Bump libsignal to v0.83.0

app/src/androidTest/java/org/thoughtcrime/securesms/testing/BobClient.kt

@@ -6,7 +6,6 @@ import org.signal.libsignal.protocol.IdentityKey
 import org.signal.libsignal.protocol.IdentityKeyPair
 import org.signal.libsignal.protocol.SessionBuilder
 import org.signal.libsignal.protocol.SignalProtocolAddress
-import org.signal.libsignal.protocol.UsePqRatchet
 import org.signal.libsignal.protocol.ecc.ECKeyPair
 import org.signal.libsignal.protocol.groups.state.SenderKeyRecord
 import org.signal.libsignal.protocol.state.IdentityKeyStore
@@ -69,7 +68,7 @@ class BobClient(val serviceId: ServiceId, val e164: String, val identityKeyPair:
 
     if (!aciStore.containsSession(getAliceProtocolAddress())) {
       val sessionBuilder = SignalSessionBuilder(sessionLock, SessionBuilder(aciStore, getAliceProtocolAddress()))
-      sessionBuilder.process(getAlicePreKeyBundle(), UsePqRatchet.NO)
+      sessionBuilder.process(getAlicePreKeyBundle())
     }
 
     return cipher.encrypt(getAliceProtocolAddress(), getAliceUnidentifiedAccess(), envelopeContent)
@@ -78,7 +77,7 @@ class BobClient(val serviceId: ServiceId, val e164: String, val identityKeyPair:
 
   fun decrypt(envelope: Envelope, serverDeliveredTimestamp: Long) {
     val cipher = SignalServiceCipher(serviceAddress, 1, aciStore, sessionLock, SealedSenderAccessUtil.getCertificateValidator())
-    cipher.decrypt(envelope, serverDeliveredTimestamp, UsePqRatchet.NO)
+    cipher.decrypt(envelope, serverDeliveredTimestamp)
   }
 
   private fun getAliceServiceId(): ServiceId {

app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java

@@ -174,8 +174,7 @@ public class ApplicationDependencyProvider implements AppDependencies.Provider {
                                             Optional.of(new SecurityEventListener(context)),
                                             SignalExecutors.newCachedBoundedExecutor("signal-messages", ThreadUtil.PRIORITY_IMPORTANT_BACKGROUND_THREAD, 1, 16, 30),
                                             RemoteConfig.maxEnvelopeSizeBytes(),
-                                            RemoteConfig::useMessageSendRestFallback,
+                                            RemoteConfig::useMessageSendRestFallback);
-                                            RemoteConfig.usePqRatchet());
   }
 
   @Override

app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt

@@ -151,7 +151,7 @@ object MessageDecryptor {
 
     return try {
       val startTimeNanos = System.nanoTime()
-      val cipherResult: SignalServiceCipherResult? = cipher.decrypt(envelope, serverDeliveredTimestamp, RemoteConfig.usePqRatchet)
+      val cipherResult: SignalServiceCipherResult? = cipher.decrypt(envelope, serverDeliveredTimestamp)
       val endTimeNanos = System.nanoTime()
 
       if (cipherResult == null) {

app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt

@@ -11,7 +11,6 @@ import org.signal.core.util.gibiBytes
 import org.signal.core.util.kibiBytes
 import org.signal.core.util.logging.Log
 import org.signal.core.util.mebiBytes
-import org.signal.libsignal.protocol.UsePqRatchet
 import org.thoughtcrime.securesms.dependencies.AppDependencies
 import org.thoughtcrime.securesms.groups.SelectionLimits
 import org.thoughtcrime.securesms.jobs.RemoteConfigRefreshJob
@@ -1165,16 +1164,6 @@ object RemoteConfig {
     durationUnit = DurationUnit.DAYS
   )
 
-  /** Whether or not to use the new post-quantum ratcheting. */
-  @JvmStatic
-  @get:JvmName("usePqRatchet")
-  val usePqRatchet: UsePqRatchet by remoteValue(
-    key = "android.usePqRatchet",
-    hotSwappable = false
-  ) { value ->
-    if (value.asBoolean(false)) UsePqRatchet.YES else UsePqRatchet.NO
-  }
-
   /** The maximum allowed envelope size for messages we send. */
   @JvmStatic
   @get:JvmName("maxEnvelopeSizeBytes")

gradle/libs.versions.toml

@@ -13,7 +13,7 @@ androidx-window = "1.3.0"
 glide = "4.15.1"
 gradle = "8.9.0"
 kotlin = "2.2.20"
-libsignal-client = "0.82.1"
+libsignal-client = "0.83.0"
 mp4parser = "1.9.39"
 android-gradle-plugin = "8.10.1"
 accompanist = "0.28.0"

