Search in sources :

Example 81 with ProfileKey

use of org.signal.zkgroup.profiles.ProfileKey in project Signal-Android by signalapp.

the class ProfileCipherTest method testStreamBadAuthentication.

@Test
public void testStreamBadAuthentication() throws Exception {
    assumeLibSignalSupportedOnOS();
    ProfileKey key = new ProfileKey(Util.getSecretBytes(32));
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    ProfileCipherOutputStream out = new ProfileCipherOutputStream(baos, key);
    out.write("This is an avatar".getBytes());
    out.flush();
    out.close();
    byte[] encrypted = baos.toByteArray();
    encrypted[encrypted.length - 1] ^= 1;
    try {
        readStream(encrypted, key, 2048);
        fail("failed to verify authenticate tag");
    } catch (IOException e) {
    }
}
Also used : ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) ProfileKey(org.signal.zkgroup.profiles.ProfileKey) Test(org.junit.Test)

Example 82 with ProfileKey

use of org.signal.zkgroup.profiles.ProfileKey in project Signal-Android by signalapp.

the class SignalServiceAccountManager method setVersionedProfile.

/**
 * @return The avatar URL path, if one was written.
 */
public Optional<String> setVersionedProfile(ACI aci, ProfileKey profileKey, String name, String about, String aboutEmoji, Optional<SignalServiceProtos.PaymentAddress> paymentsAddress, StreamDetails avatar, List<String> visibleBadgeIds) throws IOException {
    if (name == null)
        name = "";
    ProfileCipher profileCipher = new ProfileCipher(profileKey);
    byte[] ciphertextName = profileCipher.encryptString(name, ProfileCipher.getTargetNameLength(name));
    byte[] ciphertextAbout = profileCipher.encryptString(about, ProfileCipher.getTargetAboutLength(about));
    byte[] ciphertextEmoji = profileCipher.encryptString(aboutEmoji, ProfileCipher.EMOJI_PADDED_LENGTH);
    byte[] ciphertextMobileCoinAddress = paymentsAddress.transform(address -> profileCipher.encryptWithLength(address.toByteArray(), ProfileCipher.PAYMENTS_ADDRESS_CONTENT_SIZE)).orNull();
    boolean hasAvatar = avatar != null;
    ProfileAvatarData profileAvatarData = null;
    if (hasAvatar) {
        profileAvatarData = new ProfileAvatarData(avatar.getStream(), ProfileCipherOutputStream.getCiphertextLength(avatar.getLength()), avatar.getContentType(), new ProfileCipherOutputStreamFactory(profileKey));
    }
    return this.pushServiceSocket.writeProfile(new SignalServiceProfileWrite(profileKey.getProfileKeyVersion(aci.uuid()).serialize(), ciphertextName, ciphertextAbout, ciphertextEmoji, ciphertextMobileCoinAddress, hasAvatar, profileKey.getCommitment(aci.uuid()).serialize(), visibleBadgeIds), profileAvatarData);
}
Also used : ReadOperation(org.whispersystems.signalservice.internal.storage.protos.ReadOperation) ServiceIdType(org.whispersystems.signalservice.api.push.ServiceIdType) Quote(org.whispersystems.signalservice.internal.contacts.crypto.Quote) ProfileKey(org.signal.zkgroup.profiles.ProfileKey) StorageManifest(org.whispersystems.signalservice.internal.storage.protos.StorageManifest) ProfileCipher(org.whispersystems.signalservice.api.crypto.ProfileCipher) ProfileAndCredential(org.whispersystems.signalservice.api.profiles.ProfileAndCredential) StorageKey(org.whispersystems.signalservice.api.storage.StorageKey) Preconditions(org.whispersystems.libsignal.util.guava.Preconditions) Map(java.util.Map) SignalStorageModels(org.whispersystems.signalservice.api.storage.SignalStorageModels) AuthCredentials(org.whispersystems.signalservice.internal.push.AuthCredentials) ProvisionMessage(org.whispersystems.signalservice.internal.push.ProvisioningProtos.ProvisionMessage) RequestVerificationCodeResponse(org.whispersystems.signalservice.internal.push.RequestVerificationCodeResponse) SignalStorageCipher(org.whispersystems.signalservice.api.storage.SignalStorageCipher) SignalServiceProtos(org.whispersystems.signalservice.internal.push.SignalServiceProtos) RemoteAttestationUtil(org.whispersystems.signalservice.internal.push.RemoteAttestationUtil) ACI(org.whispersystems.signalservice.api.push.ACI) Set(java.util.Set) GroupsV2Operations(org.whispersystems.signalservice.api.groupsv2.GroupsV2Operations) IdentityKey(org.whispersystems.libsignal.IdentityKey) CredentialsProvider(org.whispersystems.signalservice.api.util.CredentialsProvider) ProfileCipherOutputStream(org.whispersystems.signalservice.api.crypto.ProfileCipherOutputStream) Base64(org.whispersystems.util.Base64) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IdentityKeyPair(org.whispersystems.libsignal.IdentityKeyPair) StorageManifestKey(org.whispersystems.signalservice.api.storage.StorageManifestKey) SignalStorageRecord(org.whispersystems.signalservice.api.storage.SignalStorageRecord) NoContentException(org.whispersystems.signalservice.api.push.exceptions.NoContentException) Single(io.reactivex.rxjava3.core.Single) SignalServiceProfileWrite(org.whispersystems.signalservice.api.profiles.SignalServiceProfileWrite) PreKeyRecord(org.whispersystems.libsignal.state.PreKeyRecord) InvalidKeyException