Merge pull request #460 from oxen-io/security

Add Option to Delete All Network Data
2021-07-12 14:10:10 +10:00 · 2021-07-12 14:10:10 +10:00 · 45725b3e3b
parent 13e255892f 0307eba6ef
commit 45725b3e3b
5 changed files with 216 additions and 58 deletions
--- a/Session/Meta/Translations/en.lproj/Localizable.strings
+++ b/Session/Meta/Translations/en.lproj/Localizable.strings
@ -494,6 +494,11 @@
 "modal_seed_explanation" = "This is your recovery phrase. With it, you can restore or migrate your Session ID to a new device.";
 "modal_clear_all_data_title" = "Clear All Data";
 "modal_clear_all_data_explanation" = "This will permanently delete your messages, sessions, and contacts.";
+"modal_clear_all_data_explanation_2" = "Would you like to clear only this device, or delete your entire account?";
+"dialog_clear_all_data_deletion_failed_1" = "Data not deleted by 1 Service Node. Service Node ID: %@.";
+"dialog_clear_all_data_deletion_failed_2" = "Data not deleted by %@ Service Nodes. Service Node IDs: %@.";
+"modal_clear_all_data_device_only_button_title" = "Device Only";
+"modal_clear_all_data_entire_account_button_title" = "Entire Account";
 "vc_qr_code_title" = "QR Code";
 "vc_qr_code_view_my_qr_code_tab_title" = "View My QR Code";
 "vc_qr_code_view_scan_qr_code_tab_title" = "Scan QR Code";
--- a/Session/Settings/NukeDataModal.swift
+++ b/Session/Settings/NukeDataModal.swift
@ -1,73 +1,160 @@
+import SessionSnodeKit