gradle/verification-metadata.xml

@@ -9535,20 +9535,20 @@ https://docs.gradle.org/current/userguide/dependency_verification.html
             <sha256 value="57b3cf8f247f1990211110734a7d1af413db145c8f17eb1b2cdc9b9321188c2b" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.signal" name="libsignal-android" version="0.82.1">
+      <component group="org.signal" name="libsignal-android" version="0.83.0">
-         <artifact name="libsignal-android-0.82.1.aar">
+         <artifact name="libsignal-android-0.83.0.aar">
-            <sha256 value="b920814a7fe73d9264ec37b875822f40c5302173b987935da2d60dab664b9ad3" origin="Generated by Gradle"/>
+            <sha256 value="8bf0e2fb1f645f0d34fe6d4af1936a8f5ece7ddaa8e73202ca754755e228a6b6" origin="Generated by Gradle"/>
          </artifact>
-         <artifact name="libsignal-android-0.82.1.module">
+         <artifact name="libsignal-android-0.83.0.module">
-            <sha256 value="d30bc01df4801d24d8375f56b58a376eb1542069dff35a3ebbf5191d05ca4122" origin="Generated by Gradle"/>
+            <sha256 value="b4485089a774296918e7164b679514fd327eb610e65c39a5aaa7dd13da330ed4" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.signal" name="libsignal-client" version="0.82.1">
+      <component group="org.signal" name="libsignal-client" version="0.83.0">
-         <artifact name="libsignal-client-0.82.1.jar">
+         <artifact name="libsignal-client-0.83.0.jar">
-            <sha256 value="d85ce6318daff33462993c673ac9abb9ea57cd2658eae6f3247c9c33367c2f6f" origin="Generated by Gradle"/>
+            <sha256 value="99ca1b7d246c660145739c03c06bd112b499873fa8b39dd432466b8a06477f5c" origin="Generated by Gradle"/>
          </artifact>
-         <artifact name="libsignal-client-0.82.1.module">
+         <artifact name="libsignal-client-0.83.0.module">
-            <sha256 value="fce029da954ed056c7588c9bb38e3143c6322352e55295666807556d97ee20e9" origin="Generated by Gradle"/>
+            <sha256 value="d7cd7d99519fd4a0595a174b515b47533a3a7fcf4839e1bd5b7226d3f893d8fc" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="org.signal" name="ringrtc-android" version="2.59.0">

libsignal-service/src/main/java/org/whispersystems/signalservice/api/SignalServiceMessageSender.java

@@ -14,7 +14,6 @@ import org.signal.libsignal.protocol.InvalidRegistrationIdException;
 import org.signal.libsignal.protocol.NoSessionException;
 import org.signal.libsignal.protocol.SessionBuilder;
 import org.signal.libsignal.protocol.SignalProtocolAddress;
-import org.signal.libsignal.protocol.UsePqRatchet;
 import org.signal.libsignal.protocol.groups.GroupSessionBuilder;
 import org.signal.libsignal.protocol.logging.Log;
 import org.signal.libsignal.protocol.message.DecryptionErrorMessage;
@@ -185,7 +184,6 @@ public class SignalServiceMessageSender {
   private final Scheduler       scheduler;
   private final long            maxEnvelopeSize;
   private final BooleanSupplier useRestFallback;
-  private final UsePqRatchet    usePqRatchet;
 
   public SignalServiceMessageSender(PushServiceSocket pushServiceSocket,
                                     SignalServiceDataStore store,
@@ -196,8 +194,7 @@ public class SignalServiceMessageSender {
                                     Optional<EventListener> eventListener,
                                     ExecutorService executor,
                                     long maxEnvelopeSize,
-                                    BooleanSupplier useRestFallback,
+                                    BooleanSupplier useRestFallback)
-                                    UsePqRatchet usePqRatchet)
   {
     CredentialsProvider credentialsProvider = pushServiceSocket.getCredentialsProvider();
 
@@ -215,7 +212,6 @@ public class SignalServiceMessageSender {
     this.scheduler        = Schedulers.from(executor, false, false);
     this.keysApi          = keysApi;
     this.useRestFallback  = useRestFallback;
-    this.usePqRatchet     = usePqRatchet;
   }
 
