Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement device name encryption and decryption #119

Merged
merged 3 commits into from
Aug 16, 2022
Merged

Implement device name encryption and decryption #119

merged 3 commits into from
Aug 16, 2022

Conversation

gferon
Copy link
Collaborator

@gferon gferon commented Jan 9, 2022
edited
Loading

This was introduced in Signal-Desktop a few months ago. I'll implement encryption and decryption. In the meantime to make sure people can properly register their devices, we should stop passing a value to the name field.

TODO:

  • Use websocket to call the provisioning API

Resolves #124

@rubdos
Copy link
Member

rubdos commented Jan 18, 2022

Just leaving a note: there's still a merge commit in here that you should easily be able to rebase away :-)

@gferon
Copy link
Collaborator Author

gferon commented Jan 18, 2022

Just leaving a note: there's still a merge commit in here that you should easily be able to rebase away :-)

Yeah, it's just me being 😴 I'll push force the branch with the final result anyways.

FYI: It doesn't work at all 😂

@rubdos
Copy link
Member

rubdos commented Jan 18, 2022

FYI: It doesn't work at all joy

If you need a second set of eyes on something, let me know.

@gferon
Copy link
Collaborator Author

gferon commented Jan 18, 2022
edited
Loading

I'll probably ping you tomorrow on the chat, I really can't figure it out - the crypto is sound, I have tested with both a round-trip test and decrypting some data obtained in Signal-Desktop. I bet there's something new with the way devices are confirmed/registered that triggers some a new server-side behavior.

EDIT: I believe it could be because this request is send over the websocket 😢

@gferon gferon force-pushed the encrypt-device-name branch from 415f76d to 295c67c Compare January 18, 2022 22:56
@nanu-c
Copy link
Contributor

nanu-c commented Feb 21, 2022

We do this in go like this:
https://github.com/signal-golang/textsecure/blob/7c6683023299e857a9fd8d47532031cdeeb9d90e/profiles/profile.go#L94

@gferon gferon mentioned this pull request Mar 9, 2022
Open
@Schmiddiii
Copy link
Contributor

I don't know what the current state of this PR is (or if it is even worked on currently), but I would find that feature really useful.
I rebased this MR against the current master here and made small changes to presage here and it seems to work when linking as a secondary device (the resulting device name on the official Signal application is "Hello World 2"). Is there anything major blocking this PR (apart from the many remaining clippy warning, debug statements, ...) that I just don't see?

@gferon gferon force-pushed the encrypt-device-name branch from 295c67c to 5109b7b Compare August 14, 2022 11:11
@gferon gferon marked this pull request as ready for review August 14, 2022 11:16
@gferon gferon changed the title WIP: Implement device name encryption and decryption Implement device name encryption and decryption Aug 14, 2022
@gferon
Copy link
Collaborator Author

gferon commented Aug 14, 2022
edited
Loading

Thanks a lot for digging this out @Schmiddiii I'm happy it works, I believe it didn't work before because it required the updates done as part of #145. I updated the PR and intend to merge it ASAP.

@gferon gferon requested a review from rubdos August 14, 2022 11:22
rubdos
rubdos approved these changes Aug 16, 2022
View reviewed changes
Copy link
Member

@rubdos rubdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, as long as you or @Schmiddiii say it works. One suggestion in line for a KAT.

libsignal-service/src/account_manager.rs Show resolved Hide resolved
@gferon gferon merged commit 4876e95 into master Aug 16, 2022
@gferon gferon deleted the encrypt-device-name branch August 16, 2022 08:07
@Schmiddiii
Copy link
Contributor

Schmiddiii commented Aug 17, 2022
edited
Loading

Sadly, it does not seem to work completly. I was just trying to port this to presage again, it works fine if the config store is already set up correctly, but when deleting the config store and trying again, it fails and I get a 409.

As far as I interpret the logs, it does not correctly get the other devices to sent the account attributes to. Here are the logs.

Failed 
[2022-08-17T08:42:23Z DEBUG libsignal_service_hyper::push_service] HTTP request PUT https://chat.signal.org/v1/accounts/attributes/
[2022-08-17T08:42:23Z INFO  presage::config::sled] get_sub_device_sessions: session_prefix=session-CENSORED.
{
  "destination": "CENSORED",
  "timestamp": 1660725743549,
  "messages": [],
  "online": false
}
[2022-08-17T08:42:23Z DEBUG libsignal_service_hyper::push_service] HTTP request PUT https://chat.signal.org/v1/messages/CENSORED
Object({
    "extraDevices": Array([]),
    "missingDevices": Array([
        Number(
            1,
        ),
        Number(
            2,
        ),
        Number(
            3,
        ),
        Number(
            4,
        ),
        Number(
            5,
        ),
    ]),
})
[2022-08-17T08:42:23Z ERROR libsignal_service_hyper::push_service] Failed to decode HTTP 409 response: Error decoding JSON response: EOF while parsing a value at line 1 column 0
Successfull 

