Store signed EC pre-keys in a dedicated table

2026-04-20 20:18:05 +01:00 · 2023-06-20 10:29:03 -04:00
parent 93c78b6e40
commit 1a1defb055
18 changed files with 114 additions and 35 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -316,6 +316,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
    KeysManager keys = new KeysManager(
            dynamoDbAsyncClient,
        config.getDynamoDbTables().getEcKeys().getTableName(),
+        config.getDynamoDbTables().getEcSignedPreKeys().getTableName(),
        config.getDynamoDbTables().getKemKeys().getTableName(),
        config.getDynamoDbTables().getKemLastResortKeys().getTableName());
    MessagesDynamoDb messagesDynamoDb = new MessagesDynamoDb(dynamoDbClient, dynamoDbAsyncClient,
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/DynamoDbTables.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/DynamoDbTables.java
@@ -51,6 +51,7 @@ public class DynamoDbTables {
  private final Table deletedAccountsLock;
  private final IssuedReceiptsTableConfiguration issuedReceipts;
  private final Table ecKeys;
+  private final Table ecSignedPreKeys;
  private final Table kemKeys;
  private final Table kemLastResortKeys;
  private final TableWithExpiration messages;
@@ -72,6 +73,7 @@ public class DynamoDbTables {
      @JsonProperty("deletedAccountsLock") final Table deletedAccountsLock,
      @JsonProperty("issuedReceipts") final IssuedReceiptsTableConfiguration issuedReceipts,
      @JsonProperty("ecKeys") final Table ecKeys,
+      @JsonProperty("ecSignedPreKeys") final Table ecSignedPreKeys,
      @JsonProperty("pqKeys") final Table kemKeys,
      @JsonProperty("pqLastResortKeys") final Table kemLastResortKeys,
      @JsonProperty("messages") final TableWithExpiration messages,
@@ -92,6 +94,7 @@ public class DynamoDbTables {
    this.deletedAccountsLock = deletedAccountsLock;
    this.issuedReceipts = issuedReceipts;
    this.ecKeys = ecKeys;
+    this.ecSignedPreKeys = ecSignedPreKeys;
    this.kemKeys = kemKeys;
    this.kemLastResortKeys = kemLastResortKeys;
    this.messages = messages;
@@ -138,6 +141,12 @@ public class DynamoDbTables {
    return ecKeys;
  }

+  @NotNull
+  @Valid
+  public Table getEcSignedPreKeys() {
+    return ecSignedPreKeys;
+  }
+
  @NotNull
  @Valid
  public Table getKemKeys() {
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
@@ -341,7 +341,9 @@ public class DeviceController {
      keys.delete(a.getPhoneNumberIdentifier(), device.getId());

      maybeDeviceActivationRequest.ifPresent(deviceActivationRequest -> {
+        keys.storeEcSignedPreKeys(a.getUuid(), Map.of(device.getId(), deviceActivationRequest.aciSignedPreKey().get()));
        keys.storePqLastResort(a.getUuid(), Map.of(device.getId(), deviceActivationRequest.aciPqLastResortPreKey().get()));
+        keys.storeEcSignedPreKeys(a.getPhoneNumberIdentifier(), Map.of(device.getId(), deviceActivationRequest.pniSignedPreKey().get()));
        keys.storePqLastResort(a.getPhoneNumberIdentifier(), Map.of(device.getId(), deviceActivationRequest.pniPqLastResortPreKey().get()));
      });

--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeysController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeysController.java
@@ -167,7 +167,7 @@ public class KeysController {

    keys.store(
        getIdentifier(account, identityType), device.getId(),
-        preKeys.getPreKeys(), preKeys.getPqPreKeys(), preKeys.getPqLastResortPreKey());
+        preKeys.getPreKeys(), preKeys.getPqPreKeys(), preKeys.getSignedPreKey(), preKeys.getPqLastResortPreKey());
  }

  @Timed
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/RegistrationController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/RegistrationController.java
@@ -176,7 +176,9 @@ public class RegistrationController {
        registrationRequest.deviceActivationRequest().gcmToken().ifPresent(gcmRegistrationId ->
            device.setGcmId(gcmRegistrationId.gcmRegistrationId()));

