Remove unused provisioning/sync message fields

2026-06-05 12:10:55 -05:00 · 2026-06-05 12:10:55 -05:00 · c38b1309dd
commit c38b1309dd
parent 926432d03a
15 changed files with 44 additions and 201 deletions
--- a/Signal/Provisioning/ProvisioningManager.swift
+++ b/Signal/Provisioning/ProvisioningManager.swift
@ -50,7 +50,7 @@ public class ProvisioningManager {
            var aciIdentityKeyPair: ECKeyPair
            var pniIdentityKeyPair: ECKeyPair
            var areReadReceiptsEnabled: Bool
-            var rootKey: LinkingProvisioningMessage.RootKey
+            var aep: SignalServiceKit.AccountEntropyPool
            var mediaRootBackupKey: MediaRootBackupKey
            var profileKey: Aes256Key
        }
@ -64,13 +64,11 @@ public class ProvisioningManager {
                owsFail("Can't provision without a pni identity.")
            }
            let areReadReceiptsEnabled = receiptManager.areReadReceiptsEnabled(tx: tx)
-            let rootKey: LinkingProvisioningMessage.RootKey
            guard let accountEntropyPool = accountKeyStore.getAccountEntropyPool(tx: tx) else {
                // This should be impossible; the only times you don't have
                // an AEP are during registration.
                owsFail("Can't provision without account entropy pool.")
            }
-            rootKey = .accountEntropyPool(accountEntropyPool)
            let mrbk = accountKeyStore.getOrGenerateMediaRootBackupKey(tx: tx)
            guard let profileKey = profileManager.localUserProfile(tx: tx)?.profileKey else {
                owsFail("Can't provision without a profile key.")
@ -80,7 +78,7 @@ public class ProvisioningManager {
                aciIdentityKeyPair: aciIdentityKeyPair,
                pniIdentityKeyPair: pniIdentityKeyPair,
                areReadReceiptsEnabled: areReadReceiptsEnabled,
-                rootKey: rootKey,
+                aep: accountEntropyPool,
                mediaRootBackupKey: mrbk,
                profileKey: profileKey,
            )
@ -105,7 +103,7 @@ public class ProvisioningManager {
        let provisioningCode = try await deviceProvisioningService.requestDeviceProvisioningCode()

        let provisioningMessage = LinkingProvisioningMessage(
-            rootKey: provisioningState.rootKey,
+            aep: provisioningState.aep,
            aci: myAci,
            phoneNumber: myPhoneNumber,
            pni: myPni,
--- a/Signal/test/Provisioning/ProvisionManagerTests.swift
+++ b/Signal/test/Provisioning/ProvisionManagerTests.swift
@ -117,13 +117,7 @@ public class ProvisioningManagerTests {

        // Validate that all the data in the decrypted envelope on the new device side matches the
        // values populated by the old device
-        switch provisionMessage.rootKey {
-        case .accountEntropyPool(let aep):
-            #expect(aep == accountEntropyPool)
-        case .masterKey:
-            Issue.record("Expected AEP, but found MasterKey")
-        }
-
+        #expect(provisionMessage.aep == accountEntropyPool)
        #expect(provisionMessage.aci == myAci)
        #expect(provisionMessage.phoneNumber == myPhoneNumber.stringValue)
        #expect(provisionMessage.pni == myPni)
--- a/Signal/test/Provisioning/ProvisioningCoordinatorTest.swift
+++ b/Signal/test/Provisioning/ProvisioningCoordinatorTest.swift
@ -103,7 +103,7 @@ public class ProvisioningCoordinatorTest: XCTestCase {
    public func testProvisioning() async throws {
        let aep = AccountEntropyPool()
        let provisioningMessage = LinkingProvisioningMessage(
-            rootKey: .accountEntropyPool(aep),
+            aep: aep,
            aci: .randomForTesting(),
            phoneNumber: "+17875550100",
            pni: .randomForTesting(),
@ -180,12 +180,7 @@ public class ProvisioningCoordinatorTest: XCTestCase {
            identityManagerMock.identityKeyPairs[.pni]?.publicKey,
            provisioningMessage.pniIdentityKeyPair.asECKeyPair.publicKey,
        )
-        let masterKey = switch provisioningMessage.rootKey {
-        case .accountEntropyPool(let accountEntropyPool):
-            accountEntropyPool.getMasterKey()
-        case .masterKey(let masterKey):
-            masterKey
-        }
+        let masterKey = provisioningMessage.aep.getMasterKey()
        XCTAssertEqual(svrMock.syncedMasterKey?.rawData, masterKey.rawData)
    }

