Examples with UnidentifiedAccess org.whispersystems.signalservice.api.crypto.UnidentifiedAccess used on opensource projects

Example 1 with UnidentifiedAccess

use of org.whispersystems.signalservice.api.crypto.UnidentifiedAccess in project Signal-Android by WhisperSystems.

the class UnidentifiedAccessUtil method getAccessForSync.

public static Optional<UnidentifiedAccessPair> getAccessForSync(@NonNull Context context) {
    try {
        byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
        byte[] ourUnidentifiedAccessCertificate = getUnidentifiedAccessCertificate(Recipient.self());
        if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
            ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
        }
        if (ourUnidentifiedAccessCertificate != null) {
            return Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate), new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate)));
        }
        return Optional.absent();
    } catch (InvalidCertificateException e) {
        Log.w(TAG, e);
        return Optional.absent();
    }
}

Example 2 with UnidentifiedAccess

use of org.whispersystems.signalservice.api.crypto.UnidentifiedAccess in project Signal-Android by WhisperSystems.

the class UnidentifiedAccessUtil method getAccessFor.

@WorkerThread
public static List<Optional<UnidentifiedAccessPair>> getAccessFor(@NonNull Context context, @NonNull List<Recipient> recipients, boolean log) {
    byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
    if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
        ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
    }
    List<Optional<UnidentifiedAccessPair>> access = new ArrayList<>(recipients.size());
    Map<CertificateType, Integer> typeCounts = new HashMap<>();
    for (Recipient recipient : recipients) {
        byte[] theirUnidentifiedAccessKey = getTargetUnidentifiedAccessKey(recipient);
        CertificateType certificateType = getUnidentifiedAccessCertificateType(recipient);
        byte[] ourUnidentifiedAccessCertificate = SignalStore.certificateValues().getUnidentifiedAccessCertificate(certificateType);
        int typeCount = Util.getOrDefault(typeCounts, certificateType, 0);
        typeCount++;
        typeCounts.put(certificateType, typeCount);
        if (theirUnidentifiedAccessKey != null && ourUnidentifiedAccessCertificate != null) {
            try {
                access.add(Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(theirUnidentifiedAccessKey, ourUnidentifiedAccessCertificate), new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate))));
            } catch (InvalidCertificateException e) {
                Log.w(TAG, e);
                access.add(Optional.absent());
            }
        } else {
            access.add(Optional.absent());
        }
    }
    int unidentifiedCount = Stream.of(access).filter(Optional::isPresent).toList().size();
    int otherCount = access.size() - unidentifiedCount;
    if (log) {
        Log.i(TAG, "Unidentified: " + unidentifiedCount + ", Other: " + otherCount + ". Types: " + typeCounts);
    }
    return access;
}

Example 3 with UnidentifiedAccess

use of org.whispersystems.signalservice.api.crypto.UnidentifiedAccess in project Signal-Android by WhisperSystems.

the class ProfileService method getProfile.

public Single<ServiceResponse<ProfileAndCredential>> getProfile(SignalServiceAddress address, Optional<ProfileKey> profileKey, Optional<UnidentifiedAccess> unidentifiedAccess, SignalServiceProfile.RequestType requestType, Locale locale) {
    ServiceId serviceId = address.getServiceId();
    SecureRandom random = new SecureRandom();
    ProfileKeyCredentialRequestContext requestContext = null;
    WebSocketProtos.WebSocketRequestMessage.Builder builder = WebSocketProtos.WebSocketRequestMessage.newBuilder().setId(random.nextLong()).setVerb("GET");
    if (profileKey.isPresent()) {
        ProfileKeyVersion profileKeyIdentifier = profileKey.get().getProfileKeyVersion(serviceId.uuid());
        String version = profileKeyIdentifier.serialize();
        if (requestType == SignalServiceProfile.RequestType.PROFILE_AND_CREDENTIAL) {
            requestContext = clientZkProfileOperations.createProfileKeyCredentialRequestContext(random, serviceId.uuid(), profileKey.get());
            ProfileKeyCredentialRequest request = requestContext.getRequest();
            String credentialRequest = Hex.toStringCondensed(request.serialize());
            builder.setPath(String.format("/v1/profile/%s/%s/%s", serviceId, version, credentialRequest));
        } else {
            builder.setPath(String.format("/v1/profile/%s/%s", serviceId, version));
        }
    } else {
        builder.setPath(String.format("/v1/profile/%s", address.getIdentifier()));
    }
    builder.addHeaders(AcceptLanguagesUtil.getAcceptLanguageHeader(locale));
    WebSocketProtos.WebSocketRequestMessage requestMessage = builder.build();
    ResponseMapper<ProfileAndCredential> responseMapper = DefaultResponseMapper.extend(ProfileAndCredential.class).withResponseMapper(new ProfileResponseMapper(requestType, requestContext)).build();
    return signalWebSocket.request(requestMessage, unidentifiedAccess).map(responseMapper::map).onErrorResumeNext(t -> restFallback(address, profileKey, unidentifiedAccess, requestType, locale)).onErrorReturn(ServiceResponse::forUnknownError);
}

