Skip to content
This repository was archived by the owner on Aug 5, 2021. It is now read-only.

Commit 2657f00

Browse files
scottnonnenbergliliakai
scottnonnenberg
authored and
liliakai
committed
Add identity checks to encrypt/decrypt
signalapp/libsignal-protocol-java@6935c70
1 parent b45ace4 commit 2657f00

File tree

2 files changed

+76
-16
lines changed

2 files changed

+76
-16
lines changed

dist/libsignal-protocol.js

Lines changed: 38 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -36129,10 +36129,24 @@ SessionCipher.prototype = {
3612936129
result.set(new Uint8Array(encodedMsg), 1);
3613036130
result.set(new Uint8Array(mac, 0, 8), encodedMsg.byteLength + 1);
3613136131

36132-
record.updateSessionState(session);
36133-
return this.storage.storeSession(address, record.serialize()).then(function() {
36134-
return result;
36135-
});
36132+
return this.storage.isTrustedIdentity(
36133+
this.remoteAddress.getName(), util.toArrayBuffer(session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING
36134+
).then(function(trusted) {
36135+
if (!trusted) {
36136+
throw new Error('Identity key changed');
36137+
}
36138+
}).then(function() {
36139+
return this.storage.saveIdentity(this.remoteAddress.getName(), session.indexInfo.remoteIdentityKey).then(function(changed) {
36140+
if (changed) {
36141+
return record.removePreviousSessions();
36142+
}
36143+
});
36144+
}.bind(this)).then(function() {
36145+
record.updateSessionState(session);
36146+
return this.storage.storeSession(address, record.serialize()).then(function() {
36147+
return result;
36148+
});
36149+
}.bind(this));
3613636150
}.bind(this));
3613736151
}.bind(this));
3613836152
}.bind(this)).then(function(message) {
@@ -36200,10 +36214,25 @@ SessionCipher.prototype = {
3620036214
record.archiveCurrentState();
3620136215
record.promoteState(result.session);
3620236216
}
36203-
record.updateSessionState(result.session);
36204-
return this.storage.storeSession(address, record.serialize()).then(function() {
36205-
return result.plaintext;
36206-
});
36217+
36218+
return this.storage.isTrustedIdentity(
36219+
this.remoteAddress.getName(), util.toArrayBuffer(result.session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING
36220+
).then(function(trusted) {
36221+
if (!trusted) {
36222+
throw new Error('Identity key changed');
36223+
}
36224+
}).then(function() {
36225+
return this.storage.saveIdentity(this.remoteAddress.getName(), result.session.indexInfo.remoteIdentityKey).then(function(changed) {
36226+
if (changed) {
36227+
return record.removePreviousSessions();
36228+
}
36229+
});
36230+
}.bind(this)).then(function() {
36231+
record.updateSessionState(result.session);
36232+
return this.storage.storeSession(address, record.serialize()).then(function() {
36233+
return result.plaintext;
36234+
});
36235+
}.bind(this));
3620736236
}.bind(this));
3620836237
}.bind(this));
3620936238
}.bind(this));
@@ -36228,6 +36257,7 @@ SessionCipher.prototype = {
3622836257
);
3622936258
}
3623036259
var builder = new SessionBuilder(this.storage, this.remoteAddress);
36260+
// isTrustedIdentity is called within processV3, no need to call it here
3623136261
return builder.processV3(record, preKeyProto).then(function(preKeyId) {
3623236262
var session = record.getSessionByBaseKey(preKeyProto.baseKey);
3623336263
return this.doDecryptWhisperMessage(

src/SessionCipher.js

Lines changed: 38 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -76,10 +76,24 @@ SessionCipher.prototype = {
7676
result.set(new Uint8Array(encodedMsg), 1);
7777
result.set(new Uint8Array(mac, 0, 8), encodedMsg.byteLength + 1);
7878

79-
record.updateSessionState(session);
80-
return this.storage.storeSession(address, record.serialize()).then(function() {
81-
return result;
82-
});
79+
return this.storage.isTrustedIdentity(
80+
this.remoteAddress.getName(), util.toArrayBuffer(session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING
81+
).then(function(trusted) {
82+
if (!trusted) {
83+
throw new Error('Identity key changed');
84+
}
85+
}).then(function() {
86+
return this.storage.saveIdentity(this.remoteAddress.getName(), session.indexInfo.remoteIdentityKey).then(function(changed) {
87+
if (changed) {
88+
return record.removePreviousSessions();
89+
}
90+
});
91+
}.bind(this)).then(function() {
92+
record.updateSessionState(session);
93+
return this.storage.storeSession(address, record.serialize()).then(function() {
94+
return result;
95+
});
96+
}.bind(this));
8397
}.bind(this));
8498
}.bind(this));
8599
}.bind(this)).then(function(message) {
@@ -147,10 +161,25 @@ SessionCipher.prototype = {
147161
record.archiveCurrentState();
148162
record.promoteState(result.session);
149163
}
150-
record.updateSessionState(result.session);
151-
return this.storage.storeSession(address, record.serialize()).then(function() {
152-
return result.plaintext;
153-
});
164+
165+
return this.storage.isTrustedIdentity(
166+
this.remoteAddress.getName(), util.toArrayBuffer(result.session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING
167+
).then(function(trusted) {
168+
if (!trusted) {
169+
throw new Error('Identity key changed');
170+
}
171+
}).then(function() {
172+
return this.storage.saveIdentity(this.remoteAddress.getName(), result.session.indexInfo.remoteIdentityKey).then(function(changed) {
173+
if (changed) {
174+
return record.removePreviousSessions();
175+
}
176+
});
177+
}.bind(this)).then(function() {
178+
record.updateSessionState(result.session);
179+
return this.storage.storeSession(address, record.serialize()).then(function() {
180+
return result.plaintext;
181+
});
182+
}.bind(this));
154183
}.bind(this));
155184
}.bind(this));
156185
}.bind(this));
@@ -175,6 +204,7 @@ SessionCipher.prototype = {
175204
);
176205
}
177206
var builder = new SessionBuilder(this.storage, this.remoteAddress);
207+
// isTrustedIdentity is called within processV3, no need to call it here
178208
return builder.processV3(record, preKeyProto).then(function(preKeyId) {
179209
var session = record.getSessionByBaseKey(preKeyProto.baseKey);
180210
return this.doDecryptWhisperMessage(

0 commit comments

Comments
 (0)