Switch to libsignal for PIN hashing.

2026-04-19 00:01:08 +01:00 · 2023-05-10 15:53:31 -04:00
parent 13248506c5
commit acb6510312
21 changed files with 148 additions and 195 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/pin/KbsRepository.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/pin/KbsRepository.java
@@ -8,15 +8,15 @@ import androidx.annotation.Nullable;
 import org.signal.core.util.concurrent.SignalExecutors;
 import org.signal.core.util.logging.Log;
 import org.signal.libsignal.protocol.InvalidKeyException;
+import org.signal.libsignal.svr2.PinHash;
 import org.thoughtcrime.securesms.KbsEnclave;
 import org.thoughtcrime.securesms.dependencies.ApplicationDependencies;
 import org.thoughtcrime.securesms.keyvalue.SignalStore;
-import org.thoughtcrime.securesms.lock.PinHashing;
 import org.whispersystems.signalservice.api.KbsPinData;
 import org.whispersystems.signalservice.api.KeyBackupService;
 import org.whispersystems.signalservice.api.KeyBackupServicePinException;
 import org.whispersystems.signalservice.api.KeyBackupSystemNoDataException;
-import org.whispersystems.signalservice.api.kbs.HashedPin;
+import org.whispersystems.signalservice.api.kbs.PinHashUtil;
 import org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException;
 import org.whispersystems.signalservice.internal.ServiceResponse;
 import org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedResponseException;
@@ -162,7 +162,7 @@ public class KbsRepository {
    try {
      Log.i(TAG, "Restoring pin from KBS");

-      HashedPin  hashedPin = PinHashing.hashPin(pin, session);
+      PinHash    hashedPin = PinHashUtil.hashPin(pin, session.hashSalt());
      KbsPinData kbsData   = session.restorePin(hashedPin);

      if (kbsData != null) {
--- a/app/src/main/java/org/thoughtcrime/securesms/pin/PinState.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/pin/PinState.java
@@ -8,6 +8,7 @@ import androidx.annotation.WorkerThread;

 import org.signal.core.util.logging.Log;
 import org.signal.libsignal.protocol.InvalidKeyException;
+import org.signal.libsignal.svr2.PinHash;
 import org.thoughtcrime.securesms.KbsEnclave;
 import org.thoughtcrime.securesms.dependencies.ApplicationDependencies;
 import org.thoughtcrime.securesms.jobmanager.JobTracker;
@@ -16,15 +17,14 @@ import org.thoughtcrime.securesms.jobs.RefreshAttributesJob;
 import org.thoughtcrime.securesms.jobs.StorageForcePushJob;
 import org.thoughtcrime.securesms.keyvalue.KbsValues;
 import org.thoughtcrime.securesms.keyvalue.SignalStore;
-import org.thoughtcrime.securesms.lock.PinHashing;
 import org.thoughtcrime.securesms.lock.RegistrationLockReminders;
 import org.thoughtcrime.securesms.lock.v2.PinKeyboardType;
 import org.thoughtcrime.securesms.megaphone.Megaphones;
 import org.thoughtcrime.securesms.util.TextSecurePreferences;
 import org.whispersystems.signalservice.api.KbsPinData;
 import org.whispersystems.signalservice.api.KeyBackupService;
-import org.whispersystems.signalservice.api.kbs.HashedPin;
 import org.whispersystems.signalservice.api.kbs.MasterKey;
+import org.whispersystems.signalservice.api.kbs.PinHashUtil;
 import org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedResponseException;

 import java.io.IOException;
@@ -119,8 +119,8 @@ public final class PinState {
    MasterKey                         masterKey        = kbsValues.getOrCreateMasterKey();
    KeyBackupService                  keyBackupService = ApplicationDependencies.getKeyBackupService(kbsEnclave);
    KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
-    HashedPin                         hashedPin        = PinHashing.hashPin(pin, pinChangeSession);
-    KbsPinData                        kbsData          = pinChangeSession.setPin(hashedPin, masterKey);
+    PinHash                           pinHash          = PinHashUtil.hashPin(pin, pinChangeSession.hashSalt());
+    KbsPinData                        kbsData          = pinChangeSession.setPin(pinHash, masterKey);

    kbsValues.setKbsMasterKey(kbsData, pin);
    kbsValues.setPinForgottenOrSkipped(false);
@@ -221,8 +221,8 @@ public final class PinState {
    MasterKey                         masterKey        = kbsValues.getOrCreateMasterKey();
    KeyBackupService                  keyBackupService = ApplicationDependencies.getKeyBackupService(kbsEnclave);
    KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
-    HashedPin                         hashedPin        = PinHashing.hashPin(pin, pinChangeSession);
-    KbsPinData                        kbsData          = pinChangeSession.setPin(hashedPin, masterKey);
+    PinHash                           pinHash          = PinHashUtil.hashPin(pin, pinChangeSession.hashSalt());
+    KbsPinData                        kbsData          = pinChangeSession.setPin(pinHash, masterKey);

    pinChangeSession.enableRegistrationLock(masterKey);

@@ -299,8 +299,8 @@ public final class PinState {

    KeyBackupService                  kbs              = ApplicationDependencies.getKeyBackupService(enclave);
    KeyBackupService.PinChangeSession pinChangeSession = kbs.newPinChangeSession();
-    HashedPin                         hashedPin        = PinHashing.hashPin(pin, pinChangeSession);
-    KbsPinData                        newData          = pinChangeSession.setPin(hashedPin, masterKey);
+    PinHash                           pinHash          = PinHashUtil.hashPin(pin, pinChangeSession.hashSalt());
+    KbsPinData                        newData          = pinChangeSession.setPin(pinHash, masterKey);

    SignalStore.kbsValues().setKbsMasterKey(newData, pin);