00
lilia
910e37649a Let group messages use new Message class
// FREEBIE
2016-02-08 17:07:49 -08:00
lilia
3bffdd96f5 Add sendMessage to handle sending from Message class
// FREEBIE
2016-02-08 17:07:49 -08:00
lilia
ecdfa09e97 Create a helper class for constructing messages
// FREEBIE
2016-02-08 17:07:48 -08:00
lilia
86132a38a8 Log envelopes and session end events
Help debug bad session errors by logging some envelope info about the
message we are about to decrypt. With this, if there is a decryption
error (e.g., bad mac or no session) it is clear from the logs what
number and device message sent the bad message.

Also log when we send and receive end session messages and when we close
sessions for certain devices.

// FREEBIE
2016-02-02 16:16:42 -08:00