--- a/SignalServiceKit/Contacts/OWSSyncManager.swift
+++ b/SignalServiceKit/Contacts/OWSSyncManager.swift
@ -208,15 +208,10 @@ extension OWSSyncManager: SyncManagerProtocol, SyncManagerProtocolSwift {
            return owsFailDebug("Missing thread")
        }

-        let accountEntropyPool = DependenciesBridge.shared.accountKeyStore.getAccountEntropyPool(tx: tx)
-        if accountEntropyPool == nil {
-            Logger.warn("Expecting AEP present for sync message")
-        }
-
-        let masterKey = DependenciesBridge.shared.accountKeyStore.getMasterKey(tx: tx)
-
-        guard accountEntropyPool != nil || masterKey != nil else {
-            return owsFailDebug("Missing root key")
+        let accountKeyStore = DependenciesBridge.shared.accountKeyStore
+        guard let accountEntropyPool = accountKeyStore.getAccountEntropyPool(tx: tx) else {
+            owsFailDebug("must have AEP for sync message")
+            return
        }

        let mrbk = DependenciesBridge.shared.accountKeyStore.getOrGenerateMediaRootBackupKey(tx: tx)
@ -224,7 +219,6 @@ extension OWSSyncManager: SyncManagerProtocol, SyncManagerProtocolSwift {
        let syncKeysMessage = OutgoingKeysSyncMessage(
            localThread: thread,
            accountEntropyPool: accountEntropyPool,
-            masterKey: masterKey,
            mediaRootBackupKey: mrbk,
            tx: tx,
        )
@ -247,10 +241,10 @@ extension OWSSyncManager: SyncManagerProtocol, SyncManagerProtocolSwift {
            )
        } catch {
            switch error {
-            case .missingMasterKey:
-                Logger.warn("Key sync messages missing master key")
-            case .missingOrInvalidMRBK:
-                Logger.warn("Key sync messages missing or invalid media root backup key")
+            case .missingAep:
+                Logger.warn("Key sync messages missing aep")
+            case .missingMrbk:
+                Logger.warn("Key sync messages missing media root backup key")
            }
        }

--- a/SignalServiceKit/Devices/LinkingProvisioningMessage.swift
+++ b/SignalServiceKit/Devices/LinkingProvisioningMessage.swift
@ -8,17 +8,12 @@ public import LibSignalClient

 public struct LinkingProvisioningMessage {

-    public enum RootKey {
-        case accountEntropyPool(AccountEntropyPool)
-        case masterKey(MasterKey)
-    }
-
    public enum Constants {
        public static let provisioningVersion: UInt32 = 1
        public static let userAgent: String = "OWI"
    }

