mirror of
https://github.com/signalapp/Signal-Android.git
synced 2026-04-24 10:51:27 +01:00
Enable KBS.
This commit is contained in:
committed by
Greyson Parrelli
parent
bdb30ebc48
commit
7d15c602a6
@@ -1,12 +1,12 @@
|
||||
package org.thoughtcrime.securesms.lock;
|
||||
|
||||
import androidx.annotation.NonNull;
|
||||
import androidx.annotation.Nullable;
|
||||
|
||||
import org.signal.argon2.Argon2;
|
||||
import org.signal.argon2.Argon2Exception;
|
||||
import org.signal.argon2.MemoryCost;
|
||||
import org.signal.argon2.Type;
|
||||
import org.signal.argon2.UnknownTypeException;
|
||||
import org.signal.argon2.Version;
|
||||
import org.thoughtcrime.securesms.util.Util;
|
||||
import org.whispersystems.signalservice.api.KeyBackupService;
|
||||
@@ -15,9 +15,6 @@ import org.whispersystems.signalservice.internal.registrationpin.PinHasher;
|
||||
|
||||
public final class PinHashing {
|
||||
|
||||
private static final Type KBS_PIN_ARGON_TYPE = Type.Argon2id;
|
||||
private static final Type LOCAL_PIN_ARGON_TYPE = Type.Argon2i;
|
||||
|
||||
private PinHashing() {
|
||||
}
|
||||
|
||||
@@ -25,7 +22,7 @@ public final class PinHashing {
|
||||
return PinHasher.hashPin(PinHasher.normalize(pin), password -> {
|
||||
try {
|
||||
return new Argon2.Builder(Version.V13)
|
||||
.type(KBS_PIN_ARGON_TYPE)
|
||||
.type(Type.Argon2id)
|
||||
.memoryCost(MemoryCost.MiB(16))
|
||||
.parallelism(1)
|
||||
.iterations(32)
|
||||
@@ -43,7 +40,7 @@ public final class PinHashing {
|
||||
byte[] normalized = PinHasher.normalize(pin);
|
||||
try {
|
||||
return new Argon2.Builder(Version.V13)
|
||||
.type(LOCAL_PIN_ARGON_TYPE)
|
||||
.type(Type.Argon2i)
|
||||
.memoryCost(MemoryCost.KiB(256))
|
||||
.parallelism(1)
|
||||
.iterations(50)
|
||||
@@ -58,6 +55,10 @@ public final class PinHashing {
|
||||
|
||||
public static boolean verifyLocalPinHash(@NonNull String localPinHash, @NonNull String pin) {
|
||||
byte[] normalized = PinHasher.normalize(pin);
|
||||
return Argon2.verify(localPinHash, normalized, LOCAL_PIN_ARGON_TYPE);
|
||||
try {
|
||||
return Argon2.verify(localPinHash, normalized);
|
||||
} catch (UnknownTypeException e) {
|
||||
throw new AssertionError(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -35,7 +35,6 @@ import org.thoughtcrime.securesms.keyvalue.KbsValues;
|
||||
import org.thoughtcrime.securesms.keyvalue.SignalStore;
|
||||
import org.thoughtcrime.securesms.logging.Log;
|
||||
import org.thoughtcrime.securesms.migrations.RegistrationPinV2MigrationJob;
|
||||
import org.thoughtcrime.securesms.util.FeatureFlags;
|
||||
import org.thoughtcrime.securesms.util.ServiceUtil;
|
||||
import org.thoughtcrime.securesms.util.TextSecurePreferences;
|
||||
import org.thoughtcrime.securesms.util.ThemeUtil;
|
||||
@@ -126,10 +125,8 @@ public final class RegistrationLockDialog {
|
||||
dialog.dismiss();
|
||||
RegistrationLockReminders.scheduleReminder(context, true);
|
||||
|
||||
if (FeatureFlags.kbs()) {
|
||||
Log.i(TAG, "Pin V1 successfully remembered, scheduling a migration to V2");
|
||||
ApplicationDependencies.getJobManager().add(new RegistrationPinV2MigrationJob());
|
||||
}
|
||||
Log.i(TAG, "Pin V1 successfully remembered, scheduling a migration to V2");
|
||||
ApplicationDependencies.getJobManager().add(new RegistrationPinV2MigrationJob());
|
||||
}
|
||||
});
|
||||
}
|
||||
@@ -201,34 +198,27 @@ public final class RegistrationLockDialog {
|
||||
@Override
|
||||
protected Boolean doInBackground(Void... voids) {
|
||||
try {
|
||||
if (!FeatureFlags.kbs()) {
|
||||
Log.i(TAG, "Setting V1 pin");
|
||||
SignalServiceAccountManager accountManager = ApplicationDependencies.getSignalServiceAccountManager();
|
||||
accountManager.setPin(pinValue);
|
||||
TextSecurePreferences.setDeprecatedRegistrationLockPin(context, pinValue);
|
||||
Log.i(TAG, "Setting pin on KBS");
|
||||
|
||||
KbsValues kbsValues = SignalStore.kbsValues();
|
||||
MasterKey masterKey = kbsValues.getOrCreateMasterKey();
|
||||
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
|
||||
KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
