Partial fix for issue with publishing invalid bundles #725 #732

Author: chrisballinger

ChatSecure/Classes/Controllers/Errors.swift

@@ -111,6 +111,13 @@ extension EncryptionError: ChatSecureErrorProtocol {
     case serviceUnavailable = 1004
 }
 
+public enum OMEMOBundleError: Error {
+    case unknown
+    case notFound
+    case invalid
+    case keyGeneration
+}
+
 extension OTRXMPPXMLError: ChatSecureErrorProtocol {
     public func code() -> Int {
         return self.rawValue

ChatSecure/Classes/Controllers/OTRAccountSignalEncryptionManager.swift

@@ -67,17 +67,16 @@ extension OTRAccountSignalEncryptionManager {
     /** 
      * This creates all the information necessary to publish a 'bundle' to your XMPP server via PEP. It generates prekeys 0 to 99.
      */
-    public func generateOutgoingBundle(_ preKeyCount:UInt) -> OTROMEMOBundleOutgoing? {
+    public func generateOutgoingBundle(_ preKeyCount:UInt) throws -> OTROMEMOBundleOutgoing {
 
         guard let signedPreKey = self.generateRandomSignedPreKey(), let data = signedPreKey.serializedData() else {
-            return nil
+            throw OMEMOBundleError.keyGeneration
         }
-        _ = self.storage.storeSignedPreKey(data, signedPreKeyId: signedPreKey.preKeyId())
 
         let publicIdentityKey = self.storage.getIdentityKeyPair().publicKey
         let deviceId = self.registrationId
         guard let preKeys = self.generatePreKeys(1, count: preKeyCount) else {
-            return nil
+            throw OMEMOBundleError.keyGeneration
         }
 
         var preKeyDict = [UInt32:Data]()
@@ -86,6 +85,20 @@ extension OTRAccountSignalEncryptionManager {
         }
 
         let bundle = OTROMEMOBundle(deviceId: deviceId, publicIdentityKey: publicIdentityKey, signedPublicPreKey: signedPreKey.keyPair().publicKey, signedPreKeyId: signedPreKey.preKeyId(), signedPreKeySignature: signedPreKey.signature())
+        
+        do {
+            if let preKey = preKeys.first {
+                let _ = try SignalPreKeyBundle(registrationId: 0, deviceId: bundle.deviceId, preKeyId: preKey.preKeyId(), preKeyPublic: preKey.keyPair().publicKey, signedPreKeyId: bundle.signedPreKeyId, signedPreKeyPublic: bundle.signedPublicPreKey, signature: bundle.signedPreKeySignature, identityKey: bundle.publicIdentityKey)
+            } else {
+                DDLogError("Error testing outgoing bundle")
+                throw OMEMOBundleError.invalid
+            }
+        } catch let error {
+            DDLogError("Error creating outgoing bundle: \(error)")
+            throw OMEMOBundleError.invalid
+        }
+        
+        _ = self.storage.storeSignedPreKey(data, signedPreKeyId: signedPreKey.preKeyId())
         return OTROMEMOBundleOutgoing(bundle: bundle, preKeys: preKeyDict)
     }
 
@@ -96,7 +109,7 @@ extension OTRAccountSignalEncryptionManager {
         let deviceId = Int32(bundle.bundle.deviceId)
         let incomingAddress = SignalAddress(name: name.lowercased(), deviceId: deviceId)
         let sessionBuilder = SignalSessionBuilder(address: incomingAddress, context: self.signalContext)
-        let preKeyBundle = SignalPreKeyBundle(registrationId: 0, deviceId: bundle.bundle.deviceId, preKeyId: bundle.preKeyId, preKeyPublic: bundle.preKeyData as Data, signedPreKeyId: bundle.bundle.signedPreKeyId, signedPreKeyPublic: bundle.bundle.signedPublicPreKey as Data, signature: bundle.bundle.signedPreKeySignature as Data, identityKey: bundle.bundle.publicIdentityKey as Data)
+        let preKeyBundle = try SignalPreKeyBundle(registrationId: 0, deviceId: bundle.bundle.deviceId, preKeyId: bundle.preKeyId, preKeyPublic: bundle.preKeyData, signedPreKeyId: bundle.bundle.signedPreKeyId, signedPreKeyPublic: bundle.bundle.signedPublicPreKey, signature: bundle.bundle.signedPreKeySignature, identityKey: bundle.bundle.publicIdentityKey)
 