(org.whispersystems.libsignal.InvalidKeyException) ArrayList(java.util.ArrayList) WhoAmIResponse(org.whispersystems.signalservice.internal.push.WhoAmIResponse) ECPublicKey(org.whispersystems.libsignal.ecc.ECPublicKey) DeviceInfo(org.whispersystems.signalservice.api.messages.multidevice.DeviceInfo) StaticCredentialsProvider(org.whispersystems.signalservice.internal.util.StaticCredentialsProvider) UnauthenticatedQuoteException(org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedQuoteException) ProfileKeyCredential(org.signal.zkgroup.profiles.ProfileKeyCredential) PushNetworkException(org.whispersystems.signalservice.api.push.exceptions.PushNetworkException) StreamDetails(org.whispersystems.signalservice.api.util.StreamDetails) IOException(java.io.IOException) ProfileAvatarData(org.whispersystems.signalservice.internal.push.ProfileAvatarData) GroupsV2Api(org.whispersystems.signalservice.api.groupsv2.GroupsV2Api) Optional(org.whispersystems.libsignal.util.guava.Optional) ExecutionException(java.util.concurrent.ExecutionException) PrimaryProvisioningCipher(org.whispersystems.signalservice.internal.crypto.PrimaryProvisioningCipher) ServiceId(org.whispersystems.signalservice.api.push.ServiceId) RemoteConfigResponse(org.whispersystems.signalservice.internal.push.RemoteConfigResponse) StorageItems(org.whispersystems.signalservice.internal.storage.protos.StorageItems) MasterKey(org.whispersystems.signalservice.api.kbs.MasterKey) TurnServerInfo(org.whispersystems.signalservice.api.messages.calls.TurnServerInfo) ManifestRecord(org.whispersystems.signalservice.internal.storage.protos.ManifestRecord) WriteOperation(org.whispersystems.signalservice.internal.storage.protos.WriteOperation) Util(org.whispersystems.signalservice.internal.util.Util) TimeoutException(java.util.concurrent.TimeoutException) SignedPreKeyRecord(org.whispersystems.libsignal.state.SignedPreKeyRecord) NotFoundException(org.whispersystems.signalservice.api.push.exceptions.NotFoundException) DiscoveryRequest(org.whispersystems.signalservice.internal.contacts.entities.DiscoveryRequest) ByteArrayInputStream(java.io.ByteArrayInputStream) Locale(java.util.Locale) NonSuccessfulResponseCodeException(org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException) InvalidCiphertextException(org.whispersystems.signalservice.api.crypto.InvalidCiphertextException) CdshAuthResponse(org.whispersystems.signalservice.internal.push.CdshAuthResponse) StorageId(org.whispersystems.signalservice.api.storage.StorageId) ContactDiscoveryCipher(org.whispersystems.signalservice.internal.contacts.crypto.ContactDiscoveryCipher) VerifyAccountResponse(org.whispersystems.signalservice.internal.push.VerifyAccountResponse) PushServiceSocket(org.whispersystems.signalservice.internal.push.PushServiceSocket) VerifyDeviceResponse(org.whispersystems.signalservice.api.messages.multidevice.VerifyDeviceResponse) SignatureException(java.security.SignatureException) Collection(java.util.Collection) KeyStore(java.security.KeyStore) UUID(java.util.UUID) SignalServiceConfiguration(org.whispersystems.signalservice.internal.configuration.SignalServiceConfiguration) ByteString(com.google.protobuf.ByteString) DiscoveryResponse(org.whispersystems.signalservice.internal.contacts.entities.DiscoveryResponse) List(java.util.List) CurrencyConversions(org.whispersystems.signalservice.api.payments.CurrencyConversions) ProfileCipherOutputStreamFactory(org.whispersystems.signalservice.internal.push.http.ProfileCipherOutputStreamFactory) ProvisioningVersion(org.whispersystems.signalservice.internal.push.ProvisioningProtos.ProvisioningVersion) CdshService(org.whispersystems.signalservice.api.services.CdshService) AccountAttributes(org.whispersystems.signalservice.api.account.AccountAttributes) DataInputStream(java.io.DataInputStream) MessageDigest(java.security.MessageDigest) HashMap(java.util.HashMap) ClientZkOperations(org.whispersystems.signalservice.api.groupsv2.ClientZkOperations) UnauthenticatedResponseException(org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedResponseException) Log(org.whispersystems.libsignal.logging.Log) LinkedList(java.util.LinkedList) SignalStorageManifest(org.whispersystems.signalservice.api.storage.SignalStorageManifest) PNI(org.whispersystems.signalservice.api.push.PNI) SignedPreKeyEntity(org.whispersystems.signalservice.api.push.SignedPreKeyEntity) RemoteAttestation(org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestation) ServiceResponse(org.whispersystems.signalservice.internal.ServiceResponse) TimeUnit(java.util.concurrent.TimeUnit) StorageItem(org.whispersystems.signalservice.internal.storage.protos.StorageItem) Collections(java.util.Collections) ProfileCipherOutputStreamFactory(org.whispersystems.signalservice.internal.push.http.ProfileCipherOutputStreamFactory) SignalServiceProfileWrite(org.whispersystems.signalservice.api.profiles.SignalServiceProfileWrite) ProfileCipher(org.whispersystems.signalservice.api.crypto.ProfileCipher) ProfileAvatarData(org.whispersystems.signalservice.internal.push.ProfileAvatarData)

