Signal/Android
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Android.git synced 2025-12-20 11:08:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use libsignal to derive access key during group send.

Browse Source
This commit is contained in:
Clark
2023-11-20 20:19:08 -05:00
committed by Cody Henthorne
parent 016736c455
commit 47dd7adf4b
1 changed files with 12 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
app/src/main/java/org/thoughtcrime/securesms/crypto/UnidentifiedAccessUtil.java
View File

@@ -23,18 +23,17 @@ import org.thoughtcrime.securesms.recipients.Recipient;
import org.thoughtcrime.securesms.recipients.RecipientId; import org.thoughtcrime.securesms.recipients.RecipientId;
import org.signal.core.util.Base64; import org.signal.core.util.Base64;
import org.thoughtcrime.securesms.util.TextSecurePreferences; import org.thoughtcrime.securesms.util.TextSecurePreferences;
import org.thoughtcrime.securesms.util.Util;
import org.whispersystems.signalservice.api.crypto.UnidentifiedAccess; import org.whispersystems.signalservice.api.crypto.UnidentifiedAccess;
import org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair; import org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import java.util.stream.Collectors;
public class UnidentifiedAccessUtil { public class UnidentifiedAccessUtil {
@@ -84,37 +83,35 @@ public class UnidentifiedAccessUtil {
@WorkerThread @WorkerThread
public static List<Optional<UnidentifiedAccessPair>> getAccessFor(@NonNull Context context, @NonNull List<Recipient> recipients, boolean isForStory, boolean log) { public static List<Optional<UnidentifiedAccessPair>> getAccessFor(@NonNull Context context, @NonNull List<Recipient> recipients, boolean isForStory, boolean log) {
byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey()); final byte[] ourUnidentifiedAccessKey;
if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) { if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
ourUnidentifiedAccessKey = UNRESTRICTED_KEY; ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
} else {
ourUnidentifiedAccessKey = ProfileKeyUtil.getSelfProfileKey().deriveAccessKey();
} }
List<Optional<UnidentifiedAccessPair>> access = new ArrayList<>(recipients.size());
CertificateType certificateType = getUnidentifiedAccessCertificateType(); CertificateType certificateType = getUnidentifiedAccessCertificateType();
byte[] ourUnidentifiedAccessCertificate = SignalStore.certificateValues().getUnidentifiedAccessCertificate(certificateType); byte[] ourUnidentifiedAccessCertificate = SignalStore.certificateValues().getUnidentifiedAccessCertificate(certificateType);
for (Recipient recipient : recipients) { List<Optional<UnidentifiedAccessPair>> access = recipients.parallelStream().map(recipient -> {
UnidentifiedAccessPair unidentifiedAccessPair = null;
if (ourUnidentifiedAccessCertificate != null) { if (ourUnidentifiedAccessCertificate != null) {
try { try {
UnidentifiedAccess theirAccess = getTargetUnidentifiedAccess(recipient, ourUnidentifiedAccessCertificate, isForStory); UnidentifiedAccess theirAccess = getTargetUnidentifiedAccess(recipient, ourUnidentifiedAccessCertificate, isForStory);
UnidentifiedAccess ourAccess = new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate, false); UnidentifiedAccess ourAccess = new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate, false);
if (theirAccess != null) { if (theirAccess != null) {
access.add(Optional.of(new UnidentifiedAccessPair(theirAccess, ourAccess))); unidentifiedAccessPair = new UnidentifiedAccessPair(theirAccess, ourAccess);
} else {
access.add(Optional.empty());
} }
} catch (InvalidCertificateException e) { } catch (InvalidCertificateException e) {
Log.w(TAG, "Invalid unidentified access certificate!", e); Log.w(TAG, "Invalid unidentified access certificate!", e);
access.add(Optional.empty());
} }
} else { } else {
Log.w(TAG, "Missing unidentified access certificate!"); Log.w(TAG, "Missing unidentified access certificate!");
access.add(Optional.empty());
}
} }
return Optional.ofNullable(unidentifiedAccessPair);
}).collect(Collectors.toList());
int unidentifiedCount = Stream.of(access).filter(Optional::isPresent).toList().size(); int unidentifiedCount = Stream.of(access).filter(Optional::isPresent).toList().size();
int otherCount = access.size() - unidentifiedCount; int otherCount = access.size() - unidentifiedCount;
@@ -178,7 +175,7 @@ public class UnidentifiedAccessUtil {
accessKey = UNRESTRICTED_KEY; accessKey = UNRESTRICTED_KEY;
} }
} else { } else {
accessKey = UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey); accessKey = theirProfileKey.deriveAccessKey();
} }
break; break;
case DISABLED: case DISABLED:
@@ -188,7 +185,7 @@ public class UnidentifiedAccessUtil {
if (theirProfileKey == null) { if (theirProfileKey == null) {
accessKey = null; accessKey = null;
} else { } else {
accessKey = UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey); accessKey = theirProfileKey.deriveAccessKey();
} }
break; break;
case UNRESTRICTED: case UNRESTRICTED: