jonny
/
Signal-Desktop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Handle PNI keys from ProvisionMessage

This commit is contained in:
Fedor Indutny 2022-03-01 15:01:21 -08:00 committed by GitHub
parent 19441cd3f3
commit 2b0c98f943
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 63 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
protos/DeviceMessages.proto
View File

@ -14,13 +14,17 @@ message ProvisionEnvelope {
}
message ProvisionMessage {
optional bytes identityKeyPrivate = 2;
optional string number = 3;
optional string uuid = 8;
optional string provisioningCode = 4;
optional string userAgent = 5;
optional bytes profileKey = 6;
optional bool readReceipts = 7;
optional bytes aciIdentityKeyPublic = 1;
optional bytes aciIdentityKeyPrivate = 2;
optional bytes pniIdentityKeyPublic = 11;
optional bytes pniIdentityKeyPrivate = 12;
optional string aci = 8;
optional string pni = 10;
optional string number = 3;
optional string provisioningCode = 4;
optional string userAgent = 5;
optional bytes profileKey = 6;
optional bool readReceipts = 7;
optional uint32 ProvisioningVersion = 9;
}

11
ts/state/smart/InstallScreen.tsx
View File

@ -21,6 +21,7 @@ import { InstallError } from '../../components/installScreen/InstallScreenErrorS
import { MAX_DEVICE_NAME_LENGTH } from '../../components/installScreen/InstallScreenChoosingDeviceNameStep';
import { HTTPError } from '../../textsecure/Errors';
import { isRecord } from '../../util/isRecord';
import * as Errors from '../../types/errors';
import { normalizeDeviceName } from '../../util/normalizeDeviceName';
type PropsType = ComponentProps<typeof InstallScreen>;
@ -183,7 +184,7 @@ export function SmartInstallScreen(): ReactElement {
} catch (error) {
log.error(
'confirmNumber: error clearing database',
error && error.stack ? error.stack : error
Errors.toLogFormat(error)
);
}
}
@ -205,13 +206,17 @@ export function SmartInstallScreen(): ReactElement {
);
window.removeSetupMenuItems();
} catch (err: unknown) {
} catch (error) {
log.error(
'account.registerSecondDevice: got an error',
Errors.toLogFormat(error)
);
if (hasCleanedUp) {
return;
}
setState({
step: InstallScreenStep.Error,
error: getInstallError(err),
error: getInstallError(error),
});
}
})();