   /**
@@ -2738,7 +2734,7 @@ public class SignalServiceMessageSender {
           try {
             SignalProtocolAddress preKeyAddress  = new SignalProtocolAddress(recipient.getIdentifier(), preKey.getDeviceId());
             SignalSessionBuilder  sessionBuilder = new SignalSessionBuilder(sessionLock, new SessionBuilder(aciStore, preKeyAddress));
-            sessionBuilder.process(preKey, usePqRatchet);
+            sessionBuilder.process(preKey);
           } catch (org.signal.libsignal.protocol.UntrustedIdentityException e) {
             throw new UntrustedIdentityException("Untrusted identity key!", recipient.getIdentifier(), preKey.getIdentityKey());
           }
@@ -2790,7 +2786,7 @@ public class SignalServiceMessageSender {
 
         try {
           SignalSessionBuilder sessionBuilder = new SignalSessionBuilder(sessionLock, new SessionBuilder(aciStore, new SignalProtocolAddress(recipient.getIdentifier(), missingDeviceId)));
-          sessionBuilder.process(preKey, usePqRatchet);
+          sessionBuilder.process(preKey);
         } catch (org.signal.libsignal.protocol.UntrustedIdentityException e) {
           throw new UntrustedIdentityException("Untrusted identity key!", recipient.getIdentifier(), preKey.getIdentityKey());
         }

libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java

@@ -19,7 +19,6 @@ import org.signal.libsignal.protocol.InvalidRegistrationIdException;
 import org.signal.libsignal.protocol.NoSessionException;
 import org.signal.libsignal.protocol.SignalProtocolAddress;
 import org.signal.libsignal.protocol.UntrustedIdentityException;
-import org.signal.libsignal.protocol.UsePqRatchet;
 import org.signal.libsignal.protocol.state.SessionRecord;
 import org.signal.libsignal.protocol.state.SignalProtocolStore;
 import org.whispersystems.signalservice.api.SignalSessionLock;
@@ -66,7 +65,7 @@ public class SignalSealedSessionCipher {
 
   public SealedSessionCipher.DecryptionResult decrypt(CertificateValidator validator, byte[] ciphertext, long timestamp) throws InvalidMetadataMessageException, InvalidMetadataVersionException, ProtocolInvalidMessageException, ProtocolInvalidKeyException, ProtocolNoSessionException, ProtocolLegacyMessageException, ProtocolInvalidVersionException, ProtocolDuplicateMessageException, ProtocolInvalidKeyIdException, ProtocolUntrustedIdentityException, SelfSendException {
     try (SignalSessionLock.Lock unused = lock.acquire()) {
-      return cipher.decrypt(validator, ciphertext, timestamp, UsePqRatchet.NO);
+      return cipher.decrypt(validator, ciphertext, timestamp);
     }
   }
 

libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java

@@ -34,7 +34,6 @@ import org.signal.libsignal.protocol.NoSessionException;
 import org.signal.libsignal.protocol.SessionCipher;
 import org.signal.libsignal.protocol.SignalProtocolAddress;
 import org.signal.libsignal.protocol.UntrustedIdentityException;
-import org.signal.libsignal.protocol.UsePqRatchet;
 import org.signal.libsignal.protocol.groups.GroupCipher;
 import org.signal.libsignal.protocol.logging.Log;
 import org.signal.libsignal.protocol.message.CiphertextMessage;
@@ -132,7 +131,7 @@ public class SignalServiceCipher {
     }
   }
 
-  public SignalServiceCipherResult decrypt(Envelope envelope, long serverDeliveredTimestamp, UsePqRatchet usePqRatchet)
+  public SignalServiceCipherResult decrypt(Envelope envelope, long serverDeliveredTimestamp)
       throws InvalidMetadataMessageException, InvalidMetadataVersionException,
              ProtocolInvalidKeyIdException, ProtocolLegacyMessageException,
              ProtocolUntrustedIdentityException, ProtocolNoSessionException,
@@ -142,7 +141,7 @@ public class SignalServiceCipher {
   {
     try {
       if (envelope.content != null) {
-        Plaintext plaintext = decryptInternal(envelope, serverDeliveredTimestamp, usePqRatchet);
+        Plaintext plaintext = decryptInternal(envelope, serverDeliveredTimestamp);
         Content   content   = Content.ADAPTER.decode(plaintext.getData());
 
         return new SignalServiceCipherResult(
@@ -164,7 +163,7 @@ public class SignalServiceCipher {
     }
   }
 
-  private Plaintext decryptInternal(Envelope envelope, long serverDeliveredTimestamp, UsePqRatchet usePqRatchet)
+  private Plaintext decryptInternal(Envelope envelope, long serverDeliveredTimestamp)
       throws InvalidMetadataMessageException, InvalidMetadataVersionException,
       ProtocolDuplicateMessageException, ProtocolUntrustedIdentityException,
       ProtocolLegacyMessageException, ProtocolInvalidKeyException,
@@ -185,7 +184,7 @@ public class SignalServiceCipher {
         SignalProtocolAddress sourceAddress = new SignalProtocolAddress(envelope.sourceServiceId, envelope.sourceDevice);
         SignalSessionCipher   sessionCipher = new SignalSessionCipher(sessionLock, new SessionCipher(signalProtocolStore, sourceAddress));
 