|
||||
HashedPin hashedPin = PinHashing.hashPin(pinValue, pinChangeSession);
|
||||
RegistrationLockData kbsData = pinChangeSession.setPin(hashedPin, masterKey);
|
||||
RegistrationLockData restoredData = keyBackupService.newRestoreSession(kbsData.getTokenResponse())
|
||||
.restorePin(hashedPin);
|
||||
|
||||
if (!restoredData.getMasterKey().equals(masterKey)) {
|
||||
throw new AssertionError("Failed to set the pin correctly");
|
||||
} else {
|
||||
Log.i(TAG, "Setting pin on KBS");
|
||||
|
||||
KbsValues kbsValues = SignalStore.kbsValues();
|
||||
MasterKey masterKey = kbsValues.getOrCreateMasterKey();
|
||||
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
|
||||
KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
|
||||
HashedPin hashedPin = PinHashing.hashPin(pinValue, pinChangeSession);
|
||||
RegistrationLockData kbsData = pinChangeSession.setPin(hashedPin, masterKey);
|
||||
RegistrationLockData restoredData = keyBackupService.newRestoreSession(kbsData.getTokenResponse())
|
||||
.restorePin(hashedPin);
|
||||
|
||||
if (!restoredData.getMasterKey().equals(masterKey)) {
|
||||
throw new AssertionError("Failed to set the pin correctly");
|
||||
} else {
|
||||
Log.i(TAG, "Set and retrieved pin on KBS successfully");
|
||||
}
|
||||
|
||||
kbsValues.setRegistrationLockMasterKey(restoredData, PinHashing.localPinHash(pinValue));
|
||||
TextSecurePreferences.clearOldRegistrationLockPin(context);
|
||||
TextSecurePreferences.setRegistrationLockLastReminderTime(context, System.currentTimeMillis());
|
||||
TextSecurePreferences.setRegistrationLockNextReminderInterval(context, RegistrationLockReminders.INITIAL_INTERVAL);
|
||||
Log.i(TAG, "Set and retrieved pin on KBS successfully");
|
||||
}
|
||||
|
||||
kbsValues.setRegistrationLockMasterKey(restoredData, PinHashing.localPinHash(pinValue));
|
||||
TextSecurePreferences.clearOldRegistrationLockPin(context);
|
||||
TextSecurePreferences.setRegistrationLockLastReminderTime(context, System.currentTimeMillis());
|
||||
TextSecurePreferences.setRegistrationLockNextReminderInterval(context, RegistrationLockReminders.INITIAL_INTERVAL);
|
||||
return true;
|
||||
} catch (IOException | UnauthenticatedResponseException | KeyBackupServicePinException e) {
|
||||
Log.w(TAG, e);
|
||||
@@ -282,23 +272,18 @@ public final class RegistrationLockDialog {
|
||||
@Override
|
||||
protected Boolean doInBackground(Void... voids) {
|
||||
try {
|
||||
if (!FeatureFlags.kbs()) {
|
||||
Log.i(TAG, "Removing v2 registration lock pin from server");
|
||||
KbsValues kbsValues = SignalStore.kbsValues();
|
||||
TokenResponse currentToken = kbsValues.getRegistrationLockTokenResponse();
|
||||
|
||||
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
|
||||
keyBackupService.newPinChangeSession(currentToken).removePin();
|
||||
kbsValues.clearRegistrationLock();
|
||||
|
||||
// It is possible a migration has not occurred, in this case, we need to remove the old V1 Pin
|
||||
if (TextSecurePreferences.isV1RegistrationLockEnabled(context)) {
|
||||
Log.i(TAG, "Removing v1 registration lock pin from server");
|
||||
ApplicationDependencies.getSignalServiceAccountManager().removeV1Pin();
|
||||
} else {
|
||||
Log.i(TAG, "Removing v2 registration lock pin from server");
|
||||
KbsValues kbsValues = SignalStore.kbsValues();
|
||||
TokenResponse currentToken = kbsValues.getRegistrationLockTokenResponse();
|
||||
|
||||
KeyBackupService keyBackupService = ApplicationDependencies.getKeyBackupService();
|
||||
keyBackupService.newPinChangeSession(currentToken).removePin();
|
||||
kbsValues.clearRegistrationLock();
|
||||
|
||||
// It is possible a migration has not occurred, in this case, we need to remove the old V1 Pin
|
||||
if (TextSecurePreferences.isV1RegistrationLockEnabled(context)) {
|
||||
Log.i(TAG, "Removing v1 registration lock pin from server");
|
||||
ApplicationDependencies.getSignalServiceAccountManager().removeV1Pin();
|
||||
}
|
||||
}
|
||||
TextSecurePreferences.clearOldRegistrationLockPin(context);
|
||||
return true;
|
||||
|
||||
Reference in New Issue
Block a user