Removing older group verification checks that are superceded by v3 onions
This commit is contained in:
parent
9bf6679572
commit
7b63fe79de
|
@ -38,7 +38,7 @@ type Profile struct {
|
||||||
|
|
||||||
// MaxGroupMessageLength is the maximum length of a message posted to a server group.
|
// MaxGroupMessageLength is the maximum length of a message posted to a server group.
|
||||||
// TODO: Should this be per server?
|
// TODO: Should this be per server?
|
||||||
const MaxGroupMessageLength = 1024
|
const MaxGroupMessageLength = 1800
|
||||||
|
|
||||||
func (p *PublicProfile) init() {
|
func (p *PublicProfile) init() {
|
||||||
p.Attributes = make(map[string]string)
|
p.Attributes = make(map[string]string)
|
||||||
|
@ -261,6 +261,7 @@ func (p *Profile) StartGroupWithMessage(server string, initialMessage []byte) (g
|
||||||
return "", nil, err
|
return "", nil, err
|
||||||
}
|
}
|
||||||
groupID = group.GroupID
|
groupID = group.GroupID
|
||||||
|
group.Owner = p.Onion
|
||||||
signedGroupID := p.SignMessage(groupID + server)
|
signedGroupID := p.SignMessage(groupID + server)
|
||||||
group.SignGroup(signedGroupID)
|
group.SignGroup(signedGroupID)
|
||||||
invite, err = group.Invite(initialMessage)
|
invite, err = group.Invite(initialMessage)
|
||||||
|
@ -295,7 +296,6 @@ func (p *Profile) ProcessInvite(gci *protocol.GroupChatInvite, peerHostname stri
|
||||||
func (p *Profile) AddGroup(group *Group) {
|
func (p *Profile) AddGroup(group *Group) {
|
||||||
existingGroup, exists := p.Groups[group.GroupID]
|
existingGroup, exists := p.Groups[group.GroupID]
|
||||||
if !exists {
|
if !exists {
|
||||||
// TODO More robust error handling (confirm this onion checksum is correct)
|
|
||||||
decodedPub, _ := base32.StdEncoding.DecodeString(strings.ToUpper(group.Owner[:56]))
|
decodedPub, _ := base32.StdEncoding.DecodeString(strings.ToUpper(group.Owner[:56]))
|
||||||
valid := ed25519.Verify(ed25519.PublicKey(decodedPub[:32]), []byte(group.GroupID+group.GroupServer), group.SignedGroupID)
|
valid := ed25519.Verify(ed25519.PublicKey(decodedPub[:32]), []byte(group.GroupID+group.GroupServer), group.SignedGroupID)
|
||||||
if valid {
|
if valid {
|
||||||
|
@ -318,21 +318,6 @@ func (p *Profile) AttemptDecryption(ciphertext []byte, signature []byte) (bool,
|
||||||
for _, group := range p.Groups {
|
for _, group := range p.Groups {
|
||||||
success, dgm := group.DecryptMessage(ciphertext)
|
success, dgm := group.DecryptMessage(ciphertext)
|
||||||
if success {
|
if success {
|
||||||
|
|
||||||
// Assert that we know the owner of the group
|
|
||||||
owner, ok := p.Contacts[group.Owner]
|
|
||||||
if ok {
|
|
||||||
valid := ed25519.Verify(owner.Ed25519PublicKey, []byte(group.GroupID+group.GroupServer), dgm.SignedGroupId)
|
|
||||||
// If we can decrypt the message, but the group id is wrong that means that
|
|
||||||
// this message is from someone who was not invited to the group.
|
|
||||||
// As such this group has been compromised, probably by one of the other members.
|
|
||||||
// We set the flag to be handled by the UX and reject the message.
|
|
||||||
if !valid {
|
|
||||||
group.Compromised()
|
|
||||||
return false, "", nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
verified := p.VerifyGroupMessage(dgm.GetOnion(), group.GroupID, dgm.GetText(), dgm.GetTimestamp(), ciphertext, signature)
|
verified := p.VerifyGroupMessage(dgm.GetOnion(), group.GroupID, dgm.GetText(), dgm.GetTimestamp(), ciphertext, signature)
|
||||||
|
|
||||||
// So we have a message that has a valid group key, but the signature can't be verified.
|
// So we have a message that has a valid group key, but the signature can't be verified.
|
||||||
|
@ -340,12 +325,14 @@ func (p *Profile) AttemptDecryption(ciphertext []byte, signature []byte) (bool,
|
||||||
// Either way, someone who has the private key is being detectably bad so we are just going to throw this message away and mark the group as Compromised.
|
// Either way, someone who has the private key is being detectably bad so we are just going to throw this message away and mark the group as Compromised.
|
||||||
if !verified {
|
if !verified {
|
||||||
group.Compromised()
|
group.Compromised()
|
||||||
return false, "", nil
|
return false, group.GroupID, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return true, group.GroupID, group.AddMessage(dgm, signature)
|
return true, group.GroupID, group.AddMessage(dgm, signature)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If we couldn't find a group to decrypt the message with we just return false. This is an expected case
|
||||||
return false, "", nil
|
return false, "", nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue