TheArchive/session-android
1
0
Fork 0
mirror of https://github.com/oxen-io/session-android.git synced 2025-12-30 23:46:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable KBS.

Browse Source
This commit is contained in:
Alan Evans
2020-01-23 16:49:19 -05:00
committed by Greyson Parrelli
parent bdb30ebc48
commit 7d15c602a6
11 changed files with 149 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencies.java
View File

@@ -12,7 +12,6 @@ import org.thoughtcrime.securesms.keyvalue.KeyValueStore;
import org.thoughtcrime.securesms.push.SignalServiceNetworkAccess;
import org.thoughtcrime.securesms.recipients.LiveRecipientCache;
import org.thoughtcrime.securesms.service.IncomingMessageObserver;
import org.thoughtcrime.securesms.util.FeatureFlags;
import org.thoughtcrime.securesms.util.FrameRateTracker;
import org.thoughtcrime.securesms.util.IasKeyStore;
import org.thoughtcrime.securesms.util.TextSecurePreferences;
@@ -69,7 +68,6 @@ public class ApplicationDependencies {
}
public static synchronized @NonNull KeyBackupService getKeyBackupService() {
if (!FeatureFlags.kbs()) throw new AssertionError();
return getSignalServiceAccountManager().getKeyBackupService(IasKeyStore.getIasKeyStore(application),
BuildConfig.KEY_BACKUP_ENCLAVE_NAME,
BuildConfig.KEY_BACKUP_MRENCLAVE,

15
app/src/main/java/org/thoughtcrime/securesms/lock/PinHashing.java
View File

@@ -1,12 +1,12 @@
package org.thoughtcrime.securesms.lock;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import org.signal.argon2.Argon2;
import org.signal.argon2.Argon2Exception;
import org.signal.argon2.MemoryCost;
import org.signal.argon2.Type;
import org.signal.argon2.UnknownTypeException;
import org.signal.argon2.Version;
import org.thoughtcrime.securesms.util.Util;
import org.whispersystems.signalservice.api.KeyBackupService;
@@ -15,9 +15,6 @@ import org.whispersystems.signalservice.internal.registrationpin.PinHasher;
public final class PinHashing {
private static final Type KBS_PIN_ARGON_TYPE = Type.Argon2id;
private static final Type LOCAL_PIN_ARGON_TYPE = Type.Argon2i;
private PinHashing() {
}
@@ -25,7 +22,7 @@ public final class PinHashing {
return PinHasher.hashPin(PinHasher.normalize(pin), password -> {
try {
return new Argon2.Builder(Version.V13)
.type(KBS_PIN_ARGON_TYPE)
.type(Type.Argon2id)
.memoryCost(MemoryCost.MiB(16))
.parallelism(1)
.iterations(32)
@@ -43,7 +40,7 @@ public final class PinHashing {
byte[] normalized = PinHasher.normalize(pin);
try {
return new Argon2.Builder(Version.V13)
.type(LOCAL_PIN_ARGON_TYPE)
.type(Type.Argon2i)
.memoryCost(MemoryCost.KiB(256))
.parallelism(1)
.iterations(50)
@@ -58,6 +55,10 @@ public final class PinHashing {
public static boolean verifyLocalPinHash(@NonNull String localPinHash, @NonNull String pin) {
byte[] normalized = PinHasher.normalize(pin);
return Argon2.verify(localPinHash, normalized, LOCAL_PIN_ARGON_TYPE);
try {
return Argon2.verify(localPinHash, normalized);
} catch (UnknownTypeException e) {
throw new AssertionError(e);
}
}
}

77
app/src/main/java/org/thoughtcrime/securesms/lock/RegistrationLockDialog.java
View File

