diff --git a/dist/libsignal-protocol.js b/dist/libsignal-protocol.js index c4f16d5..4c87815 100644 --- a/dist/libsignal-protocol.js +++ b/dist/libsignal-protocol.js @@ -36129,10 +36129,24 @@ SessionCipher.prototype = { result.set(new Uint8Array(encodedMsg), 1); result.set(new Uint8Array(mac, 0, 8), encodedMsg.byteLength + 1); - record.updateSessionState(session); - return this.storage.storeSession(address, record.serialize()).then(function() { - return result; - }); + return this.storage.isTrustedIdentity( + this.remoteAddress.getName(), util.toArrayBuffer(session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING + ).then(function(trusted) { + if (!trusted) { + throw new Error('Identity key changed'); + } + }).then(function() { + return this.storage.saveIdentity(this.remoteAddress.getName(), session.indexInfo.remoteIdentityKey).then(function(changed) { + if (changed) { + return record.removePreviousSessions(); + } + }); + }.bind(this)).then(function() { + record.updateSessionState(session); + return this.storage.storeSession(address, record.serialize()).then(function() { + return result; + }); + }.bind(this)); }.bind(this)); }.bind(this)); }.bind(this)).then(function(message) { @@ -36200,10 +36214,25 @@ SessionCipher.prototype = { record.archiveCurrentState(); record.promoteState(result.session); } - record.updateSessionState(result.session); - return this.storage.storeSession(address, record.serialize()).then(function() { - return result.plaintext; - }); + + return this.storage.isTrustedIdentity( + this.remoteAddress.getName(), util.toArrayBuffer(result.session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING + ).then(function(trusted) { + if (!trusted) { + throw new Error('Identity key changed'); + } + }).then(function() { + return this.storage.saveIdentity(this.remoteAddress.getName(), result.session.indexInfo.remoteIdentityKey).then(function(changed) { + if (changed) { + return record.removePreviousSessions(); + } + }); + }.bind(this)).then(function() { + record.updateSessionState(result.session); + return this.storage.storeSession(address, record.serialize()).then(function() { + return result.plaintext; + }); + }.bind(this)); }.bind(this)); }.bind(this)); }.bind(this)); @@ -36228,6 +36257,7 @@ SessionCipher.prototype = { ); } var builder = new SessionBuilder(this.storage, this.remoteAddress); + // isTrustedIdentity is called within processV3, no need to call it here return builder.processV3(record, preKeyProto).then(function(preKeyId) { var session = record.getSessionByBaseKey(preKeyProto.baseKey); return this.doDecryptWhisperMessage( diff --git a/src/SessionCipher.js b/src/SessionCipher.js index 4d9659a..1420da8 100644 --- a/src/SessionCipher.js +++ b/src/SessionCipher.js @@ -76,10 +76,24 @@ SessionCipher.prototype = { result.set(new Uint8Array(encodedMsg), 1); result.set(new Uint8Array(mac, 0, 8), encodedMsg.byteLength + 1); - record.updateSessionState(session); - return this.storage.storeSession(address, record.serialize()).then(function() { - return result; - }); + return this.storage.isTrustedIdentity( + this.remoteAddress.getName(), util.toArrayBuffer(session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING + ).then(function(trusted) { + if (!trusted) { + throw new Error('Identity key changed'); + } + }).then(function() { + return this.storage.saveIdentity(this.remoteAddress.getName(), session.indexInfo.remoteIdentityKey).then(function(changed) { + if (changed) { + return record.removePreviousSessions(); + } + }); + }.bind(this)).then(function() { + record.updateSessionState(session); + return this.storage.storeSession(address, record.serialize()).then(function() { + return result; + }); + }.bind(this)); }.bind(this)); }.bind(this)); }.bind(this)).then(function(message) { @@ -147,10 +161,25 @@ SessionCipher.prototype = { record.archiveCurrentState(); record.promoteState(result.session); } - record.updateSessionState(result.session); - return this.storage.storeSession(address, record.serialize()).then(function() { - return result.plaintext; - }); + + return this.storage.isTrustedIdentity( + this.remoteAddress.getName(), util.toArrayBuffer(result.session.indexInfo.remoteIdentityKey), this.storage.Direction.SENDING + ).then(function(trusted) { + if (!trusted) { + throw new Error('Identity key changed'); + } + }).then(function() { + return this.storage.saveIdentity(this.remoteAddress.getName(), result.session.indexInfo.remoteIdentityKey).then(function(changed) { + if (changed) { + return record.removePreviousSessions(); + } + }); + }.bind(this)).then(function() { + record.updateSessionState(result.session); + return this.storage.storeSession(address, record.serialize()).then(function() { + return result.plaintext; + }); + }.bind(this)); }.bind(this)); }.bind(this)); }.bind(this)); @@ -175,6 +204,7 @@ SessionCipher.prototype = { ); } var builder = new SessionBuilder(this.storage, this.remoteAddress); + // isTrustedIdentity is called within processV3, no need to call it here return builder.processV3(record, preKeyProto).then(function(preKeyId) { var session = record.getSessionByBaseKey(preKeyProto.baseKey); return this.doDecryptWhisperMessage(