[2022-08-17T08:35:22Z DEBUG libsignal_service_hyper::push_service] HTTP request PUT https://chat.signal.org/v1/accounts/attributes/
[2022-08-17T08:35:22Z INFO  presage::config::sled] get_sub_device_sessions: session_prefix=session-CENSORED.
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] sending message to device 1
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.1
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.1
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.1
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] encrypting message for ProtocolAddress { name: "CENSORED", device_id: 1 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.1
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.1
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.1
[2022-08-17T08:35:22Z TRACE presage::config::sled] get identity-remote-CENSORED.1
[2022-08-17T08:35:22Z WARN  presage::config::sled] trusting new identity ProtocolAddress { name: "CENSORED", device_id: 1 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] saving identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] inserting identity-remote-CENSORED.1
[2022-08-17T08:35:22Z TRACE presage::config::sled] saved identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] storing session for ProtocolAddress { name: "CENSORED.1"
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] sending message to device 2
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.2
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.2
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.2
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] encrypting message for ProtocolAddress { name: "CENSORED", device_id: 2 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.2
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.2
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.2
[2022-08-17T08:35:22Z TRACE presage::config::sled] get identity-remote-CENSORED.2
[2022-08-17T08:35:22Z WARN  presage::config::sled] trusting new identity ProtocolAddress { name: "CENSORED", device_id: 2 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] saving identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] inserting identity-remote-CENSORED.2
[2022-08-17T08:35:22Z TRACE presage::config::sled] saved identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] storing session for ProtocolAddress { name: "CENSORED.2"
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] sending message to device 3
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.3
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.3
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.3
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] encrypting message for ProtocolAddress { name: "CENSORED", device_id: 3 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.3
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.3
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.3
[2022-08-17T08:35:22Z TRACE presage::config::sled] get identity-remote-CENSORED.3
[2022-08-17T08:35:22Z WARN  presage::config::sled] trusting new identity ProtocolAddress { name: "CENSORED", device_id: 3 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] saving identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] inserting identity-remote-CENSORED.3
[2022-08-17T08:35:22Z TRACE presage::config::sled] saved identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] storing session for ProtocolAddress { name: "CENSORED.3"
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] sending message to device 4
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.4
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.4
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.4
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] encrypting message for ProtocolAddress { name: "CENSORED", device_id: 4 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.4
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.4
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.4
[2022-08-17T08:35:22Z TRACE presage::config::sled] get identity-remote-CENSORED.4
[2022-08-17T08:35:22Z WARN  presage::config::sled] trusting new identity ProtocolAddress { name: "CENSORED", device_id: 4 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] saving identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] inserting identity-remote-CENSORED.4
[2022-08-17T08:35:22Z TRACE presage::config::sled] saved identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] storing session for ProtocolAddress { name: "CENSORED.4"
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] sending message to device 5
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.5
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.5
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.5
[2022-08-17T08:35:22Z TRACE libsignal_service::sender] encrypting message for ProtocolAddress { name: "CENSORED", device_id: 5 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.5
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.5
[2022-08-17T08:35:22Z TRACE presage::config::sled] loading session from session-CENSORED.5
[2022-08-17T08:35:22Z TRACE presage::config::sled] get identity-remote-CENSORED.5
[2022-08-17T08:35:22Z WARN  presage::config::sled] trusting new identity ProtocolAddress { name: "CENSORED", device_id: 5 }
[2022-08-17T08:35:22Z TRACE presage::config::sled] saving identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] inserting identity-remote-CENSORED.5
[2022-08-17T08:35:22Z TRACE presage::config::sled] saved identity
[2022-08-17T08:35:22Z TRACE presage::config::sled] storing session for ProtocolAddress { name: "CENSORED", device_id: 5 } at "session-CENSORED.5"
{
  "destination": "CENSORED",
  "timestamp": 1660725322239,
  "messages": [
    {
      "type": 1,
      "destinationDeviceId": 1,
      "destinationRegistrationId": CENSORED,
      "content": "CENSORED"
    },
    {
      "type": 1,
      "destinationDeviceId": 2,
      "destinationRegistrationId": CENSORED,
      "content": "CENSORED"
    },
    {
      "type": 3,
      "destinationDeviceId": 3,
      "destinationRegistrationId": CENSORED,
      "content": "CENSORED"
    },
    {
      "type": 1,
      "destinationDeviceId": 4,
      "destinationRegistrationId": CENSORED,
      "content": "CENSORED"
    },
    {
      "type": 1,
      "destinationDeviceId": 5,
      "destinationRegistrationId": CENSORED,
      "content": "CENSORED"
    }
  ],
  "online": false
}
[2022-08-17T08:35:22Z DEBUG libsignal_service_hyper::push_service] HTTP request PUT https://chat.signal.org/v1/messages/CENSORED
[2022-08-17T08:35:22Z DEBUG libsignal_service::sender] message sent!

@rubdos
Copy link
Member

rubdos commented Aug 17, 2022

Seems like it should include some retry logic for missing devices, like the one we have for sending messages. Specifically, this is the MismatchedDevicesException logic in libsignal-service/src/sender.rs:489, I think.

Schmiddiii pushed a commit to Schmiddiii/libsignal-service-rs that referenced this pull request Aug 17, 2022
Fix device linking
1155633 
The reason behind <whisperfish#119 (comment)> was a rouge second `Self::json`. This would lead to the whole response being consumed by the first `Self::json` to print the response, the second `Self::json` would then not have to decode a empty response.
@Schmiddiii Schmiddiii mentioned this pull request Aug 17, 2022
Merged
Schmiddiii added a commit to Schmiddiii/presage that referenced this pull request Aug 17, 2022
@Schmiddiii
Update libsignal-service
d7a094f 
This enables the fix in <whisperfish/libsignal-service-rs#119>.
I am not completly sure what name to give the device when registering as
primary device and I am also unsure what device-capabilities presage
has, so I mostly left it at default in combination with the previous
device capabilities.
@Schmiddiii Schmiddiii mentioned this pull request Aug 17, 2022
Merged
@gferon gferon mentioned this pull request Aug 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rubdos rubdos rubdos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix disparity between provisioning with websocket API or REST API
4 participants
@gferon @rubdos @nanu-c @Schmiddiii