Examples with RemoteAttestation org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestation used on opensource projects

Example 1 with RemoteAttestation

use of org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestation in project Signal-Android by WhisperSystems.

the class RemoteAttestationUtil method validateAndBuildRemoteAttestation.

private static RemoteAttestation validateAndBuildRemoteAttestation(RemoteAttestationResponse response, List<String> cookies, KeyStore iasKeyStore, ECKeyPair keyPair, String mrenclave) throws Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException, InvalidKeyException {
    RemoteAttestationKeys keys = new RemoteAttestationKeys(keyPair, response.getServerEphemeralPublic(), response.getServerStaticPublic());
    Quote quote = new Quote(response.getQuote());
    byte[] requestId = RemoteAttestationCipher.getRequestId(keys, response);
    RemoteAttestationCipher.verifyServerQuote(quote, response.getServerStaticPublic(), mrenclave);
    RemoteAttestationCipher.verifyIasSignature(iasKeyStore, response.getCertificates(), response.getSignatureBody(), response.getSignature(), quote);
    return new RemoteAttestation(requestId, keys, cookies);
}

Example 2 with RemoteAttestation

use of org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestation in project Signal-Android by WhisperSystems.

the class RemoteAttestationUtil method getAndVerifyMultiRemoteAttestation.

public static Map<String, RemoteAttestation> getAndVerifyMultiRemoteAttestation(PushServiceSocket socket, PushServiceSocket.ClientSet clientSet, KeyStore iasKeyStore, String enclaveName, String mrenclave, String authorization) throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException, InvalidKeyException {
    ECKeyPair keyPair = buildKeyPair();
    ResponsePair result = makeAttestationRequest(socket, clientSet, authorization, enclaveName, keyPair);
    MultiRemoteAttestationResponse response = JsonUtil.fromJson(result.body, MultiRemoteAttestationResponse.class);
    Map<String, RemoteAttestation> attestations = new HashMap<>();
    if (response.getAttestations().isEmpty() || response.getAttestations().size() > 3) {
        throw new MalformedResponseException("Incorrect number of attestations: " + response.getAttestations().size());
    }
    for (Map.Entry<String, RemoteAttestationResponse> entry : response.getAttestations().entrySet()) {
        attestations.put(entry.getKey(), validateAndBuildRemoteAttestation(entry.getValue(), result.cookies, iasKeyStore, keyPair, mrenclave));
    }
    return attestations;
}

Example 3 with RemoteAttestation

use of org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestation in project libsignal-service-java by signalapp.

the class SignalServiceAccountManager method getRegisteredUsers.

public List<String> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String mrenclave) throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException {
    try {
        String authorization = this.pushServiceSocket.getContactDiscoveryAuthorization();
        Curve25519 curve = Curve25519.getInstance(Curve25519.BEST);
        Curve25519KeyPair keyPair = curve.generateKeyPair();
        ContactDiscoveryCipher cipher = new ContactDiscoveryCipher();
        RemoteAttestationRequest attestationRequest = new RemoteAttestationRequest(keyPair.getPublicKey());
        Pair<RemoteAttestationResponse, List<String>> attestationResponse = this.pushServiceSocket.getContactDiscoveryRemoteAttestation(authorization, attestationRequest, mrenclave);
        RemoteAttestationKeys keys = new RemoteAttestationKeys(keyPair, attestationResponse.first().getServerEphemeralPublic(), attestationResponse.first().getServerStaticPublic());
        Quote quote = new Quote(attestationResponse.first().getQuote());
        byte[] requestId = cipher.getRequestId(keys, attestationResponse.first());
        cipher.verifyServerQuote(quote, attestationResponse.first().getServerStaticPublic(), mrenclave);
        cipher.verifyIasSignature(iasKeyStore, attestationResponse.first().getCertificates(), attestationResponse.first().getSignatureBody(), attestationResponse.first().getSignature(), quote);
        RemoteAttestation remoteAttestation = new RemoteAttestation(requestId, keys);
        List<String> addressBook = new LinkedList<>();
        for (String e164number : e164numbers) {
            addressBook.add(e164number.substring(1));
        }
        DiscoveryRequest request = cipher.createDiscoveryRequest(addressBook, remoteAttestation);
        DiscoveryResponse response = this.pushServiceSocket.getContactDiscoveryRegisteredUsers(authorization, request, attestationResponse.second(), mrenclave);
        byte[] data = cipher.getDiscoveryResponseData(response, remoteAttestation);
        Iterator<String> addressBookIterator = addressBook.iterator();
        List<String> results = new LinkedList<>();
        for (byte aData : data) {
            String candidate = addressBookIterator.next();
            if (aData != 0)
                results.add('+' + candidate);
        }
        return results;
    } catch (InvalidCiphertextException e) {
        throw new UnauthenticatedResponseException(e);
    }
}

Example 4 with RemoteAttestation

use of org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestation in project Signal-Android by WhisperSystems.

the class SignalServiceAccountManager method getRegisteredUsers.

