From d36a4232be5bb76b2949c5fac82e76d5f977a975 Mon Sep 17 00:00:00 2001
From: gram-signal <84339875+gram-signal@users.noreply.github.com>
Date: Fri, 3 Oct 2025 08:12:30 -0700
Subject: [PATCH] Bump libsignal to v0.83.0
---
.../securesms/testing/BobClient.kt | 5 ++---
.../ApplicationDependencyProvider.java | 3 +--
.../securesms/messages/MessageDecryptor.kt | 2 +-
.../securesms/util/RemoteConfig.kt | 11 ----------
gradle/libs.versions.toml | 2 +-
gradle/verification-metadata.xml | 20 +++++++++----------
.../api/SignalServiceMessageSender.java | 10 +++-------
.../api/crypto/SignalSealedSessionCipher.java | 3 +--
.../api/crypto/SignalServiceCipher.java | 9 ++++-----
.../api/crypto/SignalSessionBuilder.java | 5 ++---
.../api/crypto/SignalSessionCipher.java | 5 ++---
.../java/org/signal/util/SignalClient.kt | 5 ++---
12 files changed, 29 insertions(+), 51 deletions(-)
diff --git a/app/src/androidTest/java/org/thoughtcrime/securesms/testing/BobClient.kt b/app/src/androidTest/java/org/thoughtcrime/securesms/testing/BobClient.kt
index 7e62467369..237f176d9c 100644
--- a/app/src/androidTest/java/org/thoughtcrime/securesms/testing/BobClient.kt
+++ b/app/src/androidTest/java/org/thoughtcrime/securesms/testing/BobClient.kt
@@ -6,7 +6,6 @@ import org.signal.libsignal.protocol.IdentityKey
import org.signal.libsignal.protocol.IdentityKeyPair
import org.signal.libsignal.protocol.SessionBuilder
import org.signal.libsignal.protocol.SignalProtocolAddress
-import org.signal.libsignal.protocol.UsePqRatchet
import org.signal.libsignal.protocol.ecc.ECKeyPair
import org.signal.libsignal.protocol.groups.state.SenderKeyRecord
import org.signal.libsignal.protocol.state.IdentityKeyStore
@@ -69,7 +68,7 @@ class BobClient(val serviceId: ServiceId, val e164: String, val identityKeyPair:
if (!aciStore.containsSession(getAliceProtocolAddress())) {
val sessionBuilder = SignalSessionBuilder(sessionLock, SessionBuilder(aciStore, getAliceProtocolAddress()))
- sessionBuilder.process(getAlicePreKeyBundle(), UsePqRatchet.NO)
+ sessionBuilder.process(getAlicePreKeyBundle())
}
return cipher.encrypt(getAliceProtocolAddress(), getAliceUnidentifiedAccess(), envelopeContent)
@@ -78,7 +77,7 @@ class BobClient(val serviceId: ServiceId, val e164: String, val identityKeyPair:
fun decrypt(envelope: Envelope, serverDeliveredTimestamp: Long) {
val cipher = SignalServiceCipher(serviceAddress, 1, aciStore, sessionLock, SealedSenderAccessUtil.getCertificateValidator())
- cipher.decrypt(envelope, serverDeliveredTimestamp, UsePqRatchet.NO)
+ cipher.decrypt(envelope, serverDeliveredTimestamp)
}
private fun getAliceServiceId(): ServiceId {
diff --git a/app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java b/app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java
index 0c36b72770..b0b9866a07 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java
@@ -174,8 +174,7 @@ public class ApplicationDependencyProvider implements AppDependencies.Provider {
Optional.of(new SecurityEventListener(context)),
SignalExecutors.newCachedBoundedExecutor("signal-messages", ThreadUtil.PRIORITY_IMPORTANT_BACKGROUND_THREAD, 1, 16, 30),
RemoteConfig.maxEnvelopeSizeBytes(),
- RemoteConfig::useMessageSendRestFallback,
- RemoteConfig.usePqRatchet());
+ RemoteConfig::useMessageSendRestFallback);
}
@Override
diff --git a/app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt b/app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt
index 01192688a1..2525e38fe9 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt
@@ -151,7 +151,7 @@ object MessageDecryptor {
return try {
val startTimeNanos = System.nanoTime()
- val cipherResult: SignalServiceCipherResult? = cipher.decrypt(envelope, serverDeliveredTimestamp, RemoteConfig.usePqRatchet)
+ val cipherResult: SignalServiceCipherResult? = cipher.decrypt(envelope, serverDeliveredTimestamp)
val endTimeNanos = System.nanoTime()
if (cipherResult == null) {
diff --git a/app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt b/app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt
index 0437fe4b39..ae657a7d70 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt
@@ -11,7 +11,6 @@ import org.signal.core.util.gibiBytes
