Move to Signal Protocol written in Rust.

Co-authored-by: Alex Hart <alex@signal.org>
2025-08-25 19:12:19 +00:00 · 2020-11-12 14:29:06 -05:00
parent 02931f1826
commit 13c014215d
14 changed files with 53 additions and 57 deletions
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -365,7 +365,8 @@ dependencies {
    implementation project(':libsignal-service')
    implementation 'org.signal:zkgroup-android:0.7.0'
-
+    implementation 'org.whispersystems:signal-client-android:0.1.4'
    implementation 'com.google.protobuf:protobuf-javalite:3.10.0'
    implementation 'org.signal:argon2:13.1@aar'
    implementation 'org.signal:ringrtc-android:2.8.3'
--- a/app/src/main/java/org/thoughtcrime/securesms/contacts/sync/ContactDiscoveryV2.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/contacts/sync/ContactDiscoveryV2.java
@@ -14,6 +14,7 @@ import org.thoughtcrime.securesms.dependencies.ApplicationDependencies;
 import org.thoughtcrime.securesms.logging.Log;
 import org.thoughtcrime.securesms.push.IasTrustStore;
 import org.thoughtcrime.securesms.util.SetUtil;
 import org.whispersystems.libsignal.InvalidKeyException;
 import org.whispersystems.signalservice.api.SignalServiceAccountManager;
 import org.whispersystems.signalservice.api.push.TrustStore;
 import org.whispersystems.signalservice.internal.contacts.crypto.Quote;
@@ -69,7 +70,7 @@ class ContactDiscoveryV2 {
      FuzzyPhoneNumberHelper.OutputResultV2 outputResult = FuzzyPhoneNumberHelper.generateOutputV2(results, inputResult);
      return new DirectoryResult(outputResult.getNumbers(), outputResult.getRewrites(), ignoredNumbers);
-    } catch (SignatureException | UnauthenticatedQuoteException | UnauthenticatedResponseException | Quote.InvalidQuoteFormatException e) {
+    } catch (SignatureException | UnauthenticatedQuoteException | UnauthenticatedResponseException | Quote.InvalidQuoteFormatException |InvalidKeyException e) {
      Log.w(TAG, "Attestation error.", e);
      throw new IOException(e);
    }
--- a/app/src/main/java/org/thoughtcrime/securesms/lock/v2/ConfirmKbsPinRepository.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/lock/v2/ConfirmKbsPinRepository.java
@@ -9,6 +9,7 @@ import org.thoughtcrime.securesms.dependencies.ApplicationDependencies;
 import org.thoughtcrime.securesms.logging.Log;
 import org.thoughtcrime.securesms.pin.PinState;
 import org.thoughtcrime.securesms.util.concurrent.SimpleTask;
 import org.whispersystems.libsignal.InvalidKeyException;
 import org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedResponseException;
 import java.io.IOException;
@@ -29,7 +30,7 @@ final class ConfirmKbsPinRepository {
        Log.i(TAG, "Pin set on KBS");
        return PinSetResult.SUCCESS;
-      } catch (IOException | UnauthenticatedResponseException e) {
+      } catch (IOException | UnauthenticatedResponseException | InvalidKeyException e) {
        Log.w(TAG, e);
        PinState.onPinCreateFailure();
        return PinSetResult.FAILURE;
--- a/app/src/main/java/org/thoughtcrime/securesms/migrations/RegistrationPinV2MigrationJob.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/migrations/RegistrationPinV2MigrationJob.java
@@ -15,6 +15,7 @@ import org.thoughtcrime.securesms.lock.PinHashing;
 import org.thoughtcrime.securesms.logging.Log;
 import org.thoughtcrime.securesms.pin.PinState;
 import org.thoughtcrime.securesms.util.TextSecurePreferences;
 import org.whispersystems.libsignal.InvalidKeyException;
 import org.whispersystems.signalservice.api.KeyBackupService;
 import org.whispersystems.signalservice.api.KeyBackupServicePinException;
 import org.whispersystems.signalservice.api.KeyBackupSystemNoDataException;
@@ -60,7 +61,7 @@ public final class RegistrationPinV2MigrationJob extends BaseJob {
  }
  @Override
-  protected void onRun() throws IOException, UnauthenticatedResponseException {
+  protected void onRun() throws IOException, UnauthenticatedResponseException, InvalidKeyException {
    if (!TextSecurePreferences.isV1RegistrationLockEnabled(context)) {
      Log.i(TAG, "Registration lock disabled");
      return;
--- a/app/src/main/java/org/thoughtcrime/securesms/pin/PinState.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/pin/PinState.java
@@ -22,6 +22,7 @@ import org.thoughtcrime.securesms.logging.Log;