Example 83 with ProfileKey

use of org.signal.zkgroup.profiles.ProfileKey in project Signal-Android by WhisperSystems.

the class RetrieveProfileJob method setProfileAbout.

private void setProfileAbout(@NonNull Recipient recipient, @Nullable String encryptedAbout, @Nullable String encryptedEmoji) {
    try {
        ProfileKey profileKey = ProfileKeyUtil.profileKeyOrNull(recipient.getProfileKey());
        if (profileKey == null)
            return;
        String plaintextAbout = ProfileUtil.decryptString(profileKey, encryptedAbout);
        String plaintextEmoji = ProfileUtil.decryptString(profileKey, encryptedEmoji);
        SignalDatabase.recipients().setAbout(recipient.getId(), plaintextAbout, plaintextEmoji);
    } catch (InvalidCiphertextException | IOException e) {
        Log.w(TAG, e);
    }
}
Also used : InvalidCiphertextException(org.whispersystems.signalservice.api.crypto.InvalidCiphertextException) IOException(java.io.IOException) ProfileKey(org.signal.zkgroup.profiles.ProfileKey)

Example 84 with ProfileKey

use of org.signal.zkgroup.profiles.ProfileKey in project Signal-Android by WhisperSystems.

the class RetrieveProfileJob method setUnidentifiedAccessMode.