@objc(LKNukeDataModal)
 final class NukeDataModal : Modal {
    
+    // MARK: Components
+    private lazy var titleLabel: UILabel = {
+        let result = UILabel()
+        result.textColor = Colors.text
+        result.font = .boldSystemFont(ofSize: Values.mediumFontSize)
+        result.text = NSLocalizedString("modal_clear_all_data_title", comment: "")
+        result.numberOfLines = 0
+        result.lineBreakMode = .byWordWrapping
+        result.textAlignment = .center
+        return result
+    }()
+    
+    private lazy var explanationLabel: UILabel = {
+        let result = UILabel()
+        result.textColor = Colors.text.withAlphaComponent(Values.mediumOpacity)
+        result.font = .systemFont(ofSize: Values.smallFontSize)
+        result.text = NSLocalizedString("modal_clear_all_data_explanation", comment: "")
+        result.numberOfLines = 0
+        result.textAlignment = .center
+        result.lineBreakMode = .byWordWrapping
+        return result
+    }()
+    
+    private lazy var clearDataButton: UIButton = {
+        let result = UIButton()
+        result.set(.height, to: Values.mediumButtonHeight)
+        result.layer.cornerRadius = Modal.buttonCornerRadius
+        if isDarkMode {
+            result.backgroundColor = Colors.destructive
+        }
+        result.titleLabel!.font = .systemFont(ofSize: Values.smallFontSize)
+        result.setTitleColor(isLightMode ? Colors.destructive : Colors.text, for: UIControl.State.normal)
+        result.setTitle(NSLocalizedString("TXT_DELETE_TITLE", comment: ""), for: UIControl.State.normal)
+        result.addTarget(self, action: #selector(clearAllData), for: UIControl.Event.touchUpInside)
+        return result
+    }()
+    
+    private lazy var buttonStackView1: UIStackView = {
+        let result = UIStackView(arrangedSubviews: [ cancelButton, clearDataButton ])
+        result.axis = .horizontal
+        result.spacing = Values.mediumSpacing
+        result.distribution = .fillEqually
+        return result
+    }()
+    
+    private lazy var deviceOnlyButton: UIButton = {
+        let result = UIButton()
+        result.set(.height, to: Values.mediumButtonHeight)
+        result.layer.cornerRadius = Modal.buttonCornerRadius
+        result.backgroundColor = Colors.buttonBackground
+        result.titleLabel!.font = .systemFont(ofSize: Values.smallFontSize)
+        result.setTitleColor(Colors.text, for: UIControl.State.normal)
+        result.setTitle(NSLocalizedString("modal_clear_all_data_device_only_button_title", comment: ""), for: UIControl.State.normal)
+        result.addTarget(self, action: #selector(clearDeviceOnly), for: UIControl.Event.touchUpInside)
+        return result
+    }()
+    
+    private lazy var entireAccountButton: UIButton = {
+        let result = UIButton()
+        result.set(.height, to: Values.mediumButtonHeight)
+        result.layer.cornerRadius = Modal.buttonCornerRadius
+        if isDarkMode {
+            result.backgroundColor = Colors.destructive
+        }
+        result.titleLabel!.font = .systemFont(ofSize: Values.smallFontSize)
+        result.setTitleColor(isLightMode ? Colors.destructive : Colors.text, for: UIControl.State.normal)
+        result.setTitle(NSLocalizedString("modal_clear_all_data_entire_account_button_title", comment: ""), for: UIControl.State.normal)
+        result.addTarget(self, action: #selector(clearEntireAccount), for: UIControl.Event.touchUpInside)
+        return result
+    }()
+    
+    private lazy var buttonStackView2: UIStackView = {
+        let result = UIStackView(arrangedSubviews: [ deviceOnlyButton, entireAccountButton ])
+        result.axis = .horizontal
+        result.spacing = Values.mediumSpacing
+        result.distribution = .fillEqually
+        result.alpha = 0
+        return result
+    }()
+    
+    private lazy var buttonStackViewContainer: UIView = {
+        let result = UIView()
+        result.addSubview(buttonStackView2)
+        buttonStackView2.pin(to: result)
+        result.addSubview(buttonStackView1)
+        buttonStackView1.pin(to: result)
+        return result
+    }()
+    
+    private lazy var mainStackView: UIStackView = {
+        let result = UIStackView(arrangedSubviews: [ titleLabel, explanationLabel, buttonStackViewContainer ])
+        result.axis = .vertical
+        result.spacing = Values.largeSpacing
+        return result
+    }()
+    
    // MARK: Lifecycle
    override func populateContentView() {
-        // Set up title label
-        let titleLabel = UILabel()
-        titleLabel.textColor = Colors.text
-        titleLabel.font = .boldSystemFont(ofSize: Values.mediumFontSize)
-        titleLabel.text = NSLocalizedString("modal_clear_all_data_title", comment: "")
-        titleLabel.numberOfLines = 0
-        titleLabel.lineBreakMode = .byWordWrapping
-        titleLabel.textAlignment = .center
-        // Set up explanation label
-        let explanationLabel = UILabel()
-        explanationLabel.textColor = Colors.text.withAlphaComponent(Values.mediumOpacity)
-        explanationLabel.font = .systemFont(ofSize: Values.smallFontSize)
-        explanationLabel.text = NSLocalizedString("modal_clear_all_data_explanation", comment: "")
-        explanationLabel.numberOfLines = 0
-        explanationLabel.textAlignment = .center
-        explanationLabel.lineBreakMode = .byWordWrapping
-        // Set up nuke data button
-        let nukeDataButton = UIButton()
-        nukeDataButton.set(.height, to: Values.mediumButtonHeight)
-        nukeDataButton.layer.cornerRadius = Modal.buttonCornerRadius
-        if isDarkMode {
-            nukeDataButton.backgroundColor = Colors.destructive
-        }
-        nukeDataButton.titleLabel!.font = .systemFont(ofSize: Values.smallFontSize)
-        nukeDataButton.setTitleColor(isLightMode ? Colors.destructive : Colors.text, for: UIControl.State.normal)
-        nukeDataButton.setTitle(NSLocalizedString("TXT_DELETE_TITLE", comment: ""), for: UIControl.State.normal)
-        nukeDataButton.addTarget(self, action: #selector(nuke), for: UIControl.Event.touchUpInside)
-        // Set up button stack view
-        let buttonStackView = UIStackView(arrangedSubviews: [ cancelButton, nukeDataButton ])
-        buttonStackView.axis = .horizontal
-        buttonStackView.spacing = Values.mediumSpacing
-        buttonStackView.distribution = .fillEqually
-        // Set up stack view
-        let stackView = UIStackView(arrangedSubviews: [ titleLabel, explanationLabel, buttonStackView ])
-        stackView.axis = .vertical
-        stackView.spacing = Values.largeSpacing
-        contentView.addSubview(stackView)
-        stackView.pin(.leading, to: .leading, of: contentView, withInset: Values.largeSpacing)
-        stackView.pin(.top, to: .top, of: contentView, withInset: Values.largeSpacing)
-        contentView.pin(.trailing, to: .trailing, of: stackView, withInset: Values.largeSpacing)
-        contentView.pin(.bottom, to: .bottom, of: stackView, withInset: Values.largeSpacing)
+        contentView.addSubview(mainStackView)
+        mainStackView.pin(.leading, to: .leading, of: contentView, withInset: Values.largeSpacing)
+        mainStackView.pin(.top, to: .top, of: contentView, withInset: Values.largeSpacing)
+        contentView.pin(.trailing, to: .trailing, of: mainStackView, withInset: Values.largeSpacing)
+        contentView.pin(.bottom, to: .bottom, of: mainStackView, withInset: Values.largeSpacing)
    }
    
