Compare commits
2 Commits
master
...
mkirk/fix-
| Author | SHA1 | Date | |
|---|---|---|---|
|
74973253d9 | ||
|
|
0dea2aac0f |
@ -191,7 +191,8 @@
|
||||
B63B2FE0197D8B9600E09F65 /* Supporting Files */,
|
||||
B6B3E64019FD5B0D0035422D /* Util */,
|
||||
);
|
||||
path = "AxolotlKit Tests";
|
||||
name = "AxolotlKit Tests";
|
||||
path = AxolotlKitTests;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
B63B2FE0197D8B9600E09F65 /* Supporting Files */ = {
|
||||
@ -415,7 +416,7 @@
|
||||
);
|
||||
runOnlyForDeploymentPostprocessing = 0;
|
||||
shellPath = /bin/sh;
|
||||
shellScript = "diff \"${PODS_ROOT}/../Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
|
||||
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
|
||||
showEnvVarsInLog = 0;
|
||||
};
|
||||
F7D1D7822CA76333BE3F65B0 /* [CP] Check Pods Manifest.lock */ = {
|
||||
@ -430,7 +431,7 @@
|
||||
);
|
||||
runOnlyForDeploymentPostprocessing = 0;
|
||||
shellPath = /bin/sh;
|
||||
shellScript = "diff \"${PODS_ROOT}/../Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
|
||||
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
|
||||
showEnvVarsInLog = 0;
|
||||
};
|
||||
/* End PBXShellScriptBuildPhase section */
|
||||
@ -544,12 +545,12 @@
|
||||
"$(DEVELOPER_FRAMEWORKS_DIR)",
|
||||
);
|
||||
GCC_PRECOMPILE_PREFIX_HEADER = YES;
|
||||
GCC_PREFIX_HEADER = "AxolotlKit Tests/AxolotlKit Tests-Prefix.pch";
|
||||
GCC_PREFIX_HEADER = "AxolotlKitTests/AxolotlKit Tests-Prefix.pch";
|
||||
GCC_PREPROCESSOR_DEFINITIONS = (
|
||||
"DEBUG=1",
|
||||
"$(inherited)",
|
||||
);
|
||||
INFOPLIST_FILE = "AxolotlKit Tests/AxolotlKit Tests-Info.plist";
|
||||
INFOPLIST_FILE = "AxolotlKitTests/AxolotlKit Tests-Info.plist";
|
||||
PRODUCT_BUNDLE_IDENTIFIER = "org.whispersystems.${PRODUCT_NAME:rfc1034identifier}";
|
||||
PRODUCT_NAME = "$(TARGET_NAME)";
|
||||
TEST_HOST = "$(BUILT_PRODUCTS_DIR)/AxolotlKit.app/AxolotlKit";
|
||||
@ -569,8 +570,8 @@
|
||||
"$(DEVELOPER_FRAMEWORKS_DIR)",
|
||||
);
|
||||
GCC_PRECOMPILE_PREFIX_HEADER = YES;
|
||||
GCC_PREFIX_HEADER = "AxolotlKit Tests/AxolotlKit Tests-Prefix.pch";
|
||||
INFOPLIST_FILE = "AxolotlKit Tests/AxolotlKit Tests-Info.plist";
|
||||
GCC_PREFIX_HEADER = "AxolotlKitTests/AxolotlKit Tests-Prefix.pch";
|
||||
INFOPLIST_FILE = "AxolotlKitTests/AxolotlKit Tests-Info.plist";
|
||||
PRODUCT_BUNDLE_IDENTIFIER = "org.whispersystems.${PRODUCT_NAME:rfc1034identifier}";
|
||||
PRODUCT_NAME = "$(TARGET_NAME)";
|
||||
TEST_HOST = "$(BUILT_PRODUCTS_DIR)/AxolotlKit.app/AxolotlKit";
|
||||
|
||||
@ -128,7 +128,8 @@ NS_ASSUME_NONNULL_BEGIN
|
||||
|
||||
# pragma mark IdentityKeyStore
|
||||
|
||||
- (ECKeyPair *)identityKeyPair{
|
||||
- (nullable ECKeyPair *)identityKeyPair
|
||||
{
|
||||
return __identityKeyPair;
|
||||
}
|
||||
|
||||
@ -136,18 +137,40 @@ NS_ASSUME_NONNULL_BEGIN
|
||||
return __localRegistrationId;
|
||||
}
|
||||
|
||||
- (void)saveRemoteIdentity:(NSData *)identityKey recipientId:(NSString*)recipientId{
|
||||
- (BOOL)saveRemoteIdentity:(NSData *)identityKey recipientId:(NSString *)recipientId
|
||||
{
|
||||
NSData *existingKey = [self.trustedKeys objectForKey:recipientId];
|
||||
|
||||
if ([existingKey isEqualToData:existingKey]) {
|
||||
return NO;
|
||||
}
|
||||
|
||||
[self.trustedKeys setObject:identityKey forKey:recipientId];
|
||||
return YES;
|
||||
}
|
||||
|
||||
- (BOOL)isTrustedIdentityKey:(NSData *)identityKey recipientId:(NSString*)recipientId{
|
||||
- (BOOL)isTrustedIdentityKey:(NSData *)identityKey
|
||||
recipientId:(NSString *)recipientId
|
||||
direction:(TSMessageDirection)direction
|
||||
{
|
||||
|
||||
NSData *data = [self.trustedKeys objectForKey:recipientId];
|
||||
|
||||
if (data) {
|
||||
return [data isEqualToData:identityKey];
|
||||
if (!data) {
|
||||
// Trust on first use
|
||||
return YES;
|
||||
}
|
||||
|
||||
switch (direction) {
|
||||
case TSMessageDirectionIncoming:
|
||||
return YES;
|
||||
case TSMessageDirectionOutgoing:
|
||||
// In a real implementation you may wish to ensure the use has been properly notified of any
|
||||
// recent identity change before sending outgoing messages.
