// Copyright 2015-2022 Signal Messenger, LLC // SPDX-License-Identifier: AGPL-3.0-only /* eslint-disable @typescript-eslint/no-explicit-any */ import chai, { assert } from 'chai'; import chaiAsPromised from 'chai-as-promised'; import { Direction, IdentityKeyPair, PrivateKey, PublicKey, SenderKeyRecord, SessionRecord, SignedPreKeyRecord, } from '@signalapp/libsignal-client'; import { signal } from '../protobuf/compiled'; import { sessionStructureToBytes } from '../util/sessionTranslation'; import * as durations from '../util/durations'; import { Zone } from '../util/Zone'; import * as Bytes from '../Bytes'; import { getRandomBytes, constantTimeEqual } from '../Crypto'; import { clampPrivateKey, setPublicKeyTypeByte, generateSignedPreKey, } from '../Curve'; import type { SignalProtocolStore } from '../SignalProtocolStore'; import { GLOBAL_ZONE } from '../SignalProtocolStore'; import { Address } from '../types/Address'; import { QualifiedAddress } from '../types/QualifiedAddress'; import { UUID } from '../types/UUID'; import type { IdentityKeyType, KeyPairType } from '../textsecure/Types.d'; chai.use(chaiAsPromised); const { RecordStructure, SessionStructure, SenderKeyRecordStructure, SenderKeyStateStructure, } = signal.proto.storage; describe('SignalProtocolStore', () => { const ourUuid = UUID.generate(); const theirUuid = UUID.generate(); let store: SignalProtocolStore; let identityKey: KeyPairType; let testKey: KeyPairType; function getSessionRecord(isOpen?: boolean): SessionRecord { const proto = new RecordStructure(); proto.previousSessions = []; if (isOpen) { proto.currentSession = new SessionStructure(); proto.currentSession.aliceBaseKey = getPublicKey(); proto.currentSession.localIdentityPublic = getPublicKey(); proto.currentSession.localRegistrationId = 435; proto.currentSession.previousCounter = 1; proto.currentSession.remoteIdentityPublic = getPublicKey(); proto.currentSession.remoteRegistrationId = 243; proto.currentSession.rootKey = getPrivateKey(); proto.currentSession.sessionVersion = 3; } return SessionRecord.deserialize( Buffer.from(sessionStructureToBytes(proto)) ); } function getSenderKeyRecord(): SenderKeyRecord { const proto = new SenderKeyRecordStructure(); const state = new SenderKeyStateStructure(); state.senderKeyId = 4; const senderChainKey = new SenderKeyStateStructure.SenderChainKey(); senderChainKey.iteration = 10; senderChainKey.seed = getPublicKey(); state.senderChainKey = senderChainKey; const senderSigningKey = new SenderKeyStateStructure.SenderSigningKey(); senderSigningKey.public = getPublicKey(); senderSigningKey.private = getPrivateKey(); state.senderSigningKey = senderSigningKey; state.senderMessageKeys = []; const messageKey = new SenderKeyStateStructure.SenderMessageKey(); messageKey.iteration = 234; messageKey.seed = getPublicKey(); state.senderMessageKeys.push(messageKey); proto.senderKeyStates = []; proto.senderKeyStates.push(state); return SenderKeyRecord.deserialize( Buffer.from( signal.proto.storage.SenderKeyRecordStructure.encode(proto).finish() ) ); } function getPrivateKey() { const key = getRandomBytes(32); clampPrivateKey(key); return key; } function getPublicKey() { const key = getRandomBytes(33); setPublicKeyTypeByte(key); return key; } before(async () => { store = window.textsecure.storage.protocol; store.hydrateCaches(); identityKey = { pubKey: getPublicKey(), privKey: getPrivateKey(), }; testKey = { pubKey: getPublicKey(), privKey: getPrivateKey(), }; setPublicKeyTypeByte(identityKey.pubKey); setPublicKeyTypeByte(testKey.pubKey); clampPrivateKey(identityKey.privKey); clampPrivateKey(testKey.privKey); window.storage.put('registrationIdMap', { [ourUuid.toString()]: 1337 }); window.storage.put('identityKeyMap', { [ourUuid.toString()]: { privKey: identityKey.privKey, pubKey: identityKey.pubKey, }, }); await window.storage.fetch(); window.ConversationController.reset(); await window.ConversationController.load(); await window.ConversationController.getOrCreateAndWait( theirUuid.toString(), 'private' ); }); describe('getLocalRegistrationId', () => { it('retrieves my registration id', async () => { await store.hydrateCaches(); const id = await store.getLocalRegistrationId(ourUuid); assert.strictEqual(id, 1337); }); }); describe('getIdentityKeyPair', () => { it('retrieves my identity key', async () => { await store.hydrateCaches(); const key = store.getIdentityKeyPair(ourUuid); if (!key) { throw new Error('Missing key!'); } assert.isTrue(constantTimeEqual(key.pubKey, identityKey.pubKey)); assert.isTrue(constantTimeEqual(key.privKey, identityKey.privKey)); }); }); describe('senderKeys', () => { it('roundtrips in memory', async () => { const distributionId = UUID.generate().toString(); const expected = getSenderKeyRecord(); const deviceId = 1; const qualifiedAddress = new QualifiedAddress( ourUuid, new Address(theirUuid, deviceId) ); await store.saveSenderKey(qualifiedAddress, distributionId, expected); const actual = await store.getSenderKey(qualifiedAddress, distributionId); if (!actual) { throw new Error('getSenderKey returned nothing!'); } assert.isTrue( constantTimeEqual(expected.serialize(), actual.serialize()) ); await store.removeSenderKey(qualifiedAddress, distributionId); const postDeleteGet = await store.getSenderKey( qualifiedAddress, distributionId ); assert.isUndefined(postDeleteGet); }); it('roundtrips through database', async () => { const distributionId = UUID.generate().toString(); const expected = getSenderKeyRecord(); const deviceId = 1; const qualifiedAddress = new QualifiedAddress( ourUuid, new Address(theirUuid, deviceId) ); await store.saveSenderKey(qualifiedAddress, distributionId, expected); // Re-fetch from the database to ensure we get the latest database value await store.hydrateCaches(); const actual = await store.getSenderKey(qualifiedAddress, distributionId); if (!actual) { throw new Error('getSenderKey returned nothing!'); } assert.isTrue( constantTimeEqual(expected.serialize(), actual.serialize()) ); await store.removeSenderKey(qualifiedAddress, distributionId); // Re-fetch from the database to ensure we get the latest database value await store.hydrateCaches(); const postDeleteGet = await store.getSenderKey( qualifiedAddress, distributionId ); assert.isUndefined(postDeleteGet); }); }); describe('saveIdentity', () => { const identifier = new Address(theirUuid, 1); it('stores identity keys', async () => { await store.saveIdentity(identifier, testKey.pubKey); const key = await store.loadIdentityKey(theirUuid); if (!key) { throw new Error('Missing key!'); } assert.isTrue(constantTimeEqual(key, testKey.pubKey)); }); it('allows key changes', async () => { const newIdentity = getPublicKey(); await store.saveIdentity(identifier, testKey.pubKey); await store.saveIdentity(identifier, newIdentity); }); describe('When there is no existing key (first use)', () => { before(async () => { await store.removeIdentityKey(theirUuid); await store.saveIdentity(identifier, testKey.pubKey); }); it('marks the key firstUse', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert(identity.firstUse); }); it('sets the timestamp', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert(identity.timestamp); }); it('sets the verified status to DEFAULT', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.DEFAULT); }); }); describe('When there is a different existing key (non first use)', () => { const newIdentity = getPublicKey(); const oldTimestamp = Date.now(); before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: oldTimestamp, nonblockingApproval: false, verified: store.VerifiedStatus.DEFAULT, }); await store.hydrateCaches(); await store.saveIdentity(identifier, newIdentity); }); it('marks the key not firstUse', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert(!identity.firstUse); }); it('updates the timestamp', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.notEqual(identity.timestamp, oldTimestamp); }); describe('The previous verified status was DEFAULT', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: oldTimestamp, nonblockingApproval: false, verified: store.VerifiedStatus.DEFAULT, }); await store.hydrateCaches(); await store.saveIdentity(identifier, newIdentity); }); it('sets the new key to default', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.DEFAULT); }); }); describe('The previous verified status was VERIFIED', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: oldTimestamp, nonblockingApproval: false, verified: store.VerifiedStatus.VERIFIED, }); await store.hydrateCaches(); await store.saveIdentity(identifier, newIdentity); }); it('sets the new key to unverified', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual( identity.verified, store.VerifiedStatus.UNVERIFIED ); }); }); describe('The previous verified status was UNVERIFIED', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: oldTimestamp, nonblockingApproval: false, verified: store.VerifiedStatus.UNVERIFIED, }); await store.hydrateCaches(); await store.saveIdentity(identifier, newIdentity); }); it('sets the new key to unverified', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual( identity.verified, store.VerifiedStatus.UNVERIFIED ); }); }); }); describe('When the key has not changed', () => { const oldTimestamp = Date.now(); before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, timestamp: oldTimestamp, nonblockingApproval: false, firstUse: false, verified: store.VerifiedStatus.DEFAULT, }); await store.hydrateCaches(); }); describe('If it is marked firstUse', () => { before(async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } identity.firstUse = true; await window.Signal.Data.createOrUpdateIdentityKey(identity); await store.hydrateCaches(); }); it('nothing changes', async () => { await store.saveIdentity(identifier, testKey.pubKey, true); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert(!identity.nonblockingApproval); assert.strictEqual(identity.timestamp, oldTimestamp); }); }); describe('If it is not marked