Migrate to the new KBS and CDS enclaves.

2026-02-25 12:17:22 +00:00 · 2022-01-24 14:46:51 -05:00
parent 642d37edb2
commit 35c5a8106d
7 changed files with 77 additions and 20 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/migrations/ApplicationMigrations.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/migrations/ApplicationMigrations.java
@@ -96,9 +96,10 @@ public class ApplicationMigrations {
    static final int JUMBOMOJI_DOWNLOAD            = 52;
    static final int FIX_EMOJI_QUALITY             = 53;
    static final int CHANGE_NUMBER_CAPABILITY_4    = 54;
+    static final int KBS_MIGRATION                 = 55;
  }

-  public static final int CURRENT_VERSION = 54;
+  public static final int CURRENT_VERSION = 55;

  /**
   * This *must* be called after the {@link JobManager} has been instantiated, but *before* the call
@@ -413,7 +414,11 @@ public class ApplicationMigrations {
    }

    if (lastSeenVersion < Version.CHANGE_NUMBER_CAPABILITY_4) {
-      jobs.put(Version.CHANGE_NUMBER_CAPABILITY_4, new AttributesMigrationJob());
+      jobs.put(Version.CHANGE_NUMBER_CAPABILITY_4,new AttributesMigrationJob());
+    }
+
+    if (lastSeenVersion < Version.KBS_MIGRATION) {
+      jobs.put(Version.KBS_MIGRATION, new KbsEnclaveMigrationJob());
    }

    return jobs;
--- a/app/src/main/java/org/thoughtcrime/securesms/pin/KbsRepository.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/pin/KbsRepository.java
@@ -101,7 +101,7 @@ public final class KbsRepository {
    if (pin == null) return null;

    if (basicStorageCredentials == null) {
-      throw new AssertionError("Cannot restore KBS key, no storage credentials supplied");
+      throw new AssertionError("Cannot restore KBS key, no storage credentials supplied. Enclave: " + enclave.getEnclaveName());
    }

    Log.i(TAG, "Preparing to restore from " + enclave.getEnclaveName());
--- a/app/src/main/java/org/thoughtcrime/securesms/pin/PinState.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/pin/PinState.java
@@ -112,10 +112,11 @@ public final class PinState {
  {
    Log.i(TAG, "onPinChangedOrCreated()");

+    KbsEnclave                        kbsEnclave       = KbsEnclaves.current();
    KbsValues                         kbsValues        = SignalStore.kbsValues();
    boolean                           isFirstPin       = !kbsValues.hasPin() || kbsValues.hasOptedOut();
    MasterKey                         masterKey        = kbsValues.getOrCreateMasterKey();
-    KeyBackupService                  keyBackupService = ApplicationDependencies.getKeyBackupService(KbsEnclaves.current());
+    KeyBackupService                  keyBackupService = ApplicationDependencies.getKeyBackupService(kbsEnclave);
    KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
    HashedPin                         hashedPin        = PinHashing.hashPin(pin, pinChangeSession);
    KbsPinData                        kbsData          = pinChangeSession.setPin(hashedPin, masterKey);
@@ -127,10 +128,10 @@ public final class PinState {
    ApplicationDependencies.getMegaphoneRepository().markFinished(Megaphones.Event.PINS_FOR_ALL);

    if (isFirstPin) {
-      Log.i(TAG, "First time setting a PIN. Refreshing attributes to set the 'storage' capability.");
+      Log.i(TAG, "First time setting a PIN. Refreshing attributes to set the 'storage' capability. Enclave: " + kbsEnclave.getEnclaveName());
      bestEffortRefreshAttributes();
    } else {
-      Log.i(TAG, "Not the first time setting a PIN.");
+      Log.i(TAG, "Not the first time setting a PIN. Enclave: " + kbsEnclave.getEnclaveName());
    }

    updateState(buildInferredStateFromOtherFields());
@@ -173,8 +174,12 @@ public final class PinState {

    assertState(State.PIN_WITH_REGISTRATION_LOCK_DISABLED);

+
+    KbsEnclave kbsEnclave = KbsEnclaves.current();
+    Log.i(TAG, "Enclave: " + kbsEnclave.getEnclaveName());
+
    SignalStore.kbsValues().setV2RegistrationLockEnabled(false);
-    ApplicationDependencies.getKeyBackupService(KbsEnclaves.current())
+    ApplicationDependencies.getKeyBackupService(kbsEnclave)
                           .newPinChangeSession(SignalStore.kbsValues().getRegistrationLockTokenResponse())
                           .enableRegistrationLock(SignalStore.kbsValues().getOrCreateMasterKey());
    SignalStore.kbsValues().setV2RegistrationLockEnabled(true);
@@ -214,9 +219,12 @@ public final class PinState {
  {
    Log.i(TAG, "onMigrateToRegistrationLockV2()");

+    KbsEnclave kbsEnclave = KbsEnclaves.current();
+    Log.i(TAG, "Enclave: " + kbsEnclave.getEnclaveName());
+
    KbsValues                         kbsValues        = SignalStore.kbsValues();
    MasterKey                         masterKey        = kbsValues.getOrCreateMasterKey();
-    KeyBackupService                  keyBackupService = ApplicationDependencies.getKeyBackupService(KbsEnclaves.current());
+    KeyBackupService                  keyBackupService = ApplicationDependencies.getKeyBackupService(kbsEnclave);
    KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
    HashedPin                         hashedPin        = PinHashing.hashPin(pin, pinChangeSession);
    KbsPinData                        kbsData          = pinChangeSession.setPin(hashedPin, masterKey);
@@ -294,6 +302,8 @@ public final class PinState {
  private static @NonNull KbsPinData setPinOnEnclave(@NonNull KbsEnclave enclave, @NonNull String pin, @NonNull MasterKey masterKey)
      throws IOException, UnauthenticatedResponseException
  {
+    Log.i(TAG, "Setting PIN on enclave: " + enclave.getEnclaveName());
+
    KeyBackupService                  kbs              = ApplicationDependencies.getKeyBackupService(enclave);
    KeyBackupService.PinChangeSession pinChangeSession = kbs.newPinChangeSession();
    HashedPin                         hashedPin        = PinHashing.hashPin(pin, pinChangeSession);