-    public let rootKey: RootKey
+    public let aep: AccountEntropyPool
    public let aci: Aci
    public let phoneNumber: String
    public let pni: Pni
@ -33,7 +28,7 @@ public struct LinkingProvisioningMessage {
    public let provisioningVersion: UInt32

    public init(
-        rootKey: RootKey,
+        aep: AccountEntropyPool,
        aci: Aci,
        phoneNumber: String,
        pni: Pni,
@ -47,7 +42,7 @@ public struct LinkingProvisioningMessage {
        provisioningUserAgent: String? = Constants.userAgent,
        provisioningVersion: UInt32 = Constants.provisioningVersion,
    ) {
-        self.rootKey = rootKey
+        self.aep = aep
        self.aci = aci
        self.phoneNumber = phoneNumber
        self.pni = pni
@ -119,11 +114,9 @@ public struct LinkingProvisioningMessage {
            let accountEntropyPool = proto.accountEntropyPool?.nilIfEmpty,
            let aep = try? AccountEntropyPool(key: accountEntropyPool)
        {
-            self.rootKey = .accountEntropyPool(aep)
-        } else if let masterKey = try proto.masterKey.map({ try MasterKey(data: $0) }) {
-            self.rootKey = .masterKey(masterKey)
+            self.aep = aep
        } else {
-            throw ProvisioningError.invalidProvisionMessage("missing master key from provisioning message")
+            throw ProvisioningError.invalidProvisionMessage("missing aep from provisioning message")
        }

        guard let mrbkBytes = proto.mediaRootBackupKey else {
@ -155,14 +148,7 @@ public struct LinkingProvisioningMessage {
        messageBuilder.setNumber(phoneNumber)
        messageBuilder.setAciBinary(aci.rawUUID.data)
        messageBuilder.setPniBinary(pni.rawUUID.data)
-
-        switch rootKey {
-        case .accountEntropyPool(let accountEntropyPool):
-            messageBuilder.setAccountEntropyPool(accountEntropyPool.rawString)
-            messageBuilder.setMasterKey(accountEntropyPool.getMasterKey().rawData)
-        case .masterKey(let masterKey):
-            messageBuilder.setMasterKey(masterKey.rawData)
-        }
+        messageBuilder.setAccountEntropyPool(aep.rawString)
        messageBuilder.setMediaRootBackupKey(mrbk.serialize())
        ephemeralBackupKey.map { messageBuilder.setEphemeralBackupKey($0.serialize()) }

--- a/SignalServiceKit/Messages/DeviceSyncing/OutgoingKeysSyncMessage.swift
+++ b/SignalServiceKit/Messages/DeviceSyncing/OutgoingKeysSyncMessage.swift
@ -9,18 +9,15 @@ import Foundation
 final class OutgoingKeysSyncMessage: OutgoingSyncMessage {

    let accountEntropyPool: String?
-    let masterKey: Data?
    let mediaRootBackupKey: Data?

    init(
        localThread: TSContactThread,
        accountEntropyPool: AccountEntropyPool?,
-        masterKey: MasterKey?,
        mediaRootBackupKey: MediaRootBackupKey?,
        tx: DBReadTransaction,
    ) {
        self.accountEntropyPool = accountEntropyPool?.rawString
-        self.masterKey = masterKey?.rawData
        self.mediaRootBackupKey = mediaRootBackupKey?.serialize()
        super.init(localThread: localThread, tx: tx)
    }
@ -32,9 +29,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage {
        if let accountEntropyPool {
            coder.encode(accountEntropyPool, forKey: "accountEntropyPool")
        }
-        if let masterKey {
-            coder.encode(masterKey, forKey: "masterKey")
-        }
        if let mediaRootBackupKey {
            coder.encode(mediaRootBackupKey, forKey: "mediaRootBackupKey")
        }
@ -42,7 +36,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage {

    required init?(coder: NSCoder) {
        self.accountEntropyPool = coder.decodeObject(of: NSString.self, forKey: "accountEntropyPool") as String?
-        self.masterKey = coder.decodeObject(of: NSData.self, forKey: "masterKey") as Data?
        self.mediaRootBackupKey = coder.decodeObject(of: NSData.self, forKey: "mediaRootBackupKey") as Data?
        super.init(coder: coder)
    }
@ -51,7 +44,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage {
        var hasher = Hasher()
        hasher.combine(super.hash)
        hasher.combine(self.accountEntropyPool)
-        hasher.combine(self.masterKey)
        hasher.combine(self.mediaRootBackupKey)
        return hasher.finalize()
    }
@ -60,7 +52,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage {
        guard let object = object as? Self else { return false }
        guard super.isEqual(object) else { return false }
        guard self.accountEntropyPool == object.accountEntropyPool else { return false }
-        guard self.masterKey == object.masterKey else { return false }
        guard self.mediaRootBackupKey == object.mediaRootBackupKey else { return false }
        return true
    }
@ -70,9 +61,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage {
        if let accountEntropyPool {
            keysBuilder.setAccountEntropyPool(accountEntropyPool)
        }
-        if let masterKey {
-            keysBuilder.setMaster(masterKey)
-        }
        if let mediaRootBackupKey {
            keysBuilder.setMediaRootBackupKey(mediaRootBackupKey)
        }
--- a/SignalServiceKit/Mocks/KeyBackupService/SecureValueRecoveryMock.swift
+++ b/SignalServiceKit/Mocks/KeyBackupService/SecureValueRecoveryMock.swift
@ -38,7 +38,11 @@ public class SecureValueRecoveryMock: SecureValueRecovery {
        authedDevice: AuthedDevice,
        tx: DBWriteTransaction,
    ) throws(SVR.KeysError) {
-        syncedMasterKey = syncMessage.master.map { try! MasterKey(data: $0) }
+        let aep = syncMessage.accountEntropyPool.flatMap({ try? AccountEntropyPool(key: $0) })
+        guard let aep else {
+            throw .missingAep
+        }
+        syncedMasterKey = aep.getMasterKey()
    }

    public func storeKeys(
@ -46,11 +50,7 @@ public class SecureValueRecoveryMock: SecureValueRecovery {
        authedDevice: AuthedDevice,
        tx: DBWriteTransaction,
    ) {
-        let masterKey = switch provisioningMessage.rootKey {
-        case .accountEntropyPool(let aep): aep.getMasterKey()
-        case .masterKey(let masterKey): masterKey
-        }
-        syncedMasterKey = masterKey
+        syncedMasterKey = provisioningMessage.aep.getMasterKey()
    }

    public var doesHavePendingRestoration = false
--- a/SignalServiceKit/Protos/Generated/Provisioning.pb.swift
+++ b/SignalServiceKit/Protos/Generated/Provisioning.pb.swift
@ -184,15 +184,6 @@ struct ProvisioningProtos_ProvisionMessage: @unchecked Sendable {
  /// Clears the value of `provisioningVersion`. Subsequent reads from it will return its default value.
  mutating func clearProvisioningVersion() {_uniqueStorage()._provisioningVersion = nil}

-  var masterKey: Data {
-    get {_storage._masterKey ?? Data()}
-    set {_uniqueStorage()._masterKey = newValue}
-  }
-  /// Returns true if `masterKey` has been explicitly set.
-  var hasMasterKey: Bool {_storage._masterKey != nil}
-  /// Clears the value of `masterKey`. Subsequent reads from it will return its default value.
-  mutating func clearMasterKey() {_uniqueStorage()._masterKey = nil}
-
  /// 32 bytes
  var ephemeralBackupKey: Data {
    get {_storage._ephemeralBackupKey ?? Data()}
@ -293,7 +284,7 @@ extension ProvisioningProtos_ProvisionEnvelope: SwiftProtobuf.Message, SwiftProt

 extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
  static let protoMessageName: String = _protobuf_package + ".ProvisionMessage"
-  static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}aciIdentityKeyPublic\0\u{1}aciIdentityKeyPrivate\0\u{1}number\0\u{1}provisioningCode\0\u{1}userAgent\0\u{1}profileKey\0\u{1}readReceipts\0\u{1}aci\0\u{1}provisioningVersion\0\u{1}pni\0\u{1}pniIdentityKeyPublic\0\u{1}pniIdentityKeyPrivate\0\u{1}masterKey\0\u{1}ephemeralBackupKey\0\u{1}accountEntropyPool\0\u{1}mediaRootBackupKey\0\u{1}aciBinary\0\u{1}pniBinary\0")
+  static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}aciIdentityKeyPublic\0\u{1}aciIdentityKeyPrivate\0\u{1}number\0\u{1}provisioningCode\0\u{1}userAgent\0\u{1}profileKey\0\u{1}readReceipts\0\u{1}aci\0\u{1}provisioningVersion\0\u{1}pni\0\u{1}pniIdentityKeyPublic\0\u{1}pniIdentityKeyPrivate\0\u{2}\u{2}ephemeralBackupKey\0\u{1}accountEntropyPool\0\u{1}mediaRootBackupKey\0\u{1}aciBinary\0\u{1}pniBinary\0\u{c}\u{d}\u{1}")

  fileprivate class _StorageClass {
    var _aciIdentityKeyPublic: Data? = nil
@ -308,7 +299,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto
    var _profileKey: Data? = nil
    var _readReceipts: Bool? = nil
    var _provisioningVersion: UInt32? = nil
-    var _masterKey: Data? = nil
    var _ephemeralBackupKey: Data? = nil
    var _accountEntropyPool: String? = nil
    var _mediaRootBackupKey: Data? = nil
@ -336,7 +326,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto
      _profileKey = source._profileKey
      _readReceipts = source._readReceipts
      _provisioningVersion = source._provisioningVersion
-      _masterKey = source._masterKey
      _ephemeralBackupKey = source._ephemeralBackupKey
      _accountEntropyPool = source._accountEntropyPool
      _mediaRootBackupKey = source._mediaRootBackupKey
@ -372,7 +361,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto
        case 10: try { try decoder.decodeSingularStringField(value: &_storage._pni) }()
        case 11: try { try decoder.decodeSingularBytesField(value: &_storage._pniIdentityKeyPublic) }()
        case 12: try { try decoder.decodeSingularBytesField(value: &_storage._pniIdentityKeyPrivate) }()
-        case 13: try { try decoder.decodeSingularBytesField(value: &_storage._masterKey) }()
        case 14: try { try decoder.decodeSingularBytesField(value: &_storage._ephemeralBackupKey) }()
        case 15: try { try decoder.decodeSingularStringField(value: &_storage._accountEntropyPool) }()
        case 16: try { try decoder.decodeSingularBytesField(value: &_storage._mediaRootBackupKey) }()
@ -426,9 +414,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto
      try { if let v = _storage._pniIdentityKeyPrivate {
        try visitor.visitSingularBytesField(value: v, fieldNumber: 12)
      } }()
-      try { if let v = _storage._masterKey {
-        try visitor.visitSingularBytesField(value: v, fieldNumber: 13)
-      } }()
      try { if let v = _storage._ephemeralBackupKey {
        try visitor.visitSingularBytesField(value: v, fieldNumber: 14)
      } }()
@ -465,7 +450,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto
        if _storage._profileKey != rhs_storage._profileKey {return false}
        if _storage._readReceipts != rhs_storage._readReceipts {return false}
        if _storage._provisioningVersion != rhs_storage._provisioningVersion {return false}
-        if _storage._masterKey != rhs_storage._masterKey {return false}
        if _storage._ephemeralBackupKey != rhs_storage._ephemeralBackupKey {return false}
        if _storage._accountEntropyPool != rhs_storage._accountEntropyPool {return false}
        if _storage._mediaRootBackupKey != rhs_storage._mediaRootBackupKey {return false}
--- a/SignalServiceKit/Protos/Generated/ProvisioningProto.swift
+++ b/SignalServiceKit/Protos/Generated/ProvisioningProto.swift
@ -283,18 +283,6 @@ public class ProvisioningProtoProvisionMessage: NSObject, Codable, NSSecureCodin
        return proto.hasProvisioningVersion
    }