+        keysManager.storeEcSignedPreKeys(a.getUuid(), Map.of(Device.MASTER_ID, registrationRequest.deviceActivationRequest().aciSignedPreKey().get()));
        keysManager.storePqLastResort(a.getUuid(), Map.of(Device.MASTER_ID, registrationRequest.deviceActivationRequest().aciPqLastResortPreKey().get()));
+        keysManager.storeEcSignedPreKeys(a.getPhoneNumberIdentifier(), Map.of(Device.MASTER_ID, registrationRequest.deviceActivationRequest().pniSignedPreKey().get()));
        keysManager.storePqLastResort(a.getPhoneNumberIdentifier(), Map.of(Device.MASTER_ID, registrationRequest.deviceActivationRequest().pniPqLastResortPreKey().get()));
      });
    }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/storage/AccountsManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/storage/AccountsManager.java
@@ -312,7 +312,10 @@ public class AccountsManager {

      numberChangedAccount = updateWithRetries(
          account,
-          a -> { setPniKeys(account, pniIdentityKey, pniSignedPreKeys, pniRegistrationIds); return true; },
+          a -> {
+            setPniKeys(account, pniIdentityKey, pniSignedPreKeys, pniRegistrationIds);
+            return true;
+          },
          a -> accounts.changeNumber(a, targetNumber, phoneNumberIdentifier),
          () -> accounts.getByAccountIdentifier(uuid).orElseThrow(),
          AccountChangeValidator.NUMBER_CHANGE_VALIDATOR);
@@ -322,6 +325,8 @@ public class AccountsManager {
      keysManager.delete(phoneNumberIdentifier);
      keysManager.delete(originalPhoneNumberIdentifier);

+      keysManager.storeEcSignedPreKeys(phoneNumberIdentifier, pniSignedPreKeys);
+
      if (pniPqLastResortPreKeys != null) {
        keysManager.storePqLastResort(
            phoneNumberIdentifier,
@@ -362,6 +367,7 @@ public class AccountsManager {

    final List<Long> pqEnabledDeviceIDs = keysManager.getPqEnabledDevices(pni);
    keysManager.delete(pni);
+    keysManager.storeEcSignedPreKeys(pni, pniSignedPreKeys);
    if (pniPqLastResortPreKeys != null) {
      keysManager.storePqLastResort(pni, pqEnabledDeviceIDs.stream().collect(Collectors.toMap(Function.identity(), pniPqLastResortPreKeys::get)));
    }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/storage/KeysManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/storage/KeysManager.java
@@ -14,6 +14,7 @@ import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
 import javax.annotation.Nullable;
 import org.whispersystems.textsecuregcm.entities.ECPreKey;
+import org.whispersystems.textsecuregcm.entities.ECSignedPreKey;
 import org.whispersystems.textsecuregcm.entities.KEMSignedPreKey;
 import software.amazon.awssdk.services.dynamodb.DynamoDbAsyncClient;

@@ -21,26 +22,30 @@ public class KeysManager {

  private final SingleUseECPreKeyStore ecPreKeys;
  private final SingleUseKEMPreKeyStore pqPreKeys;
+  private final RepeatedUseECSignedPreKeyStore ecSignedPreKeys;
  private final RepeatedUseKEMSignedPreKeyStore pqLastResortKeys;

  public KeysManager(
      final DynamoDbAsyncClient dynamoDbAsyncClient,
      final String ecTableName,
      final String pqTableName,
+      final String ecSignedPreKeysTableName,
      final String pqLastResortTableName) {
    this.ecPreKeys = new SingleUseECPreKeyStore(dynamoDbAsyncClient, ecTableName);
    this.pqPreKeys = new SingleUseKEMPreKeyStore(dynamoDbAsyncClient, pqTableName);
+    this.ecSignedPreKeys = new RepeatedUseECSignedPreKeyStore(dynamoDbAsyncClient, ecSignedPreKeysTableName);
    this.pqLastResortKeys = new RepeatedUseKEMSignedPreKeyStore(dynamoDbAsyncClient, pqLastResortTableName);
  }

  public void store(final UUID identifier, final long deviceId, final List<ECPreKey> keys) {
-    store(identifier, deviceId, keys, null, null);
+    store(identifier, deviceId, keys, null, null, null);
  }

