Merge branch 'trust-store-changes'

Catching master up with the latest updates. the trust-store-changes branch has all
recent tags, and the master branch has a few readme and project-level changes.

Author: scottnonnenberg

dist/libsignal-protocol.js

@@ -7,7 +7,7 @@ SessionBuilder.prototype = {
   processPreKey: function(device) {
     return Internal.SessionLock.queueJobForNumber(this.remoteAddress.toString(), function() {
       return this.storage.isTrustedIdentity(
-          this.remoteAddress.getName(), device.identityKey
+          this.remoteAddress.getName(), device.identityKey, this.storage.Direction.SENDING
       ).then(function(trusted) {
         if (!trusted) {
           throw new Error('Identity key changed');
@@ -21,15 +21,20 @@ SessionBuilder.prototype = {
       }).then(function() {
         return Internal.crypto.createKeyPair();
       }).then(function(baseKey) {
-        var devicePreKey = (device.preKey.publicKey);
+        var devicePreKey;
+        if (device.preKey) {
+            devicePreKey = device.preKey.publicKey;
+        }
         return this.initSession(true, baseKey, undefined, device.identityKey,
-          devicePreKey, device.signedPreKey.publicKey
+          devicePreKey, device.signedPreKey.publicKey, device.registrationId
         ).then(function(session) {
             session.pendingPreKey = {
-                preKeyId    : device.preKey.keyId,
                 signedKeyId : device.signedPreKey.keyId,
                 baseKey     : baseKey.pubKey
             };
+            if (device.preKey) {
+              session.pendingPreKey.preKeyId = device.preKey.keyId;
+            }
             return session;
         });
       }.bind(this)).then(function(session) {
@@ -39,14 +44,14 @@ SessionBuilder.prototype = {
           if (serialized !== undefined) {
             record = Internal.SessionRecord.deserialize(serialized);
           } else {
-            record = new Internal.SessionRecord(device.identityKey, device.registrationId);
+            record = new Internal.SessionRecord();
           }
 
           record.archiveCurrentState();
-          record.updateSessionState(session, device.registrationId);
+          record.updateSessionState(session);
           return Promise.all([
             this.storage.storeSession(address, record.serialize()),
-            this.storage.saveIdentity(this.remoteAddress.getName(), record.identityKey)
+            this.storage.saveIdentity(this.remoteAddress.toString(), session.indexInfo.remoteIdentityKey)
           ]);
         }.bind(this));
       }.bind(this));
@@ -55,7 +60,7 @@ SessionBuilder.prototype = {
   processV3: function(record, message) {
     var preKeyPair, signedPreKeyPair, session;
     return this.storage.isTrustedIdentity(
-        this.remoteAddress.getName(), message.identityKey.toArrayBuffer()
+        this.remoteAddress.getName(), message.identityKey.toArrayBuffer(), this.storage.Direction.RECEIVING
     ).then(function(trusted) {
         if (!trusted) {
             var e = new Error('Unknown identity key');
@@ -97,21 +102,21 @@ SessionBuilder.prototype = {
         }
         return this.initSession(false, preKeyPair, signedPreKeyPair,
             message.identityKey.toArrayBuffer(),
-            message.baseKey.toArrayBuffer(), undefined
+            message.baseKey.toArrayBuffer(), undefined, message.registrationId
         ).then(function(new_session) {
             // Note that the session is not actually saved until the very
             // end of decryptWhisperMessage ... to ensure that the sender
             // actually holds the private keys for all reported pubkeys
-            record.updateSessionState(new_session, message.registrationId);
-            return this.storage.saveIdentity(this.remoteAddress.getName(), message.identityKey.toArrayBuffer()).then(function() {
+            record.updateSessionState(new_session);
+            return this.storage.saveIdentity(this.remoteAddress.toString(), message.identityKey.toArrayBuffer()).then(function() {
               return message.preKeyId;
             });
         }.bind(this));
     }.bind(this));
   },
   initSession: function(isInitiator, ourEphemeralKey, ourSignedKey,
                    theirIdentityPubKey, theirEphemeralPubKey,
-                   theirSignedPubKey) {
+                   theirSignedPubKey, registrationId) {
     return this.storage.getIdentityKeyPair().then(function(ourIdentityKey) {
         if (isInitiator) {
             if (ourSignedKey !== undefined) {
@@ -161,6 +166,7 @@ SessionBuilder.prototype = {
             return Internal.HKDF(sharedSecret.buffer, new ArrayBuffer(32), "WhisperText");
         }).then(function(masterKey) {
             var session = {
+                registrationId: registrationId,
                 currentRatchet: {
                     rootKey                : masterKey[0],
                     lastRemoteEphemeralKey : theirSignedPubKey,

src/SessionBuilder.js

@@ -1,4 +1,11 @@
-function SessionCipher(storage, remoteAddress) {
+function SessionCipher(storage, remoteAddress, options) {
+  options = options || {};
+
+  if (typeof options.messageKeysLimit === 'undefined') {
+    options.messageKeysLimit = 1000;
+  }
+
+  this.messageKeysLimit = options.messageKeysLimit;
   this.remoteAddress = remoteAddress;
   this.storage = storage;
 }
@@ -76,10 +83,20 @@ SessionCipher.prototype = {
                   result.set(new Uint8Array(encodedMsg), 1);
                   result.set(new Uint8Array(mac, 0, 8), encodedMsg.byteLength + 1);
 
