Introduce a canonical constant for UAK length

2026-04-21 23:48:05 +01:00 · 2023-10-19 13:28:44 -04:00
parent 8ec062fbef
commit ac0c8b1e9a
14 changed files with 86 additions and 74 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/CombinedUnidentifiedSenderAccessKeys.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/CombinedUnidentifiedSenderAccessKeys.java
@@ -16,7 +16,7 @@ public class CombinedUnidentifiedSenderAccessKeys {
  public CombinedUnidentifiedSenderAccessKeys(String header) {
    try {
      this.combinedUnidentifiedSenderAccessKeys = Base64.getDecoder().decode(header);
-      if (this.combinedUnidentifiedSenderAccessKeys == null || this.combinedUnidentifiedSenderAccessKeys.length != 16) {
+      if (this.combinedUnidentifiedSenderAccessKeys == null || this.combinedUnidentifiedSenderAccessKeys.length != UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH) {
        throw new WebApplicationException("Invalid combined unidentified sender access keys", Status.UNAUTHORIZED);
      }
    } catch (IllegalArgumentException e) {
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessChecksum.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessChecksum.java
@@ -14,7 +14,7 @@ public class UnidentifiedAccessChecksum {

  public static byte[] generateFor(byte[] unidentifiedAccessKey) {
    try {
-      if (unidentifiedAccessKey.length != 16) {
+      if (unidentifiedAccessKey.length != UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH) {
        throw new IllegalArgumentException("Invalid UAK length: " + unidentifiedAccessKey.length);
      }

--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtil.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtil.java
@@ -10,6 +10,8 @@ import java.security.MessageDigest;

 public class UnidentifiedAccessUtil {

+  public static final int UNIDENTIFIED_ACCESS_KEY_LENGTH = 16;
+
  private UnidentifiedAccessUtil() {
  }

--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
@@ -67,6 +67,7 @@ import org.whispersystems.textsecuregcm.auth.Anonymous;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.CombinedUnidentifiedSenderAccessKeys;
 import org.whispersystems.textsecuregcm.auth.OptionalAccess;
+import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
 import org.whispersystems.textsecuregcm.entities.AccountMismatchedDevices;
 import org.whispersystems.textsecuregcm.entities.AccountStaleDevices;
@@ -492,8 +493,8 @@ public class MessageController {
      throw new WebApplicationException(Status.UNAUTHORIZED);
    }
    AtomicBoolean throwUnauthorized = new AtomicBoolean(false);
-    byte[] empty = new byte[16];
-    final Optional<byte[]> UNRESTRICTED_UNIDENTIFIED_ACCESS_KEY = Optional.of(new byte[16]);
+    byte[] empty = new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH];
+    final Optional<byte[]> UNRESTRICTED_UNIDENTIFIED_ACCESS_KEY = Optional.of(new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]);
    byte[] combinedUnknownAccessKeys = destinationAccounts.stream()
        .map(account -> {
          if (account.isUnrestrictedUnidentifiedAccess()) {
@@ -509,7 +510,7 @@ public class MessageController {
          }
          return accessKey.get();
        })
-        .reduce(new byte[16], (bytes, bytes2) -> {
+        .reduce(new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH], (bytes, bytes2) -> {
          if (bytes.length != bytes2.length) {
            throwUnauthorized.set(true);
            return bytes;
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java
@@ -11,6 +11,7 @@ import java.util.Optional;
 import java.util.OptionalInt;
 import javax.annotation.Nullable;
 import javax.validation.constraints.Size;
+import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil;
 import org.whispersystems.textsecuregcm.storage.Device.DeviceCapabilities;
 import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
 import org.whispersystems.textsecuregcm.util.ExactlySize;
@@ -34,7 +35,7 @@ public class AccountAttributes {
  private String registrationLock;

  @JsonProperty
-  @ExactlySize({0, 16})
+  @ExactlySize({0, UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH})
  private byte[] unidentifiedAccessKey;

  @JsonProperty