private void setUnidentifiedAccessMode(Recipient recipient, String unidentifiedAccessVerifier, boolean unrestrictedUnidentifiedAccess) {
    RecipientDatabase recipientDatabase = SignalDatabase.recipients();
    ProfileKey profileKey = ProfileKeyUtil.profileKeyOrNull(recipient.getProfileKey());
    if (unrestrictedUnidentifiedAccess && unidentifiedAccessVerifier != null) {
        if (recipient.getUnidentifiedAccessMode() != UnidentifiedAccessMode.UNRESTRICTED) {
            Log.i(TAG, "Marking recipient UD status as unrestricted.");
            recipientDatabase.setUnidentifiedAccessMode(recipient.getId(), UnidentifiedAccessMode.UNRESTRICTED);
        }
    } else if (profileKey == null || unidentifiedAccessVerifier == null) {
        if (recipient.getUnidentifiedAccessMode() != UnidentifiedAccessMode.DISABLED) {
            Log.i(TAG, "Marking recipient UD status as disabled.");
            recipientDatabase.setUnidentifiedAccessMode(recipient.getId(), UnidentifiedAccessMode.DISABLED);
        }
    } else {
        ProfileCipher profileCipher = new ProfileCipher(profileKey);
        boolean verifiedUnidentifiedAccess;
        try {
            verifiedUnidentifiedAccess = profileCipher.verifyUnidentifiedAccess(Base64.decode(unidentifiedAccessVerifier));
        } catch (IOException e) {
            Log.w(TAG, e);
            verifiedUnidentifiedAccess = false;
        }
        UnidentifiedAccessMode mode = verifiedUnidentifiedAccess ? UnidentifiedAccessMode.ENABLED : UnidentifiedAccessMode.DISABLED;
        if (recipient.getUnidentifiedAccessMode() != mode) {
            Log.i(TAG, "Marking recipient UD status as " + mode.name() + " after verification.");
            recipientDatabase.setUnidentifiedAccessMode(recipient.getId(), mode);
        }
    }
}
Also used : RecipientDatabase(org.thoughtcrime.securesms.database.RecipientDatabase) ProfileCipher(org.whispersystems.signalservice.api.crypto.ProfileCipher) IOException(java.io.IOException) UnidentifiedAccessMode(org.thoughtcrime.securesms.database.RecipientDatabase.UnidentifiedAccessMode) ProfileKey(org.signal.zkgroup.profiles.ProfileKey)

Example 85 with ProfileKey

use of org.signal.zkgroup.profiles.ProfileKey in project Signal-Android by WhisperSystems.

the class ProfileKeySetTest method profile_key_update_by_self_is_authoritative.

@Test
public void profile_key_update_by_self_is_authoritative() {
    UUID member = UUID.randomUUID();
    ProfileKey profileKey = ProfileKeyUtil.createNew();
    ProfileKeySet profileKeySet = new ProfileKeySet();
    profileKeySet.addKeysFromGroupChange(changeBy(member).profileKeyUpdate(member, profileKey).build());
    assertTrue(profileKeySet.getProfileKeys().isEmpty());
    assertThat(profileKeySet.getAuthoritativeProfileKeys(), is(Collections.singletonMap(ACI.from(member), profileKey)));
}
Also used : UUID(java.util.UUID) ProfileKey(org.signal.zkgroup.profiles.ProfileKey) Test(org.junit.Test)

Aggregations

ProfileKey (org.signal.zkgroup.profiles.ProfileKey)150 Test (org.junit.Test)102 UUID (java.util.UUID)90 DecryptedGroup (org.signal.storageservice.protos.groups.local.DecryptedGroup)50 ProtoTestUtils.randomProfileKey (org.whispersystems.signalservice.api.groupsv2.ProtoTestUtils.randomProfileKey)50 DecryptedGroupChange (org.signal.storageservice.protos.groups.local.DecryptedGroupChange)34 ProtoTestUtils.newProfileKey (org.whispersystems.signalservice.api.groupsv2.ProtoTestUtils.newProfileKey)28 ProtoTestUtils.withProfileKey (org.whispersystems.signalservice.api.groupsv2.ProtoTestUtils.withProfileKey)28 IOException (java.io.IOException)24 GroupChange (org.signal.storageservice.protos.groups.GroupChange)14 DecryptedMember (org.signal.storageservice.protos.groups.local.DecryptedMember)14 InvalidCiphertextException (org.whispersystems.signalservice.api.crypto.InvalidCiphertextException)12 InvalidInputException (org.signal.zkgroup.InvalidInputException)8 ProfileKeyCredential (org.signal.zkgroup.profiles.ProfileKeyCredential)8 Recipient (org.thoughtcrime.securesms.recipients.Recipient)8 InvalidKeyException (org.whispersystems.libsignal.InvalidKeyException)8 NonNull (androidx.annotation.NonNull)6 ByteArrayOutputStream (java.io.ByteArrayOutputStream)6 RecipientDatabase (org.thoughtcrime.securesms.database.RecipientDatabase)6 IdentityKey (org.whispersystems.libsignal.IdentityKey)6