Signal/Android
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Android.git synced 2025-12-23 12:38:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update handling of unrestricted UD access.

Browse Source
This commit is contained in:
Greyson Parrelli
2021-08-04 10:36:49 -04:00
committed by GitHub
parent c131754874
commit c7551881b8
1 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/src/main/java/org/thoughtcrime/securesms/crypto/UnidentifiedAccessUtil.java
View File

@@ -41,6 +41,8 @@ public class UnidentifiedAccessUtil {
private static final String TAG = Log.tag(UnidentifiedAccessUtil.class); private static final String TAG = Log.tag(UnidentifiedAccessUtil.class);
private static final byte[] UNRESTRICTED_KEY = new byte[16];
public static CertificateValidator getCertificateValidator() { public static CertificateValidator getCertificateValidator() {
try { try {
ECPublicKey unidentifiedSenderTrustRoot = Curve.decodePoint(Base64.decode(BuildConfig.UNIDENTIFIED_SENDER_TRUST_ROOT), 0); ECPublicKey unidentifiedSenderTrustRoot = Curve.decodePoint(Base64.decode(BuildConfig.UNIDENTIFIED_SENDER_TRUST_ROOT), 0);
@@ -86,7 +88,7 @@ public class UnidentifiedAccessUtil {
byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey()); byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) { if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
ourUnidentifiedAccessKey = Util.getSecretBytes(16); ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
} }
List<Optional<UnidentifiedAccessPair>> access = new ArrayList<>(recipients.size()); List<Optional<UnidentifiedAccessPair>> access = new ArrayList<>(recipients.size());
@@ -133,7 +135,7 @@ public class UnidentifiedAccessUtil {
byte[] ourUnidentifiedAccessCertificate = getUnidentifiedAccessCertificate(Recipient.self()); byte[] ourUnidentifiedAccessCertificate = getUnidentifiedAccessCertificate(Recipient.self());
if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) { if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
ourUnidentifiedAccessKey = Util.getSecretBytes(16); ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
} }
if (ourUnidentifiedAccessCertificate != null) { if (ourUnidentifiedAccessCertificate != null) {
@@ -171,15 +173,21 @@ public class UnidentifiedAccessUtil {
switch (recipient.resolve().getUnidentifiedAccessMode()) { switch (recipient.resolve().getUnidentifiedAccessMode()) {
case UNKNOWN: case UNKNOWN:
if (theirProfileKey == null) return Util.getSecretBytes(16); if (theirProfileKey == null) {
else return UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey); return UNRESTRICTED_KEY;
} else {
return UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey);
}
case DISABLED: case DISABLED:
return null; return null;
case ENABLED: case ENABLED:
if (theirProfileKey == null) return null; if (theirProfileKey == null) {
else return UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey); return null;
} else {
return UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey);
}
case UNRESTRICTED: case UNRESTRICTED:
return Util.getSecretBytes(16); return UNRESTRICTED_KEY;
default: default:
throw new AssertionError("Unknown mode: " + recipient.getUnidentifiedAccessMode().getMode()); throw new AssertionError("Unknown mode: " + recipient.getUnidentifiedAccessMode().getMode());
} }