    // MARK: Interaction
-    @objc private func nuke() {
-        func proceed() {
-            let appDelegate = UIApplication.shared.delegate as! AppDelegate
-            ModalActivityIndicatorViewController.present(fromViewController: self, canCancel: false) { [weak self] _ in
-                appDelegate.forceSyncConfigurationNowIfNeeded().ensure(on: DispatchQueue.main) {
-                    self?.dismiss(animated: true, completion: nil) // Dismiss the loader
+    @objc private func clearAllData() {
+        UIView.animate(withDuration: 0.25) {
+            self.buttonStackView1.alpha = 0
+            self.buttonStackView2.alpha = 1
+        }
+        UIView.transition(with: explanationLabel, duration: 0.25, options: .transitionCrossDissolve, animations: {
+            self.explanationLabel.text = NSLocalizedString("modal_clear_all_data_explanation_2", comment: "")
+        }, completion: nil)
+    }
+    
+    @objc private func clearDeviceOnly() {
+        let appDelegate = UIApplication.shared.delegate as! AppDelegate
+        ModalActivityIndicatorViewController.present(fromViewController: self, canCancel: false) { [weak self] _ in
+            appDelegate.forceSyncConfigurationNowIfNeeded().ensure(on: DispatchQueue.main) {
+                self?.dismiss(animated: true, completion: nil) // Dismiss the loader
+                UserDefaults.removeAll() // Not done in the nuke data implementation as unlinking requires this to happen later
+                NotificationCenter.default.post(name: .dataNukeRequested, object: nil)
+            }.retainUntilComplete()
+        }
+    }
+    
+    @objc private func clearEntireAccount() {
+        ModalActivityIndicatorViewController.present(fromViewController: self, canCancel: false) { [weak self] _ in
+            SnodeAPI.clearAllData().done(on: DispatchQueue.main) { confirmations in
+                self?.dismiss(animated: true, completion: nil) // Dismiss the loader
+                let potentiallyMaliciousSnodes = confirmations.compactMap { $0.value == false ? $0.key : nil }
+                if potentiallyMaliciousSnodes.isEmpty {
                    UserDefaults.removeAll() // Not done in the nuke data implementation as unlinking requires this to happen later
                    NotificationCenter.default.post(name: .dataNukeRequested, object: nil)
-                }.retainUntilComplete()
+                } else {
+                    let message: String
+                    if potentiallyMaliciousSnodes.count == 1 {
+                        message = String(format: NSLocalizedString("dialog_clear_all_data_deletion_failed_1", comment: ""), potentiallyMaliciousSnodes[0])
+                    } else {
+                        message = String(format: NSLocalizedString("dialog_clear_all_data_deletion_failed_2", comment: ""), String(potentiallyMaliciousSnodes.count), potentiallyMaliciousSnodes.joined(separator: ", "))
+                    }
+                    let alert = UIAlertController(title: "Error", message: message, preferredStyle: .alert)
+                    alert.addAction(UIAlertAction(title: NSLocalizedString("OK", comment: ""), style: .default, handler: nil))
+                    self?.presentAlert(alert)
+                }
+            }.catch(on: DispatchQueue.main) { error in
+                self?.dismiss(animated: true, completion: nil) // Dismiss the loader
+                let alert = UIAlertController(title: "Error", message: error.localizedDescription, preferredStyle: .alert)
+                alert.addAction(UIAlertAction(title: NSLocalizedString("OK", comment: ""), style: .default, handler: nil))
+                self?.presentAlert(alert)
            }
        }
-        if KeyPairUtilities.hasV2KeyPair() {
-            proceed()
-        } else {
-            presentingViewController?.dismiss(animated: true, completion: nil)
-            let message = "We’ve upgraded the way Session IDs are generated, so you will be unable to restore your current Session ID."
-            let alert = UIAlertController(title: "Are You Sure?", message: message, preferredStyle: .alert)
-            alert.addAction(UIAlertAction(title: "Yes", style: .destructive) { _ in proceed() })
-            alert.addAction(UIAlertAction(title: "Cancel", style: .default, handler: nil))
-            presentingViewController?.present(alert, animated: true, completion: nil)
-        }
    }
 }
--- a/SessionSnodeKit/Snode.swift
+++ b/SessionSnodeKit/Snode.swift
@ -15,6 +15,8 @@ public final class Snode : NSObject, NSCoding { // NSObject/NSCoding conformance
        case getMessages = "retrieve"
        case sendMessage = "store"
        case oxenDaemonRPCCall = "oxend_request"
+        case getInfo = "info"
+        case clearAllData = "delete_all"
    }

