Update libsignal to v0.32.0 (#245)

Cargo.toml

@@ -1,10 +1,6 @@
 [workspace]
-members = [
-    "libsignal-service",
-    "libsignal-service-actix",
-    "libsignal-service-hyper",
-]
+members = ["libsignal-service", "libsignal-service-actix", "libsignal-service-hyper"]
 default-members = ["libsignal-service", "libsignal-service-hyper"]
 
 [patch.crates-io]
-"curve25519-dalek" = { git = 'https://github.com/signalapp/curve25519-dalek', branch = 'lizard2' }
+curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', tag = 'signal-curve25519-4.0.0' }

libsignal-service-actix/Cargo.toml

@@ -9,7 +9,7 @@ edition = "2018"
 # the Send requirement in libsignal-service needs to be lifted by enabling `unsend-futures`.
 libsignal-service = { path = "../libsignal-service", features = ["unsend-futures"] }
 
-awc = { version = "3.0.0-beta.19", features=["rustls"] }
+awc = { version = "3.0.0-beta.19", features = ["rustls"] }
 actix = "0.13"
 actix-http = "3.0.0-beta.19"
 actix-rt = "2.4"
@@ -23,26 +23,24 @@ rustls-pemfile = "0.3"
 url = "2.1"
 serde = "1.0"
 log = "0.4"
-rand = "0.7"
+rand = "0.8"
 
 thiserror = "1.0"
 async-trait = "0.1"
 base64 = "0.13"
 
 phonenumber = "0.3"
 
-# Pin this for 1.52.1 compat
-proc-macro2 = { version = "=1.0.26", optional = true }
-quote = { version = "=1.0.10", optional = true }
+proc-macro2 = { version = "1.0.66", optional = true }
+quote = { version = "1.0.33", optional = true }
 
 [dev-dependencies]
 env_logger = "0.9"
 image = { version = "0.23", default-features = false, features = ["png"] }
 opener = "0.5"
 qrcode = "0.12"
-rand = "0.7"
 structopt = "0.3"
-tokio = { version = "1", features=["macros"] }
+tokio = { version = "1", features = ["macros"] }
 anyhow = "1.0"
 
 [features]

libsignal-service-actix/examples/link.rs

@@ -26,12 +26,15 @@ async fn main() -> Result<(), Error> {
     let args = Args::from_args();
 
     // generate a random 16 bytes password
-    let mut csprng = rand::thread_rng();
-    let password: String = csprng.sample_iter(&Alphanumeric).take(24).collect();
+    let password: String = rand::thread_rng()
+        .sample_iter(&Alphanumeric)
+        .take(24)
+        .map(char::from)
+        .collect();
 
     // generate a 52 bytes signaling key
     let mut signaling_key = [0u8; 52];
-    csprng.fill_bytes(&mut signaling_key);
+    rand::thread_rng().fill_bytes(&mut signaling_key);
     log::info!("generated signaling key: {}", base64::encode(signaling_key));
 
     let push_service =
@@ -44,7 +47,7 @@ async fn main() -> Result<(), Error> {
 
     let (fut1, fut2) = future::join(
         provision_manager.provision_secondary_device(
-            &mut csprng,
+            &mut rand::thread_rng(),
             signaling_key,
             tx,
         ),

libsignal-service-hyper/Cargo.toml

@@ -18,27 +18,27 @@ serde_json = "1.0"
 thiserror = "1.0"
 url = "2.1"
 
-hyper = { version = "0.14", features = [ "client", "stream" ] }
+hyper = { version = "0.14", features = ["client", "stream"] }
 hyper-rustls = "0.23"
 hyper-timeout = "0.4"
 headers = "0.3"
 
 # for websocket support
-async-tungstenite = { version = "0.17", features = [ "tokio-rustls-native-certs" ] }
+async-tungstenite = { version = "0.17", features = ["tokio-rustls-native-certs"] }
 
-tokio = { version = "1.0", features = [ "macros" ] }
+tokio = { version = "1.0", features = ["macros"] }
 tokio-rustls = "0.23"
 
 rustls-pemfile = "0.3"
 
 [dev-dependencies]
 env_logger = "0.9"
-image = { version = "0.23", default-features = false, features = [ "png" ] }
+image = { version = "0.23", default-features = false, features = ["png"] }
 opener = "0.5"
 qrcode = "0.12"
-rand = "0.7"
+rand = "0.8"
 structopt = "0.3"
-tokio = { version = "1.0", features = [ "rt-multi-thread" ]}
+tokio = { version = "1.0", features = ["rt-multi-thread"] }
 
 [features]
 unsend-futures = ["libsignal-service/unsend-futures"]

libsignal-service/Cargo.toml

@@ -7,8 +7,8 @@ license = "GPLv3"
 readme = "../README.md"
 
