Commit graph

54 commits

Author SHA1 Message Date
Scott Nonnenberg
2cfdaca3c1
Make our binary comparisons constant time (#2047) 2018-02-14 12:15:26 -08:00
Scott Nonnenberg
7b49180bc0
Big update to new signal branding (#2018) 2018-01-30 14:22:51 -08:00
Scott Nonnenberg
33fd9c5dd4
Account setup: confirm first signed prekey, clear prekeys (#1979) 2018-01-17 15:28:32 -08:00
Scott Nonnenberg
bbab4bba10
Fix device ID check, clean up prekey fetch logging (#1961)
* DeviceId is a string, so we use the less-strict comparison

* Clean up prekey fetch logging
2018-01-10 18:12:24 -08:00
Scott Nonnenberg
c195ba2630
Save prekeys optimistically, track confirms, new clean behavior (#1846)
* Re-enable libtextsecure unit tests, get passing, run in CI

* Save prekeys optimistically, track confirmed, new clean behavior

* Eliminate potential conflicts when rotating on startup

* Remove last symlink: get libtextsecure tests running on windows
2017-12-01 13:35:39 -08:00
Scott Nonnenberg
d9a48478ec
Logging for prekey fetches, load of log files (#1836)
* Log the files discovered in logPath

I've encountered some logs which include very old entries; and my
suspicion is that we're not cleaning up old log files properly.

* Log prekey fetches (success and failure), just like signed keys

* Force log file information into the final web-ready log
2017-11-30 11:56:46 -08:00
Scott Nonnenberg
44da6924f9
A variety of logging improvements to track down bugs (#1832)
* Log when we get a blocked numbers sync message

* Save three old signed keys in addition to the current active

* Remove the mystery from all the error-related log messages

* Log successful load of signed key - to help debug prekey errors

* removeSignedPreKey: Don't hang or crash in error cases

* Log on top-level unhandled promise rejection

* Remove trailing comma in param list, Electron 1.6 does not like

* Harden top-level error handler for strange object shapes
2017-11-30 11:56:29 -08:00
Scott Nonnenberg
f0ec75eef4
removeSignedPrekey: Be resilient to delete returning nothing (#1769) 2017-11-14 16:37:44 -08:00
Scott Nonnenberg
ef3431af1b isUntrusted: Return false if firstUse is true
Because users will see this upon first trying to communicate with a new
contact if they're quick about it.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4f90cefd4f More bullet-proofing - reject surrounding promise if save() fails
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
bd0050b6c6 Cache messages on receipt, remove from cache when processed
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
91f50c028f Unify processVerifiedMessage with Java implementation
This removes our support for the New Key/DEFAULT case, which iOS will
sync to us. Why? Because it ensures that in out of date scenarios, we
don't lose the higher-security state we were in previously.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
23a806a6b1 removeAllSessions: properly reject in failure cases
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
f654532fa8 Handle UNVERIFIED sync verification messages (via contact sync)
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
20451cc827 Show verified/keychange notifications when actually relevant
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e91f2d0377 Miscellaneous wire-up to ensure that failures propagate
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3206536d47 Fix deadlock in saveIdentity
Archive only sibling sessions so as not to block on the same device lock as the
protocol lib.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
e5e4eab9c5 Add archiveSiblingSessions
// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
7bfb66b13b processVerifiedMessage: Archive all sessions when key changes
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d7054f4b63 Archive sessions whenever an identity key changes
Sessions established with the previous identity should no longer be used for
sending, so we should close them.

Since we've added this call to saveIdentity, we can omit the call to it after
profile fetches.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
0056cbefc1 processVerifiedMessage: Trigger keychange event when key differs
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3acfda3a56 Archive sessions on key changes after profile fetch
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1614a6f1b8 Add special handling for verification sync
processVerifiedMessage checks the current state of the database against the
identity key from an incoming verification sync message to determine whether or
how to update our local record.

When syncing a DEFAULT status and we have no local record, it's a no-op, but
we'll log it.

When syncing a DEFAULT status and we have non-default record with the same key,
mark it as default.

When syncing a VERIFIED status and either:
  1. we have no key on record,
  2. we have have a different key on record, or
  3. we have the same key on record, but not verified
mark it as verified.

Otherwise do nothing.

References: https://github.com/WhisperSystems/Signal-Android/blob/master/src/org/thoughtcrime/securesms/util/IdentityUtil.java#L129

// FREEBIE

Ensure processVerified resolves
2017-08-04 12:03:25 -07:00
lilia
c60919ca0e Update setVerified to take an optional key argument
If specified, the existing local key must match the given one or we will not
update the record.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
0e0f14723e Rename model IdentityKey -> IdentityRecord
Reduce ambiguity in between the record itself, which now stores other
information besides the public key, and its `publicKey` attribute, which
contains an ArrayBuffer of key material.

