From 7222de466feb7b1fc5a6b8108db797926d84a4d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20F=C3=A9ron?= Date: Sun, 3 Nov 2024 18:18:28 +0100 Subject: [PATCH] Revert "Make sure we really use thread_rng everywhere (#341)" This reverts commit b0fcd8bef2ba2d5ec684c5bd3dbce62c06b60e62. --- src/account_manager.rs | 17 ++++++++--------- src/cipher.rs | 17 +++++++++++------ src/sender.rs | 19 ++++++++++++------- 3 files changed, 31 insertions(+), 22 deletions(-) diff --git a/src/account_manager.rs b/src/account_manager.rs index c7bbc5ce1..af8fc1c88 100644 --- a/src/account_manager.rs +++ b/src/account_manager.rs @@ -1,6 +1,5 @@ use base64::prelude::*; use phonenumber::PhoneNumber; -use rand::Rng; use reqwest::Method; use std::collections::HashMap; use std::convert::{TryFrom, TryInto}; @@ -642,7 +641,7 @@ impl AccountManager { /// Should be called as the primary device to migrate from pre-PNI to PNI. /// /// This is the equivalent of Android's PnpInitializeDevicesJob or iOS' PniHelloWorldManager. - #[tracing::instrument(skip(self, aci_protocol_store, pni_protocol_store, sender, local_aci), fields(local_aci = %local_aci))] + #[tracing::instrument(skip(self, aci_protocol_store, pni_protocol_store, sender, local_aci, csprng), fields(local_aci = %local_aci))] pub async fn pnp_initialize_devices< // XXX So many constraints here, all imposed by the MessageSender R: rand::Rng + rand::CryptoRng, @@ -653,11 +652,11 @@ impl AccountManager { &mut self, aci_protocol_store: &mut Aci, pni_protocol_store: &mut Pni, - mut sender: MessageSender, + mut sender: MessageSender, local_aci: ServiceAddress, e164: PhoneNumber, + csprng: &mut R, ) -> Result<(), MessageSenderError> { - let mut csprng = rand::thread_rng(); let pni_identity_key_pair = pni_protocol_store.get_identity_key_pair().await?; @@ -714,7 +713,7 @@ impl AccountManager { crate::pre_keys::replenish_pre_keys( pni_protocol_store, &pni_identity_key_pair, - &mut csprng, + csprng, true, 0, 0, @@ -722,12 +721,12 @@ impl AccountManager { .await? } else { // Generate a signed prekey - let signed_pre_key_pair = KeyPair::generate(&mut csprng); + let signed_pre_key_pair = KeyPair::generate(csprng); let signed_pre_key_public = signed_pre_key_pair.public_key; let signed_pre_key_signature = pni_identity_key_pair.private_key().calculate_signature( &signed_pre_key_public.serialize(), - &mut csprng, + csprng, )?; let signed_prekey_record = SignedPreKeyRecord::new( @@ -755,7 +754,7 @@ impl AccountManager { pni_protocol_store.get_local_registration_id().await? } else { loop { - let regid = generate_registration_id(&mut csprng); + let regid = generate_registration_id(csprng); if !pni_registration_ids.iter().any(|(_k, v)| *v == regid) { break regid; } @@ -803,7 +802,7 @@ impl AccountManager { e164.format().mode(phonenumber::Mode::E164).to_string(), ), }), - padding: Some(random_length_padding(&mut csprng, 512)), + padding: Some(random_length_padding(csprng, 512)), ..SyncMessage::default() }; let content: ContentBody = msg.into(); diff --git a/src/cipher.rs b/src/cipher.rs index 645b4aed9..057cc8332 100644 --- a/src/cipher.rs +++ b/src/cipher.rs @@ -13,6 +13,7 @@ use libsignal_protocol::{ SignalProtocolError, SignedPreKeyStore, Timestamp, }; use prost::Message; +use rand::{CryptoRng, Rng}; use uuid::Uuid; use crate::{ @@ -28,14 +29,15 @@ use