-        paddedMessage = sessionCipher.decrypt(new PreKeySignalMessage(envelope.content.toByteArray()), usePqRatchet);
+        paddedMessage = sessionCipher.decrypt(new PreKeySignalMessage(envelope.content.toByteArray()));
         metadata      = new SignalServiceMetadata(getSourceAddress(envelope), envelope.sourceDevice, envelope.timestamp, envelope.serverTimestamp, serverDeliveredTimestamp, false, envelope.serverGuid, Optional.empty(), envelope.destinationServiceId);
 
         signalProtocolStore.clearSenderKeySharedWith(Collections.singleton(sourceAddress));

libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionBuilder.java

@@ -3,7 +3,6 @@ package org.whispersystems.signalservice.api.crypto;
 import org.signal.libsignal.protocol.InvalidKeyException;
 import org.signal.libsignal.protocol.SessionBuilder;
 import org.signal.libsignal.protocol.UntrustedIdentityException;
-import org.signal.libsignal.protocol.UsePqRatchet;
 import org.signal.libsignal.protocol.state.PreKeyBundle;
 import org.whispersystems.signalservice.api.SignalSessionLock;
 
@@ -20,9 +19,9 @@ public class SignalSessionBuilder {
     this.builder = builder;
   }
 
-  public void process(PreKeyBundle preKey, UsePqRatchet usePqRatchet) throws InvalidKeyException, UntrustedIdentityException {
+  public void process(PreKeyBundle preKey) throws InvalidKeyException, UntrustedIdentityException {
     try (SignalSessionLock.Lock unused = lock.acquire()) {
-      builder.process(preKey, usePqRatchet);
+      builder.process(preKey);
     }
   }
 }

libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java

@@ -9,7 +9,6 @@ import org.signal.libsignal.protocol.LegacyMessageException;
 import org.signal.libsignal.protocol.NoSessionException;
 import org.signal.libsignal.protocol.SessionCipher;
 import org.signal.libsignal.protocol.UntrustedIdentityException;
-import org.signal.libsignal.protocol.UsePqRatchet;
 import org.signal.libsignal.protocol.message.CiphertextMessage;
 import org.signal.libsignal.protocol.message.PreKeySignalMessage;
 import org.signal.libsignal.protocol.message.SignalMessage;
@@ -34,9 +33,9 @@ public class SignalSessionCipher {
     }
   }
 
-  public byte[] decrypt(PreKeySignalMessage ciphertext, UsePqRatchet usePqRatchet) throws DuplicateMessageException, LegacyMessageException, InvalidMessageException, InvalidKeyIdException, InvalidKeyException, org.signal.libsignal.protocol.UntrustedIdentityException {
+  public byte[] decrypt(PreKeySignalMessage ciphertext) throws DuplicateMessageException, LegacyMessageException, InvalidMessageException, InvalidKeyIdException, InvalidKeyException, org.signal.libsignal.protocol.UntrustedIdentityException {
     try (SignalSessionLock.Lock unused = lock.acquire()) {
-      return cipher.decrypt(ciphertext, usePqRatchet);
+      return cipher.decrypt(ciphertext);
     }
   }
 

microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt

@@ -7,7 +7,6 @@ import org.signal.libsignal.metadata.certificate.SenderCertificate
 import org.signal.libsignal.metadata.certificate.ServerCertificate
 import org.signal.libsignal.protocol.SessionBuilder
 import org.signal.libsignal.protocol.SignalProtocolAddress
-import org.signal.libsignal.protocol.UsePqRatchet
 import org.signal.libsignal.protocol.ecc.ECKeyPair
 import org.signal.libsignal.protocol.ecc.ECPublicKey
 import org.signal.libsignal.protocol.groups.GroupSessionBuilder
@@ -74,7 +73,7 @@ class SignalClient {
    */
   fun initializeSession(to: SignalClient) {
     val address = SignalProtocolAddress(to.aci.toString(), 1)
-    SessionBuilder(store, address).process(to.createPreKeyBundle(), UsePqRatchet.NO)
+    SessionBuilder(store, address).process(to.createPreKeyBundle())
   }
 
   fun initializedGroupSession(distributionId: DistributionId): SenderKeyDistributionMessage {
@@ -161,7 +160,7 @@ class SignalClient {
   }
 
   fun decryptMessage(envelope: Envelope) {
-    cipher.decrypt(envelope, System.currentTimeMillis(), UsePqRatchet.NO)
+    cipher.decrypt(envelope, System.currentTimeMillis())
   }
 
   private fun createPreKeyBundle(): PreKeyBundle {