From 74973253d9ded0227eaf846dfecbaaf2df68568d Mon Sep 17 00:00:00 2001 From: Michael Kirk Date: Sat, 3 Jun 2017 16:50:31 -0700 Subject: [PATCH] Fix tests // FREEBIE --- AxolotlKit.xcodeproj/project.pbxproj | 4 +- AxolotlKitTests/AxolotlInMemoryStore.m | 39 +++++++++--- AxolotlKitTests/SessionBuilderTests.m | 83 +++++++++++++------------- AxolotlKitTests/SessionCipherTest.m | 3 + Podfile.lock | 2 +- 5 files changed, 78 insertions(+), 53 deletions(-) diff --git a/AxolotlKit.xcodeproj/project.pbxproj b/AxolotlKit.xcodeproj/project.pbxproj index 474ee39..2194080 100644 --- a/AxolotlKit.xcodeproj/project.pbxproj +++ b/AxolotlKit.xcodeproj/project.pbxproj @@ -416,7 +416,7 @@ ); runOnlyForDeploymentPostprocessing = 0; shellPath = /bin/sh; - shellScript = "diff \"${PODS_ROOT}/../Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n"; + shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n"; showEnvVarsInLog = 0; }; F7D1D7822CA76333BE3F65B0 /* [CP] Check Pods Manifest.lock */ = { @@ -431,7 +431,7 @@ ); runOnlyForDeploymentPostprocessing = 0; shellPath = /bin/sh; - shellScript = "diff \"${PODS_ROOT}/../Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n"; + shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n"; showEnvVarsInLog = 0; }; /* End PBXShellScriptBuildPhase section */ diff --git a/AxolotlKitTests/AxolotlInMemoryStore.m b/AxolotlKitTests/AxolotlInMemoryStore.m index 2abca82..a0765d6 100644 --- a/AxolotlKitTests/AxolotlInMemoryStore.m +++ b/AxolotlKitTests/AxolotlInMemoryStore.m @@ -128,7 +128,8 @@ NS_ASSUME_NONNULL_BEGIN # pragma mark IdentityKeyStore -- (ECKeyPair *)identityKeyPair{ +- (nullable ECKeyPair *)identityKeyPair +{ return __identityKeyPair; } @@ -136,18 +137,40 @@ NS_ASSUME_NONNULL_BEGIN return __localRegistrationId; } -- (void)saveRemoteIdentity:(NSData *)identityKey recipientId:(NSString*)recipientId{ +- (BOOL)saveRemoteIdentity:(NSData *)identityKey recipientId:(NSString *)recipientId +{ + NSData *existingKey = [self.trustedKeys objectForKey:recipientId]; + + if ([existingKey isEqualToData:existingKey]) { + return NO; + } + [self.trustedKeys setObject:identityKey forKey:recipientId]; + return YES; } -- (BOOL)isTrustedIdentityKey:(NSData *)identityKey recipientId:(NSString*)recipientId{ +- (BOOL)isTrustedIdentityKey:(NSData *)identityKey + recipientId:(NSString *)recipientId + direction:(TSMessageDirection)direction +{ + NSData *data = [self.trustedKeys objectForKey:recipientId]; - - if (data) { - return [data isEqualToData:identityKey]; + if (!data) { + // Trust on first use + return YES; + } + + switch (direction) { + case TSMessageDirectionIncoming: + return YES; + case TSMessageDirectionOutgoing: + // In a real implementation you may wish to ensure the use has been properly notified of any + // recent identity change before sending outgoing messages. + return [data isEqualToData:identityKey]; + case TSMessageDirectionUnknown: + NSAssert(NO, @"unknown message direction"); + return NO; } - - return YES; // Trust on first use } # pragma mark Session Store diff --git