@@ -35,7 +35,6 @@ import org.thoughtcrime.securesms.keyvalue.KbsValues;
import org.thoughtcrime.securesms.keyvalue.SignalStore;
import org.thoughtcrime.securesms.logging.Log;
import org.thoughtcrime.securesms.migrations.RegistrationPinV2MigrationJob;
import org.thoughtcrime.securesms.util.FeatureFlags;
import org.thoughtcrime.securesms.util.ServiceUtil;
import org.thoughtcrime.securesms.util.TextSecurePreferences;
import org.thoughtcrime.securesms.util.ThemeUtil;
@@ -126,10 +125,8 @@ public final class RegistrationLockDialog {
dialog.dismiss();
RegistrationLockReminders.scheduleReminder(context, true);
if (FeatureFlags.kbs()) {
Log.i(TAG, "Pin V1 successfully remembered, scheduling a migration to V2");
ApplicationDependencies.getJobManager().add(new RegistrationPinV2MigrationJob());
}
Log.i(TAG, "Pin V1 successfully remembered, scheduling a migration to V2");
ApplicationDependencies.getJobManager().add(new RegistrationPinV2MigrationJob());
}
});
}
@@ -201,34 +198,27 @@ public final class RegistrationLockDialog {
@Override
protected Boolean doInBackground(Void... voids) {
try {
if (!FeatureFlags.kbs()) {
Log.i(TAG, "Setting V1 pin");
SignalServiceAccountManager accountManager = ApplicationDependencies.getSignalServiceAccountManager();
accountManager.setPin(pinValue);
TextSecurePreferences.setDeprecatedRegistrationLockPin(context, pinValue);
Log.i(TAG, "Setting pin on KBS");
KbsValues kbsValues = SignalStore.kbsValues();
MasterKey masterKey = kbsValues.getOrCreateMasterKey();
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
HashedPin hashedPin = PinHashing.hashPin(pinValue, pinChangeSession);
RegistrationLockData kbsData = pinChangeSession.setPin(hashedPin, masterKey);
RegistrationLockData restoredData = keyBackupService.newRestoreSession(kbsData.getTokenResponse())
.restorePin(hashedPin);
if (!restoredData.getMasterKey().equals(masterKey)) {
throw new AssertionError("Failed to set the pin correctly");
} else {
Log.i(TAG, "Setting pin on KBS");
KbsValues kbsValues = SignalStore.kbsValues();
MasterKey masterKey = kbsValues.getOrCreateMasterKey();
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
HashedPin hashedPin = PinHashing.hashPin(pinValue, pinChangeSession);
RegistrationLockData kbsData = pinChangeSession.setPin(hashedPin, masterKey);
RegistrationLockData restoredData = keyBackupService.newRestoreSession(kbsData.getTokenResponse())
.restorePin(hashedPin);
if (!restoredData.getMasterKey().equals(masterKey)) {
throw new AssertionError("Failed to set the pin correctly");
} else {
Log.i(TAG, "Set and retrieved pin on KBS successfully");
}
kbsValues.setRegistrationLockMasterKey(restoredData, PinHashing.localPinHash(pinValue));
TextSecurePreferences.clearOldRegistrationLockPin(context);
TextSecurePreferences.setRegistrationLockLastReminderTime(context, System.currentTimeMillis());
TextSecurePreferences.setRegistrationLockNextReminderInterval(context, RegistrationLockReminders.INITIAL_INTERVAL);
Log.i(TAG, "Set and retrieved pin on KBS successfully");
}
kbsValues.setRegistrationLockMasterKey(restoredData, PinHashing.localPinHash(pinValue));
TextSecurePreferences.clearOldRegistrationLockPin(context);
TextSecurePreferences.setRegistrationLockLastReminderTime(context, System.currentTimeMillis());
TextSecurePreferences.setRegistrationLockNextReminderInterval(context, RegistrationLockReminders.INITIAL_INTERVAL);
return true;
} catch (IOException | UnauthenticatedResponseException | KeyBackupServicePinException e) {
Log.w(TAG, e);
@@ -282,23 +272,18 @@ public final class RegistrationLockDialog {
@Override
protected Boolean doInBackground(Void... voids) {
try {
if (!FeatureFlags.kbs()) {
Log.i(TAG, "Removing v2 registration lock pin from server");
KbsValues kbsValues = SignalStore.kbsValues();
TokenResponse currentToken = kbsValues.getRegistrationLockTokenResponse();
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
keyBackupService.newPinChangeSession(currentToken).removePin();
kbsValues.clearRegistrationLock();
// It is possible a migration has not occurred, in this case, we need to remove the old V1 Pin
if (TextSecurePreferences.isV1RegistrationLockEnabled(context)) {
Log.i(TAG, "Removing v1 registration lock pin from server");
ApplicationDependencies.getSignalServiceAccountManager().removeV1Pin();
} else {
Log.i(TAG, "Removing v2 registration lock pin from server");
KbsValues kbsValues = SignalStore.kbsValues();
TokenResponse currentToken = kbsValues.getRegistrationLockTokenResponse();
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
keyBackupService.newPinChangeSession(currentToken).removePin();
kbsValues.clearRegistrationLock();
// It is possible a migration has not occurred, in this case, we need to remove the old V1 Pin
if (TextSecurePreferences.isV1RegistrationLockEnabled(context)) {
Log.i(TAG, "Removing v1 registration lock pin from server");
ApplicationDependencies.getSignalServiceAccountManager().removeV1Pin();
}
}
TextSecurePreferences.clearOldRegistrationLockPin(context);
return true;

8
app/src/main/java/org/thoughtcrime/securesms/migrations/RegistrationPinV2MigrationJob.java
View File

