]> nmode's Git Repositories - signal-cli/blob - lib/src/main/java/org/asamk/signal/manager/helper/PreKeyHelper.java
git.nmode.ca / signal-cli / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update libsignal-service
[signal-cli] / lib / src / main / java / org / asamk / signal / manager / helper / PreKeyHelper.java
1 package org.asamk.signal.manager.helper;
2
3 import org.asamk.signal.manager.config.ServiceConfig;
4 import org.asamk.signal.manager.internal.SignalDependencies;
5 import org.asamk.signal.manager.storage.SignalAccount;
6 import org.asamk.signal.manager.util.KeyUtils;
7 import org.signal.libsignal.protocol.IdentityKeyPair;
8 import org.signal.libsignal.protocol.InvalidKeyIdException;
9 import org.signal.libsignal.protocol.state.KyberPreKeyRecord;
10 import org.signal.libsignal.protocol.state.PreKeyRecord;
11 import org.signal.libsignal.protocol.state.SignedPreKeyRecord;
12 import org.slf4j.Logger;
13 import org.slf4j.LoggerFactory;
14 import org.whispersystems.signalservice.api.account.PreKeyUpload;
15 import org.whispersystems.signalservice.api.push.ServiceIdType;
16 import org.whispersystems.signalservice.api.push.exceptions.AuthorizationFailedException;
17 import org.whispersystems.signalservice.internal.push.OneTimePreKeyCounts;
18
19 import java.io.IOException;
20 import java.util.List;
21
22 import static org.asamk.signal.manager.config.ServiceConfig.PREKEY_STALE_AGE;
23 import static org.asamk.signal.manager.config.ServiceConfig.SIGNED_PREKEY_ROTATE_AGE;
24
25 public class PreKeyHelper {
26
27 private final static Logger logger = LoggerFactory.getLogger(PreKeyHelper.class);
28
29 private final SignalAccount account;
30 private final SignalDependencies dependencies;
31
32 public PreKeyHelper(
33 final SignalAccount account, final SignalDependencies dependencies
34 ) {
35 this.account = account;
36 this.dependencies = dependencies;
37 }
38
39 public void refreshPreKeysIfNecessary() throws IOException {
40 refreshPreKeysIfNecessary(ServiceIdType.ACI);
41 refreshPreKeysIfNecessary(ServiceIdType.PNI);
42 }
43
44 public void refreshPreKeysIfNecessary(ServiceIdType serviceIdType) throws IOException {
45 final var identityKeyPair = account.getIdentityKeyPair(serviceIdType);
46 if (identityKeyPair == null) {
47 return;
48 }
49 final var accountId = account.getAccountId(serviceIdType);
50 if (accountId == null) {
51 return;
52 }
53
54 OneTimePreKeyCounts preKeyCounts;
55 try {
56 preKeyCounts = dependencies.getAccountManager().getPreKeyCounts(serviceIdType);
57 } catch (AuthorizationFailedException e) {
58 logger.debug("Failed to get pre key count, ignoring: " + e.getClass().getSimpleName());
59 preKeyCounts = new OneTimePreKeyCounts(0, 0);
60 }
61
62 SignedPreKeyRecord signedPreKeyRecord = null;
63 List<PreKeyRecord> preKeyRecords = null;
64 KyberPreKeyRecord lastResortKyberPreKeyRecord = null;
65 List<KyberPreKeyRecord> kyberPreKeyRecords = null;
66
67 try {
68 if (preKeyCounts.getEcCount() < ServiceConfig.PREKEY_MINIMUM_COUNT) {
69 logger.debug("Refreshing {} ec pre keys, because only {} of min {} pre keys remain",
70 serviceIdType,
71 preKeyCounts.getEcCount(),
72 ServiceConfig.PREKEY_MINIMUM_COUNT);
73 preKeyRecords = generatePreKeys(serviceIdType);
74 }
75 if (signedPreKeyNeedsRefresh(serviceIdType)) {
76 logger.debug("Refreshing {} signed pre key.", serviceIdType);
77 signedPreKeyRecord = generateSignedPreKey(serviceIdType, identityKeyPair);
78 }
79 } catch (Exception e) {
80 logger.warn("Failed to store new pre keys, resetting preKey id offset", e);
81 account.resetPreKeyOffsets(serviceIdType);
82 preKeyRecords = generatePreKeys(serviceIdType);
83 signedPreKeyRecord = generateSignedPreKey(serviceIdType, identityKeyPair);
84 }
85
86 try {
87 if (preKeyCounts.getKyberCount() < ServiceConfig.PREKEY_MINIMUM_COUNT) {
88 logger.debug("Refreshing {} kyber pre keys, because only {} of min {} pre keys remain",
89 serviceIdType,
90 preKeyCounts.getKyberCount(),
91 ServiceConfig.PREKEY_MINIMUM_COUNT);
92 kyberPreKeyRecords = generateKyberPreKeys(serviceIdType, identityKeyPair);
93 }
94 if (lastResortKyberPreKeyNeedsRefresh(serviceIdType)) {
95 logger.debug("Refreshing {} last resort kyber pre key.", serviceIdType);
96 lastResortKyberPreKeyRecord = generateLastResortKyberPreKey(serviceIdType, identityKeyPair);
97 }
98 } catch (Exception e) {
99 logger.warn("Failed to store new kyber pre keys, resetting preKey id offset", e);
100 account.resetKyberPreKeyOffsets(serviceIdType);
101 kyberPreKeyRecords = generateKyberPreKeys(serviceIdType, identityKeyPair);
102 lastResortKyberPreKeyRecord = generateLastResortKyberPreKey(serviceIdType, identityKeyPair);
103 }
104
105 if (signedPreKeyRecord != null
106 || preKeyRecords != null
107 || lastResortKyberPreKeyRecord != null
