{"name":"familyName","parameterTypes":[] },
{"name":"givenName","parameterTypes":[] },
{"name":"lastUpdateTimestamp","parameterTypes":[] },
- {"name":"paymentAddress","parameterTypes":[] }
+ {"name":"mobileCoinAddress","parameterTypes":[] }
]
},
{
{"name":"padding_"}
]
},
+{
+ "name":"org.whispersystems.signalservice.internal.push.SignalServiceProtos$PaymentAddress",
+ "fields":[
+ {"name":"addressCase_"},
+ {"name":"address_"}
+ ]
+},
+{
+ "name":"org.whispersystems.signalservice.internal.push.SignalServiceProtos$PaymentAddress$MobileCoinAddress",
+ "fields":[
+ {"name":"address_"},
+ {"name":"bitField0_"},
+ {"name":"signature_"}
+ ]
+},
{
"name":"org.whispersystems.signalservice.internal.push.SignalServiceProtos$Preview",
"fields":[
package org.asamk.signal.manager.helper;
-import com.google.protobuf.InvalidProtocolBufferException;
-
import org.asamk.signal.manager.SignalDependencies;
import org.asamk.signal.manager.config.ServiceConfig;
import org.asamk.signal.manager.groups.GroupNotFoundException;
import org.asamk.signal.manager.storage.recipients.RecipientId;
import org.asamk.signal.manager.util.IOUtils;
import org.asamk.signal.manager.util.KeyUtils;
+import org.asamk.signal.manager.util.PaymentUtils;
import org.asamk.signal.manager.util.ProfileUtils;
import org.asamk.signal.manager.util.Utils;
import org.signal.libsignal.protocol.IdentityKey;
import org.whispersystems.signalservice.api.push.exceptions.NotFoundException;
import org.whispersystems.signalservice.api.push.exceptions.PushNetworkException;
import org.whispersystems.signalservice.api.services.ProfileService;
-import org.whispersystems.signalservice.internal.push.SignalServiceProtos;
import java.io.File;
import java.io.IOException;
final var avatarUploadParams = streamDetails != null
? AvatarUploadParams.forAvatar(streamDetails)
: avatar == null ? AvatarUploadParams.unchanged(true) : AvatarUploadParams.unchanged(false);
- final var paymentsAddress = Optional.ofNullable(newProfile.getPaymentAddress()).map(data -> {
- try {
- return SignalServiceProtos.PaymentAddress.parseFrom(data);
- } catch (InvalidProtocolBufferException e) {
- return null;
- }
- });
+ final var paymentsAddress = Optional.ofNullable(newProfile.getMobileCoinAddress())
+ .map(address -> PaymentUtils.signPaymentsAddress(address,
+ account.getAciIdentityKeyPair().getPrivateKey()));
logger.debug("Uploading new profile");
final var avatarPath = dependencies.getAccountManager()
.setVersionedProfile(account.getAci(),
private final String avatarUrlPath;
- private final byte[] paymentAddress;
+ private final byte[] mobileCoinAddress;
private final UnidentifiedAccessMode unidentifiedAccessMode;
final String about,
final String aboutEmoji,
final String avatarUrlPath,
- final byte[] paymentAddress,
+ final byte[] mobileCoinAddress,
final UnidentifiedAccessMode unidentifiedAccessMode,
final Set<Capability> capabilities
) {
this.about = about;
this.aboutEmoji = aboutEmoji;
this.avatarUrlPath = avatarUrlPath;
- this.paymentAddress = paymentAddress;
+ this.mobileCoinAddress = mobileCoinAddress;
this.unidentifiedAccessMode = unidentifiedAccessMode;
this.capabilities = capabilities;
}
about = builder.about;
aboutEmoji = builder.aboutEmoji;
avatarUrlPath = builder.avatarUrlPath;
- paymentAddress = builder.paymentAddress;
+ mobileCoinAddress = builder.mobileCoinAddress;
unidentifiedAccessMode = builder.unidentifiedAccessMode;
capabilities = builder.capabilities;
}
builder.about = copy.getAbout();