@SuppressWarnings("SameParameterValue")
public Map<String, ACI> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String mrenclave) throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException, InvalidKeyException {
    if (e164numbers.isEmpty()) {
        return Collections.emptyMap();
    }
    try {
        String authorization = this.pushServiceSocket.getContactDiscoveryAuthorization();
        Map<String, RemoteAttestation> attestations = RemoteAttestationUtil.getAndVerifyMultiRemoteAttestation(pushServiceSocket, PushServiceSocket.ClientSet.ContactDiscovery, iasKeyStore, mrenclave, mrenclave, authorization);
        List<String> addressBook = new ArrayList<>(e164numbers.size());
        for (String e164number : e164numbers) {
            addressBook.add(e164number.substring(1));
        }
        List<String> cookies = attestations.values().iterator().next().getCookies();
        DiscoveryRequest request = ContactDiscoveryCipher.createDiscoveryRequest(addressBook, attestations);
        DiscoveryResponse response = this.pushServiceSocket.getContactDiscoveryRegisteredUsers(authorization, request, cookies, mrenclave);
        byte[] data = ContactDiscoveryCipher.getDiscoveryResponseData(response, attestations.values());
        HashMap<String, ACI> results = new HashMap<>(addressBook.size());
        DataInputStream uuidInputStream = new DataInputStream(new ByteArrayInputStream(data));
        for (String candidate : addressBook) {
            long candidateUuidHigh = uuidInputStream.readLong();
            long candidateUuidLow = uuidInputStream.readLong();
            if (candidateUuidHigh != 0 || candidateUuidLow != 0) {
                results.put('+' + candidate, ACI.from(new UUID(candidateUuidHigh, candidateUuidLow)));
            }
        }
        return results;
    } catch (InvalidCiphertextException e) {
        throw new UnauthenticatedResponseException(e);
    }
}

Example 5 with RemoteAttestation

use of org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestation in project Signal-Android by signalapp.

the class SignalServiceAccountManager method getRegisteredUsers.

@SuppressWarnings("SameParameterValue")
public Map<String, ACI> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String mrenclave) throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException, InvalidKeyException {
    if (e164numbers.isEmpty()) {
        return Collections.emptyMap();
    }
    try {
        String authorization = this.pushServiceSocket.getContactDiscoveryAuthorization();
        Map<String, RemoteAttestation> attestations = RemoteAttestationUtil.getAndVerifyMultiRemoteAttestation(pushServiceSocket, PushServiceSocket.ClientSet.ContactDiscovery, iasKeyStore, mrenclave, mrenclave, authorization);
        List<String> addressBook = new ArrayList<>(e164numbers.size());
        for (String e164number : e164numbers) {
            addressBook.add(e164number.substring(1));
        }
        List<String> cookies = attestations.values().iterator().next().getCookies();
        DiscoveryRequest request = ContactDiscoveryCipher.createDiscoveryRequest(addressBook, attestations);
        DiscoveryResponse response = this.pushServiceSocket.getContactDiscoveryRegisteredUsers(authorization, request, cookies, mrenclave);
        byte[] data = ContactDiscoveryCipher.getDiscoveryResponseData(response, attestations.values());
        HashMap<String, ACI> results = new HashMap<>(addressBook.size());
        DataInputStream uuidInputStream = new DataInputStream(new ByteArrayInputStream(data));
        for (String candidate : addressBook) {
            long candidateUuidHigh = uuidInputStream.readLong();
            long candidateUuidLow = uuidInputStream.readLong();
            if (candidateUuidHigh != 0 || candidateUuidLow != 0) {
                results.put('+' + candidate, ACI.from(new UUID(candidateUuidHigh, candidateUuidLow)));
            }
        }
        return results;
    } catch (InvalidCiphertextException e) {
        throw new UnauthenticatedResponseException(e);
    }
}