]> nmode's Git Repositories - signal-cli/blob - lib/src/main/java/org/asamk/signal/manager/util/KeyUtils.java
git.nmode.ca / signal-cli / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update libsignal-service
[signal-cli] / lib / src / main / java / org / asamk / signal / manager / util / KeyUtils.java
1 package org.asamk.signal.manager.util;
2
3 import org.asamk.signal.manager.storage.SignalAccount;
4 import org.signal.libsignal.protocol.IdentityKey;
5 import org.signal.libsignal.protocol.IdentityKeyPair;
6 import org.signal.libsignal.protocol.InvalidKeyException;
7 import org.signal.libsignal.protocol.ecc.Curve;
8 import org.signal.libsignal.protocol.ecc.ECPrivateKey;
9 import org.signal.libsignal.protocol.kem.KEMKeyPair;
10 import org.signal.libsignal.protocol.kem.KEMKeyType;
11 import org.signal.libsignal.protocol.state.KyberPreKeyRecord;
12 import org.signal.libsignal.protocol.state.PreKeyRecord;
13 import org.signal.libsignal.protocol.state.SignedPreKeyRecord;
14 import org.signal.libsignal.zkgroup.InvalidInputException;
15 import org.signal.libsignal.zkgroup.profiles.ProfileKey;
16 import org.whispersystems.signalservice.api.account.PreKeyCollection;
17 import org.whispersystems.signalservice.api.kbs.MasterKey;
18
19 import java.security.SecureRandom;
20 import java.util.ArrayList;
21 import java.util.Base64;
22 import java.util.List;
23
24 import static org.asamk.signal.manager.config.ServiceConfig.PREKEY_BATCH_SIZE;
25 import static org.asamk.signal.manager.config.ServiceConfig.PREKEY_MAXIMUM_ID;
26
27 public class KeyUtils {
28
29 private static final SecureRandom secureRandom = new SecureRandom();
30
31 private KeyUtils() {
32 }
33
34 public static IdentityKeyPair getIdentityKeyPair(byte[] publicKeyBytes, byte[] privateKeyBytes) {
35 try {
36 IdentityKey publicKey = new IdentityKey(publicKeyBytes);
37 ECPrivateKey privateKey = Curve.decodePrivatePoint(privateKeyBytes);
38
39 return new IdentityKeyPair(publicKey, privateKey);
40 } catch (InvalidKeyException e) {
41 throw new AssertionError(e);
42 }
43 }
44
45 public static IdentityKeyPair generateIdentityKeyPair() {
46 var djbKeyPair = Curve.generateKeyPair();
47 var djbIdentityKey = new IdentityKey(djbKeyPair.getPublicKey());
48 var djbPrivateKey = djbKeyPair.getPrivateKey();
49
50 return new IdentityKeyPair(djbIdentityKey, djbPrivateKey);
51 }
52
53 public static List<PreKeyRecord> generatePreKeyRecords(final int offset) {
54 var records = new ArrayList<PreKeyRecord>(PREKEY_BATCH_SIZE);
55 for (var i = 0; i < PREKEY_BATCH_SIZE; i++) {
56 var preKeyId = (offset + i) % PREKEY_MAXIMUM_ID;
57 var keyPair = Curve.generateKeyPair();
58 var record = new PreKeyRecord(preKeyId, keyPair);
59
60 records.add(record);
61 }
62 return records;
63 }
64
65 public static SignedPreKeyRecord generateSignedPreKeyRecord(
66 final int signedPreKeyId, final ECPrivateKey privateKey
67 ) {
68 var keyPair = Curve.generateKeyPair();
69 byte[] signature;
70 try {
71 signature = Curve.calculateSignature(privateKey, keyPair.getPublicKey().serialize());
72 } catch (InvalidKeyException e) {
73 throw new AssertionError(e);
74 }
75 return new SignedPreKeyRecord(signedPreKeyId, System.currentTimeMillis(), keyPair, signature);
76 }
77
78 public static List<KyberPreKeyRecord> generateKyberPreKeyRecords(
79 final int offset, final ECPrivateKey privateKey
80 ) {
81 var records = new ArrayList<KyberPreKeyRecord>(PREKEY_BATCH_SIZE);
82 for (var i = 0; i < PREKEY_BATCH_SIZE; i++) {
83 var preKeyId = (offset + i) % PREKEY_MAXIMUM_ID;
84 records.add(generateKyberPreKeyRecord(preKeyId, privateKey));
85 }
86 return records;
87 }
88
89 public static KyberPreKeyRecord generateKyberPreKeyRecord(final int preKeyId, final ECPrivateKey privateKey) {
90 KEMKeyPair keyPair = KEMKeyPair.generate(KEMKeyType.KYBER_1024);
91 byte[] signature = privateKey.calculateSignature(keyPair.getPublicKey().serialize());
92
93 return new KyberPreKeyRecord(preKeyId, System.currentTimeMillis(), keyPair, signature);
94 }
95
96 public static ProfileKey createProfileKey() {
97 try {
98 return new ProfileKey(getSecretBytes(32));
99 } catch (InvalidInputException e) {
100 throw new AssertionError("Profile key is guaranteed to be 32 bytes here");
101 }
102 }
103
104 public static String createPassword() {
105 return getSecret(18);
106 }
107
108 public static byte[] createStickerUploadKey() {
109 return getSecretBytes(32);
110 }
111
112 public static MasterKey createMasterKey() {
113 return MasterKey.createNew(secureRandom);
114 }
115
116 public static byte[] createRawStorageId() {
117 return getSecretBytes(16);
118 }
119
120 private static String getSecret(int size) {
121 var secret = getSecretBytes(size);
122 return Base64.getEncoder().encodeToString(secret);
123 }
124
125 public static byte[] getSecretBytes(int size) {
126 var secret = new byte[size];
127 secureRandom.nextBytes(secret);
128 return secret;
129 }
130
131 public static int getRandomInt(int bound) {
132 return secureRandom.nextInt(bound);
133 }
134
135 public static PreKeyCollection generatePreKeysForType(final SignalAccount.AccountData<?> accountData) {
136 final var keyPair = accountData.getIdentityKeyPair();
137 final var preKeyMetadata = accountData.getPreKeyMetadata();
138
139 final var nextSignedPreKeyId = preKeyMetadata.getNextSignedPreKeyId();
140 final var signedPreKey = generateSignedPreKeyRecord(nextSignedPreKeyId, keyPair.getPrivateKey());
141
142 final var privateKey = keyPair.getPrivateKey();
143 final var kyberPreKeyIdOffset = preKeyMetadata.getNextKyberPreKeyId();
144 final var lastResortKyberPreKey = generateKyberPreKeyRecord(kyberPreKeyIdOffset, privateKey);
145
146 return new PreKeyCollection(keyPair.getPublicKey(), signedPreKey, lastResortKyberPreKey);
147 }
148 }
[GitHub/AsamK] signal-cli provides an unofficial commandline, JSON-RPC and dbus interface for the Signal messenger.

Codeberg
GitHub
GitLab
SourceHut