-    @objc
-    public var masterKey: Data? {
-        guard hasMasterKey else {
-            return nil
-        }
-        return proto.masterKey
-    }
-    @objc
-    public var hasMasterKey: Bool {
-        return proto.hasMasterKey
-    }
-
    @objc
    public var ephemeralBackupKey: Data? {
        guard hasEphemeralBackupKey else {
@ -494,9 +482,6 @@ extension ProvisioningProtoProvisionMessage {
        if hasProvisioningVersion {
            builder.setProvisioningVersion(provisioningVersion)
        }
-        if let _value = masterKey {
-            builder.setMasterKey(_value)
-        }
        if let _value = ephemeralBackupKey {
            builder.setEphemeralBackupKey(_value)
        }
@ -659,17 +644,6 @@ public class ProvisioningProtoProvisionMessageBuilder: NSObject {
        proto.provisioningVersion = valueParam
    }

-    @objc
-    @available(swift, obsoleted: 1.0)
-    public func setMasterKey(_ valueParam: Data?) {
-        guard let valueParam = valueParam else { return }
-        proto.masterKey = valueParam
-    }
-
-    public func setMasterKey(_ valueParam: Data) {
-        proto.masterKey = valueParam
-    }
-
    @objc
    @available(swift, obsoleted: 1.0)
    public func setEphemeralBackupKey(_ valueParam: Data?) {
--- a/SignalServiceKit/Protos/Generated/SSKProto.swift
+++ b/SignalServiceKit/Protos/Generated/SSKProto.swift
@ -13026,18 +13026,6 @@ public class SSKProtoSyncMessageKeys: NSObject, Codable, NSSecureCoding {

    fileprivate let proto: SignalServiceProtos_SyncMessage.Keys

-    @objc
-    public var master: Data? {
-        guard hasMaster else {
-            return nil
-        }
-        return proto.master
-    }
-    @objc
-    public var hasMaster: Bool {
-        return proto.hasMaster
-    }
-
    @objc
    public var accountEntropyPool: String? {
        guard hasAccountEntropyPool else {
@ -13135,9 +13123,6 @@ extension SSKProtoSyncMessageKeys {
    @objc
    public func asBuilder() -> SSKProtoSyncMessageKeysBuilder {
        let builder = SSKProtoSyncMessageKeysBuilder()
-        if let _value = master {
-            builder.setMaster(_value)
-        }
        if let _value = accountEntropyPool {
            builder.setAccountEntropyPool(_value)
        }
@ -13159,17 +13144,6 @@ public class SSKProtoSyncMessageKeysBuilder: NSObject {
    @objc
    fileprivate override init() {}

-    @objc
-    @available(swift, obsoleted: 1.0)
-    public func setMaster(_ valueParam: Data?) {
-        guard let valueParam = valueParam else { return }
-        proto.master = valueParam
-    }
-
-    public func setMaster(_ valueParam: Data) {
-        proto.master = valueParam
-    }
-
    @objc
    @available(swift, obsoleted: 1.0)
    public func setAccountEntropyPool(_ valueParam: String?) {
--- a/SignalServiceKit/Protos/Generated/SignalService.pb.swift
+++ b/SignalServiceKit/Protos/Generated/SignalService.pb.swift
@ -3219,15 +3219,6 @@ struct SignalServiceProtos_SyncMessage: @unchecked Sendable {
    // `Message` and `Message+*Additions` files in the SwiftProtobuf library for
    // methods supported on all messages.