|
||||
return [data isEqualToData:identityKey];
|
||||
case TSMessageDirectionUnknown:
|
||||
NSAssert(NO, @"unknown message direction");
|
||||
return NO;
|
||||
}
|
||||
|
||||
return YES; // Trust on first use
|
||||
}
|
||||
|
||||
# pragma mark Session Store
|
||||
@ -1,9 +1,5 @@
|
||||
//
|
||||
// SessionBuilder.m
|
||||
// AxolotlKit
|
||||
//
|
||||
// Created by Frederic Jacobs on 22/10/14.
|
||||
// Copyright (c) 2014 Frederic Jacobs. All rights reserved.
|
||||
// Copyright (c) 2017 Open Whisper Systems. All rights reserved.
|
||||
//
|
||||
|
||||
#import <XCTest/XCTest.h>
|
||||
@ -94,51 +90,54 @@
|
||||
- (void)testBasicPreKeyMITM {
|
||||
|
||||
NSString *BOB_RECIPIENT_ID = @"+3828923892";
|
||||
NSString *ALICE_RECIPIENT_ID = @"alice@gmail.com";
|
||||
|
||||
AxolotlInMemoryStore *aliceStore = [AxolotlInMemoryStore new];
|
||||
SessionBuilder *aliceSessionBuilder = [[SessionBuilder alloc] initWithAxolotlStore:aliceStore recipientId:BOB_RECIPIENT_ID deviceId:1];
|
||||
|
||||
AxolotlInMemoryStore *bobStore = [AxolotlInMemoryStore new];
|
||||
ECKeyPair *bobPreKeyPair = [Curve25519 generateKeyPair];
|
||||
ECKeyPair *bobSignedPreKeyPair = [Curve25519 generateKeyPair];
|
||||
NSData *bobSignedPreKeySignature = [Ed25519 sign:bobSignedPreKeyPair.publicKey withKeyPair:bobStore.identityKeyPair];
|
||||
|
||||
PreKeyBundle *bobPreKey = [[PreKeyBundle alloc]initWithRegistrationId:bobStore.localRegistrationId
|
||||
deviceId:1
|
||||
preKeyId:31337
|
||||
preKeyPublic:bobPreKeyPair.publicKey
|
||||
signedPreKeyPublic:bobSignedPreKeyPair.publicKey
|
||||
signedPreKeyId:22
|
||||
signedPreKeySignature:bobSignedPreKeySignature
|
||||
identityKey:bobStore.identityKeyPair.publicKey];
|
||||
|
||||
[aliceSessionBuilder processPrekeyBundle:bobPreKey];
|
||||
|
||||
ECKeyPair *bobIdentityKeyPair1 = [Curve25519 generateKeyPair];
|
||||
ECKeyPair *bobPreKeyPair1 = [Curve25519 generateKeyPair];
|
||||
ECKeyPair *bobSignedPreKeyPair1 = [Curve25519 generateKeyPair];
|
||||
NSData *bobSignedPreKeySignature1 = [Ed25519 sign:bobSignedPreKeyPair1.publicKey withKeyPair:bobIdentityKeyPair1];
|
||||
|
||||
PreKeyBundle *bobPreKey1 = [[PreKeyBundle alloc] initWithRegistrationId:bobStore.localRegistrationId
|
||||
deviceId:1
|
||||
preKeyId:31337
|
||||
preKeyPublic:bobPreKeyPair1.publicKey
|
||||
signedPreKeyPublic:bobSignedPreKeyPair1.publicKey
|
||||
signedPreKeyId:22
|
||||
signedPreKeySignature:bobSignedPreKeySignature1
|
||||
identityKey:bobIdentityKeyPair1.publicKey];
|
||||
|
||||
[aliceSessionBuilder processPrekeyBundle:bobPreKey1];
|
||||
|
||||
XCTAssert([aliceStore containsSession:BOB_RECIPIENT_ID deviceId:1]);
|
||||
XCTAssert([aliceStore loadSession:BOB_RECIPIENT_ID deviceId:1].sessionState.version == 3);
|
||||
|
||||
NSString *originalMessage = @"Freedom is the right to tell people what they do not want to hear.";
|
||||
|
||||
NSString *messageText = @"Freedom is the right to tell people what they do not want to hear.";
|
||||
SessionCipher *aliceSessionCipher = [[SessionCipher alloc] initWithAxolotlStore:aliceStore recipientId:BOB_RECIPIENT_ID deviceId:1];
|
||||
|
||||
WhisperMessage *outgoingMessage = [aliceSessionCipher encryptMessage:[originalMessage dataUsingEncoding:NSUTF8StringEncoding]];
|
||||
|
||||