import org.signal.core.util.kibiBytes
import org.signal.core.util.logging.Log
import org.signal.core.util.mebiBytes
-import org.signal.libsignal.protocol.UsePqRatchet
import org.thoughtcrime.securesms.dependencies.AppDependencies
import org.thoughtcrime.securesms.groups.SelectionLimits
import org.thoughtcrime.securesms.jobs.RemoteConfigRefreshJob
@@ -1165,16 +1164,6 @@ object RemoteConfig {
durationUnit = DurationUnit.DAYS
)
- /** Whether or not to use the new post-quantum ratcheting. */
- @JvmStatic
- @get:JvmName("usePqRatchet")
- val usePqRatchet: UsePqRatchet by remoteValue(
- key = "android.usePqRatchet",
- hotSwappable = false
- ) { value ->
- if (value.asBoolean(false)) UsePqRatchet.YES else UsePqRatchet.NO
- }
-
/** The maximum allowed envelope size for messages we send. */
@JvmStatic
@get:JvmName("maxEnvelopeSizeBytes")
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 7323226cd7..f0655b9835 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -13,7 +13,7 @@ androidx-window = "1.3.0"
glide = "4.15.1"
gradle = "8.9.0"
kotlin = "2.2.20"
-libsignal-client = "0.82.1"
+libsignal-client = "0.83.0"
mp4parser = "1.9.39"
android-gradle-plugin = "8.10.1"
accompanist = "0.28.0"
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index e46b4b0475..027523ef4f 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -9535,20 +9535,20 @@ https://docs.gradle.org/current/userguide/dependency_verification.html
-
-
-
+
+
+
-
-
+
+
-
-
-
+
+
+
-
-
+
+
diff --git a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/SignalServiceMessageSender.java b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/SignalServiceMessageSender.java
index d53ce45c63..272d51658b 100644
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/SignalServiceMessageSender.java
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/SignalServiceMessageSender.java
@@ -14,7 +14,6 @@ import org.signal.libsignal.protocol.InvalidRegistrationIdException;
import org.signal.libsignal.protocol.NoSessionException;
import org.signal.libsignal.protocol.SessionBuilder;
import org.signal.libsignal.protocol.SignalProtocolAddress;
-import org.signal.libsignal.protocol.UsePqRatchet;
import org.signal.libsignal.protocol.groups.GroupSessionBuilder;
import org.signal.libsignal.protocol.logging.Log;
import org.signal.libsignal.protocol.message.DecryptionErrorMessage;
@@ -185,7 +184,6 @@ public class SignalServiceMessageSender {
private final Scheduler scheduler;
private final long maxEnvelopeSize;
private final BooleanSupplier useRestFallback;
- private final UsePqRatchet usePqRatchet;
public SignalServiceMessageSender(PushServiceSocket pushServiceSocket,
SignalServiceDataStore store,
@@ -196,8 +194,7 @@ public class SignalServiceMessageSender {
Optional eventListener,
ExecutorService executor,
long maxEnvelopeSize,
- BooleanSupplier useRestFallback,
- UsePqRatchet usePqRatchet)
+ BooleanSupplier useRestFallback)
{
CredentialsProvider credentialsProvider = pushServiceSocket.getCredentialsProvider();
@@ -215,7 +212,6 @@ public class SignalServiceMessageSender {
this.scheduler = Schedulers.from(executor, false, false);
this.keysApi = keysApi;
this.useRestFallback = useRestFallback;
- this.usePqRatchet = usePqRatchet;
}
/**
@@ -2738,7 +2734,7 @@ public class SignalServiceMessageSender {
try {
SignalProtocolAddress preKeyAddress = new SignalProtocolAddress(recipient.getIdentifier(), preKey.getDeviceId());
SignalSessionBuilder sessionBuilder = new SignalSessionBuilder(sessionLock, new SessionBuilder(aciStore, preKeyAddress));
- sessionBuilder.process(preKey, usePqRatchet);
+ sessionBuilder.process(preKey);
} catch (org.signal.libsignal.protocol.UntrustedIdentityException e) {
throw new UntrustedIdentityException("Untrusted identity key!", recipient.getIdentifier(), preKey.getIdentityKey());
}
@@ -2790,7 +2786,7 @@ public class SignalServiceMessageSender {
try {
SignalSessionBuilder sessionBuilder = new SignalSessionBuilder(sessionLock, new SessionBuilder(aciStore, new SignalProtocolAddress(recipient.getIdentifier(), missingDeviceId)));
- sessionBuilder.process(preKey, usePqRatchet);
+ sessionBuilder.process(preKey);