builder.aboutEmoji = copy.getAboutEmoji();
builder.avatarUrlPath = copy.getAvatarUrlPath();
- builder.paymentAddress = copy.getPaymentAddress();
+ builder.mobileCoinAddress = copy.getMobileCoinAddress();
builder.unidentifiedAccessMode = copy.getUnidentifiedAccessMode();
builder.capabilities = copy.getCapabilities();
return builder;
return avatarUrlPath;
}
- public byte[] getPaymentAddress() {
- return paymentAddress;
+ public byte[] getMobileCoinAddress() {
+ return mobileCoinAddress;
}
public UnidentifiedAccessMode getUnidentifiedAccessMode() {
private String about;
private String aboutEmoji;
private String avatarUrlPath;
- private byte[] paymentAddress;
+ private byte[] mobileCoinAddress;
private UnidentifiedAccessMode unidentifiedAccessMode = UnidentifiedAccessMode.UNKNOWN;
private Set<Capability> capabilities = Collections.emptySet();
private long lastUpdateTimestamp = 0;
return this;
}
- public Builder withPaymentAddress(final byte[] val) {
- paymentAddress = val;
+ public Builder withMobileCoinAddress(final byte[] val) {
+ mobileCoinAddress = val;
return this;
}
}
r.profile.about,
r.profile.aboutEmoji,
r.profile.avatarUrlPath,
- r.profile.paymentAddress == null
+ r.profile.mobileCoinAddress == null
? null
- : Base64.getDecoder().decode(r.profile.paymentAddress),
+ : Base64.getDecoder().decode(r.profile.mobileCoinAddress),
Profile.UnidentifiedAccessMode.valueOfOrUnknown(r.profile.unidentifiedAccessMode),
r.profile.capabilities.stream()
.map(Profile.Capability::valueOfOrNull)
recipientProfile.getAbout(),
recipientProfile.getAboutEmoji(),
recipientProfile.getAvatarUrlPath(),
- recipientProfile.getPaymentAddress() == null
+ recipientProfile.getMobileCoinAddress() == null
? null
- : base64.encodeToString(recipientProfile.getPaymentAddress()),
+ : base64.encodeToString(recipientProfile.getMobileCoinAddress()),
recipientProfile.getUnidentifiedAccessMode().name(),
recipientProfile.getCapabilities().stream().map(Enum::name).collect(Collectors.toSet()));
return new Storage.Recipient(pair.getKey().id(),
String about,
String aboutEmoji,
String avatarUrlPath,
- String paymentAddress,
+ String mobileCoinAddress,
String unidentifiedAccessMode,
Set<String> capabilities
) {}
--- /dev/null
+package org.asamk.signal.manager.util;
+
+import com.google.protobuf.ByteString;
+
+import org.signal.libsignal.protocol.IdentityKey;
+import org.signal.libsignal.protocol.IdentityKeyPair;
+import org.signal.libsignal.protocol.ecc.ECPrivateKey;
+import org.signal.libsignal.protocol.ecc.ECPublicKey;
+import org.whispersystems.signalservice.internal.push.SignalServiceProtos;
+
+public class PaymentUtils {
+
+ private PaymentUtils() {
+ }
+
+ /**
+ * Signs the supplied address bytes with the {@link IdentityKeyPair}'s private key and returns a proto that includes it, and it's signature.
+ */
+ public static SignalServiceProtos.PaymentAddress signPaymentsAddress(
+ byte[] publicAddressBytes, ECPrivateKey privateKey
+ ) {
+ byte[] signature = privateKey.calculateSignature(publicAddressBytes);
+
+ return SignalServiceProtos.PaymentAddress.newBuilder()
+ .setMobileCoinAddress(SignalServiceProtos.PaymentAddress.MobileCoinAddress.newBuilder()
+ .setAddress(ByteString.copyFrom(publicAddressBytes))
+ .setSignature(ByteString.copyFrom(signature)))
+ .build();
+ }
+
+ /**
+ * Verifies that the payments address is signed with the supplied {@link IdentityKey}.
+ * <p>
+ * Returns the validated bytes if so, otherwise returns null.