This model is internal to SignalProtocolStore.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
aa6dbb2e59 Preserve UNVERIFIED status on key change
Don't revert it to default, which would effectively downgrade the security model
for that contact.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
12d9bb61c3 Let removeIdentityKey delete the entire record
Previously we would only clear the publicKey since that was the only attribute,
but now we should delete the entire record. This method is currently only called
from tests.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d1858de39b Default nonblockingApproval to false
saveIdentity is invoked with only two arguments from the protocol layer, in
which case we should default nonblockingApproval to false.

76c28cfa7a/src/org/thoughtcrime/securesms/crypto/storage/TextSecureIdentityKeyStore.java (L87)

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
2a76bb6fc2 Add new methods to identity store
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
50dd9c6772 Add identityKey model validation
This will enforce that all identity record attributes are valid and present
before allowing the record to be saved. This is necessary since we will be
exposing a lower-level method to save an identity with explicit values for
firstUse, nonblockingApproval, and verified status.
2017-08-04 12:03:25 -07:00
lilia
b93042f12f Add verified status
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
c6bfdec84d Remove blockingApproval
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1b9eb83422 Update isTrustedIdentity for directional trust
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3ca511a10a Unwrap removeIdentityKey from calls to saveIdentity
saveIdentity is now reponsible for determining firstUse, so we must not remove
the existing key before updating it.

Previously, the implementation provided an extra check against overwritting an
existing key, but that should be done via isTrustedIdentity instead.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
82469713d2 Update saveIdentity
Add support new blockingApproval and nonblockingApproval arguments
Populate the firstUse property on identity key records
Return whether an existing record was overwritten.

References
https://github.com/WhisperSystems/Signal-Android/commit/39d4a7#diff-69ede72c549da6bcbcd959935995b7e9R45

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4d4dd3341f Add isBlocking/isNonBlockingApprovalRequired
These analyse the identity key record and user preferences to determine whether
a key requires approval for sending.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
16f3717824 Move refresh prekeys out of SignalProtocolStore
Use an event/listener instead

// FREEBIE
2017-05-23 11:08:23 -07:00
Scott Nonnenberg
3cfac58d78 Eliminate all console errors during test run
FREEBIE
2017-05-23 11:08:23 -07:00
lilia
aed5735620 Improve keychange notice reliability/perf
Bind a single listener to keychange events from the storage interface,
which then looks up relevant conversations and adds notices to them,
with tests.

Previously we would need to instantiate a conversation model in order to
start listening to its key change events. In practice this usually
happens at startup but we shouldn't rely on it, and it incurs higher
overhead since it creates a different listener for each conversation.

// FREEBIE
2017-05-09 15:41:41 -07:00
lilia
3c2b7c8cbd Log missing signed prekey ids
// FREEBIE
2017-04-12 13:02:31 -07:00
lilia
bba25b22e2 Log session deletions 2017-02-28 11:29:26 -08:00
lilia
527e7878a8 Fix unresolved promise in removeSession
Previously if there was no session to remove, the promise returned from
removeSession would never resolve, potentially blocking sending for that
recipient until restart.

// FREEBIE
2017-02-28 11:29:26 -08:00
lilia
e0fd188d42 Add loadSignedPreKeys to SignalProtocolStore 2017-02-16 14:59:04 -08:00
lilia
54536360ff Return created_at and keyId with signed prekeys
Use `.get()` rather than `attributes.property` access because created_at
may not be present for old keys

// FREEBIE
2017-02-15 13:44:31 -08:00
lilia
829d147d19 Add creation timestamps to signed keys 2017-02-14 15:26:34 -08:00
lilia
7fe708d195 Insert keychange advisories
On click, these open a verification panel for the relevant contact,
within this conversation.

// FREEBIE
2016-10-05 19:11:39 +09:00
lilia
aa42139477 Implement non blocking option
// FREEBIE
2016-10-05 19:10:20 +09:00
lilia
ce315f3f8e Add Events to SignalProtocolStore
Allows triggering and listening for events.

// FREEBIE
2016-10-05 19:10:20 +09:00
lilia
0a7f203565 Log on session save failure
// FREEBIE
2016-06-29 18:22:27 -07:00
lilia
148bd32671 Update libsignal-protocol v0.10.0
* Changes policy for old session deletion
* Renames putIdentityKey to saveIdentity
* Remove device messages

// FREEBIE
2016-05-18 11:11:11 -07:00