XCTAssert([outgoingMessage isKindOfClass:[PreKeyWhisperMessage class]], @"Message should be PreKey type");
|
||||
|
||||
PreKeyWhisperMessage *incomingMessage = (PreKeyWhisperMessage*)outgoingMessage;
|
||||
[bobStore storePreKey:31337 preKeyRecord:[[PreKeyRecord alloc] initWithId:bobPreKey.preKeyId keyPair:bobPreKeyPair]];
|
||||
[bobStore storeSignedPreKey:22 signedPreKeyRecord:[[SignedPreKeyRecord alloc] initWithId:22 keyPair:bobSignedPreKeyPair signature:bobSignedPreKeySignature generatedAt:[NSDate date]]];
|
||||
|
||||
SessionCipher *bobSessionCipher = [[SessionCipher alloc] initWithAxolotlStore:bobStore recipientId:ALICE_RECIPIENT_ID deviceId:1];
|
||||
[bobSessionCipher decrypt:incomingMessage];
|
||||
|
||||
XCTAssert([bobStore containsSession:ALICE_RECIPIENT_ID deviceId:1]);
|
||||
XCTAssert([bobStore loadSession:ALICE_RECIPIENT_ID deviceId:1].sessionState.version == 3);
|
||||
XCTAssert([bobStore loadSession:ALICE_RECIPIENT_ID deviceId:1].sessionState.aliceBaseKey != nil);
|
||||
|
||||
incomingMessage.identityKey = [Curve25519 generateKeyPair].publicKey;
|
||||
incomingMessage.baseKey = [Curve25519 generateKeyPair].publicKey;
|
||||
XCTAssertThrowsSpecificNamed([bobSessionCipher decrypt:incomingMessage], NSException, UntrustedIdentityKeyException);
|
||||
|
||||
WhisperMessage *outgoingMessage1 =
|
||||
[aliceSessionCipher encryptMessage:[messageText dataUsingEncoding:NSUTF8StringEncoding]];
|
||||
|
||||
XCTAssert([outgoingMessage1 isKindOfClass:[PreKeyWhisperMessage class]], @"Message should be PreKey type");
|
||||
|
||||
ECKeyPair *bobIdentityKeyPair2 = [Curve25519 generateKeyPair];
|
||||
ECKeyPair *bobPreKeyPair2 = [Curve25519 generateKeyPair];
|
||||
ECKeyPair *bobSignedPreKeyPair2 = [Curve25519 generateKeyPair];
|
||||
NSData *bobSignedPreKeySignature2 = [Ed25519 sign:bobSignedPreKeyPair2.publicKey withKeyPair:bobIdentityKeyPair2];
|
||||
|
||||
PreKeyBundle *bobPreKey2 = [[PreKeyBundle alloc] initWithRegistrationId:bobStore.localRegistrationId
|
||||
deviceId:1
|
||||
preKeyId:31337
|
||||
preKeyPublic:bobPreKeyPair2.publicKey
|
||||
signedPreKeyPublic:bobSignedPreKeyPair2.publicKey
|
||||
signedPreKeyId:22
|
||||
signedPreKeySignature:bobSignedPreKeySignature2
|
||||
identityKey:bobIdentityKeyPair2.publicKey];
|
||||
|
||||
XCTAssertThrowsSpecificNamed(
|
||||
[aliceSessionBuilder processPrekeyBundle:bobPreKey2], NSException, UntrustedIdentityKeyException);
|
||||
}
|
||||
|
||||
|
||||
@ -134,7 +134,10 @@
|
||||
|
||||
[RatchetingSession initializeSession:aliceSessionState sessionVersion:3 AliceParameters:aliceParams];
|
||||
|
||||
[self.aliceStore saveRemoteIdentity:bobIdentityKeyPair.publicKey recipientId:self.bobIdentifier];
|
||||
[self.aliceStore storeSession:self.bobIdentifier deviceId:1 session:aliceSessionRecord];
|
||||
|
||||
[self.bobStore saveRemoteIdentity:aliceIdentityKeyPair.publicKey recipientId:self.aliceIdentifier];
|
||||
[self.bobStore storeSession:self.aliceIdentifier deviceId:1 session:bobSessionRecord];
|
||||
|
||||
XCTAssert([aliceSessionState.remoteIdentityKey isEqualToData:bobSessionState.localIdentityKey]);
|
||||
@ -30,4 +30,4 @@ SPEC CHECKSUMS:
|
||||
|
||||
PODFILE CHECKSUM: 620aef96f4f83d45f76ba8405fc626a76a47f95f
|
||||
|
||||
COCOAPODS: 1.2.0
|
||||
COCOAPODS: 1.2.1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user