Revert "Move to Signal Protocol written in Rust."

This reverts commit 907e8d93a3.
2025-08-25 18:29:01 +00:00 · 2020-11-23 10:22:53 -04:00
parent 9e7c55847e
commit 5941b22eb6
14 changed files with 57 additions and 50 deletions
--- a/libsignal/service/build.gradle
+++ b/libsignal/service/build.gradle
@@ -32,7 +32,7 @@ dependencies {
    api 'com.googlecode.libphonenumber:libphonenumber:8.12.6'
    api 'com.fasterxml.jackson.core:jackson-databind:2.9.9.2'

-    api 'org.whispersystems:signal-client-java:0.1.3'
+    api "org.signal:signal-metadata-java:${lib_signal_metadata_version}"
    api 'com.squareup.okhttp3:okhttp:3.12.10'
    implementation 'org.threeten:threetenbp:1.3.6'

--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/KeyBackupService.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/KeyBackupService.java
@@ -1,6 +1,5 @@
 package org.whispersystems.signalservice.api;

-import org.whispersystems.libsignal.InvalidKeyException;
 import org.whispersystems.libsignal.logging.Log;
 import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
 import org.whispersystems.signalservice.api.kbs.HashedPin;
@@ -124,7 +123,7 @@ public final class KeyBackupService {

    @Override
    public KbsPinData restorePin(HashedPin hashedPin)
-      throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException, InvalidKeyException
+      throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException
    {
      int           attempt = 0;
      SecureRandom  random  = new SecureRandom();
@@ -157,7 +156,7 @@ public final class KeyBackupService {
    }

    private KbsPinData restorePin(HashedPin hashedPin, TokenResponse token)
-      throws UnauthenticatedResponseException, IOException, TokenException, KeyBackupSystemNoDataException, InvalidKeyException
+      throws UnauthenticatedResponseException, IOException, TokenException, KeyBackupSystemNoDataException
    {
      try {
        final int               remainingTries    = token.getTries();
@@ -198,7 +197,7 @@ public final class KeyBackupService {
      }
    }

-    private RemoteAttestation getAndVerifyRemoteAttestation() throws UnauthenticatedResponseException, IOException, InvalidKeyException {
+    private RemoteAttestation getAndVerifyRemoteAttestation() throws UnauthenticatedResponseException, IOException {
      try {
        return RemoteAttestationUtil.getAndVerifyRemoteAttestation(pushServiceSocket, PushServiceSocket.ClientSet.KeyBackup, iasKeyStore, enclaveName, mrenclave, authorization);
      } catch (Quote.InvalidQuoteFormatException | UnauthenticatedQuoteException | InvalidCiphertextException | SignatureException e) {
@@ -227,7 +226,7 @@ public final class KeyBackupService {
        KeyBackupResponse response          = pushServiceSocket.putKbsData(authorization, request, remoteAttestation.getCookies(), enclaveName);

        KeyBackupCipher.getKeyDeleteResponseStatus(response, remoteAttestation);
-      } catch (InvalidCiphertextException | InvalidKeyException e) {
+      } catch (InvalidCiphertextException e) {
        throw new UnauthenticatedResponseException(e);
      }
    }
@@ -262,7 +261,7 @@ public final class KeyBackupService {
          default:
            throw new AssertionError("Unknown response status " + status);
        }
-      } catch (InvalidCiphertextException | InvalidKeyException e) {
+      } catch (InvalidCiphertextException e) {
        throw new UnauthenticatedResponseException(e);
      }
    }
@@ -276,7 +275,7 @@ public final class KeyBackupService {
  public interface RestoreSession extends HashSession {

    KbsPinData restorePin(HashedPin hashedPin)
-      throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException, InvalidKeyException;
+      throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException;
  }

  public interface PinChangeSession extends HashSession {
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/SignalServiceAccountManager.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/SignalServiceAccountManager.java
@@ -366,7 +366,7 @@ public class SignalServiceAccountManager {
  }

  public Map<String, UUID> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String mrenclave)
-      throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException, InvalidKeyException
+      throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException
  {
    if (e164numbers.isEmpty()) {
      return Collections.emptyMap();
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationKeys.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationKeys.java
@@ -1,10 +1,8 @@
 package org.whispersystems.signalservice.internal.contacts.crypto;


