Replace pinstretcher with Argon2 and new PIN encryption.

app/src/test/java/org/thoughtcrime/securesms/registration/v2/HashedPinKbsDataTest.java

@@ -1,10 +1,12 @@
 package org.thoughtcrime.securesms.registration.v2;
 
 import org.junit.Test;
+import org.thoughtcrime.securesms.registration.v2.testdata.KbsTestVector;
 import org.thoughtcrime.securesms.util.Util;
 import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
 import org.whispersystems.signalservice.api.kbs.HashedPin;
 import org.whispersystems.signalservice.api.kbs.KbsData;
+import org.whispersystems.signalservice.api.kbs.MasterKey;
 import org.whispersystems.signalservice.internal.util.JsonUtil;
 
 import java.io.IOException;
@@ -12,17 +14,17 @@ import java.io.InputStream;
 
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 import static org.thoughtcrime.securesms.testutil.SecureRandomTestUtil.mockRandom;
 
 public final class HashedPinKbsDataTest {
 
   @Test
   public void vectors_createNewKbsData() throws IOException {
-    for (KbsTestVector vector : getKbsTestVectorList().getVectors()) {
+    for (KbsTestVector vector : getKbsTestVectorList()) {
       HashedPin hashedPin = HashedPin.fromArgon2Hash(vector.getArgon2Hash());
 
-      KbsData kbsData = hashedPin.createNewKbsData(mockRandom(vector.getMasterKey()));
+      KbsData kbsData = hashedPin.createNewKbsData(MasterKey.createNew(mockRandom(vector.getMasterKey())));
 
       assertArrayEquals(vector.getMasterKey(), kbsData.getMasterKey().serialize());
       assertArrayEquals(vector.getIvAndCipher(), kbsData.getCipherText());
@@ -33,7 +35,7 @@ public final class HashedPinKbsDataTest {
 
   @Test
   public void vectors_decryptKbsDataIVCipherText() throws IOException, InvalidCiphertextException {
-    for (KbsTestVector vector : getKbsTestVectorList().getVectors()) {
+    for (KbsTestVector vector : getKbsTestVectorList()) {
       HashedPin hashedPin = HashedPin.fromArgon2Hash(vector.getArgon2Hash());
 
       KbsData kbsData = hashedPin.decryptKbsDataIVCipherText(vector.getIvAndCipher());
@@ -45,12 +47,12 @@ public final class HashedPinKbsDataTest {
     }
   }
 
-  private static KbsTestVectorList getKbsTestVectorList() throws IOException {
+  private static KbsTestVector[] getKbsTestVectorList() throws IOException {
     try (InputStream resourceAsStream = ClassLoader.getSystemClassLoader().getResourceAsStream("data/kbs_vectors.json")) {
 
-      KbsTestVectorList data = JsonUtil.fromJson(Util.readFullyAsString(resourceAsStream), KbsTestVectorList.class);
+      KbsTestVector[] data = JsonUtil.fromJson(Util.readFullyAsString(resourceAsStream), KbsTestVector[].class);
 
-      assertFalse(data.getVectors().isEmpty());
+      assertTrue(data.length > 0);
 
       return data;
     }

app/src/test/java/org/thoughtcrime/securesms/registration/v2/KbsTestVectorList.java

@@ -1,15 +0,0 @@
-package org.thoughtcrime.securesms.registration.v2;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import java.util.List;
-
-public final class KbsTestVectorList {
-
-  @JsonProperty("vectors")
-  private List<KbsTestVector> vectors;
-
-  public List<KbsTestVector> getVectors() {
-    return vectors;
-  }
-}

app/src/test/java/org/thoughtcrime/securesms/registration/v2/PinHasher_normalize_Test.java

@@ -0,0 +1,42 @@
+package org.thoughtcrime.securesms.registration.v2;
+
+import org.junit.Test;
+import org.thoughtcrime.securesms.registration.v2.testdata.PinSanitationVector;
+import org.thoughtcrime.securesms.util.Util;
+import org.whispersystems.signalservice.internal.registrationpin.PinHasher;
+import org.whispersystems.signalservice.internal.util.Hex;
+import org.whispersystems.signalservice.internal.util.JsonUtil;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public final class PinHasher_normalize_Test {
+
+  @Test
+  public void vectors_normalize() throws IOException {
+    for (PinSanitationVector vector : getKbsPinSanitationTestVectorList()) {
+      byte[] normalized = PinHasher.normalize(vector.getPin());
+
+      if (!Arrays.equals(vector.getBytes(), normalized)) {
+        assertEquals(String.format("%s [%s]", vector.getName(), vector.getPin()),
+                     Hex.toStringCondensed(vector.getBytes()),
+                     Hex.toStringCondensed(normalized));
+      }
+    }
+  }
+
+  private static PinSanitationVector[] getKbsPinSanitationTestVectorList() throws IOException {
+    try (InputStream resourceAsStream = ClassLoader.getSystemClassLoader().getResourceAsStream("data/kbs_pin_normalization_vectors.json")) {
+
+      PinSanitationVector[] data = JsonUtil.fromJson(Util.readFullyAsString(resourceAsStream), PinSanitationVector[].class);
+
+      assertTrue(data.length > 0);
+
+      return data;
+    }
+  }
+}

app/src/test/java/org/thoughtcrime/securesms/registration/v2/testdata/KbsTestVector.java