a/AxolotlKitTests/SessionBuilderTests.m b/AxolotlKitTests/SessionBuilderTests.m index 094b95a..72608bd 100644 --- a/AxolotlKitTests/SessionBuilderTests.m +++ b/AxolotlKitTests/SessionBuilderTests.m @@ -1,9 +1,5 @@ // -// SessionBuilder.m -// AxolotlKit -// -// Created by Frederic Jacobs on 22/10/14. -// Copyright (c) 2014 Frederic Jacobs. All rights reserved. +// Copyright (c) 2017 Open Whisper Systems. All rights reserved. // #import @@ -94,51 +90,54 @@ - (void)testBasicPreKeyMITM { NSString *BOB_RECIPIENT_ID = @"+3828923892"; - NSString *ALICE_RECIPIENT_ID = @"alice@gmail.com"; AxolotlInMemoryStore *aliceStore = [AxolotlInMemoryStore new]; SessionBuilder *aliceSessionBuilder = [[SessionBuilder alloc] initWithAxolotlStore:aliceStore recipientId:BOB_RECIPIENT_ID deviceId:1]; AxolotlInMemoryStore *bobStore = [AxolotlInMemoryStore new]; - ECKeyPair *bobPreKeyPair = [Curve25519 generateKeyPair]; - ECKeyPair *bobSignedPreKeyPair = [Curve25519 generateKeyPair]; - NSData *bobSignedPreKeySignature = [Ed25519 sign:bobSignedPreKeyPair.publicKey withKeyPair:bobStore.identityKeyPair]; - - PreKeyBundle *bobPreKey = [[PreKeyBundle alloc]initWithRegistrationId:bobStore.localRegistrationId - deviceId:1 - preKeyId:31337 - preKeyPublic:bobPreKeyPair.publicKey - signedPreKeyPublic:bobSignedPreKeyPair.publicKey - signedPreKeyId:22 - signedPreKeySignature:bobSignedPreKeySignature - identityKey:bobStore.identityKeyPair.publicKey]; - - [aliceSessionBuilder processPrekeyBundle:bobPreKey]; - + ECKeyPair *bobIdentityKeyPair1 = [Curve25519 generateKeyPair]; + ECKeyPair *bobPreKeyPair1 = [Curve25519 generateKeyPair]; + ECKeyPair *bobSignedPreKeyPair1 = [Curve25519 generateKeyPair]; + NSData *bobSignedPreKeySignature1 = [Ed25519 sign:bobSignedPreKeyPair1.publicKey withKeyPair:bobIdentityKeyPair1]; + + PreKeyBundle *bobPreKey1 = [[PreKeyBundle alloc] initWithRegistrationId:bobStore.localRegistrationId + deviceId:1 + preKeyId:31337 + preKeyPublic:bobPreKeyPair1.publicKey + signedPreKeyPublic:bobSignedPreKeyPair1.publicKey + signedPreKeyId:22 + signedPreKeySignature:bobSignedPreKeySignature1 + identityKey:bobIdentityKeyPair1.publicKey]; + + [aliceSessionBuilder processPrekeyBundle:bobPreKey1]; + XCTAssert([aliceStore containsSession:BOB_RECIPIENT_ID deviceId:1]); XCTAssert([aliceStore loadSession:BOB_RECIPIENT_ID deviceId:1].sessionState.version == 3); - - NSString *originalMessage = @"Freedom is the right to tell people what they do not want to hear."; + + NSString *messageText = @"Freedom is the right to tell people what they do not want to hear."; SessionCipher *aliceSessionCipher = [[SessionCipher alloc] initWithAxolotlStore:aliceStore recipientId:BOB_RECIPIENT_ID deviceId:1]; - - WhisperMessage *outgoingMessage = [aliceSessionCipher encryptMessage:[originalMessage dataUsingEncoding:NSUTF8StringEncoding]]; - - XCTAssert([outgoingMessage isKindOfClass:[PreKeyWhisperMessage class]], @"Message should be PreKey type"); - - PreKeyWhisperMessage *incomingMessage = (PreKeyWhisperMessage*)outgoingMessage; - [bobStore storePreKey:31337 