Handle known sender

Podfile

@@ -18,7 +18,6 @@ def shared_pods
   # pod 'HKDFKit', path: '../HKDFKit', testspecs: ["Tests"]
   pod 'Curve25519Kit', git: 'https://github.com/signalapp/Curve25519Kit', testspecs: ["Tests"]
   # pod 'Curve25519Kit', path: '../Curve25519Kit', testspecs: ["Tests"]
-  # TODO: Use public repo.
   pod 'SignalMetadataKit', git: 'https://github.com/signalapp/SignalMetadataKit', testspecs: ["Tests"]
   # pod 'SignalMetadataKit', path: '../SignalMetadataKit', testspecs: ["Tests"]
   pod 'SignalServiceKit', path: '.', testspecs: ["Tests"]

Podfile.lock

@@ -261,7 +261,7 @@ CHECKOUT OPTIONS:
     :commit: b60dc7d58dfc93ca6eafbb3ea5300c6d67ebc69a
     :git: https://github.com/signalapp/SignalCoreKit.git
   SignalMetadataKit:
-    :commit: d6b0186cc5b15019e85c375bce3bf78e7a7fc162
+    :commit: a5473c8d33602775e00253afce78eef01a69260e
     :git: https://github.com/signalapp/SignalMetadataKit
   SocketRocket:
     :commit: 9f9563a83cd8960503074aa8de72206f83fb7a69
@@ -296,6 +296,6 @@ SPEC CHECKSUMS:
   YapDatabase: b418a4baa6906e8028748938f9159807fd039af4
   YYImage: 1e1b62a9997399593e4b9c4ecfbbabbf1d3f3b54
 
-PODFILE CHECKSUM: 820287bc7925d7c20e02a02923976c60b1f5386b
+PODFILE CHECKSUM: 55c6b62a23df23853a2af68917716a56a813c3f0
 
 COCOAPODS: 1.5.3

Pods

@@ -1 +1 @@
-Subproject commit 5821eb8e9fd9f76fbdbedd3402892c185e65c48e
+Subproject commit 37cee04eebbe0ecbf61bd415383be9b1773dccef

SignalServiceKit/src/Messages/OWSMessageDecrypter.m

@@ -37,6 +37,7 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
     if (error) {
         return error;
     }
+    OWSCFailDebug(@"Caller should provide specific error");
     return OWSErrorWithCodeDescription(OWSErrorCodeFailedToDecryptUDMessage, fallbackErrorDescription);
 }
 
@@ -434,89 +435,140 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
     uint32_t localDeviceId = OWSDevicePrimaryDeviceId;
 
     [self.dbConnection asyncReadWriteWithBlock:^(YapDatabaseReadWriteTransaction *transaction) {
-        @try {
+        NSError *cipherError;
-            NSError *error;
+        SMKSecretSessionCipher *_Nullable cipher =
-            SMKSecretSessionCipher *_Nullable cipher =
+            [[SMKSecretSessionCipher alloc] initWithSessionStore:self.primaryStorage
-                [[SMKSecretSessionCipher alloc] initWithSessionStore:self.primaryStorage
+                                                     preKeyStore:self.primaryStorage
-                                                         preKeyStore:self.primaryStorage
+                                               signedPreKeyStore:self.primaryStorage
-                                                   signedPreKeyStore:self.primaryStorage
+                                                   identityStore:self.identityManager
-                                                       identityStore:self.identityManager
+                                                           error:&cipherError];
-                                                               error:&error];
+        if (cipherError || !cipher) {
-            if (error || !cipher) {
+            OWSFailDebug(@"Could not create secret session cipher: %@", cipherError);
-                OWSFailDebug(@"Could not create secret session cipher: %@", error);
+            cipherError = EnsureDecryptError(cipherError, @"Could not create secret session cipher");
-                error = EnsureDecryptError(error, @"Could not create secret session cipher");
+            return failureBlock(cipherError);
+        }
+
+        NSError *decryptError;
+        SMKDecryptResult *_Nullable decryptResult =
+            [cipher throwswrapped_decryptMessageWithCertificateValidator:certificateValidator
+                                                          cipherTextData:encryptedData
+                                                               timestamp:serverTimestamp
+                                                        localRecipientId:localRecipientId
+                                                           localDeviceId:localDeviceId
+                                                         protocolContext:transaction
+                                                                   error:&decryptError];
+
+        if (!decryptResult) {
+            if (!decryptError) {
+                OWSFailDebug(@"Caller should provide specific error");
+                NSError *error = OWSErrorWithCodeDescription(
+                    OWSErrorCodeFailedToDecryptUDMessage, @"Could not decrypt UD message");
                 return failureBlock(error);
             }
 