crate::{ /// /// Equivalent of SignalServiceCipher in Java. #[derive(Clone)] -pub struct ServiceCipher { +pub struct ServiceCipher { protocol_store: S, + csprng: R, trust_root: PublicKey, local_uuid: Uuid, local_device_id: u32, } -impl fmt::Debug for ServiceCipher { +impl fmt::Debug for ServiceCipher { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ServiceCipher") .field("protocol_store", &"...") @@ -68,18 +70,21 @@ fn debug_envelope(envelope: &Envelope) -> String { } } -impl ServiceCipher +impl ServiceCipher where S: ProtocolStore + SenderKeyStore + SessionStoreExt + Clone, + R: Rng + CryptoRng, { pub fn new( protocol_store: S, + csprng: R, trust_root: PublicKey, local_uuid: Uuid, local_device_id: u32, ) -> Self { Self { protocol_store, + csprng, trust_root, local_uuid, local_device_id, @@ -175,7 +180,7 @@ where &mut self.protocol_store.clone(), &self.protocol_store.clone(), &mut self.protocol_store.clone(), - &mut rand::thread_rng(), + &mut self.csprng, ) .await? .as_slice() @@ -231,7 +236,7 @@ where &sender, &mut self.protocol_store.clone(), &mut self.protocol_store.clone(), - &mut rand::thread_rng(), + &mut self.csprng, ) .await? .as_slice() @@ -349,7 +354,7 @@ where &mut self.protocol_store.clone(), &mut self.protocol_store, SystemTime::now(), - &mut rand::thread_rng(), + &mut self.csprng, ) .await?; diff --git a/src/sender.rs b/src/sender.rs index ae9d2cfec..460e45900 100644 --- a/src/sender.rs +++ b/src/sender.rs @@ -5,6 +5,7 @@ use libsignal_protocol::{ process_prekey_bundle, DeviceId, IdentityKey, IdentityKeyPair, ProtocolStore, SenderCertificate, SenderKeyStore, SignalProtocolError, }; +use rand::{CryptoRng, Rng}; use tracing::{debug, error, info, trace, warn}; use tracing_futures::Instrument; use uuid::Uuid; @@ -82,11 +83,12 @@ pub struct AttachmentSpec { } #[derive(Clone)] -pub struct MessageSender { +pub struct MessageSender { identified_ws: SignalWebSocket, unidentified_ws: SignalWebSocket, service: PushService, - cipher: ServiceCipher, + cipher: ServiceCipher, + csprng: R, protocol_store: S, local_aci: ServiceAddress, local_pni: ServiceAddress, @@ -148,16 +150,18 @@ pub struct EncryptedMessages { used_identity_key: IdentityKey, } -impl MessageSender +impl MessageSender where S: ProtocolStore + SenderKeyStore + SessionStoreExt + Sync + Clone, + R: Rng + CryptoRng, { #[allow(clippy::too_many_arguments)] pub fn new( identified_ws: SignalWebSocket, unidentified_ws: SignalWebSocket, service: PushService, - cipher: ServiceCipher, + cipher: ServiceCipher, + csprng: R, protocol_store: S, local_aci: impl Into, local_pni: impl Into, @@ -170,6 +174,7 @@ where identified_ws, unidentified_ws, cipher, + csprng, protocol_store, local_aci: local_aci.into(), local_pni: local_pni.into(), @@ -620,7 +625,7 @@ where &mut self.protocol_store, &pre_key, SystemTime::now(), - &mut rand::thread_rng(), + &mut self.csprng, ) .await .map_err(|e| { @@ -833,7 +838,7 @@ where .expect("PNI key set when PNI signature requested") .sign_alternate_identity( self.aci_identity.identity_key(), - &mut rand::thread_rng(), + &mut self.csprng, )?; Ok(crate::proto::PniSignatureMessage { pni: Some(self.local_pni.uuid.as_bytes().to_vec()), @@ -1020,7 +1025,7 @@ where &mut self.protocol_store, &pre_key_bundle, SystemTime::now(), - &mut rand::thread_rng(), + &mut self.csprng, ) .await?; }