Use same cipher version for registration and linking provisioning messages.

2025-12-27 06:29:54 +00:00 · 2025-08-22 09:21:41 -04:00
parent 00d425356d
commit 53f2049c48
2 changed files with 2 additions and 2 deletions
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/internal/crypto/PrimaryProvisioningCipher.java
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/internal/crypto/PrimaryProvisioningCipher.java
@@ -62,7 +62,7 @@ public class PrimaryProvisioningCipher {
    byte[]    derivedSecret = HKDF.deriveSecrets(sharedSecret, PROVISIONING_MESSAGE.getBytes(), 64);
    byte[][]  parts         = Util.split(derivedSecret, 32, 32);

-    byte[] version    = { 0x00 };
+    byte[] version    = { 0x01 };
    byte[] ciphertext = getCiphertext(parts[0], message.encode());
    byte[] mac        = getMac(parts[1], Util.join(version, ciphertext));
    byte[] body       = Util.join(version, ciphertext, mac);
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/internal/crypto/SecondaryProvisioningCipher.kt
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/internal/crypto/SecondaryProvisioningCipher.kt
@@ -66,7 +66,7 @@ class SecondaryProvisioningCipher(private val secondaryIdentityKeyPair: Identity
      return ProvisioningDecryptResult.Error()
    }

-    val plaintext = decrypt(expectedVersion = 0, primaryEphemeralPublicKey = envelope.publicKey.toByteArray(), body = envelope.body.toByteArray())
+    val plaintext = decrypt(expectedVersion = 1, primaryEphemeralPublicKey = envelope.publicKey.toByteArray(), body = envelope.body.toByteArray())

    if (plaintext == null) {
      Log.w(TAG, "Plaintext is null")