-            SMKDecryptResult *_Nullable decryptResult =
+            // Decrypt Failure Part 1: Unwrap failure details
-                [cipher throwswrapped_decryptMessageWithCertificateValidator:certificateValidator
-                                                              cipherTextData:encryptedData
-                                                                   timestamp:serverTimestamp
-                                                            localRecipientId:localRecipientId
-                                                               localDeviceId:localDeviceId
-                                                             protocolContext:transaction
-                                                                       error:&error];
-            SCKRaiseIfExceptionWrapperError(error);
-
-            if (error || !decryptResult) {
-                if ([error.domain isEqualToString:@"SignalMetadataKit.SMKSecretSessionCipherError"]
-                    && error.code == SMKSecretSessionCipherErrorSelfSentMessage) {
-                    // Self-sent messages can be safely discarded.
-                    return failureBlock(error);
-                }
 
-                OWSFailDebug(@"Could not decrypt UD message: %@", error);
+            NSError *_Nullable underlyingError;
-                error = EnsureDecryptError(error, @"Could not decrypt UD message");
+            SSKProtoEnvelope *_Nullable identifiedEnvelope;
-                return failureBlock(error);
+
-            }
+            if (![decryptError.domain isEqualToString:@"SignalMetadataKit.SecretSessionKnownSenderError"]) {
+                underlyingError = decryptError;
+                identifiedEnvelope = envelope;
+            } else {
+                underlyingError = decryptError.userInfo[NSUnderlyingErrorKey];
+
+                NSString *senderRecipientId
+                    = decryptError.userInfo[SecretSessionKnownSenderError.kSenderRecipientIdKey];
+                OWSAssert(senderRecipientId);
+
+                NSNumber *senderDeviceId = decryptError.userInfo[SecretSessionKnownSenderError.kSenderDeviceIdKey];
+                OWSAssert(senderDeviceId);
+
+                SSKProtoEnvelopeBuilder *identifiedEnvelopeBuilder = envelope.asBuilder;
+                identifiedEnvelopeBuilder.source = senderRecipientId;
+                identifiedEnvelopeBuilder.sourceDevice = senderDeviceId.unsignedIntValue;
+                NSError *identifiedEnvelopeBuilderError;
 
-            if (decryptResult.messageType == SMKMessageTypePrekey) {
+                identifiedEnvelope = [identifiedEnvelopeBuilder buildAndReturnError:&identifiedEnvelopeBuilderError];
-                [TSPreKeyManager checkPreKeys];
+                if (identifiedEnvelopeBuilderError) {
+                    OWSFailDebug(@"failure identifiedEnvelopeBuilderError: %@", identifiedEnvelopeBuilderError);
+                }
             }
+            OWSAssert(underlyingError);
+            OWSAssert(identifiedEnvelope);
 
-            NSString *source = decryptResult.senderRecipientId;
+            NSException *_Nullable underlyingException;
-            if (source.length < 1 || !source.isValidE164) {
+            if ([underlyingError.domain isEqualToString:SCKExceptionWrapperErrorDomain]
-                NSString *errorDescription = @"Invalid UD sender.";
+                && underlyingError.code == SCKExceptionWrapperErrorThrown) {
-                OWSFailDebug(@"%@", errorDescription);
+
-                NSError *error = OWSErrorWithCodeDescription(OWSErrorCodeFailedToDecryptUDMessage, errorDescription);
+                underlyingException = underlyingError.userInfo[SCKExceptionWrapperUnderlyingExceptionKey];
-                return failureBlock(error);
+                OWSAssert(underlyingException);
             }
 
