whisperfish · rubdos · Apr 30, 2021 · Apr 20, 2021 · Apr 20, 2021 · Apr 20, 2021
diff --git a/libsignal-service-actix/Cargo.toml b/libsignal-service-actix/Cargo.toml
@@ -4,11 +4,8 @@ version = "0.1.0"
 authors = ["Ruben De Smet <[email protected]>"]
 edition = "2018"
 
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
 [dependencies]
 libsignal-service = { path = "../libsignal-service" }
-libsignal-protocol = { git = "https://github.com/Michael-F-Bryan/libsignal-protocol-rs" }
 
 awc = { version = "3.0.0-beta.5", features=["rustls"] }
 actix = "0.11.1"
@@ -22,7 +19,7 @@ rustls = "0.19"
 url = "2.1"
 serde = "1.0"
 log = "0.4"
-rand = "0.8"
+rand = "0.7"
 
 failure = "0.1.5"
 thiserror = "1.0"
@@ -36,6 +33,6 @@ env_logger = "0.8"
 image = { version = "0.23", default-features = false, features = ["png"] }
 opener = "0.4"
 qrcode = "0.12"
-rand = "0.8"
+rand = "0.7"
 structopt = "0.3"
 tokio = { version = "1", features=["macros"] }
diff --git a/libsignal-service-actix/examples/link.rs b/libsignal-service-actix/examples/link.rs
@@ -1,20 +1,16 @@
 use failure::Error;
 use futures::{channel::mpsc::channel, future, StreamExt};
 use image::Luma;
-use libsignal_service::configuration::SignalServers;
+use libsignal_service::{
+    configuration::SignalServers, provisioning::LinkingManager,
+    provisioning::SecondaryDeviceProvisioning, USER_AGENT,
+};
+use libsignal_service_actix::prelude::AwcPushService;
 use log::LevelFilter;
 use qrcode::QrCode;
 use rand::{distributions::Alphanumeric, Rng, RngCore};
 use structopt::StructOpt;
 
-use libsignal_protocol::Context;
-
-use libsignal_service::{
-    provisioning::LinkingManager, provisioning::SecondaryDeviceProvisioning,
-    USER_AGENT,
-};
-use libsignal_service_actix::prelude::AwcPushService;
-
 #[derive(Debug, StructOpt)]
 struct Args {
     #[structopt(long = "servers", short = "s", default_value = "staging")]
@@ -36,8 +32,7 @@ async fn main() -> Result<(), Error> {
 
     // generate a random 16 bytes password
     let mut rng = rand::rngs::OsRng::default();
-    let password: Vec<u8> = rng.sample_iter(&Alphanumeric).take(24).collect();
-    let password = String::from_utf8(password)?;
+    let password: String = rng.sample_iter(&Alphanumeric).take(24).collect();
 
     // generate a 52 bytes signaling key
     let mut signaling_key = [0u8; 52];
@@ -47,16 +42,16 @@ async fn main() -> Result<(), Error> {
         base64::encode(&signaling_key.to_vec())
     );
 
-    let signal_context = Context::default();
-
     let mut provision_manager: LinkingManager<AwcPushService> =
         LinkingManager::new(args.servers, USER_AGENT.into(), password);
 
     let (tx, mut rx) = channel(1);
 
+    let mut csprng = rand::thread_rng();
+
     let (fut1, fut2) = future::join(
         provision_manager.provision_secondary_device(
-            &signal_context,
+            &mut csprng,
             signaling_key,
             &args.device_name,
             tx,

diff --git a/libsignal-service-hyper/Cargo.toml b/libsignal-service-hyper/Cargo.toml
@@ -4,11 +4,8 @@ version = "0.1.0"
 authors = ["Gabriel Féron <[email protected]>"]
 edition = "2018"
 
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
 [dependencies]
 libsignal-service = { path = "../libsignal-service" }
-libsignal-protocol = { git = "https://github.com/Michael-F-Bryan/libsignal-protocol-rs" }
 
 async-trait = "0.1"
 base64 = "0.13"

diff --git a/libsignal-service/Cargo.toml b/libsignal-service/Cargo.toml
@@ -7,8 +7,8 @@ license = "GPLv3"
 readme = "../README.md"
 
 [dependencies]
-libsignal-protocol = { git = "https://github.com/Michael-F-Bryan/libsignal-protocol-rs" }
-zkgroup = { git = "https://github.com/signalapp/zkgroup" }
+libsignal-protocol = { git = "https://github.com/whisperfish/libsignal-client", branch = "make-error-sync" }
+zkgroup = { git = "https://github.com/signalapp/zkgroup", tag = "v0.7.2" }
 async-trait = "0.1.30"
 url = { version = "2.1.1", features = ["serde"] }
 base64 = "0.13"
@@ -30,7 +30,7 @@ aes = "0.6.0"
 aes-gcm = "0.8.0"
 aes-ctr = "0.6.0"
 block-modes = "0.7.0"
-rand = "0.8.0"
+rand = "0.7"
 
 uuid = { version = "0.8", features = [ "serde" ] }
 phonenumber = "0.3"
@@ -40,6 +40,7 @@ prost-build = "0.7"
 