 [dependencies]
-libsignal-protocol = { git = "https://github.com/signalapp/libsignal", tag = "v0.28.1" }
-zkgroup = { git = "https://github.com/signalapp/libsignal", tag = "v0.28.1" }
+libsignal-protocol = { git = "https://github.com/signalapp/libsignal", tag = "v0.32.0" }
+zkgroup = { git = "https://github.com/signalapp/libsignal", tag = "v0.32.0" }
 
 aes = { version = "0.7", features = ["ctr"] }
 aes-gcm = "0.9"
@@ -26,7 +26,7 @@ hmac = "0.12"
 log = "0.4"
 phonenumber = "0.3"
 prost = "0.10"
-rand = "0.7"
+rand = "0.8"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.85"
 sha2 = "0.10"

libsignal-service/src/account_manager.rs

@@ -128,8 +128,7 @@ impl<Service: PushService> AccountManager<Service> {
             ));
         }
 
-        let identity_key_pair =
-            protocol_store.get_identity_key_pair(None).await?;
+        let identity_key_pair = protocol_store.get_identity_key_pair().await?;
 
         let mut pre_key_entities = vec![];
         let mut pq_pre_key_entities = vec![];
@@ -143,7 +142,7 @@ impl<Service: PushService> AccountManager<Service> {
             .into();
             let pre_key_record = PreKeyRecord::new(pre_key_id, &key_pair);
             protocol_store
-                .save_pre_key(pre_key_id, &pre_key_record, None)
+                .save_pre_key(pre_key_id, &pre_key_record)
                 .await?;
             // TODO: Shouldn't this also remove the previous pre-keys from storage?
             //       I think we might want to update the storage, and then sync the storage to the
@@ -164,7 +163,7 @@ impl<Service: PushService> AccountManager<Service> {
                 identity_key_pair.private_key(),
             )?;
             protocol_store
-                .save_kyber_pre_key(pre_key_id, &pre_key_record, None)
+                .save_kyber_pre_key(pre_key_id, &pre_key_record)
                 .await?;
             // TODO: Shouldn't this also remove the previous pre-keys from storage?
             //       I think we might want to update the storage, and then sync the storage to the
@@ -196,7 +195,6 @@ impl<Service: PushService> AccountManager<Service> {
             .save_signed_pre_key(
                 next_signed_pre_key_id.into(),
                 &signed_prekey_record,
-                None,
             )
             .await?;
 
@@ -311,8 +309,7 @@ impl<Service: PushService> AccountManager<Service> {
         let pub_key = PublicKey::deserialize(&pub_key)
             .map_err(|_e| LinkError::InvalidPublicKey)?;
 
-        let identity_key_pair =
-            identity_store.get_identity_key_pair(None).await?;
+        let identity_key_pair = identity_store.get_identity_key_pair().await?;
 
         if credentials.uuid.is_none() {
             log::warn!("No local UUID set");
@@ -363,14 +360,14 @@ impl<Service: PushService> AccountManager<Service> {
     /// currently set avatar.
     pub async fn upload_versioned_profile_without_avatar<S: AsRef<str>>(
         &mut self,
-        uuid: uuid::Uuid,
+        aci: libsignal_protocol::Aci,
         name: ProfileName<S>,
         about: Option<String>,
         about_emoji: Option<String>,
         retain_avatar: bool,
     ) -> Result<(), ProfileManagerError> {
         self.upload_versioned_profile::<std::io::Cursor<Vec<u8>>, _>(
-            uuid,
+            aci,
             name,
             about,
             about_emoji,
@@ -411,7 +408,7 @@ impl<Service: PushService> AccountManager<Service> {
         S: AsRef<str>,
     >(
         &mut self,
-        uuid: uuid::Uuid,
+        aci: libsignal_protocol::Aci,
         name: ProfileName<S>,
         about: Option<String>,
         about_emoji: Option<String>,
@@ -436,9 +433,8 @@ impl<Service: PushService> AccountManager<Service> {
         }
 
         let profile_key = profile_cipher.into_inner();
-        let commitment = profile_key.get_commitment(*uuid.as_bytes());
-        let profile_key_version =
-            profile_key.get_profile_key_version(*uuid.as_bytes());
+        let commitment = profile_key.get_commitment(aci);
+        let profile_key_version = profile_key.get_profile_key_version(aci);
 
         Ok(self
             .service

libsignal-service/src/cipher.rs

@@ -1,13 +1,13 @@
-use std::convert::TryFrom;
+use std::{convert::TryFrom, time::SystemTime};
 
 use block_modes::block_padding::{Iso7816, Padding};
 use libsignal_protocol::{
     group_decrypt, message_decrypt_prekey, message_decrypt_signal,
     message_encrypt, process_sender_key_distribution_message,
     sealed_sender_decrypt_to_usmc, sealed_sender_encrypt,
-    CiphertextMessageType, Context, DeviceId, IdentityKeyStore,
-    KyberPreKeyStore, PreKeySignalMessage, PreKeyStore, ProtocolAddress,
-    ProtocolStore, PublicKey, SealedSenderDecryptionResult, SenderCertificate,
+    CiphertextMessageType, DeviceId, IdentityKeyStore, KyberPreKeyStore,
+    PreKeySignalMessage, PreKeyStore, ProtocolAddress, ProtocolStore,
+    PublicKey, SealedSenderDecryptionResult, SenderCertificate,
     SenderKeyDistributionMessage, SenderKeyStore, SessionStore, SignalMessage,
     SignalProtocolError, SignedPreKeyStore,
 };
@@ -72,7 +72,6 @@ where
                     &plaintext.metadata.protocol_address(),
                     &skdm,
                     &mut self.protocol_store,
-                    None,
                 )
                 .await?;
                 Ok(None)
@@ -130,15 +129,14 @@ where
                     &mut self.protocol_store.clone(),
                     &mut self.protocol_store.clone(),
                     &mut self.csprng,
-                    None,
                 )
                 .await?
                 .as_slice()
                 .to_vec();
 
