Move to separate message and media backup keys.

2026-04-26 19:56:02 +01:00 · 2024-10-31 11:58:40 -04:00
parent 22148550dc
commit 26b9cea88e
36 changed files with 596 additions and 380 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/backups/remote/BackupKeyDisplayFragment.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/backups/remote/BackupKeyDisplayFragment.kt
@@ -19,7 +19,7 @@ class BackupKeyDisplayFragment : ComposeFragment() {
  @Composable
  override fun FragmentContent() {
    MessageBackupsKeyRecordScreen(
-      backupKey = SignalStore.svr.getOrCreateMasterKey().deriveBackupKey(),
+      messageBackupKey = SignalStore.backup.messageBackupKey,
      onNavigationClick = { findNavController().popBackStack() },
      onCopyToClipboardClick = { Util.copyToClipboard(requireContext(), it) },
      onNextClick = { findNavController().popBackStack() }
--- a/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/internal/backup/InternalBackupPlaygroundFragment.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/internal/backup/InternalBackupPlaygroundFragment.kt
@@ -366,6 +366,25 @@ fun Screen(

      Dividers.Default()

+      Buttons.LargeTonal(
+        onClick = {
+          SignalStore.backup.backupsInitialized = false
+        }
+      ) {
+        Text("Clear backup init flag")
+      }
+
+      Buttons.LargeTonal(
+        onClick = {
+          SignalStore.backup.messageCredentials.clearAll()
+          SignalStore.backup.mediaCredentials.clearAll()
+        }
+      ) {
+        Text("Clear backup credentials")
+      }
+
+      Dividers.Default()
+
      Row(
        verticalAlignment = Alignment.CenterVertically
      ) {
--- a/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/internal/backup/InternalBackupPlaygroundViewModel.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/internal/backup/InternalBackupPlaygroundViewModel.kt
@@ -475,14 +475,15 @@ class InternalBackupPlaygroundViewModel : ViewModel() {
      attachments: List<BackupAttachment> = this.attachments,
      inProgress: Set<AttachmentId> = this.inProgressMediaIds
    ): MediaState {
-      val backupKey = SignalStore.svr.getOrCreateMasterKey().deriveBackupKey()
+      val backupKey = SignalStore.backup.messageBackupKey
+      val mediaRootBackupKey = SignalStore.backup.mediaRootBackupKey

      val updatedAttachments = attachments.map {
        val state = if (inProgress.contains(it.dbAttachment.attachmentId)) {
          BackupAttachment.State.IN_PROGRESS
        } else if (it.dbAttachment.archiveMediaName != null) {
          if (it.dbAttachment.remoteDigest != null) {
-            val mediaId = backupKey.deriveMediaId(MediaName(it.dbAttachment.archiveMediaName)).encode()
+            val mediaId = mediaRootBackupKey.deriveMediaId(MediaName(it.dbAttachment.archiveMediaName)).encode()
            if (it.dbAttachment.archiveMediaId == mediaId) {
              BackupAttachment.State.UPLOADED_FINAL
            } else {
@@ -552,10 +553,10 @@ class InternalBackupPlaygroundViewModel : ViewModel() {

      val encryptedStream = tempBackupFile.inputStream()
      val iv = encryptedStream.readNBytesOrThrow(16)
-      val backupKey = SignalStore.svr.orCreateMasterKey.deriveBackupKey()
+      val backupKey = SignalStore.backup.messageBackupKey
      val keyMaterial = backupKey.deriveBackupSecrets(Recipient.self().aci.get())
      val cipher = Cipher.getInstance("AES/CBC/PKCS5Padding").apply {
-        init(Cipher.DECRYPT_MODE, SecretKeySpec(keyMaterial.cipherKey, "AES"), IvParameterSpec(iv))
+        init(Cipher.DECRYPT_MODE, SecretKeySpec(keyMaterial.aesKey, "AES"), IvParameterSpec(iv))
      }

      val plaintextStream = GZIPInputStream(