43
ts/textsecure/AccountManager.ts
View File

@ -76,7 +76,7 @@ export type GeneratedKeysType = {
type CreateAccountOptionsType = Readonly<{
number: string;
verificationCode: string;
identityKeyPair: KeyPairType;
aciKeyPair: KeyPairType;
pniKeyPair?: KeyPairType;
profileKey?: Uint8Array;
deviceName?: string;
@ -167,7 +167,7 @@ export default class AccountManager extends EventTarget {
async registerSingleDevice(number: string, verificationCode: string) {
return this.queueTask(async () => {
const identityKeyPair = generateKeyPair();
const aciKeyPair = generateKeyPair();
const pniKeyPair = generateKeyPair();
const profileKey = getRandomBytes(PROFILE_KEY_LENGTH);
const accessKey = deriveAccessKey(profileKey);
@ -177,7 +177,7 @@ export default class AccountManager extends EventTarget {
await this.createAccount({
number,
verificationCode,
identityKeyPair,
aciKeyPair,
pniKeyPair,
profileKey,
accessKey,
@ -277,7 +277,7 @@ export default class AccountManager extends EventTarget {
if (
!provisionMessage.number ||
!provisionMessage.provisioningCode ||
!provisionMessage.identityKeyPair
!provisionMessage.aciKeyPair
) {
throw new Error(
'AccountManager.registerSecondDevice: Provision message was missing key data'
@ -290,20 +290,31 @@ export default class AccountManager extends EventTarget {
await this.createAccount({
number: provisionMessage.number,
verificationCode: provisionMessage.provisioningCode,
identityKeyPair: provisionMessage.identityKeyPair,
aciKeyPair: provisionMessage.aciKeyPair,
pniKeyPair: provisionMessage.pniKeyPair,
profileKey: provisionMessage.profileKey,
deviceName,
userAgent: provisionMessage.userAgent,
readReceipts: provisionMessage.readReceipts,
});
await clearSessionsAndPreKeys();
// TODO: DESKTOP-2794
const keys = await this.generateKeys(
SIGNED_KEY_GEN_BATCH_SIZE,
UUIDKind.ACI
const keyKinds = [UUIDKind.ACI];
if (provisionMessage.pniKeyPair) {
keyKinds.push(UUIDKind.PNI);
}
await Promise.all(
keyKinds.map(async kind => {
const keys = await this.generateKeys(
SIGNED_KEY_GEN_BATCH_SIZE,
kind
);
await this.server.registerKeys(keys, kind);
await this.confirmKeys(keys, kind);
})
);
await this.server.registerKeys(keys, UUIDKind.ACI);
await this.confirmKeys(keys, UUIDKind.ACI);
} finally {
this.server.finishRegistration(registrationBaton);
}
@ -493,7 +504,7 @@ export default class AccountManager extends EventTarget {
async createAccount({
number,
verificationCode,
identityKeyPair,
aciKeyPair,
pniKeyPair,
profileKey,
deviceName,
@ -511,7 +522,7 @@ export default class AccountManager extends EventTarget {
let encryptedDeviceName;
if (deviceName) {
encryptedDeviceName = this.encryptDeviceName(deviceName, identityKeyPair);
encryptedDeviceName = this.encryptDeviceName(deviceName, aciKeyPair);
await this.deviceNameIsEncrypted();
}
@ -623,7 +634,7 @@ export default class AccountManager extends EventTarget {
await Promise.all([
storage.protocol.saveIdentityWithAttributes(new UUID(ourUuid), {
...identityAttrs,
publicKey: identityKeyPair.pubKey,
publicKey: aciKeyPair.pubKey,
}),
pniKeyPair
? storage.protocol.saveIdentityWithAttributes(new UUID(ourPni), {
@ -636,8 +647,8 @@ export default class AccountManager extends EventTarget {
const identityKeyMap = {
...(storage.get('identityKeyMap') || {}),
[ourUuid]: {
pubKey: Bytes.toBase64(identityKeyPair.pubKey),
privKey: Bytes.toBase64(identityKeyPair.privKey),
pubKey: Bytes.toBase64(aciKeyPair.pubKey),
privKey: Bytes.toBase64(aciKeyPair.privKey),
},
...(pniKeyPair
? {

26
ts/textsecure/ProvisioningCipher.ts
View File

@ -17,9 +17,11 @@ import { strictAssert } from '../util/assert';
import { normalizeUuid } from '../util/normalizeUuid';
type ProvisionDecryptResult = {
identityKeyPair: KeyPairType;
aciKeyPair: KeyPairType;
pniKeyPair?: KeyPairType;
number?: string;
uuid?: string;
aci?: string;
pni?: string;
provisioningCode?: string;
userAgent?: string;
readReceipts?: boolean;
@ -61,18 +63,24 @@ class ProvisioningCipherInner {
const plaintext = decryptAes256CbcPkcsPadding(keys[0], ciphertext, iv);
const provisionMessage = Proto.ProvisionMessage.decode(plaintext);
const privKey = provisionMessage.identityKeyPrivate;
strictAssert(privKey, 'Missing identityKeyPrivate in ProvisionMessage');
const aciPrivKey = provisionMessage.aciIdentityKeyPrivate;
const pniPrivKey = provisionMessage.pniIdentityKeyPrivate;
strictAssert(aciPrivKey, 'Missing aciKeyPrivate in ProvisionMessage');
const keyPair = createKeyPair(privKey);
const aciKeyPair = createKeyPair(aciPrivKey);
const pniKeyPair = pniPrivKey?.length
? createKeyPair(pniPrivKey)
: undefined;
const { uuid } = provisionMessage;
strictAssert(uuid, 'Missing uuid in provisioning message');
const { aci, pni } = provisionMessage;
strictAssert(aci, 'Missing aci in provisioning message');
const ret: ProvisionDecryptResult = {
identityKeyPair: keyPair,
aciKeyPair,
pniKeyPair,
number: provisionMessage.number,
uuid: normalizeUuid(uuid, 'ProvisionMessage.uuid'),
aci: normalizeUuid(aci, 'ProvisionMessage.aci'),
pni: pni ? normalizeUuid(pni, 'ProvisionMessage.pni') : undefined,
provisioningCode: provisionMessage.provisioningCode,
userAgent: provisionMessage.userAgent,
readReceipts: provisionMessage.readReceipts,