Curve25519 keys to 1 mod 8 for ephemerals.

library/src/org/whispersystems/textsecure/crypto/PreKeyUtil.java

@@ -48,7 +48,7 @@ public class PreKeyUtil {
 
     for (int i=0;i<BATCH_SIZE;i++) {
       int          preKeyId = (preKeyIdOffset + i) % Medium.MAX_VALUE;
-      ECKeyPair    keyPair  = Curve25519.generateKeyPair();
+      ECKeyPair    keyPair  = Curve25519.generateKeyPair(true);
       PreKeyRecord record   = new PreKeyRecord(context, masterSecret, preKeyId, keyPair);
 
       record.save();
@@ -69,7 +69,7 @@ public class PreKeyUtil {
       }
     }
 
-    ECKeyPair    keyPair = Curve25519.generateKeyPair();
+    ECKeyPair    keyPair = Curve25519.generateKeyPair(true);
     PreKeyRecord record  = new PreKeyRecord(context, masterSecret, Medium.MAX_VALUE, keyPair);
 
     record.save();

library/src/org/whispersystems/textsecure/crypto/SessionCipherV2.java

@@ -152,7 +152,7 @@ public class SessionCipherV2 extends SessionCipher {
         RootKey                 rootKey         = sessionState.getRootKey();
         ECKeyPair               ourEphemeral    = sessionState.getSenderEphemeralPair();
         Pair<RootKey, ChainKey> receiverChain   = rootKey.createChain(theirEphemeral, ourEphemeral);
-        ECKeyPair               ourNewEphemeral = Curve.generateKeyPairForType(Curve.DJB_TYPE);
+        ECKeyPair               ourNewEphemeral = Curve.generateKeyPairForType(Curve.DJB_TYPE, true);
         Pair<RootKey, ChainKey> senderChain     = receiverChain.first.createChain(theirEphemeral, ourNewEphemeral);
 
         sessionState.setRootKey(senderChain.first);

library/src/org/whispersystems/textsecure/crypto/ecc/Curve.java

@@ -25,9 +25,9 @@ public class Curve {
   private static final int NIST_TYPE2 = 0x03;
   public  static final int DJB_TYPE   = 0x05;
 
-  public static ECKeyPair generateKeyPairForType(int keyType) {
+  public static ECKeyPair generateKeyPairForType(int keyType, boolean ephemeral) {
     if (keyType == DJB_TYPE) {
-      return Curve25519.generateKeyPair();
+      return Curve25519.generateKeyPair(ephemeral);
     } else if (keyType == NIST_TYPE || keyType == NIST_TYPE2) {
       return CurveP256.generateKeyPair();
     } else {
@@ -35,11 +35,11 @@ public class Curve {
     }
   }
 
-  public static ECKeyPair generateKeyPairForSession(int messageVersion) {
+  public static ECKeyPair generateKeyPairForSession(int messageVersion, boolean ephemeral) {
     if (messageVersion <= CiphertextMessage.LEGACY_VERSION) {
-      return generateKeyPairForType(NIST_TYPE);
+      return generateKeyPairForType(NIST_TYPE, ephemeral);
     } else {
-      return generateKeyPairForType(DJB_TYPE);
+      return generateKeyPairForType(DJB_TYPE, ephemeral);
     }
   }
 

library/src/org/whispersystems/textsecure/crypto/ecc/Curve25519.java

@@ -37,10 +37,10 @@ public class Curve25519 {
 
   private static native byte[] calculateAgreement(byte[] ourPrivate, byte[] theirPublic);
   private static native byte[] generatePublicKey(byte[] privateKey);
-  private static native byte[] generatePrivateKey(byte[] random);
+  private static native byte[] generatePrivateKey(byte[] random, boolean ephemeral);
 
-  public static ECKeyPair generateKeyPair() {
-    byte[] privateKey = generatePrivateKey();
+  public static ECKeyPair generateKeyPair(boolean ephemeral) {
+    byte[] privateKey = generatePrivateKey(ephemeral);
     byte[] publicKey  = generatePublicKey(privateKey);
 
     return new ECKeyPair(new DjbECPublicKey(publicKey), new DjbECPrivateKey(privateKey));
@@ -65,11 +65,11 @@ public class Curve25519 {
     return new DjbECPublicKey(keyBytes);
   }
 
-  private static byte[] generatePrivateKey() {
+  private static byte[] generatePrivateKey(boolean ephemeral) {
     byte[] privateKey = new byte[32];
     random.nextBytes(privateKey);
 
-    return generatePrivateKey(privateKey);
+    return generatePrivateKey(privateKey, ephemeral);
   }
 
 }

library/src/org/whispersystems/textsecure/crypto/ratchet/RatchetingSession.java

@@ -45,7 +45,7 @@ public class RatchetingSession {
     sessionState.setRemoteIdentityKey(theirIdentityKey);
     sessionState.setLocalIdentityKey(ourIdentityKey.getPublicKey());
 
-    ECKeyPair               sendingKey     = Curve.generateKeyPairForType(ourIdentityKey.getPublicKey().getPublicKey().getType());
+    ECKeyPair               sendingKey     = Curve.generateKeyPairForType(ourIdentityKey.getPublicKey().getPublicKey().getType(), true);
     Pair<RootKey, ChainKey> receivingChain = calculate3DHE(true, ourBaseKey, theirBaseKey, ourIdentityKey, theirIdentityKey);
     Pair<RootKey, ChainKey> sendingChain   = receivingChain.first.createChain(theirEphemeralKey, sendingKey);
 

library/src/org/whispersystems/textsecure/storage/LocalKeyRecord.java

@@ -70,7 +70,7 @@ public class LocalKeyRecord extends Record {
 
       this.localCurrentKeyPair = this.localNextKeyPair;
       this.localNextKeyPair    = new KeyPair((this.localNextKeyPair.getId()+1) % Medium.MAX_VALUE,
-                                             Curve.generateKeyPairForType(keyType),
+                                             Curve.generateKeyPairForType(keyType, true),
                                              masterSecret);
     }
   }