@@ -1,4 +1,4 @@
-package org.thoughtcrime.securesms.registration.v2;
+package org.thoughtcrime.securesms.registration.v2.testdata;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;

app/src/test/java/org/thoughtcrime/securesms/registration/v2/testdata/PinSanitationVector.java

@@ -0,0 +1,31 @@
+package org.thoughtcrime.securesms.registration.v2.testdata;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+import org.thoughtcrime.securesms.testutil.HexDeserializer;
+
+public class PinSanitationVector {
+
+  @JsonProperty("name")
+  private String name;
+
+  @JsonProperty("pin")
+  private String pin;
+
+  @JsonProperty("bytes")
+  @JsonDeserialize(using = HexDeserializer.class)
+  private byte[] bytes;
+
+  public String getName() {
+    return name;
+  }
+
+  public String getPin() {
+    return pin;
+  }
+
+  public byte[] getBytes() {
+    return bytes;
+  }
+}

app/src/test/resources/data/kbs_pin_normalization_vectors.json

@@ -0,0 +1,66 @@
+[
+  {
+    "name": "Empty",
+    "pin": "",
+    "bytes": ""
+  },
+  {
+    "pin": "password",
+    "bytes": "70617373776f7264"
+  },
+  {
+    "name": "Trailing space",
+    "pin": "password ",
+    "bytes": "70617373776f7264"
+  },
+  {
+    "name": "Leading and trailing spaces",
+    "pin": " password ",
+    "bytes": "70617373776f7264"
+  },
+  {
+    "name": "Space in word",
+    "pin": "pass word",
+    "bytes": "7061737320776f7264"
+  },
+  {
+    "name": "Leading and trailing spaces and space in word",
+    "pin": " pass word ",
+    "bytes": "7061737320776f7264"
+  },
+  {
+    "name": "Arabic digits",
+    "pin": "12345",
+    "bytes": "3132333435"
+  },
+  {
+    "name": "Leading and trailing spaces around digits",
+    "pin": " 12345 ",
+    "bytes": "3132333435"
+  },
+  {
+    "name": "Non-arabic digits",
+    "pin": "١٢٣٤٥",
+    "bytes": "3132333435"
+  },
+  {
+    "name": "Mixed digits",
+    "pin": "١٢٣4٥",
+    "bytes": "3132333435"
+  },
+  {
+    "name": "Non-arabic digits with non-digit",
+    "pin": "١٢٣٤٥A",
+    "bytes": "d9a1d9a2d9a3d9a4d9a541"
+  },
+  {
+    "name": "NFKD Test, Double Char",
+    "pin": "Ä",
+    "bytes": "41cc88"
+  },
+  {
+    "name": "NFKD Test, Single Char",
+    "pin": "Ä",
+    "bytes": "41cc88"
+  }
+]

app/src/test/resources/data/kbs_vectors.json

@@ -1,13 +1,20 @@
-{
-  "vectors": [
-    {
-      "pin": "password",
-      "backup_id": "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
-      "argon2_hash": "65AADD2441A6C1979A2EA515DBB7092112703378D6BD83E8C4FF7771F6A7733F88A787415A2ECD79DA0D1016A82A27C5C695C9A19B88B0AA1D35683280AA9A67",
-      "master_key": "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F",
-      "kbs_access_key": "88A787415A2ECD79DA0D1016A82A27C5C695C9A19B88B0AA1D35683280AA9A67",
-      "iv_and_cipher": "B18815B9B6C159CA9BB7E4F0486BD977AE84BF807F03157091DD04425C921D7D4CA7D5C4E27E31FD75DEF120135434D7",
-      "registration_lock": "2bf7988224ba35d3554966c65e8dc8c54974b034bdd44cabfd3f15fdb185e3c6"
-    }
-  ]
-}
+[
+   {
+      "pin":"password",
+      "backup_id":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+      "argon2_hash":"44652df80490fc66bb864a9e638b2f7dc9e20649671dd66bbb9c37bee2bfecf1ab7e8499d21f80a6600b3b9ee349ac6d72c07e3359fe885a934ba7aa844429f8",
+      "master_key":"202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+      "kbs_access_key":"ab7e8499d21f80a6600b3b9ee349ac6d72c07e3359fe885a934ba7aa844429f8",
+      "iv_and_cipher":"3f33ce58eb25b40436592a30eae2a8fabab1899095f4e2fba6e2d0dc43b4a2d9cac5a3931748522393951e0e54dec769",
+      "registration_lock":"2bf7988224ba35d3554966c65e8dc8c54974b034bdd44cabfd3f15fdb185e3c6"
+   },
+   {
+      "pin":"anotherpassword",
+      "backup_id":"202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+      "argon2_hash":"b6f16aa0591732e339b7e99cdd5fd6586a1c285c9d66876947fd82f66ed99757301d9dd1e96f20ce51083f67d3298fd37b97525de8324d5e12ed2d407d3d927b",
+      "master_key":"88a787415a2ecd79da0d1016a82a27c5c695c9a19b88b0aa1d35683280aa9a67",
+      "kbs_access_key":"301d9dd1e96f20ce51083f67d3298fd37b97525de8324d5e12ed2d407d3d927b",
+      "iv_and_cipher":"9d9b05402ea39c17ff1c9298c8a0e86784a352aa02a74943bf8bcf07ec0f4b574a5b786ad0182c8d308d9eb06538b8c9",
+      "registration_lock":"4a458afa1b07493b23ee9b3f287b70416b2388ca39b5b8c27b4b7585bf73f413"
+   }
+]