         return try sessionBuilder.processPreKeyBundle(preKeyBundle)
     }

ChatSecure/Classes/Controllers/OTROMEMOSignalCoordinator.swift

@@ -516,10 +516,13 @@ extension OTROMEMOSignalCoordinator: OMEMOModuleDelegate {
     public func omemo(_ omemo: OMEMOModule, fetchedBundle bundle: OMEMOBundle, from fromJID: XMPPJID, responseIq: XMPPIQ, outgoingIq: XMPPIQ) {
 
         if (self.isOurJID(fromJID) && bundle.deviceId == self.signalEncryptionManager.registrationId) {
+            DDLogVerbose("fetchedOurOwnBundle: \(responseIq) \(outgoingIq)")
+
             //We fetched our own bundle
             if let ourDatabaseBundle = self.fetchMyBundle() {
                 //This bundle doesn't have the correct identity key. Something has gone wrong and we should republish
                 if ourDatabaseBundle.identityKey != bundle.identityKey {
+                    DDLogError("Bundle identityKeys do not match! \(ourDatabaseBundle.identityKey) vs \(bundle.identityKey)")
                     omemo.publishBundle(ourDatabaseBundle, elementId: nil)
                 }
             }
@@ -617,8 +620,35 @@ extension OTROMEMOSignalCoordinator:OMEMOStorageDelegate {
 
     //Always returns most complete bundle with correct count of prekeys
     public func fetchMyBundle() -> OMEMOBundle? {
+        var _bundle: OTROMEMOBundleOutgoing? = nil
 
-        guard let bundle = self.signalEncryptionManager.storage.fetchOurExistingBundle() ?? self.signalEncryptionManager.generateOutgoingBundle(self.preKeyCount) else {
+        do {
+            _bundle = try signalEncryptionManager.storage.fetchOurExistingBundle()
+            
+        } catch let omemoError as OMEMOBundleError {
+            switch omemoError {
+            case .invalid:
+                DDLogError("Found invalid stored bundle!")
+                // delete???
+                break
+            default:
+                break
+            }
+        } catch let error {
+            DDLogError("Other error fetching bundle! \(error)")
+        }
+        let maxTries = 5
+        var tries = 0
+        while _bundle == nil && tries < maxTries {
+            tries = tries + 1
+            do {
+                _bundle = try self.signalEncryptionManager.generateOutgoingBundle(self.preKeyCount)
+            } catch let error {
+                DDLogError("Error generating bundle! Try #\(tries)/\(maxTries) \(error)")
+            }
+        }
+        guard let bundle = _bundle else {
+            DDLogError("Could not fetch or generate valid bundle!")
             return nil
         }
 

ChatSecure/Classes/Controllers/OTRSignalStorageManager.swift

@@ -159,7 +159,7 @@ open class OTRSignalStorageManager: NSObject {
 
      - return: A complete outgoing bundle.
      */
-    open func fetchOurExistingBundle() -> OTROMEMOBundleOutgoing? {
+    open func fetchOurExistingBundle() throws -> OTROMEMOBundleOutgoing {
         var simpleBundle:OTROMEMOBundle? = nil
         //Fetch and create the base bundle
         self.databaseConnection.read { (transaction) in
@@ -178,7 +178,7 @@ open class OTRSignalStorageManager: NSObject {
         }
 
         guard let bundle = simpleBundle else  {
-            return nil
+            throw OMEMOBundleError.notFound
         }
 
         //Gather pieces of outgoing bundle
@@ -198,6 +198,18 @@ open class OTRSignalStorageManager: NSObject {
             }
         })
 
+        do {
+            if let preKey = preKeys.first, let preKeyData = preKey.keyData {
+                let _ = try SignalPreKeyBundle(registrationId: 0, deviceId: bundle.deviceId, preKeyId: preKey.keyId, preKeyPublic: preKeyData, signedPreKeyId: bundle.signedPreKeyId, signedPreKeyPublic: bundle.signedPublicPreKey, signature: bundle.signedPreKeySignature, identityKey: bundle.publicIdentityKey)
+            } else {
+                DDLogError("Error fetching outgoing bundle: no prekeys")
+                throw OMEMOBundleError.invalid
+            }
+        } catch let error {
+            DDLogError("Error fetching outgoing bundle: \(error)")
+            throw error
+        }
+        
         return OTROMEMOBundleOutgoing(bundle: bundle, preKeys: preKeyDict as [UInt32 : Data])
     }
 

ChatSecure/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>4.0.6</string>
+	<string>4.0.7</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleURLTypes</key>
@@ -35,7 +35,7 @@
 		</dict>
 	</array>
 	<key>CFBundleVersion</key>
-	<string>74</string>
+	<string>75</string>
 	<key>FacebookAppID</key>
 	<string>447241325394334</string>
 	<key>FacebookDisplayName</key>