} catch (org.signal.libsignal.protocol.UntrustedIdentityException e) {
throw new UntrustedIdentityException("Untrusted identity key!", recipient.getIdentifier(), preKey.getIdentityKey());
}
diff --git a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java
index 650e9ed542..6631502772 100644
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java
@@ -19,7 +19,6 @@ import org.signal.libsignal.protocol.InvalidRegistrationIdException;
import org.signal.libsignal.protocol.NoSessionException;
import org.signal.libsignal.protocol.SignalProtocolAddress;
import org.signal.libsignal.protocol.UntrustedIdentityException;
-import org.signal.libsignal.protocol.UsePqRatchet;
import org.signal.libsignal.protocol.state.SessionRecord;
import org.signal.libsignal.protocol.state.SignalProtocolStore;
import org.whispersystems.signalservice.api.SignalSessionLock;
@@ -66,7 +65,7 @@ public class SignalSealedSessionCipher {
public SealedSessionCipher.DecryptionResult decrypt(CertificateValidator validator, byte[] ciphertext, long timestamp) throws InvalidMetadataMessageException, InvalidMetadataVersionException, ProtocolInvalidMessageException, ProtocolInvalidKeyException, ProtocolNoSessionException, ProtocolLegacyMessageException, ProtocolInvalidVersionException, ProtocolDuplicateMessageException, ProtocolInvalidKeyIdException, ProtocolUntrustedIdentityException, SelfSendException {
try (SignalSessionLock.Lock unused = lock.acquire()) {
- return cipher.decrypt(validator, ciphertext, timestamp, UsePqRatchet.NO);
+ return cipher.decrypt(validator, ciphertext, timestamp);
}
}
diff --git a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java
index 8ea64d9b39..f24a057201 100644
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java
@@ -34,7 +34,6 @@ import org.signal.libsignal.protocol.NoSessionException;
import org.signal.libsignal.protocol.SessionCipher;
import org.signal.libsignal.protocol.SignalProtocolAddress;
import org.signal.libsignal.protocol.UntrustedIdentityException;
-import org.signal.libsignal.protocol.UsePqRatchet;
import org.signal.libsignal.protocol.groups.GroupCipher;
import org.signal.libsignal.protocol.logging.Log;
import org.signal.libsignal.protocol.message.CiphertextMessage;
@@ -132,7 +131,7 @@ public class SignalServiceCipher {
}
}
- public SignalServiceCipherResult decrypt(Envelope envelope, long serverDeliveredTimestamp, UsePqRatchet usePqRatchet)
+ public SignalServiceCipherResult decrypt(Envelope envelope, long serverDeliveredTimestamp)
throws InvalidMetadataMessageException, InvalidMetadataVersionException,
ProtocolInvalidKeyIdException, ProtocolLegacyMessageException,
ProtocolUntrustedIdentityException, ProtocolNoSessionException,
@@ -142,7 +141,7 @@ public class SignalServiceCipher {
{
try {
if (envelope.content != null) {
- Plaintext plaintext = decryptInternal(envelope, serverDeliveredTimestamp, usePqRatchet);
+ Plaintext plaintext = decryptInternal(envelope, serverDeliveredTimestamp);
Content content = Content.ADAPTER.decode(plaintext.getData());
return new SignalServiceCipherResult(
@@ -164,7 +163,7 @@ public class SignalServiceCipher {
}
}
- private Plaintext decryptInternal(Envelope envelope, long serverDeliveredTimestamp, UsePqRatchet usePqRatchet)
+ private Plaintext decryptInternal(Envelope envelope, long serverDeliveredTimestamp)
throws InvalidMetadataMessageException, InvalidMetadataVersionException,
ProtocolDuplicateMessageException, ProtocolUntrustedIdentityException,
ProtocolLegacyMessageException, ProtocolInvalidKeyException,
@@ -185,7 +184,7 @@ public class SignalServiceCipher {
SignalProtocolAddress sourceAddress = new SignalProtocolAddress(envelope.sourceServiceId, envelope.sourceDevice);
SignalSessionCipher sessionCipher = new SignalSessionCipher(sessionLock, new SessionCipher(signalProtocolStore, sourceAddress));
- paddedMessage = sessionCipher.decrypt(new PreKeySignalMessage(envelope.content.toByteArray()), usePqRatchet);
+ paddedMessage = sessionCipher.decrypt(new PreKeySignalMessage(envelope.content.toByteArray()));
metadata = new SignalServiceMetadata(getSourceAddress(envelope), envelope.sourceDevice, envelope.timestamp, envelope.serverTimestamp, serverDeliveredTimestamp, false, envelope.serverGuid, Optional.empty(), envelope.destinationServiceId);