  public void store(
      final UUID identifier, final long deviceId,
      @Nullable final List<ECPreKey> ecKeys,
      @Nullable final List<KEMSignedPreKey> pqKeys,
+      @Nullable final ECSignedPreKey ecSignedPreKey,
      @Nullable final KEMSignedPreKey pqLastResortKey) {

    final List<CompletableFuture<Void>> storeFutures = new ArrayList<>();
@@ -53,6 +58,10 @@ public class KeysManager {
      storeFutures.add(pqPreKeys.store(identifier, deviceId, pqKeys));
    }

+    if (ecSignedPreKey != null) {
+      storeFutures.add(ecSignedPreKeys.store(identifier, deviceId, ecSignedPreKey));
+    }
+
    if (pqLastResortKey != null) {
      storeFutures.add(pqLastResortKeys.store(identifier, deviceId, pqLastResortKey));
    }
@@ -60,6 +69,10 @@ public class KeysManager {
    CompletableFuture.allOf(storeFutures.toArray(new CompletableFuture[0])).join();
  }

+  public void storeEcSignedPreKeys(final UUID identifier, final Map<Long, ECSignedPreKey> keys) {
+    ecSignedPreKeys.store(identifier, keys).join();
+  }
+
  public void storePqLastResort(final UUID identifier, final Map<Long, KEMSignedPreKey> keys) {
    pqLastResortKeys.store(identifier, keys).join();
  }
@@ -80,6 +93,10 @@ public class KeysManager {
    return pqLastResortKeys.find(identifier, deviceId).join();
  }

+  public CompletableFuture<Optional<ECSignedPreKey>> getEcSignedPreKey(final UUID identifier, final long deviceId) {
+    return ecSignedPreKeys.find(identifier, deviceId);
+  }
+
  public List<Long> getPqEnabledDevices(final UUID identifier) {
    return pqLastResortKeys.getDeviceIdsWithKeys(identifier).collectList().block();
  }
@@ -96,6 +113,7 @@ public class KeysManager {
    CompletableFuture.allOf(
            ecPreKeys.delete(accountUuid),
            pqPreKeys.delete(accountUuid),
+            ecSignedPreKeys.delete(accountUuid),
            pqLastResortKeys.delete(accountUuid))
        .join();
  }
@@ -104,6 +122,7 @@ public class KeysManager {
    CompletableFuture.allOf(
            ecPreKeys.delete(accountUuid, deviceId),
            pqPreKeys.delete(accountUuid, deviceId),
+            ecSignedPreKeys.delete(accountUuid, deviceId),
            pqLastResortKeys.delete(accountUuid, deviceId))
        .join();
  }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/workers/AssignUsernameCommand.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/workers/AssignUsernameCommand.java
@@ -165,6 +165,7 @@ public class AssignUsernameCommand extends EnvironmentCommand<WhisperServerConfi
    KeysManager keys = new KeysManager(
            dynamoDbAsyncClient,
        configuration.getDynamoDbTables().getEcKeys().getTableName(),
+        configuration.getDynamoDbTables().getEcSignedPreKeys().getTableName(),
        configuration.getDynamoDbTables().getKemKeys().getTableName(),
        configuration.getDynamoDbTables().getKemLastResortKeys().getTableName());
    MessagesDynamoDb messagesDynamoDb = new MessagesDynamoDb(dynamoDbClient, dynamoDbAsyncClient,
--- a/service/src/main/java/org/whispersystems/textsecuregcm/workers/CommandDependencies.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/workers/CommandDependencies.java
@@ -149,6 +149,7 @@ record CommandDependencies(
    KeysManager keys = new KeysManager(
            dynamoDbAsyncClient,
        configuration.getDynamoDbTables().getEcKeys().getTableName(),
+        configuration.getDynamoDbTables().getEcSignedPreKeys().getTableName(),
        configuration.getDynamoDbTables().getKemKeys().getTableName(),
        configuration.getDynamoDbTables().getKemLastResortKeys().getTableName());
    MessagesDynamoDb messagesDynamoDb = new MessagesDynamoDb(dynamoDbClient, dynamoDbAsyncClient,