108 || kyberPreKeyRecords != null) {
109 final var preKeyUpload = new PreKeyUpload(serviceIdType,
110 identityKeyPair.getPublicKey(),
111 signedPreKeyRecord,
112 preKeyRecords,
113 lastResortKyberPreKeyRecord,
114 kyberPreKeyRecords);
115 try {
116 dependencies.getAccountManager().setPreKeys(preKeyUpload);
117 } catch (AuthorizationFailedException e) {
118 // This can happen when the primary device has changed phone number
119 logger.warn("Failed to updated pre keys: {}", e.getMessage());
120 }
121 }
122
123 cleanSignedPreKeys((serviceIdType));
124 cleanOneTimePreKeys(serviceIdType);
125 }
126
127 private List<PreKeyRecord> generatePreKeys(ServiceIdType serviceIdType) {
128 final var accountData = account.getAccountData(serviceIdType);
129 final var offset = accountData.getPreKeyMetadata().getNextPreKeyId();
130
131 var records = KeyUtils.generatePreKeyRecords(offset);
132 account.addPreKeys(serviceIdType, records);
133
134 return records;
135 }
136
137 private boolean signedPreKeyNeedsRefresh(ServiceIdType serviceIdType) {
138 final var accountData = account.getAccountData(serviceIdType);
139
140 final var activeSignedPreKeyId = accountData.getPreKeyMetadata().getActiveSignedPreKeyId();
141 if (activeSignedPreKeyId == -1) {
142 return true;
143 }
144 try {
145 final var signedPreKeyRecord = accountData.getSignedPreKeyStore().loadSignedPreKey(activeSignedPreKeyId);
146 return signedPreKeyRecord.getTimestamp() < System.currentTimeMillis() - SIGNED_PREKEY_ROTATE_AGE;
147 } catch (InvalidKeyIdException e) {
148 return true;
149 }
150 }
151
152 private SignedPreKeyRecord generateSignedPreKey(ServiceIdType serviceIdType, IdentityKeyPair identityKeyPair) {
153 final var accountData = account.getAccountData(serviceIdType);
154 final var signedPreKeyId = accountData.getPreKeyMetadata().getNextSignedPreKeyId();
155
156 var record = KeyUtils.generateSignedPreKeyRecord(signedPreKeyId, identityKeyPair.getPrivateKey());
157 account.addSignedPreKey(serviceIdType, record);
158
159 return record;
160 }
161
162 private List<KyberPreKeyRecord> generateKyberPreKeys(
163 ServiceIdType serviceIdType, final IdentityKeyPair identityKeyPair
164 ) {
165 final var accountData = account.getAccountData(serviceIdType);
166 final var offset = accountData.getPreKeyMetadata().getNextKyberPreKeyId();
167
168 var records = KeyUtils.generateKyberPreKeyRecords(offset, identityKeyPair.getPrivateKey());
169 account.addKyberPreKeys(serviceIdType, records);
170
171 return records;
172 }
173
174 private boolean lastResortKyberPreKeyNeedsRefresh(ServiceIdType serviceIdType) {
175 final var accountData = account.getAccountData(serviceIdType);
176
177 final var activeLastResortKyberPreKeyId = accountData.getPreKeyMetadata().getActiveLastResortKyberPreKeyId();
178 if (activeLastResortKyberPreKeyId == -1) {
179 return true;
180 }
181 try {
182 final var kyberPreKeyRecord = accountData.getKyberPreKeyStore()
183 .loadKyberPreKey(activeLastResortKyberPreKeyId);
184 return kyberPreKeyRecord.getTimestamp() < System.currentTimeMillis() - SIGNED_PREKEY_ROTATE_AGE;
185 } catch (InvalidKeyIdException e) {
186 return true;
187 }
188 }
189
190 private KyberPreKeyRecord generateLastResortKyberPreKey(
191 ServiceIdType serviceIdType, IdentityKeyPair identityKeyPair
192 ) {
193 final var accountData = account.getAccountData(serviceIdType);
194 final var signedPreKeyId = accountData.getPreKeyMetadata().getNextKyberPreKeyId();
195
196 var record = KeyUtils.generateKyberPreKeyRecord(signedPreKeyId, identityKeyPair.getPrivateKey());
197 account.addLastResortKyberPreKey(serviceIdType, record);
198
199 return record;
200 }
201
202 private void cleanSignedPreKeys(ServiceIdType serviceIdType) {
203 final var accountData = account.getAccountData(serviceIdType);
204
205 final var activeSignedPreKeyId = accountData.getPreKeyMetadata().getActiveSignedPreKeyId();
206 accountData.getSignedPreKeyStore().removeOldSignedPreKeys(activeSignedPreKeyId);
207
208 final var activeLastResortKyberPreKeyId = accountData.getPreKeyMetadata().getActiveLastResortKyberPreKeyId();
209 accountData.getKyberPreKeyStore().removeOldLastResortKyberPreKeys(activeLastResortKyberPreKeyId);
210 }
211
212 private void cleanOneTimePreKeys(ServiceIdType serviceIdType) {
213 long threshold = System.currentTimeMillis() - PREKEY_STALE_AGE;
214 int minCount = 200;
215
216 final var accountData = account.getAccountData(serviceIdType);
217 accountData.getPreKeyStore().deleteAllStaleOneTimeEcPreKeys(threshold, minCount);
218 accountData.getKyberPreKeyStore().deleteAllStaleOneTimeKyberPreKeys(threshold, minCount);
219 }
220 }
[GitHub/AsamK] signal-cli provides an unofficial commandline, JSON-RPC and dbus interface for the Signal messenger.

Codeberg
GitHub
GitLab
SourceHut