Prevent SVRB falling out of sync after re-registrations.

2026-04-19 08:09:12 +01:00 · 2025-11-03 10:44:14 -05:00
parent 10d6e5293b
commit d6156ab3f2
9 changed files with 115 additions and 0 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/backup/v2/BackupRepository.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/backup/v2/BackupRepository.kt
@@ -164,6 +164,7 @@ import org.whispersystems.signalservice.internal.crypto.PaddingInputStream
 import org.whispersystems.signalservice.internal.push.AttachmentUploadForm
 import org.whispersystems.signalservice.internal.push.AuthCredentials
 import org.whispersystems.signalservice.internal.push.SubscriptionsConfiguration
+import java.io.ByteArrayInputStream
 import java.io.ByteArrayOutputStream
 import java.io.File
 import java.io.IOException
@@ -2394,6 +2395,26 @@ object BackupRepository {
    ).encodeByteString()
  }

+  fun getRemoteBackupForwardSecrecyMetadata(): NetworkResult<ByteArray?> {
+    return initBackupAndFetchAuth()
+      .then { credential -> SignalNetwork.archive.getBackupInfo(SignalStore.account.requireAci(), credential.messageBackupAccess) }
+      .then { info -> getCdnReadCredentials(CredentialType.MESSAGE, info.cdn ?: Cdn.CDN_3.cdnNumber).map { it.headers to info } }
+      .then { pair ->
+        val (cdnCredentials, info) = pair
+        val headers = cdnCredentials.toMutableMap().apply {
+          this["range"] = "bytes=0-${EncryptedBackupReader.BACKUP_SECRET_METADATA_UPPERBOUND - 1}"
+        }
+
+        AppDependencies.signalServiceMessageReceiver.retrieveBackupForwardSecretMetadataBytes(
+          info.cdn!!,
+          headers,
+          "backups/${info.backupDir}/${info.backupName}",
+          EncryptedBackupReader.BACKUP_SECRET_METADATA_UPPERBOUND
+        )
+      }
+      .map { bytes -> EncryptedBackupReader.readForwardSecrecyMetadata(ByteArrayInputStream(bytes)) }
+  }
+
  interface ExportProgressListener {
    fun onAccount()
    fun onRecipient()
--- a/app/src/main/java/org/thoughtcrime/securesms/backup/v2/stream/EncryptedBackupReader.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/backup/v2/stream/EncryptedBackupReader.kt
@@ -49,6 +49,13 @@ class EncryptedBackupReader private constructor(
  companion object {
    const val MAC_SIZE = 32

+    /**
+     * Estimated upperbound need to read backup secrecy metadata from the start of a file.
+     *
+     * Magic Number size + ~varint size (5) + forward secrecy metadata size estimate (200)
+     */
+    val BACKUP_SECRET_METADATA_UPPERBOUND = EncryptedBackupWriter.MAGIC_NUMBER.size + 5 + 200
+
    /**
     * Create a reader for a backup from the archive CDN.
     * The key difference is that we require forward secrecy data.