 [dev-dependencies]
 anyhow = "1.0"
+tokio = { version = "1.0", features = [ "macros" ] }
 
 [features]
 prefer-e164 = []
diff --git a/libsignal-service/src/account_manager.rs b/libsignal-service/src/account_manager.rs
@@ -1,3 +1,13 @@
+use std::collections::HashMap;
+use std::convert::{TryFrom, TryInto};
+use std::time::SystemTime;
+
+use libsignal_protocol::{
+    IdentityKeyStore, KeyPair, PreKeyRecord, PreKeyStore, PublicKey,
+    SignalProtocolError, SignedPreKeyRecord, SignedPreKeyStore,
+};
+use zkgroup::profiles::ProfileKey;
+
 use crate::{
     configuration::{Endpoint, ServiceCredentials},
     pre_keys::{PreKeyEntity, PreKeyState},
@@ -11,16 +21,7 @@ use crate::{
     },
 };
 
-use std::collections::HashMap;
-use std::convert::TryFrom;
-use std::time::SystemTime;
-
-use libsignal_protocol::keys::PublicKey;
-use libsignal_protocol::{Context, StoreContext};
-use zkgroup::profiles::ProfileKey;
-
 pub struct AccountManager<Service> {
-    context: Context,
     service: Service,
     profile_key: Option<[u8; 32]>,
 }
@@ -42,7 +43,7 @@ pub enum LinkError {
     #[error("TsUrl has an invalid pub_key field")]
     InvalidPublicKey,
     #[error("Protocol error {0}")]
-    ProtocolError(#[from] libsignal_protocol::Error),
+    ProtocolError(#[from] SignalProtocolError),
     #[error(transparent)]
     ProvisioningError(#[from] ProvisioningError),
 }
@@ -56,15 +57,11 @@ pub struct Profile {
 
 const PRE_KEY_MINIMUM: u32 = 10;
 const PRE_KEY_BATCH_SIZE: u32 = 100;
+const PRE_KEY_MEDIUM_MAX_VALUE: u32 = 0xFFFFFF;
 
 impl<Service: PushService> AccountManager<Service> {
-    pub fn new(
-        context: Context,
-        service: Service,
-        profile_key: Option<[u8; 32]>,
-    ) -> Self {
+    pub fn new(service: Service, profile_key: Option<[u8; 32]>) -> Self {
         Self {
-            context,
             service,
             profile_key,
         }
@@ -78,11 +75,14 @@ impl<Service: PushService> AccountManager<Service> {
     /// Equivalent to Java's RefreshPreKeysJob
     ///
     /// Returns the next pre-key offset and next signed pre-key offset as a tuple.
-    pub async fn update_pre_key_bundle(
+    pub async fn update_pre_key_bundle<R: rand::Rng + rand::CryptoRng>(
-    pub async fn update_pre_key_bundle<R: rand::Rng + rand::CryptoRng>(
+    #[allow(clippy::too_many_arguments)] // See issue https://github.com/Michael-F-Bryan/libsignal-service-rs/issues/92
+    pub async fn update_pre_key_bundle<R: rand::Rng + rand::CryptoRng>(
-    pub async fn update_pre_key_bundle<R: rand::Rng + rand::CryptoRng>(
+    #[allow(clippy::too_many_arguments)] // See issue https://github.com/Michael-F-Bryan/libsignal-service-rs/issues/92
+    pub async fn update_pre_key_bundle<R: rand::Rng + rand::CryptoRng>(
         &mut self,
-        store_context: StoreContext,
+        identity_store: &dyn IdentityKeyStore,
+        pre_key_store: &mut dyn PreKeyStore,
+        signed_pre_key_store: &mut dyn SignedPreKeyStore,
+        csprng: &mut R,
         pre_keys_offset_id: u32,
-        next_signed_pre_key_id: u32,
+        signed_pre_key_id: u32,
         use_last_resort_key: bool,
     ) -> Result<(u32, u32), ServiceError> {
         let prekey_count = match self.service.get_pre_key_status().await {
@@ -99,34 +99,54 @@ impl<Service: PushService> AccountManager<Service> {
 
         if prekey_count >= PRE_KEY_MINIMUM {
             log::info!("Available keys sufficient");
-            return Ok((pre_keys_offset_id, next_signed_pre_key_id));
+            return Ok((pre_keys_offset_id, signed_pre_key_id));
         }
 