    public struct KeySet {
--- a/SessionSnodeKit/SnodeAPI.swift
+++ b/SessionSnodeKit/SnodeAPI.swift
@ -30,6 +30,8 @@ public final class SnodeAPI : NSObject {
        case clockOutOfSync
        case snodePoolUpdatingFailed
        case inconsistentSnodePools
+        case noKeyPair
+        case signingFailed
        // ONS
        case decryptionFailed
        case hashingFailed
@ -41,6 +43,8 @@ public final class SnodeAPI : NSObject {
            case .clockOutOfSync: return "Your clock is out of sync with the Service Node network. Please check that your device's clock is set to automatic time."
            case .snodePoolUpdatingFailed: return "Failed to update the Service Node pool."
            case .inconsistentSnodePools: return "Received inconsistent Service Node pool information from the Service Node network."
+            case .noKeyPair: return "Missing user key pair."
+            case .signingFailed: return "Couldn't sign message."
            // ONS
            case .decryptionFailed: return "Couldn't decrypt ONS name."
            case .hashingFailed: return "Couldn't compute ONS name hash."
@ -130,6 +134,14 @@ public final class SnodeAPI : NSObject {
        }
    }
    
+    private static func getNetworkTime(from snode: Snode) -> Promise<UInt64> {
+        return invoke(.getInfo, on: snode, parameters: [:]).map2 { rawResponse in
+            guard let json = rawResponse as? JSON,
+                let timestamp = json["timestamp"] as? UInt64 else { throw HTTP.Error.invalidJSON }
+            return timestamp
+        }
+    }
+    
    internal static func getRandomSnode() -> Promise<Snode> {
        // randomElement() uses the system's default random generator, which is cryptographically secure
        return getSnodePool().map2 { $0.randomElement()! }
@ -421,6 +433,56 @@ public final class SnodeAPI : NSObject {
        return promise
    }
    