                 let session_record = self
                     .protocol_store
-                    .load_session(&sender, None)
+                    .load_session(&sender)
                     .await?
                     .ok_or(SignalProtocolError::SessionNotFound(sender))?;
 
@@ -183,15 +181,14 @@ where
                     &mut self.protocol_store.clone(),
                     &mut self.protocol_store.clone(),
                     &mut self.csprng,
-                    None,
                 )
                 .await?
                 .as_slice()
                 .to_vec();
 
                 let session_record = self
                     .protocol_store
-                    .load_session(&sender, None)
+                    .load_session(&sender)
                     .await?
                     .ok_or(SignalProtocolError::SessionNotFound(sender))?;
 
@@ -220,7 +217,6 @@ where
                     &mut self.protocol_store.clone(),
                     &mut self.protocol_store.clone(),
                     &mut self.protocol_store,
-                    None,
                 )
                 .await?;
 
@@ -275,11 +271,11 @@ where
     ) -> Result<OutgoingPushMessage, ServiceError> {
         let session_record = self
             .protocol_store
-            .load_session(address, None)
+            .load_session(address)
             .await?
             .ok_or_else(|| {
-                SignalProtocolError::SessionNotFound(address.clone())
-            })?;
+            SignalProtocolError::SessionNotFound(address.clone())
+        })?;
 
         let padded_content =
             add_padding(session_record.session_version()?, content)?;
@@ -294,7 +290,7 @@ where
                 &padded_content,
                 &mut self.protocol_store.clone(),
                 &mut self.protocol_store,
-                None,
+                SystemTime::now(),
                 &mut self.csprng,
             )
             .await?;
@@ -312,7 +308,7 @@ where
                 address,
                 &mut self.protocol_store.clone(),
                 &mut self.protocol_store.clone(),
-                None,
+                SystemTime::now(),
             )
             .await?;
 
@@ -406,7 +402,7 @@ pub async fn get_preferred_protocol_address<S: SessionStore>(
     device_id: DeviceId,
 ) -> Result<ProtocolAddress, libsignal_protocol::error::SignalProtocolError> {
     let address = address.to_protocol_address(device_id);
-    if session_store.load_session(&address, None).await?.is_some() {
+    if session_store.load_session(&address).await?.is_some() {
         return Ok(address);
     }
 
@@ -434,10 +430,9 @@ async fn sealed_sender_decrypt(
     signed_pre_key_store: &mut dyn SignedPreKeyStore,
     sender_key_store: &mut dyn SenderKeyStore,
     kyber_pre_key_store: &mut dyn KyberPreKeyStore,
-    ctx: Context,
 ) -> Result<SealedSenderDecryptionResult, SignalProtocolError> {
     let usmc =
-        sealed_sender_decrypt_to_usmc(ciphertext, identity_store, ctx).await?;
+        sealed_sender_decrypt_to_usmc(ciphertext, identity_store).await?;
 
     if !usmc.sender()?.validate(trust_root, timestamp)? {
         return Err(SignalProtocolError::InvalidSealedSenderMessage(
@@ -474,7 +469,6 @@ async fn sealed_sender_decrypt(
                 session_store,
                 identity_store,
                 &mut rng,
-                ctx,
             )
             .await?
         },
@@ -489,18 +483,12 @@ async fn sealed_sender_decrypt(
                 signed_pre_key_store,
                 kyber_pre_key_store,
                 &mut rng,
-                ctx,
             )
             .await?
         },
         CiphertextMessageType::SenderKey => {
-            group_decrypt(
-                usmc.contents()?,
-                sender_key_store,
-                &remote_address,
-                ctx,
-            )
-            .await?
+            group_decrypt(usmc.contents()?, sender_key_store, &remote_address)
+                .await?
         },
         msg_type => {
             return Err(SignalProtocolError::InvalidMessage(

libsignal-service/src/groups_v2/manager.rs

@@ -196,9 +196,9 @@ impl<S: PushService, C: CredentialsCache> GroupsManager<S, C> {
     ) -> Result<HttpAuth, ServiceError> {
         let auth_credential = self
             .server_public_params
-            .receive_auth_credential_with_pni(
-                self.service_ids.aci.into_bytes(),
-                self.service_ids.pni.into_bytes(),
+            .receive_auth_credential_with_pni_as_aci(
+                self.service_ids.aci(),
+                self.service_ids.pni(),
                 today,
                 credential_response,
             )