Skip to content

Commit

Permalink
Merge branch 'nt/kbs-migration'
Browse files Browse the repository at this point in the history
  • Loading branch information
Imperiopolis committed Oct 6, 2020
2 parents d0752fa + 377a151 commit 5c7fd02
Show file tree
Hide file tree
Showing 5 changed files with 293 additions and 84 deletions.
64 changes: 35 additions & 29 deletions SignalServiceKit/src/Remote Attestation/RemoteAttestation.swift
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ import PromiseKit

extension RemoteAttestation {

struct EnclaveConfig {
let enclaveName: String
let mrenclave: String
let host: String
let censorshipCircumventionPrefix: String
}

// MARK: - Dependencies

private static var networkManager: TSNetworkManager {
Expand All @@ -15,8 +22,20 @@ extension RemoteAttestation {

// MARK: -

public static func performForKeyBackup(auth: RemoteAttestationAuth?) -> Promise<RemoteAttestation> {
return performAttestation(for: .keyBackup, auth: auth).map { attestationResponse -> RemoteAttestation in
public static func performForKeyBackup(
auth: RemoteAttestationAuth?,
enclave: KeyBackupEnclave
) -> Promise<RemoteAttestation> {
return performAttestation(
for: .keyBackup,
auth: auth,
config: EnclaveConfig(
enclaveName: enclave.name,
mrenclave: enclave.mrenclave,
host: TSConstants.keyBackupURL,
censorshipCircumventionPrefix: TSConstants.keyBackupCensorshipPrefix
)
).map { attestationResponse -> RemoteAttestation in
return try parseAttestation(params: attestationResponse.responseBody,
clientEphemeralKeyPair: attestationResponse.clientEphemeralKeyPair,
cookies: attestationResponse.cookies,
Expand All @@ -37,7 +56,15 @@ extension RemoteAttestation {
}

public static func performForCDS() -> Promise<CDSAttestation> {
return performAttestation(for: .contactDiscovery).map { attestationResponse -> CDSAttestation in
return performAttestation(
for: .contactDiscovery,
config: EnclaveConfig(
enclaveName: TSConstants.contactDiscoveryEnclaveName,
mrenclave: TSConstants.contactDiscoveryMrEnclave,
host: TSConstants.contactDiscoveryURL,
censorshipCircumventionPrefix: TSConstants.contactDiscoveryCensorshipPrefix
)
).map { attestationResponse -> CDSAttestation in
let attestationBody: [CDSAttestation.Id: [String: Any]] = try attestationResponse.responseBody.required(key: "attestations")

// The client MUST reject server responses with more than 3 Remote Attestation Responses attached,
Expand Down Expand Up @@ -79,15 +106,18 @@ extension RemoteAttestation {
let auth: RemoteAttestationAuth
}

private static func performAttestation(for service: RemoteAttestationService, auth: RemoteAttestationAuth? = nil) -> Promise<AttestationResponse> {
private static func performAttestation(
for service: RemoteAttestationService,
auth: RemoteAttestationAuth? = nil,
config: EnclaveConfig
) -> Promise<AttestationResponse> {
firstly(on: .global()) { () -> Promise<RemoteAttestationAuth> in
if let auth = auth {
return Promise.value(auth)
} else {
return getAuth(for: service)
}
}.then(on: .global()) { auth -> Promise<AttestationResponse> in
let config = enclaveConfig(for: service)
let clientEphemeralKeyPair = Curve25519.generateKeyPair()

let request = remoteAttestationRequest(enclaveName: config.enclaveName,
Expand Down Expand Up @@ -194,30 +224,6 @@ extension RemoteAttestation {
Logger.verbose("remote attestation complete")
return RemoteAttestation(cookies: cookies, keys: keys, requestId: requestId, enclaveName: enclaveName, auth: auth)
}

// MARK: -

struct EnclaveConfig {
let enclaveName: String
let mrenclave: String
let host: String
let censorshipCircumventionPrefix: String
}

private static func enclaveConfig(for service: RemoteAttestationService) -> EnclaveConfig {
switch service {
case .contactDiscovery:
return EnclaveConfig(enclaveName: TSConstants.contactDiscoveryEnclaveName,
mrenclave: TSConstants.contactDiscoveryMrEnclave,
host: TSConstants.contactDiscoveryURL,
censorshipCircumventionPrefix: TSConstants.contactDiscoveryCensorshipPrefix)
case .keyBackup:
return EnclaveConfig(enclaveName: TSConstants.keyBackupEnclaveName,
mrenclave: TSConstants.keyBackupMrEnclave,
host: TSConstants.keyBackupURL,
censorshipCircumventionPrefix: TSConstants.keyBackupCensorshipPrefix)
}
}
}

public extension RemoteAttestationError {
Expand Down
53 changes: 38 additions & 15 deletions SignalServiceKit/src/TSConstants.swift
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,20 @@ private protocol TSConstantsProtocol: class {
var contactDiscoveryEnclaveName: String { get }
var contactDiscoveryMrEnclave: String { get }

var keyBackupEnclaveName: String { get }
var keyBackupMrEnclave: String { get }
var keyBackupServiceId: String { get }
var keyBackupEnclave: KeyBackupEnclave { get }
var keyBackupPreviousEnclaves: [KeyBackupEnclave] { get }

var applicationGroup: String { get }

var serverPublicParamsBase64: String { get }
}

public struct KeyBackupEnclave: Equatable {
let name: String
let mrenclave: String
let serviceId: String
}