firstUse', () => { before(async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } identity.firstUse = false; await window.Signal.Data.createOrUpdateIdentityKey(identity); await store.hydrateCaches(); }); describe('If nonblocking approval is required', () => { let now: number; before(async () => { now = Date.now(); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } identity.timestamp = now; await window.Signal.Data.createOrUpdateIdentityKey(identity); await store.hydrateCaches(); }); it('sets non-blocking approval', async () => { await store.saveIdentity(identifier, testKey.pubKey, true); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.nonblockingApproval, true); assert.strictEqual(identity.timestamp, now); assert.strictEqual(identity.firstUse, false); }); }); }); }); }); describe('saveIdentityWithAttributes', () => { let now: number; let validAttributes: IdentityKeyType; before(async () => { now = Date.now(); validAttributes = { id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: now, verified: store.VerifiedStatus.VERIFIED, nonblockingApproval: false, }; await store.removeIdentityKey(theirUuid); }); describe('with valid attributes', () => { before(async () => { await store.saveIdentityWithAttributes(theirUuid, validAttributes); }); it('publicKey is saved', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.isTrue(constantTimeEqual(identity.publicKey, testKey.pubKey)); }); it('firstUse is saved', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.firstUse, true); }); it('timestamp is saved', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.timestamp, now); }); it('verified is saved', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.VERIFIED); }); it('nonblockingApproval is saved', async () => { const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.nonblockingApproval, false); }); }); describe('with invalid attributes', () => { let attributes: IdentityKeyType; beforeEach(() => { attributes = window._.clone(validAttributes); }); async function testInvalidAttributes() { try { await store.saveIdentityWithAttributes(theirUuid, attributes); throw new Error('saveIdentityWithAttributes should have failed'); } catch (error) { // good. we expect to fail with invalid attributes. } } it('rejects an invalid publicKey', async () => { attributes.publicKey = 'a string' as any; await testInvalidAttributes(); }); it('rejects invalid firstUse', async () => { attributes.firstUse = 0 as any; await testInvalidAttributes(); }); it('rejects invalid timestamp', async () => { attributes.timestamp = NaN as any; await testInvalidAttributes(); }); it('rejects invalid verified', async () => { attributes.verified = null as any; await testInvalidAttributes(); }); it('rejects invalid nonblockingApproval', async () => { attributes.nonblockingApproval = 0 as any; await testInvalidAttributes(); }); }); }); describe('setApproval', () => { it('sets nonblockingApproval', async () => { await store.setApproval(theirUuid, true); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.nonblockingApproval, true); }); }); describe('setVerified', () => { async function saveRecordDefault() { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.DEFAULT, nonblockingApproval: false, }); await store.hydrateCaches(); } describe('with no public key argument', () => { before(saveRecordDefault); it('updates the verified status', async () => { await store.setVerified(theirUuid, store.VerifiedStatus.VERIFIED); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.VERIFIED); assert.isTrue(constantTimeEqual(identity.publicKey, testKey.pubKey)); }); }); describe('with the current public key', () => { before(saveRecordDefault); it('updates the verified status', async () => { await store.setVerified( theirUuid, store.VerifiedStatus.VERIFIED, testKey.pubKey ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.VERIFIED); assert.isTrue(constantTimeEqual(identity.publicKey, testKey.pubKey)); }); }); describe('with a mismatching public key', () => { const newIdentity = getPublicKey(); before(saveRecordDefault); it('does not change the record.', async () => { await store.setVerified( theirUuid, store.VerifiedStatus.VERIFIED, newIdentity ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.DEFAULT); assert.isTrue(constantTimeEqual(identity.publicKey, testKey.pubKey)); }); }); }); describe('processVerifiedMessage', () => { const newIdentity = getPublicKey(); let keychangeTriggered: number; beforeEach(() => { keychangeTriggered = 0; store.bind('keychange', () => { keychangeTriggered += 1; }); }); afterEach(() => { store.unbind('keychange'); }); describe('when the new verified status is DEFAULT', () => { describe('when there is no existing record', () => { before(async () => { await window.Signal.Data.removeIdentityKeyById(theirUuid.toString()); await store.hydrateCaches(); }); it('sets the identity key', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.DEFAULT, newIdentity ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); assert.isTrue( identity?.publicKey && constantTimeEqual(identity.publicKey, newIdentity) ); assert.strictEqual(keychangeTriggered, 0); }); }); describe('when the record exists', () => { describe('when the existing key is different', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.VERIFIED, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('updates the identity', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.DEFAULT, newIdentity ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.DEFAULT); assert.isTrue(constantTimeEqual(identity.publicKey, newIdentity)); assert.strictEqual(keychangeTriggered, 1); }); }); describe('when the existing key is the same but VERIFIED', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.VERIFIED, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('updates the verified status', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.DEFAULT, testKey.pubKey ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.DEFAULT); assert.isTrue( constantTimeEqual(identity.publicKey, testKey.pubKey) ); assert.strictEqual(keychangeTriggered, 0); }); }); describe('when the existing key is the same and already DEFAULT', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.DEFAULT, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('does not hang', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.DEFAULT, testKey.pubKey ); assert.strictEqual(keychangeTriggered, 0); }); }); }); }); describe('when the new verified status is UNVERIFIED', () => { describe('when there is no existing record', () => { before(async () => { await window.Signal.Data.removeIdentityKeyById(theirUuid.toString()); await store.hydrateCaches(); }); it('saves the new identity and marks it UNVERIFIED', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.UNVERIFIED, newIdentity ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual( identity.verified, store.VerifiedStatus.UNVERIFIED ); assert.isTrue(constantTimeEqual(identity.publicKey, newIdentity)); assert.strictEqual(keychangeTriggered, 0); }); }); describe('when the record exists', () => { describe('when the existing key is different', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.VERIFIED, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('saves the new identity and marks it UNVERIFIED', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.UNVERIFIED, newIdentity ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual( identity.verified, store.VerifiedStatus.UNVERIFIED ); assert.isTrue(constantTimeEqual(identity.publicKey, newIdentity)); assert.strictEqual(keychangeTriggered, 1); }); }); describe('when the key exists and is DEFAULT', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.DEFAULT, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('updates the verified status', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.UNVERIFIED, testKey.pubKey ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual( identity.verified, store.VerifiedStatus.UNVERIFIED ); assert.isTrue( constantTimeEqual(identity.publicKey, testKey.pubKey) ); assert.strictEqual(keychangeTriggered, 0); }); }); describe('when the key exists and is already UNVERIFIED', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.UNVERIFIED, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('does not hang', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.UNVERIFIED, testKey.pubKey ); assert.strictEqual(keychangeTriggered, 0); }); }); }); }); describe('when the new verified status is VERIFIED', () => { describe('when there is no existing record', () => { before(async () => { await window.Signal.Data.removeIdentityKeyById(theirUuid.toString()); await store.hydrateCaches(); }); it('saves the new identity and marks it verified', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.VERIFIED, newIdentity ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual(identity.verified, store.VerifiedStatus.VERIFIED); assert.isTrue(constantTimeEqual(identity.publicKey, newIdentity)); assert.strictEqual(keychangeTriggered, 0); }); }); describe('when the record exists', () => { describe('when the existing key is different', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.VERIFIED, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('saves the new identity and marks it VERIFIED', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.VERIFIED, newIdentity ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual( identity.verified, store.VerifiedStatus.VERIFIED ); assert.isTrue(constantTimeEqual(identity.publicKey, newIdentity)); assert.strictEqual(keychangeTriggered, 1); }); }); describe('when the existing key is the same but UNVERIFIED', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.UNVERIFIED, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('saves the identity and marks it verified', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.VERIFIED, testKey.pubKey ); const identity = await window.Signal.Data.getIdentityKeyById( theirUuid.toString() ); if (!identity) { throw new Error('Missing