-        let pre_keys = libsignal_protocol::generate_pre_keys(
-            &self.context,
-            pre_keys_offset_id,
-            PRE_KEY_BATCH_SIZE,
-        )?;
-        let identity_key_pair = store_context.identity_key_pair()?;
-        let signed_pre_key = libsignal_protocol::generate_signed_pre_key(
-            &self.context,
-            &identity_key_pair,
-            next_signed_pre_key_id,
-            SystemTime::now(),
-        )?;
-
-        store_context.store_signed_pre_key(&signed_pre_key)?;
-
         let mut pre_key_entities = vec![];
-        for pre_key in pre_keys {
-            store_context.store_pre_key(&pre_key)?;
-            pre_key_entities.push(PreKeyEntity::try_from(pre_key)?);
+        for i in 0..PRE_KEY_BATCH_SIZE {
+            let key_pair = KeyPair::generate(csprng);
+            let pre_key_id =
+                ((pre_keys_offset_id + i) % (PRE_KEY_MEDIUM_MAX_VALUE - 1)) + 1;
+            let pre_key_record = PreKeyRecord::new(pre_key_id, &key_pair);
+            pre_key_store
+                .save_pre_key(pre_key_id, &pre_key_record, None)
+                .await?;
+
+            pre_key_entities.push(PreKeyEntity::try_from(pre_key_record)?);
         }
 
+        // Generate and store the next signed prekey
+        let identity_key_pair =
+            identity_store.get_identity_key_pair(None).await?;
+        let signed_pre_key_pair = KeyPair::generate(csprng);
+        let signed_pre_key_public = signed_pre_key_pair.public_key;
+        let signed_pre_key_signature = identity_key_pair
+            .private_key()
+            .calculate_signature(&signed_pre_key_public.serialize(), csprng)?;
+
+        let unix_time = SystemTime::now()
+            .duration_since(SystemTime::UNIX_EPOCH)
+            .unwrap();
+
+        let signed_prekey_record = SignedPreKeyRecord::new(
+            signed_pre_key_id + 1,
+            unix_time.as_secs(),
+            &signed_pre_key_pair,
+            &signed_pre_key_signature,
+        );
+
+        signed_pre_key_store
+            .save_signed_pre_key(
+                signed_pre_key_id + 1,
+                &signed_prekey_record,
+                None,
+            )
+            .await?;
+
         let pre_key_state = PreKeyState {
             pre_keys: pre_key_entities,
-            signed_pre_key: signed_pre_key.into(),
-            identity_key: identity_key_pair.public(),
+            signed_pre_key: signed_prekey_record.try_into()?,
+            identity_key: identity_key_pair.public_key().clone(),
-            identity_key: identity_key_pair.public_key().clone(),
+            identity_key: identity_key_pair.public_key(),
-            identity_key: identity_key_pair.public_key().clone(),
+            identity_key: identity_key_pair.public_key(),
             last_resort_key: if use_last_resort_key {
                 Some(PreKeyEntity {
                     key_id: 0x7fffffff,
@@ -142,7 +162,7 @@ impl<Service: PushService> AccountManager<Service> {
         log::trace!("Successfully refreshed prekeys");
         Ok((
             pre_keys_offset_id + PRE_KEY_BATCH_SIZE,
-            next_signed_pre_key_id + 1,
+            signed_pre_key_id + 1,
         ))
     }
 
@@ -209,7 +229,7 @@ impl<Service: PushService> AccountManager<Service> {
     pub async fn link_device(
         &mut self,
         url: url::Url,
-        store_context: StoreContext,
+        identity_store: &dyn IdentityKeyStore,
         credentials: ServiceCredentials,
     ) -> Result<(), LinkError> {
         let query: HashMap<_, _> = url.query_pairs().collect();
@@ -218,10 +238,11 @@ impl<Service: PushService> AccountManager<Service> {
             query.get("pub_key").ok_or(LinkError::InvalidPublicKey)?;
         let pub_key = base64::decode(&**pub_key)
             .map_err(|_e| LinkError::InvalidPublicKey)?;
-        let pub_key = PublicKey::decode_point(&self.context, &pub_key)
+        let pub_key = PublicKey::deserialize(&pub_key)
             .map_err(|_e| LinkError::InvalidPublicKey)?;
 
-        let identity_key_pair = store_context.identity_key_pair()?;
+        let identity_key_pair =
+            identity_store.get_identity_key_pair(None).await?;
 
         if credentials.uuid.is_none() {
             log::warn!("No local UUID set");
@@ -231,10 +252,10 @@ impl<Service: PushService> AccountManager<Service> {
 
         let msg = ProvisionMessage {
             identity_key_public: Some(
-                identity_key_pair.public().to_bytes()?.as_slice().to_vec(),
+                identity_key_pair.public_key().serialize().into_vec(),
             ),
             identity_key_private: Some(
-                identity_key_pair.private().to_bytes()?.as_slice().to_vec(),
+                identity_key_pair.private_key().serialize(),
             ),
             number: Some(credentials.e164()),
             uuid: credentials.uuid.as_ref().map(|u| u.to_string()),
@@ -248,8 +269,7 @@ impl<Service: PushService> AccountManager<Service> {
             user_agent: None,
         };
 
-        let cipher =
-            ProvisioningCipher::from_public(self.context.clone(), pub_key);
+        let cipher = ProvisioningCipher::from_public(pub_key);
 
         let encrypted = cipher.encrypt(msg)?;
         self.send_provisioning_message(ephemeral_id, encrypted)