-            long sourceDeviceId = decryptResult.senderDeviceId;
+            // Decrypt Failure Part 2: Handle unwrapped failure details
-            if (sourceDeviceId < 1 || sourceDeviceId > UINT32_MAX) {
+
-                NSString *errorDescription = @"Invalid UD sender device id.";
+            if (underlyingException) {
-                OWSFailDebug(@"%@", errorDescription);
+                dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
-                NSError *error = OWSErrorWithCodeDescription(OWSErrorCodeFailedToDecryptUDMessage, errorDescription);
+                    [self processException:underlyingException envelope:identifiedEnvelope];
-                return failureBlock(error);
+                    NSString *errorDescription = [NSString
+                        stringWithFormat:@"Exception while decrypting ud message: %@", underlyingException.description];
+                    OWSLogError(@"%@", errorDescription);
+                    NSError *error = OWSErrorWithCodeDescription(OWSErrorCodeFailedToDecryptMessage, errorDescription);
+                    failureBlock(error);
+                });
+                return;
             }
-            NSData *plaintextData = [decryptResult.paddedPayload removePadding];
+
-
+            if ([underlyingError.domain isEqualToString:@"SignalMetadataKit.SMKSecretSessionCipherError"]
-            SSKProtoEnvelopeBuilder *envelopeBuilder = [envelope asBuilder];
+                && underlyingError.code == SMKSecretSessionCipherErrorSelfSentMessage) {
-            [envelopeBuilder setSource:source];
+                // Self-sent messages can be safely discarded.
-            [envelopeBuilder setSourceDevice:(uint32_t)sourceDeviceId];
+                failureBlock(underlyingError);
-            NSData *_Nullable newEnvelopeData = [envelopeBuilder buildSerializedDataAndReturnError:&error];
+                return;
-            if (error || !newEnvelopeData) {
-                OWSFailDebug(@"Could not update UD envelope data: %@", error);
-                error = EnsureDecryptError(error, @"Could not update UD envelope data");
-                return failureBlock(error);
             }
 
-            OWSMessageDecryptResult *result = [OWSMessageDecryptResult resultWithEnvelopeData:newEnvelopeData
+            OWSFailDebug(@"Could not decrypt UD message: %@", underlyingError);
-                                                                                plaintextData:plaintextData
+            failureBlock(underlyingError);
-                                                                                       source:source
+            return;
-                                                                                 sourceDevice:(uint32_t)sourceDeviceId
+        }
-                                                                                  isUDMessage:YES];
+
-            successBlock(result, transaction);
+        if (decryptResult.messageType == SMKMessageTypePrekey) {
-        } @catch (NSException *exception) {
+            [TSPreKeyManager checkPreKeys];
-            dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
+        }
-                [self processException:exception envelope:envelope];
+
-                NSString *errorDescription =
+        NSString *source = decryptResult.senderRecipientId;
-                    [NSString stringWithFormat:@"Exception while decrypting ud message: %@", exception.description];
+        if (source.length < 1 || !source.isValidE164) {
-                OWSLogError(@"%@", errorDescription);
+            NSString *errorDescription = @"Invalid UD sender.";
-                NSError *error = OWSErrorWithCodeDescription(OWSErrorCodeFailedToDecryptMessage, errorDescription);
+            OWSFailDebug(@"%@", errorDescription);
-                failureBlock(error);
+            NSError *error = OWSErrorWithCodeDescription(OWSErrorCodeFailedToDecryptUDMessage, errorDescription);
-            });
+            return failureBlock(error);
         }
+
+        long sourceDeviceId = decryptResult.senderDeviceId;
+        if (sourceDeviceId < 1 || sourceDeviceId > UINT32_MAX) {
+            NSString *errorDescription = @"Invalid UD sender device id.";
+            OWSFailDebug(@"%@", errorDescription);
+            NSError *error = OWSErrorWithCodeDescription(OWSErrorCodeFailedToDecryptUDMessage, errorDescription);
+            return failureBlock(error);
+        }
+        NSData *plaintextData = [decryptResult.paddedPayload removePadding];
+
+        SSKProtoEnvelopeBuilder *envelopeBuilder = [envelope asBuilder];
+        [envelopeBuilder setSource:source];
+        [envelopeBuilder setSourceDevice:(uint32_t)sourceDeviceId];
+        NSError *envelopeBuilderError;
+        NSData *_Nullable newEnvelopeData = [envelopeBuilder buildSerializedDataAndReturnError:&envelopeBuilderError];
+        if (envelopeBuilderError || !newEnvelopeData) {
+            OWSFailDebug(@"Could not update UD envelope data: %@", envelopeBuilderError);
+            NSError *error = EnsureDecryptError(envelopeBuilderError, @"Could not update UD envelope data");
+            return failureBlock(error);
+        }
+
+        OWSMessageDecryptResult *result = [OWSMessageDecryptResult resultWithEnvelopeData:newEnvelopeData
+                                                                            plaintextData:plaintextData
+                                                                                   source:source
+                                                                             sourceDevice:(uint32_t)sourceDeviceId
+                                                                              isUDMessage:YES];
+        successBlock(result, transaction);
     }];
 }