-    var master: Data {
-      get {_master ?? Data()}
-      set {_master = newValue}
-    }
-    /// Returns true if `master` has been explicitly set.
-    var hasMaster: Bool {self._master != nil}
-    /// Clears the value of `master`. Subsequent reads from it will return its default value.
-    mutating func clearMaster() {self._master = nil}
-
    var accountEntropyPool: String {
      get {_accountEntropyPool ?? String()}
      set {_accountEntropyPool = newValue}
@ -3250,7 +3241,6 @@ struct SignalServiceProtos_SyncMessage: @unchecked Sendable {

    init() {}

-    fileprivate var _master: Data? = nil
    fileprivate var _accountEntropyPool: String? = nil
    fileprivate var _mediaRootBackupKey: Data? = nil
  }
@ -8333,7 +8323,7 @@ extension SignalServiceProtos_SyncMessage.FetchLatest.TypeEnum: SwiftProtobuf._P

 extension SignalServiceProtos_SyncMessage.Keys: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
  static let protoMessageName: String = SignalServiceProtos_SyncMessage.protoMessageName + ".Keys"
-  static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\u{2}master\0\u{1}accountEntropyPool\0\u{1}mediaRootBackupKey\0\u{c}\u{1}\u{1}")
+  static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\u{3}accountEntropyPool\0\u{1}mediaRootBackupKey\0\u{c}\u{1}\u{1}\u{c}\u{2}\u{1}")

  mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
    while let fieldNumber = try decoder.nextFieldNumber() {
@ -8341,7 +8331,6 @@ extension SignalServiceProtos_SyncMessage.Keys: SwiftProtobuf.Message, SwiftProt
      // allocates stack space for every case branch when no optimizations are
      // enabled. https://github.com/apple/swift-protobuf/issues/1034
      switch fieldNumber {
-      case 2: try { try decoder.decodeSingularBytesField(value: &self._master) }()
      case 3: try { try decoder.decodeSingularStringField(value: &self._accountEntropyPool) }()
      case 4: try { try decoder.decodeSingularBytesField(value: &self._mediaRootBackupKey) }()
      default: break
@ -8354,9 +8343,6 @@ extension SignalServiceProtos_SyncMessage.Keys: SwiftProtobuf.Message, SwiftProt
    // allocates stack space for every if/case branch local when no optimizations
    // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and
    // https://github.com/apple/swift-protobuf/issues/1182
-    try { if let v = self._master {
-      try visitor.visitSingularBytesField(value: v, fieldNumber: 2)
-    } }()
    try { if let v = self._accountEntropyPool {
      try visitor.visitSingularStringField(value: v, fieldNumber: 3)
    } }()
@ -8367,7 +8353,6 @@ extension SignalServiceProtos_SyncMessage.Keys: SwiftProtobuf.Message, SwiftProt
  }

  static func ==(lhs: SignalServiceProtos_SyncMessage.Keys, rhs: SignalServiceProtos_SyncMessage.Keys) -> Bool {
-    if lhs._master != rhs._master {return false}
    if lhs._accountEntropyPool != rhs._accountEntropyPool {return false}
    if lhs._mediaRootBackupKey != rhs._mediaRootBackupKey {return false}
    if lhs.unknownFields != rhs.unknownFields {return false}
--- a/SignalServiceKit/Protos/Specifications/Provisioning.proto
+++ b/SignalServiceKit/Protos/Specifications/Provisioning.proto
@ -38,7 +38,7 @@ message ProvisionMessage {
  optional bytes profileKey = 6;
  optional bool readReceipts = 7;
  optional uint32 provisioningVersion = 9;
-  optional bytes masterKey = 13;
+  reserved /*masterKey*/ 13; // Deprecated in favor of accountEntropyPool
  optional bytes ephemeralBackupKey = 14; // 32 bytes
  optional string accountEntropyPool = 15;
  optional bytes mediaRootBackupKey = 16;
--- a/SignalServiceKit/Protos/Specifications/SignalService.proto
+++ b/SignalServiceKit/Protos/Specifications/SignalService.proto
@ -611,7 +611,7 @@ message SyncMessage {

  message Keys {
    reserved /* storageService */ 1;
-    optional bytes master = 2;
+    reserved /* master */ 2;
    optional string accountEntropyPool = 3;
    optional bytes mediaRootBackupKey = 4;
  }
--- a/SignalServiceKit/SecureValueRecovery/SecureValueRecovery.swift
+++ b/SignalServiceKit/SecureValueRecovery/SecureValueRecovery.swift
@ -12,8 +12,8 @@ public enum SVR {
    static let maximumKeyAttempts: UInt32 = 10