identity!'); } assert.strictEqual( identity.verified, store.VerifiedStatus.VERIFIED ); assert.isTrue( constantTimeEqual(identity.publicKey, testKey.pubKey) ); assert.strictEqual(keychangeTriggered, 0); }); }); describe('when the existing key is the same and already VERIFIED', () => { before(async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, firstUse: true, timestamp: Date.now(), verified: store.VerifiedStatus.VERIFIED, nonblockingApproval: false, }); await store.hydrateCaches(); }); it('does not hang', async () => { await store.processVerifiedMessage( theirUuid, store.VerifiedStatus.VERIFIED, testKey.pubKey ); assert.strictEqual(keychangeTriggered, 0); }); }); }); }); }); describe('isUntrusted', () => { it('returns false if identity key old enough', async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, timestamp: Date.now() - 10 * 1000 * 60, verified: store.VerifiedStatus.DEFAULT, firstUse: false, nonblockingApproval: false, }); await store.hydrateCaches(); const untrusted = await store.isUntrusted(theirUuid); assert.strictEqual(untrusted, false); }); it('returns false if new but nonblockingApproval is true', async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, timestamp: Date.now(), verified: store.VerifiedStatus.DEFAULT, firstUse: false, nonblockingApproval: true, }); await store.hydrateCaches(); const untrusted = await store.isUntrusted(theirUuid); assert.strictEqual(untrusted, false); }); it('returns false if new but firstUse is true', async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, timestamp: Date.now(), verified: store.VerifiedStatus.DEFAULT, firstUse: true, nonblockingApproval: false, }); await store.hydrateCaches(); const untrusted = await store.isUntrusted(theirUuid); assert.strictEqual(untrusted, false); }); it('returns true if new, and no flags are set', async () => { await window.Signal.Data.createOrUpdateIdentityKey({ id: theirUuid.toString(), publicKey: testKey.pubKey, timestamp: Date.now(), verified: store.VerifiedStatus.DEFAULT, firstUse: false, nonblockingApproval: false, }); await store.hydrateCaches(); const untrusted = await store.isUntrusted(theirUuid); assert.strictEqual(untrusted, true); }); }); describe('getVerified', () => { before(async () => { await store.setVerified(theirUuid, store.VerifiedStatus.VERIFIED); }); it('resolves to the verified status', async () => { const result = await store.getVerified(theirUuid); assert.strictEqual(result, store.VerifiedStatus.VERIFIED); }); }); describe('isTrustedIdentity', () => { const identifier = new Address(theirUuid, 1); describe('When invalid direction is given', () => { it('should fail', async () => { await assert.isRejected( store.isTrustedIdentity(identifier, testKey.pubKey, 'dir' as any) ); }); }); describe('When direction is RECEIVING', () => { it('always returns true', async () => { const newIdentity = getPublicKey(); await store.saveIdentity(identifier, testKey.pubKey); const trusted = await store.isTrustedIdentity( identifier, newIdentity, Direction.Receiving ); if (!trusted) { throw new Error('isTrusted returned false when receiving'); } }); }); describe('When direction is SENDING', () => { describe('When there is no existing key (first use)', () => { before(async () => { await store.removeIdentityKey(theirUuid); }); it('returns true', async () => { const newIdentity = getPublicKey(); const trusted = await store.isTrustedIdentity( identifier, newIdentity, Direction.Sending ); if (!trusted) { throw new Error('isTrusted returned false on first use'); } }); }); describe('When there is an existing key', () => { before(async () => { await store.saveIdentity(identifier, testKey.pubKey); }); describe('When the existing key is different', () => { it('returns false', async () => { const newIdentity = getPublicKey(); const trusted = await store.isTrustedIdentity( identifier, newIdentity, Direction.Sending ); if (trusted) { throw new Error('isTrusted returned true on untrusted key'); } }); }); describe('When the existing key matches the new key', () => { const newIdentity = getPublicKey(); before(async () => { await store.saveIdentity(identifier, newIdentity); }); it('returns false if keys match but we just received this new identiy', async () => { const trusted = await store.isTrustedIdentity( identifier, newIdentity, Direction.Sending ); if (trusted) { throw new Error('isTrusted returned true on untrusted key'); } }); it('returns true if we have already approved identity', async () => { await store.saveIdentity(identifier, newIdentity, true); const trusted = await store.isTrustedIdentity( identifier, newIdentity, Direction.Sending ); if (!trusted) { throw new Error('isTrusted returned false on an approved key'); } }); }); }); }); }); describe('storePreKey', () => { it('stores prekeys', async () => { await store.storePreKey(ourUuid, 1, testKey); const key = await store.loadPreKey(ourUuid, 1); if (!key) { throw new Error('Missing key!'); } const keyPair = { pubKey: key.publicKey().serialize(), privKey: key.privateKey().serialize(), }; assert.isTrue(constantTimeEqual(keyPair.pubKey, testKey.pubKey)); assert.isTrue(constantTimeEqual(keyPair.privKey, testKey.privKey)); }); }); describe('removePreKey', () => { before(async () => { await store.storePreKey(ourUuid, 2, testKey); }); it('deletes prekeys', async () => { await store.removePreKey(ourUuid, 2); const key = await store.loadPreKey(ourUuid, 2); assert.isUndefined(key); }); }); describe('storeSignedPreKey', () => { it('stores signed prekeys', async () => { await store.storeSignedPreKey(ourUuid, 3, testKey); const key = await store.loadSignedPreKey(ourUuid, 3); if (!key) { throw new Error('Missing key!'); } const keyPair = { pubKey: key.publicKey().serialize(), privKey: key.privateKey().serialize(), }; assert.isTrue(constantTimeEqual(keyPair.pubKey, testKey.pubKey)); assert.isTrue(constantTimeEqual(keyPair.privKey, testKey.privKey)); }); }); describe('removeSignedPreKey', () => { before(async () => { await store.storeSignedPreKey(ourUuid, 4, testKey); }); it('deletes signed prekeys', async () => { await store.removeSignedPreKey(ourUuid, 4); const key = await store.loadSignedPreKey(ourUuid, 4); assert.isUndefined(key); }); }); describe('storeSession', () => { it('stores sessions', async () => { const testRecord = getSessionRecord(); const id = new QualifiedAddress(ourUuid, new Address(theirUuid, 1)); await store.storeSession(id, testRecord); const record = await store.loadSession(id); if (!record) { throw new Error('Missing record!'); } assert.equal(record, testRecord); }); }); describe('removeAllSessions', () => { it('removes all sessions for a uuid', async () => { const devices = [1, 2, 3].map( deviceId => new QualifiedAddress(ourUuid, new Address(theirUuid, deviceId)) ); await Promise.all( devices.map(async encodedAddress => { await store.storeSession(encodedAddress, getSessionRecord()); }) ); await store.removeAllSessions(theirUuid.toString()); const records = await Promise.all( devices.map(device => store.loadSession(device)) ); for (let i = 0, max = records.length; i < max; i += 1) { assert.isUndefined(records[i]); } }); }); describe('clearSessionStore', () => { it('clears the session store', async () => { const testRecord = getSessionRecord(); const id = new QualifiedAddress(ourUuid, new Address(theirUuid, 1)); await store.storeSession(id, testRecord); await store.clearSessionStore(); const record = await store.loadSession(id); assert.isUndefined(record); }); }); describe('getDeviceIds', () => { it('returns deviceIds for a uuid', async () => { const openRecord = getSessionRecord(true); const openDevices = [1, 2, 3, 10].map( deviceId => new QualifiedAddress(ourUuid, new Address(theirUuid, deviceId)) ); await Promise.all( openDevices.map(async address => { await store.storeSession(address, openRecord); }) ); const closedRecord = getSessionRecord(false); await store.storeSession( new QualifiedAddress(ourUuid, new Address(theirUuid, 11)), closedRecord ); const deviceIds = await store.getDeviceIds({ ourUuid, identifier: theirUuid.toString(), }); assert.sameMembers(deviceIds, [1, 2, 3, 10]); }); it('returns empty array for a uuid with no device ids', async () => { const deviceIds = await store.getDeviceIds({ ourUuid, identifier: 'foo', }); assert.sameMembers(deviceIds, []); }); }); describe('getOpenDevices', () => { it('returns all open devices for a uuid', async () => { const openRecord = getSessionRecord(true); const openDevices = [1, 2, 3, 10].map( deviceId => new QualifiedAddress(ourUuid, new Address(theirUuid, deviceId)) ); await Promise.all( openDevices.map(async address => { await store.storeSession(address, openRecord); }) ); const closedRecord = getSessionRecord(false); await store.storeSession( new QualifiedAddress(ourUuid, new Address(theirUuid, 11)), closedRecord ); const result = await store.getOpenDevices(ourUuid, [ theirUuid.toString(), 'blah', 'blah2', ]); assert.deepStrictEqual( { ...result, devices: result.devices.map(({ id, identifier, registrationId }) => ({ id, identifier: identifier.toString(), registrationId, })), }, { devices: [ { id: 1, identifier: theirUuid.toString(), registrationId: 243, }, { id: 2, identifier: theirUuid.toString(), registrationId: 243, }, { id: 3, identifier: theirUuid.toString(), registrationId: 243, }, { id: 10, identifier: theirUuid.toString(), registrationId: 243, }, ], emptyIdentifiers: ['blah', 'blah2'], } ); }); it('returns empty array for a uuid with no device ids', async () => { const result = await store.getOpenDevices(ourUuid, ['foo']); assert.deepEqual(result, { devices: [], emptyIdentifiers: ['foo'], }); }); }); describe('zones', () => { const distributionId = UUID.generate().toString(); const zone = new Zone('zone', { pendingSenderKeys: true, pendingSessions: true, pendingUnprocessed: true, }); beforeEach(async () => { await store.removeAllUnprocessed(); await store.removeAllSessions(theirUuid.toString()); await store.removeAllSenderKeys(); }); it('should not store pending sessions in global zone', async () => { const id = new QualifiedAddress(ourUuid, new Address(theirUuid, 1)); const testRecord = getSessionRecord(); await assert.isRejected( store.withZone(GLOBAL_ZONE, 'test', async () => { await store.storeSession(id, testRecord); throw new Error('Failure'); }), 'Failure' ); assert.equal(await store.loadSession(id), testRecord); }); it('should not store pending sender keys in global zone', async () => { const id = new QualifiedAddress(ourUuid, new Address(theirUuid, 1)); const testRecord = getSenderKeyRecord(); await assert.isRejected( store.withZone(GLOBAL_ZONE, 'test', async () => { await store.saveSenderKey(id, distributionId, testRecord); throw new Error('Failure'); }), 'Failure' ); assert.equal(await store.getSenderKey(id, distributionId), testRecord); }); it('commits sender keys, sessions and unprocessed on success', async () => { const id = new QualifiedAddress(ourUuid, new Address(theirUuid, 1)); const testSession = getSessionRecord(); const testSenderKey = getSenderKeyRecord(); await store.withZone(zone, 'test', async () => { await store.storeSession(id, testSession, { zone }); await store.saveSenderKey(id, distributionId, testSenderKey, { zone }); await store.addUnprocessed( { id: '2-two', version: 2, attempts: 0, envelope: 'second', receivedAtCounter: 0, timestamp: Date.now() + 2, urgent: true, }, { zone } ); assert.equal(await store.loadSession(id, { zone }), testSession); assert.equal( await store.getSenderKey(id, distributionId, { zone }), testSenderKey ); }); assert.equal(await store.loadSession(id), testSession); assert.equal(await store.getSenderKey(id, distributionId), testSenderKey); const allUnprocessed = await store.getAllUnprocessedAndIncrementAttempts(); assert.deepEqual( allUnprocessed.map(({ envelope }) => envelope), ['second'] ); }); it('reverts sender keys, sessions and unprocessed on error', async () => { const id = new QualifiedAddress(ourUuid, new Address(theirUuid, 1)); const testSession = getSessionRecord(); const failedSession = getSessionRecord(); const testSenderKey = getSenderKeyRecord(); const failedSenderKey = getSenderKeyRecord(); await store.storeSession(id, testSession); assert.equal(await store.loadSession(id), testSession); await store.saveSenderKey(id, distributionId, testSenderKey); assert.equal(await store.getSenderKey(id, distributionId), testSenderKey); await assert.isRejected( store.withZone(zone, 'test', async () => { await store.storeSession(id, failedSession, { zone }); assert.equal(await store.loadSession(id, { zone }), failedSession); await store.saveSenderKey(id, distributionId, failedSenderKey, { zone, }); assert.equal( await store.getSenderKey(id, distributionId, { zone }), failedSenderKey ); await store.addUnprocessed( { id: '2-two', version: 2, attempts: 0, envelope: 'second', receivedAtCounter: 0, timestamp: 2, urgent: true, }, { zone } ); throw new Error('Failure'); }), 'Failure' ); assert.equal(await store.loadSession(id), testSession); assert.equal(await store.getSenderKey(id, distributionId), testSenderKey); assert.deepEqual(await store.getAllUnprocessedAndIncrementAttempts(), []); }); it('can be re-entered', async () => { const id = new QualifiedAddress(ourUuid, new Address(theirUuid, 1)); const testRecord = getSessionRecord(); await store.withZone(zone, 'test', async () => { await store.withZone(zone, 'nested', async () => { await store.storeSession(id, testRecord, { zone }); assert.equal(await store.loadSession(id, { zone }), testRecord); }); assert.equal(await store.loadSession(id, { zone }), testRecord); }); assert.equal(await store.loadSession(id), testRecord); }); it('can be re-entered after waiting', async () => { const a = new Zone('a'); const b = new Zone('b'); const order: Array = []; const promises: Array> = []; // What happens below is briefly following: // 1. We enter zone "a" // 2. We wait for zone "a" to be left to enter zone "b" // 3. Skip few ticks to trigger leave of zone "a" and resolve the waiting // queue promise for zone "b" // 4. Enter zone "a" while resolution was the promise above is queued in // microtasks queue. promises.push(store.withZone(a, 'a', async () => order.push(1))); promises.push(store.withZone(b, 'b', async () => order.push(2))); await Promise.resolve(); await Promise.resolve(); promises.push(store.withZone(a, 'a again', async () => order.push(3))); await Promise.all(promises); assert.deepEqual(order, [1, 2, 3]); }); it('should not deadlock in archiveSiblingSessions', async () => { const id = new QualifiedAddress(ourUuid, new Address(theirUuid, 1)); const sibling = new QualifiedAddress(ourUuid, new Address(theirUuid, 2)); await store.storeSession(id, getSessionRecord(true)); await store.storeSession(sibling, getSessionRecord(true)); await store.archiveSiblingSessions(id.address, { zone }); }); it('can be concurrently re-entered after waiting', async () => { const a = new Zone('a'); const b = new Zone('b'); const order: Array = []; const promises: Array> = []; // 1. Enter zone "a" // 2. Wait for zone "a" to be left to enter zone "b" twice // 3. Verify that both zone "b" tasks ran in parallel promises.push(store.withZone(a, 'a', async () => order.push(1))); promises.push( store.withZone(b, 'b', async () => { order.push(2); await Promise.resolve(); order.push(22); }) ); promises.push( store.withZone(b, 'b', async () => { order.push(3); await Promise.resolve(); order.push(33); }) ); await Promise.resolve(); await Promise.resolve(); await Promise.all(promises); assert.deepEqual(order, [1, 2, 3, 22, 33]); }); }); describe('Not yet processed messages', () => { const NOW = Date.now(); beforeEach(async () => { await store.removeAllUnprocessed(); const items = await store.getAllUnprocessedAndIncrementAttempts(); assert.strictEqual(items.length, 0); }); it('adds three and gets them back', async () => { await Promise.all([ store.addUnprocessed({ id: '0-dropped', version: 2, attempts: 0, envelope: 'old envelope', receivedAtCounter: -1, timestamp: NOW - 2 * durations.MONTH, urgent: true, }), store.addUnprocessed({ id: '2-two', version: 2, attempts: 0, envelope: 'second', receivedAtCounter: 1, timestamp: NOW + 2, urgent: true, }), store.addUnprocessed({ id: '3-three', version: 2, attempts: 0, envelope: 'third', receivedAtCounter: 2, timestamp: NOW + 3, urgent: true, }), store.addUnprocessed({ id: '1-one', version: 2, attempts: 0, envelope: 'first', receivedAtCounter: 0, timestamp: NOW + 1, urgent: true, }), ]); const items = await store.getAllUnprocessedAndIncrementAttempts(); assert.strictEqual(items.length, 3); // they are in the proper order because the collection comparator is // 'receivedAtCounter' assert.strictEqual(items[0].envelope, 'first'); assert.strictEqual(items[1].envelope, 'second'); assert.strictEqual(items[2].envelope, 'third'); }); it('can updates items', async () => { const id = '1-one'; await store.addUnprocessed({ id, version: 2, attempts: 0, envelope: 'first', receivedAtCounter: 0, timestamp: NOW + 1, urgent: false, }); await store.updateUnprocessedWithData(id, { decrypted: 'updated' }); const items = await store.getAllUnprocessedAndIncrementAttempts(); assert.strictEqual(items.length, 1); assert.strictEqual(items[0].decrypted, 'updated'); assert.strictEqual(items[0].timestamp, NOW + 1); assert.strictEqual(items[0].attempts, 1); assert.strictEqual(items[0].urgent, false); }); it('removeUnprocessed successfully deletes item', async () => { const id = '1-one'; await store.addUnprocessed({ id, version: 2, attempts: 0, envelope: 'first', receivedAtCounter: 0, timestamp: NOW + 1, urgent: true, }); await store.removeUnprocessed(id); const items = await store.getAllUnprocessedAndIncrementAttempts(); assert.strictEqual(items.length, 0); }); it('getAllUnprocessedAndIncrementAttempts deletes items', async () => { await store.addUnprocessed({ id: '1-one', version: 2, attempts: 3, envelope: 'first', receivedAtCounter: 0, timestamp: NOW + 1, urgent: true, }); const items = await store.getAllUnprocessedAndIncrementAttempts(); assert.strictEqual(items.length, 0); }); }); describe('removeOurOldPni/updateOurPniKeyMaterial', () => { beforeEach(async () => { await store.storePreKey(ourUuid, 2, testKey); await store.storeSignedPreKey(ourUuid, 3, testKey); }); it('removes old data and sets new', async () => { const oldPni = ourUuid; const newPni = UUID.generate(); const newIdentity = IdentityKeyPair.generate(); const data = generateSignedPreKey( { pubKey: newIdentity.publicKey.serialize(), privKey: newIdentity.privateKey.serialize(), }, 8201 ); const createdAt = Date.now() - 1241; const signedPreKey = SignedPreKeyRecord.new( data.keyId, createdAt, PublicKey.deserialize(Buffer.from(data.keyPair.pubKey)), PrivateKey.deserialize(Buffer.from(data.keyPair.privKey)), Buffer.from(data.signature) ); await store.removeOurOldPni(oldPni); await store.updateOurPniKeyMaterial(newPni, { identityKeyPair: newIdentity.serialize(), signedPreKey: signedPreKey.serialize(), registrationId: 5231, }); // Old data has to be removed assert.isUndefined(store.getIdentityKeyPair(oldPni)); assert.isUndefined(await store.getLocalRegistrationId(oldPni)); assert.isUndefined(await store.loadPreKey(oldPni, 2)); assert.isUndefined(await store.loadSignedPreKey(oldPni, 3)); // New data has to be added const storedIdentity = store.getIdentityKeyPair(newPni); if (!storedIdentity) { throw new Error('New identity not found'); } assert.isTrue( Bytes.areEqual( storedIdentity.privKey, newIdentity.privateKey.serialize() ) ); assert.isTrue( Bytes.areEqual(storedIdentity.pubKey, newIdentity.publicKey.serialize()) ); const storedSignedPreKey = await store.loadSignedPreKey(newPni, 8201); if (!storedSignedPreKey) { throw new Error('New signed pre key not found'); } assert.isTrue( Bytes.areEqual( storedSignedPreKey.publicKey().serialize(), data.keyPair.pubKey ) ); assert.isTrue( Bytes.areEqual( storedSignedPreKey.privateKey().serialize(), data.keyPair.privKey ) ); assert.strictEqual(storedSignedPreKey.timestamp(), createdAt); // Note: signature is ignored. }); }); });