+ */
+ public static byte[] verifyPaymentsAddress(
+ SignalServiceProtos.PaymentAddress paymentAddress, ECPublicKey publicKey
+ ) {
+ if (!paymentAddress.hasMobileCoinAddress()) {
+ return null;
+ }
+
+ byte[] bytes = paymentAddress.getMobileCoinAddress().getAddress().toByteArray();
+ byte[] signature = paymentAddress.getMobileCoinAddress().getSignature().toByteArray();
+
+ if (signature.length != 64 || !publicKey.verifySignature(bytes, signature)) {
+ return null;
+ }
+
+ return bytes;
+ }
+}
package org.asamk.signal.manager.util;
+import com.google.protobuf.InvalidProtocolBufferException;
+
import org.asamk.signal.manager.api.Pair;
import org.asamk.signal.manager.storage.recipients.Profile;
+import org.signal.libsignal.protocol.IdentityKey;
+import org.signal.libsignal.protocol.InvalidKeyException;
+import org.signal.libsignal.protocol.ecc.ECPublicKey;
import org.signal.libsignal.zkgroup.profiles.ProfileKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
import org.whispersystems.signalservice.api.crypto.ProfileCipher;
import org.whispersystems.signalservice.api.profiles.SignalServiceProfile;
+import org.whispersystems.signalservice.internal.push.SignalServiceProtos;
+import java.io.IOException;
import java.util.Base64;
import java.util.HashSet;
final ProfileKey profileKey, final SignalServiceProfile encryptedProfile
) {
var profileCipher = new ProfileCipher(profileKey);
+ IdentityKey identityKey = null;
+ try {
+ identityKey = new IdentityKey(Base64.getDecoder().decode(encryptedProfile.getIdentityKey()), 0);
+ } catch (InvalidKeyException ignored) {
+ }
+
try {
var name = decrypt(encryptedProfile.getName(), profileCipher);
var about = trimZeros(decrypt(encryptedProfile.getAbout(), profileCipher));
about,
aboutEmoji,
encryptedProfile.getAvatar(),
- encryptedProfile.getPaymentAddress(),
+ identityKey == null || encryptedProfile.getPaymentAddress() == null
+ ? null
+ : decryptAndVerifyMobileCoinAddress(encryptedProfile.getPaymentAddress(),
+ profileCipher,
+ identityKey.getPublicKey()),
getUnidentifiedAccessMode(encryptedProfile, profileCipher),
getCapabilities(encryptedProfile));
} catch (InvalidCiphertextException e) {
}
}
+ private static byte[] decryptAndVerifyMobileCoinAddress(
+ final byte[] encryptedPaymentAddress, final ProfileCipher profileCipher, final ECPublicKey publicKey
+ ) throws InvalidCiphertextException {
+ byte[] decrypted;
+ try {
+ decrypted = profileCipher.decryptWithLength(encryptedPaymentAddress);
+ } catch (IOException e) {
+ return null;
+ }
+
+ SignalServiceProtos.PaymentAddress paymentAddress;
+ try {
+ paymentAddress = SignalServiceProtos.PaymentAddress.parseFrom(decrypted);
+ } catch (InvalidProtocolBufferException e) {
+ return null;
+ }
+
+ return PaymentUtils.verifyPaymentsAddress(paymentAddress, publicKey);
+ }
+
private static Pair<String, String> splitName(String name) {
if (name == null) {
return new Pair<>(null, null);
r.getProfile().getFamilyName(),
r.getProfile().getAbout(),
r.getProfile().getAboutEmoji(),
- r.getProfile().getPaymentAddress() == null
+ r.getProfile().getMobileCoinAddress() == null
? null
: Base64.getEncoder()
- .encodeToString(r.getProfile().getPaymentAddress())));
+ .encodeToString(r.getProfile().getMobileCoinAddress())));
}).toList();
writer.write(jsonContacts);
}
private record JsonContact(
- String number,
- String uuid,
- String name,
- boolean isBlocked,
- int messageExpirationTime,
- JsonProfile profile
+ String number, String uuid, String name, boolean isBlocked, int messageExpirationTime, JsonProfile profile
) {
private record JsonProfile(
String familyName,
String about,
String aboutEmoji,
- String paymentAddress
+ String mobileCoinAddress
) {}
}
}
git.nmode.ca / signal-cli / commitdiff
