Update libsignal to 0.76.5

2026-04-19 15:18:01 +01:00 · 2025-07-23 10:22:48 -04:00
parent 0ff32d5cae
commit 5d80ac73da
50 changed files with 246 additions and 281 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/CertificateGenerator.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/CertificateGenerator.java
@@ -9,7 +9,6 @@ import com.google.protobuf.ByteString;
 import com.google.protobuf.InvalidProtocolBufferException;
 import java.security.InvalidKeyException;
 import java.util.concurrent.TimeUnit;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECPrivateKey;
 import org.whispersystems.textsecuregcm.entities.MessageProtos.SenderCertificate;
 import org.whispersystems.textsecuregcm.entities.MessageProtos.ServerCertificate;
@@ -45,11 +44,7 @@ public class CertificateGenerator {

    byte[] certificate = builder.build().toByteArray();
    byte[] signature;
-    try {
-      signature = Curve.calculateSignature(privateKey, certificate);
-    } catch (org.signal.libsignal.protocol.InvalidKeyException e) {
-      throw new InvalidKeyException(e);
-    }
+    signature = privateKey.calculateSignature(certificate);

    return SenderCertificate.newBuilder()
                            .setCertificate(ByteString.copyFrom(certificate))
--- a/service/src/main/java/org/whispersystems/textsecuregcm/backup/BackupManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/backup/BackupManager.java
@@ -26,7 +26,7 @@ import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
 import java.util.function.Function;
 import org.apache.commons.lang3.StringUtils;
-import org.signal.libsignal.protocol.ecc.Curve;
+import org.signal.libsignal.protocol.ecc.ECKeyPair;
 import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.signal.libsignal.zkgroup.GenericServerSecretParams;
 import org.signal.libsignal.zkgroup.VerificationFailedException;
@@ -527,7 +527,7 @@ public class BackupManager {
    }
  }

-  private static final ECPublicKey INVALID_PUBLIC_KEY = Curve.generateKeyPair().getPublicKey();
+  private static final ECPublicKey INVALID_PUBLIC_KEY = ECKeyPair.generate().getPublicKey();

  /**
   * Authenticate the ZK anonymous backup credential's presentation
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/NoiseTunnelConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/NoiseTunnelConfiguration.java
@@ -4,7 +4,6 @@ import jakarta.validation.constraints.NotNull;
 import jakarta.validation.constraints.Positive;
 import javax.annotation.Nullable;
 import org.signal.libsignal.protocol.InvalidKeyException;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECKeyPair;
 import org.signal.libsignal.protocol.ecc.ECPrivateKey;
 import org.whispersystems.textsecuregcm.configuration.secrets.SecretBytes;
@@ -19,7 +18,7 @@ public record NoiseTunnelConfiguration(@Positive int webSocketPort,
                                       @NotNull SecretString recognizedProxySecret) {

  public ECKeyPair noiseStaticKeyPair() throws InvalidKeyException {
-    final ECPrivateKey privateKey = Curve.decodePrivatePoint(noiseStaticPrivateKey().value());
+    final ECPrivateKey privateKey = new ECPrivateKey(noiseStaticPrivateKey().value());

    return new ECKeyPair(privateKey.publicKey(), privateKey);
  }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/UnidentifiedDeliveryConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/UnidentifiedDeliveryConfiguration.java
@@ -8,7 +8,6 @@ package org.whispersystems.textsecuregcm.configuration;
 import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
 import org.signal.libsignal.protocol.InvalidKeyException;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECPrivateKey;
 import org.whispersystems.textsecuregcm.configuration.secrets.SecretBytes;
 import org.whispersystems.textsecuregcm.util.ExactlySize;
@@ -17,6 +16,6 @@ public record UnidentifiedDeliveryConfiguration(@NotNull @NotEmpty  byte[] certi
                                                @ExactlySize(32) SecretBytes privateKey,
                                                int expiresDays) {
  public ECPrivateKey ecPrivateKey() throws InvalidKeyException {
-    return Curve.decodePrivatePoint(privateKey.value());
+    return new ECPrivateKey(privateKey.value());
  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/workers/CertificateCommand.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/workers/CertificateCommand.java
@@ -15,7 +15,6 @@ import java.util.Set;
 import net.sourceforge.argparse4j.impl.Arguments;
 import net.sourceforge.argparse4j.inf.Namespace;
 import net.sourceforge.argparse4j.inf.Subparser;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECKeyPair;
 import org.signal.libsignal.protocol.ecc.ECPrivateKey;
 import org.whispersystems.textsecuregcm.entities.MessageProtos;
@@ -56,7 +55,7 @@ public class CertificateCommand extends Command {
  }

  private void runCaCommand() {
-    ECKeyPair keyPair = Curve.generateKeyPair();
+    ECKeyPair keyPair = ECKeyPair.generate();
    System.out.println("Public key : " + Base64.getEncoder().encodeToString(keyPair.getPublicKey().serialize()));
    System.out.println("Private key: " + Base64.getEncoder().encodeToString(keyPair.getPrivateKey().serialize()));
  }
@@ -72,7 +71,7 @@ public class CertificateCommand extends Command {
      return;
    }

-    ECPrivateKey key   = Curve.decodePrivatePoint(Base64.getDecoder().decode(namespace.getString("key")));
+    ECPrivateKey key   = new ECPrivateKey(Base64.getDecoder().decode(namespace.getString("key")));
    int          keyId = namespace.getInt("keyId");

    if (RESERVED_CERTIFICATE_IDS.contains(keyId)) {
@@ -80,7 +79,7 @@ public class CertificateCommand extends Command {
          String.format("Key ID %08x has been reserved or revoked and may not be used in new certificates.", keyId));
    }

-    ECKeyPair keyPair = Curve.generateKeyPair();
+    ECKeyPair keyPair = ECKeyPair.generate();

    byte[] certificate = MessageProtos.ServerCertificate.Certificate.newBuilder()
                                                                    .setId(keyId)
@@ -89,11 +88,7 @@ public class CertificateCommand extends Command {
                                                                    .toByteArray();

    byte[] signature;
-    try {
-      signature = Curve.calculateSignature(key, certificate);
-    } catch (org.signal.libsignal.protocol.InvalidKeyException e) {
-      throw new InvalidKeyException(e);
-    }
+    signature = key.calculateSignature(certificate);

    byte[] signedCertificate = MessageProtos.ServerCertificate.newBuilder()
                                                              .setCertificate(ByteString.copyFrom(certificate))