 import org.thoughtcrime.securesms.megaphone.Megaphones;
 import org.thoughtcrime.securesms.registration.service.KeyBackupSystemWrongPinException;
 import org.thoughtcrime.securesms.util.TextSecurePreferences;
 import org.whispersystems.libsignal.InvalidKeyException;
 import org.whispersystems.libsignal.util.guava.Optional;
 import org.whispersystems.signalservice.api.KbsPinData;
 import org.whispersystems.signalservice.api.KeyBackupService;
@@ -90,7 +91,7 @@ public final class PinState {
      }
      return kbsData;
-    } catch (UnauthenticatedResponseException e) {
+    } catch (UnauthenticatedResponseException | InvalidKeyException e) {
      Log.w(TAG, "Failed to restore key", e);
      throw new IOException(e);
    } catch (KeyBackupServicePinException e) {
@@ -170,7 +171,7 @@ public final class PinState {
   */
  @WorkerThread
  public static synchronized void onPinChangedOrCreated(@NonNull Context context, @NonNull String pin, @NonNull PinKeyboardType keyboard)
-      throws IOException, UnauthenticatedResponseException
+      throws IOException, UnauthenticatedResponseException, InvalidKeyException
  {
    Log.i(TAG, "onPinChangedOrCreated()");
@@ -272,7 +273,7 @@ public final class PinState {
   */
  @WorkerThread
  public static synchronized void onMigrateToRegistrationLockV2(@NonNull Context context, @NonNull String pin)
-      throws IOException, UnauthenticatedResponseException
+      throws IOException, UnauthenticatedResponseException, InvalidKeyException
  {
    Log.i(TAG, "onMigrateToRegistrationLockV2()");
--- a/app/src/main/java/org/thoughtcrime/securesms/service/webrtc/WebRtcUtil.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/service/webrtc/WebRtcUtil.java
@@ -14,7 +14,6 @@ import org.thoughtcrime.securesms.util.ServiceUtil;
 import org.thoughtcrime.securesms.webrtc.locks.LockManager;
 import org.whispersystems.libsignal.InvalidKeyException;
 import org.whispersystems.libsignal.ecc.Curve;
 import org.whispersystems.libsignal.ecc.DjbECPublicKey;
 import org.whispersystems.libsignal.ecc.ECPublicKey;
 import org.whispersystems.signalservice.api.messages.calls.OfferMessage;
@@ -27,11 +26,7 @@ public final class WebRtcUtil {
  public static @NonNull byte[] getPublicKeyBytes(@NonNull byte[] identityKey) throws InvalidKeyException {
    ECPublicKey key = Curve.decodePoint(identityKey, 0);
-
+    return key.getPublicKeyBytes();
    if (key instanceof DjbECPublicKey) {
      return ((DjbECPublicKey) key).getPublicKey();
    }
    throw new InvalidKeyException();
  }
  public static @NonNull LockManager.PhoneState getInCallPhoneState(@NonNull Context context) {
--- a/app/witness-verifications.gradle
+++ b/app/witness-verifications.gradle
@@ -420,6 +420,9 @@ dependencyVerification {
        ['org.apache.httpcomponents:httpclient-android:4.3.5',
         '6f56466a9bd0d42934b90bfbfe9977a8b654c058bf44a12bdc2877c4e1f033f1'],
        ['org.aspectj:aspectjrt:1.9.4',
         '4ff12340d4f1197b95fc9d53dd43b7ada6150426d685778979ceca4304361698'],
        ['org.conscrypt:conscrypt-android:2.0.0',
         '400ca559a49b860a82862b22cee0e3110764bdcf7ee7c79e7479895c25cdfc09'],
@@ -441,9 +444,6 @@ dependencyVerification {
        ['org.signal:ringrtc-android:2.8.3',
         '1cdc73ec34b11b9eeb0a650715e1095cade226736192c091991f31367245e37a'],
        ['org.signal:signal-metadata-java:0.1.2',
         '6aaeb6a33bf3161a3e6ac9db7678277f7a4cf5a2c96b84342e4007ee49bab1bd'],
        ['org.signal:zkgroup-android:0.7.0',
         '52b172565bd01526e93ebf1796b834bdc449d4fe3422c1b827e49cb8d4f13fbd'],
@@ -453,11 +453,11 @@ dependencyVerification {
        ['org.threeten:threetenbp:1.3.6',
         'f4c23ffaaed717c3b99c003e0ee02d6d66377fd47d866fec7d971bd8644fc1a7'],
-        ['org.whispersystems:curve25519-java:0.5.0',
+        ['org.whispersystems:signal-client-android:0.1.4',
-         '0aadd43cf01d11e9b58f867b3c4f25c3194e8b0623d1953d32dfbfbee009e38d'],
+         'a95f4d8125a22552da99b5db15589454789eee322e84d9ba613c258150366a64'],
-        ['org.whispersystems:signal-protocol-java:2.8.1',
+        ['org.whispersystems:signal-client-java:0.1.4',
-         'b19db36839ab008fdccefc7f8c005f2ea43dc7c7298a209bc424e6f9b6d5617b'],
+         '7d151220a203e43ecf419256eecb6309cc4c5644557beeb29f54ba34ee82645c'],
        ['pl.tajchert:waitingdots:0.1.0',
         '2835d49e0787dbcb606c5a60021ced66578503b1e9fddcd7a5ef0cd5f095ba2c'],
--- a/build.gradle
+++ b/build.gradle
@@ -5,7 +5,7 @@ wrapper {
 subprojects {
    ext.lib_signal_service_version_number   = "2.15.3"
    ext.lib_signal_service_group_info       = "org.whispersystems"
-    ext.lib_signal_metadata_version         = "0.1.2"
+    ext.lib_signal_client_version           = "0.1.0"
    if (JavaVersion.current().isJava8Compatible()) {
        allprojects {
--- a/libsignal/service/build.gradle
+++ b/libsignal/service/build.gradle
@@ -32,7 +32,7 @@ dependencies {
    api 'com.googlecode.libphonenumber:libphonenumber:8.12.6'
    api 'com.fasterxml.jackson.core:jackson-databind:2.9.9.2'
-    api "org.signal:signal-metadata-java:${lib_signal_metadata_version}"
+    api 'org.whispersystems:signal-client-java:0.1.4'
    api 'com.squareup.okhttp3:okhttp:3.12.10'
    implementation 'org.threeten:threetenbp:1.3.6'
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/KeyBackupService.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/KeyBackupService.java
@@ -1,5 +1,6 @@
 package org.whispersystems.signalservice.api;
 import org.whispersystems.libsignal.InvalidKeyException;
 import org.whispersystems.libsignal.logging.Log;
 import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
 import org.whispersystems.signalservice.api.kbs.HashedPin;
@@ -123,7 +124,7 @@ public final class KeyBackupService {
    @Override
    public KbsPinData restorePin(HashedPin hashedPin)
-      throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException
+      throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException, InvalidKeyException
    {
      int           attempt = 0;
      SecureRandom  random  = new SecureRandom();
@@ -156,7 +157,7 @@ public final class KeyBackupService {
    }
    private KbsPinData restorePin(HashedPin hashedPin, TokenResponse token)
-      throws UnauthenticatedResponseException, IOException, TokenException, KeyBackupSystemNoDataException
+      throws UnauthenticatedResponseException, IOException, TokenException, KeyBackupSystemNoDataException, InvalidKeyException
    {
      try {
        final int               remainingTries    = token.getTries();
@@ -197,7 +198,7 @@ public final class KeyBackupService {
      }
    }
-    private RemoteAttestation getAndVerifyRemoteAttestation() throws UnauthenticatedResponseException, IOException {
+    private RemoteAttestation getAndVerifyRemoteAttestation() throws UnauthenticatedResponseException, IOException, InvalidKeyException {
      try {
        return RemoteAttestationUtil.getAndVerifyRemoteAttestation(pushServiceSocket, PushServiceSocket.ClientSet.KeyBackup, iasKeyStore, enclaveName, mrenclave, authorization);
      } catch (Quote.InvalidQuoteFormatException | UnauthenticatedQuoteException | InvalidCiphertextException | SignatureException e) {
@@ -226,7 +227,7 @@ public final class KeyBackupService {
        KeyBackupResponse response          = pushServiceSocket.putKbsData(authorization, request, remoteAttestation.getCookies(), enclaveName);
        KeyBackupCipher.getKeyDeleteResponseStatus(response, remoteAttestation);
-      } catch (InvalidCiphertextException e) {
+      } catch (InvalidCiphertextException | InvalidKeyException e) {
        throw new UnauthenticatedResponseException(e);
      }
    }
@@ -261,7 +262,7 @@ public final class KeyBackupService {
          default:
            throw new AssertionError("Unknown response status " + status);
        }
-      } catch (InvalidCiphertextException e) {
+      } catch (InvalidCiphertextException | InvalidKeyException e) {
        throw new UnauthenticatedResponseException(e);
      }
    }
@@ -275,7 +276,7 @@ public final class KeyBackupService {
  public interface RestoreSession extends HashSession {
    KbsPinData restorePin(HashedPin hashedPin)
-      throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException;
+      throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException, InvalidKeyException;
  }
  public interface PinChangeSession extends HashSession {
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/SignalServiceAccountManager.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/SignalServiceAccountManager.java