Example 4 with UnidentifiedAccess

use of org.whispersystems.signalservice.api.crypto.UnidentifiedAccess in project Signal-Android by WhisperSystems.

the class SignalServiceMessageSender method resendContent.

/**
 * Resend a previously-sent message.
 */
public SendMessageResult resendContent(SignalServiceAddress address, Optional<UnidentifiedAccessPair> unidentifiedAccess, long timestamp, Content content, ContentHint contentHint, Optional<byte[]> groupId) throws UntrustedIdentityException, IOException {
    EnvelopeContent envelopeContent = EnvelopeContent.encrypted(content, contentHint, groupId);
    Optional<UnidentifiedAccess> access = unidentifiedAccess.isPresent() ? unidentifiedAccess.get().getTargetUnidentifiedAccess() : Optional.absent();
    return sendMessage(address, access, timestamp, envelopeContent, false, null);
}

Example 5 with UnidentifiedAccess

use of org.whispersystems.signalservice.api.crypto.UnidentifiedAccess in project Signal-Android by WhisperSystems.

the class SignalServiceMessageSender method sendGroupMessage.

/**
 * Will send a message using sender keys to all of the specified recipients. It is assumed that
 * all of the recipients have UUIDs.
 *
 * This method will handle sending out SenderKeyDistributionMessages as necessary.
 */
private List<SendMessageResult> sendGroupMessage(DistributionId distributionId, List<SignalServiceAddress> recipients, List<UnidentifiedAccess> unidentifiedAccess, long timestamp, Content content, ContentHint contentHint, byte[] groupId, boolean online, SenderKeyGroupEvents sendEvents) throws IOException, UntrustedIdentityException, NoSessionException, InvalidKeyException, InvalidRegistrationIdException {
    if (recipients.isEmpty()) {
        Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Empty recipient list!");
        return Collections.emptyList();
    }
    Preconditions.checkArgument(recipients.size() == unidentifiedAccess.size(), "[" + timestamp + "] Unidentified access mismatch!");
    Map<ServiceId, UnidentifiedAccess> accessBySid = new HashMap<>();
    Iterator<SignalServiceAddress> addressIterator = recipients.iterator();
    Iterator<UnidentifiedAccess> accessIterator = unidentifiedAccess.iterator();
    while (addressIterator.hasNext()) {
        accessBySid.put(addressIterator.next().getServiceId(), accessIterator.next());
    }
    for (int i = 0; i < RETRY_COUNT; i++) {
        GroupTargetInfo targetInfo = buildGroupTargetInfo(recipients);
        Set<SignalProtocolAddress> sharedWith = store.getSenderKeySharedWith(distributionId);
        List<SignalServiceAddress> needsSenderKey = targetInfo.destinations.stream().filter(a -> !sharedWith.contains(a)).map(a -> ServiceId.parseOrThrow(a.getName())).distinct().map(SignalServiceAddress::new).collect(Collectors.toList());
        if (needsSenderKey.size() > 0) {
            Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Need to send the distribution message to " + needsSenderKey.size() + " addresses.");
            SenderKeyDistributionMessage message = getOrCreateNewGroupSession(distributionId);
            List<Optional<UnidentifiedAccessPair>> access = needsSenderKey.stream().map(r -> {
                UnidentifiedAccess targetAccess = accessBySid.get(r.getServiceId());
                return Optional.of(new UnidentifiedAccessPair(targetAccess, targetAccess));
            }).collect(Collectors.toList());
            List<SendMessageResult> results = sendSenderKeyDistributionMessage(distributionId, needsSenderKey, access, message, groupId);
            List<SignalServiceAddress> successes = results.stream().filter(SendMessageResult::isSuccess).map(SendMessageResult::getAddress).collect(Collectors.toList());
            Set<String> successSids = successes.stream().map(a -> a.getServiceId().toString()).collect(Collectors.toSet());
            Set<SignalProtocolAddress> successAddresses = targetInfo.destinations.stream().filter(a -> successSids.contains(a.getName())).collect(Collectors.toSet());
            store.markSenderKeySharedWith(distributionId, successAddresses);
            Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Successfully sent sender keys to " + successes.size() + "/" + needsSenderKey.size() + " recipients.");
            int failureCount = results.size() - successes.size();
            if (failureCount > 0) {
                Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Failed to send sender keys to " + failureCount + " recipients. Sending back failed results now.");
                List<SendMessageResult> trueFailures = results.stream().filter(r -> !r.isSuccess()).collect(Collectors.toList());
                Set<ServiceId> failedAddresses = trueFailures.stream().map(result -> result.getAddress().getServiceId()).collect(Collectors.toSet());
                List<SendMessageResult> fakeNetworkFailures = recipients.stream().filter(r -> !failedAddresses.contains(r.getServiceId())).map(SendMessageResult::networkFailure).collect(Collectors.toList());
                List<SendMessageResult> modifiedResults = new LinkedList<>();
                modifiedResults.addAll(trueFailures);
                modifiedResults.addAll(fakeNetworkFailures);
                return modifiedResults;
            } else {
                targetInfo = buildGroupTargetInfo(recipients);
            }
        }
        sendEvents.onSenderKeyShared();
        SignalServiceCipher cipher = new SignalServiceCipher(localAddress, localDeviceId, store, sessionLock, null);
        SenderCertificate senderCertificate = unidentifiedAccess.get(0).getUnidentifiedCertificate();
        byte[] ciphertext;
        try {
            ciphertext = cipher.encryptForGroup(distributionId, targetInfo.destinations, senderCertificate, content.toByteArray(), contentHint, groupId);
        } catch (org.whispersystems.libsignal.UntrustedIdentityException e) {
            throw new UntrustedIdentityException("Untrusted during group encrypt", e.getName(), e.getUntrustedIdentity());
        }
        sendEvents.onMessageEncrypted();
        byte[] joinedUnidentifiedAccess = new byte[16];
        for (UnidentifiedAccess access : unidentifiedAccess) {
            joinedUnidentifiedAccess = ByteArrayUtil.xor(joinedUnidentifiedAccess, access.getUnidentifiedAccessKey());
        }
        try {
            try {
                SendGroupMessageResponse response = new MessagingService.SendResponseProcessor<>(messagingService.sendToGroup(ciphertext, joinedUnidentifiedAccess, timestamp, online).blockingGet()).getResultOrThrow();
                return transformGroupResponseToMessageResults(targetInfo.devices, response, content);
            } catch (InvalidUnidentifiedAccessHeaderException | NotFoundException | GroupMismatchedDevicesException | GroupStaleDevicesException e) {
                // Non-technical failures shouldn't be retried with socket
                throw e;
            } catch (WebSocketUnavailableException e) {
                Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Pipe unavailable, falling back... (" + e.getClass().getSimpleName() + ": " + e.getMessage() + ")");
            } catch (IOException e) {
                Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Pipe failed, falling back... (" + e.getClass().getSimpleName() + ": " + e.getMessage() + ")");
            }
            SendGroupMessageResponse response = socket.sendGroupMessage(ciphertext, joinedUnidentifiedAccess, timestamp, online);
            return transformGroupResponseToMessageResults(targetInfo.devices, response, content);
        } catch (GroupMismatchedDevicesException e) {
            Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Handling mismatched devices. (" + e.getMessage() + ")");
            for (GroupMismatchedDevices mismatched : e.getMismatchedDevices()) {
                SignalServiceAddress address = new SignalServiceAddress(ACI.parseOrThrow(mismatched.getUuid()), Optional.absent());
                handleMismatchedDevices(socket, address, mismatched.getDevices());
            }
        } catch (GroupStaleDevicesException e) {
            Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Handling stale devices. (" + e.getMessage() + ")");
            for (GroupStaleDevices stale : e.getStaleDevices()) {
                SignalServiceAddress address = new SignalServiceAddress(ACI.parseOrThrow(stale.getUuid()), Optional.absent());
                handleStaleDevices(address, stale.getDevices());
            }
        }
        Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Attempt failed (i = " + i + ")");
    }
    throw new IOException("Failed to resolve conflicts after " + RETRY_COUNT + " attempts!");
}