preKeyRecord:[[PreKeyRecord alloc] initWithId:bobPreKey.preKeyId keyPair:bobPreKeyPair]]; - [bobStore storeSignedPreKey:22 signedPreKeyRecord:[[SignedPreKeyRecord alloc] initWithId:22 keyPair:bobSignedPreKeyPair signature:bobSignedPreKeySignature generatedAt:[NSDate date]]]; - - SessionCipher *bobSessionCipher = [[SessionCipher alloc] initWithAxolotlStore:bobStore recipientId:ALICE_RECIPIENT_ID deviceId:1]; - [bobSessionCipher decrypt:incomingMessage]; - - XCTAssert([bobStore containsSession:ALICE_RECIPIENT_ID deviceId:1]); - XCTAssert([bobStore loadSession:ALICE_RECIPIENT_ID deviceId:1].sessionState.version == 3); - XCTAssert([bobStore loadSession:ALICE_RECIPIENT_ID deviceId:1].sessionState.aliceBaseKey != nil); - - incomingMessage.identityKey = [Curve25519 generateKeyPair].publicKey; - incomingMessage.baseKey = [Curve25519 generateKeyPair].publicKey; - XCTAssertThrowsSpecificNamed([bobSessionCipher decrypt:incomingMessage], NSException, UntrustedIdentityKeyException); + + WhisperMessage *outgoingMessage1 = + [aliceSessionCipher encryptMessage:[messageText dataUsingEncoding:NSUTF8StringEncoding]]; + + XCTAssert([outgoingMessage1 isKindOfClass:[PreKeyWhisperMessage class]], @"Message should be PreKey type"); + + ECKeyPair *bobIdentityKeyPair2 = [Curve25519 generateKeyPair]; + ECKeyPair *bobPreKeyPair2 = [Curve25519 generateKeyPair]; + ECKeyPair *bobSignedPreKeyPair2 = [Curve25519 generateKeyPair]; + NSData *bobSignedPreKeySignature2 = [Ed25519 sign:bobSignedPreKeyPair2.publicKey withKeyPair:bobIdentityKeyPair2]; + + PreKeyBundle *bobPreKey2 = [[PreKeyBundle alloc] initWithRegistrationId:bobStore.localRegistrationId + deviceId:1 + preKeyId:31337 + preKeyPublic:bobPreKeyPair2.publicKey + signedPreKeyPublic:bobSignedPreKeyPair2.publicKey + signedPreKeyId:22 + signedPreKeySignature:bobSignedPreKeySignature2 + identityKey:bobIdentityKeyPair2.publicKey]; + + XCTAssertThrowsSpecificNamed( + [aliceSessionBuilder processPrekeyBundle:bobPreKey2], NSException, UntrustedIdentityKeyException); } diff --git a/AxolotlKitTests/SessionCipherTest.m b/AxolotlKitTests/SessionCipherTest.m index a8a7d25..40e8a36 100644 --- a/AxolotlKitTests/SessionCipherTest.m +++ b/AxolotlKitTests/SessionCipherTest.m @@ -134,7 +134,10 @@ [RatchetingSession initializeSession:aliceSessionState sessionVersion:3 AliceParameters:aliceParams]; + [self.aliceStore saveRemoteIdentity:bobIdentityKeyPair.publicKey recipientId:self.bobIdentifier]; [self.aliceStore storeSession:self.bobIdentifier deviceId:1 session:aliceSessionRecord]; + + [self.bobStore saveRemoteIdentity:aliceIdentityKeyPair.publicKey recipientId:self.aliceIdentifier]; [self.bobStore storeSession:self.aliceIdentifier deviceId:1 session:bobSessionRecord]; XCTAssert([aliceSessionState.remoteIdentityKey isEqualToData:bobSessionState.localIdentityKey]); diff --git a/Podfile.lock b/Podfile.lock index b56eec3..183b235 100644 --- a/Podfile.lock +++ b/Podfile.lock @@ -30,4 +30,4 @@ SPEC CHECKSUMS: PODFILE CHECKSUM: 620aef96f4f83d45f76ba8405fc626a76a47f95f -COCOAPODS: 1.2.0 +COCOAPODS: 1.2.1