@@ -366,7 +366,7 @@ public class SignalServiceAccountManager {
  }
  public Map<String, UUID> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String mrenclave)
-      throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException
+      throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException, InvalidKeyException
  {
    if (e164numbers.isEmpty()) {
      return Collections.emptyMap();
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationKeys.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationKeys.java
@@ -1,8 +1,10 @@
 package org.whispersystems.signalservice.internal.contacts.crypto;
-import org.whispersystems.curve25519.Curve25519;
+import org.whispersystems.libsignal.InvalidKeyException;
-import org.whispersystems.curve25519.Curve25519KeyPair;
+import org.whispersystems.libsignal.ecc.Curve;
 import org.whispersystems.libsignal.ecc.ECKeyPair;
 import org.whispersystems.libsignal.ecc.ECPublicKey;
 import org.whispersystems.libsignal.kdf.HKDFv3;
 import org.whispersystems.libsignal.util.ByteUtil;
@@ -11,12 +13,12 @@ public class RemoteAttestationKeys {
  private final byte[] clientKey = new byte[32];
  private final byte[] serverKey = new byte[32];
-  public RemoteAttestationKeys(Curve25519KeyPair keyPair, byte[] serverPublicEphemeral, byte[] serverPublicStatic) {
+  public RemoteAttestationKeys(ECKeyPair keyPair, byte[] serverPublicEphemeral, byte[] serverPublicStatic) throws InvalidKeyException {
-    byte[] ephemeralToEphemeral = Curve25519.getInstance(Curve25519.BEST).calculateAgreement(serverPublicEphemeral, keyPair.getPrivateKey());
+    byte[] ephemeralToEphemeral = Curve.calculateAgreement(ECPublicKey.fromPublicKeyBytes(serverPublicEphemeral), keyPair.getPrivateKey());
-    byte[] ephemeralToStatic    = Curve25519.getInstance(Curve25519.BEST).calculateAgreement(serverPublicStatic, keyPair.getPrivateKey());
+    byte[] ephemeralToStatic    = Curve.calculateAgreement(ECPublicKey.fromPublicKeyBytes(serverPublicStatic), keyPair.getPrivateKey());
    byte[] masterSecret = ByteUtil.combine(ephemeralToEphemeral, ephemeralToStatic                          );
-    byte[] publicKeys   = ByteUtil.combine(keyPair.getPublicKey(), serverPublicEphemeral, serverPublicStatic);
+    byte[] publicKeys   = ByteUtil.combine(keyPair.getPublicKey().getPublicKeyBytes(), serverPublicEphemeral, serverPublicStatic);
    HKDFv3 generator = new HKDFv3();
    byte[] keys      = generator.deriveSecrets(masterSecret, publicKeys, null, clientKey.length + serverKey.length);
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/internal/push/RemoteAttestationUtil.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/internal/push/RemoteAttestationUtil.java
@@ -1,8 +1,8 @@
 package org.whispersystems.signalservice.internal.push;
-import org.whispersystems.curve25519.Curve25519;
+import org.whispersystems.libsignal.InvalidKeyException;
-import org.whispersystems.curve25519.Curve25519KeyPair;
+import org.whispersystems.libsignal.ecc.Curve;
-import org.whispersystems.libsignal.util.Pair;
+import org.whispersystems.libsignal.ecc.ECKeyPair;
 import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
 import org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException;
 import org.whispersystems.signalservice.internal.contacts.crypto.Quote;
@@ -38,9 +38,9 @@ public final class RemoteAttestationUtil {
                                                                String enclaveName,
                                                                String mrenclave,
                                                                String authorization)
-    throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException
+    throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException, InvalidKeyException
  {
-    Curve25519KeyPair         keyPair  = buildKeyPair();
+    ECKeyPair                 keyPair  = buildKeyPair();
    ResponsePair              result   = makeAttestationRequest(socket, clientSet, authorization, enclaveName, keyPair);
    RemoteAttestationResponse response = JsonUtil.fromJson(result.body, RemoteAttestationResponse.class);
@@ -53,9 +53,9 @@ public final class RemoteAttestationUtil {
                                                                                  String enclaveName,