// MARK: -

@objc
Expand Down Expand Up @@ -82,12 +87,8 @@ public class TSConstants: NSObject {
@objc
public static var contactDiscoveryMrEnclave: String { return shared.contactDiscoveryMrEnclave }

@objc
public static var keyBackupEnclaveName: String { return shared.keyBackupEnclaveName }
@objc
public static var keyBackupMrEnclave: String { return shared.keyBackupMrEnclave }
@objc
public static var keyBackupServiceId: String { return shared.keyBackupServiceId }
static var keyBackupEnclave: KeyBackupEnclave { shared.keyBackupEnclave }
static var keyBackupPreviousEnclaves: [KeyBackupEnclave] { shared.keyBackupPreviousEnclaves }

@objc
public static var applicationGroup: String { return shared.applicationGroup }
Expand Down Expand Up @@ -173,9 +174,17 @@ private class TSConstantsProduction: TSConstantsProtocol {
return contactDiscoveryEnclaveName
}

public let keyBackupEnclaveName = "fe7c1bfae98f9b073d220366ea31163ee82f6d04bead774f71ca8e5c40847bfe"
public let keyBackupMrEnclave = "a3baab19ef6ce6f34ab9ebb25ba722725ae44a8872dc0ff08ad6d83a9489de87"
public let keyBackupServiceId = "fe7c1bfae98f9b073d220366ea31163ee82f6d04bead774f71ca8e5c40847bfe"
public let keyBackupEnclave = KeyBackupEnclave(
name: "fe7c1bfae98f9b073d220366ea31163ee82f6d04bead774f71ca8e5c40847bfe",
mrenclave: "a3baab19ef6ce6f34ab9ebb25ba722725ae44a8872dc0ff08ad6d83a9489de87",
serviceId: "fe7c1bfae98f9b073d220366ea31163ee82f6d04bead774f71ca8e5c40847bfe"
)

// An array of previously used enclaves that we should try and restore
// key material from during registration. These must be ordered from
// newest to oldest, so we check the latest enclaves for backups before
// checking earlier enclaves.
public let keyBackupPreviousEnclaves = [KeyBackupEnclave]()

public let applicationGroup = "group.org.whispersystems.signal.group"

Expand Down Expand Up @@ -212,9 +221,23 @@ private class TSConstantsStaging: TSConstantsProtocol {
return contactDiscoveryEnclaveName
}

public let keyBackupEnclaveName = "823a3b2c037ff0cbe305cc48928cfcc97c9ed4a8ca6d49af6f7d6981fb60a4e9"
public let keyBackupMrEnclave = "a3baab19ef6ce6f34ab9ebb25ba722725ae44a8872dc0ff08ad6d83a9489de87"
public let keyBackupServiceId = "038c40bbbacdc873caa81ac793bb75afde6dfe436a99ab1f15e3f0cbb7434ced"
public let keyBackupEnclave = KeyBackupEnclave(
name: "dcd2f0b7b581068569f19e9ccb6a7ab1a96912d09dde12ed1464e832c63fa948",
mrenclave: "9db0568656c53ad65bb1c4e1b54ee09198828699419ec0f63cf326e79827ab23",
serviceId: "89e160bfc95aa13e71caeea0cdbf3492b41c7ce3fc7c093112af7825f396682b"
)

// An array of previously used enclaves that we should try and restore
// key material from during registration. These must be ordered from
// newest to oldest, so we check the latest enclaves for backups before
// checking earlier enclaves.
public let keyBackupPreviousEnclaves = [
KeyBackupEnclave(
name: "823a3b2c037ff0cbe305cc48928cfcc97c9ed4a8ca6d49af6f7d6981fb60a4e9",
mrenclave: "a3baab19ef6ce6f34ab9ebb25ba722725ae44a8872dc0ff08ad6d83a9489de87",
serviceId: "038c40bbbacdc873caa81ac793bb75afde6dfe436a99ab1f15e3f0cbb7434ced"
)
]

public let applicationGroup = "group.org.whispersystems.signal.group.staging"

Expand Down
Loading

0 comments on commit 5c7fd02

Please sign in to comment.