-                  record.updateSessionState(session);
-                  return this.storage.storeSession(address, record.serialize()).then(function() {
-                      return result;
-                  });
+                  return this.storage.isTrustedIdentity(
+                      this.remoteAddress.getName(), util.toArrayBuffer(session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING
+                  ).then(function(trusted) {
+                      if (!trusted) {
+                          throw new Error('Identity key changed');
+                      }
+                  }).then(function() {
+                      return this.storage.saveIdentity(this.remoteAddress.toString(), session.indexInfo.remoteIdentityKey);
+                  }.bind(this)).then(function() {
+                      record.updateSessionState(session);
+                      return this.storage.storeSession(address, record.serialize()).then(function() {
+                          return result;
+                      });
+                  }.bind(this));
               }.bind(this));
           }.bind(this));
       }.bind(this)).then(function(message) {
@@ -89,22 +106,24 @@ SessionCipher.prototype = {
               preKeyMsg.registrationId = myRegistrationId;
 
               preKeyMsg.baseKey = util.toArrayBuffer(session.pendingPreKey.baseKey);
-              preKeyMsg.preKeyId = session.pendingPreKey.preKeyId;
+              if (session.pendingPreKey.preKeyId) {
+                  preKeyMsg.preKeyId = session.pendingPreKey.preKeyId;
+              }
               preKeyMsg.signedPreKeyId = session.pendingPreKey.signedKeyId;
 
               preKeyMsg.message = message;
               var result = String.fromCharCode((3 << 4) | 3) + util.toString(preKeyMsg.encode());
               return {
                   type           : 3,
                   body           : result,
-                  registrationId : record.registrationId
+                  registrationId : session.registrationId
               };
 
           } else {
               return {
                   type           : 1,
                   body           : util.toString(message),
-                  registrationId : record.registrationId
+                  registrationId : session.registrationId
               };
           }
       });
@@ -122,6 +141,10 @@ SessionCipher.prototype = {
     return this.doDecryptWhisperMessage(buffer, session).then(function(plaintext) {
         return { plaintext: plaintext, session: session };
     }).catch(function(e) {
+        if (e.name === 'MessageCounterError') {
+            return Promise.reject(e);
+        }
+
         errors.push(e);
         return this.decryptWithSessionList(buffer, sessionList, errors);
     }.bind(this));
@@ -137,10 +160,25 @@ SessionCipher.prototype = {
             var errors = [];
             return this.decryptWithSessionList(buffer, record.getSessions(), errors).then(function(result) {
                 return this.getRecord(address).then(function(record) {
-                    record.updateSessionState(result.session);
-                    return this.storage.storeSession(address, record.serialize()).then(function() {
-                        return result.plaintext;
-                    });
+                    if (result.session.indexInfo.baseKey !== record.getOpenSession().indexInfo.baseKey) {
+                      record.archiveCurrentState();
+                      record.promoteState(result.session);
+                    }
+
+                    return this.storage.isTrustedIdentity(
+                        this.remoteAddress.getName(), util.toArrayBuffer(result.session.indexInfo.remoteIdentityKey), this.storage.Direction.RECEIVING
+                    ).then(function(trusted) {
+                        if (!trusted) {
+                            throw new Error('Identity key changed');
+                        }
+                    }).then(function() {
+                        return this.storage.saveIdentity(this.remoteAddress.toString(), result.session.indexInfo.remoteIdentityKey);
+                    }.bind(this)).then(function() {
+                        record.updateSessionState(result.session);
+                        return this.storage.storeSession(address, record.serialize()).then(function() {
+                            return result.plaintext;
+                        });
+                    }.bind(this));
                 }.bind(this));
             }.bind(this));
         }.bind(this));
@@ -161,19 +199,19 @@ SessionCipher.prototype = {
                       throw new Error("No registrationId");
                   }
                   record = new Internal.SessionRecord(
-                      util.toString(preKeyProto.identityKey),
                       preKeyProto.registrationId
                   );
               }
               var builder = new SessionBuilder(this.storage, this.remoteAddress);
+              // isTrustedIdentity is called within processV3, no need to call it here
               return builder.processV3(record, preKeyProto).then(function(preKeyId) {
                   var session = record.getSessionByBaseKey(preKeyProto.baseKey);
                   return this.doDecryptWhisperMessage(
                       preKeyProto.message.toArrayBuffer(), session
                   ).then(function(plaintext) {
                       record.updateSessionState(session);
                       return this.storage.storeSession(address, record.serialize()).then(function() {
-                          if (preKeyId !== undefined) {
+                          if (preKeyId !== undefined && preKeyId !== null) {
                               return this.storage.removePreKey(preKeyId);
                           }
                       }.bind(this)).then(function() {
@@ -240,7 +278,7 @@ SessionCipher.prototype = {
     });
   },
   fillMessageKeys: function(chain, counter) {
-      if (Object.keys(chain.messageKeys).length >= 1000) {
+      if (this.messageKeysLimit && Object.keys(chain.messageKeys).length >= this.messageKeysLimit) {
           console.log("Too many message keys for chain");
           return Promise.resolve(); // Stalker, much?
       }
@@ -330,7 +368,11 @@ SessionCipher.prototype = {
           if (record === undefined) {
               return undefined;
           }
-          return record.registrationId;
+          var openSession = record.getOpenSession();
+          if (openSession === undefined) {
+              return null;
+          }
+          return openSession.registrationId;
       });
     }.bind(this));
   },
@@ -359,8 +401,8 @@ SessionCipher.prototype = {
   }
 };
 
-libsignal.SessionCipher = function(storage, remoteAddress) {
-    var cipher = new SessionCipher(storage, remoteAddress);
+libsignal.SessionCipher = function(storage, remoteAddress, options) {
+    var cipher = new SessionCipher(storage, remoteAddress, options);
 
     // returns a Promise that resolves to a ciphertext object
     this.encrypt = cipher.encrypt.bind(cipher);