From ed25f4748d7e70defbf45b2561f73c4895602618 Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Wed, 19 Dec 2018 15:22:23 -0500 Subject: [PATCH] Deprecate 'signaling key'. --- SignalServiceKit/src/Account/TSAccountManager.m | 1 - .../src/Network/API/Requests/OWSRequestFactory.h | 1 - .../src/Network/API/Requests/OWSRequestFactory.m | 13 +++---------- .../src/Network/WebSockets/OWSWebSocket.m | 13 ++++++++++--- 4 files changed, 13 insertions(+), 15 deletions(-) diff --git a/SignalServiceKit/src/Account/TSAccountManager.m b/SignalServiceKit/src/Account/TSAccountManager.m index 21798c5b3..66e0870de 100644 --- a/SignalServiceKit/src/Account/TSAccountManager.m +++ b/SignalServiceKit/src/Account/TSAccountManager.m @@ -389,7 +389,6 @@ NSString *const TSAccountManager_NeedsAccountAttributesUpdateKey = @"TSAccountMa TSRequest *request = [OWSRequestFactory verifyCodeRequestWithVerificationCode:verificationCode forNumber:phoneNumber pin:pin - signalingKey:signalingKey authKey:authToken]; [self.networkManager makeRequest:request diff --git a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h index 490403435..b7ef07a7c 100644 --- a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h +++ b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h @@ -66,7 +66,6 @@ typedef NS_ENUM(NSUInteger, TSVerificationTransport) { TSVerificationTransportVo + (TSRequest *)verifyCodeRequestWithVerificationCode:(NSString *)verificationCode forNumber:(NSString *)phoneNumber pin:(nullable NSString *)pin - signalingKey:(NSString *)signalingKey authKey:(NSString *)authKey; #pragma mark - Prekeys diff --git a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m index bcca8bdeb..bc2e4b6ae 100644 --- a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m +++ b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m @@ -219,14 +219,11 @@ NS_ASSUME_NONNULL_BEGIN { NSString *path = [textSecureAccountsAPI stringByAppendingString:textSecureAttributesAPI]; - NSString *signalingKey = self.tsAccountManager.signalingKey; - OWSAssertDebug(signalingKey.length > 0); NSString *authKey = self.tsAccountManager.serverAuthToken; OWSAssertDebug(authKey.length > 0); NSString *_Nullable pin = [self.ows2FAManager pinCode]; - NSDictionary *accountAttributes = - [self accountAttributesWithPin:pin signalingKey:signalingKey authKey:authKey]; + NSDictionary *accountAttributes = [self accountAttributesWithPin:pin authKey:authKey]; return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"PUT" parameters:accountAttributes]; } @@ -293,18 +290,16 @@ NS_ASSUME_NONNULL_BEGIN + (TSRequest *)verifyCodeRequestWithVerificationCode:(NSString *)verificationCode forNumber:(NSString *)phoneNumber pin:(nullable NSString *)pin - signalingKey:(NSString *)signalingKey authKey:(NSString *)authKey { OWSAssertDebug(verificationCode.length > 0); OWSAssertDebug(phoneNumber.length > 0); - OWSAssertDebug(signalingKey.length > 0); OWSAssertDebug(authKey.length > 0); NSString *path = [NSString stringWithFormat:@"%@/code/%@", textSecureAccountsAPI, verificationCode]; NSMutableDictionary *accountAttributes = - [[self accountAttributesWithPin:pin signalingKey:signalingKey authKey:authKey] mutableCopy]; + [[self accountAttributesWithPin:pin authKey:authKey] mutableCopy]; [accountAttributes removeObjectForKey:@"AuthKey"]; TSRequest *request = @@ -316,10 +311,8 @@ NS_ASSUME_NONNULL_BEGIN } + (NSDictionary *)accountAttributesWithPin:(nullable NSString *)pin - signalingKey:(NSString *)signalingKey authKey:(NSString *)authKey { - OWSAssertDebug(signalingKey.length > 0); OWSAssertDebug(authKey.length > 0); uint32_t registrationId = [self.tsAccountManager getOrGenerateRegistrationId]; @@ -334,8 +327,8 @@ NS_ASSUME_NONNULL_BEGIN } BOOL allowUnrestrictedUD = [self.udManager shouldAllowUnrestrictedAccessLocal] && udAccessKey != nil; + // We no longer include the signalingKey. NSMutableDictionary *accountAttributes = [@{ - @"signalingKey" : signalingKey, @"AuthKey" : authKey, @"voice" : @(YES), // all Signal-iOS clients support voice @"video" : @(YES), // all Signal-iOS clients support WebRTC-based voice and video calls. diff --git a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m index 873e89066..193d2d3ca 100644 --- a/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m +++ b/SignalServiceKit/src/Network/WebSockets/OWSWebSocket.m @@ -770,9 +770,16 @@ NSString *const kNSNotification_OWSWebSocketStateDidChange = @"kNSNotification_O dispatch_async(self.serialQueue, ^{ BOOL success = NO; @try { - NSData *_Nullable decryptedPayload = - [Cryptography decryptAppleMessagePayload:message.body - withSignalingKey:TSAccountManager.signalingKey]; + BOOL useSignalingKey = [message.headers containsObject:@"X-Signal-Key: true"]; + NSData *_Nullable decryptedPayload; + if (useSignalingKey) { + decryptedPayload = [Cryptography decryptAppleMessagePayload:message.body + withSignalingKey:TSAccountManager.signalingKey]; + } else { + OWSAssertDebug([message.headers containsObject:@"X-Signal-Key: false"]); + + decryptedPayload = message.body; + } if (!decryptedPayload) { OWSLogWarn(@"Failed to decrypt incoming payload or bad HMAC");