-import org.whispersystems.libsignal.InvalidKeyException;
-import org.whispersystems.libsignal.ecc.Curve;
-import org.whispersystems.libsignal.ecc.ECKeyPair;
-import org.whispersystems.libsignal.ecc.ECPublicKey;
+import org.whispersystems.curve25519.Curve25519;
+import org.whispersystems.curve25519.Curve25519KeyPair;
 import org.whispersystems.libsignal.kdf.HKDFv3;
 import org.whispersystems.libsignal.util.ByteUtil;

@@ -13,12 +11,12 @@ public class RemoteAttestationKeys {
  private final byte[] clientKey = new byte[32];
  private final byte[] serverKey = new byte[32];

-  public RemoteAttestationKeys(ECKeyPair keyPair, byte[] serverPublicEphemeral, byte[] serverPublicStatic) throws InvalidKeyException {
-    byte[] ephemeralToEphemeral = Curve.calculateAgreement(ECPublicKey.fromPublicKeyBytes(serverPublicEphemeral), keyPair.getPrivateKey());
-    byte[] ephemeralToStatic    = Curve.calculateAgreement(ECPublicKey.fromPublicKeyBytes(serverPublicStatic), keyPair.getPrivateKey());
+  public RemoteAttestationKeys(Curve25519KeyPair keyPair, byte[] serverPublicEphemeral, byte[] serverPublicStatic) {
+    byte[] ephemeralToEphemeral = Curve25519.getInstance(Curve25519.BEST).calculateAgreement(serverPublicEphemeral, keyPair.getPrivateKey());
+    byte[] ephemeralToStatic    = Curve25519.getInstance(Curve25519.BEST).calculateAgreement(serverPublicStatic, keyPair.getPrivateKey());

    byte[] masterSecret = ByteUtil.combine(ephemeralToEphemeral, ephemeralToStatic                          );
-    byte[] publicKeys   = ByteUtil.combine(keyPair.getPublicKey().getPublicKeyBytes(), serverPublicEphemeral, serverPublicStatic);
+    byte[] publicKeys   = ByteUtil.combine(keyPair.getPublicKey(), serverPublicEphemeral, serverPublicStatic);

    HKDFv3 generator = new HKDFv3();
    byte[] keys      = generator.deriveSecrets(masterSecret, publicKeys, null, clientKey.length + serverKey.length);
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/internal/push/RemoteAttestationUtil.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/internal/push/RemoteAttestationUtil.java
@@ -1,8 +1,8 @@
 package org.whispersystems.signalservice.internal.push;

-import org.whispersystems.libsignal.InvalidKeyException;
-import org.whispersystems.libsignal.ecc.Curve;
-import org.whispersystems.libsignal.ecc.ECKeyPair;
+import org.whispersystems.curve25519.Curve25519;
+import org.whispersystems.curve25519.Curve25519KeyPair;
+import org.whispersystems.libsignal.util.Pair;
 import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
 import org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException;
 import org.whispersystems.signalservice.internal.contacts.crypto.Quote;
@@ -38,9 +38,9 @@ public final class RemoteAttestationUtil {
                                                                String enclaveName,
                                                                String mrenclave,
                                                                String authorization)
-    throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException, InvalidKeyException
+    throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException
  {
-    ECKeyPair                 keyPair  = buildKeyPair();
+    Curve25519KeyPair         keyPair  = buildKeyPair();
    ResponsePair              result   = makeAttestationRequest(socket, clientSet, authorization, enclaveName, keyPair);
    RemoteAttestationResponse response = JsonUtil.fromJson(result.body, RemoteAttestationResponse.class);