+    /// Clears all the user's data from their swarm. Returns a dictionary of snode public key to deletion confirmation.
+    public static func clearAllData() -> Promise<[String:Bool]> {
+        let storage = SNSnodeKitConfiguration.shared.storage
+        guard let userX25519PublicKey = storage.getUserPublicKey(),
+            let userED25519KeyPair = storage.getUserED25519KeyPair() else { return Promise(error: Error.noKeyPair) }
+        let sodium = Sodium()
+        return attempt(maxRetryCount: maxRetryCount, recoveringOn: Threading.workQueue) {
+            getSwarm(for: userX25519PublicKey).then2 { swarm -> Promise<[String:Bool]> in
+                let snode = swarm.randomElement()!
+                return attempt(maxRetryCount: maxRetryCount, recoveringOn: Threading.workQueue) {
+                    getNetworkTime(from: snode).then2 { timestamp -> Promise<[String:Bool]> in
+                        let verificationData = (Snode.Method.clearAllData.rawValue + String(timestamp)).data(using: String.Encoding.utf8)!
+                        guard let signature = sodium.sign.signature(message: Bytes(verificationData), secretKey: userED25519KeyPair.secretKey) else { throw Error.signingFailed }
+                        let parameters: JSON = [
+                            "pubkey" : userX25519PublicKey,
+                            "pubkey_ed25519" : userED25519KeyPair.publicKey.toHexString(),
+                            "timestamp" : timestamp,
+                            "signature" : signature.toBase64()!
+                        ]
+                        return attempt(maxRetryCount: maxRetryCount, recoveringOn: Threading.workQueue) {
+                            invoke(.clearAllData, on: snode, parameters: parameters).map2 { rawResponse -> [String:Bool] in
+                                guard let json = rawResponse as? JSON, let swarm = json["swarm"] as? JSON else { throw HTTP.Error.invalidJSON }
+                                var result: [String:Bool] = [:]
+                                for (snodePublicKey, rawJSON) in swarm {
+                                    guard let json = rawJSON as? JSON else { throw HTTP.Error.invalidJSON }
+                                    let isFailed = json["failed"] as? Bool ?? false
+                                    if !isFailed {
+                                        guard let hashes = json["deleted"] as? [String], let signature = json["signature"] as? String else { throw HTTP.Error.invalidJSON }
+                                        // The signature format is ( PUBKEY_HEX || TIMESTAMP || DELETEDHASH[0] || ... || DELETEDHASH[N] )
+                                        let verificationData = (userX25519PublicKey + String(timestamp) + hashes.joined(separator: "")).data(using: String.Encoding.utf8)!
+                                        let isValid = sodium.sign.verify(message: Bytes(verificationData), publicKey: Bytes(Data(hex: snodePublicKey)), signature: Bytes(Data(base64Encoded: signature)!))
+                                        result[snodePublicKey] = isValid
+                                    } else {
+                                        if let reason = json["reason"] as? String, let statusCode = json["code"] as? String {
+                                            SNLog("Couldn't delete data from: \(snodePublicKey) due to error: \(reason) (\(statusCode)).")
+                                        } else {
+                                            SNLog("Couldn't delete data from: \(snodePublicKey).")
+                                        }
+                                        result[snodePublicKey] = false
+                                    }
+                                }
+                                return result
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+    
    // MARK: Parsing
    
    // The parsing utilities below use a best attempt approach to parsing; they warn for parsing failures but don't throw exceptions.
--- a/SessionSnodeKit/Storage.swift
+++ b/SessionSnodeKit/Storage.swift
@ -1,5 +1,6 @@
 import SessionUtilitiesKit
 import PromiseKit
+import Sodium

 public protocol SessionSnodeKitStorageProtocol {

@ -10,6 +11,7 @@ public protocol SessionSnodeKitStorageProtocol {
    func writeSync(with block: @escaping (Any) -> Void)

    func getUserPublicKey() -> String?
+    func getUserED25519KeyPair() -> Box.KeyPair?
    func getOnionRequestPaths() -> [OnionRequestAPI.Path]
    func setOnionRequestPaths(to paths: [OnionRequestAPI.Path], using transaction: Any)
    func getSnodePool() -> Set<Snode>