    public enum KeysError: Error {
-        case missingMasterKey
-        case missingOrInvalidMRBK
+        case missingAep
+        case missingMrbk
    }

    public enum DerivedKey: Hashable {
--- a/SignalServiceKit/SecureValueRecovery/SecureValueRecovery2Impl.swift
+++ b/SignalServiceKit/SecureValueRecovery/SecureValueRecovery2Impl.swift
@ -101,13 +101,7 @@ public class SecureValueRecovery2Impl: SecureValueRecovery {
    ) {
        Logger.info("")
        accountKeyStore.setMediaRootBackupKey(provisioningMessage.mrbk, tx: tx)
-
-        switch provisioningMessage.rootKey {
-        case .accountEntropyPool(let aep):
-            accountKeyStore.setAccountEntropyPool(aep, tx: tx)
-        case .masterKey(let masterKey):
-            accountKeyStore.setMasterKey(masterKey, tx: tx)
-        }
+        accountKeyStore.setAccountEntropyPool(provisioningMessage.aep, tx: tx)
    }

    public func storeKeys(
@ -117,43 +111,20 @@ public class SecureValueRecovery2Impl: SecureValueRecovery {
    ) throws(SVR.KeysError) {
        Logger.info("")

-        if
-            let mrbkBytes = syncMessage.mediaRootBackupKey,
-            let backupKey = try? BackupKey(contents: mrbkBytes)
-        {
-            accountKeyStore.setMediaRootBackupKey(MediaRootBackupKey(backupKey: backupKey), tx: tx)
-        } else {
-            throw SVR.KeysError.missingOrInvalidMRBK
+        let newMrbk = syncMessage.mediaRootBackupKey.flatMap({ try? BackupKey(contents: $0) })
+        guard let newMrbk else {
+            throw SVR.KeysError.missingMrbk
        }
+        accountKeyStore.setMediaRootBackupKey(MediaRootBackupKey(backupKey: newMrbk), tx: tx)

-        var keyChanged = false
-
+        let newAep = syncMessage.accountEntropyPool.flatMap({ try? AccountEntropyPool(key: $0) })
+        guard let newAep else {
+            throw SVR.KeysError.missingAep
+        }
        let oldAep = accountKeyStore.getAccountEntropyPool(tx: tx)
-        do {
-            if let aep = try syncMessage.accountEntropyPool.map({ try AccountEntropyPool(key: $0) }) {
-                accountKeyStore.setAccountEntropyPool(aep, tx: tx)
-            }
-        } catch {
-            owsFailDebug("Error setting AEP")
-        }
-        let newAep = accountKeyStore.getAccountEntropyPool(tx: tx)
-        keyChanged = (oldAep != newAep)
-
-        if newAep == nil {
-            let oldMasterKey = accountKeyStore.getMasterKey(tx: tx)?.rawData
-            do {
-                if let masterKey = try syncMessage.master.map({ try MasterKey(data: $0) }) {
-                    accountKeyStore.setMasterKey(masterKey, tx: tx)
-                }
-            } catch {
-                throw SVR.KeysError.missingMasterKey
-            }
-            let newMasterKey = accountKeyStore.getMasterKey(tx: tx)?.rawData
-            keyChanged = (oldMasterKey != newMasterKey)
-        }
-
-        // Trigger a re-fetch of the storage manifest if our keys have changed
-        if keyChanged {
+        if newAep != oldAep {
+            accountKeyStore.setAccountEntropyPool(newAep, tx: tx)
+            // Trigger a re-fetch of the storage manifest if our keys have changed
            storageServiceManager.restoreOrCreateManifestIfNecessary(
                authedDevice: authedDevice,
                masterKeySource: .implicit,