                                                                                  String mrenclave,
                                                                                  String authorization)
-      throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException
+      throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException, InvalidKeyException
  {
-    Curve25519KeyPair              keyPair      = buildKeyPair();
+    ECKeyPair                      keyPair      = buildKeyPair();
    ResponsePair                   result       = makeAttestationRequest(socket, clientSet, authorization, enclaveName, keyPair);
    MultiRemoteAttestationResponse response     = JsonUtil.fromJson(result.body, MultiRemoteAttestationResponse.class);
    Map<String, RemoteAttestation> attestations = new HashMap<>();
@@ -76,19 +76,18 @@ public final class RemoteAttestationUtil {
    return attestations;
  }
-  private static Curve25519KeyPair buildKeyPair() {
+  private static ECKeyPair buildKeyPair() {
-    Curve25519 curve = Curve25519.getInstance(Curve25519.BEST);
+    return Curve.generateKeyPair();
    return curve.generateKeyPair();
  }
  private static ResponsePair makeAttestationRequest(PushServiceSocket socket,
                                                     PushServiceSocket.ClientSet clientSet,
                                                     String authorization,
                                                     String enclaveName,
-                                                     Curve25519KeyPair keyPair)
+                                                     ECKeyPair keyPair)
      throws IOException
  {
-    RemoteAttestationRequest attestationRequest = new RemoteAttestationRequest(keyPair.getPublicKey());
+    RemoteAttestationRequest attestationRequest = new RemoteAttestationRequest(keyPair.getPublicKey().getPublicKeyBytes());
    Response                 response           = socket.makeRequest(clientSet, authorization, new LinkedList<String>(), "/v1/attestation/" + enclaveName, "PUT", JsonUtil.toJson(attestationRequest));
    ResponseBody             body               = response.body();
@@ -113,9 +112,9 @@ public final class RemoteAttestationUtil {
  private static RemoteAttestation validateAndBuildRemoteAttestation(RemoteAttestationResponse response,
                                                                     List<String> cookies,
                                                                     KeyStore iasKeyStore,
-                                                                     Curve25519KeyPair keyPair,
+                                                                     ECKeyPair keyPair,
                                                                     String mrenclave)
-      throws Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException
+      throws Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException, InvalidKeyException
  {
    RemoteAttestationKeys keys      = new RemoteAttestationKeys(keyPair, response.getServerEphemeralPublic(), response.getServerStaticPublic());
    Quote                 quote     = new Quote(response.getQuote());
--- a/libsignal/service/witness-verifications.gradle
+++ b/libsignal/service/witness-verifications.gradle
@@ -24,19 +24,13 @@ dependencyVerification {
        ['com.squareup.okio:okio:1.15.0',
         '693fa319a7e8843300602b204023b7674f106ebcb577f2dd5807212b66118bd2'],
        ['org.signal:signal-metadata-java:0.1.2',
         '6aaeb6a33bf3161a3e6ac9db7678277f7a4cf5a2c96b84342e4007ee49bab1bd'],
        ['org.signal:zkgroup-java:0.7.0',
         'd0099eedd60d6f7d4df5b288175e5d585228ed8897789926bdab69bf8c05659f'],
        ['org.threeten:threetenbp:1.3.6',
         'f4c23ffaaed717c3b99c003e0ee02d6d66377fd47d866fec7d971bd8644fc1a7'],
-        ['org.whispersystems:curve25519-java:0.5.0',
+        ['org.whispersystems:signal-client-java:0.1.4',
-         '0aadd43cf01d11e9b58f867b3c4f25c3194e8b0623d1953d32dfbfbee009e38d'],
+         '7d151220a203e43ecf419256eecb6309cc4c5644557beeb29f54ba34ee82645c'],
        ['org.whispersystems:signal-protocol-java:2.8.1',
         'b19db36839ab008fdccefc7f8c005f2ea43dc7c7298a209bc424e6f9b6d5617b'],
    ]
 }