@@ -53,9 +53,9 @@ public final class RemoteAttestationUtil {
                                                                                  String enclaveName,
                                                                                  String mrenclave,
                                                                                  String authorization)
-      throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException, InvalidKeyException
+      throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException
  {
-    ECKeyPair                      keyPair      = buildKeyPair();
+    Curve25519KeyPair              keyPair      = buildKeyPair();
    ResponsePair                   result       = makeAttestationRequest(socket, clientSet, authorization, enclaveName, keyPair);
    MultiRemoteAttestationResponse response     = JsonUtil.fromJson(result.body, MultiRemoteAttestationResponse.class);
    Map<String, RemoteAttestation> attestations = new HashMap<>();
@@ -76,18 +76,19 @@ public final class RemoteAttestationUtil {
    return attestations;
  }

-  private static ECKeyPair buildKeyPair() {
-    return Curve.generateKeyPair();
+  private static Curve25519KeyPair buildKeyPair() {
+    Curve25519 curve = Curve25519.getInstance(Curve25519.BEST);
+    return curve.generateKeyPair();
  }

  private static ResponsePair makeAttestationRequest(PushServiceSocket socket,
                                                     PushServiceSocket.ClientSet clientSet,
                                                     String authorization,
                                                     String enclaveName,
-                                                     ECKeyPair keyPair)
+                                                     Curve25519KeyPair keyPair)
      throws IOException
  {
-    RemoteAttestationRequest attestationRequest = new RemoteAttestationRequest(keyPair.getPublicKey().getPublicKeyBytes());
+    RemoteAttestationRequest attestationRequest = new RemoteAttestationRequest(keyPair.getPublicKey());
    Response                 response           = socket.makeRequest(clientSet, authorization, new LinkedList<String>(), "/v1/attestation/" + enclaveName, "PUT", JsonUtil.toJson(attestationRequest));
    ResponseBody             body               = response.body();

@@ -112,9 +113,9 @@ public final class RemoteAttestationUtil {
  private static RemoteAttestation validateAndBuildRemoteAttestation(RemoteAttestationResponse response,
                                                                     List<String> cookies,
                                                                     KeyStore iasKeyStore,
-                                                                     ECKeyPair keyPair,
+                                                                     Curve25519KeyPair keyPair,
                                                                     String mrenclave)
-      throws Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException, InvalidKeyException
+      throws Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException
  {
    RemoteAttestationKeys keys      = new RemoteAttestationKeys(keyPair, response.getServerEphemeralPublic(), response.getServerStaticPublic());
    Quote                 quote     = new Quote(response.getQuote());
--- a/libsignal/service/witness-verifications.gradle
+++ b/libsignal/service/witness-verifications.gradle
@@ -24,13 +24,19 @@ dependencyVerification {
        ['com.squareup.okio:okio:1.15.0',
         '693fa319a7e8843300602b204023b7674f106ebcb577f2dd5807212b66118bd2'],

+        ['org.signal:signal-metadata-java:0.1.2',
+         '6aaeb6a33bf3161a3e6ac9db7678277f7a4cf5a2c96b84342e4007ee49bab1bd'],
+
        ['org.signal:zkgroup-java:0.7.0',
         'd0099eedd60d6f7d4df5b288175e5d585228ed8897789926bdab69bf8c05659f'],

        ['org.threeten:threetenbp:1.3.6',
         'f4c23ffaaed717c3b99c003e0ee02d6d66377fd47d866fec7d971bd8644fc1a7'],

-        ['org.whispersystems:signal-client-java:0.1.3',
-         '97679340b9f9a3e61c4ee3bd054abff3b8d0e8ddb95dbd917f4425849e9ff2d6'],
+        ['org.whispersystems:curve25519-java:0.5.0',
+         '0aadd43cf01d11e9b58f867b3c4f25c3194e8b0623d1953d32dfbfbee009e38d'],
+
+        ['org.whispersystems:signal-protocol-java:2.8.1',
+         'b19db36839ab008fdccefc7f8c005f2ea43dc7c7298a209bc424e6f9b6d5617b'],
    ]
 }