signalProtocolStore.clearSenderKeySharedWith(Collections.singleton(sourceAddress));
diff --git a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionBuilder.java b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionBuilder.java
index 7b81fa3ddf..d1499c2e23 100644
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionBuilder.java
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionBuilder.java
@@ -3,7 +3,6 @@ package org.whispersystems.signalservice.api.crypto;
import org.signal.libsignal.protocol.InvalidKeyException;
import org.signal.libsignal.protocol.SessionBuilder;
import org.signal.libsignal.protocol.UntrustedIdentityException;
-import org.signal.libsignal.protocol.UsePqRatchet;
import org.signal.libsignal.protocol.state.PreKeyBundle;
import org.whispersystems.signalservice.api.SignalSessionLock;
@@ -20,9 +19,9 @@ public class SignalSessionBuilder {
this.builder = builder;
}
- public void process(PreKeyBundle preKey, UsePqRatchet usePqRatchet) throws InvalidKeyException, UntrustedIdentityException {
+ public void process(PreKeyBundle preKey) throws InvalidKeyException, UntrustedIdentityException {
try (SignalSessionLock.Lock unused = lock.acquire()) {
- builder.process(preKey, usePqRatchet);
+ builder.process(preKey);
}
}
}
diff --git a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java
index e02de4b205..201302a266 100644
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java
@@ -9,7 +9,6 @@ import org.signal.libsignal.protocol.LegacyMessageException;
import org.signal.libsignal.protocol.NoSessionException;
import org.signal.libsignal.protocol.SessionCipher;
import org.signal.libsignal.protocol.UntrustedIdentityException;
-import org.signal.libsignal.protocol.UsePqRatchet;
import org.signal.libsignal.protocol.message.CiphertextMessage;
import org.signal.libsignal.protocol.message.PreKeySignalMessage;
import org.signal.libsignal.protocol.message.SignalMessage;
@@ -34,9 +33,9 @@ public class SignalSessionCipher {
}
}
- public byte[] decrypt(PreKeySignalMessage ciphertext, UsePqRatchet usePqRatchet) throws DuplicateMessageException, LegacyMessageException, InvalidMessageException, InvalidKeyIdException, InvalidKeyException, org.signal.libsignal.protocol.UntrustedIdentityException {
+ public byte[] decrypt(PreKeySignalMessage ciphertext) throws DuplicateMessageException, LegacyMessageException, InvalidMessageException, InvalidKeyIdException, InvalidKeyException, org.signal.libsignal.protocol.UntrustedIdentityException {
try (SignalSessionLock.Lock unused = lock.acquire()) {
- return cipher.decrypt(ciphertext, usePqRatchet);
+ return cipher.decrypt(ciphertext);
}
}
diff --git a/microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt b/microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt
index 21032fcede..b7e4174485 100644
--- a/microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt
+++ b/microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt
@@ -7,7 +7,6 @@ import org.signal.libsignal.metadata.certificate.SenderCertificate
import org.signal.libsignal.metadata.certificate.ServerCertificate
import org.signal.libsignal.protocol.SessionBuilder
import org.signal.libsignal.protocol.SignalProtocolAddress
-import org.signal.libsignal.protocol.UsePqRatchet
import org.signal.libsignal.protocol.ecc.ECKeyPair
import org.signal.libsignal.protocol.ecc.ECPublicKey
import org.signal.libsignal.protocol.groups.GroupSessionBuilder
@@ -74,7 +73,7 @@ class SignalClient {
*/
fun initializeSession(to: SignalClient) {
val address = SignalProtocolAddress(to.aci.toString(), 1)
- SessionBuilder(store, address).process(to.createPreKeyBundle(), UsePqRatchet.NO)
+ SessionBuilder(store, address).process(to.createPreKeyBundle())
}
fun initializedGroupSession(distributionId: DistributionId): SenderKeyDistributionMessage {
@@ -161,7 +160,7 @@ class SignalClient {
}
fun decryptMessage(envelope: Envelope) {
- cipher.decrypt(envelope, System.currentTimeMillis(), UsePqRatchet.NO)
+ cipher.decrypt(envelope, System.currentTimeMillis())
}
private fun createPreKeyBundle(): PreKeyBundle {