@@ -13,7 +13,6 @@ import org.thoughtcrime.securesms.keyvalue.KbsValues;
import org.thoughtcrime.securesms.keyvalue.SignalStore;
import org.thoughtcrime.securesms.lock.PinHashing;
import org.thoughtcrime.securesms.logging.Log;
import org.thoughtcrime.securesms.util.FeatureFlags;
import org.thoughtcrime.securesms.util.TextSecurePreferences;
import org.whispersystems.signalservice.api.KeyBackupService;
import org.whispersystems.signalservice.api.KeyBackupServicePinException;
@@ -23,6 +22,7 @@ import org.whispersystems.signalservice.api.kbs.MasterKey;
import org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedResponseException;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
/**
* Deliberately not a {@link MigrationJob} because it is not something that needs to run at app start.
@@ -41,6 +41,7 @@ public final class RegistrationPinV2MigrationJob extends BaseJob {
.addConstraint(NetworkConstraint.KEY)
.setLifespan(Job.Parameters.IMMORTAL)
.setMaxAttempts(Job.Parameters.UNLIMITED)
.setMaxBackoff(TimeUnit.HOURS.toMillis(2))
.build());
}
@@ -55,11 +56,6 @@ public final class RegistrationPinV2MigrationJob extends BaseJob {
@Override
protected void onRun() throws IOException, UnauthenticatedResponseException, KeyBackupServicePinException {
if (!FeatureFlags.kbs()) {
Log.i(TAG, "Not migrating pin to KBS");
return;
}
if (!TextSecurePreferences.isV1RegistrationLockEnabled(context)) {
Log.i(TAG, "Registration lock disabled");
return;

15
app/src/main/java/org/thoughtcrime/securesms/registration/service/CodeVerificationRequest.java
View File

@@ -27,7 +27,6 @@ import org.thoughtcrime.securesms.push.AccountManagerFactory;
import org.thoughtcrime.securesms.recipients.RecipientId;
import org.thoughtcrime.securesms.service.DirectoryRefreshListener;
import org.thoughtcrime.securesms.service.RotateSignedPreKeyListener;
import org.thoughtcrime.securesms.util.FeatureFlags;
import org.thoughtcrime.securesms.util.TextSecurePreferences;
import org.whispersystems.libsignal.IdentityKeyPair;
import org.whispersystems.libsignal.state.PreKeyRecord;
@@ -55,7 +54,6 @@ public final class CodeVerificationRequest {
static TokenResponse getToken(@Nullable String basicStorageCredentials) throws IOException {
if (basicStorageCredentials == null) return null;
if (!FeatureFlags.kbs()) return null;
return ApplicationDependencies.getKeyBackupService().getToken(basicStorageCredentials);
}
@@ -214,10 +212,8 @@ public final class CodeVerificationRequest {
//noinspection deprecation Only acceptable place to write the old pin enabled state.
TextSecurePreferences.setV1RegistrationLockEnabled(context, pin != null);
if (pin != null) {
if (FeatureFlags.kbs()) {
Log.i(TAG, "Pin V1 successfully entered during registration, scheduling a migration to Pin V2");
ApplicationDependencies.getJobManager().add(new RegistrationPinV2MigrationJob());
}
Log.i(TAG, "Pin V1 successfully entered during registration, scheduling a migration to Pin V2");
ApplicationDependencies.getJobManager().add(new RegistrationPinV2MigrationJob());
}
} else {
SignalStore.kbsValues().setRegistrationLockMasterKey(kbsData, PinHashing.localPinHash(pin));
@@ -230,8 +226,6 @@ public final class CodeVerificationRequest {
}
private static void repostPinToResetTries(@NonNull Context context, @Nullable String pin, @NonNull RegistrationLockData kbsData) {
if (!FeatureFlags.kbs()) return;
if (pin == null) return;
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
@@ -264,11 +258,6 @@ public final class CodeVerificationRequest {
return null;
}
if (!FeatureFlags.kbs()) {
Log.w(TAG, "User appears to have a KBS pin, but this build has KBS off.");
return null;
}
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
Log.i(TAG, "Opening key backup service session");

13
app/src/main/java/org/thoughtcrime/securesms/util/FeatureFlags.java
View File

@@ -40,7 +40,6 @@ public final class FeatureFlags {
private static final String PROFILE_DISPLAY = generateKey("profileDisplay");
private static final String MESSAGE_REQUESTS = generateKey("messageRequests");
private static final String USERNAMES = generateKey("usernames");
private static final String KBS = generateKey("kbs");
private static final String STORAGE_SERVICE = generateKey("storageService");
private static final String REACTION_SENDING = generateKey("reactionSending");
@@ -54,7 +53,6 @@ public final class FeatureFlags {
put(PROFILE_DISPLAY, false);
put(MESSAGE_REQUESTS, false);
put(USERNAMES, false);
put(KBS, false);
put(STORAGE_SERVICE, false);
}};
@@ -105,16 +103,9 @@ public final class FeatureFlags {
return value;
}
/** Set or migrate PIN to KBS */
public static boolean kbs() {
return getValue(KBS, false);
}
/** Storage service. Requires {@link #kbs()}. */
/** Storage service. */
public static boolean storageService() {
boolean value = getValue(STORAGE_SERVICE, false);
if (value && !kbs()) throw new MissingFlagRequirementError();
return value;
return getValue(STORAGE_SERVICE, false);
}
/** Send support for reactions. */